FCPA Compliance and Ethics Blog

May 14, 2014

FCPA Compliance and the Convergence of US Security, Economic and Foreign Policy Interests

Robert Gates“In a private meeting, the king [King Abdullah of Saudi Arabia] committed to a $60 billion weapons deal including the purchase of eighty-four F-15’s, the upgrade of seventy-15s already in the Saudi air force, twenty-four Apache helicopters, and seventy-two Blackhawk helicopters. His ministers and generals had pressed him hard to buy either Russian or French fighters, but I think he suspected that was because some of the money would end up in their pockets. He wanted all the Saudi money to go toward military equipment, not into Swiss bank accounts, and thus he wanted to buy from us. The king explicitly told me saw the huge purchase as an investment in a long-term strategic relationship with the United States, linking our militaries for decades to come.”

The above quote comes from Robert Gates recent book, Duty: Memoirs of a Secretary at War. I would like you to identify how many interests of the US are contained in the above quotation. I can identify at least five interests of the US: (1) US security interests; (2) US foreign policy interests; (3) US military interests; (4) US economic interests; and (5) US legal interests as reflected in compliance with the Foreign Corrupt Practices Act (FCPA).

The above quote synthesizes succinctly concepts that I have tried to articulate for some time as to the worldwide effects of the FCPA. The fight against terrorism has many different tools and I certainly recognize the FCPA as one of them. But this citation from former Secretary of Defense Gates clearly shows the convergence of several interests of the US through the effectiveness of the FCPA. If it had not been for the effective compliance programs of the US aerospace and armament industry, the Saudi Arabian ministers, who advised the King to buy something other than American, might have held sway. But because bribing such ministers would violate US law and put the US companies under potential legal liability, the King had confidence that the US companies were not bribing his ministers to get the Saudi business.

Put another way, what is the cost of paying a bribe to a foreign governmental official? It means that said official’s judgment is clouded by his own self-interest in giving the business to a company, which has bribed him for his business. As Jeff Kaplan would say, there is a clear conflict of interest by the bribe receiver because they are being paid to make a decision to award the business to a company which lines their pockets. Or, in the case of the Saudi ministers that the Saudi King referred to, their collective Swiss bank accounts.

I recognize that the FCPA is a supply side focused law. It criminalizes the conduct of the bribe-giver and not the bribe-receiver. But because of this fact it means that US companies that comply with the law can help foster the US interests that I listed above and perhaps others that I have not identified. So just as I believe that the FCPA helps in the fight against terrorism, I also believe that the FCPA helps to foster US foreign policy, US economic interests and US legal interests.

I see this most clearly in Houston, Texas, generally recognized as the epi-center of FCPA enforcement. There have been more FCPA enforcement actions against companies based in Houston than in any other single city in the world. This is largely because Houston is the self-proclaimed energy capital of the world but this profusion of FCPA enforcement has also led to companies in Houston having some of the most mature compliance programs and it has also led to quite a bit of FCPA knowledge throughout businesses in the city. Nonetheless the key is the business response to the issue and not strictly a legal response.

In the energy industry, the exploration and production companies (E&P) are usually thought of as existing at the top of the food chain (i.e. Mega-Big). Below them are the service companies, which actually do the work of exploration (i.e. Very-Big). The next level down are companies which all work with the service companies, from the multi-billion chemical production firm down to the $15MM company which has a piece of software which does something useful. All of these companies down the chain are required to have a compliance program.

In practice it works something like this. A service company needs a product or service. As part of the regular contracting process, the service company will inquire into the contractor’s compliance function and policy. If the contractor provides a service which deals with a foreign government in any way or has foreign government touch points, the service company may well come and audit the contractor’s compliance program prior to executing the contract. Thereafter the contractor is subject to being audited for not only the execution of the contract but also the continued maintenance of its compliance program. All of this is done for business reasons. It is a business response to a legal issue, that being compliance with the FCPA.

FCPA compliance can be expressed through the formulation articulated by Paul McNulty and Stephen Martin, of Baker and McKenzie, which they call the “Five Elements of an Effective Compliance Program”, which are leadership, performing a risk assessment, instituting standards and controls, then providing training and communication on those standards and controls and, finally, oversight of your compliance program. While McNulty and Martin have written and spoken extensively on these five elements to flesh them out, these basic concepts are usually quickly and easily understood. Further, and perhaps not said as often as it should be said, companies which have a robust compliance program, are usually better run companies because of the controls that are put in place.

In other areas, anti-corruption compliance programs are becoming requirements to access cash to fund your business. If your company is going through traditional corporate refinancing in the next 18 months, any bank or other financial institution that you go to will want to not only review your compliance program but may well want to review where that compliance program may be in terms of an overall assessment of the compliance risks that your company faces. If you want to sell your business, enter into a joint venture (JV) or even receive some other type of funding, your compliance program will be assessed.

While the world is not free of US companies that run afoul of the FCPA, to paraphrase Dick Cassin, there is certainly more anti-corruption compliance going on in the world. But FCPA compliance serves many interests of the US. Robert Gates’ passage above makes clear that the FCPA is doing what it was intended to do and perhaps much more. But of even greater significance is that the King of Saudi Arabia recognized the effectiveness in a business context. Policy makers need to consider how powerful the FCPA is in a variety of US interests before they argue for a change in the law.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 13, 2014

Working With Third Parties in the Due Diligence Process

Jamestown ColonyOn this day we celebrate the 1607 founding of the English colony at Jamestown. While credited with being the first English colony in what became America, it’s probably more accurate to refer to it as the first permanent English colony that survived for any length of time. The largely male colonists faced many tough years before they finally pulled through. One thing that made the colonists experience so difficult was that they had no idea about what to expect when they sailed over to the New World.

Hopefully in the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance regime, the situation is a bit more advanced today when it comes to looking at third parties, in the pre-contract phase of third party management, during due diligence. While most companies, if not comfortable with the need for and execution of pre-contract signing due diligence, certainly understand the need for this process; the same is not universally true for the non-US or non-UK company upon which due diligence is being performed upon. An interesting article in the recent issue of Compliance Insider, entitled “Disclosing the Subject-Dealing with Compliance Immaturity”, deals with precisely this situation; where the third party has not gone through the due diligence process. The article provides some useful tips on how the compliance practitioner can get through this sometimes-delicate process.

One thing the article makes clear is that if you are performing due diligence on a third party, you should fully disclose this information to the third party. They state, “There is nothing to be gained by not telling the subject company about the process or trying to keep it secret. Except for in an acquisition where the buyer has yet to disclose themselves, there is little advantage in keeping quiet. The third party expects that you will be doing some form of due diligence and engaging a compliance or legal firm to complete a review. There is nothing that the due diligence company or law firm is going to do differently than if that due diligence were secret – no one would ever disclose more than they had to and would never disclose the name of the client for which they were acting.”

After you disclose to the third party that they need to go through your company’s due diligence process, which should begin with a questionnaire to help determine the appropriate level of due diligence to perform, you may face pushback from the third party. Unfortunately, as the article notes, such pushback usually goes initially to the business contact, which tends to side with the third party against the compliance function. This means that you need to educate your business unit sponsor on the reasons your company must engage in the third party management process so that they can communicate this to the third party. The article identifies three major reasons which a third party may resist your attempts at due diligence.

  1. Immaturity – the third party is “not used to due diligence or working with global companies that focus on compliance. They are not aware of the value of due diligence and have been living in the “compliance cave”. This is an issue in itself as it shows a degree of compliance immaturity and certainly gives an insight into how that company might be as an acquired entity. They are probably going to focus on the fact that there is an inbuilt level of trust that is needed in business and that the company should rely on that trust.”
  2. Negotiating – the third party may be “negotiating, trying to leverage the issue for their own gain as part of a negotiation. They may not be trying to hide anything per se, but may be sending a message that the company is taking too long, being too conservative, being caught in compliance obfuscation or losing sight of the real deal.”
  3. Hiding – it may also be that the third party does have something to hide.

The article suggests four clear steps that you can take if you are faced with one or a multiple of the above reasons for pushback from the third party.

  1. Engage the issue head on – it is important that you quickly and succinctly address concerns that your compliance team or compliance process is “heavy handed or that there is a lack of trust” between your company and the third party.
  2. Engage the business sponsor – as I stated above, one of the key components of any successful third party lifecycle management program is the engagement of the business sponsor. Obviously the business sponsor needs to justify the potential contractual relationship your company would have with the third party but the business sponsor is also the primary point of contact with the third party, throughout both the pre-contracting phase and the post-contracting relationship management. The article intones that if the third party tries to use an excuse to stop or lessen the process, “then the transaction is probably not worth it.”
  3. Develop your company’s compliance message – you should be crystal clear that your company will “conduct due diligence and background screening on all its proposed business partners and it is company policy to do so.” This can be done so through reference to the FPCA and your company policy. But more than simply a legal explanation, reputational risk is also important for your company. Be clear and re-emphasize your message that “there is neither a lack of trust nor an assumption of lack of integrity on the part of the subject company – it is normal procedure and gets done for all third parties of certain types right across the company, and this subject company is no different.”
  4. Negotiate a proposed go-forward plan – the article emphasizes that you should “not back down” and I whole-heartedly agree. But more than simply standing strong, you can use these discussions to help educate the third party involved why it is not only important for your company but also the third party. If they want to do business with any US or UK Company, they will need to go through this process. Indeed, it will make them more marketable to US or UK Companies if they have gone through the process.

Like many compliance practitioners, I came to the field of compliance through the legal department. Working for a very big fish company in the energy company it was very much ‘big fish-little fish’ where the big fish told the little fish what would be in the contract. However that model does not, nor should it, work in the compliance field. I have found that most third parties understand that if they desire to do business with a US or UK company, since we are required to perform due diligence as part of any best practices compliance program, the third party will need to be a part of that process. The Compliance Insider article provides a valuable look at a topic which is not always focused on from the perspective of the US or UK based compliance practitioner.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 12, 2014

Interview with T. Markus Funk-from Oxford to the FCPA

Filed under: Department of Justice,FCPA,Markus Funk — tfoxlaw @ 12:01 am
Tags: , ,


TMF Headshot_Federal BuildingjpgEd. Note-We continue with our interview series of thought leaders in the compliance space. Today, we visit with T. Markus Funk, partner at Perkins Coie.

1.         Where did you grow up and what were your interests as a youngster?

My father is a US-born travel photographer who worked for, among other publications, National Geographic, while my mother was a German-born psychologist. Because my father used Europe as his professional point of departure, I grew up near Koenigstein, Germany, attended Frankfurt International School, and spent school breaks in the US. One of the benefits of this trans-national upbringing is that I enjoy German-American dual nationality.

As a kid/teenager, I spent most of my time on the junior tennis and skiing circuits.

2.         Where did you go to college?

I spent my undergraduate years at the University of Illinois, moved back to the Chicago to attend Northwestern University School of Law, and during the years between undergrad and law school toiled away as a “ski tech” and Motel 8 late-night clerk in Steamboat Springs, Colorado. Later, I pursued my PhD in law at Oxford University.

3.         You started your career as a law clerk to Eighth Circuit Judge Morris S. Arnold and teaching law at Oxford University. So how and why did you come to join the DOJ?

I was very lucky in that my first “real” job out of law school was as a Lecturer of Law at Oxford University, teaching criminal and comparative law.

Although I thoroughly enjoyed the academic life, I noticed that most of my peers – like me – had never spent a day in court, never prosecuted or defended a single client, and candidly viewed the “practice of law” with some derision.

Seeing this lack of real-world experience as an opportunity to differentiate myself from my academic peers and very much desiring to make a difference, I applied to US Attorney’s Offices around the US.   My goal was to gain some first-hand experience with the justice system, and to then return to teaching law in the UK, stay on as a prosecutor, perhaps do something else.

My top choice was to become a federal prosecutor in my law school home of Chicago. So when then-US Attorney Scott Lassar was kind enough to offer me the post, I immediately accepted.

As it turned out, I so enjoyed public service, working with great agents and fellow prosecutors, and working for US Attorneys Lassar and Patrick J. Fitzgerald, that I never returned to the UK – I stayed on as an AUSA for 10 years. I have tried to keep a foot (or at least a toe) in the academic community by serving as a Lecturer in Law at the University of Chicago Law School and as an Adjunct at Northwestern, and by writing books and articles. That said, working with colleagues to address client concerns and figuring out practical solutions for complex legal challenges has been so rewarding that a return to academia is not in my near future.

4.         How did your work fighting corruption and helping establish the rule of law in post-conflict Kosovo in 2005-06 while detailed to the US State Department influence your thinking about the bribery and corruption?

My time in Kosovo as the USDOJ Resident Legal Advisor working for the US State Department was without question one of the most gratifying and eye-opening experiences of my professional and personal life.

We helped local prosecutors and legislators, as well as members of the international community (including international prosecutors), combat crimes such as human trafficking and counterfeiting. But more than that, my team (and, principally, Kosovo-native Dastid Pallaska, who later would go on to graduate from Yale Law School) and I had the privilege of taking a leadership position in the regional fight against bribery and public corruption.

Despite the pressing needs, few members of the international legal community active in Kosovo had spent any time in court or practiced criminal law – so there was a real thirst on the part of our local counterparts for learning not only about criminal law theory and public policy, but also to get a better understanding of how to put theory into practice by developing investigations and theories of the case, using undercovers, tracing proceeds of crime, etc. In fact, the need was so great that we wrote the Kosovo Trial Skills manual to address precisely these issues through the framework of the country’s then-brand-new criminal procedure laws. (The book, in fact, became the Kosovo Supreme Court’s most-cited-to source.).

One thing we also quickly learned is that, no matter how sharp the differences between the Kosovar and Serbian, Macedonian, and Montenegrin politicians might be, organized criminal groups were rarely, if ever, encumbered by ethnic squabbles and were at all times able to effectively and efficiently work together. They took advantage of the gaps in the local laws and their enforcement, and in a very intentional and ruthless manner exploited systemic weaknesses for their own financial gain.

But as a federal prosecutor out of Chicago who’s colleagues convicted, among others, Governor Ryan (and later Governor Blagojevich), I was always weary of “talking down” to our local counterparts or implying that we in the US or Europe are somehow always far ahead of our Balkan colleagues when it came to getting public corruption under control. In fact, the methods employed by companies and individuals engaging in public and commercial bribery in Kosovo were mainly on all fours with the way (corrupt) things were done in Chicago.

By educating the ruling political class on the negative impact of bribery and public corruption, we were able to introduce anti-corruption legislation, set up law enforcement task forces, and train financial institutions on how to identify suspicious activities and respond properly. This in-the-trenches view of FCPA and Travel Act compliance now helps me in the work that I do, and informs my thinking as I advise clients, deal with US Government officials, and interact with foreign law enforcement authorities.

In short,   it is one thing to, as a lawyer, learn about the challenges of dealing with foreign vendors and manufacturers through the birds-eye view provided by books, articles, and court rulings. That said, there is no substitute for having been a first-hand witness to the significant challenges US companies face when they are operating in high-corruption environments.

5.         You were the first to charge and prosecute a Deputy US Marshal (John Thomas Ambrose) with public corruption after he leaked highly-confidential information about the Witness Security (“WitSec”) program to the Chicago mob. What impact did that case have on your thinking?

The prosecution of John Ambrose was one of the most challenging chapters of my prosecutorial career. I don’t want to get into too many specifics. The realization that a sworn Deputy US Marshall was violating his oath by in real-time leaking extremely sensitive information about the whereabouts of what at the time was the program’s most sensitive cooperating witness to Chicago mob bosses seemed like the stuff of a bad crime novel. That this could happen in the 2000s demonstrated that complacency is the enemy. Adapting this realization to my compliance and internal investigations work, making assumptions about what “most likely happened” makes complete sense; but prejudging a situation by assuming that what likely happened is what really happened can have disastrous consequences for the client.

6.         You also prosecuted the “Operation Family Secrets” Mob case. National Public Radio in 2013 described the case as “one of the most important criminal investigations . . . in American history.” How did that experience impact your current work?

One of the reasons the public and press paid so much attention to this 5-year investigation and 3-month trial of the Chicago mob (a/k/a/ “Chicago Outfit”) was that the murders and characters involved – including “Lefty” Rosenthal and the Spilotro brothers – were featured in Martin Scorsese’s movie “Casino.” But to me the opportunity to work with senior prosecutors like John Scully and Mitch Mars, and exceptional FBI Agents like Mike Maseth, and vindicating the rights of scores of victims who were forced to wait decades for justice, was a once-in-a-lifetime experience.

The trail of murders, mayhem, and victims these organized criminals left behind was something I had only experienced in the context of war criminals – and war criminals are rarely glamorized in the way that some of our mob defendants were. Bringing these men to justice was the true capstone to my prosecutorial career, and the team’s receipt of the USDOJ’s highest trial performance award, the U.S. Attorney General’s Award (“John Marshall Award for Trial Excellence”), was something I continue to be very proud of.

In terms of lessons learned, nervousness and emotion are part and parcel of high-stakes litigation. But not letting these emotions overtake you, and turning these feelings into a positive, is critical.

7.         At your firm of Perkins Coie, you helped establish and co-chair the firm’s Corporate Social Responsibility and Supply Chain practice area. What type of work does this entail?

In 2011, my colleague J. Cabou and I set up Perkins Coie’s Corporate Social Responsibility and Supply Chain Compliance Practice – the first such dedicated practice among the AmLaw 100.

One of my personal goals in focusing on this practice was to leverage my first-hand experience fighting corruption, bribery, and trafficking in the Balkans and elsewhere; my background as a federal prosecutor who handled many white collar cases in Chicago; and my familiarity with the subject matter as an academic who studied these areas. J and I saw this as a developing practice area, and as an opportunity to bring our very unique experiences and expertise to bear on complex issues that, in the main, are not of the type that private practitioners encounter or understand.

By way of illustration, at the time we set up the practice many wondered what “CSR” and supply chain issues had to do with corporate compliance and investigations. Today, with ground-breaking laws and regulations like the Executive Order Against Trafficking in Supply Chains, the California Transparency in Supply Chains Act, and the SEC’s Conflict Minerals rules, and with the ramped-up enforcement of the FCPA and US Travel Act, you can barely turn a page in the National Law Journal, New York Times, or Wall Street Journal without reading about a governmental investigation, advocacy group protest, or consumer boycott focusing on real and alleged violations of such laws.

Having participated in raids trafficking operations in the Balkans, drafted anti-corruption and forced labor legislation, prosecuted organized criminals, and written Oxford University Press books and other think-pieces on enforcement and legislative trends in these areas, I felt like this was a natural practice area to help pioneer. That fact that today many firms of all sizes are seizing on the growth of this practice area and are beginning to market their services only further serves to confirm that clients are experiencing very real needs and are looking for counsel who truly understand the practical concerns these novel legal issues implicate, and the pragmatic legal guidance they call for.

8.         You were one of the lawyers involved in the Esquenazi appeal, challenging the constitutionality of the FCPA? Can you describe that experience, both from authoring the briefs to the oral argument.

We took on Joel Esquenazi’s appeal pro bono because we recognized the public importance of the federal courts of appeal for the first time weighing in on the USDOJ’s expansive (and, in the view of many, over-expansive) definition of what qualifies as a “foreign official.” The prevailing “we will know it when we see it” enforcement approach has troubled observers and companies for years, and can be difficult to reconcile with common conceptions of fair notice and due process.

My colleague Mike Sink and I, joined by co-defendant Carlos Rodriguez’s counsel, advanced these arguments in our briefing to the Eleventh Circuit, as well as during our October 3, 2013, oral arguments. We have every reason to believe that the time lag between argument and ruling is further evidence that the Court is taking this issue very seriously, and we continue to look forward to receiving a favorable ruling that will provide the global business community with the clarity they have long-since asked for, but that no federal court of appeal has ever weighed in on.

Markus Funk can be reached at mfunk@perkinscoie.com

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

May 9, 2014

5 Reasons News Media Do Not Follow Ethics

Filed under: Culture,Ethics — tfoxlaw @ 12:01 am
Tags: ,

7K0A0129Ed. Note-Today we have a guest post from Daphne Holmes.

Anyone who deals with FCPA compliance – or with any other federal, global, or local laws and regulations – is acutely aware that compliance and ethics are two separate matters. What is legal or “in compliance” is not necessarily ethical or moral. This is true not only in the field of law but also numerous other arenas such as business, politics and journalism. We live in a cynical age where seemingly unethical behavior by lawyers, corporations, politicians, and media outlets is increasingly shrugged off as “business as usual.” Even so, perceived ethics breaches in these areas still have the power to cause outrage and incite cries for reform.

The media have repeatedly come under fire for practices that the public perceives as unethical. Think of the problems that media magnate Rupert Murdoch has faced in recent years. And Murdoch is far from alone. People routinely accuse the news media of deliberately distorting or covering up facts; of being politically biased; of invading privacy; of being sensationalist; or of being too commercially driven. The entertainment media often come under fire too, mostly for pandering to the public’s appetite for gratuitous sex and violence, and for providing brainless, throwaway content. For the purpose of discussing ethics and media, however, we are going to concentrate on the news/information media, with a brief nod to advertising and marketing content, which are increasingly being married to “news” content in sometimes-insidious ways.

Journalism has its standards and its codes of ethics, of course, which have evolved over centuries and continue to evolve. Ethics is even taught in journalism school. Yet it seems to many that “journalistic ethics” is an oxymoron, and there is some validity to that perception. Here are five interrelated reasons that the news media often seem to have only the most casual relationship with ethics.

  1. Lax regulation. On the surface it would seem that this shouldn’t even be an issue, given the value most of us place on freedom of expression. Why should the government be involved at all? Even so, much of the news and information content in the US is overseen by the Federal Communications Commission (FCC), and marketing content is policed by the Federal Trade Commission (FTC) (and possibly the FDA, depending upon the item being marketed). Despite their stated missions to protect the public, however, many of the federal “alphabet agencies” often appear to be more pro-business than pro-consumer, with a few notable exceptions. And when it comes to broadcast content in particular, the regulatory agencies seem more interested in protecting the public from foul language and “wardrobe malfunctions” than in addressing accuracy, fairness, and other ethics matters. The result is that the news media are often free to do as they please, as long as they keep it mostly family-friendly.
  2. Arbitrary enforcement. The regulations that are in place for the media are often arbitrarily enforced, or not enforced at all. And often there are gray areas, legally as well as ethically. Consider, for instance, those ubiquitous late-night infomercials that help keep many stations and networks afloat – a fact that has raised many eyebrows as well as ethical questions. Even more insidious is the “pay for play” content that pops up on talk and interview shows, in which the host interviews a product seller or service provider under the guise of a human-interest story. In any case, combining lax regulations with lackadaisical enforcement makes for relatively fearless media.
  3. Bottom-line obsession. It could be said that journalism, at least TV journalism, “jumped the shark” when networks figured out that their news divisions could be a profit center. But it’s not just TV – mainstream broadcast, print, and online media are all driven by the need to be profitable. That may seem like an overstatement of the painfully obvious, but it’s a factor that many people forget when they’re grousing about political biases or unbalanced coverage. If a medium is not making money, it’s out of the game, so when big money comes in the door, ethical considerations often fly out the window. Feeding the bottom line often trumps doing “the right thing.”
  4. Public appetite. Many have lamented that the line between news and entertainment has increasingly blurred – hence the term, “infotainment.” The phenomenon can be attributed to the public’s endless appetite for the sensationalism. Many people are more interested in hearing provocative or entertaining opinions than straight facts or thoughtful analysis. People are drawn to pieces that present a distinct perspective. Where straight news is concerned, important developments are generally presented in a series of unending sound bites that rarely get to the heart of the matter.
  5. Inertia. “We’ve always done it this way” is a powerful motivator to keep things just the way they are. Reinventing the wheel takes time and money, so the status-quo prevails. It’s better to follow proven formulas as long as they still seem to be working.

 The rise of the “alternate media” online has been as much of a good as a bad thing. Sure, the Internet is a playground for a host of partisans and extremists, but it has also given birth to fact-checking/debunking sites that are driven neither by partisan agendas nor corporate money. Alternate media predate the Internet, of course. The “underground newspapers” of the 1960s, for example, often provided more thoughtful coverage than the mainstream dailies. Whether mainstream or alternative, media are far from perfect. Readers, viewers, and browsers are better equipped to separate fact from fiction when they recognize ethical shortcomings and biases, ultimately allowing them to make up their own minds.

Daphne Holmes is a full-time blogger and an information security specialist from http://www.arrestrecords.com. She often writes about issues involving security, psychopath and criminal justice. Daphne enjoys reading fictions—mostly in the vein of popular thrillers and mysteries and spends her spare time in gardening. She loves receiving reader feedback, which can be directed to daphneholmes9@gmail.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. 

May 8, 2014

Tales from the Crypt-Rule No. 10-Rule – There is no “I(ntegrity)” in Team-Part II

Tales from the CryptEd. Note-today we conclude a two-part series from the Two Tough Cookies about some of the toughest choices a compliance practitioner may face. As important as this message is for the compliance practitioner, I hope that this series will be read by senior management as well….As Part I was concluded, the Tough Cookie had just been terminated.

Unfortunately for me, there’s no employment law preventing discrimination based on bullying, jealously or insecurity; no law against termination for simply not liking your subordinate or the subordinate’s ability to garner respect.   The hostile work environment I suffered through the entire prior year was due to her insecurity around me, and not based on any protected class. I simply got the shaft for speaking up and expressing the concerns of the team.   Her mistake? She gave me nothing left to lose.

I’ve had a few weeks to cool down since that initial rush of anger, and revenge is best when served with cold, hard logic, and irrefutable facts. Throwing caution to the wind (well, not entirely), I made the ultimate act of moral courage, and sent a letter to executive management, asking that they review the character of the person that they were entrusting the reputation of the company with. For the first time in my career, I was a whistleblower, one of the “one percenters” I used to joke about that throttled the hotline with endless unsubstantiated complaints of “he said, she said.” Now, I am totally sympathetic to the courage it takes to step up to the plate, stand apart from the crowd, and speak up in the hopes of being an earnest agent for positive change.

When asked what resolution looked like for me,   I replied that I was satisfied that the company took my complaint seriously, that this investigation was taking place. I also asked the investigator to thank the company for taking me seriously. I was asked on several occasions “You want her fired, don’t you?!?” and not once did I say yes, even though I wished for it desperately. My response was merely “I just want the company to be aware of the character and qualifications of the person in this most important role, and that appropriate actions be taken when all is said and done.” I did mention it would be nice to have a job again, but that I had little hope of returning.

What did I expect as an outcome? Nothing. What did I get as a reward for that final act of moral courage? Boatloads. First, and foremost, by taking my time, and reducing my concerns from 20 pages of emotional ranting to less than a handful of concise, fact-laden pages, I came across as legitimate. Second, my patience and due diligence paid off – by taking my time to sort through my emotions and only give a factual account of events, and seeking out someone in authority to hear my case, I ensured that my voice would be heard. The company listened. An investigation ensued. The circumstances were weighed, measured, and she was found wanting.

Being in the integrity department is a tough spot to be in – you are supposed to represent the even hand of justice, you are supposed to be the unbiased, objective observer who gathers facts and makes recommendations, when someone behaves badly towards another. No one EVER stops to think who you can call if you are the one on the receiving end of misconduct, or if you become aware of an issue and confidentiality provisions silence your voice (such as in the case of the dual duty corporate counsel and compliance pro) and hobble your effectiveness to effect positive change. If you find yourself in a dilemma such as mine, circle the wagons, but as Ronald Reagan was fond of saying, “Trust, then verify.” Always remember, Integrity and Compliance is not a team function – it is most often singular acts of moral courage taken by brave individuals that override personal risk and reward. High Integrity often demands that you be willing to risk everything for the sake of integrity, to be labeled a pariah, to be shunned, to be shown the door for voicing the unpopular decision. But many times what is said is what is needed to be said. Just don’t let the situation take you by surprise like I did, or for heaven’s sake, don’t wait an unreasonable time for something to change. When I first suffered demoralizing behavior at her hands and got no relief, I should have escalated the matter, going directly to the TOP of HR, to the TOP of legal, and outlined my concerns to insulate myself from retaliation months earlier. I did not. Instead, I chose to simply wait for the change I had been promised, reluctant to make waves, fearful of establishing a reputation as a “whiner” instead of a “winner.” While my intentions were good, the outcome for me, clearly, was not. Here, the compliance leaders were too inexperienced to understand or appreciate the adverse repercussions from both their actions and inaction.

While I still am searching for that high integrity organization that will recognize and appreciate the value I bring, the insights I can share, and the wealth of experiences that have shaped who I am today, I usually sleep well at night, knowing that I have done no wrong. I have left no casualties behind, and I have always treated people with respect, sometimes more than they deserved.   I understand my former boss is no longer in a role where she manages people, which is a good thing.    In fact, I hear she may be getting a dose of her own medicine, but I sincerely hope not – no one deserves the relentless bullying and belittling, facing each work day fearful of the outcome.  If, through each of life’s trials, we can see the lesson, then we can move forward. I know I am a better person for it, even though I still am suffering the consequences of an extended unemployment.   I daily struggle with the choice of telling the truth about why I left that company (retaliated against for reporting a violation), and opting for a more benign “reason for leaving” (departmental reorganization). The stigma of being perceived as an “undesirable” candidate if I am honest about blowing the whistle is a real concern of mine, and I have been passed over in favor of other candidates because such a short stint at my level does not come across well to potential employers. I don’t want to be caught in a lie, because recovery from that route is nearly impossible when you claim to be an “Integrity” professional. I face a real Hobson’s choice, and it is the one thing that keeps me up at night since whichever path I choose can have lasting negative implications for me both professionally, and personally. I am hopeful for the future – the eternal optimist in me, I guess. I do not relish the prospect of either having to live with a lie, or an interminable time of unemployment and the risk of losing my home and my livelihood for taking the high road – the very dear price of moral courage.

Who are the Two Tough Cookies?

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies. Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Their series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone…

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The authors, their affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Authors give their permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the authors.

 

 

May 7, 2014

Tales from the Crypt-Rule No. 10 – There is no “I(ntegrity)” in Team-Part I

Tales from the CryptEd. Note-today we begin a two-part series from the Two Tough Cookies about some of the toughest choices a compliance practitioner may face. As important as this message is for the compliance practitioner, I hope that this series will be read by senior management as well….

Oh, how’d I’d LOVE to make her suffer. I am consumed by it… really consumed by it. I have never in my life felt so “needing” revenge, and it scares the heck out of me. It’s twisted my usual good humor into a never-ending pity party, and I want to feel whole again, gosh darn it! From that woman’s singular act of self-preservation, I knew the fear of want. I knew first-hand the anguish and despair, and how quickly those sentiments evolved into red-rimmed fury. The sheer malevolence of her calm, detached demeanor as she asked me to hand over my badge revealed the underbelly of my chosen profession as an integrity professional – the constant battle against the dark side of humanity. Here I was, the victim instead of the advocate, feeling the blood drain from my face while she calmly called security to escort me out of the building like a common criminal, all the while inured to the suffering she would bring upon me, my family, and more importantly, the other team members in the compliance function.

This Tale from our Crypt highlights the very real risk of being a “team player” whatever the consequences, and the pitfalls of choosing the path less traveled for the sake of Integrity. I was just ushered out of my job by my boss, who was so lacking in experience she’d openly admit to anyone who listened “I have no clue what I’m doing” and then laugh as though it was something to take lightly. Instead of instilling confidence, she was singlehandedly making a laughingstock out of the entire team. The echoes in the halls as I made my final trip through that revolving door were “they just let go of the wrong person….” In her eagerness to get rid of me, she gave me no severance, even though there admittedly was no misconduct. She gave me nothing to lose but my dignity, but that had disappeared a long time ago, as I suffered her daily bullying and belittling comments in front of my team members, stunned into silence by her abject disregard for my experience.

I spent the last two decades running compliance programs, won local and national awards, and regulatory approval for my programs. I am darn good at what I do. I have earned the right to be confident in my field, having seen, and done it all, with a great measure of success. I have had my moments of insecurity – chilling moments of doubt, born on the wings of fleeting glimpses of the dark underbelly of corporate America, while over-eager executives trampled over lesser beings while they competitively climbed to the top, dealing with the inevitable fallout as gatekeeper to the company’s hotline. My repertoire of workplace investigations run the gambit from disparagement, discrimination, harassment, rape, poor management, bomb threats, workplace violence, extramarital affairs (and their illegitimate progeny), embezzlement, theft, drug dealing, child pornography, prostitution, bribes, corruption, plant explosions, accidental death and dismemberment, suicide – the list goes on.

The profession of Integrity & Compliance is littered with individuals who suffer insularity gladly, compelled to resist lemming-like congeniality, always watching, weighing-in, bracing ourselves against the tide, distanced from the malice and ill will that is the hallmark of competitive corporate America. We are a rare breed, delicately balancing professional intimacy with objectivity, keeping even our closest workplace “friends” at arms’ length, humbled by the very good chance that these friends might very well be victims of management override at some point in your career, and that you will have the difficult task of telling them their time is up. When things turn for the worse, we often feel powerless, uncertain who can be taken in confidence to help you sleuth through the “who dunnits” that are part and parcel of hotline investigations. You find yourself hoping against hope that the Human Resources partners you rely upon would get it right, would take the high road, and offer resistance to management when the fault lay at management’s door. Mostly, they do, but sometimes, not. It was those times when HR didn’t offer resistance, didn’t take the unpopular stand, that will stay with me forever, scarring my tender soul, leaving an open, festering wound that will never harden with cynicism, leaving me hopelessly optimistic that what I do for a living, but more importantly, how I go about doing it, has meaning, makes a difference, makes things better for someone, anyone…. And that festering wound had just been ripped wide open by this person who had yet to understand how important her job was to others.

I had been “downsized” out of two organizations already during the recent economic recession, and had intentionally stepped back to get out of the hot seat, not wanting to suffer yet another upheaval in my career. I kept reminding myself of the conversation I had had with my doctor the year prior, when he told me that eventually I was going to have to choose between my heavy international travel schedule and my desire to shed some pounds for health reasons. So I sought out a more limited role with little to no travel, and just spent the last year of my life, swallowing my pride, while my emotional well-being was in rapid decline thanks to this person’s  belittling behaviors towards me in front of others.   I was unnerved as no good deed I could possibly do went unpunished, one way or another. I put every ounce of effort I could muster into making it work, but I never thought I’d be subject to the hostility that oozed out of this person on a daily basis.   Her venom towards me was wearing down my defenses – my civility and professionalism were wearing thin.

I inwardly cringed each time she stumbled her way through a meeting, shuddered at every misspelled word, every grammatical error she published in the company newsletter. I kept my mouth shut, I really did, until I was asked by the CCO to rate her performance as part of a 360◦ review, and I was honest in my assessment, laying out first her high level of skills in some areas, but objectively critical of her shortcomings as well. The CCO confided I was not the first to observe her shortcomings that I so carefully articulated, and assured me that management was aware of the issues, and action would be taken. I patiently waited months for positive change to occur within the function. I honestly believed it was only a matter of time when things would change, hopefully for the better. When the CCO was promoted, his replacement (an internal hire) was left to handle the issue.

When the new CCO advised me that he was going to do nothing for the first ninety days, I quickly realized that the best outcome for me would be to either move my role out of the compliance organization, or find another job.   The company actively promoted from within, so I started to look for opportunities elsewhere where I could shine. I also worked closely with my company-appointed mentor to develop the case for moving my particular role into the business, where I felt it would be more effective. When my boss realized my year anniversary was only a week away, freeing me up for transfer within the company without her permission, she decided to have a “counseling” session with me. Favoring candor over deception, I let her know that I was considering another opportunity within the company that I was qualified for. I also let her know that I was mulling over perhaps exploring the option of moving my role over to the business side, to be more effective and secure that all-important “seat at the table” when critical business decisions were being made.  Her reply was, “Yes, I think you’d be good in the business. I have been hearing good things about you from the business partners you work with.”

My mistake? I had no idea how vindictive she was. After all, this was the home of Integrity & Compliance, the “speak up, speak out” department, the “no retaliation” champions!!! Instead of engaging in a productive dialogue to determine what would be best for the company, she then took it upon herself to “counsel” me about speaking with anyone about any concerns I had with her or the compliance function. Her exact words were “you are not to speak with anyone.”  A seasoned integrity and compliance pro knows what those words mean.   All my senses on high alert, I knew immediately that I was “at risk” for disclosing my desire to be considered for another role in the company. Confiding in one of my colleagues in the department about the discussion with our boss, she let me know that she, too, had been counseled not to speak up about the problems she was having working in that ‘team’ environment, as had another team member who had confided in her.  I was not alone, and our “team” was facing a crisis of unprecedented proportions – the hotline, and every other door for expressing concerns, were slamming shut in our faces. We could “go with the flow” and keep our mouths shut as we had been instructed, or stand out, speak up. I offered to speak up on behalf of the team to the new CCO, and they readily accepted.

I scheduled the meeting, and opened it with the statement that the team wished for me to speak with him on their behalf about a concern we were facing in the department. I let the CCO know I felt I was “at risk” for speaking up, but the matter was too important to leave unspoken, as the entire team’s morale was in a downward spiral. I then told him that our boss had issued a gag order against us, which we believed was a violation of the Code of Conduct. The CCO reiterated that he wasn’t going to do anything for at least 90 days. The following week, I was terminated with the excuse that I was “unable to work in the compliance function.” Huh?!? I still don’t know what that means…

In Part 2 tomorrow, the Tough Cookie tells us what happened next and the (sometimes) price of moral courage. Same Bat Time, Same Bat Channel

Who are the Two Tough Cookies?

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies. Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Their series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. 

 

May 6, 2014

From the Bad Boy Pistons to GRC: The Building Blocks of Compliance

Detroit PistonsI recently watched the ESPN documentary series 30-for-30 on the Bad Boy Detroit Pistons from the late 1980s and early 1990s. It was a great review of a different era of the National Basketball Association (NBA) and the perfect way to get ready for the current playoffs, even if the Rockets did choke their way out of Round 1 as usual. But more than great entertainment, the show focused on the building blocks of a pro basketball team. The Pistons were created player by player who were pieces of the overall team structure. The team then had to become battle hardened by losing some tough playoff games, first in the Eastern Conference to Boson and then in the NBA Championship to the Lakers, before they eventually succeeded in becoming two time NBA champs. In other words, it was a lengthy process, which started in 1982 when the Pistons drafted Isaiah Thomas and it took almost 10 years for them to win the title.

I thought about this process orientation when I read a GRC Illustrated series article in the March issue of Compliance Week, , entitled “The Principled Performance Vision”, by Carole Switzer, co-founder and President of the Open Compliance and Ethics Group (OCEG) and Scott L. Mitchell, the co-founder and Chair of OCEG. In their article, and accompanying GRC Illustrated presentation entitled “Pathway to Principled Performance”, they discuss the need for companies to have a mechanism to address ever-changing business and legal risks in the context of the high performance required by internal and external stakeholders. They articulate “a point of view and approach to business that helps organizations reliably achieve objectives while addressing uncertainty and acting with integrity.”

The biggest problems that they identify are issues of loss of cohesion and insular nature of a management and reporting system between business units within an organization. For instance they point to a wide variety of disciplines within a company, such as “as governance, finance, production, and sales to adjunct areas like performance management, risk management, internal control, compliance, and audit” which must use the same data but often never share the results with each other. The authors posit that a more holistic approach is required and this “can only be achieved by integrating and orchestrating information and functions that, in many organizations, are fragmented and siloed. Then, these integrated capabilities must be supported with strong communication, effective technology, and development of the desired ethical culture.”

Coupled with the article and illustrated framework is a roundtable discussion led by Switzer of several leading compliance practitioners and thought leaders. The participants included Brian Barnier, Principal at ValueBridge Advisors; Paul Liebman, Chief Compliance Officer (CCO) at the University of Texas; Tony Miller, Chief Operating Officer (COO) and Partner at The Vistria Group and Michael Rasmussen, Principal and Chief GRC Pundit at GRC 20/20 Research LLC. Switzer asked them the basic question of how does one get started in such an initiative for a company? Barnier believes that, in large part it is about messaging by “treating it as a business initative to drive profitable revenue and risk-adjusted return” as opposed to “yet another compliance task to achieve while cutting cost.” Liebman focused on the ‘why’ he changed when he noted, “true change depends upon three things: a profound sense of discomfort in the current condition, a vision that things could be better, and a plan to get there. I think the first step is therefore to assess and explain the current level of discomfort—i.e., what is wrong and why.” Moreover, he believes that it is important to “have a vision of the direction you want to go and plan accordingly.” Finally, he said that “Focus on structure and process so that you are constantly moving forward. Slow, incremental but sustainable change in the right direction is far more important than quick, substantial but unsustainable change. Slow, incremental and sustainable change happens by taking advantage of pre-existing organizational processes and mental models that are already working well. Don’t force new or redundant processes but, rather, seek to understand how others are thinking and acting and explain how your vision is really just a logical extension of what they are already trying to accomplish.”

Miller took a somewhat different approach when he said that “Principled performance needs to be part of the culture, reflected in the strategy, and embedded in an organization’s operating systems and processes.” To accomplish this he listed three steps, “(1) the chief executive officer and the senior executive team explicitly acknowledging that this is an important problem that must be addressed; (2) establishing clear metrics and goals for improvement; and (3) assigning point accountability at the executive team level for developing and “owning” the process that will enable the organization to meet the principled performance goals.”

Switzer asked the participants if they could point to situations where there has been a failure to interconnect the various functions of GovernanceRiskCompliance (GRC) which has led to catastrophic consequences. Miller pointed to the siloed nature of the financial services industry when he said, “That’s why we’ve seen significant breaches in the financial services industry with excessive risk taking by traders, the mortgage services industry in lax and exploitive underwriting practices, and the education services industry with overly aggressive student recruitment practices.” Liebman pointed to that well known risk area under the Foreign Corrupt Practices Act (FCPA) by noting, “Third-party relationships are an example where disparate processes and strategic goals can lead to significant non-compliance, waste, and surprise. For example, companies often create a business strategy at a high level and then ask others to implement the strategy with little or no oversight or structure… Accordingly, when a problem surfaces creating a bad reality, such as bribery in the supply chain, and expectations were set too high, the result is significant unhappiness for stakeholders.” Barnier focused on the management of risk without coordination due to the insular nature of management and reporting systems when he observed, “Much of this results from typical silo behavior—especially when reinforced by a control culture with its usual compartments that diminishes individual engagement and end-to-end views. Principled performance, with its focus on outcomes, brings together a range of decisions and activities to improve the likelihood of achieving those objectives.”

While some might find it interesting that the notorious “Bad Boys” of the NBA can teach the compliance practitioner a thing or two, it is clear that their General Manager (GM) Jack McCloskey had a plan in mind when putting the pieces of the team together. That team then had to be molded together and tested. This real world example would seem to be what Rasmussen said when he summed up his views by stating, “A mature GRC program will have an integrated strategy, process, information, and technology architecture that brings efficiency, effectiveness, and agility to GRC across the business and aligned with the business.”

If you have a team left in the NBA playoffs, good luck. Otherwise I hope that you will back me in supporting the Spurs yet again.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 5, 2014

Hitting the Ground Running – Your First 100 Days as a New CCO

FDR Fireside ChatThe first 100 days. Franklin D Roosevelt’s (FDR’s) first term is the standard by which all other Presidents are measured for their first days in office. Why? It is because not only did FDR hit the ground going full speed but also passed legislation, which changed the shape of America for years to come. While the first thing he did was declare a Bank Holiday to save the nation’s banking system, he also passed significant legislation to try to stem the effects of the Great Depression. These bills included the Agricultural Adjustment Act, the Federal Emergency Relief Administration, the Civilian Conservation Corps, and, finally, the National Industrial Recovery Act. He also enacted the Truth-in-Lending and Glass-Steagall Acts to help regulate the stock market, whose collapse had heralded the economic downturn. Even if these acts did not turn the tide of the Great Depression, it gave people hope because at least it appeared FDR was doing something to fight the economic calamity.

Now imagine that you finally have been able to secure a new position as Chief Compliance Officer (CCO) in the compliance field. Every company believes that they are ethical and that they certainly do business ethically but what are some of the things that you can do in your first 100 days? Hopefully you will not be dropped into a corporate situation as dire as the one FDR faced for the US in 1933 but the reality is that many new heads are still judged on these mythical first 100 days.

In the March-April issue of the Red Flag Group’s Compliance Insider magazine, the issue of what you can do to help yourself to succeed in a new role was explored in an article entitled “The First 90 Days in Compliance”. The article uses the book The First 90 Days by author Michael Watkins as a starting point to provide “systematic methods you can employ to both lessen the likelihood of failure and reach the break-even point faster.”

Prepare Yourself

The key is to try and make a clear transition. The best situation is if you can take some time off to prepare yourself between your old and new positions. You should try and use this time to learn more about your new employer and supplement the information you were able to garner during the hiring process. If you cannot take time off, the article suggests studying every night to prepare for your new position. If you want to hit the ground running, you have to be ready to do so.

Accelerate Your Learning

You will be required to learn quite a bit on the job, very, very quickly. The article suggests some key areas for immediate inquiry, which include your new company’s investigations and hotline issues; the internal audit documents relating to compliance; the annual reports for any notes about investigations or other Securities and Exchange Commission (SEC) issues; and a general review to see what is happening the industry to see if there are ongoing Foreign Corrupt Practices Act (FCPA) investigations or recent enforcement actions. The article also suggests meeting up to 50 colleagues in your new company to “Interview them about the company’s existing compliance” program. From these interviews, you can reach out to begin to build a network for further interviews.

Match Your Strategy to the Situation

Here the article suggest that you need to first identify the highest compliance risks and then try to focus on the risks which are not being managed effectively. They note, “It is your role to quickly work out where the most risky practices are and which risks will have the biggest effect on the business…The part that is more challenging is managing risk while focusing on the areas that have the biggest business value. Business value can be measured in country value, profit or reputation. It can also be measured in reducing potential exposure in fines or prosecutions, or growing revenue and profits.”

Secure Early Wins

You do not need to try and fix the company’s compliance program in the first 100 days. But you do need to find a way “to identify opportunities to build both personal credibility and credibility for the compliance function as a whole.” The article suggests taking the issue, which seems to have the most “noise” and contributing towards resolving it. But some of your work may come with instituting good process, as “A large amount of early wins can be as simple as the new compliance team focusing on adding value, removing obfuscation and helping to grow the business, rather than being a roadblock.”

Negotiate Success

One obvious thing to generate success in the corporate world is to have a good relationship with your boss. The article suggests you should have important conversations around “expectations, working style, resources and your personal development.” To facilitate these discussions the following points are posited:

  • There is no value in trashing the existing compliance program.
  • You need to drive the discussions with your boss.
  • Your boss is looking for solutions, not problems.
  • Your boss is not interested in running through your checklist of things to do.
  • Make sure that you connect with the people that your boss values and admires, such as their mentor.
  • Most importantly, set expectations.

Achieve Alignment

If you have not done so through the hiring process, you should have a clear understanding of what compliance means at your new company and what your role will be. While you were hired for FCPA or other anti-bribery legislation compliance, does compliance means something broader in your new role?

Build Your Team

You will probably be called on to make some difficult personnel decisions in this area but one that is absolutely necessary. As the article notes, “your ability to select the right people for the right positions is among the most important drivers of success during your transition and beyond. You also need to hold onto the right people. The focus for every solid manager is to focus on the best people and only those people – the rest should quickly be managed up or out.” If compliance is seen as ‘The Land of No’ populated by one or more Dr. No characters, it is time to make a change and the sooner the better.

Create Coalitions

One of the biggest keys for any successful compliance program is the ability “to influence people outside your direct line of control. Supportive alliances, both internal and external, are necessary if you are to achieve your goals.” You will need to try and identify those persons and develop relationships, then create coalitions with them. This means you will need to get out of the office and get overseas as quickly as possible. While your manager, be it the Chief Executive Officer (CEO) or other, will probably want you in the office, you need to get out of your office and build relationships in the field.

Keep Your Balance

These first 100 days will be a time of very high stress. This may well be compounded by your travel schedule and working very long hours to try and fulfill the concepts discussed herein. The article advises, “The right advice-and-counsel network is an indispensable resource. Use your network of mentors, coaches and friends to discuss your part at the company and what you have been experiencing.” The key is to use whatever resources are available to you during your first 100 days.

Accelerate Everyone

Just as FDR accelerated his actions during his first 100 days, a large part of his success was that he accelerated those around him. You should take this key component of FDR’s success to heart in your new role. Get all of your “direct reports, bosses, and peers – accelerate their own transitions. The fact that you’re in transition means they are too. The quicker you can get your new direct reports up to speed, the more you will help your own performance.”

It is difficult to imagine today a harder situation than the country faced when FDR came to power in 1933. The task must have seemed overwhelming. Starting a new compliance leadership position at a new company can seem equally daunting. The Compliance Insider article provides an excellent framework on how to not only think through your steps going forward but also how to execute them.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 2, 2014

Recent Interviews on the FCPA Compliance and Ethics Report

Filed under: Uncategorized — tfoxlaw @ 11:01 am

If you are looking for something about different for your Friday viewing or listening pleasure, I would invite you to head over to my podcast site, the FCPA Compliance and Ethics Report to check out some of my recent interviews. The length of each show is around 20 minutes so hopefully you can digest it in one sitting. A sampling of some of my recent episodes include:

Episode 46-Interview with Virna Di Palma, Senior Director of Global Strategy and Communications at TRACE, who talks about the recently announced TRACE scholarship program for graduate studies in anti-corruption.

Episode 49-Interview with Candace Tal, Founder and President of Infortal, who discusses a deep dive due diligence investigation and how it can be used.

Episode 50-Interview with Matt Kelly-Editor of Compliance Week, who discusses the upcoming Compliance Week 2014.

Episode 51-Interview with Tim Haidar, Editor-in-Chief of Oil & Gas IQ who talks about some of the current issues faces the energy sector with regard to Ukraine and Russia.

Episode 52-Interview with Raymond Barrett- Washington DC Bureau Chief of PaRR, who discusses bribery and corruption issues that companies face in the Middle East and North Africa.

If you are interested in listening to some of my recent solo shows you can check out the following:

Episode 47-I am Interviewed by Brian Kindle of ACFCS on lawsuits brought by the Libyan Sovereign Wealth Fund.

Episode 48-I discuss the recent Hewlett-Packard FCPA settlement.

All of the above episodes are also available for download on iTunes, under the show’s name, The FCPA Compliance and Ethics Report.

If there is a topic that you might like explored in greater detailed, send me an email and I will see if I can work it into an upcoming episode. You can reach me at tfox@tfoxlaw.

Gehrig’s Streak Ends and Compliance Week 2014 Is Near

lou GehrigToday we celebrate greatness in two areas. The first is in baseball as on this day in 1939, “New York Yankees first baseman Lou Gehrig benches himself for poor play ending his streak of consecutive games played at 2,130. “The Iron Horse” was suffering at the time from amyotrophic lateral sclerosis (ALS), now known as “Lou Gehrig’s Disease.” Gehrig joined the Yankees in 1923, but he didn’t see any action until 1925, when he backed up star first baseman Wally Pipp. According to legend, Gehrig stepped in at first base when Pipp benched himself with a headache, and Pipp never made it back on to the field. Gehrig didn’t miss a game for the next 13 years.” Gehrig’s record of playing in 2,130 straight games was intact until broken by Cal Ripken, Jr.

In the area of conference excellence around all things compliance, there is the upcoming Compliance Week 2014. While the conference has not had as many appearances as Gehrig’s long streak, this is the 9th annual event. As usual, Matt Kelly and his team over at Compliance Week have put together a star-studded and first-rate program for a wide variety of compliance practitioners. From the US government there is Kara M. Stein, Commissioner of the Securities and Exchange Commission (SEC). Interested in the future of the audit committee, there will be Jay Hanson, Board member from the Public Company Accounting Oversight Board (PCAOB), together with others to talk on that subject. For export control there will be representatives from the Department of Commerce and Department of Justice (DOJ) to bring you the latest on export control enforcement issues. Finally, both Patrick Stokes from the DOJ and Kara Brockmeyer from the SEC will be there to discuss Foreign Corrupt Practices Act (FCPA) enforcement from the perspectives of their agencies.

As usual there will be many sessions aimed at the compliance practitioner. Are you interested in developing a strong corporate culture? If so there will be a panel to discuss how to do so from working with your board to determine what your culture should be to building ethics and compliance programs (and control systems) that amplify those values rather than undermine them. An often-discussed topic is the management of compliance in joint ventures (JVs) and in a panel you will hear from three compliance officers telling their approaches to JVs: from risk assessments before the deal to monitoring and cooperation during the partnership to practical tips on investigations should misconduct in a JV partner come to light.

If there are specific geographic areas that you are concerned about there will be conversations about India, the Middle East, Africa, China and Latin America. In these sessions, held in smaller groups to facilitate conversations and questions, there will be discussions that focus on ethics and compliance risks in geographic hotspots around the world. Wondering which regulators matter most in a specific area? What training tactics work best for local workforces? Which cultural differences can cause the biggest risks or mis-steps? All those questions and more are prime fodder for these sessions.

There are a couple of very interesting sessions aimed at providing data on compliance trends. In one, there will be a joint Deloitte and Compliance Week review of their findings of this year’s Compliance Trends report – a survey conducted this spring to benchmark compliance operations at the modern enterprise. Hear about current budget and staffing levels, as well as emerging trends in reporting structures, use of GRC (Governance, Risk management and Compliance) technology, risks confronting the enterprise, and strategies to address them. In a second, there will be a review of the joint Kroll and Compliance Week 2014 Anti-Bribery and Corruption Report – one of the most comprehensive reviews of corporate anti-corruption practices you’re ever likely to find. In this session Kroll executives present the findings and lead a discussion on what those findings say about current (and not necessarily best) practice in FCPA compliance.

There will be several sessions, which deal with training. An interesting one is entitled, “Employee Training – Four Statistics That Will Surprise You” and will provide you with information on best practices on how to align roles, risks, and priorities strategically, to make the most efficient use of limited training time while protecting the organization. The discussion will be framed around four key statistics that you can use to drive training decisions and true program effectiveness. Another interesting angle will be through the prism of social media in a session which will consider the new risks social media brings, and the best ways to square its advances in communications and IT with your existing compliance program, whether that’s through new policies, new technology, or a mix of both.

There will be a couple of sessions dealing with investigations. In one, I will lead a panel, entitled “Investigations Gone Global, Not Haywire”, where we will focus on how can you run an effective investigation in some of the most difficult spots in the world, where local law may conflict with what you need to do. We will explore local stumbling blocks to your investigation, and offer ideas on how to complete the job nonetheless. Another session will help you scope out your internal investigation by considering some of the most difficult parts of scoping (parameters for e-Discovery, for example), and techniques to help determine scope more effectively (say, using the audit team to help map out the issue).

Finally, one session looks timely and intriguing. It will focus on supply chain compliance issues and will look at misconduct in the supply chain – conflict minerals, human trafficking, bribery, and more – is one of the most dangerous risks a company faces: It can erupt anywhere, cause enormous reputational harm, and leave boards scrambling for answers. You will hear about the clues you have, in the vast databases of modern businesses, and how to draw out the answers you need – about which risks are looming, which require policy response, and which require the board’s attention. Lastly, I will be leading a conversation on the FCPA enforcement trends we have seen in 2014.

I have been authorized to offer readers of this blog, who register for Compliance Week, a discount off of the standard rate..  To register, please use this link and discount code CW14FOX (case sensitive) to receive the special pricing of $1,495 (rate applies to new registrations only; please read Compliance Week Terms of Sale about refunds or substitutions). Event website: http://conference.complianceweek.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

« Previous PageNext Page »

Blog at WordPress.com.