Words with Philip Storm: A Dialogue on the Meaning of Ethics and Compliance at EPAM
EPAM’s focus on ethics and compliance is a foundational principle underlying our corporate responsibility initiatives. To understand how this works, spend a little time as I did with Philip Storm, our Chief Compliance Officer and SVP. Philip brings years of experience and a deep perspective in the field, along with a surprisingly literary sensibility to the conversation and our approach to this area, particularly in “governance.” Read on to get a sense of how palpable a force of ethics and compliance are in our organization and how they enhance our environmental, social and governance (ESG) quotient.
Can you speak about the ethical culture of EPAM?
While there are certainly ethical principles that inhere in the language of our Code of Ethical Conduct, which express how we should co-exist with our colleagues at EPAM and how we are encouraged to treat people in general (for example, respect for the individual), we already have a well-developed sense of exactly that at EPAM, as well as a head start on recognizing and appreciating cultural and geographic differences. EPAM was built around a fabric of cultures that aren’t the typical US public company lineage and one that is actually a powerful cultural and ethical advantage. In other words, we are more prone to understand that sometimes ethical challenges—such as how we might properly thank our customers as part of ordinary business courtesies—will be informed by where we live, the culture of the place and its various norms. And that diversity helps us understand many other nuances of both ethical and legally compliant behavior.
I love the idea that our distributed labor network has led to a globalized view of ethics. George Steiner once wrote: “The polyglot is a freer man,” which I’ve always interpreted as “The more perspectives one has, the better the view.”
Well said. And one of the “rate-limiting steps” on the understanding, recognition and appreciation of “difference” is that certain norms have to be followed by law (the “compliance side”) so, for instance, gifts can’t only be informed by cultural norms, because one of those norms is you-scratch-my-back-and-I’ll-scratch-yours, which implies quid pro quo and lacks fairness and transparency. That is why it’s so important to see ethics and compliance as complementing each other… we do what’s right because it’s a moral imperative and how we want to be treated (ethics), but we also do what’s right because the law reminds us it is fair and just.
You’ve been rereading The Plague by Albert Camus and recently noted the power and relevance of this line: “No longer were there individual destinies; only a collective destiny, made of plague and the emotions shared by all.” This seems to suggest that we need to think of ourselves as a community. And it suggests a general idea of governance, in the biggest sense. Does this resonate for you?
If you're talking ethics and compliance, that's the mentality for sure. One of the most important aspects of ethics and compliance is that it's not a set of rules dropped on you from above, from authorities who say: “Here's what you must do.” Our ethics and compliance program is always and should be embedded in the fabric of who we are, in how we engage with colleagues, customers and the market in general. And one of our advantages here is that EPAMers, generally speaking, are people who are super smart, dedicated to the company and trying to do the right thing by using their intellect to solve the most difficult challenges.
If they get into territory that they shouldn't be in, it has been largely inadvertent. And an opportunity to learn and understand and carry the message to others.
In so many ways, we've already built an incredibly strong ethical culture, and now, all we need to do is keep preserving it as we continue to grow. I think this culture is a tribute to our CEO Arkadiy Dobkin because he is a person who values people. He is the kind of person who exemplifies that quality in all he does and who passes that trait along to others in the organization. Compliance experts will tell you the key to ethical behavior is “tone at the top” and we are fortunate to have it.
It's a sort of self-selected group and there tends to be an ethos among the people we tend to hire. Can you talk about overseeing a governance program for the 40,000+ people in our organization? How can that work at this scale?
Every ethics and compliance program should have its communications integrated into the “programming code” of the business’ software, so to speak, or as you often hear, into the DNA of the business. The way you deliver messaging to reach an ever-widening audience must be tailored to the working style and aptitude of the organization. Ours is. Consider micro-learning. We’re talking about learning that delivers key points in the most effective and efficient manner for, say, software engineers who are incredibly bright but also busy trying to implement digital solutions for their customers. This is critical. Targeted micro-learning is the wave of the future and it’s one way we deliver training in the way our employee base best receives and digests learning.
Can you share more about EPAM’s Code of Ethical Conduct?
When I first came to EPAM, I focused on the Code as a reflection of and the centerpiece of our ethical culture. We set out to develop an engaging statement of our key principles, with an emphasis on simple and logical precepts that educated as much as they governed. While we got very favorable feedback on the redesigned Code, interestingly, one of the criticisms we continued to hear was about the Code’s length and detail, so last year we released a condensed Code that distills the basic precepts even further. And to make it accessible to our tech-savvy workforce, we designed it to work natively on mobile. Going forward, you’ll see more and more of this focus on the digitally minded.
In addition, we use our full and redesigned Code as the jumping-off point for our micro-learning trainings. They're short videos that highlight different salient points that we should all know, such as confidentiality, use of social media and larger legal issues like bribery, conflicts of interest and insider trading. And these mini-modules also lend themselves nicely to other typical HR-related topics, such as respect in the workplace for individuals and unconscious bias. By following that approach, we fulfill standards that key regulators want as well. For instance, the US Department of Justice (DOJ) in its most recent guidance solidly endorses the value of micro-learning programs.
So that’s a big plus for us; we’ve worked hard to design these micro-learning modules and make them engaging and entertaining.
The compliance industry always asks of any learning program: “Is it engaging?” and “Will it actually resonate with people?” We made a real effort here. We incorporated smartphones and the swiping method—something that’s intuitive to the digitally astute—into our trainings. Both of those got really good feedback results. Not surprisingly, it was our most recently released condensed Code that garnered the best feedback.
Does EPAM follow a set of external guidelines?
The core of any ethics and compliance program for a publicly traded company is what is called the seven standards for effective compliance programs. They originate from the United States’ sentencing guidelines for corporations, which sounds ominously titled. But if you're a public company, these are without doubt the seven standards that your compliance program should have—and they’re what the Department of Justice will look at in deciding to charge a company or what level of any penalty they may impose for violations they find.
The foundational question underlying these standards is: “Do you have an effective compliance program or not?”
On top of the seven standards, there’s recent guidance from the DOJ with about 115 different questions they may ask about your program, should they investigate wrongdoing, which they have done and continue to do on a number of trigger areas. What these questions do is dig deeper into the notion that you shouldn't have a cookie-cutter program. It really has to be something that people live and breathe, which again is what our program fosters.
Finally: How would you characterize the relationship between compliance and ethics?
In my view, they have to be one. When compliance programs started, after the Sarbanes-Oxley Act, they were just about compliance. They focused on finance. You had to have an ethics line in place that allowed employees to anonymously and confidentially report fraud or auditing-related or financial reporting issues. Then it quickly broadened, and the ethics line and in-person reporting channels became the standard method for employees to report any issues of misconduct. Then that became simplified to say, “Anytime there's a problem that might run counter to our organizational code of conduct, you can report that, you can raise it as a question or a concern.”
Now, not only is it about following laws, financial laws and public company filing regulations, but it’s about understanding what you're supposed to do as a good company. It’s about inquiring when you don't know or raising concerns where you honestly believe a situation might run counter to our Code.
Originally, ethical codes were rigid, almost legalistic documents drafted by lawyers and they eventually turned into far more generalized statements of behavior and ways in which we expect to be treated as people.
So, ethics, in a sense, involves a big Venn diagram. It’s not just how we should treat our small circle of people who resemble us; it's how we treat all variations of people individually and as cultures and as business partners and, in so doing, we will comply with the law and avoid risk.
In my view, if you're going to treat people the right way and do it with respect, integrity and transparency, you're almost inherently going to abide by the law, or the compliance part.
That's why our Code is called the Code of Ethical Conduct, not just the Code of Conduct because a Code of Conduct would mean rules that we must follow. It's not just about rules but human behavior. Civil behavior.
