FCPA Compliance and Ethics Blog

April 28, 2015

King Arthur Week – the Pentecostal Oath and Code of Conduct – Part II

Mort D'ArthurOne thing for which King Arthur is remembered are his chivalric knights. He helped create this legend, in large part, by establishing a Code of Conduct for the Knights of the Round Table. The King required each one of them to swear an oath, called the Pentecostal Oath, which was Arthur’s ideal for a chivalric knight. The Oath stated, “The king established all his knights, and gave them that were of lands not rich, he gave them lands, and charged them never to do outrageousity nor murder, and always to flee treason; also, by no mean to be cruel, but to give mercy unto him that asketh mercy, upon pain of forfeiture of their worship and lordship of King Arthur for evermore; and always to do ladies, damosels, and gentlewomen succor upon pain of death. Also, that no man take no battles in a wrongful quarrel for no law, ne for no world’s goods. Unto this were all the knights sworn of the Table Round, both old and young. And every year were they sworn at the high feast of Pentecost.” (Le Morte d’Arthur, pp 115-116)

Interestingly, the Oath first appeared in Sir Thomas Malory’s Le Morte d’Arthur and in none of the prior incarnations of the legend. In Malory’s telling, after the Knights swore the Oath, they were provided titles and lands by the King. The Oath specifies both positive and negative conduct; that is, what a Knight might do but also what conduct he should not engage in. The Pentecostal Oath formed the basis for the Knight’s conduct at Camelot and beyond. It was clearly a forerunner of today’s corporate Code of Conduct.

The foundational document of any Foreign Corrupt Practices Act (FCPA) compliance program is its Code of Conduct. This requirement has long been memorialized in the US Sentencing Guidelines, which contain seven basic compliance elements that can be tailored to fit the needs and financial realities of any given organization. From these seven compliance elements the Department of Justice (DOJ) has crafted its minimum best practices compliance program, which is now attached to every Deferred Prosecution Agreement (DPA) and Non-Prosecution Agreement (NPA). These requirements were incorporated into the 2012 FCPA Guidance. The US Sentencing Guidelines assume that every effective compliance and ethics program begins with a written standard of conduct; i.e. a Code of Conduct. What should be in this “written standard of conduct”.

Element 1

Standards of Conduct, Policies and Procedures (a Code of Conduct)

An organization should have an established set of compliance standards and procedures. These standards should not be a “paper only” document, but a living document that promotes organizational culture that encourages “ethical conduct” and a commitment to compliance with applicable regulations and laws.

In the FCPA Guidance, the DOJ and Securities and Exchange Commission (SEC) state, “A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program the DOJ and SEC will review whether the company chapter has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.

In each DPA and NPA over the past 36 months the DOJ has stated the following as item No. 1 for a minimum best practices compliance program.

  1. Code of Conduct. A Company should develop and promulgate a clearly articulated and visible corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable foreign law counterparts (collectively, the “anti-corruption laws”), which policy shall be memorialized in a written compliance code.

In an article in the Society for Corporate Compliance and Ethics (SCCE) Complete Compliance and Ethics Manual, 2nd Ed., entitled “Essential Elements of an Effective Ethics and Compliance Program”, authors Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, state that your company’s Code of Conduct “should demonstrate a complete ethical attitude and your organization’s “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” Your Code of Conduct must be aimed at all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.” This would also include all “management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.”

There are several purposes identified by the authors that should be communicated in your Code of Conduct. Of course the overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating what is required of them, to provide a process for proper decision-making and then to require that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. To that end, I suggest that your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

As I often say, the three most important things about your FCPA compliance program are ‘Document, Document and Document’. The same is true of communicating your company’s Code of Conduct. You need to do more than simply put it on your website and tell folks it is there, available and that they should read it. You need to document that all employees, or anyone else that your Code of Conduct is applicable to, has received, read, and understands the Code. For employees, it is important that a representative of the Compliance Department, or other qualified trainer, explains the standards set forth in your Code of Conduct and answers any questions that an employee may have. Your company’s employees need to attest in writing that they have received, read, and understood the Code of Conduct and this attestation must be retained and updated as appropriate.

The DOJ expects each company to begin its compliance program with a very public and very robust Code of Conduct. If your company does not have one, you need to implement one forthwith. If your company has not reviewed or assessed their Code of Conduct for five years, I would suggest that you do in short order as much has changed in the compliance world.

What is the value of having a Code of Conduct? I have heard many business folks ask that question over the years. In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to “wave in a defense situation” by claiming that “see we have one”. But is such a legalistic code effective? Is a Code of Conduct more than simply, your company’s law? What is it that makes a Code of Conduct effective? What should be the goal in the creation of your company’s Code of Conduct?

Just as the Pentecostal Oath was required to be sworn out each year, you should have your employees recertify their adherence to your Code of Conduct. Moreover, just as King Arthur set his expectations for behavior your company should do so as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 9, 2015

Lee Surrenders and Hanson Wade’s Oil & Gas Supply Chain Compliance Conference

Lee and GrantToday we celebrate one of the most momentous anniversary’s in the history of the United States, for it was on this day in 1865, 150 years ago, that Confederate General Robert E. Lee surrendered his Army of Northern Virginia to Union Commanding General Ulysses S. Grant at Appomattox Courthouse, effectively ending the American Civil War. Fighting continued for several more weeks to come, however with Lee’s surrender the Civil War had, in all intents and purposes, ended.

Lee and his troops were forced to abandon the Confederate capital of Richmond, they were blocked from joining the surviving Confederate force in North Carolina, and were harassed and outrun by Union cavalry, who took 6,000 prisoners at Sayler’s Creek. With desertions mounting daily the Confederates were surrounded with no possibility of escape. On April 9, Lee sent a message to Grant announcing his willingness to surrender and in the afternoon they met at the home of Wilmer McLean and agreed to the terms of surrender.

Although politicians would later change these terms quite dramatically, Grant is said to have told his officers, “The war is over. The Rebels are our countrymen again.”

Later this month, from April 28-30, Hanson Wade is putting on its annual conference in Houston. It is the “Oil and Gas Supply Chain Compliance” conference, now in its 5th year, and once again the list of speakers is simply stunning. It includes the following Chief Compliance Officers (CCOs) and senior compliance folks: Dan Chapman, Cameron; Brian Moffatt, Ethos Energy, Jay Martin, Baker Hughes; Marcel De Chermont, Acteon Group, Jan Farley, Dresser-Rand; John Sardar, Noble Energy and a host of other luminaries in the field of Foreign Corrupt Practices Act (FCPA) compliance. Even if you live outside of Houston, the FCPA compliance talent at this event will rival any other event in the US and for such an event not held in Washington DC or New York City, it is simply outstanding.

Some of the panels and topics for discussion include: Applying Culturally Sensitive Approaches To Deliver A Core Compliance Methodology For A Variety Of Countries And Risks; How to Meaningfully Engage Your Business Operations in Taking Greater Compliance Ownership; Avoid The Risk Of Cavalier Behaviour Across The Supply Chain In The Face Of A Challenging Economic Climate; How To Deliver Cost-Effective, Risk Based, Function Specific Compliance Training; several in-depth presentations on Supply Chain and Third Party due diligence. These are but some of the sessions and there are many other excellent panels, sessions and speakers which I have not mentioned.

Recently the Event’s Chairperson, Dan Chapman, Vice President, Chief Ethics and Compliance Officer for Cameron, talked about some of the issues that will be discussed in this year’s conference. Chapman said, “Supply chain is, in my mind, a critical part of compliance and creating awareness throughout the business as to when and where you should apply compliance principles is a key focus. For me the industry has evolved in recent years, and our organizations tend to now have strong legal teams who understand anti-bribery and corruption legislation. Not only this, they now have the ‘tone from the top’. Where I feel that work needs to be done is practically embedding compliance into operational processes, and becoming a true and valuable partner to the business. With the current state of the oil price, we’re likely set for reduced budgets and increased risk, which makes it more important now than ever to share stories, materials and solutions to effectively mitigate compliance risk while enabling business delivery.”

I will be speaking at the conference on internal controls but I am extremely pleased to be co-leading an in-depth workshop on the third day of the event, with Joe Oringel, guest blogger and Managing Director at VisualRisk IQ. In our workshop, you will learn how to implement a system of data-driven monitoring controls and documents to measure the effectiveness of your compliance program and get you through a Securities and Exchange Commission (SEC) investigation. During our 3 hour session we will go into the weeds on the following:

  • Understanding what internal controls are required under a best practices compliance program;
  • Recognizing what FCPA enforcement actions tell us about internal controls in an anti-corruption compliance program;
  • Getting to grips with what the SEC expects you to have in place;
  • Competently documenting the effectiveness of your internal controls;
  • Understanding best practices and a methodology for the use of data analytics in compliance and ethics organization;
  • Prioritizing business and compliance questions that can be answered with analysis of digital data; and
  • Identifying a learning plan and resources to enhance your team’s data analytics expertise

I hope that you can attend this most excellent FCPA conference with the two-day sessions on April 28 and 29 and the workshop day on April 30. Very few FCPA conferences focus on Supply Chain and the information that you will receive at this one will be first rate. Finally, Hanson Wade has allowed me to offer a 20% discount to readers of my blog. You can obtain it by entering the code TFLaw20 when you register online. For the conference brochure and full details regarding the agenda and registration, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 8, 2015

The WPA and More Productive Compliance Meetings

WPA LogoOn this day 80 years ago, Congress created the Works Progress Administration (WPA), a central part of President Franklin D. Roosevelt’s New Deal. The WPA was established under the Emergency Relief Appropriation Act, as a means of creating government jobs for some of the nations many unemployed. Under the direction of Harry L. Hopkins, the WPA employed approximately 8 million people who worked on 1.4 million public projects before it was disbanded in 1943. Its programs were extremely popular and contributed significantly to Roosevelt’s landslide reelection in 1936.

I have always been amazed at the variety of works that the WPA had a hand in creating, from vast public building projects like the construction of highways, bridges, and dams to the careers of several important American artists, including Jackson Pollock and Willem de Kooning. Many of the most interesting art deco buildings still in use were built during the 1930s through the auspices of the WPA.

While the WPA constructed and led to many good works during its existence, one of the banes of corporate existence is the number of meetings that one must attend. Even worse than the raw number of meetings is the lack of any good that comes out of most meetings. Most meeting organizers have no clue how to run a successful or even useful meeting. I thought about this when I read a recent article in the Houston Business Journal (HBJ), entitled “10 ways to make your next meeting more productive by Dana Manciagli.

Manciagli began her piece by noting that researchers from the London School of Economics and Harvard University found that business leaders “spend 60% of their time in meetings, and only 15% working alone.” While this statistic alone is troubling enough, when you overlay that with the number of meetings where nothing is accomplished, it is clear to me you have a complete waste of time and resources. I do recognize that some companies have taken accomplishing nothing in meetings as a matter of corporate policy. General Motors (GM) took this to an art form in the well-documented GM Nod, which signified that there was agreement on an issue but that no one would actually do anything about it.

But for those who might want to actually accomplish something in a meeting, Manciagli pointed to Andrea Driessen whom she described as “chief boredom buster” at Seattle-based No More Bored Meetings . How is that for a moniker and company name? Manciagli related Driessen’s top ten tips for developing, running and ultimately having a successful meeting.

  1. Be a Know-it-all

Manciagli writes that because it is “natural to disengage when meeting content isn’t relevant. The most effective meeting hosts review all potential agenda segments to determine whether they apply to all attendees. If participants already know a particular content slice, then simply don’t cover that segment for the broader audience. Or if you have vastly different levels of awareness in the room, divide people accordingly to ensure maximum relevance for all.” Of course this means you will need to put some thought into your pre-meeting planning.

  1. No Problem? No Meeting!

We have all been subjected to it, the daily, weekly, monthly meeting check-in to see how the project is progressing. But Manciagli believes that “many of these less-than-productive meetings could be canceled or shortened if we identified the problem the meeting is intended to solve. And if we can’t find an identifiable problem, then don’t have the meeting.” Manciagli concludes, “Sometimes, it’s that simple.”

  1. Get Real

This is another pre-meeting planning point. Do you try to squeeze 13 action items for discussion and resolution into a 30-minute meeting? Conversely you do not need to book a 60-minute window to handle a couple of points. If you can handle a matter via email or need to go offline, do so.

  1. Prioritize, Prioritize, Prioritize!

Like its related cousin, Document, Document and Document, this phase should be more than simply a catchword. It should be an action item in your meeting planning process. Tackle your important issues first to “save time and solve your most pressing problem.”

  1. Play “Pass the Pad” To Avoid Late Arrivals

The biggest offender of this rule is, unfortunately, us lawyers. Why, because we are always (in our eyes) the most important. Yet not being able to start because someone is not present or having to repeat points is one of the worst problems there is around efficient meetings. The article notes, “Meeting productivity suffers when people arrive late, and the punctual are penalized.” Her solution is to require the latecomer to take notes in the meeting, writing “People learn quickly that they can either be on time, or become the dreaded note-taker if they are late. As host, you’ll see positive behavior change with little effort on your part.”

  1. Be a Meeting Bouncer

Manciagli tactfully writes about that “common meeting malady: the tangent talker.” I would perhaps less tactfully say there are way too many people who like to hear the sound of their own voices way too much. Manciagli suggests a little humor by “naming a tangent officer who monitors and records tangents for later. Use that parking lot! And you can lighten it up by using a toy police badge.” Nothing like a little corporate shame to keep things moving.

  1. Make it Multi-Sensory

It is not simply millennials who respond to social media. Most people do better when they are visually engaged. Manciagli suggests using more than simply oral presentations, use other tools, including the following: “Graphic illustration, in which someone draws out ideas in real time; Customer testimonials that emotionally inspire; Quizzes and games; Product demos; Surprise guests; Props that foster kinesthetic learning.”

  1. PPPPP

Everyone understands the Five P rule, aka prior planning prevents poor performance. As a meeting host, this means you must absolutely be prepared prior to the meeting. If there are technical issues, you should pass out that information prior to the meeting. Manciagli pointed out that “the more skin we all have in the game, the more likely we are to own and be accountable to group outcomes.”

  1. Hire an “Accountant”

Accountability. How many meetings have you attended where there was no accountability? Manciagli believes “Most meetings lack built-in accountability structures.” She gives the tangible hint to “ask everyone to record at least one goal related to the meeting that they’ll commit to completing in the next week or month, and have them check in with one another. Teams gain measurable accountability, and you get recognized for generating stronger results tied to your meetings.”

  1. Remember: Humor is No Joke

Humor has a big use in meetings, “The power of humor — if used effectively within the meeting mix — is no laughing matter. Indeed, there is a strong business case to be made for laughing while learning.” It can also lower the stress level in meetings, once again if used properly.

I am sure that you have your own horror stories of aimless, wandering meetings that go nowhere painfully slow. As a Chief Compliance Officer (CCO) or compliance practitioner, one of your most valuable items in a corporation is time. You can set an example about running an efficient and productive meeting and then lead your company down the path laid out in the article. Who knows, the results of what you start in your company may last as long as WPA work.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 3, 2015

Why Tone at the Top Matters and Join the FCPA Professor in Houston

IMG_1173Over this week I have looked at some issues related to compensation and methods from other disciplines that a compliance practitioner might use to test and then improve a company’s third party management regime. Today, I want to go back to the starting point for any compliance program; that is the Tone at the Top. I was reminded of the absolute necessity of having a management not only committed to following the law but the actual doing of compliance when I read about the guilty verdicts in the Atlanta schools cheating scandal.

In an article in the New York Times (NYT), entitled “Atlanta Educators Are Convicted of Racketeering”, reporter Alan Blinder detailed the guilty verdicts handed down in an Atlanta state Superior Court this week where 11 of 12 defendants were convicted in a lengthy trial. Blinder wrote, “On their eighth day of deliberations, the jurors convicted 11 of the 12 defendants of racketeering, a felony that carries up to 20 years in prison. Many of the defendants — a mixture of Atlanta public school teachers, testing coordinators and administrators — were also convicted of other charges, such as making false statements, that could add years to their sentences.” Most stunningly, the trial judge “ordered most of the educators jailed immediately, and they were led from the courtroom in handcuffs.”

The school district’s top administrator Dr. Beverly Hall, channeling her inner Ken Lay, had the temerity to pass away during the trial so there was no finding as to her conduct. Unrepentant to end she said “she had done nothing wrong and that her approach to education, which emphasized data, was not to blame.” When interviewed back in 2011, Dr. Hall had said, “I can’t accept that there’s a culture of cheating. What these 178 are accused of is horrific, but we have over 3,000 teachers.”

Think about those two statements for a moment. They mimic the same tired excuses used by apologizers in the anti-corruption world. First it was only a small subset of those involved who actually broke the law. In other words, the oldie but goodie rogue employee(s) defense. It did have the notable exception that there were 178 roguies out there lying and cheating. But more than the rogue employee defense, she emphasized that she obtained results, the scores on the State of Georgia’s standardized tests for public schools improved dramatically under her watch. In the Foreign Corrupt Practices Act (FCPA) anti-corruption world that is the same as “we had to do it to compete” argument. It is equally as inane as the rogue employee defense.

Moreover, a State of Georgia investigation “completed in 2011, led to findings that were startling and unsparing: Investigators concluded that cheating had occurred in at least 44 schools and that the district had been troubled by “organized and systemic misconduct.” Nearly 180 employees, including 38 principals, were accused of wrongdoing as part of an effort to inflate test scores and misrepresent the achievement of Atlanta’s students and schools. Investigators wrote in the report that Dr. Hall and her aides had “created a culture of fear, intimidation and retaliation” that had permitted “cheating — at all levels — to go unchecked for years.” How is that for tone from the very top?

I bring you another example from a company I once worked at whose management locked themselves behind bolted doors on a floor in the building not accessible by any employees. And just in case someone did make onto this executive floor, there was an armed police presence as a last ditch security measure. The locked down top floor was after the following security measures were already in place: (1) you had to badge in to get into the parking garage, (2) building access was by card entry, (3) elevator access was by card entry, and (4) floor access was by card entry.

Why would senior executives barricade themselves behind such massive physical protection? Did they do this because crazed competitors were sending in assassins, because the company was so profitable and hence unassailable as a competitor? How about something more nefarious such as international hit squads roaming through international businesses in Houston, picking off key executives? Alas the explanation was not anything so exotic. With all of these security measures in place the reason was to keep mere mortal employees away from senior management. What type of message that does send to employee? Much like the one I had growing up, speak only when spoken to.

The point of all this is that tone does matter. Senior management must be committed and communicate its commitment to not only obeying laws but also complying with laws. In the FCPA world, that means you must have a compliance program in place that meets the Ten Hallmarks of an Effective Compliance Program as set out in the FCPA Guidance.

On a completely different note as a compliance practitioner, if you want to have a shot at some serious professional growth and you are in the Houston area, somewhere else in Texas or anywhere else in the South, I suggest you consider attending the FCPA Professor’s FCPA Institute, which will be held in Houston on Monday, May 4 and Tuesday, May 5. The Professor’s goal in leading this first Texas FCPA Institute is “to develop and enhance fundamental skills relevant to the FCPA and FCPA compliance in a stimulating and professional environment with a focus on learning. Information at the FCPA Institute is presented in an integrated and cohesive way by an expert instructor with FCPA practice and teaching experience.” Some of the topics, which will be covered, include the following:

  • An informed understanding of why the FCPA became a law and what it seeks to accomplish;
  • A comprehensive understanding of the FCPA’s anti-bribery and books and records and internal controls provisions and related enforcement theories;
  • Various realties of the global marketplace which often give rise to FCPA scrutiny;
  • The typical origins of FCPA enforcement actions including the prominence of corporate voluntary disclosures;
  • The “three buckets” of FCPA financial exposure and how settlement amounts in an actual FCPA enforcement action are typically not the most expensive aspect of FCPA scrutiny and enforcement;
  • Facts and figures relevant to corporate and individual FCPA enforcement actions including how corporate settlement amounts are calculated;
  • How FCPA scrutiny and enforcement can result in related foreign law enforcement investigations as well as other negative business effects from market capitalization issues, to merger and acquisition activity, to FCPA related civil suits; and
  • Practical and provocative reasons for the general increase in FCPA enforcement.

In other words, it is what you have come to expect from the FCPA Professor; well-thought out reasoned analysis, practical knowledge and learning, and provocative thinking and assessment. But this is also your chance to attend a two-day Institute with one of the most original thinkers in the FCPA space. The FCPA Institute will provide insights into the topics more near and dear to my heart as a ‘nuts and bolts guy’. In addition to the above substantive knowledge, FCPA Institute participants will gain in-demand, practical skills to best manage and minimize FCPA risk by:

  • Practicing FCPA issue-spotting through video exercises;
  • Conducting a FCPA risk assessment;
  • Learning FCPA compliance best practices, including as to third parties;
  • Learning how to effectively communicate FCPA compliance expectations; and
  • Grading a FCPA code of conduct.

In addition, attorneys who complete the FCPA Institute may be eligible to receive those all-important Continuing Legal Education (CLE) credits. The sponsors, King & Spalding, will be seeking CLE credit in CA, GA, NY, TX and if needed in NC and VA. Actual CLE credit will be determined at the end of the program based on actual program time. Attorneys may be eligible to receive CLE credit through reciprocity or attorney self-submission in other states as well.

I hope that you can join the FCPA Professor for this FCPA Institute. I have previously said, “if the FCPA Professor writes about it you need to read it. While you may disagree with him, your FCPA perspective and experience will be enriched by the exercise.” I would now add to this statement that if the FCPA Professor puts on his FCPA Institute you should attend. Not only will you garner a better understanding of the theoretical underpinnings of the law and the plain words of its text; you will also be able to articulate many of the issues which befall companies caught up in a FCPA investigation to your senior management in a way that will help them understand the need for a robust compliance program.

To register for the FCPA Institute, or for more information, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 2, 2015

Managing Your Third Parties in a FCPA Compliance Program

7K0A0501The building blocks of any Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program lay the foundations for a best practices compliance program. For instance in the lifecycle management of third parties, most compliance practitioners understand the need for a business justification, questionnaire, due diligence, evaluation and compliance terms and conditions in contracts. However, as many companies mature in their compliance programs, the issue of third party management becomes more important. It is also the one where the rubber meets the road of actually doing compliance.

In the March/April issue of Supply Chain Management Review is an article by Mark Trowbridge, entitled “Put it in Writing: Sharpening Contracts Management to Reduce Risk and Boost Supply Chain Performance”, that provides some useful insights into the management of the third party relationship. While the focus of the article was about having a “strategic approach to contracts management” I found the author’s “five ways to start professionalizing your approach to outsourcing contracts” as steps a compliance practitioner can use in the management of third party relationships, both on the sales side and those which come into your company through the Supply Chain.

By taking his analysis into the compliance realm, I believe there are concrete steps you can take going forward. The key is to have a strategic approach to how you structure and manage your third party relationships. This may mean more closely partnering with your third parties to help manage the anti-corruption compliance risk. It would certainly lead towards enabling your company to “control risk while optimizing the performance” of your third parties. To achieve these goals, I have revised Trowbridge’s prescriptions from suppliers to third parties.

I. Consolidate Third Parties but Retain Redundancy

It is incumbent that consolidation in your third party relationships on the Supply Chain side to a smaller number of suppliers will “yield better cost leverage.” From the compliance perspective it also should make the entire third party lifecycle easier to manage, particularly steps 1-4. However a company must not “over-consolidate” by going down to a single source supplier. Trowbridge advocates a diversified supplier base, with a technique he calls “dual-sourcing”. From the compliance perspective, you may want to have a primary and secondary third party that you work with in a service line or geographic area to retain this redundancy.

II. Keep Tabs on Subcontracted Work

This is one area that requires an appropriate level of management. If your direct contracting party has the right or will need to subcontract some work out, you need to have visibility into this from the compliance perspective. You will need to require and monitor that your direct third party relationship has your approved compliance terms and conditions in their contracts with their subcontractors. You will also need to test that proposition. In other words, you must require, trust and then verify.

III. When Disaster Strikes, Make Sure Your Company is Legally Protected Too

This is where your compliance terms and conditions will come into play. One of the things that I advocate is a full indemnity if your third party violates the FCPA and your company is dragged into an investigation because of the third party’s actions. Such an indemnity may not be worth too much but if you do not have one, there will be no chance to recoup any of your legal or investigative costs. Another important clause is that any FCPA violation is a material breach of contract. This means that you can legally, under the terms of the contract, terminate it immediately, with no requirement for notice and cure. Once again you may be somewhat constrained by local laws but if you do not have the clause, you will have to give written notice and an opportunity to cure. This notice and cure process may be too long to satisfy the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) during the pendency of a FCPA investigation. Finally, you need a clause that requires your third party to cooperate in any FCPA investigation. This means cooperation with you and your designated investigation team but it may also mean cooperation with US governmental authorities as well.

You also need the ability to move between third parties if the need arises. This is the redundancy issue raised above. You do not want to be stuck with no approved freight forwarders or other transporters in a certain geographic area. If a compliance related matter occurs, you may well need certain contractual rights to move your work and to require your prime third party to cooperate with the transition to your secondary third party.

IV. Keep Track of Your Third Parties’ Financial Stability

This is one area that is not usually discussed in the compliance arena around third parties but it seems almost self-evident. You can certainly imagine the disruption that could occur if your prime third party supplier in a country or region went bankrupt; but in the compliance realm there is another untoward Red Flag that is raised in such circumstances. Those third parties under financial pressure may be more easily persuaded to engage in bribery and corruption than third parties that stand on a more solid financial footing. You can do this by a simple requirement that your third party provide annual audited financial statements. For a worldwide logistics company, this should be something easily accomplished.

Trowbridge says, “Automated financial tracking tools can also be used to keep track of material changes in a supplier’s financial stability.” You should also use your in-house relationship manager to regularly visit key third party relationships so an on-the-ground assessment can be a part of an ongoing conversation between your company and your third parties.

V. Formalize Incentives for Third Party Performance

One of the key elements for any third party contract under the FCPA or UK Bribery Act is the compensation issue. If the commission rate is too high, it could create a very large pool of money that could be used to pay bribes. It is mandatory that your company link any commission or payment to the performance of the third party. If you have a long-term stable relationship with a third party, you can tie compensation into long-term performance, specifically including long-term compliance performance. This requires the third party to put skin into the compliance game so that they have a vested, financial interest in getting things done in compliance with the FCPA or other anti-corruption compliance regime.

Additionally, as Trowbridge notes, “The fact is, linking contractual compensation to performance does make a significant difference in supplier performance. This is especially valuable when agreed upon key performance indicator (KPI) metrics can be accurately tracked.” This would seem to be low hanging for the compliance practitioner. If you cannot come up with some type of metric from the compliance perspective, you can work with your business relationship team to develop such compliance KPIs.

While Trowbridge’s article focused on the suppliers, I found his ideas easily transferable to the compliance field. Near the end of the article Trowbridge suggested ranking suppliers based upon a variety of factors including performance, length of relationship, benchmarking metrics and KPIs. This is a way for the compliance practitioner to have an ongoing risk ranking for third parties that can work as a preventative and even proscription prong of a compliance program and allow the delivery of compliance resources to those third parties that might need or even warrant them.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 12, 2015

Protections for CCOs from Wrongful Termination

Wrongful TerminationThis week the Houston Texans unceremoniously cut the franchise’s greatest player in its short history, receiver Andre Johnson. This was after his being hauled into the office of the head coach and being told that he would only need to work half as hard next year. As reported by Jerome Solomon in the Houston Chronicle article entitled “Move inevitable, but team bungles its handling”, Head Coach Bill O’Brien told Johnson that his catch total would drop from the 84 he has averaged in his 12 year career with the Texans down to “around 40 passes next season.” But O’Brien went on to add the team’s certain Hall of Fame receiver “wasn’t likely to be a starter next season, definitely not for all of the games.” So much for playing your best player at his position on a full-time basis, but hey, at least the information was made public.

Now imagine you are a Chief Compliance Officer (CCO) and have been one of your company’s senior management for the better part of the past 12 years. While you may not have been the most important member of the management team you certainly have helped navigate the company through rough compliance waters. Now imagine the company Chief Executive Officer (CEO) who tells you that although he has no one in mind to replace you (other than a less experienced and a smaller-salaried compliance specialist) your services will only be needed half the time in the coming year. What if this is in response to advice the head of the company did not like? What should the response be?

You can consider the departure from MF Global of its Chief Risk Officer, the financial services equivalent of a CCO. As reported in a New York Times (NYT) article entitled “MF Global’s Risk Officer Said to Lack Authority” Ben Protess and Azam Ahmed reported that the company replaced its Chief Risk Officer, Michael Roseman, after he “repeatedly clashed with Mr. Corzine [the CEO] over the firm’s purchase of European sovereign debt.” He was given a large severance package and left the company. When he left, there was no public reason given. His replacement was brought into the position with reduced authority.

If you are a public company, you may well need to heed the advice of fraud and compliance expert Jonathan Marks, a partner at Crowe Horwath LLP, who advocates that any time a CCO, a key executive, is dismissed it should be an 8K reporting event because the departure may be a signal of a change in the company’s attitude towards compliance or an alleged ethical breach had taken place. A similar view was expressed by Michael W. Peregrine in a NYT article entitled “Another View: MF Global’s Corporate Governance Lesson”, where he wrote that a “compliance officer is the equivalent of a “protected class” for governance purposes, and the sooner leadership gets that, the better.” Particularly in the post Sarbanes-Oxley world, a company’s CCO is a “linchpin in organizational efforts to comply with applicable law.” When a company fires (or asks him/her to resign), it is a significance decision for all involved in corporate governance and should not be solely done at the discretion of the CEO alone.

In its Code of Ethics for Compliance and Ethics Professionals, the Society for Corporate Compliance and Ethics (SCCE) has postulated Rule 1.4, which reads, “If, in the course of their work, CEPs become aware of any decision by their employing organization which, if implemented, would constitute misconduct, the professional shall: (a) refuse to consent to the decision; (b) escalate the matter, including to the highest governing body, as appropriate; (c) if serious issues remain unresolved after exercising “a” and “b”, consider resignation; and (d) report the decision to public officials when required by law.” As commentary to this rule, the SCCE said, “The duty of a compliance and ethics professional goes beyond a duty to the employing organization, inasmuch as his/her duty to the public and to the profession includes prevention of organizational misconduct. The CEP should exhaust all internal means available to deter his/her employing organization, its employees and agents from engaging in misconduct. The CEP should escalate matters to the highest governing body as appropriate, including whenever: a) directed to do so by that body, e.g., by a board resolution; b) escalation to management has proved ineffective; or c) the CEP believes escalation to management would be futile. CEPs should consider resignation only as a last resort, since CEPs may be the only remaining barrier to misconduct. A letter of resignation should set forth to senior management and the highest governing body of the employing organization in full detail and with complete candor all of the conditions that necessitate his/her action. In complex organizations, the highest governing body may be the highest governing body of a parent corporation.”

What about compensation? The Department of Justice (DOJ) has made clear that it expects a CCO to resign if the company refuses advice and violates the Foreign Corrupt Practices Act (FCPA). The former head of the DOJ-FCPA unit Chuck Duross went so far as to compare CCOs and compliance practitioners to the Texans at the Alamo. To be fair to Duross, I think he was focusing more on the line in the sand part of the story, while I took that to mean they were all slaughtered for what they believed in. But whichever interpretation you may choose to put on it, the DOJ clearly expects a CCO to stand up and if a CEO does not like what they say, he or she must resign. This puts CCOs and compliance practitioners in a very difficult position, particularly if there is no exit compensation for doing the right thing by standing up.

I think the next step should be for the DOJ and Securities and Exchange Commission (SEC) to begin to discuss the need for contractual protection of CCOs and other compliance practitioners against retaliation for standing up against corruption and bribery. The standard could simply be one that protects a CCO and other compliance practitioners against termination without cause. Just as the SEC is investigating whether companies are trying to muzzle whistleblowers through post-employment Confidentiality Agreements, I think they should consider whether CCOs and other compliance practitioners need more employment protection. I think the SEC should also consider the proposals of Marks regarding the required 8K or other public reporting of the dismissal or resignation of any CCO. Finally, I would expand on Peregrine’s suggestion and require that a company Board of Directors approve any dismissal of a CCO. With these protections in place, a CCO or compliance practitioner would have the ability to confront management who might take business decisions that violate the FCPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

February 6, 2015

Arsenale and Incentivizing Compliance

ArsenaleI continue with a Venice themed blog post today by focusing on the Arsenale. No this is no a precursor to that famous north London football club, the Arsenal Gunners, but the district in Venice where one of the main commercial enterprises of the city took place, that being ship building and ship repair. At one point, the Arsenale employed almost 10% of the city’s workforce or 12,000 people. This was in the mid 1200s to the 1400s when Venice was at or near the height of its trading and financial power. The Arsenale developed the first production line for the building of ships, when, of course, it was all done by hand. The equipment developed to drag ships up on shore and repair was simply amazing. Appropriately, the Arsenale is now an Italian naval facility.

But I also picked up some interesting compliance insights in learning more about the Arsenale. The ship building techniques were of such a high level and importance to the city that they were viewed as state secrets. To protect against the loss of such valuable intellectual property, the Venetian city fathers put in a series of incentives and punishments that can help inform your best practices compliance program up to this day. First, and foremost, Venice forbade any skilled worker from leaving the city to go to work at a neighboring or rival city; the first non-compete and still widely used by corporate America today. Second was the punishment that if you were caught passing secret, you were summarily executed only after excruciating torture; while these techniques are not as widely used by corporate America today I am sure there are some non-enlightened corporate leaders who might like to re-institute one or both practices.

However over on the incentive side there were several mechanisms the City of Venice used to help make the Arsenale work force more loyal and desirous to stay in their jobs, all for the betterment of themselves and their city. The first was job security. The Arsenale was so busy for so many years that lay-offs were unheard of. Even if someone lost their job, through injury, mishap or worse; they received enough of compensation that they could live in the city. Finally, when a worker died, the company provided not only funeral expenses but would assist in taking care of the family through stipends or finding other work for family members.

This dual focus on keeping the state secrets of ship building and repair within the City of Venice reminded me of one of the points that representatives of the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) continually remind compliance practitioners about when discussing any best practices compliance program; whether based on the Ten Hallmarks of an Effective Compliance Program, as articulated in their jointly released FCPA Guidance, or some other articulation such as in a Deferred Prosecution Agreement (DPA) Attachment C. They continually remind Chief Compliance Officers (CCOs) and compliance practitioners that any best practices compliance program should have both incentives and discipline as a part of the program.

Regarding disincentives for violating the Foreign Corruption Practices Act (FCPA), the Guidance is clear in stating, “DOJ and SEC will thus consider whether, when enforcing a compliance program, a company has appropri­ate and clear disciplinary procedures, whether those proce­dures are applied reliably and promptly, and whether they are commensurate with the violation. Many companies have found that publicizing disciplinary actions internally, where appropriate under local law, can have an important deterrent effect, demonstrating that unethical and unlawful actions have swift and sure consequences.”

However, the Guidance is equally clear that there should be incentives for not only following your own company’s internal Code of Conduct but also doing business the right way, i.e. not engaging in bribery and corruption. On incentives, the Guidance says, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance pro­gram, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.” But the Guidance also recognizes that incentives need not only be limited to financial rewards as sometime simply acknowledging employees for doing the right thing can be a powerful tool as well.

All of this was neatly summed up in the Guidance with a quote from a speech given in 2004 by Stephen M. Cutler, the then Director, Division of Enforcement, SEC, entitled, “Tone at the Top: Getting It Right”, to the Second Annual General Counsel Roundtable, where Director Cutler said the following:

[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cutting ethical corners is an ac­ceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his win-loss record.

All of this demonstrates that incentives can take a wide range of avenues. At the recently held ACI FCPA Bootcamp in Houston, TX, one of the speakers said that the Houston based company Weatherford, annually awards cash bonuses of $10,000 for employees who go above and beyond in the area of ethics and compliance for the company. While some might intone that is to be expected from a company that only recently concluded a multi-year and multi-million dollar enforcement action; as the speaker said if you want emphasize a change on culture, not much says so more loudly than awarding that kind of money to an employee.

While I am sure that being handed a check for $10,000 is quite a nice prize, you can also consider much more mundane methods to incentivize compliance. You can make a compliance evaluation a part of any employee’s overall evaluation for some type of year end discretionary bonus payment. It can be 5%, 10% or even up to 20%. But once you put it in writing, you need to actually follow it.

But incentives can be burned into the DNA of a company through the hiring and promotion processes. There should be a compliance component to all senior management hires and promotions up to those august ranks within a company. Your Human Resources (HR) function can be a great aid to your cause in driving the right type of behavior through the design and implementation of such structures. Employees know who gets promoted and why. If someone who is only known for hitting their numbers continually is promoted, however they accomplished this feat will certainly be observed by his or her co-workers.

Just as the fathers of Venice viewed the workers of the Arsenale as critical to the well-being of their city, senior managers need to understand the same about their work force. In places like Texas, employees typically are incentivized with some enlightened remark along the lines of “You should just be happy you even have a job.” Fortunately there are real world examples of how corporate incentives can work into a compliance regime. The City of Venice long ago showed how such incentives could help it maintain a commercial advantage. Fortunately the DOJ and SEC still understand those valuable lessons and continue to talk about them as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 26, 2015

Good Bye to Mr. Cub, the Siege of Vienna and Doing More Compliance with Less

Ernie BanksLet’s play two! That was perhaps the most famous maxim from Ernie Banks, who died this past weekend at the age of 83. As for a sobriquet, it does not get much better than being known as ‘Mr. Cub’ from any baseball fan from 9 to 90. Banks was famous as one of the greatest power-hitting shortstops, leading the National League (NL) in homers and runs batted in, while playing that position as an All-Star in 1958 and 1959. He ended up with over 500 career home runs, when that actually meant something. But he was also known as ‘Mr. Sunshine’ for having one of the most pleasant dispositions of anyone ever to play Major League Baseball (MLB). He remained close to the Cubs team and made frequent appearances at their spring training grounds, in Arizona. Author Harry Strong wrote in 2013 that “the Chicago Cubs do not have a mascot, but they hardly need one when the face of the franchise is still so visible.” Mr. Cub indeed.

I also considered the invasion of Europe by the Ottoman Empire that culminated in the siege of Vienna, in 1683. This marked the high-water mark for the Ottomans and after their defeat they began a long slide until they became known as the ‘sick man of Europe’ in the early 1900s. One of the more interesting things I learned was that the original walls surrounding Vienna had been constructed from monies paid to the Holy Roman Emperor as his ransom for releasing the English King Richard the Lionhearted back in 1194. Talk about getting some serious value for your spending.

I thought about that initial use of monies by the Holy Roman Emperor, who was then the King of Vienna almost 500 years before the Ottoman invasion and how the later walls of Vienna were re-engineered to repulse not only more modern siege weapons but even the advent of gunpowder and cannon fire which the Ottomans tried to use to batter the city into submission.

While the rest of the US economy is finally on an uptick, things down here in Texas are not so rosy with the price of oil hovering at less than $50 per barrel. Major energy service companies have announced cutbacks in spending and layoffs have commenced in a major way, with some companies trimming their work force by over 10% at this early stage. Even companies that have not laid off workers, as yet, are seriously considering no raises or bonuses for the largest parts of their employee base for 2015. For those in the compliance space, viewed as non-revenue generating overhead, things are beginning to get ugly, if not downright scary.

What does this economic reversal mean for compliance? First, and foremost, your compliance function has to continue to operate to prevent, detect and remediate compliance issues. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) will not consider arguments that ‘we did all we could with what we had’ when you are still operating in places where there is a high indicia of bribery and corruption. But what do Mr. Cub and the Siege of Vienna have with this economic conundrum facing those Chief Compliance Officers (CCOs) and compliance practitioners in the energy space? Both of these examples point out that you can use other parts of your organization to affect your compliance efforts going forward. Banks was associated with the Cubs for over 60 years. The walls of Vienna, originally constructed in the 13th century, were used as a base for the next 400 years. I have long advocated that your Human Resource (HR) function should be a first-rate friend of your compliance function. There are several areas where HR has expertise that can facilitate your compliance efforts going forward. These include hiring, employee evaluation and succession planning to help enable you to hire, reward and promote employees with the values that compliment your compliance efforts.

Other areas include the IT and Marketing departments. Another person I would add is the Corporate Secretary, the reason for this is that the Corporate Secretary has several constituencies within the company that he or she may work with and for. This can provide an opportunity to view a company’s ethics and compliance program and to help shape and direct it. The Corporate Secretary, head of IT or Marketing may be excellent resources to the CCO, that may be under-utilized. It might be worth a cup of coffee or short meeting to see what they might think about your ethics and compliance program or how they might be able to assist you in your efforts.

Another way to think through some of these issues was presented in a recent article in the Financial Times (FT) Fast Times column, entitled “Local lessons for taking on the world”, by Tyler Brûlé. In this article he pointed to some roundtable discussions he attended at the recent conference in Davos, where local mayors discussed some “tried – and – tested policies for governing thousands of people that can be applied to millions of people”. I found them some excellent thoughts for a CCO or compliance practitioner who might be required to do more with less on a rather immediate basis.

Degree or not degree. The Swiss do not believe that a person must have an advanced degree to fix high-speed cabling above a mountain pass or to be a fine hotel general manager. Brûlé notes there is “An emphasis on apprenticeships and vocational education means more workers with useful skills, rather than thousands of unemployed people with useless degrees.” For the CCO, think about using non-lawyer resources in key roles such as using a well-trained paralegal to oversee your ongoing third party program.

Support compliance locally. With an emphasis on not just locally grown but also locally made, the Swiss use this practice to aid many different and diverse areas from protecting small businesses to wasteful global logistics. Brûlé said that “Buying local helps expand the wealth base and forces big retailers to cater to an audience who appreciate that many items are still Made in Switzerland.” For the compliance practitioner this means using more local resources to home grow compliance in various regions outside the US.

Join the compliance community. Brûlé believes that “New arrivals need to recognize that they’re signing up to Switzerland’s social codes, and not the other way around.” While this might not seem Politically Correct from the political perspective, from the compliance perspective you should work more closely with HR to hire folks who profess the same values that you espouse.

High-value versus value engineering. Brûlé writes that the Swiss have “A tradition of building infrastructure, housing and offices right the first time rather than engineering them so they need to be updated constantly creates a culture where quality is admired and consumers expect value for money rather than settling for “good enough”.” I recognize that programs, policies and procedures need fine-tuning, however, from the walls of Vienna being in use for over 400 years to the Cubs using Ernie Banks as an institution for nearly that long shows that high-value can be derived from multiple sources. As a compliance practitioner you are only limited by your own imagination to make things work, through trial and error if need be but you can create something which will work for some time.

Talk to me. Interestingly Brûlé found that “the Swiss are among the lowest users of social media in Europe.” He chalked this up to “village life, good public transport and a sense of community.” If there is one skill a CCO or compliance practitioner should learn, work on and employ continuously it is to listen. Beyond that your employee base is in large part looking for your input on how to do business ethically and in compliance. So talk to them as well.

So farewell to Ernie Banks and I hope that the Cubs have a better century in the 21st than they had in the 20th.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 22, 2015

Both Sides Now and Asking the Right Compliance Questions

Judy CollinsOne of my favorite singers has always been Judy Collins. Like most of us, I was introduced to her through her interpretation of Joni Mitchell’s song Both Sides Now which she released in 1967. Joni Mitchell did not record her own version of this song until 1969. It was not until the 1990s that I became aware that Mitchell’s inspiration for the song was that she gave up a child she bore out of wedlock in the early 1960s. She managed to put all that pain into one of the most beautiful ballads I have ever heard. I also did not know that Judy Collins was the inspiration for the Crosby, Stills, Nash & Young song Suite: Judy Blue Eyes until I read an article about her in a recent Wall Street Journal (WSJ) article in Weekend Confidential column by Alexandra Wolf, entitled “Judy Collins”.

I thought about how long I mis-understood the genesis and import of these two songs when I read a recent article in the Winter 2015 edition of the MIT Sloan Management Review, entitled “The Power of Asking Pivotal Questions” by Paul J. H. Schoemaker and Steven Krupp. The authors posit that “In a rapidly changing business landscape, executives need the ability to quickly spot both new opportunities and hidden risks. Asking the right questions can help you broaden your perspective — and make smarter decisions.” Their findings showed that to help managers make better decisions they needed to (1) examine broad market trends and less visible undercurrents; (2) seek out diverse viewpoints to allow multiple views of complex issues; and (3) actually push back if consensus comes together too quickly. They posed six questions, which I believe have some direct insights and are important for the Chief Compliance Officer (CCO) or compliance practitioner so I have adapted their findings directly for the compliance function.

Think Outside In. The authors ask, “How well do you understand the implications of broad market trends and less visible undercurrents for your business and for upcoming strategic choices?” Here I think compliance practitioners need to understand not only what your business does but equally importantly where it is going. This is also true about where compliance itself is going as the Department of Justice (DOJ) now requires that companies which enter into Deferred Prosecution Agreements (DPAs) keep abreast of both technological innovations and also industry trends in compliance. To engage in some of the authors’ suggestions, you need to go to conferences outside the compliance function and to leverage your current networks and join new ones.

Explore Future Scenarios. In this query, you will need to consider, “How thoroughly have you analyzed major external uncertainties and future scenarios that could significantly impact your business decisions?” The authors point to war-gaming as an example of scenario planning. While a CCO may feel like he or she only has time to put out fires, you need to consider what may become the ‘elephant in the room’. Consider the example of GlaxoSmithKline PLC (GSK) in China. The new Chinese government had clearly been signaling an upcoming drive against bribery and corruption. It was only a matter of time until a western company got caught up in its dragnet. Yet, even with specific knowledge of a high ranking party functionary making internal whistleblower claims, GSK not only could not uncover its own systemic corruption but was caught flat-footed when Chinese officials brought forward substantive allegations and evidence of corruption. To help with this issue, the authors suggest you ask questions about the external business environment and to “scout for the periphery” of emerging compliance or regulatory trends. You should also follow developments in your industry to anticipate where the DOJ or Securities and Exchange Commission (SEC) might be going next with enforcement.

Be a Contrarian. This question focuses on diversity of opinions by asking, “Do you regularly seek out diverse views to see multiple sides of complex issues, and do you purposely explore important problems from several angles?” This is an ongoing battle that many corporate senior managers, including compliance practitioners, face, that being to “promote diverse and creative friction.” A CCO must learn to ask if the compliance team team has sought sufficient contrarian input and been exposed to all sides of an issue before reaching a decision. While it is possible to counter the tendency of many compliance practitioners to go along to get along; offering contrarian compliance views are particularly essential when tackling major strategic decisions in an uncertain environment. The authors recommend you use such techniques as fostering constructive debate in meetings, pushing back when consensus groups form too quickly and designate specific devil’s advocates to argue the case against the prevailing views or conventional wisdom.

Look for Patterns. Taking a more analytical approach, the authors inquired as to whether “you deploy multiple lenses to connect dots from diverse sources and stakeholders, and do you delve deep to see important connections that others miss?” Connecting the dots entered the lexicon most prominently after 9/11. However it is an importance concept for the compliance practitioner as well. You need to be able to “amplify discrete data points, connect them and take decisive action” because many compliance practitioners are limited by selective perception and seek information that confirms what they wish to believe.

To overcome this information bias, the authors suggest that you utilize the following strategies. One is to “Look for competing explanations to challenge your observations” as this allows you to “engage a wide range of stakeholders, customers and strategic partners to weigh in.” A second is that when you are “stuck trying to recognize patterns or interpret complex data, step away, get some distance and then try again. Sleep on the data, since the mind continues to process information when resting.” This is because each time you take “a break, and then reengaged, he got a deeper understanding and asked better questions.” Finally, do not forget the power of pictures, visualization and charts. You can “use visual graphs or flowcharts to juxtapose the larger picture with the individual puzzle pieces. Pattern recognition is easier when all the information is clearly laid out and presented in different ways.”

Create New Options. Under this prong, the authors investigate whether “you generate and evaluate multiple options when making a strategic decision, and do you consider the risks of each, including unintended consequences?” The authors believe that few senior leaders will “engage in creative thinking.” This can also be true for the compliance practitioner. The authors posit that “When people feel pressed for time, they become less flexible and much prefer certainty to ambiguity. Ambiguity aversion is typically heightened in crisis situations and can lead to cognitive myopia, a narrow focus that can be counterproductive.” To overcome this tendency to cut corners when we are under the gun the authors suggest the following. The first technique is to not simply present “binary go/no-go decisions, reframe a situation to always examine several more options.” Particularly as a compliance practitioner, with or without legal training, you should always inquire as to what else might we do? The second suggestion is to utilize “impromptu meetings when time is limited to generate more options, including unconventional choices. The Midnight Rambler crew did this during a major crisis.” Finally, you should work to “review alternatives based on clear criteria and rank options accordingly.” From this you should work to “Clearly define decision criteria, make them explicit, weigh them and then score each option against the criteria to identify the best choice. Be disciplined when it comes to making tough trade-offs.”

 Learn From Failure. The authors want to know if you encourage experiments and “failing fast” as a source of innovation and quick learning? If there is one area that a compliance practitioner will always face, it is failure. There will always be instances where an employee violates your Code of Conduct or compliance program. It does not matter if you are the World’s Most Ethical Company or somewhere below that level in the compliance strata. But as Paul McNulty said, “What did you do about it when you found out?”, remember this is his Maxim Number 3. The authors write that “Learning from mistakes has much to do with a leader’s mind-set and the questions that he or she asks both before and after an unexpected event occurs. Strategic decision makers abandon the pursuit of perfection, allow some room for well-intentioned mistakes, and examine what went wrong and why. What matters is how well a team learns from setbacks and what mode of inquiry it allows. The best teams try to fail fast, often and cheaply in search of innovation.”

The authors suggest three steps to help facilitate McNulty’s Maxim Number 3. First is to “Shine a light on mistakes as a source of new learning.” Do not bury or hide your miss-steps. Be open about them. Second, you cannot learn from your mistakes unless you study them so if your compliance regime fails in some way, perform a root cause analysis to determine the reason. Lastly, use your miss-steps as teaching moments going forward. The authors note that you should “Publicize stories about failed projects that led to innovative solutions. Praise those who learned from their errors and try to extract learning from near misses.”

TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 19, 2015

Revisiting The Raven and Visiting Foreign Subsidiaries

Poe and RavenToday we celebrate the birth of one of America’s most iconic authors, Edgar Allen Poe, who was born on this day in Boston, Massachusetts. Anyone who reads or watches a mystery show on television owes a debt to Poe for inventing the genre. Poe flunked out of West Point but later became an editor at the Southern Literary Messenger in Richmond, Virginia. He wrote the poem The Raven and short stories like The Fall of the House of Usher and The Tell-Tale Heart. In the mid-1830s he began to write mystery stories, including The Murders in the Rue Morgue and The Purloined Letter – works that would earn him a reputation as the father of the modern detective story. He died in 1849.

I thought about his well-known sad tale when I read a recent article in the MIT Sloan Management Review by Cyril Bouquet, Jean-Louis Barsoux and Orly Levy, entitled “The Perils of Attention from Headquarters”. The authors had a very different perspective on what I thought to be a rather mundane issue; that being visits to markets outside the US by senior management from US corporate headquarters. The authors posited, “Operations in growing markets such as China often draw substantial attention from corporate headquarters. Unfortunately, that attention does not always add value — and can even impede performance.” The authors studied this issue in an international workshop they ran for “managers of foreign subsidiaries on how to manage the attention of headquarters staff.” Given the current attention that Chief Compliance Officers (CCOs) and compliance practitioners need to spend on China specifically, and international operations more generally, I thought the article had some excellent insights for the compliance function going forward.

The authors identified four major issues in their workshop. The first was the number of visits, which was articulated as “The overriding complaint from China subsidiary managers concerns the number of visits from head office staff.” I found a related complaint perhaps less self-obvious, “Not only do they come often, but they want to spend more time, and they all come on weekends! For my team, it means that nearly every weekend, there is somebody to entertain.” The second issued raised was the inevitable increased workload after such a visit. The authors wrote, “The visits also generate follow-up work and online meetings that can interfere with running the business. According to the China sales head of a European water utility group: “The local people get frustrated because the global people, after they return, keep asking for more information. … But we don’t have 500 people running around who are able to produce a report overnight.””

The next two concerns were closely related. They involved a lack of understanding and, more importantly, a lack of listening by senior management from western countries such as US, or those in Europe. While this first concern may not be as true in the area of compliance it is certainly worth noting that the authors said, “The third area of frustration had to do with the perceived lack of understanding and realism of headquarters executives. Although headquarters visits to China subsidiaries were intended to build trust and alignment, subsidiary managers reported that the visits often had the opposite effect.” Finally, is the age-old bugaboo of failing to listen. The authors stated, “Frequent visits from headquarters are allegedly driven by a desire to “learn,” “exchange ideas” or “help the local operations,” but that’s not how local managers always perceive these interactions. According to the subsidiary head of a European express delivery group, “The code word for ‘fix’ is ‘help.’ They say ‘we’re coming to help.’ No, they’re not. They’re coming to fix. Trust me.””

But the authors did more than simply list out the problems they observed in their workshop. They provided recommendations for “healthier dynamics between corporate headquarters and affiliates.” I have adapted them for the CCO or compliance practitioner.

  1. Encourage open dialogue. As a precondition for adding compliance value, you, as a compliance practitioner, must work to understand the business of the foreign subsidiary, which requires a willingness to listen and to engage in unstructured interactions. “Where possible, try to spend time with customers and frontline employees, and to travel to places other than Shanghai and Beijing,” advised the China head of a US sanitation technology group.
  2. Play the role of consultant or coach. Certainly in the current anti-corruption enforcement environment, a CCO or compliance function should put a foreign business unit interest in driving compliance at the top of the agenda. They quoted one China country manager of a US consumer goods company for the following, ““In our case, the affiliate is the entrepreneur and the corporate head office staff are the consultants who are here to support us,” he said. “The moment that you get experts coming out from the corporate headquarters telling you what to do, then that would be very frustrating, particularly in a place like China.”” A compliance function must to work not only with but also for an international business unit. Remember you are the compliance professional and expert.
  3. Be a problem solver. The compliance practitioner should not be a problem creator but a problem solver, not Dr. No from the Land of No. So not only should you be challenging subsidiary managers and helping them develop their compliance plans, but you should work to “actually do things for the subsidiary managers. Indeed, rather than organizing their time in China around their own priorities, executives from headquarters should reserve some time to support the subsidiary managers’ priorities.” The authors quoted one Chinese business unit head of government affairs and corporate communications for a US health-care group for the following, ““Sometimes we need to leverage higher people from global to do what we cannot do [with] our own personnel in China.””

But there is also a role for the foreign subsidiary in this process. If something really is ‘mission impossible’ for the compliance function or other function in a foreign business unit, it is the responsibility of that group to raise the concern. Simply smiling and nodding your head will lead to a severe backlash after the corporate executive group leaves and the initiative or project is not met. A second area is that the subsidiary needs to help make the corporate folks understand the culture. Listening by corporate can only be facilitated if someone from the local subsidiary is communicating with them during a visit. The authors end by stating, “Ultimately, subsidiary managers need to move beyond their frustrations with headquarters and take some responsibility for managing the relationship. As a country manager who successfully turned around his corporation’s China operation observed, how a subsidiary manager frames the visits from headquarters executives is key: “If you see the visit as a burden, then it will be a burden for you. But you can also see it as an opportunity to bring across the core messages you want to deliver and to help people understand a specific topic.””

I found this article quite interesting because it tackles an issue from the perspective not often considered in compliance, that of the foreign subsidiary. There are many ways to do business ethically and in compliance. By taking the time to visit a foreign subsidiary and to listen, a CCO or compliance practitioner can go a long way toward communicating a culture of compliance to use going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,244 other followers