Modern Counsel: You came to RMG Networks in June 2014. How was the company functioning without a formal compliance structure up to that point?
David Mace Roberts: I joined after the company became public. RMG had a basic foundation for a compliance regime, but it was in its infancy. RMG had an insider trading policy, disclosure policy, and a code of conduct, which is required. But it didn’t have a full-blown, enhanced global compliance program, which is one of the reasons the board of directors decided to bring me in.
MC: Why did you make it a priority to define compliance globally?
DMR: There are many reasons having a global compliance program is important. Number one, we are a public company. We’re now going through our Sarbanes-Oxley Act Section 404 certification, including top and bottom review of our internal controls. Also, 70 of the Fortune 100 companies are our customers. Many of them are financial and health-care institutions, as well as federal and state agencies, so having a robust compliance program is critical to making those customers happy and is a requisite for doing business with them. Additionally, we operate worldwide in areas such as the United Arab Emirates, China, Singapore, and Europe. For us, complying with all the anticorruption regimes, such as the Foreign Corrupt Practices Act and the UK Bribery Act, are all critically important.
MC: You handled compliance in each of your past roles, so you have a good idea of what structured compliance looks like. What elements of your experience are you employing to guide this project?
DMR: Doing the right thing really needs to be ingrained into an organization’s DNA. It requires a multifaceted approach. There are a number of elements I’m employing today gleaned from past experience, including internal audits, open-line communications, internal accounting and control systems, periodic certifications by employees and third parties, and due diligence regarding third parties and business partners.
MC: How did you get support from RMG leadership?
DMR: For our organization, it came naturally. There was absolutely no reluctance at all. When I provided my very long list of things to do regarding our CFO, COO, and CEO positions, everyone was very positive. Our auditors were excited to see that we crafted a best-in-class set of policies and procedures, such as anticorruption, record retention and destruction, whistle-blower, and signature authority. Everyone bought into why we would want to do this. There’s so much good that can come out of it. It makes customers, especially in highly regulated industries, more comfortable and more willing to do business with you. Doing the right thing increases stockholder value, as well.
MC: What did your road map for this project look like?
DMR: We’re a small company, so it’s me, myself, and I, with the help of the other senior executives. My first year, it was getting the policies and procedures up and running; getting the anonymous, third-party, whistle-blower hotline up; and starting our training, which is now live. Next year we will be setting up the internal controls, moving forward with employee training, and inserting the appropriate ethics and compliance provisions into our third-party contracts, such as anticorruption provisions, compliance with hazardous materials prohibitions, and child labor laws. Moving forward, we want to develop a best-in-breed code of conduct. We also want to enhance our training program with real-time, Web-based training modules.
MC: How are you measuring progress?
DMR: We need to set up our checks and balances to monitor how the organization is doing. For example, we’ll be conducting periodic audits on various ethics and business-conduct initiatives regarding areas such as gifts, meals and entertainment, conflicts of interests, anticorruption, and transaction approval, as well as signatory authority. We are also looking to implement a process for providing disciplinary measures and incentives for employees.
MC: Such a big and new initiative hinges on clear and consistent communication. How did you formulate a strategy to keep the rest of RMG informed?
DMR: We have something called RMG University, which is a site available to all employees worldwide. That is where our anonymous whistle-blower hotline and governance policies are posted, among other things. When I rolled out the program, I did a formal announcement to all of the employees letting them know all of the new elements and resources that we were making available to them. Every month, I send out an e-mail to all employees giving some hypotheticals, updates on something new happening in the world, an industry, or the law. I’ll also be rolling out periodical “Do you know” announcements, such as “Do you know what is the maximum allowable dollar amount to receive or provide a gift?” We also send out quarterly reminders of where employees can find our code of conduct governance polices or other business conduct and ethics resources.
MC: How hands-on were you during the on-the-ground work of building out the function?
DMR: The first year, either I or our senior vice president of people and culture will be conducting live training. As we roll into 2016, we will look to enhance our training program with Web-based training to supplement and enhance the live training.
MC: Going forward, how do you plan to maintain the compliance function so it is reflective of changing laws and regulations?
DMR: It’s ongoing. That could be a full-time job for someone at a larger company—keeping up with all the changes and the laws that affect the business, the organization, the employees, and the customers. I rely on updates from outside counsel, various organizations, and my search engines. I also subscribe to various periodicals. It’s always changing. As a best practice, I think a company’s employee manual, governance policies, and code of conduct should be scrubbed on a regular cadence—whether it’s once a year, twice a year, or quarterly—to make sure that employees are given the resources they need to do the right thing.
