FCPA Compliance and Ethics Blog

July 21, 2014

World Cup Finale – Compliance Lessons to be learned from Success and Failure

World Cup 2014Over the past few weeks, I have written several articles on the lessons a compliance practitioner can draw from this year’s World Cup and the international group which runs the event, the Fédération Internationale de Football Association or more commonly know as FIFA. Over on my podcast site, the FCPA Compliance and Ethics Report, Mike Brown, the Managing Director of Infortal and myself have just concluded a 7 part World Cup Report, where we discussed issues surrounded FIFA and this year’s World Cup in the context of anti-corruption programs. Whatever else FIFA may be, it is certainly is a compliance practitioner’s dream for lessons learned on bribery and corruption.

The 2014 championship is over and Germany came through this year’s tournament as the clear victors. Over the past couple of weeks, I was lucky enough to see the current Queen/Adam Lambert Tour. They ended both concerts with We Are the Champions and I could not but help think of the German soccer team and indeed the entire German country, winning its first World Cup title since unification. And, of course, any discussion of Germany, its title and this year’s World Cup will have to include is absolute destruction of the Brazilian team and the hearts of the host country with its 7-1 uber-win in the Semi-Finals. How long will that game be remembered? My guess is as long as soccer is played.

While Argentina did have its shots at Germany in the finals, in order to win they were required to play a near perfect game, which, unfortunately for the team and the country, it failed to do in the finals. Does this mean that Messi is not the greatest player in the game today? I really do not know but I still love watching him play and that is good enough for me.

From all of this, the lessons for the compliance practitioner can be many but I wanted to focus on two leadership lessons: What can you learn from failure? and What can your learn from success? Losing first. In an article in this week’s issue of Sports Illustrated, entitled “And Then There was Ein”, Grant Wahl wrote about how Germany turned its national soccer program around from one of its most devastating performances in Euro 2000 where it finished last in its group and did not win a single match in the tournament. From that nadir, “the national federation teamed up with German clubs to overhaul the country’s youth development.” Players from this development program were instrumental in leading the 2014 German team to the 2014 World Cup win. In other words, the German soccer federation learned from its past mistakes and grew a team that became champions.

Contrast this lesson with Wahl’s take on Brazil. He quoted Alex Bellos who said the following, “What does it mean to be the five-time champion if you let in four goals in six minutes?… The world’s biggest footballing country hosting a World Cup, in front of their own fans, and were made to look like they couldn’t play football. And against a team that was playing with artistry and sophistication and happiness, all the thing that Brazil is supposed to play with. You couldn’t have devised a more devastating epitaph for the Beautiful Game.” Bellos went on to say, “Brazil’s week from hell revealed a nation satisfied with resting on past soccer achievements and unwilling to seek new ideas abroad.”

Just as lessons can be learned from failure they can also be learned from success. In this week’s Corner Office section in the New York Times (NYT), Adam Bryant profiled Kat Cole, the President of Cinnabon, in an article entitled “Questioning Success More Than Failure”. While thinking about Germany’s success in the World Cup I was intrigued when Bryant quoted Cole for the following, “I’ve learned to question success a lot more than failure. I’ll ask more questions when sales are up than I do when they’re down. I ask more questions when things seem to be moving smoothly, because I’m thinking: “There’s got to be something I don’t know. There’s always something.” This approach means that people don’t feel beat up for failing, but they should feel very concerned if they don’t understand why they’re successful. I made mistakes over the years that taught me to ask those questions.”

Both of these perspectives can be very useful for the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance practitioner. Just as it is axiom that your compliance program should not be static but dynamic and evolving, what are you learning from your compliance failures and compliance successes? Most lawyers and compliance practitioners can review root cause/analyses to help determine how a compliance failure might have arisen. But how many are looking at your compliance successes. By this I do not mean celebrating your compliance successes but performing the same type of root cause/analyses to determine how a fact pattern arose but was prevented from becoming a full-blown FCPA violation. If something came in through the hotline, did you interview the whistleblower about what caused them to have confidence to report in that manner? Did you look at the training delivered to the whistleblowing employee? How about their supervisor? Did you interview that supervisor to see how he or she got the message out to not only use the hotline but stress the message of no retaliation?

In her interview Cole put it another way when she said, “I learned to make sure I take the full authority of my role. When I haven’t, I knew it immediately. And so I keep a keen eye out for whether my young leaders are forgoing an opportunity to lead. Their intentions might be right but the action and outcome are wrong. I remind people that they were hired for their point of view: “I want 100 percent of your brain 100 percent of the time, and there is a respectful way to communicate and disagree. Please do not hold back, because I want 100 percent of my investment in you.””

For the compliance practitioner, I found Cole’s insights useful in other areas. Although given in the context of ambitious employees who might want to succeed at Cinnabon, I found them to be useful in compliance as well. “First, I talk about being incredibly coachable, because we all give each other feedback. If you want to move up, you’ve got to get as many inputs as possible to continue to develop. Second, take your development into your own hands and be curious about the entire company. If there’s something you want to learn, go learn it. The structure here is like a start-up. Then I talk about productive achievers and destructive achievers, and that I only promote and support productive achievers. And that’s about mentoring and helping others while you are delivering results.

Germany is the new king of the soccer world. Long live the King, at least until the next World Cup. The lessons that Germany took to heart in the wake of its disaster in Euro 2000 directly led to it hoisting the trophy this year. Conversely, Brazil rested on its considerable laurels and now must live with the ignominy of a 7-1 shellacking, probably for the rest of the country’s collective memory. For a compliance program to be effective it must evolve. As Wahl’s Sports Illustrated article makes clear, lessons can be learned and evolution made from failure. However, as Bryant’s Corner Office article interview of Cole makes clear as well, lessons can be learned from successes as well.

Perhaps that is the final lesson from the 2014 World Cup…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 11, 2014

Friday Comings and Goings

7K0A0032I wish I could be there.

Next week, the FCPA Professor is leading his first FCPA Institute this summer over two days, July 16 and 17. The event will be held in Milwaukee and hosted by the law firm of Foley and Lardner.

The Professor’s stated goal in leading this first Institute is “to develop and enhance fundamental skills relevant to the FCPA and FCPA compliance in a stimulating and professional environment with a focus on learning. Information at the FCPA Institute is presented in an integrated and cohesive way by an expert instructor with FCPA practice and teaching experience.” Some of the topics, which will be covered, include the following:

  • An informed understanding of why the FCPA became a law and what it seeks to accomplish;
  • A comprehensive understanding of the FCPA’s anti-bribery and books and records and internal controls provisions and related enforcement theories;
  • Various realties of the global marketplace which often give rise to FCPA scrutiny;
  • The typical origins of FCPA enforcement actions including the prominence of corporate voluntary disclosures;
  • The “three buckets” of FCPA financial exposure and how settlement amounts in an actual FCPA enforcement action are typically not the most expensive aspect of FCPA scrutiny and enforcement;
  • Facts and figures relevant to corporate and individual FCPA enforcement actions including how corporate settlement amounts are calculated;
  • How FCPA scrutiny and enforcement can result in related foreign law enforcement investigations as well as other negative business effects from market capitalization issues, to merger and acquisition activity, to FCPA related civil suits; and
  • Practical and provocative reasons for the general increase in FCPA enforcement.

In other words, it is what you have come to expect from the FCPA Professor; well-thought out reasoned analysis, practical knowledge and learning, and provocative thinking and assessment. But more than all of the above I believe you will receive some great insight into and why the FCPA Professor continually challenges the status quo in many areas about the FCPA. He and I often look at the same thing and see different views but by seeing more than one view, I believe you will come away with a deeper overall understanding of the entire FCPA picture.

For complete information on the FCPA Institute, click here.

As Monty Python might say And Now For Something Completely Different. If you would like a much shorter view of some FCPA and anti-corruption related topics, check out some of my most recent podcasts, the FCPA Compliance and Ethics Report. 

In Episode 74, I visit with Paul McNulty about his upcoming move to become the President of his alma mater, Grove City College.

In Episode 72, I visit with the GRC Pundit, Michael Rasmussen about why companies have such a disconnect when it comes to the theory and practice of their GRC practices.

In Episode 69, I visit with Joe Oringel about his company’s exciting new approach to transaction monitoring in the anti-corruption space.

In Episode 68, I interview Neil Swidey, author of Trapped Under the Sea about his experiences in researching and writing his book.

In Episode 66, the FCPA Professor shares his thoughts on the Esquenazi decision.

In Episode 63 and 64, I have a two-part discussion of the management of third parties under the FCPA.

For those few of you on the planet not aware of it, the World Cup final will be held this coming Sunday. Mike Brown and I have been discussing the World Cup, FIFA and anti-corruption in our World Cup Report series. You can check out Part I, Part II, Part III, Part IV, or Part V.

All of the episodes of the FCPA Compliance and Ethics Report are available for download on iTunes at no cost so if you want to catch up on all things FCPA and compliance related on the drive to work, you can do so. A happy Friday and enjoyable weekend to all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 3, 2014

Gettysburg Day 3 – Failure of QA/QC and the Evolution of Your Compliance Program

Rebel ArtilleryToday is the 151st anniversary of Day 3 of the Battle of Gettysburg. Last year I focused on Pickett’s Charge and lessons that a compliance practitioner might draw from it. This year I want to look at the Confederate artillery bombardment, which preceded Pickett’s doomed attack. It was the largest of the Civil War with up to 170 Confederate guns opening fire on the Union center and approximately 80 Federal guns opening up to return fire. If you have seen the movie Gettysburg, you will remember the awesome cannonades and the young Confederate Artillery General Porter Alexander reporting to General Lee. At the time, it was reported that the barrage was so loud it could be heard as far away as Philadelphia and Baltimore.

The artillery barrage lasted just over one hour. The Confederate guns inflicted some damage on the Union batteries, but they largely overshot their targets. It was believed at the time that the reason the Confederate bombardment was ineffective was that Confederate artillerymen tended to aim high and missed their marks due to poor visibility from all the smoke on the battlefield.

However, a commentator named Captain Thorton, posting online in the American Civil War message board, had the following comments, “A week after the battle, Lt James Dinwiddie working for the Ordnance Dept. conducted tests on the various fuses supplied from around the Confederacy at the Richmond Laboratories. His findings showed that while those fuses manufactured in Charleston and Selma were made of exceptional quality, the rate of burn for those fuses was markedly less. In his findings compared with those fuses as previously supplied to the ANV from the Richmond arsenals it was found the fuses from Charleston and Selma burned at a rate of one second longer for the same length of fuse. The result of course was that those fuses in shells intended to explode over the Federal position at Gettysburg ranged anywhere from 150 to 200 yrds further to the rear before exploding. A 4 inch fuse would burn at the rate as one cut to 5 inches”. In other words, it was the quality in the supply chain, aka QA/QC.

I thought about this problem of quality and how it might relate to the compliance practitioner when I read a recent  article in the MIT Sloan Review of Management, entitled “What to Expect from a Corporate Lean Program”, by Torbjørn Netland and Karsa Ferdows. The focus of their articles was around ‘lean’ programs in the manufacturing sector and how “misplaced expectations of how quickly these programs can improve performance can make their implementation more difficult.” The key findings the authors made were threefold: (1) Management should set appropriate targets to move the process along; (2) There is a positive relationship between company or plant maturity in system implementation and its performance; and (3) Plants need to engage in continual assessment in where they are in the process.

Using the article as a basis for a Chief Compliance Officer (CCO) or compliance practitioner, the effectiveness of a compliance system depends on two variables: (1) how widely the compliance system has been implemented in a company, and (2) how thoroughly the company follows its prescriptions. A typical production system has many modules. Typically, at the beginning of an implementation, only a few modules are launched, throughout the company. However as compliance implementation is expanded to other the areas the initial implementation continues to receive upgrades and enhancements. The combination of these two variables — how widely and how thoroughly the compliance system is implemented — reflects a company’s “maturity” in the implementation.

The authors believe this leads to competing arguments for how “maturity in an implementation should affect its performance. On the one hand, if a lean program is a journey of incremental but continuous improvement, we should expect to see a linear relationship between implementation and effect on performance. On the other hand, the “low-hanging fruits” argument suggests that as a plant becomes more mature in an implementation, there would be fewer simple and quick improvements. Therefore, the rate of performance improvement would slow down.”

From this the authors derive four stages of performance improvement, which I believe adapt directly for the CCO or compliance practitioner and in demonstrating how the roles evolve during the life-cycle of a compliance program implementation. 

Stage I – Beginner Compliance Programs

Step One can always be the most difficult but can lead to the greatest results. The difficulty is in bringing in something that people consider new. If you are initially implementing a compliance program there may be some initial resistance to new programs or requirements. But it also provides the greatest opportunity for growth in your compliance regime. So you should expect a low but gradual rate of improvement in the implementation of your compliance regime. As CCO or compliance practitioner you should expect to hold extensive meetings with both the key stakeholders in the business units, senior management and those employees deemed high risk under any anti-corruption regime such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. There should be a dedicated compliance team to drive and coach the program implementation going forward. The budget should set small, measurable targets for improvement and the metrics should be closely followed.

Stage II – In Transition Compliance Programs

When you start to look for ways to improve compliance you inevitably find many low-hanging fruits and simple projects with quick returns. They not only improve the performance of the unit but also convince those directly involved of the value of a production system. Here you can expect to seen improvements in your compliance regime at a high and increasing growth rate. Your role as the compliance practitioner should be threefold. First to set stretch targets and have an expected accelerated rate of improvement. Second, to publicize your compliance program successes throughout the organization. Finally, the authors suggest the need to be ever vigilant for complacency.

Stage III – Advanced Compliance Programs

Companies with advanced compliance programs generally have accumulated both knowledge or and experience with the compliance program. In such companies, the authors predict that there will still be a high rate of improvement but it will be a decreasing rate of growth. However, the low hanging fruit of easy compliance implementation and successes will have been achieved and as the CCO or compliance practitioner in charge you will need to continue to set stretch targets but you may well be faced with a decelerating rate of improvement throughout your organization. You may well need to move your budget to areas for continuous improvement projects such as transaction, third party or relationship monitoring. However, this may be tempered by the fact that you can move more of the ‘doing’ of compliance down into the business units as your program matures.

Stage IV – Gold Standard Compliance Programs

When your compliance program moves to one of the top in your industry it will be time to “move beyond the frontiers of your industry.” As the CCO or compliance practitioner, you can expect to see low rates of improvement and decreasing rates of growth in your overall compliance program improvement. However this does mean you can simply sit around on your hands, as staying at this level is not easy. One thing that will assist you is that there will be a larger pool of compliance talent for you to draw from throughout your organization to help you move to a continuous monitoring model of compliance. By this stage you should have good working relationships with most of the other support functions in your organization which will allow you to leverage upon their specific disciplines for your compliance initiatives going forward.

The authors end their article with something that is often said but bears repeating, that senior management must be committed to the implementation and you must establish a reliable process for measuring the gains you make and the maturity you have achieved. Moreover, the assessment process can be an effective mechanism to transfer best compliance practices and expertise across your organization.

In the aftermath of the Confederate failure at Gettysburg, testing was done on the fuses for Southern artillery shells. This testing showed the reason why the Confederate caissons had been largely ineffective on Day 3 of the battle. However, as your compliance program evolves, your role may well need to change in reference to it. Certainly the roles compliance teams and those in the company business units who assist in the compliance effort will need to be assessed and reviewed as your compliance program matures.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 2, 2014

Gettysburg Day 2 – A Failure of Culture in Leadership and How to Overcome It

James LongstreetToday is the 151st anniversary of Day 2 of the Battle of Gettysburg. Last year I focused on Union General Dan Sickles and how is disobeying of his commanding officer’s order, destroyed his brigade and ended his military career. Today, I want to focus on the Confederate side and how the non-use of information doomed the Confederate attack on Day 2 when it failed to dislodge the Union Army from the heights south of the town of Gettysburg.

If you have ever been to the battlefield, you were most probably struck by the rockiness of the heights to the south of town. While much of the area around the town had been cleared for farming there were some very rocky and stark ridges that ran south of Gettysburg. The Confederate plan had been to size this high ground using a road that split the rocky crags as a launching point. However, Confederate General James Longstreet’s failed to follow this order when he ordered his men to make a long, circuitous route that could not be seen by Union Army Signal Corps observers on Little Round Top. It was 4 pm by the time his two divisions reached their jumping off points, and then he and his generals were astonished to find the Union Army’s III Corps planted directly in front of them. Confederate General John Hood argued with Longstreet that this new situation demanded a change in tactics; he wanted to swing around, below and behind, Round Top and hit the Union Army in the rear. Longstreet, however, refused to consider any modifications to Lee’s order as the Confederate Army had suffered a significant defeat by not dislodging their enemy. A Confederate staff officer remarked that Lee was “not in good humor over the miscarriage of his plans and his orders.”

Longstreet’s refusal to take account of the changed conditions in implementing his orders had disastrous consequences for the Confederates on Day 2. Other than the slaughter of their troops in places like the Wheatfield, the Peach Orchard, Devil’s Den, Big Round Top and Little Round Top; they did not accomplish any military objectives. In the compliance world the failure to take changed or different circumstances into account can have negative consequences as well. I thought about some of these concepts when reading a recent article in the May issue of the Harvard Business Review (HBR), entitled “Navigating the Cultural Minefield”, by Erin Meyer, where she wrote about learning how to work more effectively with people from other countries. As all Chief Compliance Officers (CCOs) or compliance practitioners who work in a company subject to the Foreign Corrupt Practices Act (FCPA) work with employees outside the United States I found her insights useful when thinking about how to deal with employees from other cultures.

Myer has developed a tool she calls the Culture Map. It consists of eight scales representing the management behaviors where cultural gaps are most common. By comparing the position of one nationality relative to another on each scale, the user can decode how culture influences day-to-day collaboration. Her eight scales are “based on decades of academic research into culture from multiple perspectives. To this foundation I have added my own work, which has been validated by extensive interviews with thousands of executives who have confirmed or corrected my findings.” They are:

Communicating. Meyer compares cultures along the Communicating scale by measuring the degree to which they are high- or low-context, a metric developed by the American anthropologist Edward Hall. She believes that in “low-context cultures, good communication is precise, simple, explicit, and clear. Messages are understood at face value. Repetition is appreciated for purposes of clarification, as is putting messages in writing.” This contrasted with high-context cultures, where “communication is sophisticated, nuanced, and layered. Messages are often implied but not plainly stated. Less is put in writing, more is left open to interpretation, and understanding may depend on reading between the lines.”

Evaluating. Here Meyer “measures a preference for frank versus diplomatic negative feedback. Evaluating is often confused with Communicating, but many countries have different positions on the two scales.” She notes that the French “are high-context (implicit) communicators relative to Americans, yet they are more direct in their criticism” but “Spaniards and Mexicans are at the same context level, but the Spanish are much more frank when providing negative feedback.”

Persuading. Meyer notes that the manner “in which you persuade others and the kinds of arguments you find convincing are deeply rooted in your culture’s philosophical, religious, and educational assumptions and attitudes.” So, for instance, a senior “Western executive will break down an argument into a sequence of distinct components (specific thinking), while Asian managers tend to show how the components all fit together (holistic thinking).” But she evens delineates this scale further by finding that, “people from southern European and Germanic cultures tend to find deductive arguments (what I refer to as principles-first arguments) most persuasive, whereas American and British managers are more likely to be influenced by inductive logic (what I call applications-first logic).”

Leading. This scale measures the degree of respect and deference shown to authority figures, placing countries on a spectrum from egalitarian to hierarchical.

Deciding. Meyer articulates that this scale, measures the degree to which a culture is consensus-minded. She believes that Westerners wrongly believe that the “most egalitarian cultures will also be the most democratic, while the most hierarchical ones will allow the boss to make unilateral decisions.” She found that while “Germans are more hierarchical than Americans, but more likely than their U.S. colleagues to build group agreement before making decisions.” Further. she noted that the “Japanese are both strongly hierarchical and strongly consensus-minded.”

Trusting. Meyer splits this into the old ‘from the head’ (cognitive trust) or ‘from the heart’ (affective trust) analysis. She wrote, “In task-based cultures, trust is built cognitively through work. If we collaborate well, prove ourselves reliable, and respect one another’s contributions, we come to feel mutual trust. In a relationship-based society, trust is a result of weaving a strong affective connection. If we spend time laughing and relaxing together, get to know one another on a personal level, and feel a mutual liking, then we establish trust.”

Disagreeing. While Westerners, particularly Americans, tend to believe that a little open disagreement is healthy; other “cultures actually have very different ideas about how productive confrontation is for a team or an organization. This scale measures tolerance for open disagreement and inclination to see it as either helpful or harmful to collegial relationships.”

Scheduling. This one is my personal bane as there are some cultures that take the position that people treat scheduling, deadlines and meeting times as a mere “suggestion.” Her “scale assesses how much value is placed on operating in a structured, linear fashion versus being flexible and reactive.”

From this scale, Meyer has developed four rules to help bridge the cultural gap.

  1. Do Not Underestimate the Challenge. Most management styles have been developed over a lifetime of work. For most CCOs this includes a stint in a corporate legal department. But as Meyer notes, “Succeeding would depend on taking an entirely different approach and making ongoing adjustments over the long term.” Further, you may well need to unlearn many of the techniques that have made you successful.
  2. Apply Multiple Perspectives. More than simply recognizing the cultural perception of other employees is not enough as you will need to look “through multiple lenses.” Meyer writes that you need to understand the cultural position of one country to another, subsequently “You need to understand how the Koreans perceive the Indians, how the Indians perceive the Brazilians, and so on, and manage across the map. As you learn to look through multiple lenses, you may see that on some scales the Brazilians, for example, view the Indians in a very different way than the Koreans do.”
  3. Find the Positive in Other Approaches. Here people tend to see the negative when looking at how other cultures work but Meyer suggests that you should try and understand what it is that makes a cultural work. Further, if you have a compliance team from different cultural backgrounds this can bring strength to your overall position. Lastly, you can achieve a “complex understanding of various [cultural] strengths on the team” so that you can choose the best players for going forward.
  4. Adjust and The Readjust Your Position. Meyer believes that “More and more teams are made up of diverse and globally dispersed members. So as a leader, you’ll frequently have to tweak or adapt your own style to better mesh with your working partners. It’s not enough to shift to a new position on a single scale; you’ll need to widen your comfort zone so that you can move more fluidly back and forth along all eight.”

Meyer’s article provides some very good insight for the compliance practitioner. We all will have to deal with many cultures in a multi-national corporate compliance practice. By using the techniques that Meyer has developed you can not only come to understand how better to lead but also you can use your team members from other cultures to facilitate greater communication of compliance principles, training and issues throughout the organization.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

July 1, 2014

Gettysburg Day 1 – Stepping Back to See the Whole Picture

Shoes at GettysburgLast year I did a three-day series on the Battle of Gettysburg and looked at some lessons that are applicable to a modern day compliance practitioner. As not only did I learn quite a bit about the battle, it seemed to strike a cord with many readers so this year I will continue the tradition. Today I look at Day 1 of this seminal battle of the Civil War.

One of the enduring myths about the battle is that it started over shoes. In the Encyclopedia Virginia, in an entry entitled “Shoes at Gettysburg”, it states, “One of the most persistent legends surrounding battle is that it was fought over shoes… Ten weeks after the battle, Confederate general Henry Heath a Virginian whose troops were the first to engage on July 1, filed a now-famous report in which he explained why he had sent a portion of his division into the small Pennsylvania town. “On the morning of June 30,” Heath wrote, “I ordered Brigadier General [Johnston] Pettigrew to take his brigade to Gettysburg, search the town for army supplies (shoes especially), and return the same day.” That parenthetical phrase “shoes especially” has taken on a life of its own over the years. A 1997 newsletter of the American Podiatric Medical Association is typical — it claimed, perhaps due to its interest in foot health, that footwear was the battle’s causa belli, adding, “There was a warehouse full of boots and shoes in the town.”

Historians have debated this issue ever since. There is no doubt that General Heath “stumbled into this fight” but over some shoes, as he was under orders from General Lee not to enter into a general engagement with Union troops. In the same Encyclopedia Virginia it ends with the following “The Battle of Gettysburg readily lends itself to being read as a three-act tragedy, dominated, as many have argued, by Lee’s hubris. (“The fundamental fault that disfigured his conduct of the campaign,” historian Brian Holden Reid has written, “was that Lee was overly confident and expected too much of his marvelous troops.”) That it started by accident, over something so “pedestrian” as shoes, is too perfect for writers to ignore.”

Whether the battle started over shoes or not, the Confederate Army did ‘stumble into a fight’. I thought about such randomness in the context of a Chief Compliance Officer (CCO) when I read a couple of recent articles in the Corner Officer section of the New York Times (NYT). In the first article, Adam Bryant interviewed Sabine Heller, the Chief Executive Officer (CEO) of A Small World, in an article entitled “Can You See the Whole Picture?” One of the points that Heller raised was that, at times, you need to step back to look at the bigger picture. She provided the following example, “You have to manage people based on results and set clear goals. It sounds like a simple thing, but people don’t do that often. When I was 22 and working at UGO, it didn’t matter that I had no experience and it didn’t matter what my process was as long as I hit my goal. It taught me how empowering it is to be treated like that. I am a great manager for people who are strong thinkers and motivated. I empower people. I promote people. I give them a lot of leeway. At the end of the day, I look at results, and that’s it. I feel very strongly that organizations infantilize employees. You should treat them like adults.”

In another Corner Office article, entitled “Joanne Rohde, on Knowing When to Get In, and to Get Out”, Bryant interviewed Joanne Rohde, CEO of Axial Exchange. Some of her thoughts on leadership would certainly apply to Confederate General Lee at Gettysburg. She talked about stepping back, breathing and re-assessing the situation. Bryant quoted her for the following, “I remember a day when the markets went crazy, and all of us were losing money because the volatility was going against us. The guy I worked for said, “You all need to get out of your positions.” We tried to explain to him that this was a temporary thing. He said: “No. You have to get out. A couple of days later, he said something that has really been an important life lesson: “If you get out, you can get in exactly the same way the next day, but you have a clear head.” It was such good advice, and so few people follow it. And it’s really important for both entrepreneurship and leadership — you’ve got to get in and take risks, but you also have to get out, reassess and modify. That, in my opinion, is how you get ahead. You may have a vision of where you’re headed, but it is never a straight line. You take a step and you reassess. That gives you courage.”

The key is that you step back and take another look, perhaps even put a second set of eyes on the issue. In the business world there is nothing that requires immediate assessment and a decision for a compliance practitioner. If there is, it is because there has not been any communication to the compliance function during the months and months of work by the business unit working on a deal. Any company that has that type of culture means the CCO has not developed relationships with the business unit personnel to foster adequate communication. If the China business unit head has never met the CCO, it is certainly time for the CCO to go to China, put on some training and introduce him or herself to Regional Manager (RM).

Both of the articles also had some very relevant points regarding the hiring function and compliance. Heller said that one thing she detests from a candidate is canned responses in the interview process. She wants people who “understand the larger space of the industry we’re in.” But I found her further comments considerably insightful. She said that “And I want to know if that person has been able to come up with an idea, build consensus for that idea and follow it through. I want to see if they are a leader in one way or another, because building consensus for something is very important in the world of business. You need someone who can manage laterally and who can get people on board with their ideas. So I always ask for a time in someone’s career when they have come up with an idea and were able to get people on board, and then executed the idea.”

Rohde had another approach to hiring and interviews which I found discerning. It involved preparing for an interview and how that preparation could lead to persons understanding the compliance function. She said, “The first thing I want to know is, “Why are you here?” Smart people can get lots of job interviews. So I want to know that there’s something unique about our opportunity. There are two reasons I do that. You quickly sort out people who haven’t even done their homework. I remember one person had not even looked at our website. He was mad that I didn’t hire him, but he didn’t even know what we did.

In a small company like ours — 14 employees — you have to be passionate about what we’re doing. Everybody who’s really done well at our company has had a passion for health care and, sadly, often has had a bad experience in the health care system with a family member and wants to change it. So, I’m really looking for that.”

But her next comments spoke to some of the leadership lessons from Gettysburg – Day 1. She was quoted as saying, “I also ask for examples of when you’ve chased a dream, whether you made it or not. Was there something you went for? If it worked, great, but if it didn’t work, how did you retrench? So I’m really trying to learn if the person has that ability or interest to do something that’s not there.” Imagine what might have happened if the Confederate Army had not gone looking for those shoes or General Heath had obeyed Lee’s orders and had not ‘stumbled into a fight’.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 23, 2014

An Event That Changed the World and Fostering Compliance Leadership – Part II


IMG_1196Yesterday, I used the assassination of Archduke Ferdinand and its continuing legacy even up until today to introduce a two-part series about ‘Blue Ocean Leadership’. The assassination and some of its legacies were detailed in an article in the March 22 edition of the Financial Times (FT) in a piece by Simon Kuper entitled, ‘The crossroads of history”. In this article, Kuper wrote about his return to modern day Sarajevo “to try and understand his act in its local context – the context both of 1914 and 2104.” I think that Kuper did come to some understanding through his reporting, which I found to be first rate.

Yesterday I reviewed the Harvard Business Review (HBR) article entitled “Blue Ocean Leadership”, which I found to be one of the most interesting and perhaps even game-changing discussions on how to be a more effective leader that I have ever read or heard about. In Part I I wrote about what ‘Blue Ocean Leadership’ is and how it differs from conventional leadership. Today, I will review the strategies of how to execute this type of leadership and explore its implications for the Chief Compliance Officer (CCO) or compliance practitioner.

I was extraordinarily gratified to see that the authors believe that something akin to the Fair Process Doctrine should be used to address over-coming resistance to changing over to ‘Blue Ocean Leadership’. The Fair Process Doctrine recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. People are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at by processes and procedures that are perceived as fair by employees. This means that that employees will commit to a manager’s decision—even one they disagree with—if they believe that the process the manager used to make the decision was fair.

 The authors write “the gift that fair process confers is trust and, hence, voluntary cooperation, a quality vital to the leader-follower relationship. Anyone who has ever worked in an organization understands how important trust is. If you trust the process and the people you work for, you’re willing to go the extra mile and give your best. If you don’t trust them, you’ll stick to the letter of the law that binds your contract with the organization and devote your energy to protecting your position and fighting over turf rather than to winning customers and creating value. Not only will your abilities be wasted, but they will often work against your organization’s performance.”

 The authors have a somewhat different formulation for fair process when they say that it includes “engagement, explanation and expectation clarity.” Further, the authors say “the leadership development context, the application of fair process achieves buy-in and ownership of the to-be Leadership Profiles and builds trust, preparing the ground for implementation.” The authors suggest four steps for implementing ‘Blue Ocean Leadership’.

Step 1 - Respected senior managers should spearhead the effort. Nothing speaks to company employees more than who is leading an initiative. The authors state, “strongly signals the importance of the initiative, which makes people at all levels feel respected and gives senior managers a visceral sense of what actions are needed to create a step change in leadership performance.”

Step 2 - Engaging the company’s rank and file in defining what leaders should do. This is the engagement prong of the fair process doctrine. If there is engagement, employees will “feel more deeply engaged with their leaders, because they have greater ownership of what their leaders are doing.”

Step 3 - Giving employees a say in the final decision. This allows a vertical slice of the organization, from the top to bottom to have a say in what the leadership profiles will be going forward. This comes though give and take and if senior management does not accept a proffered leadership profile, it must be prepared to defend its decision, through a “clear, sound explanation of their decision.”

Step 4 – Ease in assessment of whether expectations are being met and in monitoring progress. The authors suggest no less than monthly feedback “between leaders and their direct reports help the organization check whether it’s making headway.” The authors write that such a timeframe, will “keep leaders honest, motivate them to continue with change, and build confidence in both the process and the sincerity of the leaders. By collecting feedback from those meetings, top management can assess how rapidly leaders are making the shift from their as-is to their to-be Leadership Profiles, which becomes a key input in annual performance evaluations.”

There are many tangible benefits that the authors article discuss and those discussions can lead directly to the elimination of actions that senior management invest their time in. Even if some actions and activities cannot be entirely eliminated, they can be reduced. Conversely, these types of discussions can show senior management what acts and activities should be raised above their current level. Finally, this type of leadership protocol can show leaders the types of activities they should be engaging in that they are not currently undertaking.

For the compliance practitioner I think there are several important lessons and implications, which can be drawn from this article. Rather than start with the CCO, I want to take the opposite approach and begin with the compliance practitioner who is on the frontline. The clearest lesson from this scholarship is to “serve your customers, not the boss.” This means should try to eliminate your queries up the chain and try to handle direct issues yourself and reduce seeking approval for decisions. Frontline compliance practitioners need to raise more relevant compliance training and information to the business units or geographic areas they support. Finally, the frontline compliance practitioners should celebrate compliance successes locally.

For the mid-level compliance manager, they strive for ‘more coaching and less control’ from senior management. This means elimination of frequent requests for detailed progress reports on initiatives and programs. Further, there should be a reduction of requirements and review of justifications for decisions from the frontline compliance practitioners. Mid-level compliance practitioners should strive to not only understand but also explain compliance strategy clearly and empower frontline compliance practitioners to stretch themselves through more effective coaching. Finally, mid-level compliance managers should work to set performance goals together, share best practices across teams, business units and geographic regions and align rewards with performance.

The key for senior level compliance practitioners is to move from the day-to-day work to the bigger picture of compliance. As much as possible, senior compliance managers need to stop operational problem solving and putting out fires. If senior compliance managers cannot fully eliminate such actions, they should try and reduce the number of meetings dealing with operations improvement but also try and reduce the monitoring and coordination of middle management. Issues that senior compliance managers should try and raise up in activities awareness include dealing with poor performance, coaching and motivating their direct reports, creating a compelling strategy and then clearly communicating that strategy. Finally, senior compliance managers should develop a compliance agenda for the future (think Stephen Martin’s 1-3-5 year strategy) and advance a process for implementation of continual assessment and improvement of that strategy.

The authors write, “We never cease to be amazed by the talent and energy we see in the organizations we study. Sadly, we are equally amazed by how much of it is squandered by poor leadership. Blue ocean leadership can help put an end to that.” They put forward “a concrete, visual framework in which they can surface and discuss the improvements leaders need to make. The fairness of the process makes the implementation and monitoring of those changes far easier than in traditional top-down approaches. Moreover, blue ocean leadership achieves a transformation with less time and effort, because leaders are not trying to alter who they are and break the habits of a lifetime. They are simply changing the tasks they carry out. Better yet, one of the strengths of blue ocean leadership is its scalability. You don’t have to wait for your company’s top leadership to launch this process. Whatever management level you belong to, you can awaken the sleeping potential of your people by taking them through the four steps.”

I found their article to be quite compelling. I hope that you will consider some or all of these suggestions as a way to set up you and your compliance team to become Blue Ocean Leaders and un-tap the potential of your entire compliance team.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

An Event That Changed the World and Fostering Compliance Leadership – Part I

Archduke Ferdinand AssassinationThis coming Saturday, June 28th, is the 100th anniversary of most probably the single most momentous event of the 20th century; the assassination of Archduke Ferdinand and his wife Sophie in Sarajevo, then located in the Austro-Hungarian Empire. I view it as the singular event of the prior century because it led directly to the following events: the First World War, the Second World War, the Russian Revolution, the fall of the Hapsburg, Romanov and Prussian monarchies, the Cold War and a host of other events. One can point to 1963 in Dallas and 9/11 as direct descendants of the actions of the Sarajevo assassins.

One of the best articles I have ever read on the assassination was in the March 22nd edition of the Financial Times (FT) in a piece by Simon Kuper, entitled ‘The crossroads of history”. Kuper returned to modern day Sarajevo “to try and understand his act in its local context – the context both of 1914 and 2104.” I think that Kuper did come to some understanding through his reporting, which I found to be first rate. The attack on the Archduke itself came about through a plethora of mis-steps, foolish decisions and idiotic mistakes that rival any modern day industrial catastrophe. Kuper quoted the author Rebecca West for the following, “Nobody worked to ensure the murder on either side as the people who were murdered.” As this assassination started Europe down a road that led to well over 20 million deaths, it is an appropriate start to many more posts I will have during the centenary of 1914.

Just as Gavrilo Princip changed the course of history, I recently read an article in the May edition of the Harvard Business Review (HBR) which I think could significantly modify how you, as a Chief Compliance Officer (CCO) or compliance practitioner, will think about getting employees to “apply their talent and energy to move organizations forward” in compliance and ethics. The article is entitled “Blue Ocean Leadership”. In this two-part series I will explain the authors view of the problem that “According to Gallup’s 2013 State of the American Workplace report, 50% of employees merely put their time in, while the remaining 20% act out their discontent in counterproductive ways, negatively influencing their coworkers, missing days on the job, and driving customers away through poor service. Gallup estimates that the 20% group alone costs the U.S. economy around half a trillion dollars each year.” The authors believe that “poor leadership is a key cause” of this problem. The authors posit that leadership is a “service that people in an organization “buy” or “don’t buy” and when employees come to value you as a leader, they “in effect buy your leadership.”

Today I will focus on how ‘Blue Ocean Leadership’ differs from conventional leadership and tomorrow I will review strategies of how to execute this type of leadership and explore its implications for the CCO or compliance practitioner.

Key Differences from Conventional Leadership Approaches

The authors point to three key differences between ‘Blue Ocean Leadership’ and traditional leadership approaches.

The first key difference is that ‘Blue Ocean Leadership’ “focuses on what acts and activities leaders need to undertake to boost their teams’ motivation and business results, not on who leaders need to be. This difference in emphasis is important. It is markedly easier to change people’s acts and activities than their values, qualities, and behavioral traits. Of course, altering a leader’s activities is not a complete solution, and having the right values, qualities, and behavioral traits matters. But activities are something that any individual can change, given the right feedback and guidance.”

The second under ‘Blue Ocean Leadership’ is to “connect closely to market realities”. This is accomplished by having “the people who face market realities are asked for their direct input on how their leaders hold them back and what those leaders could do to help them best serve customers and other key stakeholders. And when people are engaged in defining the leadership practices that will enable them to thrive, and those practices are connected to the market realities against which they need to perform, they’re highly motivated to create the best possible profile for leaders and to make the new solutions work.” This allows not only employee buy-in both also quicker and more efficient engagement of the implementation of a leaders program.

The third key difference is that ‘Blue Ocean Leadership’ distributes leadership across all levels of management. The authors quoted one senior executive who said, “The truth is that we, the top management, are not in the field to fully appreciate the middle and frontline actions. We need effective leaders at every level to maximize corporate performance.” However ‘Blue Ocean Leadership’ is more robustly “designed to be applied across the three distinct management levels: top, middle, and frontline. It calls for profiles for leaders that are tailored to the very different tasks, degrees of power, and environments you find at each level. Extending leadership capabilities deep into the front line unleashes the latent talent and drive of a critical mass of employees, and creating strong distributed leadership significantly enhances performance across the organization.”

The Four Steps of Blue Ocean Leadership

Most importantly the authors believe that you have to see your leadership for what it is and not what you wish it to be. If you do not have a “common understanding of where leadership stands and is falling short, a forceful case for change cannot be made.” The authors created a template that they called “Leadership Canvases” which are visual representations to show what leaders actually do, rather than what they think they do. The authors’ research showed that 20% to 40% of all actions taken by managers are of little value to the organization. This led to the “biggest “aha” for the subteams was that senior managers appeared to have scarcely any time to do the real job of top management—thinking, probing, identifying opportunities on the horizon, and gearing up the organization to capitalize on them.”

Based upon this initial finding, the authors began to explore alternative leadership profiles. Here you are required “to think beyond the bounds of the company and focus on effective leadership acts they’ve observed outside the organization, in particular those that could have a strong impact if adopted by internal leaders at their level. Here fresh ideas emerge about what leaders could be doing but aren’t. This is not, however, about benchmarking against corporate icons; employees’ personal experiences are more likely to produce insights. Most of us have come across people in our lives who have had a disproportionately positive influence on us. It might be a sports coach, a schoolteacher, a scoutmaster, a grandparent, or a former boss. Whoever those role models are, it’s important to get interviewees to detail which acts and activities they believe would add real value for them if undertaken by their current leaders.”

The next step begins to take what I call some real corporate courage. It requires that middle and frontline managers critique what senior management has come up with in step 2, developing alternative leadership profiles. Some of the more interesting changes were ‘Cut through the Crap’ in which “frontline leaders did not defer the vast majority of customer queries to middle management and spent less time jumping through procedural hoops. Their time was directed to training frontline personnel to deliver on company promises on the spot” and to resolve problems. Another was ‘Liberate, Coach and Empower’ where leaders “time and attention shifted from controlling to supporting employees.” Finally, there was ‘Delegate and Chart the Company’s Future’ where the front and middle line managers had more responsibility so “senior managers would be freed up to devote a significant portion of their time to thinking about the big picture—the changes in the industry and their implications for strategy and the organization. They would spend less time putting out fires.”

Blue Ocean Leadership’ challenges companies to allow its employees to “think about which acts and activities leaders should do less of because they hold people back, and which activities they should do more of because they inspire people to give their all.” Just as you begin to think through the changes wrought by one action in a small town, very long ago, which changed the 20th Century forever, you may wish to use these concepts to think about how your leadership can be made more effective.

In tomorrow’s post I will look at how the authors believe you can execute a ‘Blue Ocean Leadership’ change in your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 11, 2014

Semper Fi and Compliance-Leadership Lessons from the Marines

Marines as Devil DogsEver wonder where the US Marine Corp got its nickname of ‘hellhounds’? It came courtesy of the Imperial Germany Army from a battle that took place in the month of June 1918, the Battle of Belleau Wood. According to the Battle’s entry in Wikipedia, the Marines forces marched 10K to reach a site where the German Army had broken through against the French Army. After arriving on the site and turning back the German advance, the Marines were repeatedly urged to turn back by retreating French forces, Marine Captain Lloyd W. Williams of the 2nd Battalion, 5th Marines, uttered the now-famous retort Retreat? Hell, we just got here.” 

After the battle, the French renamed the wood “Bois de la Brigade de Marine” (“Wood of the Marine Brigade”) in honor of the Marines’ tenacity. The French government also later awarded the 4th Brigade the Croix de guerre. An official German report classified the Marines as “vigorous, self-confident, and remarkable marksmen…” General Pershing – Commander of the American Expeditionary Force – even said, “The deadliest weapon in the world is a Marine and his rifle!” Pershing also said “the Battle of Belleau Wood was for the U.S. the biggest battle since Appomattox and the most considerable engagement American troops had ever had with a foreign enemy.” But it was the Germans who gave the Marine Corp its most lasting moniker, when the called them ‘the dogs from hell.’ Tribute indeed.

I thought about this tribute to the Marine Corp when I recently read an article in the Corner Office section of the New York Times (NYT), entitled “Leading By Putting Your Followers First”, by Adam Bryant. In this article, he profiled Don Knauss, the Chief Executive Officer (CEO) of Clorox Company. Knauss joined the Marine Corp after college and this experience gave him some valuable leadership lessons that Bryant detailed in his article. One of the things that influenced Knauss’ philosophy on leadership was the Marine Corp process of thinking through an issue. Bryant wrote, “I learned in the Marine Corps that I really liked strategy. Every operation in the military is based on a five-paragraph order, and the acronym is Smeac — situation, mission, execution, administration and communication. It’s a very logical flow.”

Another key leadership lesson is defined by the age-old acronym KISS or Keep it simple, sir. Bryant wrote that Knauss said, “how are you going to focus the organization? And it had better be simple, and it probably should not be more than three things. You’ve got to communicate it about 100 times and align your incentive structure to it. It’s about distilling the complex to the simple, and I’ve seen leaders fail because they do the reverse, by trying to make things into some intellectual exercise. Whatever business you’re in, there are fundamentals, just like blocking and tackling in football. It always comes back to the fundamentals. You cannot let yourself get bored with the fundamentals.”

But more than simply communicating something about 100 times to get your message across, Knauss believes that you have to make sure that people believe that you care about them. That is certainly something a compliance practitioner needs to take to heart. Knauss reflected, “it’s all about your people. If you’re going to engage the best and the brightest and retain them, they’d better think that you care more about them than you care about yourself. They’re not about making you look good. You’re about making them successful. If you really believe that and act on that, it gains you credibility and trust. You can run an organization based on fear for a short time. But trust is a much more powerful, long-term and sustainable way to drive an organization.”

Knauss had some interesting insights relating to how he evaluates potential hires that I think makes a lot of sense for the compliance professional to consider.

  1. Passion – Knauss looks for energy and considers whether the person will have an impact on the business.
  2. Smarts – Can the candidate think analytically, creatively and strategically?
  3. Develop others – Is there any pattern in the person’s career that shows they can develop people or put inversely, did people move up through an organization because they were mentored by this person?
  4. Communication skills – Knauss considers if he can imagine this person on a stage, inspiring a large group? He also assesses whether the candidate has an easy, informal manner to conversely test if they are too formal and too focused on hierarchy, as Knauss believes formality and rigidity do not work.
  5. Use of power v. use of authority – Here Knauss believes “it is much more powerful to use authority than power. One of the things I’ve learned is that as you move up in an organization, you’re given more power. The less you use the power you’ve been given, the more authority people give you, because they think: “You know what? This guy’s O.K.” Persuading people to do things – come along with me because we’re going in the right direction – is much more powerful over time.”
  6. Values – Knauss said that the final thing he tries to evaluate is the values of a candidate. He considers that it is important that they are honest and will tell the truth. Moreover, “do they also stand up for what they think is right in the company? It starts with integrity, which is really the grease of commerce. You get things done much more quickly when people trust you.”

However, I found one of the most important lessons that Knauss intoned was about how a leader should treat people. He told the story about how he joined a group of Marines who had been in the field for several weeks and had been eating C-rations. When Knauss met them, they were having their first hot meal since going into the field. Knauss related, “I had been up since 5 in the morning, and I was pretty hungry. I started walking over to get in front of the line, and this gunnery sergeant grabbed my shoulder and turned me around. He said: “Lieutenant, in the field the men always eat first. You can have some if there’s any left.” I said, “O.K., I get it.” That was the whole Marine Corps approach – it’s all about your people; it’s not about you. And if you’re going to lead these people, you’d better demonstrate that you care more about them than you care about yourself. I’ve never forgotten that, and that shaped my whole approach to leadership from then on.”

That final lesson is the most important one for any compliance practitioner. Your gold-plated written compliance program is only as strong as the people you have in your company. If you can demonstrate, and lead in compliance, by showing your fellow company employees that you are there to assist them but you will also go the extra mile to make them understand you care about them, you will get much more out of them at the end of the day.

===============================================================================================================================================================================================================================================


M&AIf you are interested in learning about mergers and acquisitions under the FCPA I am involved in to upcoming events designed to give you the most up-to-date advice on this area of compliance. Both events are sponsored by The Network. The first event is a webinar entitled appropriately enough, “Mergers and Acquisitions Under the FCPA” and is scheduled for  Tuesday, June 17th, 2014 TIME: 2:00 pm EDT. For registration and additional information click here. On Tuesday, June 24th the always popular Tom Fox/Stephen Martin roadshow returns to Denver where I will speak live on Merger and Acquisitions Under the FCPA and Stephen will talk about risk assessments under the FCPA. For information on the Denver event, click here

 

 

 

World Cup 2014

I am putting on a four part podcast series on the World Cup, detailing issues of bribery and corruption, together with an ongoing discussion of Team USA and this year’s tournament. I am joined by Mike Brown, the Managing Director of Infortal. You can check out Part I by clicking here of the series where we discuss bribery of referees in the lead up to the 2010 World Cup held in South Africa and FIFA’s response. Mike and I then review Team USA and it’s draw in Group g-the Group of Death. I hope that you will check out this series and enjoy it as much as Mike and I enjoy recording the episodes. Also remember, my podcast, the FCPA Compliance and Ethics Report is available for download at no charge on iTunes so you can listen to Part I on your commute to work. So sign up for the podcast from WordPress or iTunes and enjoy our series.

===============================================================================================================================================================================================================================================

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. 

© Thomas R. Fox, 2014

 

 

 

 

Private-to-Private – How Business is Driving FCPA Compliance

Ben HoganToday we celebrate greatness. On this day in 1950, Texan Ben Hogan fully returned to the world of professional golf by winning the US Open, just 16 months after sustaining near fatal injuries in a car crash. His injuries were indeed horrific. Hogan suffered a broken collarbone, ankle, ribs and a double fracture to his pelvis. While in the hospital, a blood clot appeared in his leg, forcing doctors to tie off the surrounding veins to keep the clot from reaching his heart. Hogan’s legs atrophied, and doctors worried he would never walk again, let alone play golf at a professional level. Yet Hogan was able to walk 36 holes on the final day of regulation play and win the tournament the next day in an 18-hole playoff. Hogan is one of two golfers to win three of golf’s major championships in one year, won after his 1949 automobile accident.

A few weeks ago I wrote and put out a podcast about how the Houston energy community had developed a business solution to Foreign Corrupt Practices Act (FCPA) compliance. In the energy industry, the exploration and production companies (E&P) are usually thought of as existing at the top of the food chain (i.e. Mega-Big). Below them are the service companies, which actually do the work of exploration (i.e. Very-Big). The next level down are companies who work with the service companies, from the multi-billion chemical production firm down to the $15MM company which has a piece of software which does something useful. All of these companies down the chain are required to have a compliance program.

In practice it works something like this. A service company needs a product or service. As part of the regular contracting process, the service company will inquire into the contractor’s compliance function and policy. If the contractor provides a service which deals with a foreign government in any way or has foreign government touch points, the service company may well come and audit the contractor’s compliance program prior to executing the contract. Thereafter the contractor is subject to being audited for not only the execution of the contract but also the continued maintenance of its compliance program. All of this is done for business reasons. It is a business response to a legal issue, that being compliance with the FCPA.

Last week I received a copy of a paper by Scott Killingsworth, one of the true great practitioners in the field of compliance. Last year, he was listed by Ethisphere as one of its “Attorneys Who Matter” in ethics and compliance. His 2013 paper, “article, “Modeling the Message: Communicating Compliance through Organizational Values and Culture”” received a 2013 Burton Award for Distinguished Legal Writing. Killingsworth’s latest article is entitled “The Privatization of Compliance” and in it he sets out the legal and theoretical underpinnings for what I call the business solution to FCPA compliance. In his introduction he stated, “Embodied in contract clauses and codes of conduct for business partners, these obligations often go beyond mere compliance with law and address the methods by which compliance is assured. They create new compliance obligations and enforcement mechanisms and touch upon the structure, design, priorities, functions and administration of corporate ethics and compliance programs. And these obligations are contagious: increasingly accountable not only for their own compliance but also that of their supply chains, companies must seek corresponding contractual assurances upstream. Compliance is becoming privatized, and privatization is going viral.” And he calls this “private-to-private or P2P compliance.”

Killingsworth says this is a change from a “vertical, state-imposed” mandate to “an integral adoption of best practices both as a cultural norm and critically, as a path to profit”. [Italics mine] He notes that when such obligations come from a business partner, “This message has the potential to re-orient some attitudes and remove some ethical blinders. As more businesses are forced by their counterparties to examine their compliance processes and routinely accept business and legal consequences for them, we can expect increases in overall investment in compliance, in the scope and robustness of the average compliance program, and in ambient awareness of compliance issues outside the compliance, audit, and legal staffs. The viral nature of the process, in which each participant can exert pressure on a large number of direct and indirect upstream or downstream parties, while simultaneously fielding demands from other members of its value chain, suggests that the trend will continue and its influence will grow.”

Specifically in the area of anti-bribery/anti-corruption compliance programs, he writes “The debates about best practices are settled, save for skirmishes over when they can be practically applied.” Such best practices can be seen in the area of third-party due diligence and anti-bribery provisions, which are written into contracts with “domino-style flow-down requirements.” These obligations can arise through directly incorporating anti-corruption compliance obligations or by reference to one party’s compliance regime, or both. Such contractual provisions can cover a variety of issues, such as “ethical rules governing relationship issues such as conflicts of interest and gifts and entertainment; requirements to obey specific laws of concern and laws generally; and procedural rules such as the right to audit the partner’s records or train its personnel. Process and structural rules may be imposed on the partner’s compliance activities, such as requirements to establish management accountability, develop appropriate policies and procedures, maintain an anonymous reporting system and an anti-retaliation policy, train employees, conduct periodic audits, risk assessments and remediation, and of course, sometimes to cascade these program elements to downstream associates.”

Killingsworth details several areas that compliance professionals and contract lawyers should look for when confronted with P2P clauses and he does warn that some negotiators “will always be zero-sum business partners whose prime goal is risk transfer and who will do everything within their power to achieve it through contracts and P2P Codes.” However, he ends his paper with an upbeat note that he believes P2P codes and contract clauses can further the goals of greater compliance with anti-corruption laws.

I found his paper to be a ‘must read’ for anyone in the compliance field. He lays out a theoretical framework, coupled with some of the practical issues which need to be addressed moving forward for what I believe is a business solution to a legal problem. Kudos to Killingsworth for his continued contributions to the field of compliance and ethics where he is truly one of the greats.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2014

May 28, 2014

What Does an Effective Compliance Program Look Like? – The Regulators Perspective

Compliance ProgramWhat does an effective compliance program look like? Is it one that follows the Ten Hallmarks of an Effective Compliance Program as set out in the 2012 FCPA Guidance? How about one that uses the Six Principals of Adequate Procedures relating to the UK Bribery Act as its guideposts? Or should a company follow the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance? More importantly, for anti-corruption enforcement under the Foreign Corrupt Practices Act (FCPA), what does the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) look for when assessing a compliance program?

Over the years, we have heard various formulations of inquiries that regulators might use when reviewing a compliance program. While not exactly a review of a compliance protocol, one of my favorites is what I call McNulty’s Maxims or the three questions that former United States Deputy Attorney General, and  Baker & McKenzie LLP partner, Paul McNulty said were three general areas of inquiry the he would assess regarding an enforcement action when he was at the DOJ. They are: first: “What did you do to stay out of trouble?” second: “What did you do when you found out?” and third: “What remedial action did you take?”

Paul’s former partner at Baker & McKenzie, Stephen Martin, who still runs Baker & McKenzie Compliance Consulting LLC, said that an inquiry he might make was along the lines of the following. First he would ask someone who came in before the DOJ what the company’s annual compliance budget was for the past year. If the answer started with something like, “We did all we could with what we had ($100K, $200K, name the figure), he would then ask, “How much was the corporate budget for Post-It Notes last year?” The answer was always in the 7-figure range. His next question would then be, “Which is more business critical for your company; complying with the FCPA or Post-It Notes?” Unfortunately, it has been Martin’s experience that most companies spent far more on the Post-It Notes than they were willing to invest into their compliance program.

Last week at Compliance Week 2014, Andrew Ceresney, Director of the Division of Enforcement of the SEC, gave one of the Keynote Addresses. In his remarks he talked about the importance that the SEC is putting into compliance. He said “I start from the premise that the companies that have done well in avoiding significant regulatory issues typically have prioritized legal and compliance issues, and developed a strong culture of compliance across their business lines and throughout the management chain. This is something I observed firsthand while in private practice and have come to fully appreciate from my perch at the SEC.”

But, more importantly, he said that he has “found that you can predict a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company’s legal and compliance departments in the firm.” He then went on to detail some rather straightforward questions that he believes can show just how much a company is committed to having a robust compliance regime.

  • Are legal and compliance personnel included in critical meetings?
  • Are their views typically sought and followed?
  • Do legal and compliance officers report to the CEO and have significant visibility with the board?
  • Are the legal and compliance departments viewed as an important partner in the business and not simply as support functions or a cost center?

Beyond simply going into the DOJ or SEC and claiming that your company is very ethical and does business in compliance with the FCPA, how can a company demonstrate the above? This is where the Tom Fox Mantra of Document, Document and Document comes into play. No matter how much input the compliance function has into the above suggested inquiries if the inputs are not documented, it is if they did not exist. So for meetings, you should keep attendance sheets or notations. A compliance representative can put a short, three to four sentence memo into the file about the recommendations and the response thereto. If the compliance department advise was not followed, there should be a business reason documented for the decision. Moreover, if there is a rejection of the compliance function advise and the course of action leads to some type of FCPA issue, it may well be assumed the company knew or should have known that the course of action taken could reasonably lead to a FCPA issue if not full blown violation. As to the issues of compliance visibility at the Board level, once again the documentation of any presentation and their substance can provide evidence to answer the query in the affirmative. But the key to all of these questions is if there is documentation to prove the assertions that they actually occurred.

Near the end of his presentation, Cerensey said that “Far too often, the answer to these questions is no, and the absence of real legal and compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues. When I was in private practice, I always could detect a significant difference between companies that prioritized legal and compliance and those that did not. When legal and compliance were not equal partners in the business, and were not consulted as a matter of course, problems were inevitable.”

McNulty’s Maxims, Martin’s question on budget and now Cerensey’s questions all provide significant guideposts to how regulators think about FCPA compliance programs. For me, I think the point is that companies which actually Do Compliance are easy to spot. For all the gnashing of teeth about how hard it is to comply with what the DOJ and SEC want to see in FCPA compliance, when the true focus can be distilled into whether a company actually does compliance as opposed to saying how ethical they are, I think it simplifies the inquiry and the issues senior management and a Board of Directors really needs to pay attention to.

For a copy of the full text of Director Cerensey’s remarks, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

« Previous PageNext Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,736 other followers