Yesterday I introduced my tribute to Elmore Leonard and the upcoming Hanson Wade Supply Chain Compliance Europe 2013 Conference in London on November 4-7. Today we begin with Leonard’s Ten Rules for writing.
1. Never open a book with weather.
2. Avoid prologues.
3. Never use a verb other than “said” to carry dialogue.
4. Never use an adverb to modify the verb “said” . . .
5. Keep your exclamation points under control.
6. Never use the words “suddenly” or “all hell broke loose.”
7. Use regional dialect, patois, sparingly.
8. Avoid detailed descriptions of characters.
9. Don’t go into great detail describing places and things.
10. Try to leave out the part that readers tend to skip.
Why are these important for the compliance practitioner? It is because Codes of Conduct, compliance policies and procedures are all in writing. Even if you cannot write like a novelist, you can write in plain English. Do not simply get a policies and procedures written by lawyers for lawyers. Write them so that the business folks who are trying to do the right thing, can understand the obligations they are under. And think of Elmore Leonard when you are writing. If it doesn’t inspire you, it will put a smile on your face.
Along the lines of ‘keeping it real’ we continue with the Hanson Wade the interview of Paul Zietsman, Chief Compliance Officer (CCO) at Sasol. In today’s post, he shares his insights into the development of their new internal culture and attitude towards compliance after gaining ongoing board level buy in and investment.
What advice would you give to anyone who has just received a fine in their organisation, what should be their first steps on the road to recovery?
I think the very first thing would be to make sure what you have is support from your executive management or from your most senior body in your company. Now, usually when a company has had an incident you would have that kind of support because everybody, especially the senior managers are under stress, as there might be personal liability for them. So, you usually have some level of support from them. I think that should be the starting point. You should first determine that level of support, particularly because without that support, you’re not going to be successful in anything you will do going forward.
At one of the meetings with CCO’s in South Africa I have attended a colleague was struggling with a internal compliance challenge and I asked him a couple of questions all catered around the support that they have from the senior management. We eventually realized that this was exactly the issue, he did not have the support. I have even told him that before he gained this support he couldn’t expect any progress, and everything that they were doing up till now was actually in vain and that they should first establish that support.
The next step is to clean out your house, it is important to have an investigation and to spend enough time really going through your business and making sure that there are no similar noncompliance or contradictions even in any part of your business.
Especially from a compliance officer’s perspective, it is important because we are in a constant battle to demonstrate value in our business, and we do not have a direct contribution to the bottom-line. It is always difficult to show that value.
Now if you have another incident shortly after you’ve established or after you’ve started to improve your compliance function, when you are finding your feet, it could be detrimental to the compliance function. The company may feel that now operations are under way this should not occur again.
So therefore, I think that it is important to start on a clean slate and you can only start in a clean slate if you have done a thorough investigation, if you have really identified any further issues that might be in your business.
Then another thing is to also strengthen your government relationships by centralizing your reporting lines for you insurance providers. I know many of my colleagues would crucify me for saying that, because there is a certain belief that you can add more value by being present in the business and therefore you have to have a decentralized system. But let me explain, when I say centralized, I don’t mean that you pull all your compliance officers who have identified issues back to the head office so there is no engagement with the business units. All I am mean is that the reporting lines should be central and the incentives and the bonuses should not be determined by the business that they serve.
So for instance, at Sasol, all my compliance officers report through various managers into me, so they don’t report to the business at all. But, they spend 80% of their time in the businesses. So they’re really involved. They know their businesses, and they can add just as much value to the business as other compliance officer that work in a decentralised model.
Here though, I have the benefit of ultimate control, and I have the benefit of my compliance officers not being influenced by objectives within the business units; which might not always be in line with good governance, but works for Sasol.
Then the last point for me here is not to lose balance. We have seen that with quite a few companies and initially even at our company we’ve experienced this as just a natural reaction. The moment you have an issue on something you need to focus all your attention just on that issue. For example, if you take a company that has had an incident with regards to bribery laws, they would mainly focus their compliance programme around bribery. Quite often, they lose sight of the other risks and expose themselves because of this resulting in a great compliance programme focusing on one particular risk where they had an issue in the past, but leaving the guard open in other areas. I think it is important to keep a balance here. Do your investigation in the area in which you had an issue, but also improve strength in your compliance programme in general.
This way you will have a well-balanced programme that would include proper recertification up front so you will know what risks you are facing. Then you can design and implement a compliance programme that will deal with all of the risks going forward, not only the area on which you had an issue.
Sasol has operations in Africa, what would you say is the most challenging aspect of operating in Africa vs other regions?
You know if you ask this question to 90% of my colleagues, I think they would say that it’s bribery because bribery is the major issue in Africa, and I would to some extent, agree with them. I am quite passionate about Africa. So I do a lot of reading about Africa and I am quite knowledgeable about Africa based on that. I would agree with them that certainly one of Africa’s biggest challenges is bribery and corruption.
If only Africa could deal with that, it could be one of the most prominent continents in the world. However, I would say from the compliance perspective it’s not that easy. You can’t just say its bribery. I think there is something deeper and that is really challenging. To me it varies to extremes within Africa. In the sense that, in one country, you will have some of the most sophisticated and refined laws dealing with a specific area while in the same country just in a another area will have absolutely no laws at all.
Then you also have a situation where you have certain countries with the most sophisticated laws but they just are not enforced, because they don’t have the skills and we don’t have the manpower to enforce them. So it’s a matter of dealing with the unknown and I know a lot of companies entering Africa deal with these challenges, they feel as long as they are just managing the anti-bribery risk they should be okay. The reality is that they are exposed to a number of other risks. It might not be as risky in the recent world because there is no guarantee of an enforcement, but you never know. Anything can happen so it is really dealing with that unknown factor that is the most challenging.
What advice would you give to companies looking to open new operations in Africa?
Well based on what I just said, I think it is important not to underestimate Africa. Yes, you might not have the kind of enforcement there that you would see in the rest of the developed world but I think you need to be prepared for that. So I would say, implement your whole compliance programme, the same as you have in other locations in the world and launch that into Africa. Then at the same time, while implementing the whole of your programme, put a specific emphasis on bribery because bribery is a major concern in Africa. I think there are quite a few unique challenges regarding bribery in Africa. For instance, the involvement of the government in business, even sometimes the government being involved, will be the catalyst to the payment of bribes in Africa. That creates a lot of new challenges and you need to have a specially devised program dealing with that.
We had an incident recently in one of the African countries we were operating in, where the government itself requested us to make cash payments, per diem payments to the officials because they just didn’t have the kind of systems in place to support these payments themselves. Now of course we couldn’t do that so we refused that and we had further discussions with them to see how we could get the money to them. That was initiated because of a specific requirement in terms of a particular law, but knew we couldn’t pay directly to the officials. So you will certainly end up in situations like that and you need to have robust controls dealing with those kind of challenges which is fairly unique to developing countries like Africa.
Readers of this blog can receive a discount to the event. Use the code, FOXLAW10 when registering. For details and more information about the event, click here, or go directly to the HansonWade website.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2013