FCPA Compliance and Ethics Blog

April 7, 2014

The Battle of Shiloh, Corruption in Ukraine and Things to Come

Things to ComeOn this day 126 years ago the two-day battle of Shiloh ended. On the second day, the Union troops under General Grant largely recovered the ground that the Confederate troops had taken on the first day. Grant was severely criticized for allegedly being taken by surprise by the Confederate attack but he managed to survive the firestorm. The Confederates lost their most senior commander, General Albert Sydney Johnson, on the first day of the fighting.

With the successful Union counter-attack on the second day the battle is generally viewed as a tactical victory for the North. However, for me the thing that is most significant about this battle is that it was the first horrific slaughter of the Civil War. There were over 23,000 casualties on both sides. Unfortunately it presaged more to come. I will never forget Shelby Foote’s comments in Ken Burn’s documentary The Civil War. Shiloh was not an aberration but there were 25 more Shiloh’s to come. It truly was a sign of things to come.

The recent events in Ukraine have had a variety of interpretations, results and predictions. But one thing is clear, the government of Ukraine allowed systemic corruption to occur. One can look to the Archer-Daniels-Midland Corp. (ADM) Foreign Corrupt Practices Act (FPCA) enforcement action to see the effects in play. In that matter, ADM paid bribes to obtain tax rebates to which it was legally entitled. Unfortunately for ADM it developed opaque schemes to fund bribery payments and then hid them on its books and records. Not good for FPCA compliance.

Or consider the case of Ikea. In an article in Bloomberg, entitled “Dashed Ikea Dreams Show Decades Lost to Bribery in Ukraine”, Agnes Lovasz wrote that Ikea has tried for over a decade to open a store in the country but has been unable to do so because it refuses to pay bribes to do so. She wrote that according to Transparency International’s (TI’s) Corruptions Perceptions Index (CPI), “Stuck between the European Union and its former imperial master Russia, Ukraine has emerged as the most corrupt country on the continent.” She quoted Erik Nielsen, chief global economist at UniCredit SpA in London, for the following, “Even before this latest crisis, Ukraine was a mess beyond description”. How about this recommendation from Lennart Dahlgren, a retired Ikea executive who led the company’s entry into Russia, who said in an interview with Russkiy Reporter magazine in 2010, that compared with Ukraine, Russia, the most corrupt major economy, “is whiter than snow”. Faint praise indeed.

While a US, UK, EU or other western government response is certainly appropriate, I thought about a business led response to such a situation when I read a recent article in the April issue of the Harvard Business Review (HBR), entitled “The Collaboration Imperative”, by authors Ram Nidumolu, Jib Ellison, John Whalen and Erin Billman. In this article they discussed business collaborations in the context of sustainability. I found their concepts should be considered by companies or industry groups when trying to develop strategies to fight corruption. As Jason Poblete continually reminds us, the marketplace is one important place to look for solutions to problems and this article certainly provides some starting points for such an analysis.

The authors posit that collaboration models should be divided into two categories: (1) coordinated processes and (2) coordinated outcomes. Adapting these to anti-corruption/anti-bribery programs, this means that under the ‘coordinated processes’ prong businesses should identify and share industry-wide operational processes that prevent and detect bribery and corruption. Under the ‘coordinated outcomes’ prong, the authors work translates into developing industry benchmarks and standardized systems for measuring anti-corruption/anti-bribery performance across the value chain.

The authors had some specific steps in their article which I thought also provided insightful for implementing their ideas in the anti-corruption/anti-bribery context. First you should being this journey “with a small, committed group.” The reason to do so is “to prevent the logjams that can occur when many stakeholders with conflicting goals try to work together, start by convening a small “founding circle” of participants. The members must have a common motivation and have mutual trust at the outset. This group develops the project vision and selectively invites subsequent tiers of participants into the project as it develops.” Next you should try to “link self-interest to shared interest.” This is because to help facilitate success, “collaboration initiatives must ensure that each participant recognize at the outset the compelling business value that it stands to gain when shared interests are met.” The participants need to then try to monetize the system value by “linking self-interest and shared interest is to quantify how the collaboration reduces costs or generates revenue for each participant.” It helps to build a direct path to some early successes because it is important “to generate momentum and commitment, the action plan must also emphasize quick wins. Business thrives on visible and immediate results, and sustainability collaborations are no exception. Even if these wins are small initially, the cost savings or incremental revenues provide proof to other executives inside participants’ organizations that the investment is worthwhile.”

As many in such a collaborative group will have conflicting priorities, the authors believe it is important to have “independent project-management specialists with demonstrated competence in trust building among diverse stakeholders. Additionally, the project management function must be seen by all participants as neutral and committed to the success of the project, rather than to any individual stakeholder.” Interestingly, the authors note that there should be built in competition which should be “structured to support shared goals.” Finally, and perhaps most obviously, any such group must have a culture of trust. Fortunately, in the anti-corruption/anti-bribery world there are very few trade secrets but beyond this, the “building and maintaining trust is an ongoing practice foundational to every other practice during the collaboration project.”

Perhaps the people or the leadership of Ukraine may at some point realize that the perceived endemic nature of corruption in their economic system, helped lead in part to its current problems. Maybe the citizens in Crimea thought the Russian government less corrupt. While I do not pretend to know the answers to these questions, the collaboration model that the authors have detailed for sustainability initiatives is certainly one that US companies might wish to consider on some type of industry wide basis.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 10, 2013

Expanding Your Compliance Decision-Making Tool Kit

7K0A0223There can be a variety of reasons why bad decisions get made in the corporate world. Last week I wrote about psychopaths in the C-Suite and Boardroom. Today I want to look at some less flamboyant, more mundane ways that a company might get into compliance hot water through poor decision making. In an article in the November issue of the Harvard Business Review, entitled “Deciding How to Decide”, authors Hugh Courtney, Dan Lovallo and Carmina Clarke reviewed how senior decision makers in a company might go about strategic decision making. One of the areas that they explored was how systemic roadblocks might get in the way of making a valid decision.

I found their discussion very interesting from the compliance perspective. The FCPA Guidance emphasized the need for companies to have a robust pre-acquisition due diligence process, in addition to a vigorous post-acquisition integration. The FCPA Guidance stated, “In the context of the FCPA, mergers and acquisitions present both risks and opportunities. A company that does not perform adequate FCPA due diligence prior to a merger or acquisition may face both legal and business risks. Perhaps most commonly, inadequate due diligence can allow a course of bribery to continue—with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability.” But what are some of the biases which might prevent a company from making a good strategic decision even with adequate pre-acquisition due diligence. The authors set out five which I will explore in more detail.

When You Don’t Know What You Don’t Know

Under this bias, the authors believe that the decision maker’s ability to make accurate decisions is in large part based on “being able to accurately determine the level of ambiguity and uncertainty they face.” Unfortunately, just as compliance programs have to deal with humans and human fallibilities, strategic decision makers are subject to both “cognitive limitations and behavioral biases.” The authors note that “executives don’t know what they don’t know, but are happy to assume that they do.” It is this overconfidence in the ability to forecast uncertain outcomes that will lead to unwarranted confirmation of incorrect hypotheses.

Cognitive Bias Creep

Here the authors note that every corporation has biases and these biases can creep into any significant strategic decision. The key is that they manage these biases going forward so that they do not prevent an accurate decision from even having the chance of being made. The authors believe that this can be helped “if, when a strategic decision is being considered, managers choose their decision-making approach in a systematic, transparent, public manner during their judgments which can be evaluated by peers.” This concept is well established in any best practices compliance program through an oversight committee or other similar structure proving review of the compliance function. It is through these techniques that key players “are less likely to assume that their decisions are straightforward or even intuitive.” The authors conclude this section by stating that, “This is especially important when a relatively new or unique strategic investment is under consideration.”

Organizational Process Gets In the Way

I try to be a process guy and to be process oriented. I tend to believe that if you have a robust process in place, it can help you to greatly reduce, ameliorate or manage your compliance risks. The authors believe this as well but feel there are times when the organizational process of a company can get in the way of making a strategic decision. Fortunately many of the techniques to overcome this problem are relatively straight-forward. Although not phrased in this manner, one is the concept of segregation of duties (SODs). In other words, do not have the people who will benefit from a favorable analysis be the only group or discipline within the company to review a decision or even its underlying facts. The authors answer is to have some “commonsense protocols” which allow for an independent eye on things.

Reliance on a Single Tool

One of the areas that the authors maintain throughout their article is the criticism by decision makers on a single analytical tool. They believe that most corporate decision makers rely solely on “conventional capital-budgeting techniques.” They argue that it is most often more useful for decision makers to supplement this basic tool. They articulate that decision makers use other sources of insight. They are particularly critical of only looked to so-called ‘expert opinions’ and suggest that a company seek a wider group of opinions, even within the employee base of their own company. Another technique is to seek out persons in different disciplines simply because they will bring a different underlying analysis and perspective. The authors end this section by stating, “A robust analysis of analogous situations forces decision makers to look at their particular situation more objectively and tends to uncover any wishful thinking built into their return expectations.”

The Option to Delay

The final bias the authors address is the option that is often overlooked – the option to wait or as the authors put it “Deciding when to decide is often as important as deciding how to decide.” If you have ever been on a large project evaluating a merger or acquisition target or other business opportunity, you know that things can take on a momentum of their own. The authors call this “learning-based, iterative experimentation.” This is not a situation of sometimes the best deals are the ones you do not sign on to but deciding to use other tools or techniques to evaluate the timing of your decision making process. This can not only keep you from doing deals that may not make any sense but allow for a more well-rounded decision making process.

The clear message of the authors’ piece is that you should use a wider variety of tools available to you. The FCPA Guidance gives you some of the things that the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) think are important. In addition to the use of transaction, third party and relationship monitoring, I would suggest that you add some or all of the following tools to your toolkit.

  • Review high risk geographical areas where your company and the target do business. If there is overlap, seek out your own sales and operational people and ask them what compliance issues are prevalent in those areas. If there are compliance issues that your company faces, then the target probably faces them as well.
  • Obtain from the target a detailed list of sales going back 3-5 years, broken out by country. If you can obtain a further breakdown by product or services get that as well. You do not need to investigate de minimis sales amounts but focus your Foreign Corrupt Practices Act (FCPA) due diligence inquiry on high sales volumes in high risk countries.
  • If the target uses a sales model of third parties, obtain a complete list, including joint ventures (JVs). It should be broken out by country and the amount of commission paid. Review all underlying due diligence on these foreign business representatives, their contracts and how they were managed after the contract was executed. But your focus should be on large commissions in high risk countries.
  • You will need to speak to the target company personnel who are responsible for its compliance program to garner a full understanding of how they view their compliance program.
  • You will need to review the travel and entertainment records of the target’s top sales personnel in high risk countries. You should retain a forensic auditing firm to assist you with this effort. Use the resources of your own company personnel to find out what is reasonable for travel and entertainment in the same high risk countries which your company does business.
  • While always an issue fraught with numerous considerations, there may be others in the mergers and acquisition (M&A) context, such as any statutory obligations to disclose violations of any anti-bribery or anti-corruption laws in the jurisdiction(s) in question; what effect will disclosure have on the target’s value or the purchase price that your company is willing to offer.
  • While you are performing the FCPA due diligence, you should also review issues for anti-money laundering (AML) and export control issues.

The moral of this story to use a wide variety of tools and resources when evaluating a strategic decision; whether it is compliance based or business based. Do not get caught in myopic thinking or analysis.

—————————————————————————————————————————————————————–

Please join myself and Eddie Cogan, CEO of Catelas as we discuss Risk-Based 3rd Party Vetting, Screening and Monitoring Strategies for High Risk Jurisdictions Thursday, December 12. For information and registration click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

September 30, 2013

Innovating in Compliance to Create Shared Stakeholder Value

7K0A0223Mercifully, the season is over for the Houston Astros. To say that the 2013 Astros will become the poster child for abysmal-ness would be to insult poster children. After all, the owner designed the team to lose so that he could make more money. By cutting the payroll down to almost $10MM, he guaranteed the Astros would be one of the worst teams of all-time. Congratulations Astros management, you succeeded. The Astros assured their place in glory by breaking the record for the most strikeouts by one team in one season; breaking previous the mark of 1,529 in 2010 set by the Arizona Diamondbacks with a total of 1,530 this year. Congratulations Astros owner, Jim Crane on continuing to use the backs of the former Astros fan base to be the most profitable team of all-time!

I thought about the opposite of Jim Crane and his dive to the bottom when I read an article in the Harvard Business Review (HBR), entitled “Innovating for Shareholder Value”, where authors Marc Pfitzer, Valerie Bockstette and Mike Stamp looked at businesses which innovated to meet their stakeholders needs and build a profitable enterprise. While the authors focused more clearly on businesses that design and implement initiatives which deliver both social and business benefits, it became clear to me that the solutions which the authors proposed would be very useful to the compliance practitioner in both designing and implementing a compliance program. So, adapting the authors five mutually reinforcing elements to create a more profitable enterprise from social issues to ethics and compliance, I present the following approach.

Embedding the Purpose

While it may be difficult for a company to define a social purpose that it wishes in engage in, it should not be difficult for a company to define its goals in the compliance arena. Simply put, a company needs to do business in compliance with anti-corruption legislations such as the Foreign Corrupt Practices Act (FCPA) or anti-bribery laws such as the UK Bribery Act through a best practices compliance program. I believe that by doing so a company will move towards the pursuit of the shared value of doing business ethically and in compliance with such laws. Ultimately it all starts at the top of an organization because resources, both human and financial, will be required to channel the purposes of compliance throughout an organization. This means that compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company. As managers and employees take their cues from these corporate leaders, it is imperative that companies demonstrate their commitment from such senior management and their leaders.

Defining the Need

The need to do business ethically and in compliance is well-known. However, the key is that each company assesses and manages its risks. The FCPA Guidance makes clear that a risk assessment is the cornerstone of any FCPA compliance program. The Guidance states, “One-size-fits-all compliance programs are generally ill-conceived and ineffective because resources inevitably are spread too thin, with too much focus on low risk markets and transactions to the detriment of high-risk areas. Devoting a disproportionate amount of time policing modest entertainment and gift-giving instead of focusing on large government bids, questionable payments to third-party consultants, or excessive discounts to resellers and distributors may indicate that a company’s compliance program is ineffective.” The authors also posit that you may wish to achieve an equally comprehensive view of the problem by looking at the people affected and the barriers to setting up and implementing such a program in your company. They go on to state that “Such knowledge provides the basis for anticipating resource requirements, developing the business case, and identifying the necessary execution capabilities inside and outside the company.”

How Do You Manage Your Risk?

One of the blight’s of a Chief Compliance Officer’s (CCO’s) existence is the perception that there is no measurable Return on Investment (ROI) for a compliance program. The same is often enquired of a corporate legal department, which handles the contracts for all of a company’s business. But I believe that for compliance the perception is wrong. The view should be – how does compliance help a company manage its risk? Every transaction has commercial risk. But dealings with foreign government officials and state owned enterprises bring the additional risk of the FCPA. Moreover, every country has its set of anti-corruption and anti-bribery laws which must be followed. I cannot emphasis this final point too much, particularly after what has happened over the past three months in China. Over 20 western companies have announced they are internally investigating bribery and corruption or have been ‘shocked’ to hear their company’s name announced by Chinese regulatory authorities.

Create the Optimal Innovative Structure

Here the message is that compliance needs to work with its business units to help to integrate the compliance function into the decision making process. The authors suggest the three following components: (1) that compliance has a clear purpose; (2) that there are mutual understandings as to the rights and obligations of both the compliance function and the business unit; and (3) this leads to a strong inter-relationship between the two. This requires the compliance function to understand the business unit function and structure. I believe that risk assessment is a key tool here to help compliance understand not only the product and service offerings but the market as well. However a risk assessment still requires you to create an appropriate compliance program for your company. You need to manage your risks going forward.

Co-Creating with External Stakeholders

This is certainly one area that my Astros completely fail to consider – external stakeholders. Apparently the Astros are only concerned about being the most profitable team of all time by out losing every other team in Major League Baseball (MLB). But fortunately most corporations understand they do not function in a vacuum but in conjunction with others. Those include shareholders, employees, third parties, customers and, I would add, a world of existing regulations. But for the compliance practitioner, I believe that this means working with all such groups can help to build a stronger compliance regime. Clearly, a strong ethical and compliance culture directly supports a strong compliance program. As stated in the FCPA Guidance, “By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards. Compliant middle managers, in turn, will encourage employees to strive to attain those standards throughout the organizational structure.” But more than just employees are stakeholders in moving forward within compliance, in today’s world, third parties are also a part of a company’s ongoing compliance solution. Shareholders expect that, at a minimum, the companies which they invest in will follow the rules and design and implement an appropriate compliance system. If one is not in place shareholders can help to create one through the mechanism of a shareholder derivative action. Just as a baseball team has multiple stakeholders, so does a modern, multi-national corporation.

The authors present a lengthy study of several companies which used the five steps discussed above to help create profitable social enterprises. I believe this framework presents a calculus for the compliance practitioner to not only think through the design and implementation of a compliance regime but to pitch such an enterprise to management.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. © Thomas R. Fox, 2013

March 27, 2013

Amway’s Lessons in China: How to Weather the Compliance Storm

One of the questions often presented to the compliance practitioner is what to do in a foreign culture to make your program relevant and, more importantly, followed. Even if you have a well-established compliance program in other areas of the globe, moving into new or different regions can present new and different challenges. For instance, if your company has never done business in the Far East or in China, many of the cultural differences in those regions can present challenges for the implementation of a Foreign Corrupt Practices Act (FCPA) compliance program. I thought about those challenges when I read a recent article in the Harvard Business Review (HBR), entitled “Amway’s President on Reinventing the Business to Succeed in China”, by Doug DeVos, President and co-Chief Executive Officer (CEO) of Amway.

For those of you who do not know, Amway has a long running successful sales model based on door-to-door sales by independent salespersons; this direct sales model has been used by the company since the 1960s. Amway entered the Chinese market in 1995 but found that it was locked out of the market in 1998, when the Chinese government outlawed the direct sales model for Western companies. The Chinese government made this change because it believed that some direct sales models were simply scam artists, taking advantage of the Chinese peoples’ desire for all things Western. This would have appeared to sound the death knell for Amway in China as the company had never built or operated out of fixed retail outlets. The story of how Amway overcame this change in Chinese law and eventually prospered financially has some interesting insights for the compliance practitioners.

Lesson One: Understand the Market, Economics, Politics and People

Amway did not believe that the Chinese government would withdraw its legal permission to engage in direct sales. It viewed the Chinese actions as an extreme over-reaction to a relatively small problem. Further, the company believed it had shown its commitment to the Chinese market both to the Chinese people and the government. But the key in the company’s understanding came in its response in losing its license.

Senior management in the US were counseled by the head of Amway China to stay the course when she advised the company “not to lose sight of the opportunity” which presented itself to the company in China. Amway should work with the Chinese government to “create good direct selling legislation”. Relying on an old Chinese proverb (are there any new Chinese proverbs?) “If you are patient in a moment of anger, you will escape a hundred days of sorrows” the company did the spade work with the Chinese government and with its local senior management to enact reforms which set the stage for Amway’s growth in China.

Compliance Lesson: Key your eye on the compliance ball.

Lesson Two: Remain True to Your Mission and Purpose

While this concept would seem to be sacrosanct to a compliance practitioner, there may well be lots of factors driving a company’s actions in new markets, particularly when a company’s financial investment is on the line. For Amway, this meant that the company had to ask some hard business questions about itself. The question that the company eventually had to answer dealt with its core value: was it a direct sales organization only or was it a “company providing a business opportunity based on core values of partnership, integrity, and personal responsibility?” Amway decided it was the latter.

Based on this realization of its core values, the company decided not only to work with the Chinese government to create new laws to protect buyers from unscrupulous direct sellers but to do something the company had never done, create physical stores; market to them and set up suppliers to deliver products in a new and different manner. It had to set up a new distributor compensation system to begin to do brand advertising. In short, it had to learn to do business a new way but did so in a manner that it believed was consistent with its core values because once again the long term focus was on the opportunity that the Chinese market presented to the company.

Compliance Lesson: You can engage in a new business model if your core compliance and ethical values are in place.

Lesson Three: Being an Honorable Corporate Citizen

The biggest thing that Amway was able to develop was trust. This had to begin with developing a trusting relationship with the Chinese government so that Amway could prove itself to the government officials with whom it was interacting. But trust has another component; it is that you are in for the long term and you are in China to stay. The company needed to demonstrate that it “would be a long-term honorable corporate citizen in China.”

For their part, Chinese government officials listened to Amway’s ideas about how create a business environment which would benefit both Western companies with direct sales approaches and the Chinese need to protect its citizens from unscrupulous operators. But through this trust relationship, the appropriate government officials began to understand that Amway wanted to “create a mutually beneficial opportunity.” It all paid off for Amway when in late 2005, legislation was passed which allowed Western companies to engage in direct sales in China and Amway received a license in 2006.

Compliance Lesson: Not only do you have to engage in the compliance talk the talk, but you must walk the compliance walk.

Lesson Four: Stay the Course

This lesson involves how important it is to build a business by taking the long term view. The Amway view is that you must take a long term view even if it feels like you are taking a step backward at times. The Amway experience is that you can be humble without being weak. While the rules for doing business may be unique in China, the Amway experience shows that if you keep your eye on the ball for the long-term, you can overcome many substantial obstacles.

It turned out that Amway derived many advantages from their experiences in China. They developed a new and different business model, which there were able to take to other areas in the world. But perhaps the biggest change was that Amway admitted it had to change the way it had done business for over 40 years and that this change could be accomplished. But the company did so by focusing on what it needed to do to accomplish what it wanted to do.

Compliance Lesson: Your compliance program is a core part of any successful international business and integration of it into your overall business planning will pay off by making your company a better business at the end of the day.

While the Amway experience in China relates to sales, the concepts that the company used and were articulated in the HBR article provide some interesting lessons for the compliance practitioner. If you move your compliance program into a new region, listen to your local folks, take the long view and stay true to your core compliance principles. If you do this, you may well be able to install a compliance program that not only works for you but in the new territory that you are opening it into.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

February 19, 2013

Internal Advertising of Your FCPA Compliance Program

Spring training is upon us and I have always enjoyed this time of year because, as one might say, ‘hope springs eternal’ especially for baseball fans. But this year I have no hope for the Astros as they have cut their payroll even further and now have the Major League Baseball (MLB) low of $25 million. Sportswriters are opining that the only thing the Astros are in contention for this year is to beat the MLB record of losses in a season, now at the number of 120. Jim Crane, fresh from his redesign of the Astros uniform, played golf with President Obama this past weekend, so at least he has some money to spend.

I thought about the Astros and their advertising campaign that they have a plan to make the Astros competitive in 5 years or so whilst reading an article in the March issue of the Harvard Business Review (HBR), entitled “Advertising’s New Medium: Human Experience”, by Jeffery Rayport. In his piece, Rayport’s thesis is that “to engage customers, advertisers must focus on where and when they will be receptive” to your message. I think that his ideas can be used by a compliance practitioner to internally market not only a compliance program but the equally important message of compliance.

Rayport believes that advertising has traditionally been “ubiquitous but often poorly targeted, intrusive, ignored at best and actively rejected at worst.” Further, in a “media saturated world, advertising strategies built on persuading through interruption, repetition, and brute ubiquity are increasing ineffective.” He believes that advertisers must expand their definition of what advertising really is so that they can craft and place their messages so that they are not only accepted but welcomed by consumers. That sounds to me like a great goal for a compliance practitioner who is trying to sell the message of compliance throughout a world-wide based, international company.

Rayport says that a message should be less about its target and more about what you are doing for the target audience. In other words, how does the idea set out in the message “sustain and reward” affect the audience’s life? It must engage through “relevance and value”. So what does Rayport prescribe? He believes that there are four domains through which you can reach a target audience.

The Public Sphere

This is the area where we move from one place or activity to another, both online and off-line. Rayport suggests that public-sphere ads are effective through the use of one or more of four principles. (1) They are relevant in context - the message aligns with the consumer’s experience at the moment they encounter the advertising. (2) They help people reach personal objectives - this is advertising conceived as problem solving. (3) They are brand interventions - these enter consumers’ lives in targeted and useful ways and when they are needed. (4) They are engaging, refreshing, or compelling experiences - these address a specific practical function, but they can also exert influence in the remaining spheres. These four criteria should be a goal of every compliance training session. If you can help your company’s employees achieve their goals through compliance, you will go quite a long way towards selling not only your compliance program but also the message of compliance.

The Social Sphere

Rayport says that the social sphere “emphasizes broad diverse networks.” This is where we interact with and relate to one another. So messages in this sphere should help people, “forge new connections or enrich existing ones.” But it must appear at the right time and the right place to be effective. The message itself should address a specific need or problem but the key is that it facilitates social interactions. The message can both reinforce relationships and reinforce the brand. Think how powerful the compliance message could be if it met these criteria. One thing the recently released Foreign Corrupt Practices Act (FCPA) Guidance made clear is that gift-giving is not prohibited by the FCPA. You can provide gifts as tokens of esteem in parts of the world where this is a long-standing customer and practice. But I think the key is that you can tailor your message for your audience.

The Tribal Sphere

This is the area where will typically affiliate with groups to define or express our identity. It is an area of “more-focused social engagement”. But this sphere provides an opportunity to create a message that identifies with this group. Messages here must suit the “character and values of those involved” and “empower the individual.” While you may need to have some consistency across your company regarding your compliance message, this sphere would also suggest that the message in West Africa could be tailored to that market, rather than simply the same message that you give in the United States. I heard a very good example by Dan Chapman, Chief Compliance Officer (CCO) at Parker Drilling, who, when confronted with a question during overseas FCPA training about why people in his company should not bribe in a country where it was customary, explained how corruption was ruing the fabric of the country in question, and if the person asking the question did not engage in bribery and corruption perhaps he could be one step in bringing his country out of that sordid state.

The Psychological Sphere

This is the sphere is the “domain of language, cognition and emotion.” Here, Rayport believes that the message you send will serve as “shorthand for complex concepts, inspiring actions or triggering positive feelings.” Somewhat surprisingly, in the psychological realm, messages can provide, “new ways to articulate ideas, engender habit formation, guide reasoning and elicit emotion.” Rayport states that there are four different ways in which messages in this sphere can work. (1) Messages use language to establish a cognitive beachhead for a concept - the use of one or just a few more can convey a much longer and thoughtful message. (2) The message seeks to establish a habit - this means more than simply a thought of what to do, but how one should do it. (3) Such messages guide cognition - this means that messages can and should be both inspiring and practical. (4) Messages should connect on an emotional level - messages here should promote a frame of mind, in the psychological sense. Imagine if you could create a compliance message that worked on this level. Clearly this has been done by many large corporations in the area of safety, with such simply messages as ‘Safety First’ or ‘Do Safe Work’. I might suggest that you look at your company’s stated values. On the General Electric (GE) website it states that “The board expects GE directors, as well as officers and employees, to act ethically at all times and to acknowledge their adherence to the policies comprising GE’s code of conduct set forth in the Company’s integrity manual, “The Spirit & The Letter”. What if your message was simply “The Spirit & The Letter”? If an employee heard that and they immediately thought of acting ethically and adhering to your company’s compliance program, it could be quite a powerful message.

Rayport’s article provided many different ways for a compliance practitioner to think through how they might internally market a compliance program. For a company with large international work force, the traditional FCPA training may not be the only method for a compliance practitioner to reach the employees. As you begin to think of other ways to get out the message of compliance you could try some of Rayport’s ideas. As for the Astros, I would suggest that they take some of that TV money they are squirreling away and spend it on an upgrade.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

December 11, 2012

How to Create a Post-Acquisition FCPA Compliance Program Integration Plan

Your company has just made its largest acquisition ever and your Chief Executive Officer (CEO) says that he wants you to have a compliance post-acquisition integration plan on his desk in one week. Where do you begin? Of course you think about the recently released Department of Justice (DOJ) Guidance on the Foreign Corrupt Practices Act (FCPA) but remember that it did not have the time lines established in the recent enforcement actions involving Johnson & Johnson (J&J), Pfizer and Defendant Data Systems & Solutions LLC (DS&S) regarding post-acquisition integration of a FCPA compliance program by an acquiring company into a company. While there are time frames listed in the Deferred Prosecution Agreements (DPAs) that can be ascertained, one of the things that most compliance professionals struggle with is how to perform these post-acquisition compliance integrations. I recently saw an article in the December issue of the Harvard Business Review, entitled “Two Routes to Resilience”, which presented some concepts that I thought might be of use to the compliance practitioner in a post-acquisition compliance program integration scenario. It certainly might give you some ideas to present to your CEO next week.

The authors, Clark Gilbert, Matthew Eyring and Richard Foster reviewed the situation where an entity must transform itself in response to various factors such as market shifts, new technologies or low cost start-ups providing competition. In order to make such a transition, the authors posit that two transformations must take place. The first one “adapts the core business to the realities of the disrupted marketplace.” This process creates a “disruptive business” within the older more established culture. This leads to the second transformation, which the authors denominate as “establishing a ‘capabilities exchange’- a new organizational process that allows the two efforts to share resources without interfering with each other’s operations.” It is this second transformation that I want to focus on in this article.

Anyone who has gone through a large merger or acquisition knows how terrifying it can be for the individual employee. Many people, particularly at the acquired company will be fearful of losing their jobs. This fear, mis-placed or well-founded, can lead to many difficulties in the integration process. In whatever time frame the FCPA compliance practitioner faces: whether 18 months under the J&J DPA, 12 months under the Pfizer DPA or ‘as soon as is practicable’ under the language of the DS&S DPA; the process needs to move forward in an expeditious manner. In their article, the authors suggest the creation of a ‘Capabilities Exchange’ which allows “the two organizations to live together and share strengths” and will coordinate “the two transformational efforts so that each gets what it needs and is protected from [unwanted] interference by the other.” The authors put forth five steps in this process.

  1. Establish Leadership. The authors note that while this may be the “simplest step but also the one most open to abuse.” The authors believe that the process should be run by just a few top people. To establish the correct ‘tone-at-the-top’ I believe that you will need the Chief Executive Officer, Chief Financial Officer (CFO) and Chief Compliance Officer (CCO) of the acquiring company and a similar counter-part from the acquired company.
  2. Identify the resources the two organizations can or need to share. Here the authors are concerned with how much can be brought from the acquired organization into the integration. Hopefully the acquiring organization will have some idea of the state of the compliance program before the deal is closed. It may be that there is some or all of a minimum best practices compliance program in place. If so, attention needs to turn to what can continue and how will need to be integrated.
  3. Create Exchange Teams. The authors recognize that in many “synergy efforts, everyone is expected to think about ways resources might be shared.” However, they advocated that in Capability Exchanges, the responsibility should be “carefully confined to a series of teams.” Senior leadership should create these teams by assigning a small number of people from both entities with the responsibility of allocating resources used in the integration project.
  4. Protect Boundaries. The authors believe that for true transformation to take place the organization “must operate as if the future of the company depended on it.” But they must do so in a way that does not “stomp on the camel’s nose” simply because it sticks it in the tent. Once again the Leadership Team established under Item 1 must provide back up if policing boundaries is needed.
  5. Scale up and promote the new compliance program. Interestingly the authors believe that it is important to celebrate and promote the new entity to both the acquiring company, others in the company and even external stakeholders. It is important that markets and others in the same or similar industry see this evolution and growth.

Given the pressures and time frames in both the pre-and post-acquisition arenas, I believe this article provides some insight into how the CCO or compliance practitioner can think about the compliance program integration that is required in the mergers and acquisition (M&A) context. While the ideas presented by the authors relate to a different area, I believe that they can provide insight into the compliance field as well. It also could of great use to you in presenting a program to your CEO.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

December 3, 2012

Using History to Create or Rebuild a Compliance Culture

I have wondered how organizations such as Siemens, Alcatel-Lucent or any others that have faced a wide-ranging, global charge of systemic bribery and corruption might change their culture. Many others have written about the structural changes that such companies have made. For instance, the compliance monitor for Alcatel-Lucent, Laurent Cohen-Tanugi, was quoted in a recent Corporate Crime Reporter article, entitled “Alcatel-Lucent Monitor Questions Morgan Stanley FCPA Declination”, as saying “I’ve noted a very significant change in the tone at the top since the time of those events that led to this deferred prosecution agreement. These changes are due to a number of factors – such as the merger between Alcatel and Lucent. Most of the facts predated the merger. But also the new leadership that came to the company – in the persons of Ben Verwaayen and Philippe Camus. I have noted that the company has in place the policies and processes that are generally expected to fight corruption. And that is very good news.”

Another method was used by the first Chief Executive Officer (CEO) who came into Siemens after its bribery and corruption scandal. One of the things that Peter Löscher did in his first 100 days with the company was to go on a round the world tour of the company’s facilities, including meetings with employees, customers and local governmental officials. He accomplished this final component through meetings with local leadership teams, town hall-style meetings with all employees and dinners with top leadership teams in specific locations. He basically learned that Siemens employees were “shocked and ashamed, because they were very proud to be a part of Siemens.” They wanted him to help clean up the company and they communicated that to him in these town hall meetings.

I have worked for and with a number of companies that may seem to have lost their compliance path and have become embroiled in a lengthy Foreign Corrupt Practices Act (FCPA) or UK Bribery Act investigation. They may need to try and change a culture that has slipped down a path that needs redirecting. I was, therefore, interested to read a recent article in the December issue of the Harvard Business Review (HBR) by John Seaman Jr and George David Smith, entitled “Your Company’s History As A Leadership Tool”, where the authors write about a different manner in which to change or modify culture, or what I call the “historical path.”

The authors begin by stating they believe that “For a leader who hopes to take an organization into the future, one of the most powerful tools may be a sophisticated understanding of its past.” To accomplish this, the authors advocate thinking like a historian because they believe that if you do not know where you have been, it is difficult to know where you are going. By this they mean that you should base any serious decision on facts. Next, you must be willing to treat facts “with intellectual integrity – viewing them with an open mind and a willingness to be surprised.” The authors recognize that many CEO’s are faced with great pressure regarding “quarterly earnings reports and the need to react to one crisis (real or perceived) after another,” yet they believe that the best leaders have “a long range perspective on the companies they manage.”

I believe that most employees want to engage in business ethically and that they do not want their company to be known as one which engages in illegal conduct, such as FCPA or UK Bribery Act violations. Employees want their companies to be successful because of better products, better services and better delivery of both to their customers. They want to understand, be a part of and have a sense of legacy for the company that they work for and the people that they work with as employees. To help facilitate this, the authors suggest that a company can engage in seven steps to help understand where a company has been to in order to help guide it where it may be going in the future. The authors call this the “Seven Tips for Getting History on Your Side” and they are:

  1. Company Archives. Your company should begin with the archives. You should visit or begin compiling your company’s archives. The authors believe that your company’s history is “only as good as the raw material – documents, images and artifacts – that you have at your disposal.”
  2. Enrich. You should expand and enlarge your company’s archives through interviews with departing executives and long-term employees and here the authors advise “especially the outlaws and the iconoclasts.” These interviews will help to ‘flesh out the written record, which often omits the rationale for decisions or fails to note what might turn out to be important ideas or events.”
  3. Survey. Your company should find out what is known about your company’s values and history through surveys. The authors believe that this can assist in separating “fact from fiction, identify missing pieces which you will need to address and begin to understand how history has shaped perceptions about your company today.”
  4. Dialogue.  Encourage your employees to engage in a dialogue about your company. Use social media to “capture stories about the company’s past” and about what the meaning of the past has for your company’s work and values today.
  5. Post-mortems. Conduct post-mortems on major projects and initiatives – both the successful and unsuccessful. You must recognize that you can learn as much from failure as you can from success.
  6. Perspective. Your company should seek to entertain a historical perspective “before every new decision, whether it involves a new strategy, a major acquisition or investment, or a new marketing campaign or communications initiative.”
  7. Talk-Up. Your company should talk about its rich history. Its leaders, breakthrough innovations and decisive impacts and “what it says about the company you are today or want to become.”

The authors conclude by stating that “A company’s store of experience—its evolving culture and capabilities, its development within the broader contexts in which it has competed, and its interactions with government and other forces—shapes the choices executives have to make and influences how people think about the future. Great leaders respect and honor that basic truth.”

If your company needs to refocus its commitment to compliance, in addition to the compliance processes and procedures that you will need to install or enhance, you may be able to call upon a rich corporate history to assist you. It is there if you look for it and what you find may be similar to what Siemens CEO Peter Löscher found at Siemens, that employees were both proud of their company and ashamed that it had engaged in such bribery and corruption. But you do have to look.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

October 29, 2012

10 Questions to Better Management Practices in a FCPA Program

One of the things that I sorely lacked when I worked in-house was any guidance on management practices towards the implementation of either legal or compliance initiatives. Most legal and compliance departments do not train their attorneys or compliance practitioners on management practices for compliance program implementation, enhancements or upgrades after a risk assessment. I was therefore very intrigued when I came across an article in the November issue of the Harvard Business Review, entitled “Does Management Really Work?” by Nicholas Brown, Raffaella Sadun and John Van Reenen. I found the article very useful because it gave succinct advice about what a business can do to improve its management practices and determined that this advice can be applicable to a compliance program.

The authors tested three essential practices which they believe can address even the most complex global problems. The three principles which they believe “are generally considered to be the essentials of good management” are:

  • Targets: Does the organization support long term goals with tough but achievable short-term performance benchmarks?
  • Incentives: Does the organization reward high performers with promotions and bonuses while retraining or moving underperformers?
  • Monitoring: Does the organization rigorously collect and analyze performance data to identify opportunities for improvement?

You might read these and immediately think about Paul McNulty’s (Three) Maxims. I, however, believe that these three management practices can provide some assistance beyond McNulty’s queries. In the article the authors research showed that by the use of these three techniques businesses could not only set parameters but also measure on them, generally had more and better productivity and overall better financial health.

From the compliance perspective how can one use these three relatively straight forward techniques? Interestingly the authors revealed some of the questions used in interviews with over 8,000 manufacturers who were interviewed in this project. I have selected 10 questions which you might want to put use as a starting point for managing your compliance initiatives going forward as I believe that they are very good questions to use in formulating a plan for compliance program implementation or upgrade. I would challenge you to think about some of the answers to these questions in the context of your compliance program.

  1. Interconnectedness of Targets – How are compliance goals cascaded down to individual workers? Everyone recognizes the importance of ‘tone-at-the-top’ as it is enshrined in the US Federal Sentencing Guidelines, the Department of Justice’s (DOJ) minimum best practices compliance regime and the UK Bribery Act’s Six Principles of an Adequate Procedures compliance program. However, as many commentators now recognize, it is also tone in the middle and at the bottom, which may equally matter. So how do you ascertain and ensure that top management’s message gets cascaded down into your organization?
  2. Clarity and Comparability of Goals – Does anyone complain that your compliance targets are too complex? Certainly the initial role out of a compliance program can be quite a large undertaking. Perhaps another approach might be to focus on high risk areas and remediate them by rolling out initiatives to manage those risks first and then move to other areas. Many companies have reviewed and remedied the third party sales side of their business but are only now looking at the Supply Chain or Procurement side of the equation. If you work on one such problem at a time, it can help move the overall process forward in a more orderly fashion.
  3. Consequence Management – How do you deal with repeated compliance failures in a specific business segment or compliance program area? This is certainly one question that you would want to consider carefully. Do you have problems with one business unit or one geographic area from the compliance perspective? Are gifts in China, for example, an ongoing issue for your company? What about travel and entertainment? Areas that show up again and again will merit more focused attention.
  4. Instilling a Mind-Set – How do senior managers show that attracting and developing talent who will engage in ethical business conduct is a top priority? Here you should consider bringing in your Human Resources Department for not only assistance but their expertise. If top management will make a commitment to this, you should work to create the appropriate mind-set of doing business the right way throughout your organization.
  5. Removing Poor Performers – How long is compliance underperforming tolerated? In many ways, this question is the flip side of number 4 above. I think that many companies would clearly say that they will discipline, up to and including discharge, any employee who engages in practices which violates the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. But this question drills deeper and forces a more rigorous analysis on not just FCPA failures by employees but poor ethical choices which may be less than full FCPA violations.
  6. Unique Employee Value Proposition – What makes it distinctive to work at your company? More pointedly, how can your compliance challenges be turned into business leadership opportunities? Ethisphere annually shows that its top list of the Most Ethical Companies out performs the Standard & Poor (S&P) 500. If you can turn the distinctiveness of what your company does into a compliance plus in the marketplace, it could well make your business more profitable.
  7. Continuous Improvement – How do compliance programs that are not working typically get exposed and fixed? There is a difference between auditing and monitoring. Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. A robust program should include separate functions for auditing and monitoring. While unique in protocol, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits.  For example, if you notice a trend of suspicious payments in recent monitoring reports from a country in the Far East, it may be time to conduct an audit of those operations to further investigate the issue.
  8. Performance Tracking – What key compliance indicators do you use for compliance tracking? Here you need to look at the metrics which you have developed. A good starting point can be with your hotline or helpline. What can you determine from the calls or reports which come in through these systems? What if you have not had any reports for several years, what should that be telling you about your communication to your employee base? Or does it mean that people have not been properly and effectively trained that a hotline or helpline exists and is available for their use or, more ominously, are afraid to make any reports for fear of retaliation or even losing their jobs? This is certainly something you should take a good look into, whichever way the metrics are going for your company.
  9. Performance Dialogue – For a given compliance problem, how do you identify the root cause?  If you do not know what the cause of a problem is, you cannot successfully work towards remedying that problem. This does not simply mean firing any persons involved in a potential FCPA violation. You need to dig down and found out what allowed this issue to arise. I once heard that the difference between Japanese and American post-incident investigations is that in the US there is an attempt to assess blame, conversely in Japan there is an attempt to find a solution to the problem. This is the approach that I believe compliance practitioners should take, to try and find a solution by determining the root cause of a compliance failure.
  10. Retaining – What are you doing to retain your top employees from the compliance perspective? This is not a question that is typically asked in the compliance department. But one thing you can look at is what your company is doing to retain, promote and take to senior management those employees who do business in an ethical manner and in compliance with your company Code of Conduct.

I found the article to be very useful when applied to the compliance practitioner by not only using the triumvirate of targets, incentives and monitoring as a management practice but also the questions that the authors posed in the context of your company’s own compliance program. We continually face the challenge of keeping up with the ever evolving compliance best practices with little or no budget increase. I found that this article had points which you can ask yourself, and of your compliance program, which can facilitate a robust discussion that can highlight areas for improvement.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

October 24, 2012

Global Innovation for Your Compliance Program

One of the areas where the best practices for Foreign Corrupt Practices Act (FCPA) compliance programs is evolving is in the area a less US centric approach and incorporating the diversity across the globe. Many companies are now realizing that there should not be a one size fits all compliance program and that there is a treasure trove of ideas and capabilities in the compliance arena around the globe. This is also true regarding compliance talent as there is much talent outside the US which can and should be utilized by a company in constructing and developing their compliance group. Once found this diversity and talent must be groomed and integrated into an overall compliance structure for success.

A recent article in the Harvard Business Review, entitled “10 Rules for Managing Global Innovation” by Keeley Wilson and Yves L. Doz, explored some of these challenges and provided insight into how to tackle this issue from the corporate innovation angle. I found their article a good road map for the Chief Compliance Officer (CCO) to tap into and develop compliance talent. Wilson and Doz believe that many enablers of innovation occur naturally in a single location because “single location projects draw on large reservoirs of shared tacit knowledge and trust” but when these “projects span multiple locations, many of those natural benefits – often taken for granted -  are lost.” The authors formulated ten principals for successfully managing such global innovation projects across multiple locations which I believe translates into actions that a CCO or compliance group should institute when implementing or enhancing FCPA or Bribery Act compliance regimes.

  1. Start Small. The authors believe that to be effective, dispersed teams have to develop a “new set of collaboration competencies and establish a collaboration mind-set.” This can be done by running one or more small projects before the entire system rollout. In this way, a consensus can be developed on working practices and protocols. Additionally systems bugs can be worked out.
  2. Provide a Stable Organizational Context. Periods of major change in an organization present their own set of problems, so the authors advise, to the extent possible, a global innovation program should be initiated during times of relative stability.
  3. Assign Oversight and Support Responsibility to a Senior Manager. In addition to the usual key of having strong senior executive support as a factor for success, the authors believe that given disparate locations and teams, a strong senior leader will be needed to arbitrate disputes and generally be the ultimate decision maker.
  4. Use Rigorous Project Management and Seasoned Project Leaders. The authors believe that for global innovation to succeed there must be “a strong project management team to drive the project on a day-to-day basis and strong team leaders supported by robust tools and processes.” Often times, there are no off-the-shelf tools available so that they must be created to fulfill this role.
  5. Appoint a Lead Site. It is important that there be one person at each implementation site who can focus on the bigger picture, the overall integration of the solution. The authors believe that a key to overcoming localized support for their own initiatives is to task one lead to liaise so that he/she can have an understanding of the bigger picture and work towards appropriate resource allocation.
  6. Invest Time Defining the Innovation. When an implementation or innovation project is split over several time zones, the authors believe that there “is little latitude for iterative learning.” This means that the goals must be clearly defined and specified from the outset of the project. This definition process also helps but up trust and overall relationships between multiple locations.
  7. Allocate Resources on the Basis of Capability, Not Availability. The authors believe that the staffing of a global innovation or implementation project “requires a great deal of attention in order to select and integrate the best possible knowledge and capabilities.” Companies usually staff projects with the resources on the ground that are available. The authors believe that this is a mistake and companies should rather “bring together distinctive and differentiated knowledge and capabilities from around the world to create unique innovations.”
  8. Build Enough Knowledge Overlap for Collaboration. Without some overlap, the authors believe that “critical interdependencies between modules may not be apparent until the integration phase” when the cost is too great to change something. The authors cite to the Siemens example where one team member was tasked with liaising with other teams to ensure some overlap.
  9. Limit the Number of Subcontractors and Partners. The authors believe that in such global innovation initiatives, the lead should be driven by the company’s own workforce and not led by professional consultants or other third parties. Clearly for employee buy-in it is important for there to be employee involvement, additionally the authors believe that the coordination of third parties may be more time consuming and at the end of the day, more trouble than it is worth.
  10. Don’t Rely Solely on Technology for Communication. After the project is completed, it is critical that it be communicated effectively throughout the workforce. The authors believe that many managers “tend to underestimate the challenge of scaling communications globally.” Without robust communications, all of the good work to-date may not be fully disseminated throughout the company. So the human element is important and the authors advise as many communications as possible where there is an opportunity for employee interaction with the project sponsors publicizing the initiative.

The authors focus has been on global innovation initiatives. However I think these ten points are an excellent resource for the compliance practitioner to utilize when developing or rolling out a major compliance initiative. Even Mike Volkov recently saw the light and advocated the decentralization of the compliance function throughout an organization. This decentralization may well bring compliance initiatives from areas or regions not traditionally seen as a hotbed for such ideas. This article establishes a framework for the compliance practitioner to use for such compliance innovation.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

September 5, 2012

The Art of Strategic Compliance Plan – A Seven Step Process

I recently wrote about my colleague Stephen Martin’s thoughts on having a 1-3-5 year strategic plan for your company’s Foreign Corrupt Practices Act (FCPA) or Bribery Act compliance program. I am often asked where a compliance practitioner can come up with some ideas to put in such a strategic plan. Clearly one excellent area to study are the ongoing enforcement actions, which are all publicly released. They not only provide insight into the Department of Justice’s (DOJ) thinking on current best practices in the area of FCPA compliance programs but with the recent addition of “Enhanced Compliance Obligations” as found in the Johnson & Johnson (J&J) and Pfizer Deferred Prosecution Agreements (DPAs) there is solid information on some of the most cutting edge compliance initiatives which companies are now using. While you should recognize that these “Enhanced Compliance Obligations” are tailored for the specific company the DPA deals with, nevertheless you can review the concepts and implement those which are appropriate for your company.

Like many compliance practitioners, I came to this field through a corporate law department. As such the focus was usually not on strategic objectives nor did we typically receive much training on how to go about such a process. I was therefore interested in an article in the September issue of the Harvard Business Review (HBR), entitled “Bringing Science to the Art of Strategy”, co-authored by A. G. Lafley, Roger Martin, Jan Rivkin and Nicolaj Siggelkow, which explored the idea that company leaders could be much better in “marrying empirical rigor and creative thinking.” The authors laid out a provocative calculus for developing novel strategies through a “genuine inquiry that’s at the heart of the scientific method.” The authors set forth a step-by-step process in which creative thinking yields possibilities and tests these possibilities using rigorous analysis. The steps are:

1.      Move from Issues to Choice. You need to convert your issue into at least two mutually exclusive options which might resolve the issue. This is because most organizations “will fall into the trap of investigating data related to issues rather than exploring and testing possible solutions.” By framing the problem or issue as a choice, you will focus on “what you have to do next, not on describing or analyzing the challenge.”

2.      Generate Strategic Possibilities. You will need to broaden your list of options to ensure that there is an inclusive range of possibilities. By this the authors mean that possibilities should be creative. Further they identified three key components for such possibilities. First, detail the advantage the possibilities aim to achieve. Second, the scope across which the advantage applies. Third, the activities that will deliver the intended advantage.

3.      Specify the Conditions for Success. For each possibility that you or your group generates, you must describe what must be true for the possibility to be strategically sound. The authors make it clear that this step is not intended “for arguing about what is true” nor is it intended to “explore the soundness of logic behind various possibilities.” This step is intended to require the skeptic to “specify the exact source of skepticism” and require the possibility progenitor to “understand the skeptic’s reservations and develop the proof to overcome them.”

4.      Identify Barriers to Choice. This step is designed to put a “critical eye on the conditions” identified in Step 3. To do this you should determine which conditions are the least likely to hold true. Interestingly, in this step the authors suggest the following process: ask the group members to “imagine that they could buy a guarantee that any particular conditions [identified in Step 3] would hold true.” The condition chosen should be the condition which is the greatest barrier to success. You should then continue the process until all conditions are ranking in such an order.

5.      Design Tests for Barrier Conditions. For each key barrier, you should devise a test which you deem to be valid and sufficient to generate commitment within your organization. The authors do not specify any particular test but say that “the only requirement is that the entire group believes that the test is valid and can form the basis of rejecting the possibility in question or generating comment to it.”

6.      Conduct the Tests. In this step you should start with the test for the barrier conditions in which you have the least confidence. The authors suggest that you bring in outside professionals to administer the test or at least some other group within your company. They caution that the role of these testers is to test; their role is not to revisit or analyze the conditions that your group has set. The key is that the testing has to be “an inch wide and a mile deep” which the authors explain requires that the testing should target the “concerns which could prevent the group from choosing an option and exploring those areas thoroughly enough to meet the group’s standard of proof.”

7.      Make the Choice. Finally, you will need to review your key conditions in light of your test results in order to reach a conclusion. The authors believe that the correct strategy will appear from the results and that greater team consensus will be generated by the seven step approach they suggest.

I found this article very interesting as it provided a useful guide on how to think through devising a strategic plan. In the compliance arena, if you could weld this process to Stephen Martin’s ideas for a 1-3-5 year strategic plan, it would provide a powerful tool for you to use not only in promoting your compliance initiatives internally but if the government ever comes knocking at your door.

I will be co-presenting with Stephen Martin next week in Chicago at an event hosted by Kreller. It will be Tuesday, September 11 at the University Club of Chicago. If you are in the area, please come by and here about Stephen’s 1-3-5 plan and much more about FCPA compliance programs. For more information, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Next Page »

Customized Rubric Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,199 other followers