FCPA Compliance and Ethics Blog

September 17, 2014

Bad News Barnes and China’s Overseas Efforts to Fight Corruption

Filed under: Bribery Act,Corruption in China,FCPA,Financial Times — tfoxlaw @ 8:56 pm

Marvin BarnesMarvin ‘Bad News’ Barnes died last week. Barnes probably summed up the state of professional basketball more than any one person in the 1970s. He was enigmatic, supremely talented, defiantly self-indulgent, fell prey to drugs and alcohol and lost everything. He exploded onto the national scene in 1973 with a Providence team who went to the Final Four and then went on to play for one of the most unique collection of basketball talents ever assembled; the aptly named St. Louis Spirits in the old American Basketball Association (ABA). After the folding of the ABA, he played for Boston, Detroit, Buffalo and San Diego in the National Basketball Association (NBA). In his obituary in the New York Times (NYT), entitled “Marvin Barnes, Enigmatic Basketball Player, Dies at 62”, reporter Bruce Weber quoted former Spirits owner Donald Schupak, from a 1976 interview where he said of Barnes, “He’s a nice guy, a sweet guy, everybody likes him. He’s just totally unreliable. He’s probably in the top five players talent-wise. In terms of value to the team, he’s probably in the bottom 10 percent.” My personal favorite Bad News Barnes story was the time he showed up for a Pistons game in the middle of the first quarter, dressed in his game jersey and a full length mink coat, eating some French Fries, claiming he had ‘overslept’. Bad news indeed.

I thought about Bad News Barnes whilst reading some recent Financial Times (FT) articles about China’s fight against corruption. They were “China takes its anti-corruption battle to foreign shores” and “China bribe cases pose test for west as suspects flee” both by Jamil Anderlini. I thought they posed some interesting questions for anti-compliance practitioners, law enforcement officials who enforce anti-corruption laws and the anti-corruption commentariatti out there.

The problem of corruption in China is both well known and well documented, as is the ongoing anti-corruption campaign. In the former article, Anderlini says, “The US-based group Global Financial Integrity estimates illegal flows out of China amounted to $2.83tn [that is Trillion] between 2005 and 2011. The article details that China is carrying the fight against anti-corruption outside the boundaries of the country to seek those persons who may have been the recipients of corrupt payments and have fled the country.” He wrote, “Communist party officials have launched an investigation into assets and individuals based in New Zealand.” The effort, code named “Fox Hunt 2014” (you have to love that moniker), is being run by the Communist Party’s “Central Commission for Discipline Inspection [CCDI], a shadowy organization with a controversial human rights record”. It has set a dedicated office to “investigate allegedly corrupt officials who have absconded or sent relatives and assets abroad.”

In the later article, Anderlini wrote that CCDI status is as the “extralegal body that answers only to the Communist party leadership and has the power to indefinitely detain any of the country’s 86m party members without trial and without access to legal representation. It is often accused of torture, inhumane treatment of suspects and politically motivated investigations, according to human rights groups.” Moreover, some believe this pursuit raises difficult questions for western democracies. Anderlini quoted one un-named diplomat for the following, “Our countries don’t want to be seen as havens where corrupt officials can flee to with their ill-gotten gains but there are serious questions facing any democratically elected government about how far they can co-operate with China’s authoritarian system.” Further, unlike the US, many countries ban the death penalty, which is still legal in China for those Communist Party and government officials who are convicted of accepting bribes. Finally is the issue of the CCDI and the Chinese judicial system. Anderlini said, “Even when cases have been transferred by the CCDI to China’s formal legal system, there are serious questions about judicial independence because the courts ultimately answer to the party hierarchy.”

For some of these reasons and perhaps others, “China does not have extradition treaties with any western democracies although it does have agreements with 38 countries and has repatriated 730 people suspected of “major economic crimes” since 2008, according to state media.” The Chinese government hopes it will “catch more fugitives in countries such as Canada, Australia and the US – the three most popular destinations for allegedly corrupt officials, according to Chinese state media.” Finally, Anderlini noted that multiple “Beijing-based diplomats from several western countries, including the UK, say China has applied growing pressure in recent months in an attempt to secure their help for investigations in their countries.”

Anderlini reported that some people in New Zealand have been made uncomfortable with all of this. He said, “the New Zealand public remains deeply sceptical of closer ties with the authoritarian Chinese government.” Moreover, “In the case of New Zealand, the overwhelming importance of the economic relationship has made at least some people argue for closer co-operation with Beijing in tackling the flow of illicit funds and fugitives from China.” He also quoted Russel Norman, co-leader of New Zealand’s Green Party, who believes “The NZ Police, Ministry of Foreign Affairs and Trade and Prime Minister’s office need to tell the public of New Zealand what, if any, access we are willing to allow the Chinese Communist party to New Zealand residents. Allowing this to happen would be like giving the KGB access to expatriate Russian citizens during the cold war.”

What should the response of western governments be regarding the efforts of the Chinese government to fight internal corruption? Should western governments, such as here in the US, cooperate with the Chinese government in requests for documents, other evidence or interviews? Can the US or other western governments expect reciprocity from the Chinese in a Foreign Corrupt Practices Act (FCPA) or UK Bribery Act investigation if they do not give the same courtesy to Chinese prosecutors? Should the fact that China has harsher penalties for accepting bribes, even up to the death penalty, preclude western governments from cooperating with the Chinese officials. (Please note such argument would not apply in the great state of Texas, where the death penalty most surely does still exist.) What about the CCDI, the “extralegal body” which is heading up this investigation? Should western countries be required to evaluate who is enforcing the Chinese laws on the books against corruption? Can or should you compare the CCDI with the KGB? If you are going to evaluate that body, does it logically lead to an evaluation of the entire Chinese legal system? Finally, if western governments believe that bribery and corruption are insidious matters that require responses, should they care whether an extrajudicial organ of the Chinese Communist Party is involved? All I can conclude is Bad News indeed for those Chinese officials who the CCDI is after, no matter where they might have fled.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Use of Influence in the Compliance Function

IMG_1213One of the challenges for any Chief Compliance Officer (CCO) is how to influence the conduct and actions in a corporate environment, particularly as compliance is viewed as non-revenue generating and usually does not exist simply to protect the company, which is how the legal department is often viewed. Folks like myself who came into compliance from the legal function tend to think of a top-down approach where compliance is centralized at the corporate officer, usually in the United States. But because the role is very different than that of a General Counsel (GC), a CCO needs to bring another skill set to bear to do his or her job. In a session at the SCCE 2014 Compliance and Ethics Institute, SCCE Chief Executive Officer (CEO) Roy Snell and Jenny O’Brien, CCO at United Health Care, talked about the techniques that a CCO can use to influence decision making in a company in order to do business in compliance and ethically.

Snell began the session with some basic questions about why there are positions such as a CCO and why there is a compliance function within an organization. After all, departments like legal and internal audit have existed in business organizations for up to at least a few hundred years. He posed two questions that I found interesting “Why are we here?” and “What did those who came before us to fail to do?” He listed some of the scandals from the late 90s and early 00s such as Enron, WorldCom, HealthSouth, Adelphia and others where he believed that the problems, which led to the disintegration of these organizations, were well known within the companies themselves. So the situation was not that people did not find the problems, the issue was that the people inside these organizations did not fix the problems. Snell believed that the persons who could and would have stood up to raise questions or say this should stop lacked some skill or ability to influence others to make the right decision. He concluded that such business and ethical collapses were a failure of influence.

This led into his presentation with O’Brien about techniques for a CCO to employ to help influence decision-making within an organization. They labeled them as the “Seven Steps of Influence” and they are as follows:

  1. Collaboration. O’Brien emphasized that as a CCO you need to know your company’s business. If you are new to an organization she said you must take time to learn the business. You should sit in on sales meetings and, when appropriate, you should go out on sales call. Channeling her inner Atticus Finch, she characterized this as walking in the shoes of the business leaders you are assisting. By doing so, you will not only understand the products and services that your company offers but also the challenges that your business development team will face out in the world.
  2. Here O’Brien emphasized that she has to work constantly at active listening, which is listening, thinking and then speaking, and not just jump into the middle of a conversation, talk to people in a manner that will address their concerns. When you do speak you should be prepared to make the case for the compliance proposition that you are trying to get across. She noted that as a CCO or compliance practitioner, you should strive to be relevant in every interaction you have with your senior management peers. O’Brien said that sometimes it means speaking up at meetings or other forums but sometimes it means listening. You should try to develop a rapport with your business team and this rapport can lead to trust building.
  3. Relationships. Snell opened his remarks on this topic by intoning that by relationships he did not mean inter-personal relationships. He believes that it is mainly through relationships with other functions in an organization that a CCO or compliance practitioner can best bring influence to bear. It all begins with building trust with others within your organization. Invest time to find others in your organization that you want to work and with those with whom you desire to build relationships. Snell believes that some of the more key relationships that a CCO or compliance practitioner can develop are with the audit function, the legal department, Human Resources, IT and corporate communications. Snell said that when one of these groups offered to help him move the ball forward in compliance he always viewed it as a positive and wanted to work with these and other corporate groups. He did not view it as a turf war at all. The only thing that he said he requested were the terms of working together. Of those, he said the most important was that if another group in the company took on some project related to compliance, such an internal audit, that the group finish whatever they take on.
  4. Humility. O’Brien believes that humility is important because it empowers. Moreover, it can empower others to expand the circle of influence and get others in a corporation to influence an ever-expanding circle on behalf of compliance. The CCO does not need center stage. She reiterated her belief that business units should solve compliance issues, as compliance is really just another business process. Further, through such influence where you can get the business unit resources to solve a compliance problem, you will hold down the costs of the compliance function. She ended by noting that it is not about being right but about moving the compliance ball forward in the right direction.
  5. Negotiation. Here Snell said that negotiation should not be about the dichotomy of winning and losing an argument or debate. A CCO should strive to redefine what a win might look like or what a win might consist of for a business unit employee. He said that when faced with such a confrontation, he would try to determine what both sides wanted then give them something else in addition to what they thought they wanted. He provided the example of a CCO quietly listening and when the room is just right and all the participants are worn out, you, as the compliance practitioner, throw out an idea where the apparent loser in the argument receives even more than they thought they were asking for in the requesting. A CCO can be considered a mediator not just simply an enforcer or Dr. No from the Land of No. He ended by saying that as a compliance practitioner you need to learn the art of compromise.
  6. Triple ‘C’. What do the three C’s stand for? Calm, cool and collected. O’Brien believes that all company employees, up and down the chain, are watching the CCO. For this reason, she said that as a compliance practitioner you should be poker faced. To this end she keeps the sign “Keep Calm and Carry On” in her office. She believes that the Triple C’s are important because organizations look to the CCO to solve complex issues with simple solutions. When faced with a compliance issue or an obstacle you should endeavor to keep everything on an even keel and never let them see you sweat.
  7. Credibility. The final of the seven pillars was that the CCO role needs to be adequately scoped and that the accountabilities need to be clearly defined. Put another way, what is your job scope as the CCO and what is the function of the compliance department? What is your accountability to decide the resolution to an issue? Snell agreed with O’Brien that there should be business unit ownership for every issue that comes into the compliance department. Yet, as a CCO, you must demonstrate your value as a non-revenue function. This may require you to get out of your office and put on a PR campaign for compliance. Finally, Snell ended by saying that a CCO needs to guard their independence in job function and reporting. You must make clear that you will have independent reporting up to the Board or Audit Committee of the Board.

Snell concluded by reminding us all that influencing is not a one-time activity. It is ongoing. Tying back to his original question of why the compliance function exists in the quantum it does today, he said that he believes a CCO or compliance practitioner exists to help influence a company to build a better business environment by acting more ethically and responsibility. By moving the ball forward in this manner, it may well lead to a country’s economy to be trusted which could well lead to greater economic development.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 15, 2014

Internal Controls for Third Party Representatives in a FCPA Compliance Program

7K0A0246This week, I am continuing my podcast series, on the FCPA Compliance and Ethics Report, on internal controls in best practices anti-corruption compliance program, under the Foreign Corrupt Practices (FCPA), UK Bribery Act or other anti-bribery legislation. In this series, I am visiting with Henry Mixon, a top notch internal controls expert, to help explain what internal controls might be needed, how to assess the need and then how to implement the needed internal controls. This week I am running a two-part episode of the internal controls related to the management of third party representatives.

Mixon suggested that a compliance practitioner should perform an analysis of any third party representative to provide insight into the pattern of dealings with such third parties and, therefore, the areas where additional controls should be considered. He listed some basic internal controls that should be a part of any financial controls system. The general internal controls, which might be appropriate, could be some or all of the following:

  • A control to correlate the approval of payments made to contracts with third party representatives and your company’s internal system for processing invoices.
  • A control to monitor all situations in which funds can be sent outside the US, in whatever form your company might use, which could include accounts payable computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances or other forms.
  • A control for the approval of sales discounts to distributors.
  • A control for the approval of accounts receivable write-offs.
  • A control for the granting of credit terms to third parties or customers outside the US.
  • A control for agreements for re-purchase of inventory sold to third parties or customers.
  • A control for opening of bank accounts specifically including accounts opened at request of an agent or a customer.
  • A control for the movement / disposal of inventory.
  • A control for the movement / disposal of movable fixed assets.
  • Execution and modification of contracts and agreements outside the US.

Mixon also noted that in addition to the above there should also be internal control needs based on activities with third party representatives. These could include some or all of the following internal controls

  • A control for the structure and enforcement of the Delegation of Authority.
  • A control for the maintenance of the vendor master file.
  • A control around expense reports received from third parties.
  • A control for gifts, entertainment and business courtesy expenditures by third party representatives.
  • Charitable donations.
  • All cash / currency, inventory, fixed asset transactions, and contract execution in countries outside the US where the country manager has final authority.
  • Any other activity for which there is a defined corporate policy relating to FCPA.

While that may appear to be an overly exhaustive list, Mixon indicated that he believed there were four significant controls that he would suggest the compliance practitioner implement initially. He listed: (1) Delegation of Authority (DOA); (2) Maintenance of the vendor master file; (3) Contracts with third parties; and (4) Movement of cash / currency.

Mixon noted that a DOA should reflect the impact of FCPA risk including both transactions and geographic location so that a higher level of approval for matters involving third parties and for fund transfers and invoice payments to countries outside the US would be required inside an organization. He did concede that quite often the DOA is prepared without much thought given to FCPA risks. Unfortunately once a DOA is prepared it is not used again until it is time to update for personnel changes. Moreover, it is often not available, not kept current, and/or did not define authority in a way even the approvers could understand it. Therefore it is incumbent that the DOA be integrated into a company’s accounts payable (AP) processing system in a manner that ensures all high-risk vendor invoices receive the proper visibility. To achieve this you should identify the vendors within the vendor master file so payments are flagged for the appropriate approval BEFORE they are paid.

Furthermore if a DOA is properly prepared and enforced, it can be a powerful preventive tool for FCPA compliance. To support this Mixon used the following example: A wire transfer of $X between company bank accounts in the US might require approval by the Finance Manager at the initiating location and one officer. However, a wire transfer of $X to the company’s bank account in Nigeria, could require approval by the Finance Manager, a knowledgeable person in the Compliance function, and one officer. In this situation, the DOA should specify who must give the final approval for engaging third parties. Moreover, the DOA should address replenishment of petty cash funds in countries outside the US, as well as approval of expense reports for employees who work outside the US (including those who travel from the US to work outside the US).

I then asked Mixon about the vendor master file, which he believes can be one of the most powerful PREVENTIVE control tools largely because payments to fictitious vendors are one of the most common occupational frauds. The vendor master file should be structured so that each vendor can be identified not only by risk level but also by the date on which the vetting was completed and the vendor received final approval. There should be electronic controls in place to block payments to any vendor for which vetting has not been approved. Next manual controls are needed over the submission, approval, and input of changes to the vendor master file. These controls include verification that all vendors have been approved before their information (and the vendor approval date) is input into the vendor master. Finally, manual controls are also needed when “one time” vendors are requested, when a vendor name and/or vendor payment information changes are submitted.

Near and dear to my heart as a lawyer, Mixon also indicated that contracts with third parties can be a very effective internal control which works to prevent nefarious conduct rather than simply as a detect control. He cautioned that for contracts to provide effective internal controls, relevant terms of those contracts (commission rate, whether business expenses can be reimbursed, use of subagents, etc.,) should be extracted and available to those who process and approve vendor invoices. If there are nonconforming service descriptions, commission rates, etc., present in a contract such terms must be approved not only by the original approver but also by the person so delegated in the DOA Unfortunately contracts are not typically integrated into the internal control system. They are left off to the side on their own, usually gathering dust in the legal department file room.

Mixon said that the Hewlett-Packard (HP) FCPA enforcement action was an excellent example of the lack of internal control over the disbursements of funds and movement of currency because you had the country manager delivering bags of cash to a Polish government official to obtain or retain business. Mixon believes that all situations where funds can be sent outside the US (AP computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances, etc.,) should be reviewed from a FCPA risk standpoint. He went on to say that within a given company structure you need to identify the ways in which a country manager (or a sales manager, etc.,) could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system.

To prevent these types of activities internal controls need to be in place. Mixon presented the following example of how this could be managed: All wire transfers outside the US should have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA and wire transfer requests going out of the US should always require dual approvals. Lastly, wire transfer requests going outside the US should be required to include a description of proper business purpose.

Mixon continues to emphasize that internal controls are really just good financial controls. The internal controls that he detailed for third party representatives in the FCPA context will help to detect fraud, which could well lead to bribery and corruption.

You can listen to my podcast with Henry Mixon on internal controls for third parties in a FCPA compliance program, part I by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 12, 2014

The FCPA Compliance and Ethics Report

If you have not done so, I hope that you might go over to my podcast site, the FCPA Compliance and Ethics Report,  to check out some of my recent podcasts. The episodes are between 20-30 minutes long and they are available for download on iTunes so you can listen to them on your commute to work or when working out at the gym.

Internal Controls

I have begun a series on internal controls in a best practices FCPA compliance program with noted internal controls expert Henry Mixon. In Parts I & II, Mixon and I discuss the basics of what are internal controls. These podcasts supplement some of my recent blogs on internal controls.

Episode 85-What Are Internal Controls, Part I

Episode 87-What Are Internal Controls, Part II

HR and Compliance

One of the best allies for the compliance function in any company is the Human Resources department. I explore how HR can assist compliance in a myriad of components of any best practices compliance program.

Episode 86-Use of HR in a Compliance Program

Continuous Improvement of a Compliance Program

In the FCPA Guidance and in almost every speech I have heard by a Department of Justice official, they talk about how your compliance program should evolve to meet new compliance risks, changes in best practices, geographic markets where your company does business and new product/service offerings. You can do this by continuous improvement of your compliance program.

Episode 84-Continuous Improvement of Your Compliance Program

The Compliance EcoSystem

Jon Rydberg is the Founder and CEO of Orchid Advisors. He is also the former CCO of Smith & Wesson and was at the company when it navigated it way through a FCPA investigation and enforcement proceeding. From these experiences, Rydberg has developed a holistic approach to compliance which he has trademarked as the “Compliance EcoSystem”. I explore his ideas on an fully integrated approach to compliance

Episode 83-Interview with Jon Rydberg

Use of Interviews in Your Compliance Program

Brian Ching is the most famous player in the history of the Houston Dynamos soccer club. Ching recently retired and moved into the front office as the General Manager of the Houston Dash, the Houston professional women’s soccer club. I interviewed Ching on his transition to management and how the Dash use the face-to-face interview process to not only assess the non-soccer skills that the team requires of its players but also to communicate the team’s expectations. There are some very significant insights about how a company can communicate its expectations regarding ethical business practices.

Episode 79-Interview with Brian Ching

The FCPA Professor

Finally and last but certainly not least, I bring back the FCPA Professor for a two-part podcast on his new book The Foreign Corrupt Practices Act In a New Era.

Episode 80, Interview with the FCPA Professor, Part I

Episode 81-Interview with the FCPA Professor, Part II

A good weekend to all.

September 11, 2014

King Arthur’s Roundtable – The CCO as Chief Collaboration Officer

RoundtableMany commentators such as Donna Boehme and Mike Volkov often talk about what is required for the position of Chief Compliance Officer (CCO), both in terms of corporate support and skills as a leader of a company’s compliance function. But in many ways a CCO can be seen as a collaborator because so much of the job is working with and interfacing with various functions within a business. I thought about that concept when I read an article in the Corner Office section of the New York Times (NYT) entitled “Titles Don’t Matter. Teamwork Does.” by Adam Bryant where he interviewed and profiled Girish Navani, Chief Executive Officer (CEO) of eClinincalWorks, a provider of clinical information systems.

I found Navani’s leadership style focusing on collaboration to be a good model for a CCO or compliance practitioner because what the compliance function needs to bring is a partnership to help the business and other units do business in compliance with the relevant legal and regulatory scheme. In the world of anti-bribery and anti-corruption that means compliance with the Foreign Corrupt Practices Act (FCPA), UK Bribery Act and similar laws. Navani said that his leadership style is to be as open as possible. One of the techniques that he uses is to have an oval table for meetings. No doubt channeling his inner King Arthur (or perhaps Richard Harris playing King Arthur), the configuration of the table actually seems to facilitate conversation and learning.

Another interesting insight was that Navani structures his company around teams. I thought this could be something that the compliance function could use in its dealings with business units because compliance is really a partnership with the business units and compliance spans multiple functions within any company. I also found another leadership insight from Navani’s leadership style. Navani said he continues “to learn every day. Leadership to me is many different qualities. Some are very basic. You’ve go to be approachable, humble and hard-working. Then there are ones regarding how you treat people. I listen more now. Before, I’d speak all the time. I will still do a lot of talking in meetings, but I absorb others opinions more. And I’m completely open to being told “no”. Questioning my own decision-making with others in the room is fine.”

I found that last point quite useful to consider. Coming out of the legal department and into compliance, I did not always take kindly to being told ‘no’ by someone from the business unit. I thought every pushback was some type of pressure test looking for weakness or tension. However, Navani’s style brings up the useful reminder that often the business function can assist compliance in learning how to perform the function more quickly or more efficiently. Certainly the business can assist the compliance function in understanding the highest risks that a company should focus on managing. In such a partnership role, compliance and the business unit can compliment each other to stop wasting time on immaterial risks so that resources can be delivered to the company’s highest risks.

Navani also stressed accountability. At his company “You’ve got to be accountable to yourself first, and you’ve got to be accountable to your team.” This certainly has application to the compliance function as well. One of the battles that compliance can fight is to be ‘The Land of No’ and the CCO is the head of it, or ‘Dr. No’. However by stressing accountability and creating transparency in the compliance process, I believe that a CCO can go a long way towards ameliorating that misperception.

I also found Navani’s techniques for hiring instructive for compliance. He said, “I look for the heart first. I don’t ask for direct experience.” He expects a modicum of professional expertise by the questions he asks most often are “Do you want to win? What drives you every day? Why health care IT? Can you spend 10 years of your career here? What do you want to do in those 10 years?” Navani went on to say that if he received satisfactory responses to those queries the technical aspects of a position can be taught. But he strives to see if a candidate’s heart is in the right place.

In addition to using these questions to ferret out candidates who will not work with his company, Navani uses these questions to set both a tone and expectation. The message he sends is “We’re not going to stifle you. If you can think out of the box, you will.” Navani believes that by hiring such employees they have the opportunity to become game changers at his company. Now imagine if you could have your Human Resource function use the hiring process to ask questions around attitudes around business ethics or other compliance issues. It would have the dual effect of allowing your company to have a front line inquiry that might weed out those who might be prone to cutting corners through bribery and corruption. But equally important would be the expectation set on the high value your company has on compliance and business ethics. The message would begin pre-hire, set again during employee orientation training and continued throughout the employment tenure.

Through migrating some of these leadership techniques that Navani espoused into your compliance tool-kit; a CCO or compliance professional can help to shift a company’s conversation around compliance. You can move from simply being seen as a safety backstop to one of developing and implementing solutions. Some of the other insights that I drew from Navani include setting out your core function of compliance. A compliance function should be able to offer expertise and insight into solutions. One part of that may be delivering data and other information to the business function to help them make better economic decisions for the company. But another way might be through compliance coaching advocacy.

Navani’s leadership once again demonstrates that if your compliance function shows integrity and responsibility, it can lead to greater teamwork between departments. Many business units fear that the compliance function will take away control of the business process from them. However by demonstrating that compliance is really in partnership, this can move a long way to alleviating this concern.

And do not forget the Round Table.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 9, 2014

Management of Corruption Risks – Business Lessons from GSK

IMG_0891The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made it abundantly clear over the past several years that companies should assess their risk and then manage their own risks. In the anti-corruption space, simply putting in a Check-the-Box paper compliance program does not help to prevent, detect or remediate under laws such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. In their joint FCPA Guidance, the DOJ and SEC make clear there are a variety of steps a company can take to manage anti-corruption risks.

One of the tired excuses for cutting back on FCPA enforcement is that it costs US companies business overseas because they cannot engage in bribery and corruption, while the commercial enterprises of countries which do not have robust anti-corruption laws essentially bribe at will. However, there are many business solutions available in the management of risk, which companies can profitably use to help ameliorate bribery and corruption risk.

I was interested to read recently about some of the responses that one of the world’s current poster children for bribery and corruption are considering. In an article in the Financial Times (FT), entitled “Witty comes out fighting for GSK”, Andrew Ward reviewed some of the business responses that GlaxoSmithKline PLC (GSK) has contemplated over the past year since the revelations about allegations of bribery in China. Ward reported that in addition to the uncertainty of the ongoing corruption investigation by Chinese authorities, the UK Serious Fraud Office (SFO) for violations of the UK Bribery Act and the DOJ for violations of the FCPA; the company “issued a profits warning that exposed weakness in the company’s core respiratory medicines business.” These warning turned on “the decline in the company’s best selling drug. Revenues from Advair, an asthma treatment that accounts for a fifth of sales, fell 12 per cent in the second quarter, on top of the 15 per cent drop in the three months before that.” Moreover, the company’s stock is down some 14% in the past year.

I was intrigued by the response of GSK’s chief executive, Sir Andrew Witty. Witty did not bemoan the corruption investigations that his company is going through or somehow try to claim that the company simply could not compete because of the scrutiny it is under. On the business front Ward reported, “GSK’s innovation engine is working” as Witty noted that the company had “six new drugs approved across all therapeutic areas last year and a further 40 in advanced development”.

In addition to the specific response regarding the development of new pharmaceutical products, Witty is looking at other sales products and models that will lessen the company’s corruption risk while providing a strong business base. Ward reported that Witty is “strengthening GSK’s two other businesses: vaccines and healthcare.” This move “was reinforced by a $20bn asset swap with Novartis in April under which GSK traded its subscale oncology business for the Swiss group’s vaccines division, while the pair agreed to set up a joint-venture in consumer products.” This means that when this structuring is completed, “half of GSK’s revenues will come from outside [the sale of] pharmaceuticals.”

Witty has also worked to change internal GSK compensation incentives to help manage corruption risks. Late last year, the company announced that it would “sever the link between sales and pay for drug reps and from 2016, stop payments to doctors for promoting its products.” Ward noted that others in the industry have not followed GSK’s lead in changing the way it compensates its sales team but Witty said, “in the long-run, the company will benefit from being the first-mover towards a new marketing model.”

Finally, and perhaps most interestingly, Witty has attempted to become an industry-wide “standard-bearer for [pharmaceutical] industry ethics.” Ward reported that the ongoing scandal has helped Witty “drive home to employees the need for greater transparency.” Ward even quoted Witty for the following, “It gives me the ammunition to say we are in the public eye and our behaviour counts. It’s not just about generating prescriptions, it’s how you do it.”

In another article on the GSK corruption scandal by Ward, entitled “GSK chief floats break-up option”, Ward quoted said that Witty has “zero tolerance for any form of corruption” and that “he was pleased if wrongdoing had been brought to light so that it could be stamped out.” Witty went on to say that “Any company that doesn’t get whistleblower letters isn’t looking hard enough. If you are not getting any don’t dream. It can’t be perfect 100 per cent of the time.”

Another perspective on business solutions to the management of corruption risks came from Tom Mitchell, also writing in the FT in an article entitled “Expats in China should read GSK potboiler carefully”. Mitchell focused on a book by Joe Studwell called The China Dream, which detailed some of the business failures that had befallen western companies in China. Mitchell drew the lesson from Studwell’s book that “When foreign investors’ interests are aligned with those of their domestic partners – as they generally are today in the auto sector – those investors do very well indeed… However, when interests are not aligned – or when outside operators in sectors where they are not required to have joint ventures – foreigners are vulnerable to sudden reversals of fortune instigated by either a bitter partner or by unsympathetic officials.”

How closely does that sound like what happened to GSK? Mitchell noted that GSK “made money from selling goods in China at prices that were – Chinese police allege – were high by the standards of many markets. At the same time, GSK was not sharing revenue streams with a local partner that could help with damage limitation when local authorities appeared on its doorstep.”

The management of risk is essentially a business exercise. That is because risk is what can cause a company to lose money. Some risk is embodied in statutes such as the FCPA or UK Bribery Act. Sometimes risk is a change in the market circumstance. For that I and others have written about the negative side of GSK; the company may well come out the other side of the Chinese corruption scandal stronger because they seem to understand that there is a market based solution to corruption risks. GSK has changed the way it will compensate its sales force and will delete its compensation to doctors. This may take away incentives to cut corners or engage in bribery and corruption. But think about Witty’s steps to diversify the GSK product base. If you are in an industry that is corrupt and you cannot find a way to do business profitably, your company may have other business lines it can move forward to a more prominent role in your business. Lastly, as with most responses to legal issues by lawyers, business executives are only limited by their imaginations in their response to business issues.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 8, 2014

Board of Directors and FCPA Oversight – An Internal Control Under SOX, Part II

Circle DiagramIn Part I of this two-part post regarding a Board of Director’s Role in Foreign Corrupt Practices Act (FCPA) oversight from the internal controls perspective, I reviewed how a Board might have independent liability for its failure to act as an appropriate internal control as required by Sarbanes-Oxley (SOX). Today I will review what internal controls are and what a Board’s role is within the context of internal controls.

Beginning on Tuesday, in conjunction with this two-part blog, my colleague Henry Mixon, Principal of Mixon Consulting, and myself are recording a podcast series on internal controls, which can be found on FCPA Compliance and Ethics Report. We are discussing the following areas: what are internal controls; how a company might use them and how they can be implemented? In the first of the podcast series I asked Mixon what are internal controls? He began with the textbook definition, which he said was “Internal controls are systematic measures (such as reviews, checks and balances, methods and procedures) instituted by an organization to:

  • conduct its business in an orderly and efficient manner,
  • safeguard its assets and resources,
  • deter and detect errors, fraud, and theft,
  • ensure accuracy and completeness of its accounting data,
  • produce reliable and timely financial and management information, and
  • Ensure adherence to its policies and plans.

Mixon noted that internal controls should be instituted entity wide, not simply limited to those functions used or reviewed by accountants and auditors. For an anti-corruption compliance regime such as the FCPA or UK Bribery Act, internal controls are measures to provide reasonable assurances that any assets or resources of a company (not limited to cash) cannot be used to pay a bribe. This definition includes diversion of company assets (such as by unauthorized sales discounts or receivables write-offs) as well as the distribution of assets.

Mixon noted that the basic framework for internal controls is derived from the COSO Model developed by the Committee of Sponsoring Organizations of the Treadway Commission in 1992 (COSO). This model has become the standard for an internal control framework and provides a structure to ensure companies address the key elements that should result in an effective system of internal controls. Using the COSO Model, as modified in 2013, provides a very supportable approach when adversarial third parties challenge whether a company has effective internal controls. The COSO Model defines internal controls in a pyramid, from bottom to top, as follows: (a) Control environment, (b) Risk assessment, (c) Control activities, (d) Information and communication, and (e) Monitoring.

In the 2013 update the basic framework was retained with substantial support from user companies, and 3 specific objectives were added: (I) Operations Objectives – effectiveness and efficiency of operations, including safeguarding assets against loss; (II) Reporting objectives – internal and external financial reporting; and (III) Compliance objectives – adherence to laws and regulations to which the entity is subject. According to the guidance in the 2013 update, the system of internal controls can be considered effective only if it provides reasonable assurance the organization, among other things, complies with applicable laws, rules, regulations and external standards. With the addition of those specific objectives, the COSO framework now specifically includes the need for controls to address compliance with laws and regulations.

We then turned to the question of which internal controls does a company need to institute? Mixon said that each company defines its internal controls to fit its business by determining what the Company wishes to protect and what type of control environment does it want to have in place. This means that they can be less formal in smaller companies but still effective if the focus is on the right risks. Based upon FCPA guidance, the most common control needs have been identified as follows: (i) Dealings with third parties; (ii) Gifts and entertainment, and (iii) Charitable donations. Yet even within those categories, a wide range of risks exists, depending on a company’s business practices. Mixon emphasized that a Top Down ‘Check-the-box’ generic set of policies will not likely result in effective controls.

The process to determine which internal controls are needed will be of some familiarity to the compliance professional. It all starts with a risk assessment to establish the corporate policies which are applicable, tailored to the company, and sufficiently specific. The risk assessment will also help to identify the types of transactions across the company which should be addressed (gifts and entertainment, maintenance of bank accounts and movement of cash, dealings with third parties, etc.). The next step is to prepare a set of documents which define the control objectives to be in place for each type of transaction – example: “Controls will be in place to ensure no vendor has been added to the vendor master file until complete due diligence has been completed and the vendor has been approved in accordance with Corporate policies. Thereafter, you will need to document how the controls will be performed and how they will be evidenced and then incorporate the control procedures into applicable work instructions and job descriptions.” Mixon cautioned that for each business location, determine the specific controls needed to accomplish each control objective. In many companies, a disparity of operating practices and accounting systems will result in different controls being needed. He ended by emphasizing that while this assignment may seem overwhelming it can be done in reasonable stages, pursuant to a specific implementation plan – it does not have to be done all at once for the entire company.

As you will recall from Part I, I believe, as gleaned from Jim Doty’s remarks, that a Board must not only have a corporate compliance program in place it must also actively oversee that function. This led me to conclude that failure to perform these functions may lead to independent liability of a Board for its failure to perform its allotted tasks in an effective compliance program. Doty’s remarks drove home one of the roles that a Board performs, which fulfills those tasks. Internal controls work together with compliance policies and procedures as stated by Aaron Murphy, a partner at Akin Gump, in his book “Foreign Corrupt Practices Act”, as “an interrelated set of compliance mechanisms.” Murphy went on to say that, “Internal controls are policies, procedures, monitoring and training that are designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Murphy breaks down internal controls into five concepts, which I have adapted for a Board or Board subcommittee role for compliance:

  1. Corporate Compliance Policy and Code of Conduct – A Board should have an overall governance document which will inform the company, its employees, stakeholders and third parties of the conduct the company expects from an employee. If the company is global/multi-national, this document should be translated into the relevant languages as appropriate.
  2. Risk Assessment – A Board should assess the compliance risks associated with its business.
  3. Implementing Procedures – A Board should determine if the company has a written set of procedures in place that instructs employees on the details of how to comply with the company’s compliance policy.
  4. Training – There are two levels of Board training. The first should be that the Board has a general understanding of what the FCPA is and it should also understand its role in an effective compliance program.
  5. Monitor Compliance – A Board should independently test, assess and audit to determine if its compliance policies and procedures are a ‘living and breathing program’ and not just a paper tiger.

There have been several FCPA enforcement actions where the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) discuss the failure of internal controls as a basis for FCPA liability. The Smith & Wesson enforcement action is but the latest. With the questions about the Walmart Board of Directors and their failure to act in the face of allegations of bribery and corruption in the company’s Mexico subsidiary, or contrasting failing to even be aware of the allegations; there may soon be an independent basis for an FCPA violation for a Board’s failure to perform its internal controls function in a best practices compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 4, 2014

Pro Football and the FCPA Professor

FootballFor those of us lucky enough to enjoy AAA (or perhaps AA) baseball, disguised as a major league team in our city, today brings harbingers of elation. No the Houston Astros are not moving to a city near you but the National Football League (NFL) begins its 95th season tonight with a match up of Seattle and Green Bay. I do not care if the Houston Texans are in the toilet again or my beloved Dallas Cowboys will stomp to yet another 8-8 season under the egotistical owner Jerry Jones. I love watching pro football. So for all you pro football aficionados out there, here’s to us!

With the upcoming season now only hours away, I was interested to receive the FCPA Professor’s latest article (as opposed to his latest book The Foreign Corrupt Practices Act In A New Era) entitled “How a Successful Football Organization Can Inform Foreign Corrupt Practices Act Compliance in a Business Organization”. As readers of this blog will know, I often use sports to discuss the nuts and bolts of Foreign Corrupt Practices Act (FCPA) compliance. So it was gratifying to see the FCPA Professor use sports in some of his writings. Further, since he is much better known for his basketball prowess (he went to college on a basketball scholarship), I was particularly gratified when he harkened back to my primary sport of football for his latest paper by stating, “In the spirit of the season, this article highlights four attributes of a successful football organization that can also elevate FCPA compliance in a business organization.” The four attributes are:

Understanding the playbook

While beginning with the proffer that any successful team has playbook that is effectively communicated, the FCPA Professor noted, “understanding the playbook and effectively communicating its contents are essential first steps in managing and minimizing FCPA risk in a business organization. Yet as simple as this sounds, many business organizations fail to take adequate steps to ensure that everyone is actually on the same page when it comes to FCPA compliance.” From this he moves into some thoughts on training.

The Professor cautions against over-complicating your FCPA training. I tell the folks that I train on the FCPA that the one thing I want them to take away is that if their stomach tells them something is wrong or the hair on the back of their neck stands up, just raise your hand and ask for help. The Professor phrases it another way by stating, “Toward this end, the goal of FCPA training should not be to make each participant an expert on the FCPA’s specific elements but rather to provide all participants a pair of FCPA goggles so they can approach their specific job functions able to recognize FCPA risk and report it to the appropriate experts within the business organization.” He concludes this section by stating, “In short, and just as in football, success in the field is best accomplished by an FCPA compliance playbook that engages employees and motivates them to spot risk, which is then effectively communicated to all members of the organization in a language they can actually understand.”

Execution by all team members

Here the Professor makes an interesting observation, which is too often overlooked in the compliance arena. In football there are skill positions such as those people who handle the football. Quarterbacks, running backs and receivers generally are the most well known and well paid. However the Professor notes, “success on the field is more often dependent on execution by the so-called ‘‘grunt players,’’ such as a successful snap by the center, the ability of the offensive line to protect the quarterback and the ability of the defensive line to pressure the quarterback. Indeed, key to building a successful football organization is drafting and cultivating such ‘‘grunt’’ players as evidenced by the frequency in which offensive or defensive linemen are selected in the NFL draft ahead of various ‘‘skilled positions.’’”

In the compliance world, there are skilled players at the top, such as the Chief Compliance Officer (CCO), Chief Financial Officer (CFO), Chief Executive Officer (CEO) and various Board members who may be involved with a company’s compliance function. However many FCPA violations arise out of what the Professor calls the ‘grunt work’ of doing business. To be sure, there was the KBR $148 million bribe paid through its joint venture (JV) for work in Nigeria. But more often it is the spade work of doing business which can lead to a FCPA violation, as the Professor notes, “tax, import/export and securing licenses, permits, certifications and the like—are actionable under the FCPA’s anti-bribery provisions.”

He further notes that compliance must be viewed as a corporate wide function. It is not and should not be viewed as strictly a legal function as “it is also a finance and auditing issue and thus a function that is best achieved holistically throughout a business organization.” I agree with his observations and would urge compliance practitioners to take a look at your compliance program through the eyes of your field team or international business representatives. Moreover by getting these folks to ‘raise their hands’ and get information in your hands, you may be able to stop a compliance issue before it becomes a full FCPA violation.

A flexible playbook

Here the Professor channels his inner FCPA Guidance by noting that a team’s playbook “is uniquely tailored to the strengths and weaknesses of the team based upon its current roster.” In the business world, this means that you need to assess your company’s compliance risks and manage your risks, not those of some other entity. The Professor suggests some basic questions you should start with to make this determination.

  • Where does your company do business? What are those countries reputations for corruption?
  • Who are your potential customers? Are they foreign governments or state owned enterprises?
  • What is your sales model? Do you use third parties in the sales cycle in foreign countries?
  • How do get your products into foreign countries? Do you use freight forwarders or customs brokers? How about visa processors for your company personnel?
  • How does your company obtain the necessary licenses, permits, certifications and other necessary paperwork to do business in foreign countries?

Your risk level will depend in large part on answers to these questions. The Professor ends this section with the following, “just like a football playbook that is uniquely tailored to the strengths and weaknesses of the current roster and adjusted throughout the season to incorporate specific opponents, an FCPA compliance playbook that is consistent, yet flexible enough to incorporate specific realities in different countries, can best minimize FCPA scrutiny and enforcement.”

Playing hard, but not too aggressively

In football players certainly want to play hard but face penalties for playing too aggressively. I would add that sometimes there are grey areas in the rules that can get players into trouble. Moreover, just as each football team will have its own risk tolerance, businesses will as well. The Professor states, “The same is true for FCPA compliance. Business organizations, particularly those accountable to shareholders to increase value, should aggressively compete in the global marketplace to gain a competitive edge over competitors. Yet the practical reality is that much of what happens in the global marketplace can also fall into a gray area given the FCPA’s provisions, which have frequently been found to be vague and ambiguous when subjected to judicial scrutiny. The potential of a business organization to find itself on the wrong end of enforcement agency discretion is further compounded if employees seek to justify their conduct under the FCPA’s facilitating-payments exception and affirmative defenses.”

I would guess that the FCPA Professor had fun writing this article. I certainly enjoyed reading it. For any fan of football, I would speculate that you would too. Even if you are not a football fan, I believe that you will gain new and additional insights into some of the ‘nuts and bolts’ of FCPA compliance by reading this article.

You can down the Professor’s article by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 3, 2014

Language as a Long Term Compliance Strategy

LangaugeI constantly rely on Jay Rosen and his team at Merrill Brink for translation and other language related services in the compliance portion of my work. (Yes I do practice law and compliance for a living; I blog for gratis.) For not only am I required to help evaluate documents in a foreign language which need to translated into English but often I need a foreign language version of compliance related documents that I create, from third party questionnaires to contracts to Foreign Corrupt Practices Act (FCPA) training materials. While I still tend to think of language as a tactical issue, Jay has long striven to have me see it as part of a businesses overall strategy.

I think I may have finally seen the light that Jay has been preaching to me over the past few years when I read an article in the September issue of the Harvard Business Review (HBR), entitled “What’s Your Language Strategy?” by Tsedal Neely and Robert Steven Kaplan. The authors posit that language should bind not only your company’s global talent pool but also your company’s vision. After concluding the article, I now understand how language is a strategy to help inform your compliance program as well. This is because just as “Language pervades every aspect of organizational life” the authors believe that companies “often pay too little attention to it in their approach to talent management.” I would add that is also true in the compliance function.

The authors believe that problems revolve around potential “blind spots regarding language.” They write that company leaders pay too little attention to the role of language when “hiring, training, assessing and promoting employees. This can lead to miscommunication and friction, especially among team members who collaborate across borders.” While the authors point that a company’s competitiveness that may suffer, I would suggest that a company’s compliance function could also suffer. The authors believe that a company should align its language strategy with its overarching priorities. Further, by building “language skills and cultural awareness throughout your organization in order to acquire and develop the kind of talent you need to compete globally and locally.” The authors believe that by paying attention to this issue, your company can potentially turn “vulnerability into a competitive strength.”

The authors identify five key points which a company should evaluate regarding language. I would also add they relate directly to any international company’s anti-corruption compliance function whether under the FCPA; UK Bribery Act or other anti-bribery regime.

Hiring and Training

Here companies need to understand how candidates might come across in the interview or other pre-employment evaluation process. While a candidate with multiple language fluency may overshadow deficits in other critical areas, it may also be a problem because as an evaluator, “you may need to accept some limitations on language capabilities and be prepared to provide training to meet both global and local language needs.” But even if you get pass this first hurdle the authors identify a follow up problem in this area; that is, after hiring and/or promotion. They state, “Another blind spot is a tendency to over rely on external lateral hires with a certain degree of language skill to fill midlevel roles rather than hiring and grooming outstanding junior candidates with the capacity and motivation to learn new languages. While the latter approach may initially take more time, companies often find that entry-level hires ultimately become their best leaders, because they have been trained from an early stage in company culture and practices. Defaulting to lateral hires can make it more difficult to build a cohesive culture—those recruits have been trained elsewhere and may have trouble assimilating.”

Evaluating Talent Accurately

Even if your company does improve its entry level hiring practices and provide training to assist new employees in their language skills, you still need to make accurate performance evaluations. Here companies may get into trouble because “Language agility does not necessarily spell high performance.” The authors point to the need for a robust process to assess skills and attributes which allows a company to “look beyond verbal agility when gauging performance. It’s a reality check, a way to make sure that you and other leaders are not unduly swayed by fluency.”

Rethinking the Role of Expatriates

One of the key areas in the compliance field is to develop local compliance talent and expertise. This is not only because “expatriates may not be familiar with the local language, culture, and business practices, they can bring knowledge of organizational culture along with an understanding of the company’s products, processes, and systems.” One of the roles of any compliance manager, particularly an ex-pat is “to focus on developing local talent and ensuring that indigenous professionals begin to play leadership roles in the local businesses.” Equally important is to “think about the people you’re choosing to send abroad. To build a strong team of local leaders, it’s critical to give expatriate assignments to your best people—not just to solid contributors who happen to have the right language skills and are more easily dispensed with at home. Otherwise, you may find that your firm’s global offices fail to attract, develop, and retain the strong indigenous talent they need for high performance.”

Managing Communications on a Global Team

Most of the company’s I have worked at hold all their communications in English-language on a company wide basis. Of course I thought this was great. But the authors note that “managers often unwittingly position native speakers of a lingua franca as “winners” within the firm; consequently, nonnative speakers experience a substantial loss of power and status. If companies don’t take such issues into account, they can cause otherwise talented and engaged professionals to underperform and even withdraw.”

The authors believe that managers need to understand which of their employees are comfortable with the second-language proficiency and those who may not be so comfortable. They provide specific guidance as follows, “Global managers must deal directly with such issues to promote productive global cooperation. They must be sensitive to how employees of varying language proficiency are interacting. The goal is to make it easier for native and nonnative speakers to establish trust and communicate effectively. Managers’ observations should include the following: Who attends meetings? Who speaks up? Are the best employees contributing, or is language getting in the way? It’s then important to facilitate meetings and calls so that nonnative and native speakers get equal airtime. Often this means coaching primary-language people to speak less and second-language people to speak more. It also involves setting clear agendas up front, considering the mode of communication, and thinking through meeting choreography in advance.”

Building Cultural Awareness

The authors conclude by reminding us that language fluency does not always equate to cultural fluency, as “too often leaders underperform because they fail to adapt their management styles and practices to fit a multicultural environment. For them, understanding the cultural background of each team member, the role of the company, its products and services, and the customers it serves within various cultural and regional contexts is as essential as learning to conjugate new verbs.” They believe that “Managers should be held accountable that language and cultural skills are developed throughout their organization.”

The authors’ piece is chock full of ideas, insights and issues for a Chief Compliance Officer (CCO) or compliance practitioner. Any company doing business internationally is going to have the issues that the authors discuss in their article. The compliance function has all of these issues in spades because if you need to consider the FCPA, it is because you are doing business internationally.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

August 29, 2014

I Hope You Can Join Me

Filed under: Best Practices,compliance programs,FCPA,Hiperos,Third parties — tfoxlaw @ 12:00 pm

I’d like to extend an invitation to an upcoming event: Hiperos will be hosting an Executive Briefing on Third Party Management – a half-day event that we are holding in various cities across the US.

By way of context: in recent months, our press has been filled with reports of companies whose revenues have been directly affected by a regulatory fine or whose reputation and brand equity has taken a hit. In every case, the culprit was one of the company’s third parties – an HVAC supplier causing a massive data breach, a contract manufacturer using child labor, a consultant bribing government officials – the list goes on and on.

These briefings have been organized for you to network with other executives from Fortune 1000 companies (including Hiperos customers) and to connect with peers who face the same third party management challenges as you.  You will also have an opportunity to hear from industry experts and practitioners who will present on specific aspects of third party management.


8:00 AM       Networking breakfast.

8:30 AM       Keynote sessions from industry experts including:

Linda Tuck-Chapman – until very recently the Chief Procurement Officer of Bank of Montreal – BMO

Tom Fox – renowned FCPA/bribery and corruption pundit/expert

Dr. Andrea Bonime-Blanc  – former chief ethics and compliance officer at Bertelsmann, Chair Emeritus of ECIA and CEO of GEC Risk Advisory LLC

10:00 AM     Use cases from Hiperos customers including: Ingram Micro, Charles Schwab, Discover Financial, Anadarko, AstraZeneca

11:30 AM     Third Party Management – The Future
Presentation from Doug Bergeron (CEO Opus Global) and Greg Dickinson (CEO Hiperos)

12:00 PM       Networking Lunch

1:00 PM         Adjourn

If you would like to attend, or for more information, click Here


The Executive Briefings will be held in the following locations:

Tuesday, Sept 9th – Palo Alto, CA

Rosewood Sand Hill

2825 Sand Hill Rd

Menlo Park, CA 94025

Wednesday, Sept 10th – Chicago, IL

JW Marriott

151 W Adams St

Chicago, IL 60603

Thursday, Sept 11th – Houston, TX

Hotel Sorella

800 Sorella Court

Houston, TX 77024

Wednesday, Sept 17th – New York, NY

W Union Square

201 Park Ave S,

New York, NY 10003

Thursday, Sept 18th – Princeton, NJ

Princeton Marriott at Forrestal

100 Collage Road East

Princeton, NJ 08540

I will be participating in the Palo Alto, Houston and Princeton events I hope that you can join me at one of these upcoming events!

Next Page »

The Rubric Theme. Blog at WordPress.com.


Get every new post delivered to your Inbox.

Join 4,647 other followers