Innovation | FCPA Compliance and Ethics Blog

August 7, 2015

Social Media Week Part V – Tools and Apps for the Compliance Practitioner

Filed under: Compliance,Compliance and Ethics,compliance programs,Innovation,LinkedIn,Marketing,Social Media,Social Media Examiner,Twitter — tfoxlaw @ 4:44 am
Tags: compliance, compliance programs, Facebook, Meerkat, Periscope, Pinterest, YouTube

To conclude this week’s posts, I wanted to list some of the more prevalent social media tools, explain what they are and how you might use them in a compliance program. (As usual I got carried away so this series will conclude on Monday of next week.) You need to remember that your compliance customer base are your employees. The younger the work force, the more tech savvy they will be and the more adapted to communicating through social media. According to Social Media Examiner’s 2015 Social Media Marketing Industry Report, the top two social networks for marketing are Facebook and LinkedIn. The three social media tools that hold the top spot for social media planning are LinkedIn, YouTube and Twitter. Marketers report that video streaming is becoming increasingly important tools for markets and that is currently encompassed in Meerkat and Periscope. Finally, I would add that Pinterest is another hot social media app.

Facebook

If you do not know what Facebook is at this point, you may have just transported down from a Borg Cube or perhaps you are a Vulcan looking for First Contact. This is the world’s most ubiquitous social media tool. It combines both personal and business applications. For the compliance practitioner, think about the business uses of Facebook. You can open a Facebook page for your compliance function and share an unlimited amount of information. Equally importantly, you can be responsive when employees comment on your posts, it allows you to interact with them and demonstrate that compliance is listening and responsive. The more regularly you post, the more opportunity you have for connecting with your employee base and building trust.

YouTube

Much like Facebook, YouTube is one of the most ubiquitous social media tools around. It allows you to upload video and audio recordings for unlimited play. For the compliance practitioner, why not consider creating a YouTube channel for your company’s compliance program. You can put together full training on specific issues or you can create short videos. For an example of short videos, you can check out the training videos I have on my website Advanced Compliance Solutions. If there is any information that you wish to put into a visual format, YouTube is one of the best solutions available to you.

LinkedIn

LinkedIn is almost as ubiquitous as Facebook and YouTube. As with Facebook, you can set up a business site or even a private compliance group for your organization. Your employees are the best place to start adding followers, as they are not only your target audience but they are also your biggest advocates. You can encourage employees to add their compliance profile to their personal profiles. By doing so, they automatically become followers and can like, comment on, and share your company updates to help expand your viral reach. As with Facebook, LinkedIn provides you a platform to communicate with your employee base. It has a chat function that can be used to solicit feedback and comments going forward. You can also tie in with or ‘link to’ other groups and people that can facilitate not only creating but also expanding your culture of compliance.

Twitter

Earlier this week, I wrote about how you can use Twitter to capture information from the marketplace of ideas. However Twitter can also be used for communicating with your employee base. Tweets are publicly visible by default, but senders can restrict message delivery to just their followers. Users can tweet via the Twitter website, compatible external applications or by Short Message Service (SMS) available in certain countries. Retweeting is when users forward a tweet via Twitter. Both tweets and retweets can be tracked to see which ones are most popular. Finally, through the use of hashtags (#) users can group posts to Twitter together by topic.

I believe that Twitter is one of the most powerful tools (and completely underused tools) that is available to the compliance function. If employees follow their company’s name through a hashtag, they can see what trending topics other employees are discussing. Compliance practitioners can help lead that internal discussion through the same technique. Moreover, if the Chief Compliance Officer (CCO) or compliance function regularly monitors Twitter they can keep abreast of any communications and those can be used as a backup communication channel, in case the company hotline or other reporting system is not immediately available or even convenient.

Meerkat and Periscope

Two of the newest and perhaps coolest tools a CCO or compliance practitioner can utilize in the realm of social media are Meerkat and Periscope. Both tools allow you to tell a compliance story in real time, throughout your organization and beyond through the capture and broadcast of video, live through your smartphone. They are both live streaming apps that enable you to create a video and open the portal to anyone who wants to use it. Anybody in your Twitter community can click on that link and watch whatever you’re showing on your phone. The big piece is the mobile aspect. It is as simple as a basic tweet and hitting the “stream” button.

This is one of the more exciting new social media tools I see for the compliance practitioner. You could start a compliance campaign along the lines a campaign that the company Hootsuite initiated called “Follow the Sun” using Periscope. They decided to let their employees showcase what they called #HootsuiteLife. They gave access to different people in every company office around the globe. Throughout the day, it would “Follow the Sun,” and people in different offices would log into the Hootsuite account and walk around and show off their culture, interviewing their friends, etc. They talk about the importance of culture and now they are proving it. The number of inbound applications drastically increased after people got that sneak peek into their company. You could do the same for your worldwide compliance team.

You can live stream video training around the globe. Moreover, if you use either of these tools in conjunction with internal podcasting or other messaging you can create those all important “Compliance Reminders” which were so prominently mentioned in the Morgan Stanley Foreign Corrupt Practices Act (FCPA) Declination. The videos that you create with both of these tools can be saved and stored so a record of what you have created can be documented going forward.

Pinterest

According to Pinterest for Dummies, this tool is an online bulletin board, a visual take on the social bookmarking site, where the content shared is driven entirely by visuals. In fact, you cannot share something on Pinterest unless an image is involved. When you share something on Pinterest, each bookmark is called a pin. When you share someone else’s pin, it’s called a repin. Your group pins together by topic onto various boards, aka pinboards, in your profile. Each board mimics a real-life pinboard. You can share images you find online, or you can directly upload images. Using the “Pin It” button, you can share directly in your browser from any web page. You can also share your pins on Twitter and Facebook.

Although a relatively new social media tool, I find it to be one of the more interesting ones for use by the compliance function as it compliments many of the other tools I discussed above. You can set up your compliance account for your organization and pin items, lists, or other visual information that can be viewed and used by employees. In addition to the enumerated items, you can pin such things as a link, a website, graphics or other forms of information. If you think of it as an online bulletin board, you can consider all of the compliance information that you can post for your customer base and the interactions they can have back with you.

All of these tools can help you as CCO or a compliance practitioner to engage with your customer base. On Monday, I will conclude with some final thoughts on why the compliance function should use social media tools available to them.

Once again please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, the FCPA Compliance and Ethics Report.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Leave a Comment

August 6, 2015

Social Media Week Part IV – Telling a Story About Honey

Filed under: Best Practices,Chief Compliance Officer,Compliance,Compliance and Ethics,compliance programs,Doing Compliance,Gar Hurst,Innovation,Marketing,Social Media — tfoxlaw @ 12:01 am
Tags: CoVouch

I continue my exploration of the use of social media in doing compliance by taking a look at a very innovative social media solution to a difficult compliance issue around, of all things, honey. This example shows how creative thinking by a lawyer, in the field of import compliance, led to the development of a software application, using some of the concepts that I discussed earlier in the week around social media. Once again demonstrating the maxim that lawyers (and compliance practitioners) are only limited by their imagination, the use of this software tool demonstrates the power of what social media can bring to your compliance program.

This innovation contrasts with a reader’s comment earlier this week when I began my series on the use of social media in doing compliance. The comment was that this reader’s company, while actively using social media to reach, communicate with and receive information back from its customer base; did not allow employees to access Facebook, Twitter, Pinterest, Snapchat and a whole host of other social media sites on company purchased computers. While the company’s stated reason was security, the true reason is that they simply did not trust their employees not to “waste time” by accessing such sites during work hours.

Such corporate attitudes, while clearly from the time of the dinosaurs, unfortunately still exist. Companies need to understand that social media is a tool which can and should be used affirmatively. Like any tool, it can be abused but if you cannot trust your employees not to goof off (1) they probably should not be your employees and (2) the company is a lousy manager; so there is lots of opportunity for growth. It reminds of when I was working for a corporation back in 2004 and they did not want employees to have company issued cell phones, because you know they might use them for personal use. The bottom line is that social media is here to stay. Millennials and others are only going to communicate through that medium so if companies want to stay relevant, not only with products and services but also with their employee base, they need to understand that social media is an important and significant tool of the future. But enough of my mini-Howard Sklar rant.

Gar Hurst, a partner in the law firm of Givens and Johnston PLLC in Houston, faced an issue around US anti-dumping laws for honey that originated in China. The US Government applies anti-dumping trade sanctions to goods from a particular country. They do this when a domestic interest group alleges and proves, at least theoretically, that the producers in a foreign country are selling their goods into the US market at below fair-market value. By doing this, they are harming the US domestic industry. The dumping duties, which can result from this, can easily be 100, 200, even up to 500 % of import duties. To get around the anti-dumping laws, importers would ship Chinese originated honey to Indonesia, Vietnam or some other country and pass it off as originating from one of those locations.

The problem that Hurst’s client faced was how to prove the honey did not originate from China. In an interview, Hurst said, “We were working with a Southeast Asian honey producer. They were in this situation where Customs was essentially treating them as though they were a Chinese producer. We’ve provided them documents. We’ve provided them invoices. We’ve provided them production docs. We’ve provided them all sorts of documents but there was nothing that we could give them documentary that they didn’t believed could be fake. That was the problem, documents on their face are just a form of testimonial evidence. Meaning, somebody somewhere said, this stuff is actually from the Philippines. It’s only as good as the word of the person who wrote it on. We needed something that would get beyond that problem.”

So using awareness around communications through a smart phone, Hurst and his team came up with an idea “that with the explosion of smartphone technology which is in the hands of basically everybody in the United States and soon to be everyone in the world, these devices basically allow a person to take a picture that is geo-tagged and time and date stamped and then upload that picture to a database in the cloud. Effectively, that’s what we did.” As Hurst explained the process which they came up it was amazingly simply, “We basically created an app that resided on Android phone that they could then go around and document the collection of all these various barrels of honey and its processing. Every time they take a picture, it would be time and date stamped with geo-tagging as well. You know when and where a picture of a particular barrel of honey which we would label with some special labels so you could identify it when and where that was taken.” The product they came up with is called CoVouch.

From there the information is uploaded into a secure database that Hurst and his team created in the cloud. His firm then took all of the evidence they had documented that the honey originated in Indonesia, not China, and presented it to the US Customs service to show his client had not sourced its honey in China. In version 2.0 Hurst and his development team are creating a searchable database which US Customs can use to make spot checks and other determinations.

Recognizing the level of technical sophistication of honey farmers in Asia, CoVouch is amazingly simply to use. It takes pictures, puts time stamps on them and puts geo-tags that show the location where the picture was taken and with glued or pasted on bar codes, you can trace the shipment of honey throughout its journey. But it does so in a way that tells a story. Hurst said, “you’re telling the story but the provenance, if you will, of one imported barrel of honey and how did it get to where it’s at. It’s different. Yeah, that’s right. That’s exactly what we’re trying to do and trying to do it in a way that is easy enough so that, as you put it, a fairly, uneducated farmer in Indonesia can do it and a busy Customs agent in the United States can review it.”

Such a software system uses the concepts around social media to make a honey farmer a provider of documents evidence, through photographs, to meet US anti-dumping laws. But I see the application as a much broader tool that could be used by anyone who needs to verify information on delivery, delivery amounts, delivery times and delivery locations. This could be a field hand who is delivering chemicals even West Africa and does not know how to speak English. Hurst pointed to uses around whether something might be eligible for special import or export regulations due to NAFTA, whether restricted trade goods, such as those used in the oilfield industry, worked their way into Iran and even applicability under the Buy American Act around the US content in goods.

For the anti-corruption compliance practitioner, you could use such a tool to not only receive information, and more importantly photographic evidence, but you could also deliver information. But the key is that you are only limited by your imagination. CoVouch could be a tool that you use internally for delivery of information and receipt of information inside your company.

Tomorrow I will end my weeklong exploration of the use of social media in your compliance program by discussing some of the more common social media applications and how you might use them.

To check out the CoVouch website, click here.

To listen to my podcast with Gar Hurst, go to the FCPA Compliance and Ethics Report, Episode 181, by clicking here.

© Thomas R. Fox, 2015

Leave a Comment

August 5, 2015

Social Media Week Part III – Twitter and Innovation in Your Compliance Program

Filed under: Best Practices,Chief Compliance Officer,Compliance,Compliance and Ethics,compliance programs,Innovation,MIT Sloan Management Review,Social Media,Twitter — tfoxlaw @ 12:01 am

I continue my exploration of the use of social media in your Foreign Corrupt Practices Act (FCPA) compliance program today. One of the ways that Chief Compliance Officers (CCOs) and compliance practitioners can communicate about their compliance programs is through the use of the social media tool Twitter. In an article in the Summer issue of the MIT Sloan Management Review, entitled “How Twitter Users Can Generate Better Ideas”, authors Salvatore Parise, Eoin Whelan and Steve Todd postulated that “New research suggests that employees with a diverse Twitter network – one that exposes them to people and ideas they don’t already know – tend to generate better ideas.” Their research led them to three interesting findings: (1) “Overall, employees who used Twitter had better ideas than those who didn’t.”; (2) In particular, there was a link between the amount of diversity in employees’ “Twitter networks and the quality of their ideas.”; and (3) Twitter users who combined idea scouting and idea connecting were the most innovative.

I do not think the first point is too controversial or even insightful as it simply confirms that persons who tend have greater curiosity tend to be more innovative. The logic is fairly straightforward, as the authors note, “Good ideas emerge when new information received is combined with what a person already knows.” In today’s digitally connected world, the amount of information in almost any area is significant. What the authors were able to conclude is that through the use of Twitter, “the potential for accessing a divergent set of ideas is greater.”

However it was the third finding that I thought could positively impact the compliance profession, the role of the Idea Scout and the Idea Connector. An idea scout is “an employee who looks outside the organization to bring in new ideas. An idea connector, meanwhile, is someone who can assimilate the external ideas and find opportunities within the organization to implement these new concepts.” For the compliance practitioner, the ability to “identify, assimilate and exploit new [compliance] ideas” is the key takeaway. However to improve your compliance innovation, “you need to maintain a diverse network while also developing your assimilation and exploitation skills.”

For the compliance practitioner, Twitter can be “described as a ‘gateway to solution options’ and a way to obtain different perspectives and to challenge one’s current thinking.” Interestingly the authors found that “It’s not the number of people you follow on Twitter that matters; it’s the diversity within your Twitter network.” The authors go on to state, “Diversity of employee’s Twitter network is conductive to innovation.” Typically an Idea Scout will “identify external ideas from experts and resources on Twitter.” Clearly the compliance practitioner can take advantage of experts with the anti-corruption compliance field but there is perhaps an equally rich source of innovation from those outside this arena.

An interesting approach was what the authors called the “breadcrumb” approach to finding innovation leaders and thought-provokers. It entailed a “period of “listening” to colleagues and industry leaders who are on the platform – including what they are tweeting about, who they are following and replying to on the platform, who is being retweeted often”. So with most good leadership techniques the first key is to listen.

Equally important to this Idea Scout is the Idea Connector, who is putting the disparate strands from Twitter’s 140 character tweets together. For the compliance function, this will be someone who identifies compliance best practices or other information from Twitter ideas, can then put them together and direct the information to the relevant company stakeholders. Finally, such a person can “Curate Twitter ideas and matches them with company resources needed to implement them.”

Here the authors listed a variety of ways an Idea Connector can use Twitter. One user said, “I try to sift through all the Twitter content from my network and look for trends and relationships between topics. I put my analysis and interpretation on it. I feel that’s where my value-add is.” Another method is to focus on analytics and one user “filtered specific subsets of the topic for different stakeholders” at his company. Another method was to create “social dashboards or company blogs based on the insight” received thought Twitter. Interesting, one of the key requirements for successfully mining Twitter was in finding ways to share its content “since many employees, especially baby-boomers don’t use the platform themselves.” Conversely by mining information from Twitter and presenting it, this can allow these ‘technologically challenged’ older employees to ascertain how they can target millennial’s.

But as much as these concepts can move a CCO or compliance practitioner to innovation in a compliance program, it can also foster additional information through the following of your own employees. It is well known that Twitter can facilitate greater communication to and between the compliance function and its customer base, aka the company employees. However the authors also point to the use of Twitter to enable this same type of innovation because it “is different than email and other forms of information sources in that it enables continuous engagement”.

Twitter was created to allow people to connect with one and other and communicate about their activities. However the marketing potential was immediately seen and used by many companies. Now a deeper understanding of its use and benefits has developed. For the compliance practitioner one thing you want to consider is to align your Twitter and great social media strategy with your compliance strategy; match your Twitter strategy to your compliance strategy.

Twitter can be powerful tool for the compliance practitioner. It is one of the only tools that can work both inbound for you to obtain information and insight and in an outbound manner as well; where you are able to communicate with your compliance customer base, your employees. You should work to incorporate one or more of the techniques listed herein to help you burn compliance into the DNA fabric of your organization.

© Thomas R. Fox, 2015

Leave a Comment

August 3, 2015

Social Media Week Part I – Using Social Media In Your Compliance Program

Filed under: Best Practices,Chief Compliance Officer,Compliance,Compliance and Ethics,compliance programs,Innovation,Marketing,Social Media,Social Media Examiner — tfoxlaw @ 12:01 am

Welcome to Part I of Social Media Week. I recently did a webinar, hosted by The Network, on the use of social media in your Foreign Corrupt Practices Act (FCPA) compliance program. The response was as great as almost any other webinar in which I have participated. Based upon the overwhelming feedback, this week I will post a series of blogs on the use of social media in your compliance program. In Part I, I begin with a discussion of why you should integrate social media into your compliance program.

I have been studying the business side of social media for some time now as a way to help understand how I might more effectively and more creatively bring the message of doing compliance to my readers and podcast listeners. This led me to think about the message of compliance inside of a corporation and how it is distributed. In a compliance program, a large portion of your consumers/customers are your employees. Social media presents some excellent mechanisms to communicate the message of compliance going forward. Many of the applications that we use in our personal communication are free or available at very low cost. So why not take advantage of them and use those same communication tools in your internal compliance marketing efforts going forward.

On the Social Media Examiner site, which brands itself as “Your Guide to the Social Media Jungle”, is a podcast entitled “Social Sharing: How to Inspire Fans to Share Your Stories”, hosted by Michael Stelzner, Chief Executive Officer (CEO) and Founder of the site. In the podcast Stelzner interviews Simon Mainwaring, author of “We First: How Brands and Consumers Use Social Media to Build a Better World”, who said that to allow them to market successfully there are three key components, (1) Let your employees know what you stand for; (2) Celebrate their efforts; and (3) Give them a tool kit of different ways to participate. I think each of these concepts can play a key role for the compliance practitioner in internally marketing their compliance program.

Let Your Employees Know What You Stand For

In the FCPA Guidance, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) said that the basis of any anti-corruption compliance program is the Code of Conduct as it is “often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” That well known @CodeMavencc, Catherine Choe, has said that she believes “Two of the primary goals of any Code are first, to document and clarify minimum expectations of acceptable behavior at a company, and second, to encourage employees to speak up when they have questions or witness misconduct.”

But more than the Code of Conduct, does your company really communicate that it stands for compliance? Obviously formal anti-corruption training under the FCPA is important but I think that more is required to reinforce that your company has a culture of compliance throughout the organization. In other words, are you communicating what you stand for and not simply the rules and regulations of a compliance program?

Celebrate Their Efforts

Once again the FCPA Guidance speaks to the need to incentivize employees in the company realm. The Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many Guiding Principles of Enforcement forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.” But more than simply incentives, it is important to “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well.”

Mainwaring’s concept means going beyond incentivizing. To me his word ‘celebrate’ means a more public display of success. Financial rewards may be given in private, such as a portion of an employee’s discretionary bonus credited to doing business ethically and in compliance with the FCPA. While it is certainly true those employees who are promoted for doing business ethically and in compliance are very visible and are public displays of an effective compliance program. I think that a company can take this concept even further through a celebration to help create, foster and acknowledge the culture of compliance for its day-to-day operations. Bobby Butler, at Universal Weather and Aviation, Inc., has spoken about how his company celebrated compliance through the event of Compliance Week. He said that he and his team attended this event and used it as a springboard to internally publicize their compliance program. Their efforts included three separate prongs: they were hosting inter-company events to highlight the company’s compliance program; providing employees with a Brochure highlighting the company’s compliance philosophy and circulating a Booklet which provided information on the company’s compliance hotline and Compliance Department personnel.

Give Your Employees a Tool Kit For Compliance

Obviously a key component of any effective compliance program is an internal reporting mechanism. The FCPA Guidance states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” The Guidance goes on to also discuss the use of an ombudsman to address employee concerns about compliance and ethics. I do not think that many companies have fully explored the use of an ombudsman but it is certainly one way to help employees with their compliance concerns. Interestingly, in an interview in the Wall Street Journal (WSJ) with Sean McKessy, Chief of the SEC’s Office of the Whistleblower, he stated, “What I hear is that companies are generally investing more in internal compliance as a result of our whistleblower program so that if they have an employee who sees something, they’ll feel incentivized to report it internally and not necessarily come to us.”

Two of the newest and perhaps coolest tools a Chief Compliance Officer (CCO) or compliance practitioner can utilize in the realm of social media are Meerkat and Periscope. Both tools allow you to tell a compliance story in real time, throughout your organization and beyond. They are both live streaming apps that enable you to create a video and open the portal to anyone who wants to use it. Anybody in your Twitter community can click on that link and watch whatever you’re showing on your phone. The big piece is the mobile aspect. It’s as simple as a basic tweet and hitting the “stream” button.

However, there are a wide variety of social media tools available that you can incorporate into your compliance program. Apps like Pinterest, Snapchat, Instagram and others may seem like tools that are solely suited to personal use. However their application is much broader. Over the next week, I will be exploring some of these apps and tools and how they might be used in doing compliance. As with many ideas in the compliance space, a CCO or compliance practitioner is only limited by their imagination. For these apps, they can be most useful when you tell the story of compliance in your company. Hootsuite did a campaign called “Follow the Sun” using Periscope. They decided to let their employees showcase what they called #HootsuiteLife. They gave access to different people in every company office around the globe. Throughout the day, it would “Follow the Sun,” and people in different offices would log into the Hootsuite account and walk around and show off their culture, interviewing their friends, etc. They talk about the importance of culture and now they are proving it. The number of inbound applications drastically increased after people got that sneak peek into their company.

Yet there are other tools available, at no cost, and can be downloaded onto a mobile device such as a smartphone or iPad. These include the O’Melveny & Myers LLP Foreign Corrupt Practices Act Handbook; which concentrates solely on the FCPA and is primarily a new vehicle to distribute content it already makes available upon request. This content includes O’Melveny’s FCPA Handbook and In-House Counsel’s Guide to Conducting Internal Investigations. In addition, the app features five resource sections that serve as an interactive, illustrative directory with titles ranging from ‘O’Melveny Authored Client Alerts’ to ‘DOJ Opinion Releases’.

Another approach is found in the Latham & Watkins LLP’s AB&C Laws app which takes an international approach to anti-corruption and anti-bribery laws, with the content focused on organizing and easing access to statutes and regulatory guidance according to specific fields of interest, from legislative frameworks to extra-territorial application to enforcement and potential penalties. It also includes official guidance such as steps (where available) that can be taken to reduce the risk of liability for bribery and corruption.

There is much to be learned by the CCO and compliance practitioner from the disciplines of marketing and social media. These concepts are useful to companies in getting their sales pitches out and can be of great help to you, the CCO or compliance practitioner, in collaborating and marketing throughout your company. I hope you will follow this week’s Use of Social Media series as I will endeavor to provide to you not only with a discussion of some new tools which you can incorporate into your compliance program going forward but also a different way to think about who your customers are and how you are reaching them with your message of doing compliance.

Finally, I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, The FCPA Compliance and Ethics Report.

© Thomas R. Fox, 2015

Leave a Comment

June 19, 2015

Tribute to John David Crow and an Innovation Strategy for Your Compliance Program

Filed under: Best Practices,Compliance,compliance programs,Department of Justice,FCPA,FCPA Guidance,Harvard Business Review,IAP,Innovation,Ten Hallmarks of an Effective Compliance Program — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, DOJ, FCPA, Harvard Business Review, HBR

John David Crow died Wednesday. Until Johnny Football, he was the only football player from Texas A&M University to win the Heisman Trophy. He played under the legendary Paul ‘Bear’ Bryant at A&M and for all of Bryant’s success, Crow was the his only player to win the award given annually to the nation’s best collegiate football player. Crow had a productive professional football career making the Pro-Bowl four times. He was also the Athletic Director at A&M from 1989 to 1993. So here’s to John David Crow, one of the Junction Boys and one of the greatest players in the history of Texas A&M. Finally, let me say something I almost never say, Gig ‘Em, John David.

I thought about John David Crow and his legacy of greatness when I read an article in the June issue of the Harvard Business Review (HBR), entitled “You Need an Innovation Strategy”, by Gary P. Pisano. While Pisano’s article dealt more generally with innovation in marketing, I found it highly relevant for the Chief Compliance Officer (CCO) or compliance practitioner, particularly in the context a Foreign Corrupt Practices Act (FCPA) compliance program. Earlier this week, the Department of Justice (DOJ) announced the resolution of a FCPA investigation involving IAP Worldwide Services, Inc. (IAP) via a Non-Prosecution Agreement (NPA). In the NPA, the company committed to implementing and enhancing a best practices FCPA compliance program. Listed at element 18 of its compliance program is the following: “The Company will conduct periodic reviews and testing of its anti-corruption compliance code, policies, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, policies, and procedures, taking into account relevant developments in the field and evolving international and industry standards.”[Emphasis supplied]

This means that the DOJ expects innovation in your compliance program to keep up with evolving international and industry standards. This requires you to implement an innovation strategy. While Pisano’s article does not specifically focus on compliance, I found that its concepts would help a CCO or compliance practitioner sustain the mandate for innovation in a compliance regime. Pisano’s article begins by stating the problem that many companies face is that “innovation remains a frustrating pursuit.” While acknowledging that failure to execute is an issue, Pisano believes the issue is deeper than simply a failure to execute, he believes there is a “lack of an innovation strategy.”

I found some of his basic definitions most useful for the compliance practitioner to think through innovation in the compliance function. Pisano wrote, “A strategy is nothing more than a commitment to a set of coherent, mutually reinforcing policies or behaviors aimed at achieving a specific competitive goal. Good strategies promote alignment among diverse groups within an organization, clarify objectives and priorities, and help focus efforts around them. Companies regularly define their overall business strategy (their scope and positioning) and specify how various functions – such as marketing, operations, finance, and R&D – will support it. But during my more than two decades studying and consulting for companies in a broad range of industries, I have found that firms rarely articulate strategies to align their innovation efforts with their business strategies.”

The key to success is something that every CCO or compliance practitioner should take to heart. Paraphrasing Pisano for the compliance practitioner is that the compliance function “should articulate an innovation strategy that stipulates how their [compliance] innovation efforts will support the overall business strategy.” Moreover, “creating an innovation strategy involves determining how innovation will create value for customers [of compliance, i.e. Employees], how the company will capture that [compliance] value, and which types of [compliance] innovation to pursue.”

Pisano posed several questions around this key area of connecting innovation to strategy. Initially he asked, “How will innovation create value for potential customers?” In my formula, customers become employees or others who will make use of your compliance innovation going forward. Here you should focus on the benefit for your end-using customer. Your innovation can make compliance faster, easier, quicker, more nimble and so on. But focus on that creation of value going forward. Pisano’s next question was “How will the company capture a shore of the value its innovations generate?” He suggests companies think through how to “keep their own position in the [compliance] ecosystem strong” through innovation. Pisano next asked, “What types of innovation will allow the company to create and capture value, and what resources should each type receive?” Here Pisano notes two major forms of innovation equally applicable to the CCO or compliance practitioner. They are a change in technology and a change in a business process. Both are equally valid.

Another problem that Pisano addresses is termed “overcoming prevailing winds” and this means that innovation can be driven downward or backward if there is not sufficient management support. This means not only must there be sufficient resource allocations but management must also incentivize the business units to proceed with implementing the innovations, particularly “when an organization needs to change its prevailing patterns.”

Another area Pisano addresses is “managing trade-offs” because it is inherent in any innovation strategy that there will be trade-offs. Here he terms the two key differences as “supply-push” and “demand-pull”. The supply-push approach comes when your innovation is focused on something that does not yet exist, for example if you are initially implementing a FCPA compliance regime. The demand-pull approach works more closely with your existing customer base to determine what they might need and work to implement innovation around those needs.

Interestingly Pisano ends his article with a discussion about “the leadership challenge”. I say interestingly because I would have thought that was required up front as it is the function of senior management to create the capacity for innovation in the first instance. Pisano writes, “There are four essential tasks in creating and implementing an innovation strategy.” Task 1 is to “answer the question “How are we expecting innovation to create value for customers and for our company?” and then explain that to the organization.” Task 2 “is to create a high-level plan for allocating resources to the different kinds of innovation.” Task 3 is “to manage trade-offs. Because every function will naturally want to serve its own interests, only senior leaders can make the choices that are best for the whole company.” Finally, task 4 dovetails with what almost every DOJ/SEC speaker I have ever heard say when they talk about the basics of any best practices compliance program. It is that “innovation strategies must evolve. Any strategy represents a hypothesis that is tested against the unfolding realities of markets, technologies, regulations, and competitors. Just as product designs must evolve to stay competitive, so too must innovation strategies. Like the process of innovation itself, an innovation strategy involves continual experimentation, learning, and adaptation.”

Pisano’s article provides the CCO or compliance practitioner with a framework to think through to help bring the innovation to a compliance program. I would have put leadership first, both in the compliance department and at senior management level. But however you go about it, you must recognize that your compliance program will have to evolve. That is one of the key differences between those who advocate static compliance standards embodied in a written compliance program and those who advocate that it is Doing Compliance that creates an active, vibrant and effect compliance program.

© Thomas R. Fox, 2015

Leave a Comment

May 20, 2015

Levi Strauss and Auditing of Third Parties

Filed under: Audit,Best Practices,Compliance,compliance programs,FCPA,Innovation,Third parties — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, FCPA

Today we celebrate innovation. On this day in 1873, a patent to create work pants reinforced with metal rivets was granted. This marked the birth of one of the world’s most famous garments: the blue jeans. Jacob Davis, a tailor in Reno, Nevada, presented the idea to Levi Strauss in 1872 when he wrote Strauss a letter about his method of making work pants with metal rivets on the stress points to make them stronger. Davis didn’t have the money for the necessary paperwork and proposed that Strauss provide the funds and that they get the patent together. Strauss agreed and the patent for “Improvement in Fastening Pocket-Openings”, the innovation that would produce blue jeans, was granted.

Until Strauss opened a factory in 1880 the “waist overalls”, as the original jeans were known, were manufactured by seamstresses working out of their homes. Levi’s 501’s, previously known as “XX”, were soon a bestseller, and by the 1920s they were the top-selling work pant in the US. Over the decades the fad has grown and today they are a firm staple in closets around the globe.

I thought about this innovation and sustained excellence when I sat through a presentation at Compliance Week 2015 by two ladies from BakerHughes Inc. (BHI) Jennifer Ellison, Senior Legal Compliance Manager, and Marianne Ibrahim, Senior Counsel, on Audits and Investigations. They focused on three aspects of the company’s audit program in its compliance function, types and purpose of Foreign Corrupt Practices Act (FCPA) audits, planning for the audit and interviewing all in conjunction with your audit program for third parties.

When planning for such an audit they laid out the following steps. You should plan out four to six weeks in advance, you should perform the audit with your legal counsel’s lead to preserve privilege, work with the business sponsor to establish key business contacts, discuss audit rights and processes with the third party, you should prepare initial document request lists for financial information queries, take the time to review findings from previous audits and resolutions and also review details of opened and closed internal investigations, if there are any Code of Conduct questionnaires available take care to review and finally be cognizant of any related Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcement actions.

They noted you should try and determine the entry points of foreign government involvement. They broke this down into (1) direct and (2) indirect. In the direct category they listed the following areas: customs and duties, corporate taxes and penalties, social security or national insurance issues for employees, obtaining in-country visas and work permits, public official gifts and entertainment, training of and attendant travel for employees of government owned entities, procurement of business licenses and permits to perform work and, finally, areas around police escort and security. In the indirect category, some of the key areas to review are: customs agents and freight forwarders, visa processors, commercial sales agents, including distributors and, finally, those who might be consultants or other channel partners.

Document review and selection is important for this process. They said that you should ask for as much electronic information as possible well in advance of your audit. They did recognize that it is much easier to get database records for internal audits than audits of third parties. One item they made sure to ask for in advance was records in database or excel format and not simply in .pdf. They suggested you ask for the following categories of documents; trial balance, chart of accounts, journal entry line items, financial and compliance policies, prior audited financial statements, bank records and statements, a complete list of agents or intermediaries and revenue by country and customer.

When you are ready to commence your interviews, they emphasized that the lead interviewer needs to be culturally sensitive, patient and must negotiate a good working relationship with auditors, who will be reviewing the documents from the forensic perspective. Regarding potential interviewees, they related you should focus on those who interact with government entities, foreign government officials or third parties, including those personnel involved with:

Business Leadership
Sales/Marketing/Business Development
Operations
Logistics
Corporate Functions: Human Resources, Finance, Health, Safety and Environmental, Real Estate and Legal.

For the interview topics, they suggested several lines of inquiry. Initially they noted you should conduct the audit interview as precisely that, an audit interview and not an investigative interview. You should not play ‘got-cha’ in this format. They said you should avail yourself of the opportunity to engage in training while you are interviewing people. The topics to interview on included:

General policies and procedures
Books and records pertaining to FCPA risks;
Test knowledge of FCPA and UK Bribery Act including facilitating payments and their understanding of your company’s prohibitions;
Regulatory challenges they may face;
Any payments of taxes, fees or fines;
Government interactions they have on your behalf; and
Other compliance areas you may be concerned about or that would impact your company, including: trade, anti-boycott, anti-money laundering, anti-trust.

Ellison and Ibrahim went into detail regarding the review you should make around the General Ledger (GL) accounts. They suggested you review commission payments to agents and representatives, any facilitating payments made, all payments around travel, meals and entertainment, payments made around training, gifts, charitable contributions, political donations and sales and promotion expenses. If there were payments made for customs or freight forwarders and other processing agents, permits, licenses, taxes and other regulatory expenses should be reviewed. Additionally any entries pertaining to community contributions and social responsibility payments should be assessed and, finally, they suggested that a review of any security payments, extortion payments, payments to legal consultants or tax advisors or fines and penalties should be considered.

Regarding bank accounts and cash disbursement controls, you should review the following:

Review controls around bank accounts and cash disbursements;
Identify and review authorized signers, approval levels, and bank reconciliations;
Ensure all bank accounts are included in the General Ledger;
Identify and review certain bank and cash disbursement transactions;
Identify offshore bank accounts.

In the area of cash funds review the following:

Review controls around petty cash funds;
Ascertain processes in place regarding disbursement and reconciliation of cash funds;
Identify and review payments to government officials, agents, or any unusual or suspicious activities; and
Identify and review certain bank transactions and test for any improper payments.

For gifts, travel and entertainment, you should explore payments made through employee-reimbursed expenses, scrutinize for any suspicious expenses submitted, expenses lacking adequate documentation, incorrect posting; and identify and review accounts associated with gifts, meals, entertainment, travel, or promotion. In the area of payroll, consider the risks around the use of ghost employees, hiring of relatives of government employees, and the use of bonus payments and be sure to request a payroll listing and review for any such persons.

Around training you should determine whether your company provides industry specific training to government entities, and review GL accounts and expenses for related items. In taking a look at payments under local law, you should obtain list of payments to the government required by local laws and identify and review payments to government authorities or employees, customs authorities or agents, income taxes authorities or license requirements. For payments made to third parties, you should review commission and expense payments for compliance with company policy and also trace payments to the third party’s bank account.

Ellison and Ibrahim provided solid, detailed information on not only what your audit protocol should be but also provided material on what you should look for and how you should do it. It was an excellent presentation.

© Thomas R. Fox, 2015

Leave a Comment

April 1, 2015

Supply Chain as a Source of Compliance Innovation

Filed under: Best Practices,Compliance,compliance programs,FCPA,Innovation,Supply Chain,Third parties — tfoxlaw @ 12:01 am
Tags: best practices, Bribery Act, compliance, compliance programs, FCPA, Foreign Corrupt Practices Act

On this day we celebrate the greatest upset in the history of the NCAA Basketball Tournament, when Villanova beat Georgetown for the 1985 national championship. Georgetown was the defending national champion and had beaten Villanova at each of their regular season meetings. In the final the Wildcats shot an amazing 79% from the field, hitting 22 of 28 shots plus 22 of 27 free throws. Wildcats forward Dwayne McCain, the leading scorer, had 17 points and 3 assists. The Wildcats’ 6’ 9” center Ed Pinckney outscored 7’ Hoyas’ center, Patrick Ewing, 16 points to 14 and 6 rebounds to 5 and was named MVP of the Final Four. It was one of the greatest basketball games I have ever seen and certainly one for the ages.

I thought about this game when I read an article in the most recent issue of Supply Chain Management Review by Jennifer Blackhurst, Pam Manhart and Emily Kohnke, entitled “The Five Key Components for SUPPLY CHAIN”. In their article the authors asked “what does it take to create meaningful innovation across supply chain partners?” Their findings were “Our researchers identify five components that are common to the most successful supply chain innovation partnerships.” The reason innovation in the Supply Chain is so important is that it is an area where companies cannot only affect costs but can move to gain a competitive advantage. To do so companies need to see their Supply Chain third parties as partners and not simply as entities to be squeezed for costs savings. By doing so, companies can use the Supply Chain in “not only new product development but also [in] process improvements”.

I found their article resonated for the compliance professional as well. It is almost universally recognized that third parties are your highest Foreign Corrupt Practices Act (FCPA) risk. What if you could turn your Supply Chain from being considered a liability under the FCPA to an area that brings innovation to your compliance program? This is an area that not many compliance professionals have mined so I think the article is a useful starting point. The authors set out five keys to successful innovation spanning Supply Chain partners. They are: “(1) Don’t Settle for the Status Quo; (2) Hit the Road in Order to Hit Your Metrics; (3) Send Prospectors Not Auditors; (4) Show Me Yours and I’ll Show You Mine; and (5) Who’s Running the Show?”

Don’t Settle for the Status Quo

This means that you should not settle for simply the status quo. Innovation does not always come from a customer or even an in-house compliance practitioner. Here the key characteristics were noted to be “cooperative, proactive and incremental”. The authors emphasize that “you need to be leading the innovation change rather than catching up from behind.” If a company in your Supply Chain can suggest a better method to do compliance, particularly through a technological solution, it may be something you should well consider.

Hit the Road in Order to Hit Your Metrics

To truly understand your compliance risk from all third parties, including those in the Supply Chain, you have to get out of the ivory tower and on the road. This is even truer when exploring innovation. You do not have hit the road with the “primary goal to be the inception point for innovation” but through such interactions, innovation can come about “organically”. There is little downside for a compliance practitioner to go and visit a Supply Chain partner and have a “face-to-face meeting simply to get to know the partner better and more precisely identify that partner’s needs.”

Send Prospectors Not Auditors

While an audit clause is critical in any Supply Chain contract, both from a commercial and FCPA perspective, the authors believe that “Too often firms use supply chain managers as auditors when they are dealing with supply chain partners.” The authors call these types of managers “innovation partners.” Every third party should have a relationship manager, whether that third party is on the sales side or the Supply Chain side of the business. Moreover, the innovation partners are “able to see synergies where [business] partners can work together for the benefit of everyone involved.”

Show Me Yours and I’ll Show You Mine

Here the authors note, “Trust plays an extremely important role in supply chain innovation. Firms in successful innovations discussed a willingness to share resources and rewards and to develop their partners’ capabilities.” The authors believe that “Through the process of developing trust, firms understand their partner’s strategic goals.” I cannot think of a more applicable statement about FCPA compliance. Another way to consider this issue is that if your Supply Chain partner has trust in you and your compliance program, they could be more willing to work with you on the prevent and detect prongs of compliance regimes. Top down command structures may well be counter-productive.

Who’s Running the Show?

I found this point particularly interesting as for the authors, this prong means “who is doing what, but also what each firm is bringing to the relationship in terms of resources and capabilities.” In the compliance regime it could well lead to your Supply Chain partner taking a greater role in managing compliance in a specific arena or down a certain set of vendors. Your local Supply Chain partner might be stronger in the local culture, which could allow it to lead to collaborations by other vendors in localized anti-corruption networks or roundtables to help move the ball forward for doing business in compliance with the FCPA or other anti-corruption laws such as the UK Bribery Act.

The authors ended by remarking, “we noticed that leveraging lean and process improvement was mentioned by virtually every firm.” This is true in the area of process improvement, which is the essential nature of FCPA compliance. Another interesting insight from the authors was that utilization can increase through such innovation in the Supply Chain. Now imagine if you could increase your compliance process performance by considering innovations from your Supply Chain third parties? The authors conclude by stating that such innovation could lead to three “interesting outcomes 1) The trust and culture alignment is strengthened through the partnership innovation process leading to future innovations and improvement; 2) firms see what is needed in terms of characteristics in a partner firm so that they can propagate the success of prior innovations to additional partners; 3) by engaging supply chain partners as innovation partners, both sides reap rewards in a low cost, low risk, highly achievable manner.” With some innovation Villanova coach Rollie Massimino led his team over the prohibitive favorite Georgetown, and you may be able to tap into a resource immediately available at your fingertips, your Supply Chain.

Comments (1)

February 6, 2015

Arsenale and Incentivizing Compliance

Filed under: Best Practices,Compliance,Compliance and Ethics,compliance programs,Department of Justice,FCPA,FCPA Guidance,Incentives In Compliance Program,Innovation,Ten Hallmarks of an Effective Compliance Program — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, Department of Justice, DOJ, ethical leadership, ethics and compliance, FCPA

I continue with a Venice themed blog post today by focusing on the Arsenale. No this is no a precursor to that famous north London football club, the Arsenal Gunners, but the district in Venice where one of the main commercial enterprises of the city took place, that being ship building and ship repair. At one point, the Arsenale employed almost 10% of the city’s workforce or 12,000 people. This was in the mid 1200s to the 1400s when Venice was at or near the height of its trading and financial power. The Arsenale developed the first production line for the building of ships, when, of course, it was all done by hand. The equipment developed to drag ships up on shore and repair was simply amazing. Appropriately, the Arsenale is now an Italian naval facility.

But I also picked up some interesting compliance insights in learning more about the Arsenale. The ship building techniques were of such a high level and importance to the city that they were viewed as state secrets. To protect against the loss of such valuable intellectual property, the Venetian city fathers put in a series of incentives and punishments that can help inform your best practices compliance program up to this day. First, and foremost, Venice forbade any skilled worker from leaving the city to go to work at a neighboring or rival city; the first non-compete and still widely used by corporate America today. Second was the punishment that if you were caught passing secret, you were summarily executed only after excruciating torture; while these techniques are not as widely used by corporate America today I am sure there are some non-enlightened corporate leaders who might like to re-institute one or both practices.

However over on the incentive side there were several mechanisms the City of Venice used to help make the Arsenale work force more loyal and desirous to stay in their jobs, all for the betterment of themselves and their city. The first was job security. The Arsenale was so busy for so many years that lay-offs were unheard of. Even if someone lost their job, through injury, mishap or worse; they received enough of compensation that they could live in the city. Finally, when a worker died, the company provided not only funeral expenses but would assist in taking care of the family through stipends or finding other work for family members.

This dual focus on keeping the state secrets of ship building and repair within the City of Venice reminded me of one of the points that representatives of the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) continually remind compliance practitioners about when discussing any best practices compliance program; whether based on the Ten Hallmarks of an Effective Compliance Program, as articulated in their jointly released FCPA Guidance, or some other articulation such as in a Deferred Prosecution Agreement (DPA) Attachment C. They continually remind Chief Compliance Officers (CCOs) and compliance practitioners that any best practices compliance program should have both incentives and discipline as a part of the program.

Regarding disincentives for violating the Foreign Corruption Practices Act (FCPA), the Guidance is clear in stating, “DOJ and SEC will thus consider whether, when enforcing a compliance program, a company has appropriate and clear disciplinary procedures, whether those procedures are applied reliably and promptly, and whether they are commensurate with the violation. Many companies have found that publicizing disciplinary actions internally, where appropriate under local law, can have an important deterrent effect, demonstrating that unethical and unlawful actions have swift and sure consequences.”

However, the Guidance is equally clear that there should be incentives for not only following your own company’s internal Code of Conduct but also doing business the right way, i.e. not engaging in bribery and corruption. On incentives, the Guidance says, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.” But the Guidance also recognizes that incentives need not only be limited to financial rewards as sometime simply acknowledging employees for doing the right thing can be a powerful tool as well.

All of this was neatly summed up in the Guidance with a quote from a speech given in 2004 by Stephen M. Cutler, the then Director, Division of Enforcement, SEC, entitled, “Tone at the Top: Getting It Right”, to the Second Annual General Counsel Roundtable, where Director Cutler said the following:

[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cutting ethical corners is an acceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his win-loss record.

All of this demonstrates that incentives can take a wide range of avenues. At the recently held ACI FCPA Bootcamp in Houston, TX, one of the speakers said that the Houston based company Weatherford, annually awards cash bonuses of $10,000 for employees who go above and beyond in the area of ethics and compliance for the company. While some might intone that is to be expected from a company that only recently concluded a multi-year and multi-million dollar enforcement action; as the speaker said if you want emphasize a change on culture, not much says so more loudly than awarding that kind of money to an employee.

While I am sure that being handed a check for $10,000 is quite a nice prize, you can also consider much more mundane methods to incentivize compliance. You can make a compliance evaluation a part of any employee’s overall evaluation for some type of year end discretionary bonus payment. It can be 5%, 10% or even up to 20%. But once you put it in writing, you need to actually follow it.

But incentives can be burned into the DNA of a company through the hiring and promotion processes. There should be a compliance component to all senior management hires and promotions up to those august ranks within a company. Your Human Resources (HR) function can be a great aid to your cause in driving the right type of behavior through the design and implementation of such structures. Employees know who gets promoted and why. If someone who is only known for hitting their numbers continually is promoted, however they accomplished this feat will certainly be observed by his or her co-workers.

Just as the fathers of Venice viewed the workers of the Arsenale as critical to the well-being of their city, senior managers need to understand the same about their work force. In places like Texas, employees typically are incentivized with some enlightened remark along the lines of “You should just be happy you even have a job.” Fortunately there are real world examples of how corporate incentives can work into a compliance regime. The City of Venice long ago showed how such incentives could help it maintain a commercial advantage. Fortunately the DOJ and SEC still understand those valuable lessons and continue to talk about them as well.

Comments (1)

January 26, 2015

Good Bye to Mr. Cub, the Siege of Vienna and Doing More Compliance with Less

Filed under: Best Practices,Chief Compliance Officer,Compliance,compliance programs,FCPA,Financial Times,Ft,Innovation — tfoxlaw @ 12:01 am
Tags: best practices, compliance programs, Cub, Ernie Banks, ethical leadership, ethics, ethics and compliance, FT

Let’s play two! That was perhaps the most famous maxim from Ernie Banks, who died this past weekend at the age of 83. As for a sobriquet, it does not get much better than being known as ‘Mr. Cub’ from any baseball fan from 9 to 90. Banks was famous as one of the greatest power-hitting shortstops, leading the National League (NL) in homers and runs batted in, while playing that position as an All-Star in 1958 and 1959. He ended up with over 500 career home runs, when that actually meant something. But he was also known as ‘Mr. Sunshine’ for having one of the most pleasant dispositions of anyone ever to play Major League Baseball (MLB). He remained close to the Cubs team and made frequent appearances at their spring training grounds, in Arizona. Author Harry Strong wrote in 2013 that “the Chicago Cubs do not have a mascot, but they hardly need one when the face of the franchise is still so visible.” Mr. Cub indeed.

I also considered the invasion of Europe by the Ottoman Empire that culminated in the siege of Vienna, in 1683. This marked the high-water mark for the Ottomans and after their defeat they began a long slide until they became known as the ‘sick man of Europe’ in the early 1900s. One of the more interesting things I learned was that the original walls surrounding Vienna had been constructed from monies paid to the Holy Roman Emperor as his ransom for releasing the English King Richard the Lionhearted back in 1194. Talk about getting some serious value for your spending.

I thought about that initial use of monies by the Holy Roman Emperor, who was then the King of Vienna almost 500 years before the Ottoman invasion and how the later walls of Vienna were re-engineered to repulse not only more modern siege weapons but even the advent of gunpowder and cannon fire which the Ottomans tried to use to batter the city into submission.

While the rest of the US economy is finally on an uptick, things down here in Texas are not so rosy with the price of oil hovering at less than $50 per barrel. Major energy service companies have announced cutbacks in spending and layoffs have commenced in a major way, with some companies trimming their work force by over 10% at this early stage. Even companies that have not laid off workers, as yet, are seriously considering no raises or bonuses for the largest parts of their employee base for 2015. For those in the compliance space, viewed as non-revenue generating overhead, things are beginning to get ugly, if not downright scary.

What does this economic reversal mean for compliance? First, and foremost, your compliance function has to continue to operate to prevent, detect and remediate compliance issues. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) will not consider arguments that ‘we did all we could with what we had’ when you are still operating in places where there is a high indicia of bribery and corruption. But what do Mr. Cub and the Siege of Vienna have with this economic conundrum facing those Chief Compliance Officers (CCOs) and compliance practitioners in the energy space? Both of these examples point out that you can use other parts of your organization to affect your compliance efforts going forward. Banks was associated with the Cubs for over 60 years. The walls of Vienna, originally constructed in the 13^th century, were used as a base for the next 400 years. I have long advocated that your Human Resource (HR) function should be a first-rate friend of your compliance function. There are several areas where HR has expertise that can facilitate your compliance efforts going forward. These include hiring, employee evaluation and succession planning to help enable you to hire, reward and promote employees with the values that compliment your compliance efforts.

Other areas include the IT and Marketing departments. Another person I would add is the Corporate Secretary, the reason for this is that the Corporate Secretary has several constituencies within the company that he or she may work with and for. This can provide an opportunity to view a company’s ethics and compliance program and to help shape and direct it. The Corporate Secretary, head of IT or Marketing may be excellent resources to the CCO, that may be under-utilized. It might be worth a cup of coffee or short meeting to see what they might think about your ethics and compliance program or how they might be able to assist you in your efforts.

Another way to think through some of these issues was presented in a recent article in the Financial Times (FT) Fast Times column, entitled “Local lessons for taking on the world”, by Tyler Brûlé. In this article he pointed to some roundtable discussions he attended at the recent conference in Davos, where local mayors discussed some “tried – and – tested policies for governing thousands of people that can be applied to millions of people”. I found them some excellent thoughts for a CCO or compliance practitioner who might be required to do more with less on a rather immediate basis.

Degree or not degree. The Swiss do not believe that a person must have an advanced degree to fix high-speed cabling above a mountain pass or to be a fine hotel general manager. Brûlé notes there is “An emphasis on apprenticeships and vocational education means more workers with useful skills, rather than thousands of unemployed people with useless degrees.” For the CCO, think about using non-lawyer resources in key roles such as using a well-trained paralegal to oversee your ongoing third party program.

Support compliance locally. With an emphasis on not just locally grown but also locally made, the Swiss use this practice to aid many different and diverse areas from protecting small businesses to wasteful global logistics. Brûlé said that “Buying local helps expand the wealth base and forces big retailers to cater to an audience who appreciate that many items are still Made in Switzerland.” For the compliance practitioner this means using more local resources to home grow compliance in various regions outside the US.

Join the compliance community. Brûlé believes that “New arrivals need to recognize that they’re signing up to Switzerland’s social codes, and not the other way around.” While this might not seem Politically Correct from the political perspective, from the compliance perspective you should work more closely with HR to hire folks who profess the same values that you espouse.

High-value versus value engineering. Brûlé writes that the Swiss have “A tradition of building infrastructure, housing and offices right the first time rather than engineering them so they need to be updated constantly creates a culture where quality is admired and consumers expect value for money rather than settling for “good enough”.” I recognize that programs, policies and procedures need fine-tuning, however, from the walls of Vienna being in use for over 400 years to the Cubs using Ernie Banks as an institution for nearly that long shows that high-value can be derived from multiple sources. As a compliance practitioner you are only limited by your own imagination to make things work, through trial and error if need be but you can create something which will work for some time.

Talk to me. Interestingly Brûlé found that “the Swiss are among the lowest users of social media in Europe.” He chalked this up to “village life, good public transport and a sense of community.” If there is one skill a CCO or compliance practitioner should learn, work on and employ continuously it is to listen. Beyond that your employee base is in large part looking for your input on how to do business ethically and in compliance. So talk to them as well.

So farewell to Ernie Banks and I hope that the Cubs have a better century in the 21^st than they had in the 20^th.

Leave a Comment

January 22, 2015

Both Sides Now and Asking the Right Compliance Questions

Filed under: Best Practices,Bribery and Corruption,Chief Compliance Officer,Compliance,Compliance and Ethics,compliance programs,Innovation,Marketing — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, ethical leadership, ethics and compliance

One of my favorite singers has always been Judy Collins. Like most of us, I was introduced to her through her interpretation of Joni Mitchell’s song Both Sides Now which she released in 1967. Joni Mitchell did not record her own version of this song until 1969. It was not until the 1990s that I became aware that Mitchell’s inspiration for the song was that she gave up a child she bore out of wedlock in the early 1960s. She managed to put all that pain into one of the most beautiful ballads I have ever heard. I also did not know that Judy Collins was the inspiration for the Crosby, Stills, Nash & Young song Suite: Judy Blue Eyes until I read an article about her in a recent Wall Street Journal (WSJ) article in Weekend Confidential column by Alexandra Wolf, entitled “Judy Collins”.

I thought about how long I mis-understood the genesis and import of these two songs when I read a recent article in the Winter 2015 edition of the MIT Sloan Management Review, entitled “The Power of Asking Pivotal Questions” by Paul J. H. Schoemaker and Steven Krupp. The authors posit that “In a rapidly changing business landscape, executives need the ability to quickly spot both new opportunities and hidden risks. Asking the right questions can help you broaden your perspective — and make smarter decisions.” Their findings showed that to help managers make better decisions they needed to (1) examine broad market trends and less visible undercurrents; (2) seek out diverse viewpoints to allow multiple views of complex issues; and (3) actually push back if consensus comes together too quickly. They posed six questions, which I believe have some direct insights and are important for the Chief Compliance Officer (CCO) or compliance practitioner so I have adapted their findings directly for the compliance function.

Think Outside In. The authors ask, “How well do you understand the implications of broad market trends and less visible undercurrents for your business and for upcoming strategic choices?” Here I think compliance practitioners need to understand not only what your business does but equally importantly where it is going. This is also true about where compliance itself is going as the Department of Justice (DOJ) now requires that companies which enter into Deferred Prosecution Agreements (DPAs) keep abreast of both technological innovations and also industry trends in compliance. To engage in some of the authors’ suggestions, you need to go to conferences outside the compliance function and to leverage your current networks and join new ones.

Explore Future Scenarios. In this query, you will need to consider, “How thoroughly have you analyzed major external uncertainties and future scenarios that could significantly impact your business decisions?” The authors point to war-gaming as an example of scenario planning. While a CCO may feel like he or she only has time to put out fires, you need to consider what may become the ‘elephant in the room’. Consider the example of GlaxoSmithKline PLC (GSK) in China. The new Chinese government had clearly been signaling an upcoming drive against bribery and corruption. It was only a matter of time until a western company got caught up in its dragnet. Yet, even with specific knowledge of a high ranking party functionary making internal whistleblower claims, GSK not only could not uncover its own systemic corruption but was caught flat-footed when Chinese officials brought forward substantive allegations and evidence of corruption. To help with this issue, the authors suggest you ask questions about the external business environment and to “scout for the periphery” of emerging compliance or regulatory trends. You should also follow developments in your industry to anticipate where the DOJ or Securities and Exchange Commission (SEC) might be going next with enforcement.

Be a Contrarian. This question focuses on diversity of opinions by asking, “Do you regularly seek out diverse views to see multiple sides of complex issues, and do you purposely explore important problems from several angles?” This is an ongoing battle that many corporate senior managers, including compliance practitioners, face, that being to “promote diverse and creative friction.” A CCO must learn to ask if the compliance team team has sought sufficient contrarian input and been exposed to all sides of an issue before reaching a decision. While it is possible to counter the tendency of many compliance practitioners to go along to get along; offering contrarian compliance views are particularly essential when tackling major strategic decisions in an uncertain environment. The authors recommend you use such techniques as fostering constructive debate in meetings, pushing back when consensus groups form too quickly and designate specific devil’s advocates to argue the case against the prevailing views or conventional wisdom.

Look for Patterns. Taking a more analytical approach, the authors inquired as to whether “you deploy multiple lenses to connect dots from diverse sources and stakeholders, and do you delve deep to see important connections that others miss?” Connecting the dots entered the lexicon most prominently after 9/11. However it is an importance concept for the compliance practitioner as well. You need to be able to “amplify discrete data points, connect them and take decisive action” because many compliance practitioners are limited by selective perception and seek information that confirms what they wish to believe.

To overcome this information bias, the authors suggest that you utilize the following strategies. One is to “Look for competing explanations to challenge your observations” as this allows you to “engage a wide range of stakeholders, customers and strategic partners to weigh in.” A second is that when you are “stuck trying to recognize patterns or interpret complex data, step away, get some distance and then try again. Sleep on the data, since the mind continues to process information when resting.” This is because each time you take “a break, and then reengaged, he got a deeper understanding and asked better questions.” Finally, do not forget the power of pictures, visualization and charts. You can “use visual graphs or flowcharts to juxtapose the larger picture with the individual puzzle pieces. Pattern recognition is easier when all the information is clearly laid out and presented in different ways.”

Create New Options. Under this prong, the authors investigate whether “you generate and evaluate multiple options when making a strategic decision, and do you consider the risks of each, including unintended consequences?” The authors believe that few senior leaders will “engage in creative thinking.” This can also be true for the compliance practitioner. The authors posit that “When people feel pressed for time, they become less flexible and much prefer certainty to ambiguity. Ambiguity aversion is typically heightened in crisis situations and can lead to cognitive myopia, a narrow focus that can be counterproductive.” To overcome this tendency to cut corners when we are under the gun the authors suggest the following. The first technique is to not simply present “binary go/no-go decisions, reframe a situation to always examine several more options.” Particularly as a compliance practitioner, with or without legal training, you should always inquire as to what else might we do? The second suggestion is to utilize “impromptu meetings when time is limited to generate more options, including unconventional choices. The Midnight Rambler crew did this during a major crisis.” Finally, you should work to “review alternatives based on clear criteria and rank options accordingly.” From this you should work to “Clearly define decision criteria, make them explicit, weigh them and then score each option against the criteria to identify the best choice. Be disciplined when it comes to making tough trade-offs.”

Learn From Failure. The authors want to know if you encourage experiments and “failing fast” as a source of innovation and quick learning? If there is one area that a compliance practitioner will always face, it is failure. There will always be instances where an employee violates your Code of Conduct or compliance program. It does not matter if you are the World’s Most Ethical Company or somewhere below that level in the compliance strata. But as Paul McNulty said, “What did you do about it when you found out?”, remember this is his Maxim Number 3. The authors write that “Learning from mistakes has much to do with a leader’s mind-set and the questions that he or she asks both before and after an unexpected event occurs. Strategic decision makers abandon the pursuit of perfection, allow some room for well-intentioned mistakes, and examine what went wrong and why. What matters is how well a team learns from setbacks and what mode of inquiry it allows. The best teams try to fail fast, often and cheaply in search of innovation.”

The authors suggest three steps to help facilitate McNulty’s Maxim Number 3. First is to “Shine a light on mistakes as a source of new learning.” Do not bury or hide your miss-steps. Be open about them. Second, you cannot learn from your mistakes unless you study them so if your compliance regime fails in some way, perform a root cause analysis to determine the reason. Lastly, use your miss-steps as teaching moments going forward. The authors note that you should “Publicize stories about failed projects that led to innovative solutions. Praise those who learned from their errors and try to extract learning from near misses.”

Leave a Comment

FCPA Compliance and Ethics Blog

August 7, 2015

August 6, 2015

August 5, 2015

August 3, 2015

June 19, 2015

Tribute to John David Crow and an Innovation Strategy for Your Compliance Program

May 20, 2015

Levi Strauss and Auditing of Third Parties

April 1, 2015

Supply Chain as a Source of Compliance Innovation

February 6, 2015

Arsenale and Incentivizing Compliance

January 26, 2015

Good Bye to Mr. Cub, the Siege of Vienna and Doing More Compliance with Less

January 22, 2015

Both Sides Now and Asking the Right Compliance Questions

January

Blogroll

Pages

Admin

Read by Email

Recent Posts from FCPA Compliance and Ethics Report: FCPA Compliance and Ethics Report

Episode 240-Bill Coffin on Compliance Week 2016

Episode 239-Jonathan Armstong On EU Privacy Shield

Episode 238-John Allen on HR Touch Points in Compliance

Episode 237-Steve McCalmont on the Avior Risk Management Platform

Episode 236-Adam Turteltaub and SCCE CCO Survey