What Mark Hurd and HP Tell Us About Compliance
Last Friday afternoon I had the opportunity to meet a newly minted chief compliance officer. She had been in the job only one month, was passing through town, and wanted to talk about the current events in compliance over lunch. We settled into a restaurant near my office and began chatting.
“So are you a lawyer?” I asked.
“No, I spent 12 years in the HR department,” she told me. “I’m also a licensed private investigator, and I assume that will help too.”
I thought about that for a moment. “Actually,” I said, “compliance departments want lawyers in the role mostly so they can exercise attorney-client privilege when that legal protection might be necessary. But really, on a daily basis, most of the work is finding the facts behind dumb things employees do. So your background is great, because no matter how clear the rules are, employees do some pretty dumb things.”
Four hours later, Hewlett-Packard announced that Mark Hurd was stepping down as CEO amid a sexual harassment probe.
Of course, in the week since then, we’ve seen all manner of speculation that Hurd’s supposed sins were not nearly as egregious as HP’s board first portrayed them to be. As time passed and more details dribbled out, a counter-story emerged that perhaps HP’s board overreacted—that perhaps directors rushed to fire Hurd because they were more worried about bad publicity than bad conduct, or were looking for an excuse to fire him and impulsively seized on a harassment complaint that wasn’t as strong as they expected. Or maybe Hurd really was the ethical scofflaw the board alleged him to be, billing various travel and personal expenses to HP.
I won’t venture any speculation myself about Hurd’s relationship with the woman in question, Jodie Fisher. (I suspect Mrs. Hurd will conduct an extensive internal investigation of her own.) In fact, even the question of whether Hurd deliberately falsified expense reports or his staff simply goofed on names and dates doesn’t interest me all that much. Those are serious questions for HP’s own compliance department to investigate, but they don’t relate to the broader point I want to raise here.
My point being? Go back to the newly minted compliance officer I met for lunch. Her expertise is in finding the real facts behind alleged misconduct, and determining what punishment may (or may not) be warranted. As HP and Hurd so colorfully demonstrated, even the largest companies, with extensive compliance programs and a genuine awareness that good conduct is important, can still stumble over the basics: What happened? Did misconduct happen? What punishment is appropriate? How do we deliver that punishment in a way that demonstrates our commitment to ethical conduct?
Those questions, and the skills you need to answer them, transcend any particular educational background you might have. Corporate compliance is an endless, often exhausting cycle of repeating the same procedures over and over again. And why do we keep repeating that cycle? Why do even the most successful and high-profile executives (and boards) put themselves in awkward, if not downright stupid, situations?
Well, I can’t help but think of our cover story this week, a Compliance Week editorial roundtable exploring the overlap between legal and compliance functions. We had a fantastic discussion (read the article!), but one point raised at the end stuck with me: that for all our focus on compliance, corporations should worry foremost about ethics—because, in the end, misconduct happens when an employee deliberately decides to break the rules. For all our other talk about exercising privilege during an investigation, or sophisticated monitoring tools, or thorough documentation and reporting, ethics is still the best way to prevent misconduct. Everything else just remedies misconduct after it happens.
And somehow, I think the newly minted compliance officer I met will do just fine.







