Making performance management meaningful and aligned with DOJ policy


What you'll learn on this podcast episode

In September, the Department of Justice Fraud Section announced a new policy direction on corporate misconduct, clearly stating that personal accountability for employees, executives, and directors was their number one priority. The revised DOJ policy clearly states that an organization’s compensation and benefits program must be aligned to its values and ethical culture. So, what does this mean for compliance? In this episode of the Principled Podcast, host Susan Divers discusses how to implement a meaningful performance management system that meets DOJ objectives with Stephanie Ragan, a Certified Compliance and Ethics Professional (recently of SOFEC) and now solo practitioner after 14 years as a compliance specialist and manager in the oil and gas industry. 


Where to stream

Be sure to subscribe to the Principled Podcast wherever you get your podcasts.

Listen on Apple Pocasts Listen on Spotify Listen on Audible Listen on Google Podcasts_@2x Listen on TuneIn

Listen on Amazon Music Listen on iHeart Radio Listen on Podyssey Listen on Listen notes Listen on PlayerFM


Guest: Stephanie Ragan


As an experienced, well-rounded compliance and ethics specialist, Stephanie has recently struck out on her own by launching Ragan Export Compliance, a consulting company focused on providing services and guidance for regulatory compliance. A subject matter expert in trade compliance for the past 10 years, she holds both a Masters of Science in Regulatory Trade Compliance and a degree in International Trade Management. Her credentials include special certifications as a Certified United States Export Compliance Officer (CUSECO), a Certified Compliance & Ethics Professional (CCEP) and an FCPA Expert (FCPA Blog).With a passion for developing efficient, integrated and automated compliance systems and programs, Stephanie’s philosophy is that the intentional integration of compliance and ethics elements within an organization is at the core of every successful business model; and through making compliance accessible and approachable to all stakeholders, the value of a company’s culture is significantly increased.

Host: Susan Divers


Susan Divers is the director of thought leadership and best practices with LRN Corporation. She brings 30+ years’ accomplishments and experience in the ethics and compliance arena to LRN clients and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance, and sharing substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance.

Prior to joining LRN, Mrs. Divers served as AECOM’s Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM’s ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers’ thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, which recognized her work in advancing the company’s ethics and compliance program.

Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Prior to that, she was a partner with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with the law firms of Theodore Goddard & Co. and Herbert Smith & Co. She also served as an attorney in the Office of the Legal Advisor at the Department of State and was a member of the U.S. delegation to the UN working on the first anti-corruption multilateral treaty initiative. 

Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C. and of the National Law Center of George Washington University. In 2011, 2012, 2013 and 2014 Ethisphere Magazine listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008. She resides in Northern Virginia and is a frequent speaker, writer and commentator on ethics and compliance topics. 


Principled Podcast transcription

Intro: Welcome to the Principled Podcast, brought to you by LRN. The Principled Podcast brings together the collective wisdom on ethics, business and compliance, transformative stories of leadership and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change makers.

Susan Divers: Last September, the Department of Justice Fraud Section announced a new policy direction on corporate misconduct. And they clearly stated that personal accountability for employees, executives, and directors was the department's number one priority.

And as part of that, the revised policy that DAG, Lisa Monaco put out that day makes clear that an organization's compensation and benefits program must be aligned to its values and ethical culture. That means that positive behavior, for example, turning down a tainted business opportunity should be an essential factor in evaluating performance.

And that there should be financial penalties, real financial penalties for misconduct. So what does that mean for compliance professionals? Hello, and welcome to another episode of LRN's DAG, Lisa Monaco. I'm your host, Susan Divers, director of thought leadership and best practices at LRN.

Today I'm joined by Stephanie Ragan, a certified compliance and ethics professional, and most recently of Sofec, an oil and gas provider that's global in its operations. Stephanie has just left Sofec and is now consulting on her own after 14 years of a compliance specialist and a manager in the oil and gas industry.

We're going to be talking about implementing a meaningful performance management system that meets DOJ objectives and how you go about that. Stephanie, thanks for joining me on Principled Podcast.

Stephanie Ragan: Thanks for having me, Susan.

Susan Divers: It's my pleasure. Interestingly, one of the questions we ask in LRN's annual program effectiveness survey is about organizations using ethical behavior as a significant factor in compensation, bonuses, hiring and promotion. And last year 69% of the over, I think it was about 1200 ENC programs that we surveyed, indicated that they required that an employee's ethical behavior be evaluated as part of their annual performance review.

And we found that top rated programs were much more likely with 88% including such criteria. But Stephanie, as you know, with all things compliance, the devil is in the details. So I'd really like to hear about how you implemented your program that does just that at Sofec. And I'm sure our listeners would love to profit from your experience and your wisdom on this subject. So let's start at the beginning, how did you start this initiative or how did it start and how did you get support for it?

Stephanie Ragan: Well, sure. So coming from a company like Sofec, we just celebrated our 50th year and we have a lot of mature programs and some that are still coming along. And our compliance program was one of our newer initiatives. We started it in about 2011.

And it was interesting to see that when we formalized that department and all of our programs, policies, everything that helped sustain it, there was a need to measure it against other overhead type departments like HR, HSE and quality. So looking toward those types of departments for direction to see how we could measure effectiveness of programs and tie that back to our professional performance goal setting efforts that we do on an annual basis was a challenge for us.

And we decided that as the new kid on the block, we could look at what worked for everybody and what didn't. And we decided that it would be necessary to look at what weight we needed to hold within the organization for each of our compliance initiatives.

So for a starting point for our listeners, I would suggest that you look at the way your organizations measure performance. And if there is already an existing HSSEQ component or HR component, that you should also be including a compliance and ethics representation. And that should be a key area of focus for your personnel to align with your company culture and your company code and business operations.

Susan Divers: That makes a great deal of sense. And I want to pick up on one thing you said in particular, which is that the ENC program needs to have equal status and weight with other similar programs, whether it's HR or audit or security or health and safety. And that's actually in the 2020 guidance from the Department of Justice as well.

Because one of the questions prosecutors will ask or are told to ask companies accused of misconduct is, "Does your ENC program have equal status and resources?" So the approach you took fits very nicely with that. Let's talk about how you actually went about it. How did you enlist support? How long did it take? And what did you do in the end to get it up and running?

Stephanie Ragan: Well, you know it takes a village to have any kind of success. And our compliance and ethics global team really took on this call to bring compliance and ethics to the forefront, it having an equal say in the performance measurements that we do in the company.

And we were able to within the last few years, convince our management that along with performance measurement, which was a key area of concern, we needed to have regular meetings, at least an annual meeting, to be able to confer as a team globally and to discuss ideas, work on program development and get training initiatives ironed out.

Kind of plan out our year as a whole so that globally we could have a cohesive plan that aligned everyone, didn't leave anyone behind from a planning standpoint for all of our entities, and made sure all personnel were covered by local compliance and ethics designees that could administrate and cover those programs as we rolled them out.

So this was very well taken on. And again, we leaned back into HR and HSE were having these types of annual meetings and conferences internally in the company. So we wanted to say, again, we need to make sure compliance and ethics is represented. It was well received and management was very supportive.

So in 2019, we had our first global gathering. And at that point, we all discussed how we measured and where we had gaps in measuring those compliance and ethics performance areas. And we figured that the global initiative of tying it into your bonus, your compensation that's measured annually by HR, that we needed to partner with them as well.

So we were able to utilize the great guidelines that were out by the Department of Justice that came out in 2018, 2020. And then similarly, we had more guidelines come out again this September. These types of guidelines were helpful in getting the highest levels of buy-in. So using that as leverage, we were able to place value on measuring those individual participation to show evidence of a effective compliance program. And we were able to also work with legal.

And I think that that's something that anyone who's struggling with finding a way to tie their individual performance metrics for users to compliance and ethics, that having your legal team work with you, if that's not already part of your compliance and ethics team and working with HR to jointly explain to senior management why the Department of Justice guidelines are so helpful and necessary to pay attention to.

No one wants to have those types of individual penalties pointed back toward them. And letting them know what the enforcement and penalty details could entail, it can be a little scary and overwhelming for them, but it lets them know the weight of importance. So moving on, our CNE team wanted to then, after we had our senior buy-in, determine specific ways to quantify a compliance and ethics participation that was acceptable.

So we developed a way to be able to measure and do a cumulative total for each employee throughout the year. And with the help and guidance of our compliance council, our general compliance council, which oversees all of our compliance and ethics initiatives from a senior level, and our chief compliance officer who's over our entire group, performance matrix was developed.

So we determined what KPIs and metrics were most valuable to our company and also how participating in training and completing mandatory training assigned on time or early would be a key indicator that our personnel were engaged in in meeting their CNE goals.

Now that was our initial concern that the training and focusing on training, on time training completion wouldn't be enough, but that's a great baseline. So if you are not measuring that, start there. And we also decided though that's a minimum expectation, that other avenues of participation engagement could then be easily added.

This was a chance also for our CNE team to promote all of the tools and the outreach that we had been developing to engage individuals in our annual Compliance Week program, our local newsletters, which we could insert quizzes and different activities for them to complete, optional live and virtual training sessions, surveys, quizzes, and use of compliance videos and slides in their operational meetings and team meetings.

And then it gave us an opportunity also for people that really went above and beyond to be recognized and have that tied back into their performance goals as a metric to, so our compliance champions who always went above and beyond, or personnel who brought forward potential compliance and ethics issues that were helping make formative changes to our program could also be recognized.

That sounds like a lot to keep track of and could be really overwhelming for our listeners that have a new compliance program, limited resources, budget constraints, but there are a lot of great tools and support out there like LRN that is a great content provider and provides support with measuring that on time participation and a lot of other value that you can add into your program.

Let's face it, at a minimum, any functioning compliance program is at least checking the box with mandatory compliance and ethics training like anti-corruption or your company code training, general CNE program awareness. So if you start with training as your first building block to measurement, it'll be less of a shock and easily accepted because your population and your personnel are already participating in those training initiatives.

Susan Divers: That's a great story. And the way that you worked with other people in the company to identify where you were going to start with the criteria I think is very powerful for people who are grappling with this subject.

And I know it's not just companies that are new or small, it's an area that I think a lot of people are still trying to chart their way. And also using the Department of Justice guidance strategically to help management understand why this is a risk that really needs to be managed.

I think there is emphasis when you look at the guidance, it's important to realize that it's out there in part to help people like you and your team actually implement it by putting it under an official seal, if you will. So well done. Hey, tell us now, how is it working and are there any tweaks that you would make at this stage?

Stephanie Ragan: Well, the great news is we've certainly seen improvement. So we've seen results of greater participation across the board in all of our areas. So whether it's people participating in Compliance Week because they know it ties back to their performance or they attend training that they would've otherwise blown off or not considered taking because it wasn't mandatory.

And that is really energizing us to continue to grow the program and continue to find ways to reach people. And we've seen a lot of participation because of this initiative of tying it to performance goals in areas and regions where maybe culturally it wasn't important before to participate in compliance and ethics initiatives.

But now they understand because they have something that's tangible material that ties back to their actual individual performance and they want to succeed in that area. So in general, it's helped us create different types of communications. We've been able to go and create management reports to provide managers live specific data on how each of their team members are performing throughout the year.

Some managers reach out for that quarterly or semi-annually, but everyone reaches out for it toward the end of the year when they're wrapping up their performance evaluations. And it's great to have that kind of tool. So I do recommend that you work on creating something as simple as an Excel spreadsheet that can start capturing data to keep good records regarding the performance of your personnel.

And also, if ever you are audited by a government authority, it's a great tool to provide your training records and say, "We're not just checking the box, we are going above and beyond by tracking every engagement with compliance and ethics." So also following that, we're able to use those participation records to quantify a score for each person.

Now, it doesn't necessarily have to be a numeric score. Some companies may want to do it that way. We aligned with what our HR teams were already using, which is kind of a scale one to five, either unsatisfactory and then failed to meet expectations. You either met expectations, exceeded expectations, or you did outstanding work.

So because that was already in use in our system, it was a language everybody understood and we created what fell into each category for our measurements on the compliance and ethics side. And again, we don't have to reinvent the wheel, you can use what you have and work smarter, not harder. But tracking the progress is really important.

So if you can assign something that you can put a value against, then you can develop statistics over time and track trends within the organization. We did have a lot of discussion across the board about how much weight should be given to compliance and ethics performance compared to HSE or HR.

So again, we fought to have equal footing because we preach in our company code of, we have a culture of compliance, we have our compliance code that gives guidelines on how to operate in every aspect and provides best business practices for everyone. So there was no reason to sell ourselves short or give ourselves a discount and say, "We don't want to be considered equally."

Even though some companies may need to tweak that based on what their own business practices are, it should have some alignment with your culture and your code. And that way people understand it and can buy into it on an individual basis and an organizational basis.

So looking forward in 2023, and this is largely in response to the new DOJ guidelines that you mentioned earlier, which came out September 15th, that does focus a lot on enforcement. So again, we have that leverage to push and say, "This is important. You don't want to be in trouble because this is how it can affect you as an individual."

And that does garner a lot of attention and response from senior management, which is great. We don't want to scare anyone, but we want to make sure they understand the weight of their actions or inactions. But our tweaks moving forward would include tiered measurements, and that aligns with the Department of Justice newest guidelines so that you have different measurements and expectations for managers and supervisors and executives.

And I think you should really look at that as three different categories, general personnel, people who have an influence over them, managers and supervisors, and then the people at the top. So your executives are going to be viewed differently if enforcement actions are ever taken. So you might as well prepare and have your program mirror that type of focus internally.

We also have a lot of questions that come up then from managers that say, "What are my roles? What do I need to do to earn my points or to get a good rating?" And we always encourage them to infuse and integrate compliance and ethics into their team talks, their safety minutes that they have at a beginning of a meeting, replace some of those with compliance moments.

And we make those tools available easily so that they can download it from our [inaudible 00:19:23] and they have full access to short videos, to content that we can pull from different training providers or that we've developed internally. That just makes it easier if they have one stop shopping, they can go to your compliance site.

And if you don't have that type of setup, don't worry. Companies can always make it available by emailing that out to managers and just having kind of the library available to them. And as you develop and tweak your offerings, let people know.

It's good to self-advertise within the organization so that send an email out to all of your managers and say, "Hey, we have a new video available if you want to share it with your teams." And let those managers come back to you and let you know how they used them and what the feedback is, because that's just going to help build the program and continue your process improvement.

As the DOJ recommendations indicate, effective compliance program always points to individual emphasis for that compliance and ethics participation and compensation. And I think we can agree that those personnel who embrace and make an effort to incorporate compliance and ethics into their work are more likely to report potential issues, be less likely to become bad actors by breaking rules intentionally or unintentionally. And generally, they're going to support the best practices and the compliance and ethics program in the organization.

Susan Divers: Well, we would certainly agree with that. And our research at LRN shows overwhelmingly over the years that I've been here, which are now six, that a culture of compliance that involves employees at as many levels as possible and helps them by giving them materials, you mentioned making it easy for managers to talk about ENC, that that is the best defense to misconduct and it's not how many times you reinvent in your code of conduct.

But I do want to mention one other thing that you talked about early on, which is data points and having something that shows exactly where a particular individual is in their ENC journey, whether it's training or touchpoints. We've actually just redone major parts of our platform and we're very excited about it because there's a part that we're rolling out this month called Reveal, which is advanced data metrics from the training experience.

And it shows what courses, what subjects people struggle with the most, how much time employees spend on a given subject and a lot of other very relevant data. It's very powerful and it allows you to benchmark against yourself and against other companies in your area. That's something everybody is very focused on.

And using that in conjunction with your performance review system can really drive change. And then I'd also mention managing that data is important. We also are including a tool that we've had for some time called Disclosures where we're asking people to tell us when they attest to the code of conduct or when they roll out. You can use it to track how many times they roll out an ethical moment or other times when they talk about ethics and compliance.

So the idea is to make it as easy as possible for the compliance team to track that. But we're starting to run out of time, so I want to talk quickly about what are the pitfalls. Because obviously this is a terrific program that has gained traction and is broadening and improving as you go along. But what are the pitfalls to avoid? And then I want to talk about your new company and your new initiative too.

Stephanie Ragan: Well, first of all, the biggest pitfall that you can have is to not do anything or to be stymied and overwhelmed. So don't overthink or over design any initial measuring system. Remember that look to the offerings and tools that are made available to your personnel already. So start with finding the easiest way to measure what you're already doing.

And you can always scale up as part of your continuous process improvement efforts. And then again, as you saw for development of our program, we could not have done this if we had worked in a silo. You have to engage and partner with HR and other stakeholders in the organization to find a way to infuse that measurement of your ethics and compliance participation.

And be sure to include that there is a way to acknowledge excellent contributors. Because that drives people and excites them to participate more. So it can be an incentive for good behavior and make it specific to a task or event that's not evergreen. You can change this around and continue to improve it as years go on and set goals for your compliance and ethics team to be able to continue to develop every year something different to bring more users on board.

Susan Divers: That makes a great deal of sense. And again, congratulations. That's a major accomplishment. And it sounds like the program was very well designed for your business and your particular culture and your risks. So let's turn to the future now with your own business, Ragan Export Compliance.

What kinds of clients will you be aiding in the development of their ENC programs? I know you have deep experience in the oil and gas industry and are a certified FCPA expert and have the export control function as well. What are you going be focusing on and what risks do you see developing for exporters in particular as they seek to adhere to the DOJ guidance?

Stephanie Ragan: Well, thank you for asking about that, Susan. At Ragan Export Compliance, I'll be providing trade compliance support and guidance focused on export or import compliance plans. And large focus now is technology. So we'll be helping develop technology control plans.

And also because I do have a background coming from the last five years of doing the certified compliance and ethics professional from SCCE, I also can help develop the corporate compliance program enhancements for any industry, which can include developing training programs, conducting training, auditing, risk manages, strategies, due diligence and screening ,vendor management systems.

And if a system needs overhaul, that's something that people sometimes forget. They develop a compliance program and then put it on the shelf, but it really does need continuous review, especially in the light of recent and constant regulatory changes and updates.

To get back to your question about what risks do I see developing from an export angle, I do see two areas where exporters can pay additional attention, especially considering the current international policies and issues that are going on in the world. The enhanced due diligence is needed now as part of your program to identify military end users or MEUs.

And this is primarily in China, Russia, Venezuela, and Burma. But it's a good habit to get into looking at that and incorporating, identifying military end users and uses as part of your, know your customer and screening system for your full supply chain. And then the second area where there can be some additional attention paid would be that your program includes a really strong level of control for not just your physical shipments, but technology.

That's a blindside for a lot of exporters, importers, and just USPPIs in general because they don't realize how wide the definition for technology is when you look at the regulations. So for example, the EAR definition of technology for Department of Commerce for controlled technology is any specific information that relates to development, use or production of controlled items, those technologies would also be controlled.

So pretty much any information that relates to those items, because the development use or production is so broad. And the ownness of that comes back to the exporter. Whenever regulations are vague, it puts more pressure on the exporter to understand and have systems in place to be able to address potential violations.

And then because of regulatory changes, a lot of stagnant compliance programs can be a real risk for companies because they may not realize it's something that they have always been able to export. For example, certain valves or stainless steel items, things that were pretty innocuous for a large part, didn't need licenses up until recently when regulations changed.

And now they fall into this large basket categories like 2B999 ECCN numbers, which I know might sound scary and very technical to people listening that don't have a real firm grasp on the ECCN, but there's a lot of guidance out there, and that's what we hope to provide and be able to help navigate at Ragan Export Compliance.

So finally, just in general, I would say that my advice to our listeners today is just to continually evaluate your compliance program and make sure that your CNE engagement measurement that we've discussed today become truly effective ways to ensure that your organization is on the path to executing best practices and avoiding any regulatory infractions. If you follow the guidelines and reach out for help when needed, you won't go wrong.

Susan Divers: Well, thanks Stephanie. I certainly agree with everything you've said and want to emphasize your point about don't fall into the trap of stagnant compliance. A lot of times I think it's easy to rely on backward looking metrics and saying, "Well, last year we trained 340 people, and this year we hope to do more."

It's important to really keep evaluating what are the new risks that we're facing, and are the procedures that we have in place adequate for those new risks? And certainly that's consistent with the guidance too. So unfortunately, we've run out of time, but I want to thank you very much for spending these minutes with us and giving us the benefit of your insights. I hope you'll come back and speak to us again soon. Maybe we can do a session on export control. And we wish you all the best in your new venture.

Stephanie Ragan: Thank you, Susan.

Susan Divers: My name is Susan Divers and I want to thank you all for tuning in to the Principled Podcast by LRN.

Outro: We hope you enjoyed this episode. The Principled Podcast is brought to you by LRN. At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning, ethical cultures, rooted and sustainable values. Please visit us at to learn more. And if you enjoyed this episode, subscribe to our podcast on Apple podcasts, Stitcher, Google Podcasts, or wherever you listen. And don't forget to leave us a review.



Be sure to subscribe to the Principled Podcast wherever you get your podcasts.

Listen on Apple Pocasts Listen on Spotify Listen on Stitcher Listen on Audible Listen on Google Podcasts Listen on TuneIn

Listen on Amazon Music Listen on iHeart Radio Listen on Podyssey Listen on Listen notes Listen on PlayerFM