The regulatory and compliance obstacles that accompany a merger are challenging enough, but for compliance officers, one of the most difficult undertakings is merging different—and sometimes opposing—compliance structures.
Those are the very circumstances currently facing global multi-industrial company Johnson Controls and Tyco, a global fire and security provider, which merged in September 2016, creating a global business of more than 100,000 employees in over 100 countries. With the merger, these two companies create the new Johnson Controls International (JCI), a global building products and technology, integrated solutions, and energy storage provider.
The key question now is, “How do you take two strong compliance organizations, two different risk profiles, and make one strong compliance organization?” Beth Furamo, director of compliance at JCI, said during a recent panel at Compliance Week 2017.
Eight months following the merger, the new compliance structure continues to evolve. “We are definitely still in the transition stage,” said Matthew Tanzer, vice president and chief ethics and compliance officer at JCI.
One obstacle posed by the merger is that both Johnson Controls and Tyco brought to the table different compliance models. Tyco, for example, had a centralized approach. “We had one common compliance program across the entire company,” explained Tanzer. “We had shared resources and very clear reporting lines.” Tyco, on the other hand, had a more decentralized model, sometimes resulting in duplicative resources and inconsistent approaches.
In addition to their different approaches to compliance, both Johnson Controls and Tyco previously settled enforcement actions for violations of the Foreign Corrupt Practices Act. Johnson Controls, for example, in 2016 paid $14 million for FCPA violations, and Tyco in 2012 had paid $26 million for FCPA violations.
Furthermore, each company had faced a cartel enforcement action in Europe. Just this year, JCI resolved its EU cartel action with no fines, due to leniency. Tyco, on the other hand, paid an $8 million fine in 2008 for its EU cartel action. “So we came at this with some shared understanding of what the challenges were,” Tanzer said.
Adding to the complexity of the merger is that there were three disjointed compliance teams—a building solutions compliance team, a power solutions compliance team, and a corporate functions compliance team—each with their own separate personnel, policies and procedures, and different ways of managing risks. “We have three really strong compliance models that we’re trying to bring together without losing key parts of any of them,” Furamo said.
To merge these three compliance models, Johnson Controls has come up with a common model of creating one corporate compliance team that will be spread across the newly combined JCI. “That requires us to harmonize all these business units,” Tanzer said.
“We have three really strong compliance models that we’re trying to bring together without losing key parts of any of them.”
Beth Furamo, Director of Compliance, Johnson Controls
To drive the compliance structure into the business, the goal is to have consistency across the compliance function, but still be sensitive to the different risks in each region and across different business units, which helps to reduce compliance fatigue, Furamo explained. In Mexico, for example, truck theft with extortion of bribery is a high risk, whereas in China the risk is more focused on expense reporting.
Leadership structure. The way the compliance committee structure works at JCI is that each region has multiple compliance committees. These regions are North America; Latin America; Europe and Africa; Middle East; and Asia. For others that may be thinking about creating this compliance structure, “this worked very well for us,” Tanzer said.
Each regional committee serves as the first line of communication within the compliance program at the business level. Sitting on those committees is a business leader from that region, along with the chief financial officer, general counsel, vice presidents, internal audit, and other business unit leaders. Executive-level participation is critical, Tanzer said. “If you don’t have that high-level support, people won’t want to participate,” he said.
The regional committees are comprised of about 150 business leaders that meet monthly to discuss compliance and related risks. Topics discussed at regional committee meetings might include regional-specific compliance matters, new developments, or policy changes, for example.
Above the regional compliance committees is a business compliance committee, with JCI’s executive compliance committee above that, with overall oversight by JCI’s audit committee of the board of directors.
Compliance ambassadors. In addition to regional compliance leaders, JCI also has in place geographic program leads (GPLs), “who are really the eyes and the ears and the drivers of these programs at the business level,” Tanzer said.
SHARED ROLES & RESPONSIBILITIES
Below is a list of roles and responsibilities carried out by Regional Compliance Counsel and Geographic Program Leads (GPLs) at Johnson Controls.
Regional Compliance Counsel roles and responsibilities:
Develop training materials;
Coordinate investigations;
Recommend disciplinary and remedial actions;
Support litigation pursuant to an investigation;
Develop contract templates;
Review contract clauses;
Review/approve gift/travel form requests; and
Provide day-to-day legal advice.
GPL roles and responsibilities:
Organizing and delivering integrity workshops;
Assisting in identifying training topics;
Coordinating training session locations and audience;
Driving completion of e-Learnings;
Promoting Values in Action sessions;
Coordinating and delivering regional coaching sessions; and
Monitoring policy and procedure implementation.
Shared roles and responsibilties:
Lead regional compliance counsels;
Responding to compliance questions in the region;
Develop, monitoring, and implementing policies and programs;
Assisting in identifying compliance risks and policy needs;
Supporting compliance communications;
Implementing disciplinary and remedial actions;
Coordinating audits; and
Delivering and assessing training.
Source: Johnson Controls
GPLs in different regions of the world have various roles and responsibilities. In the Power Solutions business unit, for example, the GPL in the Asia Pacific region happens to be the supply-chain manager. There is also a sales operations manager responsible for anti-competition, and a finance manager responsible for anti-corruption, in the region. In that same business unit in China, the GPL is the sales operation director who is also responsible for anti-competition, with a procurement controller responsible for anti-corruption in the region.
Because the roles of regional leaders and GPLs sometimes overlap, “it’s very important that they work closely together, that they coordinate efforts,” Tanzer said. Examples of roles and responsibilities led by GPLs include:
Organizing and delivering integrity workshops;
Assisting in identifying training topics;
Coordinating training session locations and audience;
Driving completion of e-Learnings;
Promoting Values in Action sessions;
Coordinating and delivering regional coaching sessions; and
Monitoring policy and procedure implementation.
“These people do not do investigations,” Tanzer said. “We work very hard to separate them from the investigation process, because we want them to be viewed in the business as a trusted partner.”
Examples of responsibilities shared between the regional compliance counsel and GPLs include:
Responding to compliance questions in the region;
Develop, monitoring, and implementing policies and programs;
Assisting in identifying compliance risks and policy needs;
Supporting compliance communications;
Implementing disciplinary and remedial actions;
Coordinating audits; and
Delivering and assessing training.
For other companies that may be thinking about embedding compliance ambassadors into their global compliance function, it’s important to go to the region and take the time to get to know these people. Choosing the right individuals to serve as GPLs is also an important part of the process. These leaders should also have “unwavering integrity,” Tanzer said. “You have to be able to trust these people.”
“One thing I look for is people who are willing to speak truth to power,” Furamo said. “That’s a very difficult skillset. You can have someone who is functionally very strong and very intelligent, but if you don’t think they have the courage to speak up when something is wrong, that is not the right the person.”
No comments yet