The Compliance Week Europe conference, an annual event held last week in Brussels, drew attendees from 22 countries, many of whom represented companies that do business in an even greater number of nations. Building and maintaining an effective compliance program that is consistent across multinational borders is not an easy feat, but more companies are finding it essential to do it.

“Don’t just sit in your ivory tower at headquarters sending out e-mails once a month,” advises Sofia Halfmann, head of the compliance office for DHL Global Forwarding, which does business in nearly every country around the globe. “You really need to ensure you have a stakeholder in the country who knows the language, knows the cultural difficulties, and works with people to gain more credibility and make sure your compliance program is implemented.”

It may seem common sense, but compliance officers must be very aware that each market has its own unique characteristics to consider. “It is much more difficult to interact in Nigeria than in Norway,” Halfmann said.

Sapan Singh, a director of compliance for Stryker Osteonics, which sells medical devices in more than 100 countries and has more than 25,000 global employees, says that compliance needs to pay close attention to the specific risks that are present in different countries. His focus is on compliance in Eastern Europe, India, the Middle East, and Africa. In those regions, top risks are corruption and bribery followed closely by geopolitical threats.

“If you have a compliance program in this region you have to be very innovative and very flexible to adapt to changing situations,” Singh says. “The political stability that exists in western countries does not exist in these parts of the world.”

“You really need to ensure you have a stakeholder in the country who knows the language, knows the cultural difficulties, and works with people to gain more credibility and make sure your compliance program is implemented.”
Sofia Halfmann, Head of the Compliance Office, DHL Global Forwarding

Compliance officers usually find it difficult to balance the need for standards and a unified approach to compliance with the need to tailor compliance to the specific needs of any one country. A common mistake, Singh says, is that many policies are pushed out from western countries. “What you see are policies and procedures that may not apply to the region you are operating in,” he says. “It is a whole different world.”

Third-Party Risk

By nature, multinational companies, like Stryker, rely heavily on third-party entities, specifically dealers, distributors, and vendors. That also poses a threat. Recent research by EY uncovered that nearly 90 percent of Foreign Corrupt Practices Act violations involved third parties. “We have to rely on third parties,” Singh said. “We can’t do business without them. They have the local knowledge and expertise that we need.”

A mistake many make is to treat these partnerships, from a due diligence perspective. “It’s like a blind date,” Singh said. “You might Google the person you are going out with,” he explained. “You have to do a lot more when you enter into a third-party relationship. It is an area that is often overlooked by companies because they have this false sense of security that what happens with a third party won’t affect them. The FCPA liability will carry forward onto you. If your third-party partners are misbehaving in the region they are in, the law will not make the distinction that this is a third party.”

Companies also often miss the boat on ongoing monitoring of third parties, an oversight Singh blames on the volume of third parties many global companies have. “A lot of companies have hundreds, if not thousands, of dealers and distributors in emerging markets. How do we effectively monitor them? ‘Risk-based approach’ is a term that is thrown out a lot, but it is actually very difficult to do. How do I divide my countries? What index do I use? Do I go by the number of sales we have in a country or the number of issues we have in a country?”

The ultimate approach to risk has to be tailored to the region you are operating in,” Singh advises. “Ongoing monitoring does not mean you are going to audit every dealer that you have every year,” he adds. “If you have the money to do so, great, but most companies don’t have that capacity and those resources.”

Think Locally

Shipping giant DHL has a network of local stakeholders and a system of regional compliance officers, Halfmann said. In-country, compliance functions are staffed by part-time personnel; regional overseers are full-time staff. “We would like to grow more, but probably every compliance officer thinks that too,” she said.

Success depends on how even the most far-flung locale is made part of the company’s compliance family. “What’s important is that you travel a lot and go into these countries to do workshops and train them,” Halfmann says. “It is really amazing how much they appreciate it when you talk to them about what their issues and problems are. You also need to train them on global anti-corruption laws, as many are not aware that whatever they do locally has an effect globally.”

To check that middle managers overseas are making needed compliance efforts on a daily basis, Halfmann says she will hit them with the compliance variation of a pop quiz, asking, for example, if they can send a picture of a required hotline poster.

Singh stressed localized training. “The key word is ‘localized’ and not just using communications that were designed for the United States and Europe,” he said. “Not only is the language different, but the context is completely missed.” He pointed out that, for example, in Russian there is no direct translation for the word integrity. What may be a common colloquialism in the United States will makes no sense in East Africa or India. “It is very important we tailor these training and communications to local languages, in a context that is local,” he said.

Speaking Out

Among the core building blocks of a successful, international compliance program is an effective whistleblower program, the panelists agreed. The importance of speak-up hotlines and similar tools is that they help protect a company’s valuable reputation, said Daniel Kline, managing director for EMEA (Europe, the Middle East, and Africa) for NAVEX Global.

“We are seeing some very specific things in terms of what helps or hinders a global program,” Kline said. Given the hard-fought talent war among companies to recruit and retain talent, negative headlines can have a lasting, detrimental effect.

“The biggest fight for compliance and ethics professionals is the perception of compliance within the business,” Kline added. “You can have all the infrastructure in place in terms of policies and procedures, but it’s the perception out in the field that really matters.”

Get Employees With the Plan

Kline cited additional research from the Compliance and Ethics Leadership council that delved into why employees may not report incidents to a superior or back to headquarters. Among them: a belief that someone else will report the incident; concern about preserving their anonymity; fear of retaliation; and not feeling empowered to report. Conversely, many of those who did speak out felt that if they didn’t, no one else would.

“Make sure people don’t fear retaliation, [they] will be supported in the process, and that the company is really going to take action,” Kline said. “What really matters out in the field is the sense of organizational justice.”

Some companies are moving beyond traditional proclamations of “zero tolerance” for misconduct, he added. This approach can often backfire and create fear among employees, discouraging them from stepping forward.

“You’ve got to have legal defensibility and all the infrastructure, but at the end of the day you need to win hearts and minds,” Kline said. “That’s really hard to do, especially in frontier markets where it is hard to do business. You are being pushed in many difficult ways that go against the values and standards of the business.”

“At the end of the day, we need to understand that whistleblowers are people who do the right things for the right reasons,” George Zeris, head of global compliance for Frigoglass, said. “More important than legislation is the existence of a culture that is conducive to whistleblowers.”

“In many countries, whistleblowing is considered an act of disloyalty, but a carefully developed speak-up policy, which encourages good faith and discourages frivolous complaints, can be successful,” said Zeris.

Singh said the internal perception of a company’s compliance program should evolve over time. “Compliance is not my job or my team’s job, it is everybody’s job,” he said. “If management doesn’t set the tone, there is nothing I can do to stop bad things from happening.”