How does a business explain and prove its dedication to compliance? And how does it demonstrate to regulators and law enforcement that a proactive, compliance-first company culture is fostered, monitored, and encouraged? How would the company describe its attempts to abide by the pertinent law or regulation if, God forbid, the Department of Justice (DOJ) called with inquiries about a specific legal matter?
The Home Depot's Mia Reini, senior manager of corporate compliance and enterprise risk management, wanted to take charge. The Home Depot is the biggest retailer of home improvement products in the world, with headquarters in Atlanta. The company has more than 2,300 stores and employs about 500,000 people in North America. It also has a strong compliance program.
But how could the business, should a regulator ever come knocking on its door, demonstrate its compliance credentials? According to Reini, The Home Depot made the decision to write a document that would address any inquiries the DOJ or another agency may have in the future regarding the business' compliance program. She stated that she had the thought, "We should really write out our answers to these questions," after reading the DOJ's "Evaluation of Corporate Compliance Programs," which was last updated in June 2020.
The "The Home Depot Compliance Program Overview" document that resulted provided answers to the queries posed by the DOJ guidance. The 30-page internal report detailed how The Home Depot had incorporated compliance into its daily operations point by point.
Although The Home Depot did not consider this when making its choice, there is still another reason why businesses might think about formally outlining their compliance program. The DOJ has stated that when determining potential enforcement actions like fines, mitigation measures, and whether to assign a monitorship, it will take into account the effectiveness of a company's compliance program and the support it receives from the top.
Assistant Attorney General Kenneth Polite Jr. stated at Compliance Week's National Conference in May that "Companies that make a serious investment in improving their compliance programs and internal controls will be viewed in a better light by the Department of Justice and by my Criminal Division." According to Polite, organizations that do not invest in compliance run a much higher risk of being prosecuted.
Reini claimed that she asked a technical writer and a graphic designer to assist in creating a compliance program overview report that described the structure of the business's compliance program and the resources dedicated to it, using The Home Depot's annual environmental, social, and governance (ESG) report as a guide. The report would describe how the programs empower associates to maintain compliance and how they engage them in doing so.
Reini stated, "We mapped our report to the DOJ compliance guidance." Headings in the report, such as "Risk Assessment," "Policies and Procedures," and "Training and Communications," directly referred to sections of the DOJ guidance.
Because "we know that the FCPA compliance area is important to the DOJ," Reini said, the report is replete with "spotlight" stories about how The Home Depot's Foreign Corrupt Practices Act compliance program incorporates components of the DOJ guidance.
Examples highlighted in the report's risk assessment section included targeted FCPA risk assessments, the whistleblower hotline test call program, the company's FCPA training program, the training and communication section's confidential reporting structure, and the third-party management section's FCPA third-party monitoring program.
"The report also features stand-alone Q&As straight from the DOJ compliance guidance, ‘did you know’ compliance fast facts, ‘compliance in action’ business examples, and ‘compliance programs in practice’ brief case summaries," according to Reini. "We also included pictures of representative compliance materials throughout."
The importance of compliance to The Home Depot was discussed in the report's introduction.
"The foundation of corporate responsibility is compliance with laws and regulations that govern business activities. For The Home Depot, that compliance goes beyond simply following the rules. It aligns with our core values and is integrated into how we operate at every level," according to the report.
The compliance function at The Home Depot was thoroughly described in the report, including its support from the top, governance, resources allotted, training, policies and procedures, and more. For those working in compliance, consider these key points:
The business integrates compliance associates.The employees, known as compliance leads, are incorporated into all areas of the company to "engage directly with front-line associates" and "provide guidance for the front lines and monitor compliance-related risks," according to the report. The Home Depot's compliance leads are experts in 19 different compliance-related fields and have the authority to oversee compliance-related information gathered by the business units to which they are assigned.
The business manages two compliance hotlines and has an internal action monitor. Front-line employees have access to the company's whistleblower hotline and website, AwareLine, in addition to reporting problems to a manager or human resources partner.
The Supplier AlertLine hotline and website "enables suppliers, vendors, service providers, and their employees to report any situation that appears to compromise our Home Depot values or compliance with the law," according to the report.
The company's compliance team members "have full access to all AwareLine and AlertLine reports and are automatically alerted to serious, high-risk cases," according to the report, despite the fact that both hotlines are run by a third-party vendor. "Compliance team members advise on escalations and monitor the progress of investigations."
"We feel it is very important to have a separate, dedicated, 24/7/365 hotline for the employees of our vendors, suppliers, and service providers to tell us if they are ever asked or directed to do anything that violates law or The Home Depot’s compliance standards or ethical expectations," Reini said on the Supplier AlertLine. "We believe having our Supplier AlertLine helps us better meet the DOJ compliance guidance on ‘Confidential Reporting Structure and Investigation Process."
In a matter of days, hotline cases are typically opened, reviewed, and tracked for prompt resolution. When associates, former associates, or suppliers submit reports, tracking information and passwords are provided so that their submissions can be followed up on.
The Home Depot has an investigations council, which the report refers to as "a cross-functional working group that serves as a leadership-level forum," which makes sure that compliance investigations are engaged with and known about at the highest levels of the business. The general counsel and executives in charge of the internal audit and corporate compliance teams at The Home Depot are members of the council. To "share updates, resources, benchmarking data, and best practices for compliance investigations," the council meets every three months.
dedication to programs for third-party compliance. The Home Depot conducts on-site inspections of the manufacturing facilities in the nations that provide it with direct imports and private-label goods. These facilities are required to keep track of compliance documentation on-site, make it accessible, and permit complete access to the production facilities, worker records, and production records.
The supplier is required to address any compliance issues found and provide The Home Depot with a plan for corrective and preventative action. According to the report, the company conducted over 1,400 on-site factory audits and over 1,500 follow-up visits in 2020.
According to the report, compliance-sensitive service providers (CSSPs) are "aagents or third-party service providers who perform services in areas such as finance and global sourcing that are likely to involve interaction with foreign government officials on the company’s behalf." The Home Depot launches uniform review processes and risk-based due diligence on CSSPs. The Home Depot's internal audit team will review CSSPs after they are recertified each year.
Monitoring compliance risk using data analytics and artificial intelligence (AI). The Home Depot conducts annual compliance audits using data analytics tools in areas like FCPA compliance, fraud at non-merchandise vendors, and fraud monitoring for gift cards and markdowns, the report claims.
Additionally utilizing AI tools, the company's third-party management platform enables it to track compliance risks with its CSSPs in real-time.
Working on this project helped us learn a lot more about our compliance areas, according to Reini.
By fLEXI tEAM