Striving For First-Class Corporate Compliance In A Changing World

Tuesday, August 7, 2012 - 09:15

The Editor interviews Mark Nielsen, Associate General Counsel and Chief Compliance Officer of Praxair, Inc. Previously, he served as Chief Legal Counsel to Massachusetts Governor Mitt Romney. In the 1990s, he was a Connecticut State Senator.

Editor: Please describe Praxair, including its global reach.

Nielsen: Praxair, Inc. is the largest industrial gases company in North and South America, and one of the largest worldwide, with 2011 sales of $11 billion. The Company has operations in approximately 30 countries. We produce and sell atmospheric and specialty gases including oxygen, hydrogen and helium to a wide variety of industries, including aerospace, chemicals, food and beverage, electronics, energy, healthcare, manufacturing and metals.

Editor: How would you describe the company’s compliance program?

Nielsen: Praxair has a strong performance culture, and so we use measurement and metrics to drive appropriate behaviors. Few things are better at riveting attention than giving report cards.

Our compliance architecture centers on local compliance review boards (referred to as “CRBs”), that are embedded in our regional business units and serve to operationalize our compliance program in each region. The CRBs are cross-functional groups of business unit leaders who meet quarterly to assess compliance results, review program effectiveness, and attempt to anticipate new issues. We currently have 27 CRBs operating globally. The CRBs report the compliance results for their business units using a series of uniform compliance metrics prescribed by the Corporate CRB.  These metrics focus on adherence to process standards (e.g., were all integrity incidents timely reported and investigated?) as well as more substantive requirements (e.g., did all engagements of governmental relations consultants include FCPA warranties?).

A second key component of our compliance program is mandatory compliance training. Employees are required to complete a certain number of online compliance modules, tailored to the company’s specific risk profile and compliance vulnerabilities. The modules include a multiple-choice test as part of the employee’s demonstration of satisfactory completion. Our core compliance modules cover the Foreign Corrupt Practices Act (FCPA), antitrust, and doing business with the government. These modules are updated regularly to reflect changes in the law and to provide fresh material for the users. In addition, subject matter lawyers are identified in the training modules as additional resources for employees with further questions.

Assignment of each of these core modules to all employees above a certain level reflects our belief that these three areas of regulation pose the greatest enterprise-wide risks. Our goal is to make a basic understanding of these regulatory areas part of Praxair’s ingrained culture, or DNA, similar to its commitment to safety.

In addition to the core training modules, we have additional online training modules. For instance, we spend considerable time on export-import compliance, especially since this is a complex regulatory field and approximately 60 percent of our business is outside of the United States. In addition, as a publicly traded company, we devote special attention to Sarbanes-Oxley and other SEC compliance requirements. We also have strong environmental and safety compliance processes.

A third key component of our compliance program is our code of conduct, which we call our Standards of Business Integrity (“SBI”). Our SBI is written in plain language, providing both rules of conduct and practical examples of how these rules apply in every-day situations. The SBI covers a broad array of compliance topics, but the message is always the same: each employee is expected to comply with the highest standard of ethics and integrity. Every year, all exempt employees and the members of our Board of Directors provide written certification of their continued adherence to the Praxair SBI.

Another important facet of our compliance regime is our Integrity Hotline and related policy of non-retaliation against anyone using the Hotline to report any integrity incident or issue. Our Hotline is available 24/7 globally, and is staffed by an independent, third-party service. Reports can be made by name or anonymously.  The company is committed to running-to-ground all reported issues and, to the extent possible, disclosing the outcome of investigations. The existence of a well-operating Hotline builds the program’s credibility among employees, managers and regulators. 

Editor: What factors make a compliance program effective?

Nielsen: To be effective, a compliance program must be real, not just a box-checking exercise, a set of high-minded principles, or another chapter in the policy manual. The program must be tailored to the company’s specific risk profile and compliance vulnerabilities. It needs to be subject to internal and independent auditing, and have buy-in from the top level of management and the board.  The tone at the top – the degree to which the board and senior management embrace the program and its goals – is paramount.

Boards are becoming increasingly engaged in compliance, which is a good thing.  Following the wave of corporate scandals at the beginning of the last decade, which resulted in the enactment of Sarbanes-Oxley, boards began to focus more on monitoring the integrity of financial statements and controls, and setting high expectations for accuracy and transparency in financial reporting. Now the compliance role of boards is becoming even broader. Boards are moving beyond financial reporting and toward a greater role in overall enterprise risk management.  Boards are taking an active role in monitoring all big-picture risks, particularly those that might affect the company’s public reputation. This helps in establishing the right tone at the top.

Editor: What has been the effect, if any, of Dodd-Frank and the SEC’s whistleblower provisions on Praxair’s compliance program?

Nielsen: On occasion, an internal investigation will be necessary to evaluate and resolve allegations that a company’s compliance requirements may have been violated. The extraordinary whistleblower incentives established by Dodd-Frank will undoubtedly increase the need for such investigations.

The mindset to conduct prompt internal investigations is essential to a compliance program’s credibility. The investigative component of a compliance program ensures that employees know that accountability exists and merits considerable planning and thought. It is helpful to have an established protocol to guide decisions as to who will conduct what types of inquiries, how the results of those inquiries will be addressed, and timelines for corrective actions.

Sometimes inquiries need to be conducted by outside counsel because of the complexity of the issues involved, or because of the likelihood of follow-on civil litigation or enforcement activity. After developing an understanding of the facts, judgments need to be made regarding discipline, disclosure, and process corrections to prevent future lapses.

All of this enhances the trustworthiness and standing of the compliance program. A compliance program without a well-developed investigative capability would not be viewed by the enforcement community as a robust, meaningful program. Investigations also provide valuable learnings that can be used to fine tune policies and enhance training.

Editor: Do you face special compliance challenges in developing countries? 

Nielsen: Yes, definitely. We operate in numerous countries with challenging legal climates because they have historical cultures of corruption that are widely known and reported through services such as Transparency International’s Corruption Perception Index. Such countries may also have poor transparency in their regulatory and permitting processes, as well as spotty enforcement. So far, we have navigated these challenges without any FCPA issues or other major compliance stumble, and I want to keep it that way.

Editor: What pieces of guidance would you offer?

Nielsen: Several. One is that companies must take care to know their agents and consultants very well. Anyone authorized to interact with government officials on the company’s behalf should be subjected to a thorough background check. One cannot assume that an agent or consultant is acceptable solely because he or she represents other well-known multinationals. Third-party background checks are a must.

Another must is attention to so-called “red flags.” These include proposals for large success fees, any unusual or vaguely worded items appearing on an agent’s invoice, requests that payments be diverted to third parties, and the like.

When a proposed payment or course of action seems dubious, companies should be wary of any assurance from their agents that “this is the way things are always done here.” Such assurances are perhaps best translated “this is trouble.”

Editor: What do you mean by “poor transparency” with respect to regulation and permitting?

Nielsen: A company will sometimes be told by host-country officials that written rules or regulations are unavailable. In a number of cases, we have been told that regulations are “internal documents” that cannot be released.

It is important to know the distinctions between local custom or practice, on the one hand, and local law, on the other. Conforming the company’s actions to local practice is not good enough if the letter of the law requires more. Where the relevant laws are not readily available in writing, companies should attempt to escalate their requests for guidance to the highest applicable governmental authority and thereby dispel any notion that they are looking for shortcuts. Of course, this will frequently be quite difficult. This type of escalation effort will be time-consuming and often will require the involvement of in-house and outside counsel, but it is clearly advisable to help mitigate risks that can be considerable.

Editor: How does Praxair cope with differences between FCPA, the UK Bribery Act, and similar legislation in other countries?

Nielsen: In addition to training employees on the nuances of local anticorruption laws, our generalized training is geared to the most stringent standards that exist under any country’s law, which has traditionally meant the FCPA.  As the question suggests, however, other anticorruption laws are now sometimes more stringent than the FCPA in certain respects. For example, the UK Bribery Act covers corrupt payments involving private decision makers and government officials alike. This is yet another reason why companies must be well versed in the latest anticorruption developments and remain vigilant.

Editor: How are compliance standards affected by foreign prosecutors sharing information?

Nielsen: This trend increases the need for the highest compliance standards.  Companies are faced with increasingly daunting enforcement trends globally, including unprecedented levels of cooperation between prosecutors from different countries, so companies have every incentive to build robust compliance programs.  Prosecutors frequently look to the top of an organization to determine whether alleged misconduct was tolerated, or even implicitly encouraged, or whether a strong compliance regime was put in place to prevent such conduct.

The establishment of a meaningful compliance program, accompanied by a strong tone at the top from senior management and the board, matters greatly. An organization with a record of prior violations may experience greater difficulty in demonstrating its good faith. And a compliance program that seems half-hearted or mechanical will be viewed with considerable skepticism. The presence of a vibrant compliance program may shape a prosecutor’s view of appropriate sanctions, as well as the scope of monitoring in any deferred prosecution arrangement.

While an effective compliance program is not a cure-all, and does not provide complete protection against all enforcement actions, it should mitigate the risk of an enforcement action, either by deterring misconduct to begin with or, in the event of a lapse, helping to make the case for mitigated penalties.

Editor: What is the role of outside counsel in an effective compliance program?

Nielsen: Outside counsel can contribute in a variety of ways. Most importantly, there are times when an internal investigation can best be performed by outside counsel because of the perceived need for greater independence, possible privilege protection, or because of scope and resource demands. Outside counsel can be particularly helpful if there is a likelihood of follow-on enforcement actions or civil litigation.

Editor: How has your public sector experience informed your leadership of Praxair’s compliance program?

Nielsen: I spent two terms as a State Senator in Connecticut, and that background probably gives me a heightened sensitivity to reputational risk. In the political world, I saw instances where a positive reputation, painstakingly built over the span of years, could be lost overnight. The same is true in the business world, especially in today's media environment, which is marked by much antagonism toward large corporations. To me, the existence of this environment means that companies need to invest in compliance, and constantly be on their guard.