Red Book 2.0 Released by OCEG with the GRC Capability Model

oceg_logo1

The Open Compliance and Ethics Group has released the second version of its Red Book about compliance models. OCEG’s Red Book 2.0 provides a guide for implementing and managing a GRC system or aspect of that system. That means Governance, Risk, and Compliance. Red Book 1, which came out in 2005, focused on “getting the compliance house in order.” This version takes a more holistic approach of incorporating the various elements as part of business processes.

It weighs in at 255 pages so I have lots of reading ahead.

See:

Attorney-Client Privilege and Internal Investigations

Two cases illustrate some of the problems with the use of outside counsel for internal investigations. The possibility that a conflict of interest could arise when an attorney or law firm simultaneously represents an organization and one or more of its officers or directors is a recurring issue.

A ruling earlier this month by U.S. District Judge Cormac Carney made a stark warning to lawyers that they need to warn a company’s employees in internal company investigations that they represent the company, not the employee. Judge Carney dismissed portions of the government’s criminal case against William J. Ruehle, the former CFO of Broadcom Corp. after finding that the law firm hired by Broadcom to review possibly illegal stock-option grants failed to explain clearly to the executive that it wasn’t representing him. Irell & Manella was involved in three separate but related representation of Broadcom and Mr. Ruehle.

Judge Carney ruled that Mr. Ruehls’s statements are privileged because he “reasonably believed that the lawyers were meeting with him as his personal lawyers, not just Broadcom’s lawyers. Mr. Ruehle has a reasonable expectation that whatever he said to the Irell lawyers would be maintained in confidence.”

Judge Carney mentioned an Upjohn warning or “corporate miranda” to inform a constituent member or an organization that the the attorney represent the organization and not the constituent member. The Judge ruled that the Upjohn warning would not be sufficient because Mr. Ruehle was already a client of Irell. The judge threw the statements of Mr. Ruehle out of evidence and also referred the law firm to the California state bar for disciplinary action.

A similar issue recently arose during the government investigation of R. Allen Stanford. Proskauer Rose lawyer Thomas Sjoblom accompanied Stanford Financial Group’ Chief Investment Officer Laura Pendergest-Holt to an SEC investigation. According to the Wall Street Journal, he said during the testimony that he represented Mr. Stanford and officers and directors of his affiliated entities. Ms. Pendergest-Holt believed he was representing her. She got indicted and is now suing Sjoblom for malpractice. She alleges that Sjoblom caused her to speak to the SEC without informing her of her Fifth Amendment rights against self-incrimination, that she was not required to testify, that she had no attorney-client privilege with him and that the interests of her employer were adverse to her interests

If you hire an outside law firm as part of an investigation, you need to make it clear that the lawyers represent the company and not the employee or executive. The lawyers need to be clear as well since they are likely to be subject to an ethics complaint or malpractice suit if they are not clear.

See:

2009 World’s Most Ethical Companies

ethisphere

Ethisphere has published its collection of 2009 World’s Most Ethical Companies. Twenty companies dropped off the 2008 list and 25 new ones were added, leaving a list of 99 companies.

Who caught my eye was Jones Lang LaSalle, a real estate company (one of my company’s business relationships) who was back on the list again. They seem to be the benchmark for the real estate industry.

(The Ethisphere website has been up and down all day. Try back later if the links are not working)

What Can We Learn About Compliance Programs From a Robot

tweenbot

We all need some help if we want to get to our destination. I was struck by Kacie Kinzer’s experiment using this “tweenbot” in New York City. “Tweenbots are human-dependent robots that navigate the city with the help of pedestrians they encounter. Rolling at a constant speed, in a straight line, Tweenbots have a destination displayed on a flag, and rely on people they meet to read this flag and to aim them in the right direction to reach their goal.”

This simple little robot, that can only roll in a straight direction at a constant speed, made it from Northeast Corner of Washington Park in NYC to the Southwest Corner of the park. It took 29 people to intervene: pushing the little robot in the right direction, pulling it out form under park benches, and redirecting it away from the curb.

I think there are some lessons that a compliance professional can learn from this experiment:

  • Simplicity works
  • Put on a human face
  • Have a clear goal
  • Allow others to help you

Are there any other lessons that you saw?

Here is a video showing parts of the Tweenbot’s journey through Washington Park:

Thanks to Jenny Williams from GeekDad for this story: Tweenbots: Help a Lost Robot Find Its Way.

The 4 Ps of the Internet: Personal, Private, Professional, and Public

4_ps_of_social_internet

I often hear the challenge of using the social internet as struggling with the balance of social (or personal) information and professional information. This never seemed to frame the issues correctly for me. Was it really one or the other?

So I started thinking about the 4 Ps: Personal, Private, Professional, and Public.

These seemed to be the terms that most people talked about. Many people struggle with the balance of what information they make available on the internet. Some of this was information published through personal choice. Some of this was information published because it is public information.

If you are a professional, you are marketing yourself and want some of your professional career public. Conversely, there are aspects of your social life that you want to be private. But there are many personal things you would want to be public and some professional things that you would want to be private. There was a struggle with balance, but was it really one against the other.

So I sat down with the 4 Ps and tried to draw out my thoughts to see if I could change this analysis. I came up with this drawing:

4_ps_of_social_internet

There is the balance of professional versus personal and another balance of private versus public. With any item of information you need to evaluate which area it falls into. Public and professional information is in the green zone and can go right out there. Meanwhile the personal and private information is in the red zone and you want to hold on tight to it.

So what goes in the yellow zone? An example for me is my kids. I often talk about The Son and The Daughter, but rarely use their actual names. I put up a few pictures of them but in more limited location.

What about the orange zone? I am sure everyone has some black marks in their professional career that they want to keep out of the public eye. (Not me of course!) If you are a lawyer and have a disciplinary action against you, that may be public knowledge. You may not want to publicize it. (Avvo does!)

What do you think of this analysis?

Corresponding with Cornelius – a new series of blog posts

200-state-street

Not all of my online conversations take place here at Compliance Building. I try to make as many comments in other places as I do here. Twitter is a sporadic stream of thoughts, comments, and replies. I also try to leave as many comments on other blogs as I do posts here. I think you should join some of those other conversations. Here are some other blog posts that caught my eye and made me leave some commentary.

Corresponding with Cornelius on Collaboration with Clients by David Hobbie at Caselines

A follow up to my earlier post on Extranets for law Firm and Client Collaboration

Why Corporate Ethics is Usually an Oxymoron by Charles Green of Trust Matters

Charlie does not like the idea of ethics being treated as separate process and an individual course. I agreed.

Live Events in the Age of Social Media by Bill Pollak of Incisive Media

Bill points out the ways Twitter and the social internet are changing the ways conferences are run and what happens after. I point out that they are also changing what happens before the conference.

How Are Lawyers using Twitter by Simon Chester on Slaw.ca

I share the ways I use Twitter.

Training: What Works? By Alexandra Wrage on the wrageblog

A great grouping of four types of workers in anti-bribery training. I note that the same paradigm can be applied to most compliance and ethics training.

Social Networks and Employer Branding by Brand for Talent

Mark and I are writing some guidelines on the use of social media for our readers. We invite you to join the conversation.Let us know how you think we can embrace these tools versus police them. I offered up my draft blogging / social internet policy.

The Three Types of Collaboration by Jordan Furlong of Law 21

Jordan sets out a paradigm of three types of collaboration: Lawyer-to-lawyer, lawyer-to-client, and client-to-client. It is one of the few times I have disagreed with Jordan.

I have to credit David Hobbie with coming up with the phrase “Corresponding with Cornelius” which led to this blog post title and this new series of blog posts. (At least new for me.)

Carried Interest Tax Legislation

congressman sandy levin

We saw in the Obama budget (A New Era of Responsibility) that the administration was looking to raise revenue by taxing the carried interest for private investment funds. I was waiting to see how that one line item in the budget might translate into actual legislation and a change in tax policy. Congressman Sandy Levin from the 12th District of Michigan introduced the first attempt: H.R. 1935.

The changes in H.R. 1935 are focused on taxing the carried interest only to the extent the fund managers did not have an underlying investment in the fund. The bill proposes a new section 710 to the Internal Revenue Code in Subchapter K. Any net income from an “investment services partnership interest” will be treated as ordinary income and any net loss will be treated as ordinary loss.

Investment services partnership interest” means

any interest in a partnership which is held by any person if it was reasonably expected (at the time that such person acquired such interest) that such person (or any person related to such person) would provide (directly or indirectly) a substantial quantity of any of the following services:

(A) Advising as to the advisability of investing in, purchasing, or selling any specified asset.
(B) Managing, acquiring, or disposing of any specified asset.
(C) Arranging financing with respect to acquiring specified assets.
(D) Any activity in support of any service described in subparagraphs (A) through (C).

There is an exception for “qualified capital interest” which will not be converted to ordinary income or loss, so long as the income, gain, loss, or deduction allocated to the “qualified capital interest” is in the same manner as it is to other partners and that those allocations are significant.

Qualified capital interest” means so much of a partner’s interest in the capital of the partnership as is attributable to:

(i) the fair market value of any money or other property contributed to the partnership in exchange for such interest,
(ii) any amounts which have been included in gross income under section 83 with respect to the transfer of such interest, and
(iii) the excess (if any) of–

(I) any items of income and gain taken into account under section 702 with respect to such interest for taxable years to which this section applies, over
(II) any items of deduction and loss so taken into account.

This would seem to prevent private investment fund managers from converting a management fee into a partnership interest in the fund. I have not figured out how this affects a performance-based promote allocation in a fund structure.

As the Congressman characterizes the legislation in his press release:

“The legislation clarifies that any income received from a partnership, capital or otherwise, in compensation for services provided by the employee is subject to ordinary tax rates. As a result, the managers of investment partnerships who receive a carried interest as compensation will pay regular income tax rates rather than capital gains rates on that compensation. The capital gains rate will continue to apply to the extent that the managers’ income represents a reasonable return on capital they have actually invested themselves in the partnership.”

Since the bill was only introduced last week, it is too early to start changing things to address the changes in this bill. The bill may not pass and it may end up looking very different after it goes through the legislative meat grinder.

See also:

Document Behaviors

A version of this post originally appeared in my old blog: KM Space.

I have been focusing a lot of attention on the behaviors towards documents. After all, a wiki page is just another type of document. When producing documents, I have noted five types of behaviors: collaborative, accretive, iterative, competitive and adversarial.

Collaborative
With collaborative behavior, there are multiple authors each with free reign to add content and edit existing content in a document, and they do so.

Accretive
With accretive behavior, authors add content, but rarely edit or update the existing content. Accretive behavior is seen more often in email than documents. Each response is added on top of the existing string of information with no one synthesizing the information in a coherent manner. I have seen this in wikis as well where people will add content but not edit others content.

Iterative
With iterative behavior, existing content is copied to a new document. The document stands on its own as a separate instance of content. The accretive behavior is distinguished from the iterative behavior by the grouping of similar content together. With accretive behavior the content is being added to the same document, effectively editing the document. With iterative behavior, the person creates a new document rather than adding to an existing document.

Competitive
With competitive document behavior, there is a single author who seeks comments and edits to the document as a way to improve the content. However, interim drafts and thoughts are kept from the commenters. The transmission of the content to a client or a more senior person inside the firm will result in a competitive behavior.

Adversarial
Adversarial behavior is where the authors are actually competing for changes to the content for their own benefit. Although there may be a common goal, the parties may be seeking different paths to that goal or even have different definitions of the goal.

Collaborative, accretive and iterative content production are largely internal behaviors. Competitive and adversarial are largely external document behaviors. Of course, a document may end up with any or all of these behaviors during its lifecycle.

I decided to re-post and update this based on Jordan Furlong’s The three types of collaboration on Law 21. Jordan set up three types of lawyer collaboration lawyer-to-lawyer, lawyer-to-client, and client-to-client. Read his post and let us know how you think we can mesh these two concepts together.

See also:

Breaking Down Compliance Silos: The Cost-Effective Approach to Managing Compliance

Michael Rasmussen, President of Corporate Integrity, Julian Parkin, Group Privacy Programme Director at Barclays, and John Kelly, Director at OpenPages, spoke in a webinar on taking a strategic approach to managing compliance. The webinar was sponsored by Compliance Week. These are my notes.

Michael set the stage by asking: Does your organization walk its talk? He equated risk to an iceberg. You have a big chunk of risk awareness visible to many. But 90% of it is below the surface. He equated that 90% to “risk ignorance.” As you might expect with a graphic of an iceberg, he used a Titanic metaphor.

A soloed approach to GRC leads to a lack of visibility, wasted resources, unnecessary complexity, a lack of flexibility, and vulnerability. Compliance is NOT going away. It is a business process that is only increasing in volume and complexity.

barclays

Julian took over and started with a focus on data privacy and operational risk. Many companies come into compliance because they have an “incident.” As a financial institution, they are very concerned with customer data and how their employees treat it. They focused not only on the stored data, but their hardware as well.

Barclays used this great branding tool to reinforce the message. There were several instances where they took a laptop left alone or other data source, leaving just this postcard behind. For them it is important for them to show to their customers that their information is safe with them, just as their money is safe with them.

John took over to display some of his company’s IT solutions for compliance. He pointed out that a spreadsheet fails as a compliance tool because it lacks the audit trail to show what infotmation was known when.