In my prior post for the FCPA Blog, I asked two questions about the unfolding VW scandal.
One of them is already on the way to an answer: What happened to the whistleblowers and the compliance officers at VW? German newspapers report that in 2007, the engineering firm Bosch allegedly supplied defeat device software to VW's specifications. But Bosch also reportedly warned VW that it was illegal to put the software in their cars. VW engineers also cautioned against the defeat devices for years.
VW, however, now blames the scandal on the illegal behavior of a small group of engineers and technicians involved in engine development That's the improbable "rogue employee" excuse often heard at the beginning of a corporate scandal.
We don't know yet what happened to those early warnings or to the engineers and compliance officers. If the compliance officers knew about misconduct, could they escalate the issue to the board or were they walled off from the facts and blocked or silenced, as often happens? Effective compliance programs already exist to protect whistleblowers and compliance officers and to encourage them to come forward or do their jobs. How so? Past scandals expose the defects and new compliance techniques have closed many gaps. Now the challenge is to get top management and boards to acknowledge the known risks and implement the solutions.
Compliance officers recognize the risk patterns from Enron, Walmart, GM, the big banks, and FIFA, to name a few. Watching the VW scandal unfold is pathetically familiar. So many innocent people are going to suffer from VW's head-in-the-sand, reckless way of running its business.
The real mystery is why do companies think they can operate without implementing the tools at hand to prevent massive compliance failures?
Compliance 2.0 -- including independent compliance chiefs sitting in the C-suite and reporting directly to the board or a board committee -- is the management system designed by compliance experts over decades to prevent compliance risks from taking down a company. It is the distillation of the lessons learned. It’s not rocket science but hard work and learning from experience. It plugs the risk gaps of clueless boards, conflicts of interest in the C-suite, bullying whistleblowers and other trouble-spots identified through trial and error.
Most business and legal writers and analysts, including many who focus on compliance and ethics, are still in the dark about Compliance 2.0. They fall back on discussions about what's familiar: sins of greed, ambition, arrogant management, conflicts of interest, governance dynamics, national characteristics like “German-ness” and business ethics.
The media is missing the real story about failure at VW. Here’s where they should start:
Most houses don't catch fire and burn down. Most homeowners don't store flammable material in their house. If they do, nothing happens for a long time, until one day it starts to smolder. People smell smoke but ignore it because they're busy or “it’s not my job.” The house fills up with smoke but no one investigates or stops the fire or calls the fire department. Finally, a roaring fire burns the house down. The fire damages the neighborhood and lots of people get hurt.
Old school commentators will talk about the reasons the fire started and the house burned down. But those who know about Compliance 2.0 will ask why the homeowner lived in a house that had an outdated fire prevention and detection system when he should have built and maintained the house in compliance with code. VW is that homeowner, and that's the question we should all be asking.
Michael Scher is a senior editor of the FCPA Blog. He has over three decades of experience as a senior compliance officer and attorney for international transactions. He can be contacted here.