CNN’s latest news headline reads, “28 years for salmonella: Peanut exec gets groundbreaking sentence.” This story relates to the Peanut Butter Corporation of America’s (PCA’s) bankruptcy, and the largest food recall in the United States due to salmonella. Known as one of the deadliest salmonella outbreaks, the PCA’s case is linked to nine deaths on top of 714 affected and sickened.
Stewart Parnell, PCA’s owner, received a 28 year prison sentence, while his brother and food broker for PCA, Michael Parnell, is to face 20 years. Mary Wilkerson, a former plant manager, was given five years in prison.
The Peanut Butter Corporation of America’s failure to identify risk at the front line activity level is a case study in the importance of permeating effective risk management practices throughout an entire corporation. By providing incentives to the front line workers who exhibited less rework and lowered costs, PCA placed employees in a complicated situation. Employees were made to choose between their own livelihood and the safety of PCA customers. This system of incentives created a conflict of interest between employee compensation and product safety. Samuel Lightsey, a former plant manager, said under oath that “he did not quit after discovering the illegal practices because he needed a job.”
Parnell’s record-breaking sentence was disclosed only weeks after the Justice Department issued new policies regarding risk management accountability. According to the New York Times, these policies “prioritize the prosecution of individual employees – not just their companies – and put pressure on corporations to turn over evidence against their executives.”
If the DOJ is serious about these new policies, individual accountability in cases like the PCA’s will only become more common. What can individuals, and especially risk management professionals, do to protect themselves and their colleagues from this level of liability?
How Risk Management Solutions Provide Protection
Moni Basu, reporter for CNN writes, “Defense attorneys argued that Parnell did not know about mismanagement at the plant, that he was the fall guy for other employees’ wrongdoing.” Not knowing is no longer an excuse according to the Securities and Exchange Commission (SEC). If a risk is material enough to cause serious illness and loss of life, senior management needs to know about it. Immature risk management is now defined as negligence, and entails similar penalties to fraud, putting an end to an era of “not writing things down” to limit what might eventually become discoverable.
An Enterprise Risk Management solution offers the proverbial “Get out of Jail Free” card. By providing a standardized methodology to record risks, document controls, and set sign offs and approvals, a risk-based risk management program can demonstrate an institutional understanding and awareness of risk, ensuring that at the very least appropriate measures were taken to secure against loss events. The result is not only increased awareness of risks at the front lines, but also assurance for executives that their risk management program is reducing their liability for negligence and employee misconduct. Additionally, for the plant managers like Samuel Lightsey, proper risk management efforts and documentation via an ERM solution for risk management may be the difference between jail time and not.
Parnell’s story serves as a warning; if you do not identify, assess, and evaluate your risks and implement proper risk mitigation controls and testing around these activities, you will face the inevitable repercussions and backlash. Best practice frameworks, like the RIMS Risk Maturity Model for Enterprise Risk Management, require that a component of employee’s performance evaluations be based on the effectiveness of their risk management practices.