When Jay Jorgensen was offered the top compliance job at Walmart, he had two concerns: One was how to sell his wife—and himself—on a move to Bentonville, Arkansas. The other and more substantial concern was how he would need to approach the job of recasting compliance at Walmart, given the massive size of the global retail giant and its habit of generating unflattering headlines.
The move proved not much of a problem—he affectionately describes the company town as “Wall Street by day, Mayberry by night.” Overhauling compliance, though, was a much greater challenge.
During his keynote at the Compliance Week 2014 conference in Washington D.C. last week, Jorgensen provided detailed insight into his first year-and-a-half as Walmart's global chief compliance officer. He joined the company—leaving his post as a partner at the international law firm Sidley Austin—at a time when bold moves were needed to extricate its reputation from a variety of crises, notably allegations that executives at its Mexico unit bribed officials in that country to expedite opening stores in prime locations. Walmart will end up spending more than $400 million to cover the cost of the extensive investigations and for related compliance enhancements. No charges of possible Foreign Corrupt Practices Act violations have yet been filed.
While fixing compliance at Walmart is certainly a Herculean task, Jorgensen noted the difficulties that all compliance officers face. “It's a tough job doing what you do,” he told the audience of compliance and legal professionals. “The job of a compliance officer isn't an easy one, because there isn't a text book or standard to tell you if you are doing the right thing in your compliance program.”
There certainly isn't a textbook that could teach how to beef up compliance at the world's largest retailer—a sprawling enterprise with $500 billion in annual revenue, 2.2 million employees, thousands of stores in more than a dozen countries, 55 separate business units, and a massive e-commerce operation. The starting point, Jorgensen said, was to slice the task into three pieces: people, processes, and systems. With that evaluation, problems began to emerge, notably the fact that the company had compliance programs scattered all around the world, each an individual fiefdom that didn't communicate well with each other, if at all.
“They did not connect to each other,” Jorgensen said, explaining that one of his first efforts was to bring those compliance leaders together for an in-person meeting. “I was shocked when they were introducing themselves to each other for the first time,” he said. “That was when I knew we had to build a global compliance program.”
That goal, however, was easier said than done. “In a multinational company, how do you keep the compliance program local, sensitive to the local culture and risks, yet still tied back to the corporate headquarters?” Jorgensen asked.
Dedicated Compliance Officers
As an opening salvo, compliance and legal were split into separate departments. Each country previously had its own chief compliance officer, often the general counsel, who reported into the local country's CEO. Under a reorganization intended to centralize the compliance function back to Bentonville, each geographic market now has its own CCO—separate from the general counsel—reporting to the country CEO and serving on the local executive management committee. Those CCOs also report to regional chief compliance officers who, in turn, report to the newly created position of international chief compliance officer. Jorgenson sits at the top of that pyramid.
“The job of a compliance officer isn't an easy one, because there isn't a text book or standard to tell you if you are doing the right thing in your compliance program.”
Chief Compliance Officer,
Walmart's e-commerce operations, based in California, was given its own CCO, who reports directly to headquarters. A global anti-corruption team also has officers stationed in each country and reporting back to Jorgensen. “Walmart's supply chain is enormous,” he added. “I've been staggered by how much of the world supplies products us. And so, we also have a compliance division for our supply chain.”
The next step: Compliance personnel in each country were asked to evaluate their program's effectiveness, the risks they face, and what they see as critical missions. “We tried to harmonize and leverage each others' experiences so that we could have consistent standards and a way of working together,” Jorgensen said.
Subject Matter Experts
These assessments were melded with a company-wide assessment to form 14 core responsibilities for the compliance department, among them: anti-trust, anti-corruption, anti-money laundering, labor, environment, privacy, food safety, licenses, and permitting. “PhD level experts” in each area were then sought out and hired, he explained. For example, a food safety expert was lured away from Disney. In total, these and other changes have created a compliance function with more than 2,000 employees and growing.
Walmart CCO Jay Jorgensen offers other compliance chiefs somce advice: “To keep your compliance program fresh it has to change as the business changes and not be complacent with what you've got.”
With these experts in place, and a $100 million investment in new compliance technology, Jorgensen is building a process to monitor individual stores and flag localized problems that could grow into larger issues. No longer can compliance be “over in the corner,” he said, describing “continuous improvement teams” that travel from location to location looking at different potential problems, such as food storage, security, and labor issues. Particular care is given to permits and licenses—it currently takes 170,000 licenses to run its stores—with that data for the first time being centralized. Technology is also being improved to offer much-needed transparency into the company's massive, sprawling supply chain. “Paper can't see trends,” Jorgensen said, explaining that the new databases can now automatically detect red flags and send a warning to him and other compliance leaders.
Tying Compensation to Compliance
The overhaul didn't end there. Jorgensen said that one of the reasons he decided to take the job was that executives were sincere about doing whatever it would take to build a world-class compliance program. The company's next move was to get executives to put their money where their mouth is, by tying discretionary pay to compliance objectives. Walmart's audit committee developed 60 compliance-related goals for named executive officers—from improved training to bringing order to a globally scattered IT system. The company's compensation and nominating & governance committee then tied those goals to financial incentives. Meeting goals meant bigger bonuses, while missed targets sliced away at rewards.
Among the questions Jorgensen fielded from the audience was how he stays focused on long-term plans and priorities when Walmart is so very often a political football, dragged into nearly every public policy issue by politicians and activists. He stressed the importance of having a long-term, written plan and encouraging the board and executives to stick to it.
“There's a real danger if compliance is the crisis of the minute and that whatever is being reported in the Wall Street Journal tonight is what we will talk about tomorrow,” he said. “That is true for any size company. Whether your company is 10 people or 10,000 people, there is the risk of being pulled into day-by-day crisis management. By having our goals we are able to keep our eye on the long ball.”
WALMART'S COMPLIANCE FAMILY TREE
The following chart outlines how Walmart scales its compliance efforts throughout its global operations.
Walmart still has a lot of work to do and damage to repair, Jorgensen added. “I feel this is a multi-year” journey,” he said. “We want to move from a position where we are on the defensive, through middle of the road, and to becoming a leading company.”
Jorgensen's assessment of what contributed to problems at Walmart led into his advice for compliance officers. “To keep your compliance program fresh it has to change as the business changes and not be complacent with what you've got. The hardest thing for a compliance officer may be when everything is going swimmingly to say, ‘no we are still not going to do this great deal.' The challenge we have now, because we have our issues, is to delve a little deeper and ask what more we can do.”