Joe speaks up about harassment in the workplace

On March 15, 2019, in In the News, by Joe Murphy
Joe’s comments on the SCCE’s Blog on whether the Chief Justice and the US Supreme Court are serious about stopping harassment. Shouldn’t leadership actually lead, instead of just telling others what to do?


Joe Murphy has been recognized in Trust!, The Magazine of Trust Across America – Trust Around the World as Trust Across America 2019 Top Thought Leader in Trust.

For 40 years, Joe has been a tire-less champion of compliance and ethics in organizations, published over 100 articles and given over 200 presentations in 17 countries. Joe travels the world helping compliance and ethics professionals steer their companies and other organizations along the straight and narrow path.


Joe has posted a detailed draft analysis of ISO 37001 on the Social Science Research Network. Is this the new standard for anti-corruption compliance programs, or still a work in progress? Will it help improve compliance programs, or cause companies to make mistakes, or maybe do both? What do you think of this standard? Should companies be applying this today?


ISO 37001 on anti-corruption compliance management systems has been unusually controversial. Joe proposes starting a discussion on the FCPA blog on how to fix ISO 37001 and the certification process: 


Joe Murphy named a “Top Thought Leader”

On October 30, 2018, in In the News, by Joe Murphy

I just learned that earlier this year I was selected as a Top Thought Leader by Trust Across America – Trust Around the World.  Thank you for this honor.



Professor Paul McGreal and Joe Murphy have pointed out that even though New York City has enacted what has been described as “the nation’s furthest-reaching anti-sexual harassment laws,” it is questionable how serious an effort this really is. In other compliance areas, where companies want to prevent misconduct, there is much more that is expected of them. Only in the area of harassment are they simply asked to do paper and preaching, tell people to call HR, investigate if anyone does call, and not much more.

We may be saying “me too,” but if we were serious about it we would be doing much more.


On behalf of SCCE, Joe Murphy has filed comments with the Department of Justice’s Deputy Assistant Attorney General Rod J. Rosenstein.  In his speech of October 6, 2017 DAG Rosenstein invited comments on the Department of Justice’s enforcement policies. Among other points,  the filing challenges the inconsistent approaches taken to compliance programs, and particularly the Antitrust Division’s odd policy of only rewarding companies that refrain from implementing compliance programs until they are caught after a violation. This one unit refuses to consider preventive compliance programs, in conflict with the rest of the Department of Justice.  This creates an unfair environment where those outside the Department do not know whether or not compliance programs actually count in dealing with the Department.

Letter-to-Deputy-A- R-Rosenstein


Undermining the Fight Against Global Corruption

On September 22, 2016, in In the News, by Joe Murphy

September, 2016

Joe’s post on the legal system undercutting compliance programs, including corporate anticorruption efforts, was published on the Penn Law Global Affairs blog, . This builds on Joe’s article, Joseph E. Murphy, Policies in conflict: Undermining corporate self-policing, 69 Rutgers U.L. Rev. 2 (forthcoming 2017), draft available at .


By Joe Murphy, CCEP

In a short piece from Slate, L.V. Anderson takes on corporate ethics training.  Ms. Anderson’s revelation is that poor training doesn’t work.  For her, the solution for corporate crime is simple:  just have the right culture and the problem of corporate discrimination, corruption, and crime is solved.  No training needed.  And employees already know everything in the training anyway. In her telling, the whole problem arose from bad companies, getting off because government gives them credit for bad training techniques. Once government stops giving that credit, and companies get the right culture, the problem is solved.

Let’s be positive first.  Where is the author right?  Bad training does not work.  There is a saying in the compliance and ethics field that the big folks get in trouble and the little folks get ethics training.  This is indeed a prescription for failure. Issuing codes of conduct and having people swear mighty oaths that they will follow them does not work, as Cash Matthews noted in her studies decades ago. Little booklets are just that  – little booklets.  They have no effect when left alone.  In addition to bad training not working, it is also true that any management method done poorly does not work. So even if one could come up with some special formula for changing culture, if it is done poorly it will also fail.

I also give the author credit on the point that actual “ethics” training that purports to tell people what is morally right and wrong, in particular, can be marginal and even insulting to employees’ intelligence.  When it is inflicted solely on employees without hitting the executives equally hard, this is one of the clearest signs it is not effective. Employees are smart enough to know when the training message is not reality and when executives are saying, “do as I say, not as I do.”

There is another point where implicitly the author is right, although she may not realize this.  To the extent enforcers and regulators impose training requirements and rely on this to prevent future misconduct, they are showing their ignorance.  Those in government need to up their games by increasing their knowledge of the field of compliance and ethics. There are many excellent steps agencies could require when they settle cases, but they need to learn about these.

Let’s now look at where the author goes off track. First, she starts with what appears to be an underlying assumption, held by many, that the sole purpose of training is to transfer information.  This certainly has its place.  Having done years of training in companies, I can say without doubt that there are people at all levels, from executives to the most junior folks, who are ignorant of key points that could get them and their companies in trouble.  I have had the experience of talking one on one with these people as part of training.  It is how I know that even the information transfer part is essential.  Antitrust, FCPA, export control – there are some tough, dangerous areas that can blindside people. Even harassment has pitfalls that can surprise people.  They do have a need to know.

But there is another aspect of this.  The target is not just wrongdoers, but potential witnesses and helpers.  I do not believe the C-suite in Enron lacked knowledge of the accounting rules.  But for every senior executive breaking the law there will be other employees who know or suspect something is not right.  Informing and empowering these employees is key.  And finally, an important part of training is motivation.  An employee may not believe any of “this stuff” applies to him or her, but good training should help bring the point home. (As noted below, however, the training works when it is part of a full compliance and ethics program with the other essential elements, such as whistleblower protection.  Telling people to raise concerns but not taking the necessary steps to enable this is a mistake).

Computer-based training?  Of course, the comments from Jeff Kaplan quoted in the article are right on point.  If you have tens of thousands of employees you cannot give them all live training on all the risk areas (and we tend to forget that some live training is just dreadful, and even sometimes incorrect in communicating what the rules are).  Online training allows companies to get key baseline messages out to larger numbers of employees.  Of course, it can be done well or done poorly.

The author seems to state that companies are doing this bad training because government mistakenly gives them credit for doing it.  But let’s start with the reference to Enron she offers; for those who didn’t live through the Enron era, here is a point:  Enron received no credit for its weak compliance effort. There was no compliance program there, just empty paper and preaching.  The code, for any compliance professional who has ever seen it, was a poorly written collection of legalistic statements, mostly in language typical employees would never read or understand. (In this age of hyperbole it has even been incorrectly described as “award winning” by those making the same points the author make.)  Nor am I aware of any company that has done what she describes that would receive a pass from any enforcement agency.  I have read quite a few government standards on compliance programs, and none do what she implies they do. Nor in my review of government cases have I seen any agency reward what she describes.  Of course, there is the State of California that purports to know the answer for culture change by prescribing exactly how much training companies should do on harassment. (She avoids any opinion on that.) I remain a big skeptic of the California forced-consistency approach, and believe that this might well incent what the author describes.  But note that California offers no reward for doing this, just a mandate.

The author, like many other writers looking in on the field of compliance and ethics, seems to assume mere paper and preaching is a compliance program.  The Sentencing Guidelines make clear that a number of steps are minimum requirements for a program.  It provides absolutely no credit for mere preaching (i.e., boring ethics online training, or even more boring live lectures) or paper (i.e., codes of conduct, which are not even mentioned in the Guidelines).  I cannot think of an example of an enforcement agency anywhere on the planet which would give a company credit for what the author describes.  For example, every guidance I have seen from the US Justice Department calls for real efforts, not the types of e-preaching the author describes.

As for her prescription, her bottom line appears to be that all you need is the right culture. I seem to be reading more and more statements like this from writers and academics.  Often this is based on a misreading of the results of behavioral research and a fixation on culture. I refer to this as the “bright, shiny object” phenomenon.  Some “new” concept comes along and everyone is mesmerized. But if an author at least reads the Sentencing Guidelines standards (very rare, in my experience), they would quickly realize the Guidelines point in the correct, indeed only possible direction.  One cannot get the right culture from applying magic fairy dust.  It takes work – hard, consistent work.  What does that work entail?  Following all of the management-oriented steps set out carefully in the Guidelines.  For example, in one of the Sentencing Guidelines elements (one that people tend to undervalue or not even read), the Guidelines make clear that no program deserves credit unless it covers incentives.  This step, in turn, calls for careful work.

Without question, communications also has a place.  Here the key is talking with your people and actively listening to them.  The first time you test out a Mickey Mouse ethics question you will get your head handed back to you on a platter.  Go back and re-think your training approach.  Your people will tell you when you have it right.  This is where culture comes in – recognize it and work with it.  Do not start by inflicting your training on the workers.  Start with where the highest risk really is – the executives.  If they find it boring or too unimportant for their time, then you must assume the same is true for the workers.  If you want to send strong messages, don’t emit meaningless blather.  Talk about real cases where managers and executives were disciplined for the things you are telling employees not to do (privacy protected, of course). This is what it means to say that the field of compliance and ethics is hard work.

How do you get commitment from the executives?  As sure as night follows day, if someone takes the author’s approach to a senior executive, the executive will say, “great, that will save us tons of money. Look, you just write up something and I will sign it and we’ll have our ethical commitment at the top.”  Twenty years of working in a company certainly taught me how things actually work in the real world.

Here is the revelation for the author and others looking at this area.  Compliance and ethics is very hard work.  It requires active listening skills.  The Sentencing Guidelines wisely require that a company keep evaluating its program to see if it works.  Obviously in the examples the author lives with no one did that.  If the folks who proposed this training bothered to talk with even a few employees they would have learned enough to change their approach.  Perhaps the training did raise awareness.  Or maybe it built antagonism.  Only talking with the employees would reveal that.  But having those discussions is one of the minimum elements for a program under the Guidelines.

What is the lesson of this little journey? For starters bad training, like anything else done poorly, does not work. A poor approach to changing culture will fail just as quickly as poor training. We should welcome those who challenge us to think.  But we should also expect them to do a bit more work before they tell us what to do.


Emil Moschella, Executive Director of the Rutgers Center for Government Compliance and Ethics, and Joe Murphy, CCEP, author of 501 Ideas for Your Compliance & Ethics Program (SCCE; 2008), have filed comments with the Organization for Economic Cooperation and Development’s (OECD) Council on Public Integrity, making some provocative suggestions on the Council’s draft Recommendation on Public Integrity. The OECD is a forum where the governments of 34 democracies with market economies work to promote economic growth, prosperity, and sustainable development.

The Recommendation deals with promoting integrity in government, with an emphasis on the use of management techniques.

Based on their decades of practical experience, Emil and Joe suggest:

1. The Council should use the concept of a compliance and ethics (“C&E”) program, as widely applied globally, as a starting point and model. C&E programs are already widespread – why reinvent the concepts?
2. The Council should consider using the OECD Working Group on Bribery’s Good Practice Guidance modified to address public integrity and public sector entities. These are good standards for compliance programs – why not use them?
3. The Recommendation should include a examples to illustrate how the suggestions in the Recommendation would work on a best practice basis.
4. The Council should include public international organizations, such as the OECD, in the scope of the Recommendation. We think it is good for those making recommendations to follow their own advice.
5. The Recommendation should call on the public sector to promote C&E in the private sector to protect public integrity. If we want honest government it helps to promote integrity in the private sector, and C&E programs there help protect everyone.
6. The Council should advise states not to take actions that undercut C&E programs anywhere, whether in the private sector or the public sector. There have been some terribly ill-advised actions by governments that hurt C&E programs. Why have one part of government undermining something that another part is promoting?
7. The Council should form an ongoing working group to promote and implement the Recommendation. The Recommendation is good, and should have some ongoing life.
8. The Rutgers Center for Government Compliance and Ethics offers an important resource for development of public integrity programs. The Rutgers resource is a one-of-a-kind source for guidance on how government agencies can implement their own, internal C&E programs.

Read the complete filing. (pdf)