Executive Perspective: Compliance Expert Lynne Halbrooks on Best Practices for Ethics & Compliance

When it to comes to building out the elements of a successful high-growth startup, one key aspect is a strong ethics and compliance program. These programs can serve as a guiding light for the organization, as well as open the door to new lines of business, such as with the federal government. 

Lynne Halbrooks, a member of the NightDragon Advisor Council, is one of the preeminent experts around building ethics and compliance programs built on industry best practices. Lynne is a former Chief Compliance Officer and Acting Inspector General for the U.S. Department of Defense, now a Partner at Nichols Liu. Lynne spoke to NightDragon portfolio leaders on an exclusive NightDragon Network community event to share her experience with elements of successful ethics and compliance programs. 

Below we have shared some edited excerpts of this conversation: 

Why does a company need a strong ethics and compliance practice? 

A strong ethics and compliance program is considered a hallmark of good corporate governance. Implementing best practices can ensure that a startup or company of any size is meeting the legal and regulatory requirements. At its best, implementing best practices can help avoid violations of applicable laws and regulatory standards entirely. However, it can also help in the unfortunate event that a bad actor does slip through defenses, since there may be some credit given to companies that have tried their best to address and mitigate ethics and compliance risks.

For those of us who have been doing this for a while, we have seen a renewed interest in corporate compliance programs, especially following recent Department of Justice guidance and clarification about what constitutes an effective program. Department of Justice leaders are encouraging prosecutors to be bold in holding individuals accountable for corporate misconduct and expect companies to consider taking steps such as compensation claw back provisions. While public companies might expect this level of scrutiny, companies of any size doing business with the federal government should be prepared.  Proactively addressing these dynamics through a thoughtful, right-sized ethics and compliance program will help companies discover and address unlawful or inappropriate business conduct. 

With criminal and civil fines and a company’s reputation on the line, a strong ethics and compliance program makes strong business sense. It’s preventative. This is true from the largest of federal contractors, all the way to the smallest of startups aspiring to work with government agencies. 

What are some common examples of compliance violations that our portfolio companies should be wary of? 

There are many examples of potential compliance violations, so readers shouldn’t view this as an exhaustive list. Criminal behavior is one perhaps obvious category, but there are many other examples to consider. For instance, making false claims for payment to the government can lead to civil penalties and even debarment from participating in federal contracts. We have also seen examples of agents or foreign suppliers acting illegally on behalf of a U.S. company. This type of conduct can be imputed to the U.S. company; you can’t accomplish indirectly what would be illegal to do directly.  Companies selling abroad need to operate within the rules for those specific countries as well as follow U.S. laws.   

Giving gifts to government officials can be considered bribery and is another practice companies need to be especially careful to avoid. Caution should also be exercised to ensure proposals to the government are truthful and do not contain any false statements. Price reduction clauses can also pose potential compliance issues if discounts given to commercial clients are not being offered to government customers at the same rate (EMC paid the government $87.5 million in 2010 to settle a lawsuit along these lines). These are all serious violations of law that are likely to result in costly government investigations and could jeopardize the company’s future. 

What are some of the elements a company should consider when building out an effective program?

At the highest level, an organization should make sure to have a high-level company officer charged with oversight of ethics and compliance. This might be a Chief Compliance Officer, General Counsel, HR Director or another role. You also should have written policies and procedures, including a Code of Conduct, training, and communications about ethics and compliance. Companies should ensure they are training their employees, so they know what the standards are, as well as what practices and behaviors are not permitted. You must also have open lines of communication that allow anonymous reporting without fear of retaliation and systems to address third party risks, as well as disciplinary measures for those who commit ethical or integrity violations to ensure they are held accountable. These efforts will continue to grow as the company grows and works to do business in new areas that may have additional requirements and standards. 

How can you engage employees in ethics and compliance practices? 

Certainly, regular education about ethics and compliance is one piece. Additionally, companies should implement a Hotline that enables employees to anonymously ask questions and report potential concerns or violations of law, regulation, or policy. The company should have a process in place in ensure prompt consideration and, when necessary, investigation of Hotline complaints. Employees should get feedback about their reports and leadership can be briefed on serious allegations and trends. A responsive Hotline can be a powerful tool to ensure employees of the company’s commitment to do the right thing.  Mistakes do happen, and a Hotline program helps put infrastructure in place to address these mistakes internally as well as prevent and deter bad conduct.  

What other effects can a strong ethics and compliance program have outside of meeting regulatory standards? 

Having an ethics and compliance program that’s publicized and well-communicated helps you attract quality talent. When employees consider the kind of company they want to work for, they increasingly look for signs, explicit or implicit, of the company’s values.  When companies are public about those values as well as their expectations that employees must conduct themselves ethically – and what this means – this gives potential applicants confidence about the kind of company you are and helps you attract quality teammates. 

What’s more, prime contractors will also see your commitment and it will provide the same attraction to them to know they are doing business with an organization that has high standards and won’t put them at risk of a potential legal or compliance issue. I’ve absolutely seen a strong corporate ethics and compliance program make a difference to prime contractors and even investors and acquiring companies. There will also be opportunities to distinguish your company in its proposals to the government when you can demonstrate a commitment to ethics and compliance by having in place the essential program elements, such as a Code of Conduct and Hotline. The government will know it is less likely there will problems down the road and, if there are, that they will be handled with integrity and transparency.

Read more blogs in our Executive Perspective series on the NightDragon blog.