At Compliance Week’s annual conference in June, former SEC Chairman and Compliance Week Columnist Harvey Pitt delivered the closing keynote address. In this edition, we reprint his speech.
A gracious good morning.
I’m pleased to participate in Compliance Week’s 2007 Annual Conference on Governance, Risk & Compliance. As always, [Compliance Week founders] Scott Cohen and Frank Hertz are to be commended for putting together an exciting program of important and timely topics and an impressive array of knowledgeable speakers, present company excluded, of course. I wonder, however, what they were thinking when they positioned me on the agenda as the last speaker before lunch and also the last speaker of the conference. Following the likes of Ben Stein, [SEC Division of Corporation Finance director] John White, and [Department of Justice white-collar fraud chief] John Roth, and I’m like the dog act following the striptease!
I was asked to talk about the fact that, sometimes, bad things happen to good companies, and what you can do—either to prevent them from happening, or to deal with them should they occur. In 1949, an engineer at Edwards Air Force Base created a harness for a rocket-powered sled designed to test how much acceleration and deceleration a human being could tolerate. Unfortunately, the test failed and the sled’s passenger was blinded, fortunately only temporarily. The engineer, Captain Edward A. Murphy, Jr., later discovered the cause of the failure: improper wiring. Exasperated, Captain Murphy snidely observed—apparently, to no one in particular—that if there were two ways to do something, and one way could result in catastrophe, the route that would produce disaster would invariably be chosen. According to the military publication Desert Wings, Murphy’s Air Force colleagues heard his protracted harangue and adopted it as their mantra. Before long, “Murphy's Law” entered the common American vernacular; the term became a dictionary entry nine years later, in 1958.
Murphy’s Law—or whatever it’s been called and long before Captain Murphy effectively named it—is an accurate description of some companies’ tendencies to shoot themselves in the foot. Passage of Sarbanes-Oxley and the myriad rules designed to implement it were seen by some as a way of preventing the types of destructive behavior that grew from seeds planted in the over-exuberant 1990s. But preventing catastrophes and crises takes more than legislation, regulation, or even prosecution. Those are the government’s tools, wielded to provide a clear articulation of national policy as well as a measure of protection for those the federal securities laws were designed to protect. For companies and financial institutions, there are steps that can be taken to minimize the effects of, or eliminate the possibility of, a crisis.
Companies that prepare have the best chance of surviving a corporate crisis. The reality of a crisis situation is that when the bad news hits, an organization has little or no lead time to prepare an on-the-spot intelligent response to its shareholders—and to the regulators and media that are circling. The central objective for companies is to prepare ahead of time by identifying potential problems and developing processes for responding to them.
Because it’s a corporate fact of life that a crisis will arise at some point, when a problem has been identified, the race is to the swift, and the critical goal for a company is to get on top of the problem immediately. Lapses between discovery and action usually result in even worse things happening to the company. It’s of the essence for an organization to put in motion a crisis management plan for defining the problem and its scope, and then determining what the appropriate responses will be.
In an emergency, one has to avoid what I call the Al Haig problem—you surely recall the Nixon Administration’s crisis and Haig taking a podium to announce that he was in charge. It’s critical to know who will be responsible for what. An effective crisis management plan assigns to a senior executive, or executives, the authority to declare a crisis, as well as the authority to make decisions and the responsibility for implementing the plan. Well-prepared companies will have standing crisis management teams ready to go when a crisis hits. The team should include legal counsel, investigators, and personnel from the company’s financial, technical, public relations, marketing, investor relations, and employee relations departments. All personnel involved in managing a crisis must be assigned their roles and be able to respond immediately and effectively—and, obviously, it’s extremely important to maintain up-to-date information on how to reach each person on the team.
In addition to an internal crisis management team, a company should be prepared to budget for and secure necessary external resources to deal with the problem. If independent fact-finding is warranted, and it usually is, it must truly be independent. This means that fact-finding and analysis must be done by people who have no reason to curry favor with the company, or cover up their own mistakes. If senior managers may be implicated in suspected wrongdoing, it’s a mistake to have them lead the internal inquiry. Neither should the company’s regular outside service providers be put in charge of the internal investigation.
Another important consideration is to make sure the internal inquiry has sufficient flexibility to explore unanticipated avenues. Although authorizing an internal investigation is a good sign of great intentions, the inquiry needs to have room to explore issues that surface only after the inquiry commences. Trying to cabin the process artificially will only denigrate the credibility of the effort, and may necessitate having to do a second inquiry—a horrific prospect for any organization. Companies also need to make certain the internal investigation is conducted in a manner that lets the company share the fruits of the inquiry with the government. The most effective way to proceed is to assume that at least some of the inquiry’s product will need to be shared with the government (and perhaps others), and plan accordingly from the outset.
An essential component of any crisis management plan is the creation—and communication—of a document retention policy. Companies must put into practice the e-discovery rules that went into effect in December 2006. As soon as a company is reasonably able to anticipate an investigation or litigation, the company must impose a litigation hold that will effectively preserve electronically stored information, or ESI. It is not enough to send a “STOP SHREDDING” memorandum throughout the office; this litigation hold must be specifically tailored to stop the routine destruction of relevant ESI. A willful failure to issue and enforce a litigation hold can lead a company into a world of hurt, from which it may not be able to recover.
With this in mind, I’d like to reflect on some of the mistakes we’ve seen good companies grapple with, or successfully avoid, over the past few years. To protect the innocent (or uncharged), names aren’t used:
Believe that others can and will sniff out your problems. For many companies and firms, there isn’t ever a problem unless and until someone else tells them there is. Put another way, some folks believe that you’re only sick if a doctor tells you you’re sick; up until then, you’re healthy. As intellectually mystifying as this common mistake seems, emotionally it’s quite seductive. Smart companies and their managers, however, know that just because it seems as if everything’s alright, it isn’t necessarily the case.
Even ostriches can run pretty fast. Since problems are an inevitable part of corporate life, especially for corporations of any meaningful size, finding problems first is absolutely critical. When companies affirmatively look for problems before problems find them, they obtain the most essential tool for avoiding the consequences of Murphy’s Law—the time and space to understand the problem, its magnitude, and the most effective remediation tools.
A friend in need is often very lonely. Waiting to interface with regulators until you really need them is a sure-fire prescription for disaster. Human nature being what it is, most folks are naturally suspicious when they’re greeted for the first time by those seeking their help. The time to get to know regulators is before you need them. When there’s nothing on the table, conversations can be a lot more pleasant, and meaningful relationships can actually be forged. Indeed, it’s possible to be of “assistance” to regulators, too, by letting them in on timely information about your company, products or services, and industry sector.
Beware the “unk-unks.” My mother used to say, “Sometimes, even the inevitable occurs.” And, she was absolutely right. For all public companies—indeed, for all companies, public or private—there is one ineluctable fact of life: sooner or later, they’ll all be confronted with a crisis. It’s therefore surprising how many people believe they cannot predict whether and what their next crisis will be. The “whether” is simple: Within a finite period of time, every company should assume it will be the subject of some sort of crisis. The “what” is naturally more difficult, but not impossible, to predict. Companies that regularly engage in off-site assessments of potential crisis fodder can avoid or minimize a potential disaster before it occurs. In his book, “The Sporty Game,” John Newhouse referenced Boeing’s phrase for this: “unk-unks,” or “unknown-unknowns”—those things that can’t be predicted but for which preparation is still required.
Avoid becoming a victim of your own success. One of the worst mistakes corporate managers can make is to become complacent and content. Since danger of some sort always lurks around the corner, it’s much safer to worry about what could happen and act as if any success is ephemeral at best. The more successful companies are, the more attention they attract. Some attention can be wonderful, but too much attention in the wrong quarters can be toxic. If you hope for the best, but assume the worst, you’re likely never to be caught off guard, or to wind up disappointed with the outcome.
It’s important to play nicely with others, especially your outside directors. For far too many CEOs and senior executives, outside directors are the bane of their existence. With the law placing more and more pressure on outside directors, CEOs who approach their boards as necessary evils will most assuredly create a self-fulfilling prophecy. One need only look at recent corporate implosions to understand that a board caught by surprise will turn on the company’s CEO in a nanosecond. It’s far better for corporate managers to learn how to make effective use of outside directors, which will ensure additional credibility for well-thought-out strategic plans.
Follow the “Holiday Inn” rule—no surprises for any board member. With corporate boards, this is the most important lesson to follow. Not every peccadillo has to be brought to the board’s attention, of course, but if problems could be significant, telling the board, and telling it sooner rather than later, is smart policy. If a company’s board has been thoughtfully chosen, board members will have valuable and constructive advice for dealing with the situation.
It isn’t just stepping on a crack that can break a company’s back. Children growing up in big cities learn early the mantra of avoiding stepping on cracks. That mantra can serve as a metaphor for today’s corporate environment. Although it’s crucial for companies to anticipate and plan ahead, recognizing problems (and potential problems) in advance also carries with it the additional burden of ensuring timely and appropriate follow-through. If a problem escapes a company’s attention, that can sometimes be rationalized by becoming lost in the commitment to improving shareholder value. But once a problem or potential problem is perceived, there’s absolutely no rationalization for not dealing with it. And worse, if you’ve identified it but not dealt with it, regulators will be merciless if the anticipated problem actually comes to pass.
There’s no such thing as an instant fix. Companies, their managers, and their advisers all seek to simplify complex problems to assist in their resolution. This, of course, is as it should be. But reducing problems to their lowest common denominator can create expectations that the solution is equally simple and immediate. Every corporate problem requires adherence to a sensible methodology that includes carefully figuring out:
what actually happened;
why and how it happened;
how the company became aware that the problem occurred;
what steps should be taken to remediate any damage inflicted by the problem; and
what assurances the company has that a similar problem is now less likely to recur.
It’s always better to pay now rather than to pay later. In 1971, Danbury, Conn.-based Fram, Inc., ran its classic commercial in which an auto mechanic held a Fram oil filter in one hand, pointed to a burned out engine with the other, and imparted the wisdom, “You can pay me now, or you can pay me later.” The not-very-subtle message was that a $10 oil filter was far less expensive than replacing an automobile engine. For public companies, the same is also true. Many companies balk at the resources they must commit to a current problem or, even worse, to ward off an anticipated problem. But it’s empirically demonstrable that heading off issues in advance saves money down the road.
Ignoring warning signals can prove fatal. Health officials take great pains to educate the public about the warning signs of potentially serious and life-threatening ailments. Public companies should follow the same regimen. When an employee raises the specter of misconduct on the part of senior executives, for example, the issue isn’t whether the complaining employee is disgruntled; that’s absolutely irrelevant. What’s relevant is whether there’s any truth to the concerns raised. If there is, the complainer’s motivation will prove absolutely inconsequential. And, of course, if a company decides to circle the wagons, the complainer will find other venues in which to air his or her concerns, assuring a long and unhappy period in which the company will have to defend itself and its prior conduct.
There’s virtue in simplicity. In today’s environment, effective compliance policies and procedures are essential. Often, however, corporate compliance manuals are drafted as if they were trust indentures. The key is to draft policies that can be understood by those who must:
follow them;
interpret them;
assess their adequacy; and
opine whether a company took all reasonable steps to prevent a disaster that nonetheless transpired.
Being smart is good; being too smart is dangerous. In approaching corporate objectives, it’s sometimes tempting for advisers to figure out the novel or unique way to circumvent a difficult obstacle. Circumventing obstacles is certainly permissible if, but only if, the object is clearly within the ambit of the lawful and the appropriate. Before coming up with a clever structure, or artful disclosure, or creative accounting, the questions that have to be asked are:
why the obstacle confronted actually exists; and
why it’s an appropriate objective to circumnavigate the obstacle.
Unless the answers pass the “straight face” test, being too cute is never a good thing.
If you’re smart enough to obtain good advice, it’s smart to follow it. Given the changes in federal law, many companies are doing a much better job of giving themselves and their boards access to good external and independent advice. The problem, however, is that often good advice may not be what was desired. If the resultant advice you receive causes concerns, what you may think is a problem with the advice may really be a problem with your expectations. It’s important to be able to sort through the difference.
Obey Newton’s third law of motion. Sir Isaac Newton may not have been thinking of today’s regulators and prosecutors, but he surely could have been when he told us that, for every action, there is certain to be an equal and opposite reaction. If regulators or prosecutors are not actively pursuing a company, they’re best left where they’re found. Companies that antagonize those charged with performing the public’s work—even inadvertently—should realize that they will regret their conduct and pay more to overcome it than reasonably should be borne.
Stay away from litigators.
These potential approaches to crisis management should be useful in helping companies avoid or minimize the consequences of many of the mistakes that others have made, and likely will continue to make. The late author William Ward once said there are “four steps to achievement: Plan purposefully. Prepare prayerfully. Proceed positively. Pursue persistently.”
Murphy’s Law, however, is remarkably resilient, and it’s also inevitable that some unanticipated permutation of it will assert itself, at precisely the most inopportune time. That likelihood tests management’s true skills. After all, bad things do happen to good companies. But, even then, companies can survive almost anything, if they employ good planning, good communications, a solid commitment to doing the right thing, thoughtful and creative leadership, and perhaps above all, a finely honed sense of humor.
A sense of humor is immensely valuable in helping a company respond to a crisis and move on as a stronger organization. Even the smartest people in the world are capable, on occasion, of making seemingly simple mistakes. During the mid-1970s, for example, the Plasma Physics Lab at Princeton attempted to construct a machine to contain nuclear fusion. Hundreds of millions of dollars were spent employing several top scientists widely considered to be potential Nobel Prize winners to design and manufacture the device. After their arduous labors, they turned the product of their endeavors on; the room shook and the device danced around like a crazed washing machine before the experiment was called to a dramatic and rapid close. In all their calculations, the designers had ignored the weight of the particles inside the machine. Murphy’s Law struck again.
Adlai Stevenson had it wrong when—after losing to President Eisenhower yet again—he somberly intoned, “I’m too old to cry, but it hurts too much to laugh.” If you don’t laugh, the pain is only that much more severe. In that regard, I’m reminded of the day in 1961, after the failed Bay of Pigs invasion, when President Kennedy called his cigar-smoking press secretary, Pierre Salinger, into the Oval Office. “I need a lot of cigars,” he told Salinger. “How many, Mr. President?” Salinger inquired. “As many as you can get, but at least a thousand,” the President responded. Salinger dutifully raced out to find as many as he could. The following morning he received an urgent summons to the Oval Office. “How did you do on the cigars last night?” the President asked. “Mr. President, I was very successful,” Salinger replied. “I got over a thousand!” Upon hearing that, President Kennedy smiled, opened a desk drawer, and produced a previously prepared ban on Cuban products from entry into the U.S. “Good,” the President smiled, “now I can sign this ban!”
Thank you.
No comments yet