FCPA Compliance and Ethics Blog

January 15, 2014

Compliance Networks as Knowledge Networks

7K0A0246As compliance programs mature, they become less top down driven and more inculcated into the DNA of a company. The more doing business ethically and in compliance becomes part of the way your company does business, the better off you will be down the road. One of the methods that you can use is to set up a compliance network within your organization. I recently read an article in the Fall issue of the MIT Sloan Management Review, entitled “Designing Effective Knowledge Networks”, by Katrina Pugh and Laurence Prusak, in which they discussed knowledge network design as a mechanism to facilitate desired behaviors and outcomes. I found their ideas very useful in the compliance context.

Generally speaking, knowledge networks are a “collection of individuals and teams who come together across organizational, spatial and disciplinary boundaries to invent and share a body of knowledge. The focus of such networks is usually on developing, distributing and applying knowledge.” This is what a compliance regime should strive for within a company’s organizational structure. The authors believe that with the design of an effective knowledge network, a company can not only affect dynamics but also drive behaviors. In designing such a knowledge network, the authors postulate that there are “8 dimensions of a knowledge network” which encompass strategic, structural and tactical issues which must be considered. They are as follows:

  1. What is your Leaders’ shared theory of change?
  2. What are the objectives/outcomes/purposes of the knowledge network?
  3. What is the role of expertise and experimental learning in the knowledge network?
  4. What is your inclusion and participation in the knowledge network?
  5. What is the operating model of your knowledge network?
  6. How do you convene structures and infrastructures for your knowledge network?
  7. What is your facilitation and social norm development?
  8. What are your measurements, how do you elicit feedback and provide incentives?

Leaders’ Shared Theory of Change

This dimension is “as much about being explicit about how to have an impact as about how to be a leadership team. We found that good leaders were role models, inspiring members to act, and they did not delegate work such as being online and responding to discussions.” You should be able to describe the mechanism through which compliance will have an impact on both the organization generally and employees individually. This dimension encompasses such issues as how will employees learn and adapt their compliance knowledge into action.

Objectives/Outcomes/Purposes

Here the authors suggest a formal charter to define the “purpose and target outcomes.” In the compliance arena, this may be the Code of Business Conduct or other foundational document for your compliance program. Components can also be drawn from you policy and procedures. But the key under this dimension is that there is community purpose, norms, values and outcomes which are documented for moving forward.

Role of Expert and Learner

For the compliance knowledge network, this dimension signifies communication both downward and up the command chain of the company. So not only should an organization be open to innovation on issues but upper management should also encourage participation and must listen. There are different ways in which compliance can be achieved and these lines of communication need to be fostered. But, equally importantly, this dimension speaks to internal company reporting and whistle-blowing.

Inclusion and Participation

A compliance network positions the network among other operations within the company’s organizational models. A compliance network should seek out cognitive, geographical and professional diversity, or an amalgamation of separate social networks within your organization. You may also need to balance technical or operational expertise with convening or networking skills. You could create profiles for the types of people you want within your compliance network to allow you to easily and early on identify candidates for the network.

Operating Model

Your compliance leadership should decide what roles, responsibilities and decision processes are needed for your compliance network. All stakeholders should be described in the operating model, and there should be clarity about how resources are allocated. This should be true for core team members as well as small project teams or working groups that assemble for just a few months to complete a task.

Convening Infrastructures

This dimension concerns the structures which are used to build cohesion, connectivity, collaboration and engagement. Core network teams may develop a matrix for the channels or vehicles that are used to identify both the purpose and the team members who will be involved. Even with the social media that is available in today’s business world, the authors believe “recent research that found that teams’ performance correlated directly to the frequency and variety of real-time interactions.” The degree of face-to-face and voice-to-voice interaction depends on the compliance objectives involved. Rapid idea development and innovation require live discussions (online or in meetings), while intellectual capital management requires document management and broadcast communication. However it may be that if you have a wide compliance knowledge network, in many countries, a text based approach may be more appropriate, particularly if English is a second language to many of your team members.

 Facilitation and Social Norm Development

 The authors advocate that certain compliance network members be designated as “facilitators and change agents” whose role would include leading “members in meetings, discussions, games, events and other interactions to draw out their hidden insights or to provoke a common curiosity.” Added to this concept, the authors believe that “Social norms — such as inclusion, openness, transparency, accountability, curiosity and quality — are integrated explicitly into the facilitation processes. For example, respect for diversity could be conveyed in the tone and language of meeting agendas, discussions, blogs and quick polls.” This means not only prodding and pulling questions and answers from team participants but sometimes translating concepts for the group’s benefit.

Measurement, Feedback and Incentives

Some of the things that you need to consider under this dimension are what are the outcomes you are trying to achieve and how will you know when you meet them; in other words, what metrics will you employ? You will need to consider evidence of failure or success in the compliance network participation as well as mechanisms to incentivize employees to be involved. The authors recognize that performance metrics for compliance network performance can be “elusive” but they believe that by having a map with ongoing checkpoints, which delineates the pathway between inputs and outcomes, can be a key technique to aid in measurement. The authors note that “Incentives include the extrinsic (community celebrations or letters or appreciation directed to managers or network members) as well as the intrinsic (learning something new or solving a problem quickly). High-performing network leaders manage to minimize bureaucratic review and tie performance to incentives quickly so that members feel pride, connection and even healthy competition.”

One of the goals of any compliance program is to become part of the fabric of a corporation. Ironically, some of the most innovative compliance initiatives are made by companies with a sole Chief Compliance Officer and a miniscule compliance budget who is forced to ‘do more with less’. Creating a compliance knowledge network can be one manner in which to leverage your employee talent base across your organization. However you go about it and whatever your reasons might be, in creating a compliance knowledge network, you will drive compliance into the DNA of your company.

 Episode 33 of the FCPA Compliance and Ethics Report is up. In this episode I visit with Bruce Carton, Founder and Editor of Securities Docket.com on his top SEC issues from 2013. You can check out the interview by clicking here. It is also available for download on iTunes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

September 27, 2013

Compliance Programs as Knowledge Networks

The more I read articles about management and business systems, the more I am convinced that compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act can be viewed as a formative business process. In this month’s issue of the MIT Sloan Management Review, in an article entitled “Designing Effective Knowledge Networks” authors Katrina Pugh and Laurence Prusak explore how companies can help to facilitate desired behaviors and outcomes by paying attention to the dimensions of knowledge network design.

The authors begin by noting that knowledge networks are as old as humanity itself. They define knowledge networks as “collections of individuals and teams who come together across organizational, spatial and disciplinary boundaries to invent and share a body of knowledge. The focus of such networks is usually on developing, distributing and applying knowledge. For-profit and nonprofit organizations of all sizes are seizing on this model to learn more quickly and collaborate productively. However, for every successful network, others have lost steam due to poor participation, goal ambiguity, mixed allegiances or technology mismatches.” What intrigued me about this concept was that if you think of a compliance regime as a knowledge network of how to do business ethically and in compliance, the authors have some key concepts to help you in your system design.

I.                   Framework for Knowledge Network Effectiveness

The authors begin by setting out a framework to capitalize on the “cohesion, conversation and connectedness” of a knowledge network. It all begins with an outcome, which is then calculated to meet your area of focus, which, for the compliance practitioner, is your compliance program. Next are the Behaviors, which the authors deem to be “conducive to outcomes: cohesion, demonstration of trust, connection sharing, using a common technology platform and making investments in collaboration”. Here the key is that network members are committed to “moving knowledge sharing to the platform so that everyone can benefit” from it. Next are the Dynamics, which are defined as “feedback loops, the systems and structures that sustain a given behavior. Dynamics can also be patterns of interaction with the outside world, such as reactions to market threats and incentives.” Finally, the authors detail the Design/Construction of the network. This final framework component “encompasses the set of conditions that network leaders explicitly put in place to trigger those dynamics and, in turn, set behaviors into motion.”

II.                 Eight Design Dimensions of Knowledge Networks

The authors identified eight performance information techniques and incentives to move behaviors forward. These eight design dimensions encompass three general concepts; those being Strategic, Structural and Tactical.

A.    Strategic

  1. Leader’s Shared Theory of Change. Here the authors said that leaders can describe the mechanisms through which the “network activities will have an impact on” its members and the organization. It is important so that everyone is well aligned and acts consistently.
  2. Objectives/Outcomes/Purpose. The authors state “leaders help define the network’s purpose and target outcomes. Outcomes can be solving a specific problem or combining forces and knowledge. They can be classified as one or more of the network goals described earlier, such as support of individual members.” They further advocate that a “charter or similar document lays out the network’s objectives and purpose, which need to be sufficiently crisp that members can state them.”
  3. Role of Expertise and Experimental Learning. Interestingly the authors believe that safety and respect are critical so that members will feel like they can speak out and speak up. It is critical that those persons who have the most knowledge do not dominate all of the proceedings. Leaders who understand the disparity of knowledge in their team members can “set a tone of safety and humility.”
  4. Inclusion and Participation. This part is key for the compliance practitioner because a knowledge network does not exist in a vacuum. There are always operational or other competing organizational models. It is not necessarily convergence but rather to “balance technical or operational expertise with convening or networking skills.”

B.     Structural

  1. Operating Model. Under this step “Knowledge network leaders decide what roles, responsibilities and decision processes are needed for optimal network operations. All stakeholders, including the public, should be described in the operating model, and there should be clarity about how resources are allocated.” However this step is dynamic and not static as operations can change over time and “the core leadership team may rotate to add fresh ideas and reduce burnout.”
  2. Convening Structures and Infrastructures. Under this piece, the authors proposed that leaders should use all the business’ communications tools available, stating “online and real-time or live convenings serve to build cohesion, connectivity, collaboration and engagement.” The amount of “face-to-face and voice-to-voice interaction depends on the network objectives. Rapid idea development and innovation require live discussions (online or in meetings), while intellectual capital management requires document management and broadcast communication.”
  3. Facilitation and Social Norm Development. Here the authors suggest that knowledge network leaders should “take on the roles of facilitators and change agents, not just project managers.” To do so, they “could agree about how to model and develop positive interactions within the network.” Many prevailing social norms, “such as inclusion, openness, transparency, accountability, curiosity and quality” should therefore be integrated explicitly into the facilitation processes.

C.    Tactical

  1. Measurement, Feedback and Incentives. Network leaders should look for evidence of the success or failure of participation in the network. Once again this is key for the compliance practitioner. The metrics must be both “credible and appropriate in terms of effort and relevance.” This database can be viewed monthly, quarterly or on different time frames but the key is to use the data to assess where you might be going and what improvements you might need to made. The authors end this point by stating that “High-performing network leaders manage to minimize bureaucratic review and tie performance to incentives quickly so that members feel pride, connection and even healthy competition.”

III. Conclusion

I found this article very useful because it presented many of the concepts that a compliance practitioner must work through in the implementation or enhancement of a compliance program. While the authors’ presentation was focused on knowledge networks, if you accept that a compliance program is really a network of knowledge which helps guide employees on how to conduct business in compliance with anti-corruption laws such as the FCPA; I believe it can help to do business within the guidelines of a best practices compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

August 29, 2013

How to Build a Culture of Ethics and Compliance: the Greatest Article Ever – Part III

Today I conclude my exploration of the article in the summer 2013 issue of the MIT Sloan Management Review, entitled “Designing Trustworthy Organizations”, by the quartet of authors: Robert F. Hurley, Nicole Gillespie, Donald L. Ferrin and Graham Dietz. In case you missed the previous articles, or are reading Part III before Parts I or II, let me start by reiterating – IF THERE IS ONLY ONE ARTICLE THAT YOU READ ON ETHICS AND COMPLIANCE IN 2013 THIS IS THE ONE TO READ. This the single best article I have ever read on how to build or maintain a culture of compliance, as it gives a specific road map to the compliance practitioner, in-house counsel or any other business executive on how to instill a culture of ethics and compliance in your company. In Part I, I looked at why such ethics and compliance failures occur from an organizational perspective. In Part II, I considered how to build ethical organizations which do business in a compliant manner. For Part III, I will conclude with the steps a company can take to rebuild trust in an organization after a catastrophic failure in ethics and compliance.

The authors correctly note that much can be learned from an organization in how it responds to crisis. Paul McNulty often says that the key analysis to make in any assessment of a potential penalty under the Foreign Corrupt Practices Act (FCPA) is “What did you do about it?” I label this as “McNulty’s Maxim No. 3”. However, after every storm there is an opportunity for a company to rebuild a culture of ethical behavior and doing business in compliance. The authors identified what they believe to be three critical stages in any such comeback. They are (1) investigation; (2) organizational reform; and (3) evaluation.

I.                   Investigation

In order to begin the process of repairing a corrupt corporation, the authors believe that there must “credibility, rigor, independence and accuracy of the investigation.” A clear example where this was not done was in the situation where the Wal-Mart corporate office sent the investigation of allegations of bribery and corruption in its Mexican subsidiary back to the people alleged by the company’s internal whistleblower to have headed up the bribery and corruption; with predictable results. The authors believe situations like this occur when a company is “so concerned with appearance and damage control that they are unwilling to engage in the degree of examination required to root out entrenched” ethics and corruption violations.

The FCPA Guidance anticipates this prong when it advised companies to “Moreover, once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken”. Jim McGrath, among others, regularly writes about the need for companies to employ outside counsel who specialize in such investigations. McGrath’s suggestion would certainly fit with the authors’ recommendation on this point.

The authors also note that the investigation must drill down and determine “how each element of the organizational system directly or indirectly contributed” to the ethical and compliance failures. Only by such a thorough investigation can a company begin the road to recovery. So not only will an independent investigation bring a jaundiced eye to discover the facts but such a granular view will lead to the necessary “recommendations for systemic reform.”

II.                Organizational Reform

The authors begin with a single line that all compliance practitioners need to paste in front of senior management and company executives, “Since all trust [i.e. compliance] failures are systemic, the organizational reforms need to be systemic as well.” ‘Rogue’ employees exist or are created by a company culture and internal control system that either encourages such behavior or actively rewards it. Due to this, the authors recommend that “Structures, systems and processes should be the first point of intervention”. But the authors caution that this is only the start and if these are the only items addressed, they are “unlikely to produce sustainable change.” This is because the more difficult, yet more important, changes in ethics and doing business in compliance involve an organization’s “culture, strategy and leadership and management practice.” In other words, if management does not make the start at changing the culture, violations will likely continue.

To make such a universal change, the authors believe that “systemic reforms need to be reinforcing and congruent so that trustworthiness becomes embedded in the organization’s culture over time.” So not only do leaders have to change the way that they lead, but the way employees do their work must also change. A true change in company DNA may be required to move to doing business ethically and in compliance with the burgeoning world-wide regime of anti-bribery and anti-corruption legislation.

III.             Evaluation

The authors caution that even if systemic changes are made by an organization, they still “must be evaluated to ensure that they are working as intended and pitfalls must be addressed.” Because a true systemic change can be so difficult the most important prong in repairing a culture which has fallen short of doing business ethically and in compliance is through “ongoing assessment, learning and course correction”. The first step is “to take a systems perspective to accurately diagnose and reform the true faults in the organizational system, and then to evaluate the effectiveness of the reforms.” This aids to not only help repair a culture of ethics and compliance but to embed such values in an organization. Lastly, by embedding such values within an entity it becomes more resilient to future ethics and compliance failures by (hopefully) detecting them early and remediating the issue(s) quickly.

IV.              Three Examples

The authors concluded with examples of three well-known companies which were able to repair themselves and do business more ethically and in compliance.

A. Siemens

Siemens AG is well-known for having the highest fine, $800MM, in the history of the world to date for its FCPA violations, $800 MM, paid to the US government. It also paid the equivalent amount to the German government for a total fine in the neighborhood of $1.6 bn. Such costs do not include the investigative costs. The authors detailed the following steps that Siemens took:

  • Appointment of an externally led, comprehensive and independent investigation, including some staff amnesty provisions during the investigation.
  • Appointment of a respected independent expert to advise on ethics and compliance reforms.
  • Revisions to the company’s Code of Conduct, reformation to policies and procedures on doing business ethically and in compliance, creation of an internal company ombudsman and compliance help desk.
  • The training of more than 200,000 employees on anti-corruption practices to shift beliefs and values.
  • Streamlined structures to provide clear lines of responsibility.
  • There was a five-fold increase in the number of employees dedicated to doing business ethically and in compliance.
  • There were high-profile departures from the company and more than 900 disciplinary actions related to anti-corruption.

B. BAE Systems

It is well-known that former British Prime Minister Tony Blair is famous for shutting down his country’s Serious Fraud Office’s investigation into bribery and corruption allegations against the UK aircraft manufacturer under UK anti-bribery and anti-corruption law. However such help from friends on high did not help the company stay out of bribery and corruption hot water as it was hit with a $400MM fine for its FCPA transgressions. The authors reported that it took the following steps in its repair of its ethics and compliance culture:

  • The formation of the Woolf Committee to investigate the company and eventually make 23 recommendations regarding doing business ethically and in compliance.
  • New responsible trading practices were put in place to help employees in commercial decision making going forward.
  • The Code of Conduct was revised and new policies and procedures were put in place on bribes, donations, hospitality and political lobbying.
  • A new corporate governance structure was put in place which allowed oversight by an independent ethical leadership group and the creation of an ethics helpline.
  • A training program for all senior management in ethics and compliance was instituted.

C. Mattel Toys

The company was not faced with anti-corruption allegations as were the first two companies above. However, its sins may have been even worse because of the safety issues involved. A Chinese manufacturer for the company outsourced the production of certain toys. This allowed the use of lead-based paint by the sub in the production of millions of toys. The use of lead paints has been banned for the use of toys for many years in the US due to safety concerns. The authors reported that Mattel took the following steps:

  • Production in the facilities alleged to have used lead-based paint was ceased and all products were recalled.
  • There was full and proactive cooperation with regulators across the globe.
  • There was an independent and thorough investigation.
  • There was a second product recall, linked to faults in Mattel’s own design of a toy.
  • There were coordinated sector level discussions in the company on mandatory safety regulation.
  • There was a revision and strengthening of supply chain audit procedures.
  • The company established a new corporate responsibility division which reports directly to the Chief Executive Officer (CEO).
  • The company agreed to an audit by an independent Non-Governmental Organization (NGO) of its supply chain practices.

I have labeled the GlaxoSmithKline PLC (GSK) corruption and bribery scandal as the most significant event for compliance practitioners in 2013. This is because of the entry of the Chinese government into the investigation and possible prosecution of western companies for conduct that the Chinese government heretofore turned a blind eye towards. I do not believe it will be long before other countries begin to look at the corruption of their officials under the rubric of their own domestic anti-bribery legislation. Subsequently, companies need to have a system in place to do the three things that the FCPA Guidance suggests, that being “A well-constructed, thoughtfully implemented, and consistently enforced compliance and ethics program helps prevent, detect, remediate, and report misconduct, including FCPA violations.”

But more than simply having such a system in place to comply with anti-corruption laws, “An effective compliance program promotes “an organizational culture that encourages ethical conduct and a commitment to compliance with the law.”” The authors have taken their concepts and wrapped them into an entire corporate culture. They believe that organizations with such commitment to doing business ethically and in compliance “tend to be high-performing, with lower employee and customer turnover, lower monitoring costs and even better financial returns.” That final sentence is the bottom line for all of this; companies committed to such conduct do better financially. It does not get much starker or clearer than that.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

August 28, 2013

How to Build a Culture of Ethics and Compliance: the Greatest Article Ever – Part II

Today I continue my exploration of the article in the summer 2013 issue of the MIT Sloan Management Review, entitled “Designing Trustworthy Organizations”, by the quartet of authors: Robert F. Hurley, Nicole Gillespie, Donald L. Ferrin and Graham Dietz. In case you missed Part I or are reading Part II first, let me start by reiterating – IF THERE IS ONLY ONE ARTICLE THAT YOU READ ON ETHICS AND COMPLIANCE IN 2013 THIS IS THE ONE TO READ. This the single best article I have ever read on how to build or maintain a culture of compliance, as it gives a specific road map to the compliance practitioner, in-house counsel or any other business executive on how to instill a culture of ethics and compliance in your company. Today I will discuss how to build ethical organizations which do business in a compliant manner. In Part III, I will conclude with the steps a company can take to rebuild trust in an organization after a catastrophic failure.

Building an Ethical Organization

To do this the compliance practitioner needs to instill ethics and compliance into the organization. This can include “setting formal and informal constraints, incentives, expectations, values and norms” all of which influence the behaviors of employees and even third parties with whom the company does business. The authors note that employees are influenced by both formal and informal controls; which can promote either “diligence and honesty—or recklessness and malfeasance.” Lastly, positive signals, through various mechanisms, all help but if you have mixed or “deviant messages” this can lead to cynicism or unethical behavior by your company’s employees.

Near and dear to my heart is the role of such anti-corruption legislation as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act, which the authors acknowledge play an integral role in supporting a company’s ethics and compliance program. But they note the warning, as voiced in the FCPA Guidance, that such laws are only the starting point to create an effective ethics and compliance regime. Moreover, and this next statement speaks directly to those who believe that a compliance defense will lead to more companies following the prescripts of the FCPA, the authors note “Sadly, external regulation may give organizations a false sense of security that can lull them and their stakeholders into complacency” about their ethics and compliance regime. Once again, witness GlaxoSmithKline PLC (GSK) which had about the strongest paper program that a company can provide.

The authors have devised a six-step approach which they call a “Model of Organizational Trust” (Model) and I believe are six steps you can use to build up a culture of ethics and compliance. This Model is based upon their collective research and study, systems theory and strategic organizational design. The Model, which allows you to embed such a culture of ethics and compliance into your organization, weaves the six signals that employees draw upon when making decisions of trust into “their infrastructure and core processes” which the authors believe over time earns the trust of the various company stakeholders. Their Model of Organizational Trust and some key questions pertaining to each step are as follows:

  • Leadership and Management. This requires leaders who embody the company values and expect the same from its employees.
    • Does management at all levels model company values?
    • Does management serve stakeholder interests before self, act with integrity and competently and predictably deliver on commitments?
    • Does management communicate openly, listen and demonstrate concern for employees?
    • Do managers hold their teams accountable for competent execution of strategy while upholding company values?
  • Culture. This requires strong shared norms and beliefs that encourage all stakeholders to uphold companywide values and deter deviation from those values.
    • Are there strong cultural values and beliefs that bond people and unify subcultures to serve stakeholders?
    • Are the values of respect and fairness for stakeholders, acting with integrity, doing business with competence and predictability on delivering on expectations held deeply enough within the company that acting against them is perceived to be wrong?
    • Are company values articulated and activated such that employees support the company’s mission beyond the interests of self or subgroups?
  • Systems. There must be systems in place for planning, reporting, budgeting to reinforce ethical and compliant behaviors, all linked to culture and strategy.
    • Do selection, induction, training, compensation, promotion, evaluation and succession systems reinforce the company espoused values?
    • Do communication, planning and information systems enable effective coordination, alignment of interests and meaningful mutual dialogue?
    • Are there robust mechanisms to surface and facilitate reporting of ethical violations?
  • Product and Service Development, Production and Delivery. There must be processes in place which ensure that stakeholder needs and expectations are met, that company values are upheld and that relevant anti-bribery and anti-corruption laws are met.
    • Are development and production processes focused on serving both company and stakeholder interests, including those of the customers and suppliers?
    • Is there testing to ensure that production competently and predictably meets standards?
    • Is the company’s supply chain monitored to ensure that it meets the goals of respect, fairness, predictability and competence to reach stakeholder expectations?
    • Does the company listen and respond to non-company stakeholders such as the supply chain and customers?
    • Is there a robust product service recovery process?
  • Structure. There must be formal organization and governance that set clear roles and accountability and provide discretion within prudent internal oversight.
    • Does the company structure provide clear roles, responsibilities, accountabilities and alignment of interests across groups?
    • Does the company structure provide adequate governance and monitoring at all levels to ensure competent execution of strategy in a manner that upholds the company’s values?
    • Does the company structure engage and facilitate open communication with stakeholders?
  • Strategy. The organization must have a clear mission that it will do business ethically and in compliance and that these values accommodate stakeholder values as well.
    • Is the company clear about its mission and strategy to serve all stakeholders?
    • Is the execution of this strategy evaluated from all stakeholders’ perspectives?
    • Does the company strategy align with its values?
    • Are decisions made and resources allocated in a way that shows respect, fairness, integrity and alignment with stakeholder interests?
    • Do the stakeholders perceive that strategic trade-offs are made in a transparent and fair manner?

The authors write that all six of these concepts must be fully integrated. So an “effective organizational infrastructure (strategy; leadership and management; culture; structure and systems)” should work to generate and sustain the “effective core processes (development, production and delivery of products and services).” For the compliance practitioner, this means that elements of doing business ethically and in compliance must be woven into all elements of infrastructure and core company processes over time. If not, ethics and compliance failures are likely to occur, “when important elements are allowed to become misaligned.”

But, at the end of the day, the authors report that the “key differentiator between companies that violate trust and those that sustain it is integrity and consistency within and across the organization.” While every company says it does business with integrity, this review shows how the message from the top of an organization can be driven down through the DNA of the entity. Not to be overlooked is the second part of the phrase; that being ‘consistency’. If leadership sends out mixed signals about the values that it deems paramount, then all the talk about doing business ethically and in compliance may well be for naught.

In the final review of this article I will look at three companies which the authors believe have restored their business’ commitment to doing business ethically and in compliance. Until then…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

August 26, 2013

How to Build a Culture of Ethics and Compliance: The Greatest Article Ever – Part I

Donna Boehme and Jim McGrath continually rail against the notion that a ‘rogue employee’ causes the majority of bribery and corruption charges under such laws as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act. Companies continually claim that they do business ethically and in compliance with such anti-bribery and anti-corruption legislation and that it is only one or a few of ‘them-those pesky rogue employees’ who have brought the company to grief. Even GlaxoSmithKline PLC (GSK) is now beginning to distance itself from its Chinese business unit and executives who confessed to engaging in bribery and corruption to sell GSK products in China.

The first problem with this ‘rogue employee’ claim is that it is wrong. The second problem is that by making this bogus claim and denying that it was a company failure; a company may well never correct the underlying problem which led to the compliance failure. However if a company does not recognize its role in any such compliance catastrophe, it will probably have a repeat of a similar event in the not do distance future. Once again witness GSK, which agreed, in 2012, to a $3bn fine for fraud in marketing of its products and within one year is caught up in allegations of corruption in China.

I recently read an article in the summer 2013 issue of the MIT Sloan Management Review, entitled “Designing Trustworthy Organizations”, by the quartet of authors: Robert F. Hurley, Nicole Gillespie, Donald L. Ferrin and Graham Dietz. In this article, the authors address the question of “How can companies recover from trust failures and create reputations for trustworthiness?” Let me put this as succinctly as possible – IF THERE IS ONLY ONE ARTICLE THAT YOU READ ON ETHICS AND COMPLIANCE IN 2013 THIS IS THE ONE TO READ. This the single best article I have ever read as it gives a specific road map to the compliance practitioner, in-house counsel or any other business executive on how to instill a culture of ethics and compliance in your company. I will be discussing the article over my next three posts. Today I will look at why such ethics and compliance failures occur from an organizational perspective; in Part II I will talk about how to build ethical organizations which do business in a compliant manner, and in Part III I will conclude with the steps a company can take to rebuild trust in an organization after a catastrophic failure.

Signals of an Ethical Business

In the FCPA Guidance, both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) make clear that paper compliance which companies only employ to “check-the-box” on compliance with the FCPA are doomed to fail. The FCPA Guidance states, “A well-designed compliance program that is not enforced in good faith, such as when corporate management explicitly or implicitly encourages employees to engage in misconduct to achieve business objectives, will be ineffective. DOJ and SEC have often encountered companies with compliance programs that are strong on paper but that nevertheless have significant FCPA violations because management has failed to effectively implement the program even in the face of obvious signs of corruption.” This is a clear recognition that more than simply having a compliance program in place is required to make it effective. Unfortunately many companies seem to believe that simply having an ethics and compliance program in place is sufficient.

While the authors write about ‘trust’ I believe that their research, findings and framework all translate to ethics and compliance; so I will make that substitution throughout my discussion of their article. To begin their discussion, the authors believe that there are “six identifying signals” that employees consider when deciding to follow a company. They are:

  1. Common values: does the company share our beliefs and values?
  2. Aligned interests: do the company interests coincide, rather than conflict with ours?
  3. Benevolence: does the company care about our welfare?
  4. Competence: is the company capable of delivering on its commitments?
  5. Predictability and integrity: does the company abide by commonly accepted ethical standards and is the company predictable in how it behaves?
  6. Communication: does the company listen and engage in a dialogue or not?

Why Do Ethical and Compliance Violations Occur?

Here the authors begin with a definition. They define trust as “a judgment of confident reliance on another (a person, group, organization or system) based upon positive expectations of future behavior.” For the compliance practitioner a violation of that trust occurs and there is unethical behavior which is not in compliance with the norm, for example when “a party significantly deviates from positive expectations” by engaging in such conduct as bribery and corruption. The authors believe that they see such conduct condoned, explicitly or tacitly from management, they also lower their own personal expectations of the type of conduct they will personally engage in.

Such a failure leads to individual employees engaging in bribery and corruption. However, the authors make clear that this is not down simply to the individual or ‘rogue’ employee but such unethical conduct is “predictable in organizations which allow dysfunctional, conflicting or incongruent elements of their organizational system to take hold.” The authors cited three examples where this played out with devastating results for companies. The first was the Mattel Corporation, which had a strong reputation for quality but weak oversight of its supply chain led to production of contaminated toys and a massive toy recall. The second was BP and the Deepwater Horizon disaster, where the company’s strategy and culture of minimizing costs to enhance profitability conflicted with its stated emphasis on safety; all leading to a multi-billion dollar claim. Finally, Goldman Sachs and its role in the Abacus fund where “investigators found that Goldman’s stated values of client focus and integrity were at time overshadowed by a less formal culture that emphasized getting deals done with less than full disclosure.”

The authors noted that in all three examples they cited, each company had extensive systems processes and procedures in place to produce “trustworthy behavior”. However there were “other elements undermined the companies’ ability to deliver on their core responsibilities.” Recall that as part of its $3 billion settlement GSK agreed to a Corporate Integrity Agreement (CIA). The company had a Compliance Committee, whose job was to oversee full implementation of the CIA and all compliance functions at the company. The company had Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified.

GSK’s Code of Conduct stated, “The GSK attitude towards corruption in all its forms is simple: it is one of zero tolerance, whether committed by GSK employees, officers, complementary workforce or third parties acting for or on behalf of the company.” The company had a Third Party Code of Conduct, which required that third parties shall conduct their business in an ethical manner and act with integrity.

All of this was backed up by “a Global Ethics & Compliance team which is responsible for providing oversight and guidance to ensure compliance with applicable laws, regulations, and company policies, as well as fostering a positive, ethical work environment for all employees.” The Code of Conduct also stated that “GSK has an active system of internal management controls to identify company risks, issues and incidents with appropriate corrective actions taken. Our Risk Management and Compliance Policy provides the framework for these internal controls, to ensure significant risks are escalated to the proper levels of senior management.”

The authors research led them to several different areas of organizational weakness which allow for ethics and compliance violations to occur. Company leaders “focused on fundamental aspects of how the organization functioned: organizational restructuring and instability; poor support and follow-through; poor talent management; lack of communication and information; and leadership and strategies.” Interestingly, when employees were interviewed they had the following thoughts on how to improve ethics and compliance, “improve communication, enhance senior management capability, provide more accountability for performance, empower employees and enhance collaboration groups.”

Yet in their examinations, the authors found “one type of incongruence that frequently led” to breakdowns in doing business ethically and in compliance. That breakdown came when the interests of one stakeholder group was favored over another stakeholder group. The authors identified some various stakeholders as shareholders, employees, customers, suppliers and communities. The authors said that this incongruence has “been defined as letting shareholder profits take precedence over core responsibilities to other stakeholders.” But it is simply more, than serving on stakeholder better than the others. It is favoring one stakeholder to the extent of “the expense of and even causing harm to” other stakeholders.

In other words, if profits are put ahead of all other measurements for an employee, that employee will get the message and make sure that he or she makes their numbers. The authors conclude this section by noting that with the current 24 hour news cycle and social media, what may have been yesterday’s event can rapidly spiral across the globe and out of control more quickly than ever. Once again witness just how quickly GSK seemed to be on notice of allegations of corruption and bribery in China to the time its Chinese employees admitted to such conduct on state TV. It was mere days.

In tomorrow’s post I will look at building high trust in organizations and how that relates to ethics and compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

April 1, 2013

How to Introduce Innovation in Your Compliance Program

News Flash: Houston Astros Lead AL in Wins!

 In case you were too worn out from this weekend’s college basketball tournament bonanza, both the men’s and women’s, to stay up on Sunday night and watch ESPN; the Houston Astros won their 4000th game and had their first American League (AL) win so that they now lead the AL in overall wins. I guess Astros owner Jim Crane, he of “I-made-a-$100-million-dollars-so-I-must-know-what-I-am-doing”, thinks he knows a thing or two about innovation. Or perhaps not?

While Brother Crane is no doubt reveling in his first win as the Astros owner, I thought about the question of how a compliance professional can use innovation to improve a company’s overall compliance program? This topic of innovation was recently explored in an article in the MIT Sloan Management Review,  Spring 2013 issue, entitled “How Innovative is Your Company’s Culture?” by Jay Rao and Joseph Weintraub. In this article, the authors tried to determine how companies could develop a more innovative culture. While the article did not focus on compliance, I found the ideas that they put forward as a useful manner for compliance practitioners to think through and implement innovation into their Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance programs.

The authors believe that when it comes to innovation, most companies focus on resources, processes and measurement because they are tool-oriented and more easily measured. Conversely companies tend to focus less on people-oriented components of innovation success, for example values, behaviors and climates, because they are harder to measure. The authors quote one Chief Executive Officer (CEO) who had said, “The soft stuff is the hard stuff.” Yes the authors believe that it is the soft-stuff, people issues where the greatest opportunity for innovation can occur. I believe that this holds true for innovation in a company’s compliance program as well.

The authors posit that there are six building blocks to an innovative culture. These six building blocks are not static conditions but are inter-related and to an extent, interdependent on each other. The six building blocks are:

  1. Values. The authors believe that it is a company’s values which drive both its priorities and its decisions. It is also reflected in where a company spends its money. If a company is innovative, it tends to emphasize creativity and encourage continuous learning. Values are more than what leaders say or what they write but drive by what they do and what they invest in.
  2. Behaviors. This describes how company employees act in the cause of innovation. This is demonstrated when leaders work to energize employees and to make sure that things happen within the company. For employees it means working to overcome obstacles around innovation and making things happen when “resources and budgets are thin.”
  3. Climate. The authors believe that climate is “the tenor of workplace life.” This means that innovation is encouraged and employees take it on “with enthusiasm.” People are allowed to take risks within a safe environment and the company encourages “independent thinking.”
  4. Resources. Within the framework of their six building blocks, the authors believe that resources have “three main factors” people, systems and projects.” Of these three factors, people are the most important because they have the most “powerful impact on the organization’s values and climate.”
  5. Processes. The authors state that processes are the route by which innovations follow as they are developed within an organization. These processes include not only the track they follow but also the criteria for capturing and sifting through new ideas for “reviewing and prioritizing projects and prototyping.
  6. Successes. The authors believe that successes in a company are “captured at three levels: external, enterprise and personal.” These can help to demonstrate if an innovation is paying off. But more than simply financial success, this building block “reinforces the enterprise’s values, behaviors and processes, which in turn drive many subsequent actions and decisions”.

There are several lessons that the compliance practitioner can derive from these six building blocks to help put innovation into your company’s compliance program. I think the first is that you must create an environment where innovation is not only accepted but encouraged in your company. A simple top-down structure will not accomplish this goal. Not only do you have to go out into the field but you must listen to what people in the field are telling you. Simply because you get push-back from the business folks does not mean that their suggestions are always wrong. There might be some nugget in such push-back which allows you to do something faster, quicker or with more compliance efficiency. Even if the suggestion or push-back does not warrant inclusion into your compliance program, you should at least acknowledge employees for their suggestion.

Another technique that you might use based on these building blocks is the compliance champion. Such a person can be used not only as an initial point-of-contact for your compliance program but you can use non-compliance department compliance champions as innovation leaders in your compliance program. You could have them meet (in person or virtually) on quarterly intervals to discuss compliance program innovations that they might come up with based upon their more focused training and work as a compliance champion in your company. As the authors might say, you can develop your own internal community of compliance innovation experts that you could call upon as an internal resource. Further, in their role as your initial point-of-contact for your compliance program, these compliance champions could also act as a filter to bring you other innovative ideas from your company’s workforce.

This article by Rao and Weintraub had some very interesting ideas about how a company can ingrain innovation into its compliance program. Many companies have worked very diligently on resources, processes and measurement of their compliance program. However, as compliance programs mature and become a part of every well-run company, compliance practitioners can move towards other themes of innovation; that of values, behaviors and climates. So while I am not yet convinced that the Astros $20MM payroll really was a positive innovation, I do believe that the authors have set out some very thoughtful ideas that you can incorporate into your compliance efforts going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

March 12, 2013

How Odysseus Can Inform Compliance Enhancement

What are your thoughts on Odysseus? Is he a villain or a hero? The ancient philosophers had many differing views on him. One view that struck me was held by Antisthenes, a disciple of Socrates. Antisthenes used the actions of Odysseus as a defense against those who attacked the discipline of philosophy as mere sophistry; that is focusing on words not deeds. Antisthenes presented Odysseus as someone whose words themselves were good deeds. Further, the actions of Odysseus showed his abilities as a team player, a cooperative hero. Recently, I thought about the concept of Odysseus and words as good deeds in the context of the post-acquisition requirements of the Foreign Corrupt Practices Act (FCPA).

Although not specifically stated in the recently released Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance, enforcement actions from 2011 and 2012 would seem to indicate that a company should have an integration completed in 12-18 months after the underlying transaction is concluded. I considered the post-acquisition integration issue when reading an article in the MIT Sloan Management Review Winter 2013 issue, entitled “Building Your Company’s Capabilities Through Global Expansion”, by authors Donald Lessard, Rafael Lucea and Luis Vives. The thesis of the article was that for companies to create and sustain global competitive advantages, they need to adopt a systematic approach to exploiting, renewing and enhancing their core capabilities.

While the focus of the article was on marketing and sales, as I read the article I came to believe that it has implications beyond marketing into the post-acquisition integration required by the DOJ under the FCPA. I believe that the framework which the authors have developed can be a way for companies to think through both FCPA post-acquisition integration but also which compliance enhancements need to be introduced in foreign operations. This second point is significant because one issue that seems to bedevil compliance practitioners is how to integrate and enhance your compliance program across the globe. There are both language and cultural differences which make a ‘one-size-fits-all’ approach sometimes problematic. The article also provides some valuable insight into how a company might make its US centric FCPA compliance program a value add for its foreign operations.

The authors provide a framework under which they believe a company can evaluate the potential for enhancing its current sources into capabilities for development in foreign markets and work for post-acquisition integration. So using the authors’ framework, I will adapt it into the compliance space.

  1. Are the compliance capabilities developed relevant to the users in the foreign jurisdiction or in the acquired entity? Do the compliance enhancements or post-acquisition integration bring value to these diverse entities?
  2. Are the compliance capabilities you are using as the basis for the enhancements or post-acquisition integration appropriate for these internal markets? Do they help or hinder the capture of value in the company?
  3. Are the compliance capabilities that you have develop in the US transferrable to the foreign operations or acquired entities? Can you deploy these compliance enhancements to foreign operations or post-acquisition integration without sacrificing too much value creation?
  4. Are the new enhancements that the company will develop through acquisition or foreign operation expansion of its compliance program complementary to existing capabilities within the company?
  5. Are any of the compliance capabilities, that will be used in the enhancements or post-acquisition integration, complementary to existing compliance capabilities that currently exist in either of those two groups?
  6. Are any of the compliance capabilities that currently exist in the foreign operations or acquired entities, transferable back to the US?

The initial goal should be that any compliance program augmentation, whether for an acquired company or a foreign operation, should result in “an overall enhancement of the company’s capabilities” and global position. This means that while it may initially appear that the compliance group of a company is the Land of No; such should not the case for the compliance enhancement or integration to succeed. The authors believe that a company should build on its existing capabilities to show that the new processes or policies will create greater value. The example I give in training is expense reports. I ask whether anyone does not have to fill out an expense report to be reimbursed. The answer is always the same; everyone has to fill out an expense report. I then go on to explain that the FCPA will require you to list who you took to dinner or provided a gift to, what their title is and how much you spent. In other words, the obligation of an individual employee to provide the basic information to be used by others is not much in addition to the information they are currently providing.

My colleague Jay Rosen of Merrill Brink often says that translation services are only part of the equation when his company translates a compliance program or policy. It is important to understand not only the cultural context but have cultural sensitivity to issues. The classic examples are mooncakes or the tradition of giving small gifts when meeting a person for the first time in the Far East. It is viewed as a ritual which has deeper and and greater meaning more than simply a handshake. While many companies worried about this issue or even prohibited the giving of such small gifts, the FCPA Guidance has made clear that the DOJ/SEC are not looking for violations relating to such small gifts unless they are a part of an overall systemic failure of your compliance program.

In the business world it is not always words v. deeds. Another way to look at it might be consider entrepreneurial people v. process people. Entrepreneurial people tend to make things happen in an organization. They can wear many hats at once. Process people tend to have a deeper focus in a particular area. You need a balance of both in an organization.

The authors have provided a framework for you to consider in your post-acquisition compliance program integration. Further, it provides a context for you to enhance your compliance program in foreign operations. Much like Antisthenes views on Odysseus, you can translate the words of compliance into the doing of compliance.

============================================================================================

Compliance Week needs your help! Compliance Week and Kroll Advisory have teamed up to undertake a major survey on corporate anti-corruption programs, and are asking compliance executives to participate. The survey itself—the 2013 ‘Global Anti-Bribery Benchmarking Report’—can be found here:

http://surveys.harveyresearch.com/se.ashx?s=0D146E2D11F8D225

The survey should take no more than 20 minutes to complete. It asks about the bribery risks you have, procedures you use to train employees and vet third parties, the size of  your compliance team, and more. Rest assured, all submissions will be secure and anonymous. The deadline to submit information is end of business on Friday, March 15.

Results of the survey will first be presented at the Compliance Week 2013 annual conference in Washington, May 20-22 (www.ComplianceWeek.com/conference), and later published in a special supplement of the Compliance Week magazine.

Anyone with questions can contact Compliance Week editor Matt Kelly at mkelly@complianceweek.com.

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

July 25, 2012

Building Compliance Relationships in China

Today, the Games the XXX Olympiad will open with soccer matches (football for you non-Americans out there). On Friday London will officially take over from Beijing, host of the last Games. Even with the 2008 Games, many companies still find the Chinese market tough to crack both in business and in compliance. However, a recent article in the Summer 2012 edition of the MIT Sloan Management Review may help both business and compliance professionals in understanding some of the cultural differences in Western and Chinese practices.

In an article entitled “Building Effective Business Relationships in China” author Roy Chua explored some of the ways in which the ‘Chinese’ way of doing business is being Westernized and explained that non-Chinese executives must still work hard at building effective relationships with Chinese business partners. He came to these conclusions based upon six years of research, together with un-named colleagues, on trust, cultural psychology and business relationships in China. As a part of the specific research for his article, Chua interviewed 130 US managers and 203 Chinese managers.

The author posits that the central feature to a successful business relationship in China is trust. But he cautions that trust must be developed in two ways; from the head and the heart. He terms the first type of trust or ‘trust from the head’ as “cognitive trust’ which “emanates from the confidence that one has in a person’s accomplishment, skills and reliability.” The second type of trust or ‘trust from the heart’ is called “affective trust” and he believes that this “arises from feelings of emotional closeness, empathy and rapport.” The author cites the Chinese word for trust, which encompasses these two concepts, xin-ren. Xin refers to trust from the heart and Ren refers to an “assessment of the other’s reliability and capability.”

Trust from the Head

This part of a trust relationship will be familiar to Western executives and businessmen. It relates to “business needs and confidence” in your partner’s capability. The key here is to build value. One technique cited by the author is to build relationships by providing your partners with knowledge, or as he quoted one interviewee, “Once you show you can be helpful to them, I’ve noticed that people open up and trust you more.” This can be done in one-on-one relationships or by making presentations regularly at conferences and participating in industry activities. Chua cautions that this type of trust takes time and a Westerner may feel that they are being taken advantage of during the process.

Trust from the Heart

In this area, the author advises that there are several different techniques which Westerners can employ to build this type of trust. Obviously a key is to understand social etiquette and social custom. Chua states that this “deep knowledge can bridge the trust deficit by approximating the basis of common ties and values that individuals from the same culture enjoy.” He cites to the example of the Chinese tea culture as a good example. He believes that the ritual of tea drinking is becoming increasingly important in Chinese culture for business meetings but many of Chinese executives interviewed found that it was “difficult to share this experience with Westerners because they don’t think that Westerners can appreciate it.”

Chua also notes that use of the Chinese language is very important. If an executive can speak Chinese he or she will “have a powerful tool for navigating the culture.” He advises that Western executives should take advantage of any opportunity to learn the language but even if they cannot do so, you should have the best translator available when engaged in important discussions. I can attest to this final point, it is invaluable not only to have the language translated but to understand the nuances of what is not being said during contract negotiations.

Chua’s article provides some solid guidance which can be used by the compliance practitioner to help in building a culture of compliance in any Chinese business unit or with a Chinese business partner. First and foremost, is ‘boots-on-the-ground’. As a compliance practitioner you must go to China and begin to develop relationships to foster the type of culture that you want to have with your Chinese subsidiary, partner or business unit. Both the personal and the professional relationship should be developed, making clear your commitment to doing business in a compliant manner. As many Chinese will not openly question a superior, you should also plan to spend time outside the office, getting to know them, understanding their families, experiences and backgrounds. And last, but not least, is competence. Compliance is not “The Land of No” populated only by “Dr. No” and his progeny. Competence includes finding ways to do business in a compliant manner by working with the business unit members to accomplish this goal.

So as you sit back and enjoy the London Olympic Games you might consider the last Games in Beijing and how you might move your compliance program forward through greater trust in China.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

April 30, 2012

Wal-Mart and the Strategic Transformation of a Compliance Culture

In every crisis there is an opportunity. This was presented, perhaps less starkly, in an article in the spring 2012 Issue of the MIT Sloan Management Review, entitled “Achieving Successful Strategic Transformation, by authors Gerry Johnson, George S. Yip and Manual Hensmans, “Happy accidents are unanticipated circumstances or events that ultimately support [strategic] transformation”. While those in Bentonville, Arkansas are probably not thinking that their current situation is a ‘happy accident”; Wal-Mart is presented with a unique opportunity to create a world-class compliance program. It will most probably be required to do so to aid in its inevitable negotiations with the US Department of Justice (DOJ) over any fine and penalty for any violations of the Foreign Corrupt Practices Act (FCPA), however it may also do so to demonstrate its absolute commitment to doing business ethically to the US and world’s courts of public opinion.

The authors begin by noting that companies which radically alter entrenched ways of doing business are the “exception rather than the rule.” Further, most companies do not adopt such new strategies without being forced to do so by some type of financial trauma. The authors studied 215 companies to find out if there were any key lessons from companies which were able to affect such transformational change. Their article can provide guidance to Wal-Mart or any other company which may find itself in the position where it needs to make a major strategic change to a culture of ethics and compliance.

The authors start with the proposition that to make strategic transformations, companies must “foster alternative management coalitions and value constructive tension and challenges to the status quo.” They have developed eight recommendations for making such transformational changes.

  1. Build on history. A company should recognize the “importance of valuing history and building on it.” This requires managers within the company to “reflect on the evolution of their organization and the legacy they can build on.” The authors end this section by noting in light of what the response might be, what steps could be taken?
  2. Select and develop a new generation of leadership. If a company is serious about transformation, succession planning must involve looking at different capabilities in a new set of up and coming leaders within the company. There needs to be a new generation of leaders groomed who have alternative ways of looking at problems and doing business. The authors note that this will not be easy as it will require the current senior leadership to “nurture replacements who will question, modify or even be willing to reject the company’s heritage.”
  3. Accept and encourage constructive mobility. A company must not select the “most predictable successors” but rather “adopt a deliberate policy of cultivating internal talent.”  To do so, a company must foster alternative coalitions within the company and “encourage divergent perspectives on the future of the business” by identifying up and coming leaders who respect the past but “have a distinctly different view on the future.”
  4. Ensure that decision making allows room for dissent. The authors begin this section by noting “There is a fundamental difference between an organization built to maintain consensus around a dominant logic and one where managers naturally challenge it.” I know of Law Departments that are viewed as “the land of No” because the business folks think that is the only word the legal department can articulate. The authors believe that a transformational decision making process must allow for dissent and the company must not only live with such a process but welcome and embrace it.
  5. Create enabling structures that encourage tension. Creative tension occurs when there are opposing views which can be “fostered structurally.” This means that alternative views should be sought out and heard. In the compliance arena, it means that you might listen to certain front line business unit personnel to better understand how something might be accomplished. The authors write that even by creating such a structure, a company can “make a difference in how people see ideas internally.”
  6. Expect everyone to get behind decisions once they are made. As important as the above structures and procedures are to creating transformational change, “there needs to be some point when leadership makes a decision and the different parties fall into line.” This is the concept of “corporate maturity” and the authors emphasize that it is not a way to stifle dissent but a realization that at some point it is time to move on for the greater corporate good. The authors conclude this section by noting that most companies did not fail in their transformational efforts because they made the wrong decision but because they otherwise botched the internal debate.
  7. Develop an arching rationale. A company needs to have a clear position on “what we are about”. There should be “emphasis on a clear rationale supported by strong values” that allows for the necessary diversity of views, ideas and debates. This should be the set piece to begin the transformational change within the organization.
  8. Beware of market size and dominance. No matter whether a company has a small share of its industry’s market, or, as in the case of Wal-Mart, it is the industry leader, the authors note that “ongoing strategic transformation requires relatively focused businesses.” In the case of Wal-Mart that means retailing and all aspects around its business model.

The authors conclude by stating that this type of transformational change does not happen overnight and readily admit that the concepts “are the antithesis of short-term management.” This would fit precisely into the place that Wal-Mart finds itself in now. The FCPA investigation could well take between 2-4 years; the negotiations regarding any fines or penalties could add significant length to that time frame. Avon is over four years into its FCPA journey and there is no public end in sight. However, this means that the opportunity for a truly transformational change is available to Wal-Mart or any other company which finds itself similarly situated. The authors have laid out for Wal-Mart or any other company concrete steps on a path forward which could give them the title of not only the World’s Largest Retailer but also the World’s Most Ethical Company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

April 27, 2012

Turning Compliance Beliefs Into Action-Impacting Tone at the Bottom

Tone at the Top has become almost a by-word in the compliance world these days. It is specifically mentioned in the US Department of Justice’s (DOJ) 13-point minimum best practices compliance program as well as the UK Ministry of Justice’s (MOJ) Six Principles of Adequate Procedures. How does a compliance practitioner tap into ethical beliefs of a company’s employee base? However, a company’s ‘tone’ is much more than that simply at the top of the organization. There is tone at both the middle and bottom. One of the greatest challenges of a compliance practitioner is how to affect the ‘tone at the bottom’. In a recent article in the Spring 2012 Issue of the MIT Sloan Management Review, entitled “Uncommon Sense: How to Turn Distinctive Beliefs Into Action”, authors Jules Goddard, Julian Birkinshaw and Tony Eccles looked at this issue when they explored the “often overlooked, critical source of differentiation is [a] company’s beliefs.”

One of the questions that the authors answer is: how to tap into this belief system? They posit a structured manner to obtain this information. By using these techniques, they believe that companies can rethink their “basic assumption and beliefs” and identify new directions for their organization. The authors listed seven approaches that they have used which I believe that the compliance practitioner can use to not only determine ‘Tone at the Bottom” but to impact that tone. They are as follows:

  1. Assemble a group. You need to assemble a group of employees who are familiar with the challenges of doing business in a compliant manner in certain geographic regions. Include both long-time employees and those who are relatively new to the organization. The authors also suggest that if you have any employees who have worked for competitors or for other organizations in your industry you include them as well.
  2. Ask questions. You should ask the members of this group to articulate their basic assumptions about your compliance model, about the management model, about your company’s business model and the future of the industry in general. Ask them to do this individually and not as a group.
  3. Categorize the responses. Now comes the work by the compliance practitioner or compliance team. These assumptions will usually fall into two groups. The first is assumptions that everyone agrees upon-the common beliefs. The second is those assumptions that only a few of the participants will identify – this is what the authors call the “uncommon beliefs”.
  4. Develop tests for common beliefs. For those beliefs that are labeled common – you should consider how you know these to be true? The authors caution that simply because the group may believe that the company operates a common industry or that we “do it because it has always been done this way” is necessarily a “hard fact.” Consider what test you could perform to verify the common belief that you desire to test. The authors note that the purpose here is to “identify the ‘common nonsense’ beliefs that everyone holds that are not actually hard laws of nature.”
  5. Develop tests for uncommon beliefs. Here the authors suggest that you need to consider why some people think that these beliefs are true. What is the information or experience that they have drawn upon? Is there any way for you to test these uncommon beliefs?
  6. Reassemble the original group. You should reassemble the original group and have them consider the beliefs that were articulated by them individually in the context of your compliance model and how both your company and your industry do business. Lead a discussion that attempts to identify any assumptions or beliefs that ‘are quite possibly wrong, but worth experimenting with anyway.”
  7. List of Experiments to perform. The authors believe that the outcome of the first six steps will be “a list of possible experiments [tests] to conduct” to determine the validity of the common and uncommon beliefs. These tests can be accomplished in the regular course of business, through a special project with a special team and separate budget. You should agree on the testing process and review your testing assumptions throughout the process. This process can and should take some time so do not set yourself such a tight time frame that it cannot be fully matured.

I find this list to be a very interesting way for a compliance practitioner to get at ‘tone at the bottom’. By engaging employees at the level suggested by the authors I believe you can find out not only what the employees think about the company compliance program but use their collective experience to help design a better and more effective compliance program. It is my belief that employees want to do business in an ethical manner. Given the chance to engage in business the right way, as opposed to cheating; will win the hearts and minds of your employees almost all of the time. By using the protocol suggested by the authors you can not only find out the effect of your company’s compliance program on the employees at the bottom but you can affect it as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Next Page »

Customized Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,229 other followers