Internally Funding Your Compliance Program

Big banks are not doing too well these days in the compliance arena. From Barclay’s and the burgeoning LIBOR manipulation scandal; to HSBC and its money-laundering operations for drug cartels over the past several years; to the ongoing reckoning of JP Morgan and its $5 bn+ trading loss that it is still trying to extricate itself from several months after publicly announcing the loss, big banks seem to be more in the news these days for compliance failures rather than successes.

I saw an article in The Rector Factor section of the July 27 Houston Business Journal, entitled “Prepared company perspective for lenders, investors”, by columnist Bruce Rector that discussed some ideas that companies might draw upon when looking for financing. I thought it would be helpful for the compliance practitioner to use as a guide when putting together a budget, or other, request for funding a compliance initiative.

Rector wrote about the materials a company should put together and have ready when they are seeking financing from banks, investors or other financial institutions. He set out a list of information that a company should have prepared and be ready to present to such institutions because any entity or person who may provide funding is going to want to know some specific details about your company. He believes that management needs to anticipate such requirements and prepare in advance for it. He cautions not to wait until the last minute to put the information together or when you seek funding as “waiting until you need money is never the best time to go out and get it.” While you can be so mundane as to call this a “loan application” Rector believes that if you lay out the information in a coherent manner, it would allow an outsider to get some “perspective on the company”. Further, he believes that such information is actually “multipurpose and can be used to inspire and sell stakeholders – you, your bankers and investors, and your employees – on the business and its prospects” for your company. I have modified Rector’s recommendations for a ‘good application’ to steer them towards a Compliance Department.

• Executive Summary. This should be no more than three (3) pages and it should convey excitement and impact. It must spell out your compliance mission and clearly state the opportunities that are presented for your compliance group to not only further the goals of compliance with the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act but how these opportunities will result in increased earnings and profits.
• The Industry. Here is an opportunity for bench-marking within your industry. You should use credible research from recognized authorities or collect the information from your colleagues in other companies directly, if such information is available to you. You should focus on the size, growth and significance of compliance within your industry and the opportunities for growth within your company.
• The Company. Here you should walk the reader through how your compliance program has grown; this could include organic growth, detailing areas that you may have engaged in as best practices have evolved, and growth of your compliance regime through acquisitions. You should also share major victories and tie all of these into your company values as set out in your published Code of Conduct.
• Management and Ownership. Here is an opportunity for you to recognize the persons in your compliance organization. You should have an organizational chart, biographies of key personnel and anticipated hiring needs.
• Financial Information/Projections. Here you should create a three-year forecast using best, probable and worst-case scenarios for each year on a cash basis. In this section you should include historical return on investment (ROI) figures from prior initiatives, to the extent that you have any and end with a current balance sheet that will indicate and extend top and bottom-line growth for your compliance department.
• Purpose of the Investment. Here you need to be short, compelling and to the point. You should spell out precisely what you are asking for and reiterate what you will do with the funding.

My This Week in FCPA partner, Howard Sklar, often talks about the “internal marketing” of compliance. I believe that Rector’s suggestions in putting together information for financial investment would be a good way for a compliance practitioner to think about internally marketing compliance and internally seeking funding for compliance initiatives.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Is Your FCPA Compliance Program a Good Business Model?

Many compliance practitioners struggle with the questions of how to measure the effectiveness of their company’s Foreign Corrupt Practices Act (FCPA) compliance program. In the January-February 2010 issue of the Harvard Business Review, authors Ramon Casadesus-Masanell and Joan E. Ricart explore business model innovation in an article entitled “How to Design a Winning Business Model”. While the article focuses on how companies might compete more effectively through business models, they present several key mechanisms which can be utilized by the FCPA practitioner in helping to determine the effectiveness of a company’s FCPA compliance program.
The authors looked to writer Joan Magretta for a definition of a business model and cited her for the following “the story that explains how an enterprise works”. This can easily be adapted by the FCPA compliance practitioner into, “the story of how your FCPA compliance program works”. The reason being is that in its simplest form, a business model “consists of a set of managerial choices and the consequences of those choices.” The authors go onto to state that a company makes three different types of choices when creating a business model, they are 1) A Policy Choice to set the course the entire organization will take; 2) The Asset Choice which relates to the resources a company will use to deploy the policy; and finally 3) there is a Governmental Choice about which of the first two choices are managed and governed.
For the FCPA practitioner, the authors list three characteristics of an effective business model. They note that a good business model will meet all three of the following, 1) Is your business model aligned with company goals?; 2) Is your business model self-reinforcing?; and 3) Is your business model robust? These characteristics are easily translated into the compliance world and can be used by the compliance practitioner in evaluating a company FCPA compliance program.
I. Is your compliance program “aligned with your company’s goals”?

This may seem basic, however the choices made in your FCPA compliance program should deliver consequences which assist your organization to achieve its compliance goals. This should start with your “Tone at the Top” but it is also the “Tone in the Middle” and the actions of those below in the organization. Moreover, such the communication and sustainment of such goals must include third parties which a company does business with, and business representatives through which a company conducts business, such as third parties, agents, distributors, resellers, representatives, consultants, joint ventures or consortia. All must all align with your FCPA compliance goals and this alignment should also include vendors in the supply chain.

II. Is your compliance program “self-reinforcing”?

The choices that are made to create and promote an effective FCPA compliance program should all complement one another. This means that there must be reinforcement throughout the compliance program; both negative and positive. If an employee violates the FCPA compliance program, there must be clearly set out consequences for such action. These consequences must be uniformly and fairly applied across the company. If a first offense of making misrepresentations on an expense account is sufficient grounds for termination in South America, then they should be sufficient grounds for termination in North America as well. Conversely, there must be positive consequences to employee actions, the company must promote and award those employees’ who conduct business in a manner consistent with the company’s FCPA compliance program.

III. Is your compliance program “robust”?

Just as a good business model must be adaptable to sustain its effectiveness over time, a good compliance policy must be able to adapt to changes in the compliance landscape. The key to this component is an annual assessment of your company’s FCPA compliance program to determine if there are any areas which may need to be modified. A couple of clear examples of this are (A) facilitation payments; and (B) UK subsidiaries or company employees subject to the UK Bribery Act. As led by Transparency International and the UK, many in the compliance arena are forcefully arguing for the removal of the facilitation payment exception for bribery. Many companies ban such payments in the compliance policy and require the same of those which do business with them. The second area is if your company is subject to the UK Bribery Act, which not only does not have any exception for facilitation payments but also is broader than the FCPA in applying to private commercial transactions, in addition to those involving foreign governmental officials. Companies need to be aware of both developments and enhance their compliance program to meet these evolving standards.
Authors Casadesus-Masanell and Ricart have provided a valuable guide for the FCPA compliance practitioner to think through, in a logic manner, about how to set up a compliance business model for a company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011