FCPA Compliance and Ethics Blog

December 18, 2014

Ty Cobb and the Compliance Performance Appraisal Review

Ty CobbToday we celebrate greatness, in the form of one of the greatest baseball players ever, with the anniversary of the birthday of Ty Cobb. Coming up to the majors as a center fielder for the Detroit Tigers in 1905, he emerged in 1907 to hit .350 and win the first of nine consecutive league batting titles. He also led the league that year with 212 hits, 49 steals and 116 RBIs. In 1909 he won the league’s Triple Crown for the most home runs (9), most runs batted in (107), and best batting average (.377). In 1911, he led the league in eight offensive categories, including batting (.420), slugging percentage (.621), hits (248), doubles (47), triples (24), runs (147), RBI (144) and steals (83), and won the first American League MVP award. He batted .410 the following season, becoming the first player in the history of baseball to bat better than .400 in two consecutive seasons.

Cobb set a record for stolen bases (96) and won his ninth straight batting title in the 1915 season. He faltered the next year, but came back to win another three straight titles from 1917 to 1919. He left the team in 1926 and signed with the Oakland Athletics, hitting .357 and becoming the first-ever player to reach 4,000 total career hits before retiring after the 1928 season. His record of nine consecutive batting titles as well as his overall number of 12 will never be succeeded.

While Cobb certainly had quite a bit of natural ability, he was also a very dedicated baseball player, forever working to improve his craft. He might not have taken well to criticism but he did work to improve all aspects of his game. One of the modern ways to improve employee performance is through an annual employee performance review. Recently I read an article in the Houston Business Journal entitled “6 Ways To Make Performance Reviews More Productive” by Janet Flewelling. I found her article provided some interesting perspectives on some of the ‘nuts and bolts’ work that you can put into your Foreign Corrupt Practices Act (FCPA) or UK Bribery Act anti-corruption program that can be relatively low-cost but can add potentially high benefits.

One of the ways to drive compliance into the DNA of an organization is through incentives such as making it a component of a year-end discretionary bonus payment. Indeed the FCPA Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance pro­gram, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.”

Most Human Resources (HR) experts will opine that properly executed performance appraisals are crucial to organizational productivity as well as the development of employee skills and employee morale. Moreover, they can serve a couple of different functions for a best practices compliance program. First, and foremost, they communicate to each employee their job performance from a compliance perspective. However, one key is not to approach the performance appraisal review as an isolated event but rather a continual process. This means that instead of trying to play catch-up at the last minute, supervisors should provide feedback and assess job performance throughout the year so annual reviews are grounded in a year’s worth of experience. This includes the compliance component of each job. The second area performance appraisals impact is compensation. As noted above, the DOJ and SEC expect that your compliance program will have both discipline and incentives. But those incentives need to be based upon something. The score or other performance appraisal metrics will provide to you a standard which you can measure and use to evaluate for other purposes such as employee promotion or advancement to senior management going forward.

In her article Flewelling provides six points you should consider which I have adapted for the compliance component of an annual employee performance appraisal. 

  1. Prioritize reviews in your schedule – You should schedule the employee performance appraisal at least several days in advance, rather than when a time slot suddenly opens up. You would make sure that you allot sufficient time for unhurried give and take between the reviewer and the employee.
  2. Review the entire year’s performance – You should resist the attempt to focus the discussion on the latest compliance experience. This is called recency bias. If a compliance issue arose in the past month or so, you need to keep it in perspective for the entire review period. Moreover, by focusing a review on a recent problem you may obscure prior accomplishments and make an employee feel demoralized. Take care not to go too much in the opposite direction as recency bias can work both ways, and one should not let a favorable recent compliance event overshadow the full review period.
  3. Do not hesitate to critique – Be generous with praise where it is warranted, but do not hesitate to discuss improvements needed in the compliance arena. Many supervisors are reluctant to confront and indeed desire to avoid confrontation. However remaining silent about an employee’s compliance shortcomings is a disservice to both the company and the employee.
  4. Do not dominate the conversation – Remember that you must give the employee time for self-appraisal and to ask questions or to comment about the feedback received from the compliance perspective. If there are specific questions or concerns raised by the employee you need to be prepared to address them as appropriate.
  5. Understand the employee’s role – You need to understand and appreciate that if the recent economy has resulted in many employees assuming the responsibilities of more than one position. If relevant to the employee, acknowledge that fact and take it into account in the review. This is certainly true from the compliance perspective as many non-Compliance Department employees have cross-functional responsibilities. If they claim not to have the time to handle their compliance responsibilities you will need to address this with the employee and perhaps structurally as well.
  6. Anticipate reprisal – Although it is rare, you can face the situation where an employee who is very dissatisfied with a review may refuse to sign it. The employee may be offered the opportunity to add a statement to the review. Also point out that the employee signature is an acknowledgement of receiving the review and does not signify agreement. If the employee still refuses to sign, have a second supervisor come in to witness the refusal. This may be particularly important from the compliance perspective.

Flewelling ends her piece by noting, “A proper annual review requires considerable effort from employee supervisors. It should be a full-year process involving regular guidance and feedback and perhaps several mini-reviews along the way. But rather than viewing it as onerous, supervisors should keep in mind that it is a tool for making their departments work more efficiently and yields better results for everyone involved.” I would add this is doubled from the compliance perspective. Nonetheless the potential upside can be significant from your overall compliance program perspective.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 16, 2014

The Eve of Destruction and Tone at the Top – You Are Who Say You Are

Barry McGuireIn 1965 the single Eve of Destruction was released. It was written by an 18 year old named Phil Sloan and was sung by former member of the New Christie Minstrels named Barry McGuire. To top it off, it was produced by Lou Adler. These facts, the story of the song, its recording and release were related in a recent Wall Street Journal (WSJ) article by Steve Dougherty entitled “Still on the ‘Eve of Destruction’. There are some singles that got under my skin when they were released and have remained there. This song was one of them. For me, the single most powerful line in the song was following:

Think of all the hate there is in Red China; And take a look around to Selma Alabama. 

Even as an eight year old I pondered the import that line. While we were taught that the Soviet Union might have wanted to defeat, conquer, and then enslave us; it was Red China that hated us so much they wanted to wipe us out of existence As we were taught back then that it was the Red Chinese who hated us; I wondered if there was that much hate in Selma Alabama. For if there was as much hate in Selma Alabama as there was in Red China, it had to be quite a lot of it.

I thought about Eve of Destruction and those lyrics about the hate in Selma, Alabama when I read about the conduct of a couple of senior managers recently. While they have both apologized for their conduct and comments that were clearly beyond the pale, I wondered that if you do say and act a certain way, if it really translates into who you really are. For the compliance practitioner, I wondered what such comments or actions might mean about a Chief Executive Officer (CEO) or other senior management’s commitment to doing business in an ethical manner and in compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act.

The first has been nicknamed Nut-Rage and involved the (now former) Korean Air executive Cho Hyun-ah (Heather Cho), who threw one of the greatest diva-worthy (or perhaps five year-old worthy) public temper tantrums of all-time. An article in the BBC Online, entitled “Former Korean Air executive apologises for ‘nut rage” ,reported that “Ms Cho was onboard a Korean Airlines plane departing from New York for Incheon last week when she demanded a crew member to be removed, after she was served nuts in a bag, instead of on a plate.” Also according an article in Slate, entitled “Flight Attendant Forced to Kneel for Serving Nuts in a Bag (Instead of a Dish) to Korean Air Executive” by Daniel Politi, Ms. Cho was not simply content to disrupt the plane’s service, air traffic control and airport scheduling, he wrote “Just when you thought the whole story about the Korean Air executive who went nuts over some nuts couldn’t get more ridiculous, the head of the cabin crew said he was forced to kneel to apologize about how a flight attendant served some macadamia nuts. Just in case you haven’t been following the case, Heather Cho, the daughter of the airline’s chairman and the executive in charge of in-flight service, forced a plane to return back to the gate at New York’s JFK airport last week after a flight attendant dared to bring her macadamia nuts in a bag and not a dish. Cho forced the head of the cabin crew to get off the plane.”

But the story did not end there. In another BBC article, entitled “Korean Air executive ‘made steward kneel over nut rage, the head of the cabin crew also reported that “Once home, officials from the airline came to his home to ask him to say that Ms Cho did not use abusive language and that he had voluntarily got off the plane.” Not to be outdone in this attempt to obstruct the truth and intimidate the witness, the BBC article also reported “Korean Air initially defended Ms Cho, noting that she was responsible for overseeing flight service in her role as vice-president, but the company later apologised.”

Unfortunately the second event is much closer to home here in the US and involves the Sony hacking scandal, which has been an unmitigated disaster for the company. In addition to all of the salary information, personal social security numbers and corporate intellectual properties that have been released, Sony’s Entertainment Chairman Amy Pascal sent some emails that can only at best be characterized as racially insensitive in nature. Jason L. Riley, in a WSJ entitled article “What Do You Call A Black President”, wrote that Pascal and Producer Scott Rudin engaged in the following email colloquy “Last year, Ms. Pascal and Mr. Rudin were invited to a fundraiser for Mr. Obama by Jeffrey Katzenberg, a DreamWorks Animation bigwig and major Democratic donor. Before the event, Ms. Pascal and Mr. Rubin joked about having to attend and what to say to the president. “What should I ask the president at this stupid Jeffrey breakfast,” wrote Ms. Pascal. “Should I ask him if he liked Django”, a 2012 film about slavery. Mr. Rudin responds with his own suggestion, “12 Years a Slave.” The two go back and forth naming movies they imagine the president enjoying—“The Butler,” “Think Like a Man,” “Ride Along”—all of which feature black actors or racial themes.” While Riley opines that this ­tete-a-tete is political in nature, my Southern upbringing reminds me of the line from Eve of Destruction to Think of all the hate there is in Red China; And take a look around to Selma Alabama. Maybe if McGuire were singing the song today, he would expand his geographic horizons.

While both Ms. Cho and Ms. Pascal have apologized for their actions and as noted, Korean Airlines has terminated Ms. Cho from her position. If you are what you say and show to others; what does all that mean when such people get into senior management positions? What does it say about Korean Airlines that it (1) fostered such a culture where the daughter of the President is given a job she clearly knows nothing about, (2) the same person humiliates an employee in public, (3) the Company tries to cover-up the incident by intimidating the employee, and (4) defends the actions of the daughter? Think that company has a culture of compliance? How about if a compliance incident is reported – would the company try to cover it up or thoroughly investigate it? Would the company try to intimidate witnesses to get them to change their recollections of events? How would you answer these questions if the incident in question were not over some nuts being served but over a safety issue?

As to Sony, how do you imagine minority employees might feel, given Pascal’s comments about the President of the United States? What about employees that might complain about discrimination in employment practices? If the head of the studio communicates in the manner about the President, what can a regular employee expect; similar sensitivity? Maybe the lesson for Sony and Pascal is simpler and much more direct, Don’t put stupid stuff in email. For even if your company is not hacked like Sony; in today’s world such emails uncovered in the context of a FCPA investigation might indicate a tone at the top which is not something you wish a regulator to see. But at the end of the day, you are you claim you are.

For a YouTube video clip of Barry McGuire singing Eve of Destruction, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 15, 2014

Hiring and Promotion in Compliance – Wait for Great

7K0A0597The role of Human Resources (HR) in anti-corruption programs, based upon the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act, is often underestimated. I come from a HR background and practiced labor law early in my career so I have an understanding of the skills HR can bring to any business system which deals with legal issues; which is not only required of all businesses but certainly is true of FCPA or UK Bribery Act compliance. If your company has a culture where compliance is perceived to be in competition or worse yet antithetical to HR, the company certainly is not hitting on all cylinders and maybe moving towards dysfunction.

One of the Ten Hallmarks of an Effective Compliance program relates to the key role HR plays in incentives and discipline. However, another key area that is not given as much attention is in hiring and promotion. The FCPA Guidance states, “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cu tting ethical corners is an ac­ceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his win-loss record.” In other words make compliance significant for professional growth in your organization and it will help to drive the message of doing business in compliance.

I thought about these concepts when I read an article in the Corner Office column of the Sunday New York Times (NYT), entitled “Sally Smith of Buffalo Wild Wings, on patience in hiring” where columnist Adam Bryant interviewed Sally Smith, the Chief Executive of Buffalo Wild Wings, the restaurant chain. She had some interesting concepts not only around leadership but thoughts on the hiring and promotion functions, which are useful for any Chief Compliance Officer (CCO) or compliance practitioner striving to drive compliance into the DNA of a company.

Leadership – Get Feedback

One of the early lessons which Smith learned about leadership is to set clear expectations. Bryant wrote that Smith told him, “You have to be really clear about what you want and what your expectations are. When you’re clear and everybody understands them, you have a much better chance of success than if you say, “Just do it.” It’s a great slogan, but you’ve got to know what it is that you’re just doing.” This is a constant battle for the compliance practitioner when senior management also makes clear that you must make your numbers as well. However this dynamic tension can be met and one of the best ways is to require business-types to make their numbers but doing so in a way that is in compliance with a company’s Code of Conduct and compliance regime.

A second leadership lesson that Smith has learned is around feedback. As you might guess from a Chief Executive, Smith has found that obtaining honest critiques about her management style from those who work under her is difficult to acquire. To overcome this reluctance she set up a program where her leadership can give anonymous reviews of her performance annually to the company’s Board of Directors. Bryant said, “My leadership team does a performance review on me each year for the board. It’s anonymous. They can talk about my management style or things I need to work on. If you want to continue growing, you have to be willing to say, “What do I need to get better at?”” This type of insight is absolutely mandatory for any best practices compliance program as anonymous reporting is also one of the Ten Hallmarks of an Effective Compliance program. But more than simply an anonymous reporting line for FCPA violations, how does your company consider feedback to determine how all levels of the company is doing compliance going forward or as the FCPA Guidance states, “From the boardroom to the shop floor.”

Hiring and Promotion – Waiting for Great

Here Smith had some thoughts put in a manner not often articulated. One of her cornerstones when hiring is to search out the best person for any open position, whether through an external hire or internal promotion. Bryant stated that Smith said “We use the phrase “wait for great” in hiring. When you have an open position, don’t settle for someone who doesn’t quite have the cultural match or skill set you want. It’s better to wait for the right person.”

Smith articulated some different skills that she uses to help make such a determination. Once a potential hire or promotion gets to her level for an interview, she will assume that person is technically competent but “I assume that you’re competent, but I’ll probe a bit to make sure you know what you’re talking about. And then I’ll say, “If I asked the person in the office next to you about you, what would they say?””

Passion and curiosity are other areas that Smith believes is important to probe during the hiring or promotion process. In the area of passion, Smith will “Often ask, “What do you do in your free time?” If they’re passionate about something, I know they’re going to bring that passion to the workplace.” Smith believes curiosity is important because it helps to determine whether a prospective hire will fit into the Buffalo Wild Wings culture. Bryant wrote, “I look for curiosity too, because if you’re curious and thinking about how things work, you’ll fit well in our culture. So I’ll ask about the last book they read, or the book that had the greatest impact on them.” Smith also inquires about jobs or assignments that went well and “ones that went off the tracks. You ask enough questions around those and you can determine whether they’re going to need a huge support team.”

I found these insights by Smith very useful for a compliance practitioner and the hiring and promotion functions in a compliance program. By asking questions about compliance you can not only find out the candidates thoughts on compliance but you will also begin to communicate the importance of such precepts to them in this process. Now further imagine how powerful such a technique could be if a Chief Executive asked such questions around compliance when they were involved in the hiring or promotion process. Talk about setting a tone at the top from the start of someone’s career at that company. But the most important single item I gleaned from Bryant’s interview of Smith was the “Wait for great” phrase. If this were a part of the compliance discussion during promotion or hiring that could lead to having a workforce committed to doing business in the right way.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 12, 2014

Seamus Heaney and Compliance With a Seat at the Table

Seamus Heaney and beowulfI have long been fascinated with the Irish poet Seamus Heaney. I came to know him thought his 1999 translation of Beowulf. While I was aware that he had been awarded the 1995 Nobel Prize for Literature, I did not know his work as an Irish poet. However, this was rectified in a piece in the Times Literary Supplement (TLS), entitled “A stay against confusion – Seamus Heaney and the Ireland of his time”, by Roy Foster. In this piece he reviewed the evolution of Heaney’s poetry through the 1960s and 1990s. Foster believed that Heaney’s work in many ways mimicked the growth that “Irish intellectual as well as social and economic life”. Heaney began as a ‘nuts and bolts’ type of poet and moved to become a Yeatsian figure as the national poet of Ireland.

I thought about that growth and Foster’s article when I considered the question of what happens if you seek for something and then actually get it? For instance, you may have wanted a seat at the C-Suite table as a Chief Compliance Officer (CCO) and now you have one. What happens now, for instance in the situation where you find out that your company has decided to enter a new overseas market with a new product offering? The Chief Executive Officer (CEO) who championed you coming onboard with the big boys (or perhaps big girls) team looks down and says, “We need an analysis from the compliance perspective by the end of the week?” Where do you begin?

Obviously there are some preconditions for success such as your company should have a product that you can make and sell overseas for a profit. Further, you should have the time, money and sophistication to develop an international distribution network and you have the home office infrastructure to support a truly international business. Finally, you should have a senior management with at least an appreciation of compliance challenges in the target, with the personnel, technological solutions and internal training to address and meet these challenges. As you begin to think through this assignment you fall back on the four basic questions of (1) Who will we sell to? (2) What are we going to sell? (3) Where will we sell? (4) How will we sell?

Who will we sell to?

For any anti-corruption analysis you need to begin here as the Foreign Corrupt Practices Act (FCPA) applies to commercial relationships with foreign governments or instrumentalities such as state owned enterprises. Will your end using-direct customers be foreign governments or privately owned companies? What if your customers are distributors or other middlemen who will then sell to foreign governments or state owned enterprises? What about licenses; will you need special permits to sell to a foreign government or state owned enterprise or will you need some type of basic permit simply to transact business? If your company is subject to the UK Bribery Act this public/private distinction does not exist.

What are we going to sell?

What is the product or service you wish to take internationally? I will assume your company has done the market studies to ascertain it is a viable commercial concept. If it a product, is it a complete or partial product? Will you manufacture here in the US and only sell internationally or will you manufacture abroad as well? If it is here in the US, what about spare parts and accessories, will you need to obtain any licenses overseas? What about your technology, will that component require any licenses? If you will manufacture outside the corporate offices in the US, how will you assure quality in your supply chain? Conversely, if you manufacture in the US, do your supplier agreements allow you to resell outside the US?

Where will we sell? 

This question may seem more important for export control issues; however it is also important in the anti-corruption world. Obviously this is because certain geographic areas are more prone to corruption than others. A starting place might be the Transparency International-Corruption Perception Index but you can also use tools such as the recently released TRACE Matrix which provides a much broader assessment of corruption indices and give you additional insight into a fuller panoply of corruption risks in a country. In addition to the basic corruption analysis you need to ascertain whether you can even sell your products in a new country, either because of US export regulations or the end using jurisdictions laws. You should also focus on the business culture of a country and whether it is compatible in doing business in compliance with relevant anti-corruption legislation. This will also help you in your search to find any local business partners. 

How are you going to sell?

This is one of the most important questions you can ask under a FCPA analysis. It is because well over 90% of all FCPA enforcement actions involve third parties. If this is your first international sales effort, your company probably does not have an international based employee sales force. This means you will most probably need in-country partners for your target markets. Some of the most basic sales arrangements for third parties are as follows:

  1. Agent/Sales Representative – This person or entity is an independent third party from the company. Compensation is usually commission based or combined with a periodic fee plus commission. It is generally viewed as the highest risk from the anti-corruption perspective but you will have a direct relationship with the end-using customer.
  2. Distributor/Retailer – This person or entity is an independent third party from the company. Your company will sell to the distributor/retailer who then resells your product. You will have less visibility into the end user and hence a greater export control risk. Consignment is a variation on this model but if you are warehousing you will need to be aware of other US rules such as revenue recognition under US GAAP or local, indigenous rules on storage and warehousing.
  3. Consultant – This is also an independent third party who is paid a periodic fee. The fee can be more easily assessed for an hourly or service based rather than simply a commission based fee structure.

There are some other sales arrangements that you may whish to consider. You can acquire a local business and run it as your own company. Of course if you do so, you may buy all of these liabilities, both known and unknown. You can joint venture with another local company. Here you may have the dual problems of less actual control yet the same amount of potential exposure, particularly under the FCPA if you fail to perform the requisite pre-acquisition due diligence and allow any illegal conduct to continue going forward. You can issue a manufacturing license to an in-country manufacturer and allow them to make and then sell your product using your technology. Finally, you can issue a brand license where you license an existing company to put your brand name on your product manufactured by another entity. Of course if you use any of these types of arrangements you will need to go through a full third party management cycle; consisting of a business justification, questionnaire, due diligence, contract and management thereafter.

From the internal control perspective you will need to make sure you have several key compliance related controls in place. This will include the aforementioned vetting of all customers and third parties; appropriate controls over each transaction, including both quotes and contracts; empowered and non-conflicted employees; and finally training and self-auditing. You will need separate controls over payment terms and payment mechanisms and controls to align shipping and export controls. Finally, do not forget the omnipresent segregation of duties and control over the vendor master file.

Lastly, you should focus on your high-risk points in any of the above. These include your full vetting and management of third parties. You should pay attention as to how you became aware of these third party sales representatives. You will also need to pay attention to your freight forwarders and other export control representatives. You will need to be vigilant going forward for outright bribes paid in either cash or other values such as free products, lavish travel, gifts and entertainment, especially if the travel has no business purpose.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 4, 2014

Sherlock Holmes and Innovation in the Compliance Function – Part IV, The Valley of Fear

Valley of FearToday I conclude my dual-themed week of blog posts featuring Conan Doyle’s four Sherlock Holmes novels and innovation in the compliance function. As the compliance profession matures and we move into what I call the era of CCO 2.0. Today we celebrate Doyle’s final novel, The Valley of Fear. This novel was written in 1914 and serialized in the Strand Magazine between 1914 1915. It was notable for two reasons. The first that it was at least inspired by events in America involving the Molly Maguires, the Pinkerton Agency and its undercover agent James McParland.

In this story, Holmes decodes a cipher from Professor Moriarty’s organization for a person named Douglas in Birlstone. It is discovered that there is a corpse who was an assassin sent to kill Mr. Douglas. Douglas literally blew the head off of his American assassin and dressed the body as himself. Holmes intoned that a dumb-bell weighed down the killer’s clothes in a moat. The assassin left a calling card, monikerred VV341, which was a code for the Vermissa Valley Lodge 341. This was a reference to undercover work that Douglas did years before for the Pinkerton Agency when he went undercover, first with Freemen in Chicago, then west to a desolate mountain coal mine area, to take down corrupt murderers who ran the Valley Freemen Lodge. Years later the US criminals enlisted Professor Moriarty to find Douglas. Holmes warns Douglas to flee England. The second item of interest is that Moriarty prevails as the story ends with Mrs. Douglas wiring Holmes that her husband was lost overboard on his way to South Africa.

I thought about this final Holmes novel, with its multi-continent settings, when I read another article on innovation in the December issue of the Harvard Business Review (HBR), entitled “Managing Yourself Getting Virtual Teams Right”, by Keith Ferrazzi. As any compliance function will have a truly global reach and most likely a number of personnel in cities across the globe, virtual compliance teams are almost a given. The author states, “The appeal of forming virtual teams is clear. Employees can manage their work and personal lives more flexibly, and they have the opportunity to interact with colleagues around the world. Companies can use the best and lowest-cost global talent and significantly reduce their real estate costs.” But in the compliance arena this may go past a simple appeal and become a true need. This means that mastering this most valuable and necessary tool is a skill that any Chief Compliance Officer (CCO) or compliance practitioner will need to become proficient in using.

While this skill may seem straightforward or even intuitive, the author believes that efficient use of virtual teams can greatly increase productivity. He believes that “there are four must-haves: the right team, the right leadership, the right touchpoints, and the right technology. By following simple high-return practices for each, managers can maximize the productivity of teams they must lead virtually.” 

The Right Team

The author believes that your team composition is your beginning point. He says you need to consider the right people, the right size and the right roles. This means that the virtual team members have the appropriate set of abilities, such as “good communication skills, high emotional intelligence, an ability to work independently, and the resilience to recover from the snafus that inevitably arise. Awareness of and sensitivity to other cultures is also important in global groups.” He believes this equates to a team that is no larger than 10 people. For roles the author suggests an approach which “defines three tiers of team members: core, operational, and outer. The core consists of executives responsible for strategy. The operational group leads and makes decisions about day-to-day work but doesn’t tackle the larger issues handled by the core. And the outer network consists of temporary or part-time members who are brought in for a particular stage of the project because of their specialized expertise.” 

The Right Leadership

Here the author cites to key behaviors that are critical in virtual teams. The first is trust. He said you should provide the opportunity for the team members to get to know each other as people, if only through the virtual format. Once trust is established the next step is foster open dialogue or what he calls “Observable candor” because without frankness among the team it will not succeed. Finally, it is important to clarify goals and guidelines or “the importance of establishing a common purpose or vision, while also framing the work in terms of team members’ individual needs and ambitions. Explain to everyone why you are coming together and what benefits will result, and then keep reiterating the message.”

The Right Touchpoints

The author believes that even virtual teams will need to come together at certain key points. He identifies three: kickoff; onboarding and milestones. Getting together at kickoff will allow everyone to put a face with a name and will help to set “expectations for trust and candor, and clarifying team goals and behavioral guidelines. Eye contact and body language help to kindle personal connections and the “swift trust” that allows a group of strangers to work together before long-term bonds develop.” Onboarding is when you bring a new person onto the virtual team and Ferrazzi explains that it can be intimidating to come on board a team after it is up and running. He suggests bringing a new person to the corporate office and welcome them in person. Finally, Ferrazzi says that even the most dedicated teams can lose momentum as team members begin to feel disconnected. To counter-act this, he suggests bringing the full team together at certain intervals.

The Right Technology

Ferrazzi believes that even the best virtual teams “can be felled by poor technology.” He identifies conference calling, direct calling and text messaging and virtual team rooms all which can make the virtual team experience “open and searchable, making it easy for existing teams to find subject-matter experts or review their own work and for ad hoc teams to form around business-related passions.” Ferrazzi cited to one example where, when data on employee resource use was made available, “a few interested parties self-organized into a virtual project team to create a system that documents individuals’ cost savings over time. As people began to compete for the biggest savings, the company benefited.”

The earliest virtual teams were formed to facilitate innovation among top experts around the world who didn’t have time to travel. However in today’s corporate environment, teams of physically dispersed employees are more often just a necessity of doing business. The compliance function will almost always be dispersed across a wide multi-national area. Some of the tips presented herein can help you run a more efficient organization while allowing greater flexibility going forward.

This post will conclude this week’s Sherlock Holmes-Innovation in the compliance function series. I hope that you have enjoyed it and benefited from it as well. As we move to CCO 2.0, many of these soft skills will become more and more important in the doing of compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 3, 2014

Sherlock Holmes and Innovation in the Compliance Function, Part III – The Hound of the Baskervilles

Hound of the BaskervillesToday we honor Conan Doyle’s third Sherlock Homes novel, The Hound of the Baskervilles. The novel, originally serialized in The Strand from 1901 to 1902, is generally recognized by Sherlockians as the premier Doyle work regarding his fictional detective. Interestingly, Bertram Fletcher Robinson, a 30-year-old journalist, assisted Doyle with the plot for this novel.

Doyle’s idea for the story derived from the legend of Richard Cabell, which was a tale of a hellish hound and a cursed country squire. Squire Cabell was a hunting man and who was described as a “monstrously evil man”. He had a reputation “for, amongst other things, immorality and having sold his soul to the Devil. He was also alleged to have murdered his wife. As the story goes, Cabell was laid to rest in ‘the sepulchre’, but night of his interment saw a phantom pack of hounds come baying across the moor to howl at his tomb. From that night onwards, he could be found leading the phantom pack across the moor, usually on the anniversary of his death. If the pack were not out hunting, they could be found ranging around his grave howling and shrieking. In an attempt to lay the soul to rest, the villagers built a large building around the tomb, and to be doubly sure a huge slab was placed. To add good measure, the folklore of the county where the tale occurs, Devon, includes tales of a fearsome supernatural dog known as the Yeth hound.”

The Hound of the Baskervilles was a tale that appeared to have supernatural implications. Yet, upon closer examination, a more temporal solution was determined. I thought of this novel when reading the article entitled “Build an Innovation Engine in 90 Days” by Scott D. Anthony, David S. Duncan and Pontus M. A. Siren in the December 2014 issue of the Harvard Business Review (HBR). I found their insights quite useful for the Chief Compliance Officer (CCO) or compliance practitioner who might be faced with implementing or enhancing a compliance solution for an organization as the authors’ insights could also be used to help a CCO or compliance practitioner move a compliance function down into the DNA of an organization to make compliance a more standard process for doing everyday commercial operations.

The authors recognize that innovative ideas get brought to the marketplace often through “individual heroism and a heavy dose of serendipity” but companies need a mechanism to “make the process more reliable and repeatable without making major organizational changes.” To do so, they suggested a solution they call the “minimum viable innovation system” which can bring an innovation to fruition within 90 days. I have adapted their system for the compliance function.

Day 1 To 30 – Define Your Innovation Buckets

Initially the authors note that innovations can either be inward or outward facing. “In one are innovations that extend today’s business, either by enhancing existing offerings or by improving internal operations. In the other are innovations that generate new growth by reaching new customer segments or new markets, often through new business models.” This is also true in the compliance function as your compliance program relates to your own internal clients, customers and your third parties. It all begins with two steps (1) Determine between compliance goals and current operations; and (2) determine broad categories of compliance solutions which could fill that gap. If your gap is large, you might sub-divide your compliance efforts so that “you can map them to different directions for future [compliance] growth.” Per the authors recommendations you probably should not take on more than three as an initial effort.

Day 20 To 50 – Zero in on a Few Strategic Opportunity Areas

In this time frame, the authors believe that you meet with your customer base to “probe unmet needs”. As one class of your compliance customers will be your internal employee base, you can use a wide number of mechanisms to accomplish this, including town meetings, compliance focus groups or meetings with individual employees. You should also look outside your company by engaging in benchmarking through investigation on new developments in your industry and in the compliance space. This is also a time when you can best use big data through an appropriate data analytic approach to spots trends in your organization that might present opportunities for compliance innovation.

You should synthesize this down and the authors recommend the following, “lock the members of the senior leadership team in a room for an afternoon, share the findings, and instruct them not to leave until they have identified three strategic opportunity areas that each combine the following”: (1) A compliance function that no one is addressing very well; (2) Enable a technological solution that will enable your business unit to perform a compliance function much more easily, cheaply, or conveniently, or a change in the compliance landscape that is greatly intensifying the need for that job; and (3) Incorporate some special capability of your company that will give you an advantage in seizing this compliance opportunity.

Day 20 To 70 – Form a Small Dedicated Team to Develop the Innovations

Here the authors suggest three steps. First, dedicate a handful of the company to developing the compliance innovations. Second, work with the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) to eliminate “zombie” compliance projects. Third is to develop a process checklist.

Everyone in a corporation has a day job. This is particularly true for a CCO or compliance practitioner. While there is no need for your compliance innovation team to be particularly large, the authors suggest that it have the capability “to handle at least two ideas once, since there will be inevitable course corrections and failure.” The authors define zombie projects as “walking undead that shuffle along slowly but aren’t headed anywhere.” Their reference hails to both the elimination of the AMC show The Walking Dead and the zombie banks from the Japanese financial crisis of the 1990s. The reference to the AMC television offering is that these projects are dead on arrival for a variety of reasons. The reference to the Japanese financial crisis is that because as long as these zombie projects exist, they will consume compliance innovation resources. Here the authors suggest identifying and deleting projects that hare neither core nor strategic.

Developing a checklist is a critical process step because it requires you to create a protocol to make sure you do not omit any critical step throughout the process. In order to develop this checklist, the authors suggest asking the following questions. (1) Is your compliance innovation team “spearheaded by a small, focused team of people who have relevant experience or are prepared to learn as they go?” (2) Has your compliance innovation team spent enough time directly with your business function to develop an understanding of what they can use going forward? (3) Was appropriate benchmarking performed? (4) Has your compliance innovation team defined the internal customer(s) and paths for reaching others? (5) Is your compliance innovation team’s idea “consistent with a strategic opportunity area in which the company has a compelling advantage?” (6) Does your compliance innovation team have a plan for testing? Does each test have a clear objective, a hypothesis, specific predictions, and a tactical execution plan?

Day 45 To 90 – Create a Mechanism to Shepherd Projects

During this time frame, the authors suggest two major goals for oversight. First is that the CCO needs to select and train compliance leaders to oversee the innovation team and to establish oversight rules. The group of compliance leaders who will have the autonomy to make decisions about starting, stopping, or redirecting compliance innovation projects. You should take care not to simply replicate the current executive committee, because if you do, it will be too easy for group members to default to their corporate-planning mindset or to let day-to-day business creep into discussions about compliance innovations meant to fulfill long-term goals.

The authors turned to the world of Venture Capital (VC) funding to help this group work on compliance initiatives. (1) There can be disagreement about which projects to move forward, your committee does not require unanimity. (2) The group should set a threshold monetary level that the project team(s) can spend without having to come back for every funding request. (3) Your compliance innovation projects should not be locked into a 3/6 month or other budget cycles. It may take time but when the time for review or a GO/NO GO decision to be made the oversight team needs to be ready to convene and make a decision. From this point you should be ready to pressure test your compliance innovation.

The authors’ formulation is an excellent way for a CCO or compliance practitioner to think through the process to design and create innovation in your compliance function. Just as Holmes methodically worked through the clues in front of him (and some behind him) in the The Hound of the Baskervilles you can use this protocol to assist you moving forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

 

 

 

December 2, 2014

Sherlock Holmes and Innovation in the Compliance Function, Part II – The Sign Of Four

Sign of FourToday we honor Conan Doyle’s second Sherlock Homes novel, The Sign of Four. The novel was published in 1890 but the story is set in 1888. The story entails a complex plot involving service in East India Company, India, the Indian Rebellion of 1857, a stolen treasure, and a secret pact among four convicts and two corrupt prison guards. It presents the detective’s drug habit and humanizes him in a way that had not been done by Doyle to-date. It also has a rather happy ending as it introduces us to Dr. Watson’s future wife, Mary Morstan to whom he proposes at the end of the novel.

The Sign of Four was an intricate tale with many strands woven throughout. I thought of this novel when reading the article entitled “Leading Your Team into the Unknown” by Nathan Furr and Jeffrey H. Dyer in the December 2014 issue of the Harvard Business Review (HBR). I found their insights quite useful for the Chief Compliance Officer (CCO) or compliance practitioner who might be faced with implementing or enhancing a compliance solution for an organization. But equally interesting, were that the authors’ insights could also be used to help a CCO or compliance practitioner help move a compliance function down into the DNA of an organization to make compliance a more standard process for doing everyday commercial operations.

The authors posit that “Innovation is at heart a process of discovery, and so the role of the person leading it is to set other people down a path, not to short-circuit it by jumping to a conclusion right at the start. To lead innovation, you don’t have to be the next Steve Jobs, nor do you need to guess the future. Rather, you must carve out the mental space within which the innovation process can be carried out. How? First, by setting the expectation that innovation will push boundaries. Fashion designers often include very bold designs in their lines to inspire customers to try more-flamboyant styles. . .You need not go so far. You can push boundaries just as dramatically by demonstrating a willingness to reimagine some of your organization’s most fundamental assumptions about products, customers, and business models.”

For the CCO or compliance practitioner, I think this means that innovation in the compliance function requires a different approach to leadership than the standard command and control or even collaborative approach. For a successful CCO or compliance practitioner this is accomplished by leading compliance integration into the DNA of a company through example and not simply dictated. The authors suggest, “by asking questions rather than making decisions; clearing a path to the unknown for the innovative team rather identifying the end goal; and give people the right kind of time, the right constraints and the right tools” to come up with a solution. I found the authors implications for such an approach appropriately inspiring, “Innovative leaders can create a sustainable competitive advantage not through superiority of a particular invention but by creating an organization that can learn from mistakes faster, more efficiently and more consistently than competitors do.”

The authors provide what they call “A Comprehensive Approach to Innovation” which I have adapted for the CCO or compliance practitioner to facilitate innovation in the compliance function. It consists of four steps. 

  1. Generate Insights. The authors state, “Use questioning, observational, and networking skills to search far and wide for broad insights into problems that may be worth solving.” As a CCO or compliance practitioner, you can push compliance boundaries just as dramatically by demonstrating a willingness to reimagine some of your organization’s most fundamental assumptions about products, customers, and business models. But it means getting out there and seeking input from those outside your direct compliance function.
  1. Identify an Important Problem. Here the authors recommend “Through direct observation look for an unsolved problem or an unfilled emotional or social need that enough people have for the opportunity to be worth pursuing.” This also means giving your team an opportunity to synthesize the issues. You will need to dedicate both resources and time for the process to run its course. I recognize that all corporate employees have a day job so you will need to set aside specific time for such issue identification. In addition to providing resources and time, you will need to provide your innovation team support by removing the inevitable organizational barriers, which will be thrown up in their path.
  1. Develop the Solution. The authors advocate constructing prototypes so rather than building a complete compliance solution, quickly construct a set of simple prototypes of many different compliance tools. For each, start with a theoretical example, if that looks promising internally, move to a virtual prototype to test throughout a pre-selected business unit or process. Start with a visual representation, which could be just a drawing; next move to testing a minimum viable prototype with internal consumers of the compliance solution through the simplest, quickest physical version of the offering you can devise. Finally, pilot test the full-blown compliance solution with a wider audience, including trusted and integral third parties to your organization.
  1. Devise the Business Model. Finally, the authors note that once you have worked out the offering, apply the same experimental approach to developing and testing the components of the business model, including approaches to implementation. They suggest that there are three values to such an approach. The first is that you will have generated “insight value-that is, the insight into the unknown that comes from reducing uncertainty.” The second is “option value-the option upon resolving an unknown, to pursue, alter, or abandon a course of action.” The third is “strategic value” which is both the value derived by your internal compliance consumers but also that of all the knowledge you will have gained throughout the course of the project; what worked and what did not work and, more importantly, why.

As a lawyer who moved into compliance, I initially thought that anti-corruption compliance was a function of telling everyone the rules and having them followed. Some companies are still at this stage of compliance. However, if there is one over-riding theme that the Department of Justice (DOJ) has communicated over the years it is that your compliance function needs to constantly evolve. It certainly must evolve as the corruption risks your company encounters develop but also it should also mature as your compliance program grows and becomes more ingrained in your organization. Innovation is not a concept that comes naturally to lawyers who are generally trained to study the past (i.e. read case law precedent) and apply it going forward. The idea of innovation simply does not jive with what many believe should be a static list of rules and regulations that businesses should operate under. However, as compliance moves into its next phase and becomes the best practice of a well-run business, innovation will become more of a focus.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 1, 2014

Sherlock Holmes and Innovation in the Compliance Function, Part I – A Study In Scarlet

A Study in ScarletToday begins a week of double themed blog-posts. First I am back with an homage to Sherlock Holmes, for it was in the magazine Beeton’s Christmas Annual that the characters Sherlock Holmes and Watson were introduced to the world in 1887, in the short story A Study in Scarlet. The second theme will be innovation in the compliance department. I will take some recent concepts explored in the December issue of the Harvard Business Review (HBR) and apply them to innovation and development of your compliance function. I hope that you will both enjoy my dual themed week and find it helpful.

Today I begin with the first novel, A Study in Scarlet. There are two items of note that I learnt in researching this work. The first is that it was written in 1886 and even Conan Doyle had trouble finding a publisher for what went on to become the most famous detective character of all-time. The second was the title. I had always thought it referred to the color of blood but it turns out that it comes from a speech given by Holmes to Dr. Watson on the nature of his work, in which he describes the story’s murder investigation as his “study in scarlet”: “There’s the scarlet thread of murder running through the colourless skein of life, and our duty is to unravel it, and isolate it, and expose every inch of it.” Furthermore, a ‘study’ is a preliminary drawing, sketch or painting done in preparation for a finished piece.

I thought Doyle’s first work would provide an excellent entrée into today’s topic, that being leadership in the compliance function. While many compliance departments may have begun more as a command and control function, set up by lawyers to comply with anti-bribery laws such as the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or others; this type of leadership model is now becoming outmoded in today’s world. It is not that employees are interested in the ‘why’ they should do business ethically and in compliance with such laws but it is more that power is shifting inside corporations. In a HBR article, entitled “Understanding “New Power””, authors Jeremy Heimans and Henry Timms explore how leadership dynamics are changing and what companies might be able to do to harness them. I found them to have some excellent insights, which a Chief Compliance Officer (CCO) moving to CCO 2.0 or compliance practitioner might be able to garner for a compliance function.

The authors begin by noting that ‘new power’ differs from ‘old power’ in a bi-lateral dimension of intersection. This intersection is between the models used to exercise power and the values which are now embraced. It is the understanding of this shift in power, which will facilitate the compliance function moving more to the forefront of a business integration role. The new power models are fourfold. Under sharing and shaping a company is much more integrated with its customers and supply chain. Second is funding which continues this integration by adding a vertical component of funding, whether equity positions or some other type of funding. Third is producing in which “participants go beyond supporting or sharing other people’s efforts and contribute their own.” Finally, there is co-ownership, which is the most decentralized, pushing participation down to the lowest or most basic levels.

But beyond these new power systems, the authors believe that “a new set of values and beliefs is being forged. Power is not just flowing differently; people are feeling and thinking differently about it.” The authors call them “feedback loops” which “make visible the payoffs of peer-based collective action and endow people with a sense of power. In doing so, they strengthen norms around collaboration”.

The authors lay out five new values. They include the area of governance where the authors note, “new power favors informal, networked approaches to governance and decision making.” Next is in the area of collaboration where the authors believe that this new power value rewards “those who share their own ideas, spread those of others, or build on existing ideas to make them even better.” The next new value is DIO or do it ourselves. Under this value, there is a “belief in amateur culture in arenas that used to be characterized by specialization and professionalization.” Next is transparency which, while not a new concept, says that more permanent transparency between business and social lives will lead to a “response in kind from our institutions and leaders who are challenged to rethink the way they engage with their constituencies” specifically including their employee base. The final new value identified by the authors is affiliation, which means that new and younger employees are less like to “forge decades-long relationships with institutions.”

The authors have three prescriptions that I found could be useful for the CCO or compliance practitioner to incorporate into a mature and evolving compliance program moving forward. Compliance functions need to “engage in three essential tasks: (1) assess their place in a shifting power environment, (2) channel their harshest critic, and (3) develop a mobilization capacity.

Assess where you are

This prong is quite close to something compliance practitioners are comfortable with in their role, a risk assessment. However the authors suggest that the assessment be turned inward so you should assess the compliance function on this “new power compass—both where you are today and where you want to be in five years.” You can benchmark from other companies in responding to this query. Internally, you can begin this process with a conversation about new realities and how the compliance function should perform. More importantly such an assessment can help you identify the aspects of their core models and values that should not be changed.

Incorporate business unit interests

The authors note, “Today, the wisest organizations will be those engaging in the most painfully honest conversations, inside and outside, about their impact.” However, I think this question should be asked first by the CCO or compliance practitioner. For it is not only what you are doing to work with your business units but more importantly what are you doing to incorporate their concerns and suggestions into your compliance regime. If you are going to ask the business unit to be a significant partner or better yet be your business partner, you will need to have a mechanism in place to engage your business unit so there can be an inflow of input before the compliance function has an output of requirements. As the authors write, “This level of introspection has to precede any investment in any new power mechanisms” to which I would add any successful compliance function.

Mobilize your capacity

Here I suggest you consider contracted third parties and other third parties such as joint venture (JV) partners as an avenue through which the compliance function can bring greater benefits to an organization. I have often heard compliance expert Mary Jones talk about her training of her company’s third parties and how thankful they were that when she, Global Industries Director of Compliance, would personally travel to their locations and put on in-person training. Her efforts to travel to their locations, spend the money required to do so not only directly strengthened Global Industries’ compliance function but created allies for her efforts by giving these suppliers the information and training they needed to comply with their customers requirements. By reaching out in this manner, Global Industries used its contracted third party suppliers to create a stronger company compliance program.

As the anti-corruption compliance profession matures, it will become more a component of a company’s business function. This means less of a lawyer’s top down mentality of do it because I said to do it, to more collaboration. It also means, as with the premier of Sherlock Holmes in A Study in Scarlet that something new is on the horizon and it could be here for quite sometime to come.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

November 26, 2014

Doing Business in India – Corruption Risks and Responses

IndiaRecently the US law firm of Foley and Lardner LLP and MZM Legal, Advocates & Legal Consultants in India jointly released a white paper, entitled “Anti-Bribery and Foreign Corrupt Practices Act Compliance Guide for U.S. Companies Doing Business in India”. For any compliance practitioner it is a welcome addition to country specific literature on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act and other anti-corruption legislation and includes a section on India’s anti-corruption laws and regulations.

FCPA Enforcement Actions for Conduct Centered in India

Under the FCPA, several notable US companies have been through enforcement actions related to conduct in India. Although not monikered as a ‘Box Score’ the authors do provide a handy chart which lists the companies involved, a description of the conduct and fine/penalty involved.

Company Description Disposition (in USD)
Pride International Payment made for favorable administrative judicial decision regarding customs issues $56.1 million
Tyco International German subsidiary paid third parties to secure contracts; payments recorded as commissions $26 million
Diageo Subsidiary made payments to government official responsible for purchase/authorization of Diageo’s products in India $16.4 million
Textron Subsidiaries paid foreign officials to secure contracts; characterized as commission and consulting fees $5.05 million
Oracle Corporation Oracle distributor allegedly created “slush” fund to pay third parties $2 million
Dow Chemical Company Payments made to India Central Insecticides Board to expedite registration of products $325,000

India Anti-Bribery/Anti-Corruption Laws 

The authors identify the principal anti-corruption legislation in India as the Prevention of Corruption Act, 1988 (PCA), which focuses on bribery of public servants. They go on to state, “Bribery under the PCA includes any “gratification” that a public servant receives other than his/her legal remuneration. Gratification constituting a bribe would include anything intended to motivate, influence, or reward a public servant for performing (or forbearing performance of) an official act, or for showing “favour or disfavour” to any person, or for rendering any service or disservice to a public servant.” However, there are other laws, in addition to the PCA, which govern such issues. These include “specific public servants’ Conduct Rules, which set specific guidelines on the value of gifts that may be accepted in furtherance of local or religious customs (where no reciprocal action is expected and where the public servant has no current or expected future official dealings with the gift giver). The guidelines for permissible gifts are based on the public servant’s rank and service classification and broadly range between 500 – 7,500 Rupees (approximately $8 – $120 U.S. dollars).”

Corruption Risks in India

Corruption risks in India are generally perceived to be high due to its “complex administrative and bureaucratic environment”. Similarly the FCPA Professor would say there are a high number of barriers to trade. Coming at it from a different direction, the Department of Justice (DOJ) would say the risk is high because of the number of licenses and permits required. More pruriently, I would say this leads to more folks having their collective hand out looking to speed things up. Indeed, in the recently released TRACE Matrix India comes in at 185th out of 197 countries listed, with a corruption score of 80, based largely on its score of 92 in the highest weighted category of “Interactions with Governments”.

a. Licenses and Permits

The authors identify that “a host of regulatory hurdles exists in India, including the need to obtain permits, licenses, and other regulatory approvals and to pay various application and registration fees. These types of low-level transactions provide opportunities for bribery. Payments made in such transactions — whether in cash or gifts — may appear minimal (by U.S. standards) and may seem harmless, but they can nonetheless result in violations of U.S. and/or India law.” They go on to list some “Examples of Problematic Conduct” around this issue they identify the following:

  • Paying (or providing some other benefit to) a customs official to bypass inspection or overlook incorrect or incomplete paperwork;
  • Paying a local tax regulator to overlook errors or inconsistencies in filings;
  • Paying an official to expedite the processing of a permit or license;
  • Paying a utilities provider to reduce billings; and
  • Paying a local health and safety regulator to overlook code violations.

b. Gifts, Travel and Entertainment

In the area of gifts, travel and entertainment, the authors state that “companies run the risk of triggering the FCPA and other anti-corruption laws if their marketing and entertainment expenditures cross a line into conduct that could be characterized as bribery or lends to the appearance of attempting to induce a breach of trust or impartiality on the part of the recipient…the various conduct rules for public servants in India establish specific guidelines for accepting gifts and hospitality, and, for some public servants, the maximum permissible gift value may be as low as 500 rupees ($8 U.S. dollars). Companies operating in India should thus familiarize themselves with these guidelines before providing even what may seem to be a modest gift or hospitality.” Some examples of problematic conduct identified is these areas are as follows:

  • Paying for extravagant meals, drinks, and entertainment in connection with a visit by a foreign official;
  • Paying for “side trips” so that foreign officials can visit tourist attractions (e.g., Walt Disney World, Las Vegas) while in the United States;
  • Providing per-diems or “pocket money” for foreign officials to use during a visit;
  • Paying for a foreign official’s spouse or family to accompany the foreign official on a trip; and
  • Providing foreign officials with excessive gifts for birthdays, weddings, holidays, or other events.

c. Third Parties

This is always recognized as the highest FCPA risk and in India it is no different. More importantly, it may be even greater in this country because “Navigating India’s extensive regulations and bureaucracy often requires U.S. companies to rely on third parties, such as agents, brokers, consultants, sales representatives, distributors, and other business partners…The PCA similarly criminalizes bribery through third parties as a direct violation by the third party and as an abetment violation by the company on whose behalf the bribe is being made.” The key is subject any third party to rigorous due diligence and closely manage the relationship after the contract is signed. If a Red Flag appears at any point in the third party lifecycle it should be evaluated and cleared. The authors provide a handy list of some examples of Red Flags regarding third parties when doing business in India. They include:

  • A third party is listed in databases reporting known corruption risks (e.g., World Bank List of Debarred Firms) or has been previously investigated for, charged with, or convicted of corruption or other ethics violations;
  • A foreign official has specifically requested that a certain third party be involved in the company’s transaction or business;
  • An agent or consultant holds himself out as someone with close connections to an important minister or minister’s aide;
  • A third party does not appear to have sufficient resources, real estate/infrastructure, or experience to perform the requested tasks;
  • A third party asks the company to provide it with unreasonably large discounts, excessive commissions, reimbursements, or contingency fees; and
  • A third party requests payment in an irregular or convoluted manner (e.g., cash, offshore bank account, payments to another company, over/under invoicing).

Managing Corruption Risk in India

In their concluding section, the authors relate solid risk management tools tailored to the Indian market. It all starts with robust standards and procedures. From there you should train not only your employees on what may be illegal conduct and how to resist requests for bribes but also your third parties. Annual certifications are an important tool for not only risk management but also communication about anti-corruption expectations. Your compliance program should devote the appropriate level of personnel and resources for your operations in India. Finally, a robust reporting mechanism is key but equally critical is your response after any information comes to light. It must be thoroughly investigated, quickly remedied and reported as appropriate.

The Foley & Lardner/MZM Legal white paper is a welcome addition to literature about country specific risks, remedies and responses. A copy of the full white paper can be obtained by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 25, 2014

How to Avoid a Mousetrap – Resource Reductions in Your Compliance Function

The MousetrapOn this day, 62 years ago, “The Mousetrap”, a murder-mystery written by Agatha Christie, opened at the Ambassadors Theatre in London. The crowd-pleasing whodunit has become the longest continuously running play in history, with more than 10 million people attending its more than 20,000 performances. The play opened with Sir Richard Attenborough and his wife, Sheila Sim, in the cast. To date, more than 300 actors and actresses have appeared in the roles of the eight characters. David Raven, who played “Major Metcalf” for 4,575 performances, is in the “Guinness Book of World Records” as the world’s most durable actor, while Nancy Seabrooke is noted as the world’s most patient understudy for 6,240 performances, or 15 years, as the substitute for “Mrs. Boyle.” The play is still going strong in London’s West End and at theaters across the world today.

The Mousetrap has survived the vicissitudes of one of the most fickle phenomenons known, the theater going public. Unfortunately, not all businesses can make the same claim to longevity, either in revenue sourcing or spending. For instance the energy industry is now facing a future with the price of oil at something currently around $80 per barrel. This has already led to proposed contraction in the energy services industry with the number 2 company, Halliburton Energy Services, buying the number 3 company, Baker Hughes. Halliburton has already announced they hope to achieve financial benefits through elimination of redundancies in the combined organizations.

Given this new thread of economics going through the energy industry, I wondered what it might all mean for a company’s compliance function? I thought about this question when I read a recent article in the Harvard Business Review (HBR), entitled “How Not to Cut Health Care Costs”, by Robert S. Kaplan and Derek A. Haas. Their article posited that many “cost-cutting initiatives actually lead to higher costs and lower-quality care.” This is because “Administrators typically look to reduce line-item expenses and increase the volume of patients seen.” But the authors opine that this is not the best way to cut costs or even deliver a superior health care service. They advocate, “Administrators, in collaboration with clinicians, should examine all the costs incurred over the care cycle for a medical condition. This will uncover multiple opportunities to benchmark, improve, and standardize processes in way that lower total costs and delver better care.”

Just as health care providers deliver services, so do compliance practitioners. This led me to view their article with the angle of a Chief Compliance Officer (CCO) or compliance practitioner that has been told to cut head count or resources. First, and foremost, is to keep in mind the direction provided in the FCPA Guidance, which is well thought out and considered, and will be viewed with a better eye by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) if they take a look at your compliance program after it has been cut. And, as with everything else that is Foreign Corrupt Practices Act (FCPA), UK Bribery Act or any other anti-corruption compliance program related, you must remember the most important aspect, that being Document, Document, and Document. Whatever you do, you should document that you have studied it, considered it and then articulated a reason for taking the steps you decided upon. This means you should take the authors advice and not simply reduce “line-item expenses on their P&L statements” but you should “consider the best mix of resources needed to deliver excellent [compliance] outcomes in an efficient manner.” To do so, the authors examine five cost cutting mistakes, which I will adapt for the compliance practitioner.

Mistake #1 – Cutting Back on Support Staff

Just as in the medical services-delivery world, the compliance arena support staff are a key component of a compliance program’s efficiency. Cutting such functions requires CCOs or others to spend more time on administrative matters and less on actually doing compliance. This can be up to ten times more costly for more senior compliance managers to perform such tasks than properly trained, efficient administrative staff. Arbitrary constraints or cuts in personnel spending, uninformed by the need to deliver high quality compliance outcomes can not only lead to a diminution in the compliance product but very dissatisfied internal compliance consumers.

Mistake #2 – Underinvestiging in Space and Equipment

While this is perhaps more self-evident in the health care services industry, I would argue that it applies to technology in the compliance arena. Underinvesting in technology can lead to a lowering of productivity for a company’s most expensive compliance resource; its compliance group. Further, once technology has been used in one area, the marginal cost to utilize it in a second area is often much lower than the initial cost. A case in point is translation services to translate your Code of Conduct, compliance policy and procedures into languages other than English. After the initial cost, the marginal cost for each update you make is considerably lower. Moreover, the authors point to the “folly of attempting to cut costs by holding down spending in isolated categories. More often than not, much higher costs soon show up in another category.” The key is to measure the costs of all resources used by the compliance function so that the appropriate trade-offs can be made. 

Mistake #3 – Focusing Narrowly on Procurement Prices

Often executives simply say that an overhead function, such as compliance, must “aim their reductions” at outside vendors. This may lead to more negotiations over suppliers’ pricings or attempts to negotiate high discounts. However the author’s note that this blanket approach often fails to take into account the precise mix of goods and services that a compliance department may use. Further, this gross approach focuses too narrowly on negotiating the price and fails to examine how the compliance function might actually consume goods and services from outside vendors. The authors note, “As a result, they miss potential large opportunities to lower spending.”

Mistake #4 – Maximizing Throughput

This mistake revolves around simply trying to get professionals to work faster. However, as with physicians, this mistake “is not sensitive to the impact of seemingly arbitrary standards on [compliance] outcomes.” Interesting what may be true is quite the opposite that a compliance function can receive greater overall productivity by spending more time with fewer problems. This is because by spending less time with problems up front, a compliance professional may be able to bring greater risk management techniques to bear, which can work to prevent or even proscribe a compliance issue rather than simply detecting it after something has occurred. The more time the compliance function can spend in counseling, monitoring or performing in-person training, the more benefits will be paid off from preventing compliance issues from becoming FCPA violative events.

Mistake #5 – Failing to Benchmark and Standardize

Benchmarking is recognized as a key tool of the compliance practitioner. However it is rarely thought of a cost-cutting tool or a cost-efficiency mechanism. Many compliance practitioners can only see the no ‘one-size-fits-all’ proscription which blocks them from seeing what other compliance practitioners might be doing to achieve similar results. If other companies can be used to determine a range of compliance techniques and strategies, perhaps they could also be consulting for the standardization of certain processes or procedures, which might lead to greater cost efficiencies. One constant about compliance is that there are no trade secrets in compliance. A constant about compliance professionals is that they will always share information on their program. Use the knowledge of others to help you deliver a compliance solution in a more cost-effective approach.

The compliance profession is maturing. Costs and inefficiencies can be the result of “mismatched capacity, fragmented delivery, suboptimal outcomes and inefficient use of technology.” In their penultimate paragraph the authors state, “The current practice of managing and cutting costs from a P&L statement does nothing to address those problems.” Unlike the theater version of The Mousetrap, compliance will experience ups and downs in funding similar to other corporate overhead functions. However, such pinch points might present opportunities for the compliance professional to review and assess a company’s compliance program and come up with ways to make it run more efficiently. For if it is true that there is no ‘one-size-fits-all’ approach to compliance; it is equally true that you are only limited by your imagination. But document how you got there and why and be prepared to defend how you identified your risk, coupled with your management of them.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,878 other followers