FCPA Compliance and Ethics Blog

February 6, 2015

Arsenale and Incentivizing Compliance

ArsenaleI continue with a Venice themed blog post today by focusing on the Arsenale. No this is no a precursor to that famous north London football club, the Arsenal Gunners, but the district in Venice where one of the main commercial enterprises of the city took place, that being ship building and ship repair. At one point, the Arsenale employed almost 10% of the city’s workforce or 12,000 people. This was in the mid 1200s to the 1400s when Venice was at or near the height of its trading and financial power. The Arsenale developed the first production line for the building of ships, when, of course, it was all done by hand. The equipment developed to drag ships up on shore and repair was simply amazing. Appropriately, the Arsenale is now an Italian naval facility.

But I also picked up some interesting compliance insights in learning more about the Arsenale. The ship building techniques were of such a high level and importance to the city that they were viewed as state secrets. To protect against the loss of such valuable intellectual property, the Venetian city fathers put in a series of incentives and punishments that can help inform your best practices compliance program up to this day. First, and foremost, Venice forbade any skilled worker from leaving the city to go to work at a neighboring or rival city; the first non-compete and still widely used by corporate America today. Second was the punishment that if you were caught passing secret, you were summarily executed only after excruciating torture; while these techniques are not as widely used by corporate America today I am sure there are some non-enlightened corporate leaders who might like to re-institute one or both practices.

However over on the incentive side there were several mechanisms the City of Venice used to help make the Arsenale work force more loyal and desirous to stay in their jobs, all for the betterment of themselves and their city. The first was job security. The Arsenale was so busy for so many years that lay-offs were unheard of. Even if someone lost their job, through injury, mishap or worse; they received enough of compensation that they could live in the city. Finally, when a worker died, the company provided not only funeral expenses but would assist in taking care of the family through stipends or finding other work for family members.

This dual focus on keeping the state secrets of ship building and repair within the City of Venice reminded me of one of the points that representatives of the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) continually remind compliance practitioners about when discussing any best practices compliance program; whether based on the Ten Hallmarks of an Effective Compliance Program, as articulated in their jointly released FCPA Guidance, or some other articulation such as in a Deferred Prosecution Agreement (DPA) Attachment C. They continually remind Chief Compliance Officers (CCOs) and compliance practitioners that any best practices compliance program should have both incentives and discipline as a part of the program.

Regarding disincentives for violating the Foreign Corruption Practices Act (FCPA), the Guidance is clear in stating, “DOJ and SEC will thus consider whether, when enforcing a compliance program, a company has appropri­ate and clear disciplinary procedures, whether those proce­dures are applied reliably and promptly, and whether they are commensurate with the violation. Many companies have found that publicizing disciplinary actions internally, where appropriate under local law, can have an important deterrent effect, demonstrating that unethical and unlawful actions have swift and sure consequences.”

However, the Guidance is equally clear that there should be incentives for not only following your own company’s internal Code of Conduct but also doing business the right way, i.e. not engaging in bribery and corruption. On incentives, the Guidance says, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance pro­gram, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.” But the Guidance also recognizes that incentives need not only be limited to financial rewards as sometime simply acknowledging employees for doing the right thing can be a powerful tool as well.

All of this was neatly summed up in the Guidance with a quote from a speech given in 2004 by Stephen M. Cutler, the then Director, Division of Enforcement, SEC, entitled, “Tone at the Top: Getting It Right”, to the Second Annual General Counsel Roundtable, where Director Cutler said the following:

[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cutting ethical corners is an ac­ceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his win-loss record.

All of this demonstrates that incentives can take a wide range of avenues. At the recently held ACI FCPA Bootcamp in Houston, TX, one of the speakers said that the Houston based company Weatherford, annually awards cash bonuses of $10,000 for employees who go above and beyond in the area of ethics and compliance for the company. While some might intone that is to be expected from a company that only recently concluded a multi-year and multi-million dollar enforcement action; as the speaker said if you want emphasize a change on culture, not much says so more loudly than awarding that kind of money to an employee.

While I am sure that being handed a check for $10,000 is quite a nice prize, you can also consider much more mundane methods to incentivize compliance. You can make a compliance evaluation a part of any employee’s overall evaluation for some type of year end discretionary bonus payment. It can be 5%, 10% or even up to 20%. But once you put it in writing, you need to actually follow it.

But incentives can be burned into the DNA of a company through the hiring and promotion processes. There should be a compliance component to all senior management hires and promotions up to those august ranks within a company. Your Human Resources (HR) function can be a great aid to your cause in driving the right type of behavior through the design and implementation of such structures. Employees know who gets promoted and why. If someone who is only known for hitting their numbers continually is promoted, however they accomplished this feat will certainly be observed by his or her co-workers.

Just as the fathers of Venice viewed the workers of the Arsenale as critical to the well-being of their city, senior managers need to understand the same about their work force. In places like Texas, employees typically are incentivized with some enlightened remark along the lines of “You should just be happy you even have a job.” Fortunately there are real world examples of how corporate incentives can work into a compliance regime. The City of Venice long ago showed how such incentives could help it maintain a commercial advantage. Fortunately the DOJ and SEC still understand those valuable lessons and continue to talk about them as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 26, 2015

Good Bye to Mr. Cub, the Siege of Vienna and Doing More Compliance with Less

Ernie BanksLet’s play two! That was perhaps the most famous maxim from Ernie Banks, who died this past weekend at the age of 83. As for a sobriquet, it does not get much better than being known as ‘Mr. Cub’ from any baseball fan from 9 to 90. Banks was famous as one of the greatest power-hitting shortstops, leading the National League (NL) in homers and runs batted in, while playing that position as an All-Star in 1958 and 1959. He ended up with over 500 career home runs, when that actually meant something. But he was also known as ‘Mr. Sunshine’ for having one of the most pleasant dispositions of anyone ever to play Major League Baseball (MLB). He remained close to the Cubs team and made frequent appearances at their spring training grounds, in Arizona. Author Harry Strong wrote in 2013 that “the Chicago Cubs do not have a mascot, but they hardly need one when the face of the franchise is still so visible.” Mr. Cub indeed.

I also considered the invasion of Europe by the Ottoman Empire that culminated in the siege of Vienna, in 1683. This marked the high-water mark for the Ottomans and after their defeat they began a long slide until they became known as the ‘sick man of Europe’ in the early 1900s. One of the more interesting things I learned was that the original walls surrounding Vienna had been constructed from monies paid to the Holy Roman Emperor as his ransom for releasing the English King Richard the Lionhearted back in 1194. Talk about getting some serious value for your spending.

I thought about that initial use of monies by the Holy Roman Emperor, who was then the King of Vienna almost 500 years before the Ottoman invasion and how the later walls of Vienna were re-engineered to repulse not only more modern siege weapons but even the advent of gunpowder and cannon fire which the Ottomans tried to use to batter the city into submission.

While the rest of the US economy is finally on an uptick, things down here in Texas are not so rosy with the price of oil hovering at less than $50 per barrel. Major energy service companies have announced cutbacks in spending and layoffs have commenced in a major way, with some companies trimming their work force by over 10% at this early stage. Even companies that have not laid off workers, as yet, are seriously considering no raises or bonuses for the largest parts of their employee base for 2015. For those in the compliance space, viewed as non-revenue generating overhead, things are beginning to get ugly, if not downright scary.

What does this economic reversal mean for compliance? First, and foremost, your compliance function has to continue to operate to prevent, detect and remediate compliance issues. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) will not consider arguments that ‘we did all we could with what we had’ when you are still operating in places where there is a high indicia of bribery and corruption. But what do Mr. Cub and the Siege of Vienna have with this economic conundrum facing those Chief Compliance Officers (CCOs) and compliance practitioners in the energy space? Both of these examples point out that you can use other parts of your organization to affect your compliance efforts going forward. Banks was associated with the Cubs for over 60 years. The walls of Vienna, originally constructed in the 13th century, were used as a base for the next 400 years. I have long advocated that your Human Resource (HR) function should be a first-rate friend of your compliance function. There are several areas where HR has expertise that can facilitate your compliance efforts going forward. These include hiring, employee evaluation and succession planning to help enable you to hire, reward and promote employees with the values that compliment your compliance efforts.

Other areas include the IT and Marketing departments. Another person I would add is the Corporate Secretary, the reason for this is that the Corporate Secretary has several constituencies within the company that he or she may work with and for. This can provide an opportunity to view a company’s ethics and compliance program and to help shape and direct it. The Corporate Secretary, head of IT or Marketing may be excellent resources to the CCO, that may be under-utilized. It might be worth a cup of coffee or short meeting to see what they might think about your ethics and compliance program or how they might be able to assist you in your efforts.

Another way to think through some of these issues was presented in a recent article in the Financial Times (FT) Fast Times column, entitled “Local lessons for taking on the world”, by Tyler Brûlé. In this article he pointed to some roundtable discussions he attended at the recent conference in Davos, where local mayors discussed some “tried – and – tested policies for governing thousands of people that can be applied to millions of people”. I found them some excellent thoughts for a CCO or compliance practitioner who might be required to do more with less on a rather immediate basis.

Degree or not degree. The Swiss do not believe that a person must have an advanced degree to fix high-speed cabling above a mountain pass or to be a fine hotel general manager. Brûlé notes there is “An emphasis on apprenticeships and vocational education means more workers with useful skills, rather than thousands of unemployed people with useless degrees.” For the CCO, think about using non-lawyer resources in key roles such as using a well-trained paralegal to oversee your ongoing third party program.

Support compliance locally. With an emphasis on not just locally grown but also locally made, the Swiss use this practice to aid many different and diverse areas from protecting small businesses to wasteful global logistics. Brûlé said that “Buying local helps expand the wealth base and forces big retailers to cater to an audience who appreciate that many items are still Made in Switzerland.” For the compliance practitioner this means using more local resources to home grow compliance in various regions outside the US.

Join the compliance community. Brûlé believes that “New arrivals need to recognize that they’re signing up to Switzerland’s social codes, and not the other way around.” While this might not seem Politically Correct from the political perspective, from the compliance perspective you should work more closely with HR to hire folks who profess the same values that you espouse.

High-value versus value engineering. Brûlé writes that the Swiss have “A tradition of building infrastructure, housing and offices right the first time rather than engineering them so they need to be updated constantly creates a culture where quality is admired and consumers expect value for money rather than settling for “good enough”.” I recognize that programs, policies and procedures need fine-tuning, however, from the walls of Vienna being in use for over 400 years to the Cubs using Ernie Banks as an institution for nearly that long shows that high-value can be derived from multiple sources. As a compliance practitioner you are only limited by your own imagination to make things work, through trial and error if need be but you can create something which will work for some time.

Talk to me. Interestingly Brûlé found that “the Swiss are among the lowest users of social media in Europe.” He chalked this up to “village life, good public transport and a sense of community.” If there is one skill a CCO or compliance practitioner should learn, work on and employ continuously it is to listen. Beyond that your employee base is in large part looking for your input on how to do business ethically and in compliance. So talk to them as well.

So farewell to Ernie Banks and I hope that the Cubs have a better century in the 21st than they had in the 20th.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 22, 2015

Both Sides Now and Asking the Right Compliance Questions

Judy CollinsOne of my favorite singers has always been Judy Collins. Like most of us, I was introduced to her through her interpretation of Joni Mitchell’s song Both Sides Now which she released in 1967. Joni Mitchell did not record her own version of this song until 1969. It was not until the 1990s that I became aware that Mitchell’s inspiration for the song was that she gave up a child she bore out of wedlock in the early 1960s. She managed to put all that pain into one of the most beautiful ballads I have ever heard. I also did not know that Judy Collins was the inspiration for the Crosby, Stills, Nash & Young song Suite: Judy Blue Eyes until I read an article about her in a recent Wall Street Journal (WSJ) article in Weekend Confidential column by Alexandra Wolf, entitled “Judy Collins”.

I thought about how long I mis-understood the genesis and import of these two songs when I read a recent article in the Winter 2015 edition of the MIT Sloan Management Review, entitled “The Power of Asking Pivotal Questions” by Paul J. H. Schoemaker and Steven Krupp. The authors posit that “In a rapidly changing business landscape, executives need the ability to quickly spot both new opportunities and hidden risks. Asking the right questions can help you broaden your perspective — and make smarter decisions.” Their findings showed that to help managers make better decisions they needed to (1) examine broad market trends and less visible undercurrents; (2) seek out diverse viewpoints to allow multiple views of complex issues; and (3) actually push back if consensus comes together too quickly. They posed six questions, which I believe have some direct insights and are important for the Chief Compliance Officer (CCO) or compliance practitioner so I have adapted their findings directly for the compliance function.

Think Outside In. The authors ask, “How well do you understand the implications of broad market trends and less visible undercurrents for your business and for upcoming strategic choices?” Here I think compliance practitioners need to understand not only what your business does but equally importantly where it is going. This is also true about where compliance itself is going as the Department of Justice (DOJ) now requires that companies which enter into Deferred Prosecution Agreements (DPAs) keep abreast of both technological innovations and also industry trends in compliance. To engage in some of the authors’ suggestions, you need to go to conferences outside the compliance function and to leverage your current networks and join new ones.

Explore Future Scenarios. In this query, you will need to consider, “How thoroughly have you analyzed major external uncertainties and future scenarios that could significantly impact your business decisions?” The authors point to war-gaming as an example of scenario planning. While a CCO may feel like he or she only has time to put out fires, you need to consider what may become the ‘elephant in the room’. Consider the example of GlaxoSmithKline PLC (GSK) in China. The new Chinese government had clearly been signaling an upcoming drive against bribery and corruption. It was only a matter of time until a western company got caught up in its dragnet. Yet, even with specific knowledge of a high ranking party functionary making internal whistleblower claims, GSK not only could not uncover its own systemic corruption but was caught flat-footed when Chinese officials brought forward substantive allegations and evidence of corruption. To help with this issue, the authors suggest you ask questions about the external business environment and to “scout for the periphery” of emerging compliance or regulatory trends. You should also follow developments in your industry to anticipate where the DOJ or Securities and Exchange Commission (SEC) might be going next with enforcement.

Be a Contrarian. This question focuses on diversity of opinions by asking, “Do you regularly seek out diverse views to see multiple sides of complex issues, and do you purposely explore important problems from several angles?” This is an ongoing battle that many corporate senior managers, including compliance practitioners, face, that being to “promote diverse and creative friction.” A CCO must learn to ask if the compliance team team has sought sufficient contrarian input and been exposed to all sides of an issue before reaching a decision. While it is possible to counter the tendency of many compliance practitioners to go along to get along; offering contrarian compliance views are particularly essential when tackling major strategic decisions in an uncertain environment. The authors recommend you use such techniques as fostering constructive debate in meetings, pushing back when consensus groups form too quickly and designate specific devil’s advocates to argue the case against the prevailing views or conventional wisdom.

Look for Patterns. Taking a more analytical approach, the authors inquired as to whether “you deploy multiple lenses to connect dots from diverse sources and stakeholders, and do you delve deep to see important connections that others miss?” Connecting the dots entered the lexicon most prominently after 9/11. However it is an importance concept for the compliance practitioner as well. You need to be able to “amplify discrete data points, connect them and take decisive action” because many compliance practitioners are limited by selective perception and seek information that confirms what they wish to believe.

To overcome this information bias, the authors suggest that you utilize the following strategies. One is to “Look for competing explanations to challenge your observations” as this allows you to “engage a wide range of stakeholders, customers and strategic partners to weigh in.” A second is that when you are “stuck trying to recognize patterns or interpret complex data, step away, get some distance and then try again. Sleep on the data, since the mind continues to process information when resting.” This is because each time you take “a break, and then reengaged, he got a deeper understanding and asked better questions.” Finally, do not forget the power of pictures, visualization and charts. You can “use visual graphs or flowcharts to juxtapose the larger picture with the individual puzzle pieces. Pattern recognition is easier when all the information is clearly laid out and presented in different ways.”

Create New Options. Under this prong, the authors investigate whether “you generate and evaluate multiple options when making a strategic decision, and do you consider the risks of each, including unintended consequences?” The authors believe that few senior leaders will “engage in creative thinking.” This can also be true for the compliance practitioner. The authors posit that “When people feel pressed for time, they become less flexible and much prefer certainty to ambiguity. Ambiguity aversion is typically heightened in crisis situations and can lead to cognitive myopia, a narrow focus that can be counterproductive.” To overcome this tendency to cut corners when we are under the gun the authors suggest the following. The first technique is to not simply present “binary go/no-go decisions, reframe a situation to always examine several more options.” Particularly as a compliance practitioner, with or without legal training, you should always inquire as to what else might we do? The second suggestion is to utilize “impromptu meetings when time is limited to generate more options, including unconventional choices. The Midnight Rambler crew did this during a major crisis.” Finally, you should work to “review alternatives based on clear criteria and rank options accordingly.” From this you should work to “Clearly define decision criteria, make them explicit, weigh them and then score each option against the criteria to identify the best choice. Be disciplined when it comes to making tough trade-offs.”

 Learn From Failure. The authors want to know if you encourage experiments and “failing fast” as a source of innovation and quick learning? If there is one area that a compliance practitioner will always face, it is failure. There will always be instances where an employee violates your Code of Conduct or compliance program. It does not matter if you are the World’s Most Ethical Company or somewhere below that level in the compliance strata. But as Paul McNulty said, “What did you do about it when you found out?”, remember this is his Maxim Number 3. The authors write that “Learning from mistakes has much to do with a leader’s mind-set and the questions that he or she asks both before and after an unexpected event occurs. Strategic decision makers abandon the pursuit of perfection, allow some room for well-intentioned mistakes, and examine what went wrong and why. What matters is how well a team learns from setbacks and what mode of inquiry it allows. The best teams try to fail fast, often and cheaply in search of innovation.”

The authors suggest three steps to help facilitate McNulty’s Maxim Number 3. First is to “Shine a light on mistakes as a source of new learning.” Do not bury or hide your miss-steps. Be open about them. Second, you cannot learn from your mistakes unless you study them so if your compliance regime fails in some way, perform a root cause analysis to determine the reason. Lastly, use your miss-steps as teaching moments going forward. The authors note that you should “Publicize stories about failed projects that led to innovative solutions. Praise those who learned from their errors and try to extract learning from near misses.”

TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 19, 2015

Revisiting The Raven and Visiting Foreign Subsidiaries

Poe and RavenToday we celebrate the birth of one of America’s most iconic authors, Edgar Allen Poe, who was born on this day in Boston, Massachusetts. Anyone who reads or watches a mystery show on television owes a debt to Poe for inventing the genre. Poe flunked out of West Point but later became an editor at the Southern Literary Messenger in Richmond, Virginia. He wrote the poem The Raven and short stories like The Fall of the House of Usher and The Tell-Tale Heart. In the mid-1830s he began to write mystery stories, including The Murders in the Rue Morgue and The Purloined Letter - works that would earn him a reputation as the father of the modern detective story. He died in 1849.

I thought about his well-known sad tale when I read a recent article in the MIT Sloan Management Review by Cyril Bouquet, Jean-Louis Barsoux and Orly Levy, entitled “The Perils of Attention from Headquarters”. The authors had a very different perspective on what I thought to be a rather mundane issue; that being visits to markets outside the US by senior management from US corporate headquarters. The authors posited, “Operations in growing markets such as China often draw substantial attention from corporate headquarters. Unfortunately, that attention does not always add value — and can even impede performance.” The authors studied this issue in an international workshop they ran for “managers of foreign subsidiaries on how to manage the attention of headquarters staff.” Given the current attention that Chief Compliance Officers (CCOs) and compliance practitioners need to spend on China specifically, and international operations more generally, I thought the article had some excellent insights for the compliance function going forward.

The authors identified four major issues in their workshop. The first was the number of visits, which was articulated as “The overriding complaint from China subsidiary managers concerns the number of visits from head office staff.” I found a related complaint perhaps less self-obvious, “Not only do they come often, but they want to spend more time, and they all come on weekends! For my team, it means that nearly every weekend, there is somebody to entertain.” The second issued raised was the inevitable increased workload after such a visit. The authors wrote, “The visits also generate follow-up work and online meetings that can interfere with running the business. According to the China sales head of a European water utility group: “The local people get frustrated because the global people, after they return, keep asking for more information. … But we don’t have 500 people running around who are able to produce a report overnight.””

The next two concerns were closely related. They involved a lack of understanding and, more importantly, a lack of listening by senior management from western countries such as US, or those in Europe. While this first concern may not be as true in the area of compliance it is certainly worth noting that the authors said, “The third area of frustration had to do with the perceived lack of understanding and realism of headquarters executives. Although headquarters visits to China subsidiaries were intended to build trust and alignment, subsidiary managers reported that the visits often had the opposite effect.” Finally, is the age-old bugaboo of failing to listen. The authors stated, “Frequent visits from headquarters are allegedly driven by a desire to “learn,” “exchange ideas” or “help the local operations,” but that’s not how local managers always perceive these interactions. According to the subsidiary head of a European express delivery group, “The code word for ‘fix’ is ‘help.’ They say ‘we’re coming to help.’ No, they’re not. They’re coming to fix. Trust me.””

But the authors did more than simply list out the problems they observed in their workshop. They provided recommendations for “healthier dynamics between corporate headquarters and affiliates.” I have adapted them for the CCO or compliance practitioner.

  1. Encourage open dialogue. As a precondition for adding compliance value, you, as a compliance practitioner, must work to understand the business of the foreign subsidiary, which requires a willingness to listen and to engage in unstructured interactions. “Where possible, try to spend time with customers and frontline employees, and to travel to places other than Shanghai and Beijing,” advised the China head of a US sanitation technology group.
  2. Play the role of consultant or coach. Certainly in the current anti-corruption enforcement environment, a CCO or compliance function should put a foreign business unit interest in driving compliance at the top of the agenda. They quoted one China country manager of a US consumer goods company for the following, ““In our case, the affiliate is the entrepreneur and the corporate head office staff are the consultants who are here to support us,” he said. “The moment that you get experts coming out from the corporate headquarters telling you what to do, then that would be very frustrating, particularly in a place like China.”” A compliance function must to work not only with but also for an international business unit. Remember you are the compliance professional and expert.
  3. Be a problem solver. The compliance practitioner should not be a problem creator but a problem solver, not Dr. No from the Land of No. So not only should you be challenging subsidiary managers and helping them develop their compliance plans, but you should work to “actually do things for the subsidiary managers. Indeed, rather than organizing their time in China around their own priorities, executives from headquarters should reserve some time to support the subsidiary managers’ priorities.” The authors quoted one Chinese business unit head of government affairs and corporate communications for a US health-care group for the following, ““Sometimes we need to leverage higher people from global to do what we cannot do [with] our own personnel in China.””

But there is also a role for the foreign subsidiary in this process. If something really is ‘mission impossible’ for the compliance function or other function in a foreign business unit, it is the responsibility of that group to raise the concern. Simply smiling and nodding your head will lead to a severe backlash after the corporate executive group leaves and the initiative or project is not met. A second area is that the subsidiary needs to help make the corporate folks understand the culture. Listening by corporate can only be facilitated if someone from the local subsidiary is communicating with them during a visit. The authors end by stating, “Ultimately, subsidiary managers need to move beyond their frustrations with headquarters and take some responsibility for managing the relationship. As a country manager who successfully turned around his corporation’s China operation observed, how a subsidiary manager frames the visits from headquarters executives is key: “If you see the visit as a burden, then it will be a burden for you. But you can also see it as an opportunity to bring across the core messages you want to deliver and to help people understand a specific topic.””

I found this article quite interesting because it tackles an issue from the perspective not often considered in compliance, that of the foreign subsidiary. There are many ways to do business ethically and in compliance. By taking the time to visit a foreign subsidiary and to listen, a CCO or compliance practitioner can go a long way toward communicating a culture of compliance to use going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 13, 2015

What’s the Password for Compliance? Swordfish and Lessons for the CCO

SwordfishI continue my exploration of the Marx Brothers this week by looking at their most successful commercial film made for Paramount, Horse Feathers. While Duck Soup is and always will be my favorite film due to its overall and complete anarchy, Horse Feathers comes in a close second. The movie takes place on a college campus and generally revolves around Huxley College’s attempt to win ‘the big game’ against Darwin College and payments to college football players (does that sound familiar?). I remember after the first time I saw it and told my father about it, he was still able, some 40 years after he first viewed it, to quote the famous password scene involving all manners of puns on the word ‘swordfish’. I quote the entire scene, where Professor Wagstaff (Groucho) attempts to gain access to a Speakeasy guarded by Baravelli (Chico).

Baravelli: …you can’t come in unless you give the password.

Professor Wagstaff: Well, what is the password?

Baravelli: Aw, no. You gotta tell me. Hey, I tell what I do. I give you three guesses. It’s the name of a fish.

Professor Wagstaff: Is it “Mary?”

Baravelli: [laughing] ‘At’s-a no fish!

Professor Wagstaff: She isn’t? Well, she drinks like one! …Let me see… Is it “Sturgeon”?

Baravelli: Aw, you-a craze. A “sturgeon”, he’s a doctor cuts you open when-a you sick. Now I give you one more chance.

Wagstaff: I got it! “Haddock”.

Baravelli: ‘At’s a-funny, I got a “haddock” too.

Wagstaff: What do you take for a “haddock”?

Baravelli: Sometimes I take an aspirin, sometimes I take a calomel.

Wagstaff: Y’know, I’d walk a mile for a calomel.

Baravelli: You mean chocolate calomel? I like-a that too, but you no guess it. [Slams door. Wagstaff knocks again. Baravelli opens peephole again.] Hey, what’s-a matter, you no understand English? You can’t come in here unless you say, “Swordfish.” Now I’ll give you one more guess.

Professor Wagstaff: …swordfish, swordfish… I think I got it. Is it “swordfish”?

Baravelli: Hah. That’s-a it. You guess it.

Professor Wagstaff: Pretty good, eh?

Harpo (“Pinky”) takes the perhaps more direct approach. When Baravelli challenges him for the password, he gets into the speakeasy by pulling a sword and a fish out of his trench coat, putting the sword down the throat of the dead fish and presenting the combined sword and fish the doorman. While I still guffaw when reading all of this, I would urge you to click through to the YouTube video I have linked to at the end of this blog post.

I do find some lessons for the Chief Compliance Officer (CCO) or compliance practitioner in this scene. I have adapted the lessons from an article in the Financial Times (FT) by Michael Skapinker, entitled “Seven lessons in management I learnt over the last decade”.

  1. Do not rush. It takes Groucho a while but he does not rush and he gets in. We all arrive with a new plan. Your plan may be right or wrong but unless the barbarians are at the gate (i.e. banks or creditors) you will have time to listen, refine and build alliances and to identify those folks who were actually waiting for what you may want to propose. Skapinker believes the most important promise you will make in an interview is to talk to everyone first and then work towards your implementation.
  2. A good deputy helps you sleep at night. This one may seem to be a counter-intuitive lesson from the above skit but not in reality, as it is in the interest of the establishment for Groucho to actually enter the Speakeasy. However, Skapinker believes you should have someone who not only understands what you want but also “a deputy with different skills from yours. You want someone who will alert you to problems. But you also want someone who sees the business the way you do”.
  3. Decide what your business stands for and tell everyone until you can no longer stand the sound of your voice. The Marx Brothers did this every time they opened their collective mouths; insanity prevailed. Skapinker wrote, “You need to decide what yours is, and you need to keep telling people, both inside and outside. Whether they believe you depends on how true it is”. I cannot think of anything more important for the CCO or compliance practitioner to follow.
  4. Hire people on probation. This would seem to be the entire point of the swordfish exercise. You need to find a way to determine if folks are going to do and say the right thing before you let them in. In the corporate world this should take place in the form of employees being evaluated for doing business the right way and in compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Whenever someone is promoted to senior management or into a position where there is a high risk of corruption, such as to a region with a propensity for corruption, such an evaluation should be made by the compliance function in conjunction with the Human Resources (HR) function of an organization.
  5. Treat your team like adults. If the Marx Brothers were anything it certainly was adults. By this I mean their humor worked on multiple and a multitude of levels. It worked for me as a teenager in the 1970s just as it worked for my father who was then in his late 40s. Skapinker relates what might seem self-obvious that “Most people want to do a good job. They do not come to work to rip you off. So trust them. Judge them by their results and do not hover over them.” However, coming from the energy industry in Houston, I have certainly seen companies that treated employees like they were in the third grade. It simply does not work in the compliance arena because if you are big enough to be international, you will not have the ability to lord over all your employees, all the time. You have to try and hire the right folks, train them and give them the tools to succeed.
  6. Tell people what they have just told you. This technique simply shows you are listening, which is how Groucho finally figured out the password and got into the Speakeasy. In a company, Skapinker believes that “There is no more powerful management tool than showing people that you have listened to them. The best way not only to show you have listened, but really to do so, is to repeat their views in good faith back to them. That way, even if you decide something different, they feel they have had a good hearing.” At the close of meetings you can use this strategy to help rally your team around your decision including those who might have disagreed with you.
  7. Make your numbers. I think Harpo’s example here is paramount. Let folks see what you are doing. Since he was the mute one, he gave a visual representation of a swordfish but it communicated the message. For the CCO or compliance practitioner, you need to come up with some metrics to demonstrate the value you are adding. I would suggest that it comes in the area of accounting controls because at the end of the day, internal controls under the FCPA are accounting controls. You need to communicate your mission and that you are achieving it to the Board of Directors or senior management. 

I still grin when I think about the swordfish scene. For a clip of the scene on YouTube, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 9, 2015

The Darwin Awards, Nepotism and Compliance

Darwin AwardsI am a podcast aficionado. One of my favorites is Slate’s Hang Up and Listen, which is a weekly discussion of sports events and issues. One of its segments details each participant relating a whimsical event from the previous week. I thought about whimsy when I was studying Christopher Columbus and his travels to the New World recently. Everyone knows that In 1492, Columbus sailed the ocean blue but you may not know that on this day in 1493, sailing near the Dominican Republic, he believed that he saw three mermaids which he reportedly described them as “not half as beautiful as they are painted.” However, it turned out that he only saw manatees for the first time.

Mermaids, mythical half-female, half-fish creatures, have existed in seafaring cultures at least since the time of the ancient Greeks. Typically depicted as having a woman’s head and torso, a fishtail instead of legs and holding a mirror and comb, mermaids live in the ocean and, according to some legends, can take on a human shape and marry mortal men. Mermaids are closely linked to sirens, another folkloric figure, part-woman, part-bird, who live on islands and sing seductive songs to lure sailors to their deaths. Mermaid sightings by sailors were most likely manatees, which are slow moving aquatic mammals with human-like eyes, bulbous faces and paddle-like tails.

I thought about Columbus and his initial belief that he saw mermaids and decided to cut him a bit of slack, even if only to chalk it up to whimsy. But sometimes you simply cannot believe that corporations and their senior management are so stupid as I continue to I read about the ongoing Korean Airlines scandal, which has been dubbed Nut-Rage. As readers will recall it involved the (now former) Korean Air executive Cho Hyun-ah (Heather Cho), who threw one of the greatest diva-worthy (or perhaps five year-old worthy) public temper tantrums of all-time. An article in the BBC Online, entitled “Former Korean Air executive apologises for ‘nut rage’“, reported that “Ms Cho was onboard a Korean Airlines plane departing from New York for Incheon last week when she demanded a crew member to be removed, after she was served nuts in a bag, instead of on a plate.” Also, according an article in Slate entitled “Flight Attendant Forced to Kneel for Serving Nuts in a Bag (Instead of a Dish) to Korean Air Executive” by Daniel Politi, Ms. Cho was not simply content to disrupt the plane’s service, air traffic control and airport scheduling, he wrote “Just when you thought the whole story about the Korean Air executive who went nuts over some nuts couldn’t get more ridiculous, the head of the cabin crew said he was forced to kneel to apologize about how a flight attendant served some macadamia nuts. Just in case you haven’t been following the case, Heather Cho, the daughter of the airline’s chairman and the executive in charge of in-flight service, forced a plane to return back to the gate at New York’s JFK airport last week after a flight attendant dared to bring her macadamia nuts in a bag and not a dish. Cho forced the head of the cabin crew to get off the plane.”

But the story did not end there. In another BBC article, entitled “Korean Air executive ‘made steward kneel over nut rage’”, the head of the cabin crew also reported that “Once home, officials from the airline came to his home to ask him to say that Ms Cho did not use abusive language and that he had voluntarily got off the plane.” Not to be outdone in this attempt to obstruct the truth and intimidate the witness, the BBC article also reported “Korean Air initially defended Ms Cho, noting that she was responsible for overseeing flight service in her role as vice-president, but the company later apologised.”

Late last year, Ms. Cho was determined to be a flight risk and was detained by Korean police. Song Jung-A reporting in the Financial Times (FT), in an article entitled “Korean Air ‘nut rage’ heiress held as flight risk”, said that Ms. Cho was detained by the Seoul western district court, which was quoted as saying ““There is a risk of flight or evidence tampering…while investigations are under way.””

However, now this piece of privileged child blowhardedness and outright corporate stupidity has taken an even more serious turn. In a Wall Street Journal (WSJ) article, entitled “Rancor Builds of Korean Air Affair”, Alastair Gale reported, “that behavior led to Ms. Cho’s indictment on charges of assault and changing flight plans, both violations of aviation-safety laws. Ms. Cho was also charged with coercion and obstruction of justice after she allegedly ordered company officials to intervene in the government probe into the incident. If convicted, Ms. Cho faces a maximum penalty of 15 years in prison, according to a spokesman for the Korea Bar Association.”

Where is the corporate stupidity here? Gale noted that “Immediately following the incident, Korean Air released a statement saying Ms. Cho had pointed out the service problem as part of her duties and that the captain decided to offload the head of cabin crew. Jung-A also reported “The court added that there were “systematic attempts to cover up” Ms. Cho’s actions since the nut rage incident this month.” This led to the arrest of another Korean Air executive who was accused of “putting pressure on employees to lie to government investigators” about the incident. Unfortunately when the gene pool is limited, not only do you get inbreeding but you also get the results of inbreeding. In Korea, they even have a name for it – Chaebol. 

As noted in the Gale piece, Chaebol began after the Korean War “when South Korea’s government selected companies to take the lead in industries it thought could thrive internationally. Those companies were guaranteed financing and protected from local competition to help them grow and dri ve the nation out of poverty.” Gale also reported, “Ms. Cho’s tantrum is being held up as an example of the problems that arise when corporate power is passed down family lines. “It is foolish of the owners of big corporations to give their children any role in management unless they show at least a modicum of ability,” conservative South Korean newspaper Chosun Ilbo said in a recent editorial. “The only way to shed the image of rampant nepotism is to place ability before family ties.””

So should Ms. Cho, the Korean practice of Chaebol and the Nut-Rage Affair be chalked up as a whimsy or should this story be featured in the annual Darwin Awards which states, “We watch the watchman watch the watchmen”? Natural selection deems that some individuals 
serve as a warning to others. Who are we to disagree?

The next generation, ever and anon, is descended from the survivors. Nepotism rules exist in well-run corporations for a valid business reason. For if you hire the CEO’s daughter, make her a senior executive with no accountability except to Daddy and she throws uber temper tantrums, you may really have a compliance problem because your corporate culture is obviously sadly lacking.TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

December 18, 2014

Ty Cobb and the Compliance Performance Appraisal Review

Ty CobbToday we celebrate greatness, in the form of one of the greatest baseball players ever, with the anniversary of the birthday of Ty Cobb. Coming up to the majors as a center fielder for the Detroit Tigers in 1905, he emerged in 1907 to hit .350 and win the first of nine consecutive league batting titles. He also led the league that year with 212 hits, 49 steals and 116 RBIs. In 1909 he won the league’s Triple Crown for the most home runs (9), most runs batted in (107), and best batting average (.377). In 1911, he led the league in eight offensive categories, including batting (.420), slugging percentage (.621), hits (248), doubles (47), triples (24), runs (147), RBI (144) and steals (83), and won the first American League MVP award. He batted .410 the following season, becoming the first player in the history of baseball to bat better than .400 in two consecutive seasons.

Cobb set a record for stolen bases (96) and won his ninth straight batting title in the 1915 season. He faltered the next year, but came back to win another three straight titles from 1917 to 1919. He left the team in 1926 and signed with the Oakland Athletics, hitting .357 and becoming the first-ever player to reach 4,000 total career hits before retiring after the 1928 season. His record of nine consecutive batting titles as well as his overall number of 12 will never be succeeded.

While Cobb certainly had quite a bit of natural ability, he was also a very dedicated baseball player, forever working to improve his craft. He might not have taken well to criticism but he did work to improve all aspects of his game. One of the modern ways to improve employee performance is through an annual employee performance review. Recently I read an article in the Houston Business Journal entitled “6 Ways To Make Performance Reviews More Productive” by Janet Flewelling. I found her article provided some interesting perspectives on some of the ‘nuts and bolts’ work that you can put into your Foreign Corrupt Practices Act (FCPA) or UK Bribery Act anti-corruption program that can be relatively low-cost but can add potentially high benefits.

One of the ways to drive compliance into the DNA of an organization is through incentives such as making it a component of a year-end discretionary bonus payment. Indeed the FCPA Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance pro­gram, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.”

Most Human Resources (HR) experts will opine that properly executed performance appraisals are crucial to organizational productivity as well as the development of employee skills and employee morale. Moreover, they can serve a couple of different functions for a best practices compliance program. First, and foremost, they communicate to each employee their job performance from a compliance perspective. However, one key is not to approach the performance appraisal review as an isolated event but rather a continual process. This means that instead of trying to play catch-up at the last minute, supervisors should provide feedback and assess job performance throughout the year so annual reviews are grounded in a year’s worth of experience. This includes the compliance component of each job. The second area performance appraisals impact is compensation. As noted above, the DOJ and SEC expect that your compliance program will have both discipline and incentives. But those incentives need to be based upon something. The score or other performance appraisal metrics will provide to you a standard which you can measure and use to evaluate for other purposes such as employee promotion or advancement to senior management going forward.

In her article Flewelling provides six points you should consider which I have adapted for the compliance component of an annual employee performance appraisal. 

  1. Prioritize reviews in your schedule – You should schedule the employee performance appraisal at least several days in advance, rather than when a time slot suddenly opens up. You would make sure that you allot sufficient time for unhurried give and take between the reviewer and the employee.
  2. Review the entire year’s performance – You should resist the attempt to focus the discussion on the latest compliance experience. This is called recency bias. If a compliance issue arose in the past month or so, you need to keep it in perspective for the entire review period. Moreover, by focusing a review on a recent problem you may obscure prior accomplishments and make an employee feel demoralized. Take care not to go too much in the opposite direction as recency bias can work both ways, and one should not let a favorable recent compliance event overshadow the full review period.
  3. Do not hesitate to critique – Be generous with praise where it is warranted, but do not hesitate to discuss improvements needed in the compliance arena. Many supervisors are reluctant to confront and indeed desire to avoid confrontation. However remaining silent about an employee’s compliance shortcomings is a disservice to both the company and the employee.
  4. Do not dominate the conversation – Remember that you must give the employee time for self-appraisal and to ask questions or to comment about the feedback received from the compliance perspective. If there are specific questions or concerns raised by the employee you need to be prepared to address them as appropriate.
  5. Understand the employee’s role – You need to understand and appreciate that if the recent economy has resulted in many employees assuming the responsibilities of more than one position. If relevant to the employee, acknowledge that fact and take it into account in the review. This is certainly true from the compliance perspective as many non-Compliance Department employees have cross-functional responsibilities. If they claim not to have the time to handle their compliance responsibilities you will need to address this with the employee and perhaps structurally as well.
  6. Anticipate reprisal – Although it is rare, you can face the situation where an employee who is very dissatisfied with a review may refuse to sign it. The employee may be offered the opportunity to add a statement to the review. Also point out that the employee signature is an acknowledgement of receiving the review and does not signify agreement. If the employee still refuses to sign, have a second supervisor come in to witness the refusal. This may be particularly important from the compliance perspective.

Flewelling ends her piece by noting, “A proper annual review requires considerable effort from employee supervisors. It should be a full-year process involving regular guidance and feedback and perhaps several mini-reviews along the way. But rather than viewing it as onerous, supervisors should keep in mind that it is a tool for making their departments work more efficiently and yields better results for everyone involved.” I would add this is doubled from the compliance perspective. Nonetheless the potential upside can be significant from your overall compliance program perspective.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 12, 2014

Seamus Heaney and Compliance With a Seat at the Table

Seamus Heaney and beowulfI have long been fascinated with the Irish poet Seamus Heaney. I came to know him thought his 1999 translation of Beowulf. While I was aware that he had been awarded the 1995 Nobel Prize for Literature, I did not know his work as an Irish poet. However, this was rectified in a piece in the Times Literary Supplement (TLS), entitled “A stay against confusion – Seamus Heaney and the Ireland of his time”, by Roy Foster. In this piece he reviewed the evolution of Heaney’s poetry through the 1960s and 1990s. Foster believed that Heaney’s work in many ways mimicked the growth that “Irish intellectual as well as social and economic life”. Heaney began as a ‘nuts and bolts’ type of poet and moved to become a Yeatsian figure as the national poet of Ireland.

I thought about that growth and Foster’s article when I considered the question of what happens if you seek for something and then actually get it? For instance, you may have wanted a seat at the C-Suite table as a Chief Compliance Officer (CCO) and now you have one. What happens now, for instance in the situation where you find out that your company has decided to enter a new overseas market with a new product offering? The Chief Executive Officer (CEO) who championed you coming onboard with the big boys (or perhaps big girls) team looks down and says, “We need an analysis from the compliance perspective by the end of the week?” Where do you begin?

Obviously there are some preconditions for success such as your company should have a product that you can make and sell overseas for a profit. Further, you should have the time, money and sophistication to develop an international distribution network and you have the home office infrastructure to support a truly international business. Finally, you should have a senior management with at least an appreciation of compliance challenges in the target, with the personnel, technological solutions and internal training to address and meet these challenges. As you begin to think through this assignment you fall back on the four basic questions of (1) Who will we sell to? (2) What are we going to sell? (3) Where will we sell? (4) How will we sell?

Who will we sell to?

For any anti-corruption analysis you need to begin here as the Foreign Corrupt Practices Act (FCPA) applies to commercial relationships with foreign governments or instrumentalities such as state owned enterprises. Will your end using-direct customers be foreign governments or privately owned companies? What if your customers are distributors or other middlemen who will then sell to foreign governments or state owned enterprises? What about licenses; will you need special permits to sell to a foreign government or state owned enterprise or will you need some type of basic permit simply to transact business? If your company is subject to the UK Bribery Act this public/private distinction does not exist.

What are we going to sell?

What is the product or service you wish to take internationally? I will assume your company has done the market studies to ascertain it is a viable commercial concept. If it a product, is it a complete or partial product? Will you manufacture here in the US and only sell internationally or will you manufacture abroad as well? If it is here in the US, what about spare parts and accessories, will you need to obtain any licenses overseas? What about your technology, will that component require any licenses? If you will manufacture outside the corporate offices in the US, how will you assure quality in your supply chain? Conversely, if you manufacture in the US, do your supplier agreements allow you to resell outside the US?

Where will we sell? 

This question may seem more important for export control issues; however it is also important in the anti-corruption world. Obviously this is because certain geographic areas are more prone to corruption than others. A starting place might be the Transparency International-Corruption Perception Index but you can also use tools such as the recently released TRACE Matrix which provides a much broader assessment of corruption indices and give you additional insight into a fuller panoply of corruption risks in a country. In addition to the basic corruption analysis you need to ascertain whether you can even sell your products in a new country, either because of US export regulations or the end using jurisdictions laws. You should also focus on the business culture of a country and whether it is compatible in doing business in compliance with relevant anti-corruption legislation. This will also help you in your search to find any local business partners. 

How are you going to sell?

This is one of the most important questions you can ask under a FCPA analysis. It is because well over 90% of all FCPA enforcement actions involve third parties. If this is your first international sales effort, your company probably does not have an international based employee sales force. This means you will most probably need in-country partners for your target markets. Some of the most basic sales arrangements for third parties are as follows:

  1. Agent/Sales Representative – This person or entity is an independent third party from the company. Compensation is usually commission based or combined with a periodic fee plus commission. It is generally viewed as the highest risk from the anti-corruption perspective but you will have a direct relationship with the end-using customer.
  2. Distributor/Retailer – This person or entity is an independent third party from the company. Your company will sell to the distributor/retailer who then resells your product. You will have less visibility into the end user and hence a greater export control risk. Consignment is a variation on this model but if you are warehousing you will need to be aware of other US rules such as revenue recognition under US GAAP or local, indigenous rules on storage and warehousing.
  3. Consultant – This is also an independent third party who is paid a periodic fee. The fee can be more easily assessed for an hourly or service based rather than simply a commission based fee structure.

There are some other sales arrangements that you may whish to consider. You can acquire a local business and run it as your own company. Of course if you do so, you may buy all of these liabilities, both known and unknown. You can joint venture with another local company. Here you may have the dual problems of less actual control yet the same amount of potential exposure, particularly under the FCPA if you fail to perform the requisite pre-acquisition due diligence and allow any illegal conduct to continue going forward. You can issue a manufacturing license to an in-country manufacturer and allow them to make and then sell your product using your technology. Finally, you can issue a brand license where you license an existing company to put your brand name on your product manufactured by another entity. Of course if you use any of these types of arrangements you will need to go through a full third party management cycle; consisting of a business justification, questionnaire, due diligence, contract and management thereafter.

From the internal control perspective you will need to make sure you have several key compliance related controls in place. This will include the aforementioned vetting of all customers and third parties; appropriate controls over each transaction, including both quotes and contracts; empowered and non-conflicted employees; and finally training and self-auditing. You will need separate controls over payment terms and payment mechanisms and controls to align shipping and export controls. Finally, do not forget the omnipresent segregation of duties and control over the vendor master file.

Lastly, you should focus on your high-risk points in any of the above. These include your full vetting and management of third parties. You should pay attention as to how you became aware of these third party sales representatives. You will also need to pay attention to your freight forwarders and other export control representatives. You will need to be vigilant going forward for outright bribes paid in either cash or other values such as free products, lavish travel, gifts and entertainment, especially if the travel has no business purpose.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 2, 2014

Sherlock Holmes and Innovation in the Compliance Function, Part II – The Sign Of Four

Sign of FourToday we honor Conan Doyle’s second Sherlock Homes novel, The Sign of Four. The novel was published in 1890 but the story is set in 1888. The story entails a complex plot involving service in East India Company, India, the Indian Rebellion of 1857, a stolen treasure, and a secret pact among four convicts and two corrupt prison guards. It presents the detective’s drug habit and humanizes him in a way that had not been done by Doyle to-date. It also has a rather happy ending as it introduces us to Dr. Watson’s future wife, Mary Morstan to whom he proposes at the end of the novel.

The Sign of Four was an intricate tale with many strands woven throughout. I thought of this novel when reading the article entitled “Leading Your Team into the Unknown” by Nathan Furr and Jeffrey H. Dyer in the December 2014 issue of the Harvard Business Review (HBR). I found their insights quite useful for the Chief Compliance Officer (CCO) or compliance practitioner who might be faced with implementing or enhancing a compliance solution for an organization. But equally interesting, were that the authors’ insights could also be used to help a CCO or compliance practitioner help move a compliance function down into the DNA of an organization to make compliance a more standard process for doing everyday commercial operations.

The authors posit that “Innovation is at heart a process of discovery, and so the role of the person leading it is to set other people down a path, not to short-circuit it by jumping to a conclusion right at the start. To lead innovation, you don’t have to be the next Steve Jobs, nor do you need to guess the future. Rather, you must carve out the mental space within which the innovation process can be carried out. How? First, by setting the expectation that innovation will push boundaries. Fashion designers often include very bold designs in their lines to inspire customers to try more-flamboyant styles. . .You need not go so far. You can push boundaries just as dramatically by demonstrating a willingness to reimagine some of your organization’s most fundamental assumptions about products, customers, and business models.”

For the CCO or compliance practitioner, I think this means that innovation in the compliance function requires a different approach to leadership than the standard command and control or even collaborative approach. For a successful CCO or compliance practitioner this is accomplished by leading compliance integration into the DNA of a company through example and not simply dictated. The authors suggest, “by asking questions rather than making decisions; clearing a path to the unknown for the innovative team rather identifying the end goal; and give people the right kind of time, the right constraints and the right tools” to come up with a solution. I found the authors implications for such an approach appropriately inspiring, “Innovative leaders can create a sustainable competitive advantage not through superiority of a particular invention but by creating an organization that can learn from mistakes faster, more efficiently and more consistently than competitors do.”

The authors provide what they call “A Comprehensive Approach to Innovation” which I have adapted for the CCO or compliance practitioner to facilitate innovation in the compliance function. It consists of four steps. 

  1. Generate Insights. The authors state, “Use questioning, observational, and networking skills to search far and wide for broad insights into problems that may be worth solving.” As a CCO or compliance practitioner, you can push compliance boundaries just as dramatically by demonstrating a willingness to reimagine some of your organization’s most fundamental assumptions about products, customers, and business models. But it means getting out there and seeking input from those outside your direct compliance function.
  1. Identify an Important Problem. Here the authors recommend “Through direct observation look for an unsolved problem or an unfilled emotional or social need that enough people have for the opportunity to be worth pursuing.” This also means giving your team an opportunity to synthesize the issues. You will need to dedicate both resources and time for the process to run its course. I recognize that all corporate employees have a day job so you will need to set aside specific time for such issue identification. In addition to providing resources and time, you will need to provide your innovation team support by removing the inevitable organizational barriers, which will be thrown up in their path.
  1. Develop the Solution. The authors advocate constructing prototypes so rather than building a complete compliance solution, quickly construct a set of simple prototypes of many different compliance tools. For each, start with a theoretical example, if that looks promising internally, move to a virtual prototype to test throughout a pre-selected business unit or process. Start with a visual representation, which could be just a drawing; next move to testing a minimum viable prototype with internal consumers of the compliance solution through the simplest, quickest physical version of the offering you can devise. Finally, pilot test the full-blown compliance solution with a wider audience, including trusted and integral third parties to your organization.
  1. Devise the Business Model. Finally, the authors note that once you have worked out the offering, apply the same experimental approach to developing and testing the components of the business model, including approaches to implementation. They suggest that there are three values to such an approach. The first is that you will have generated “insight value-that is, the insight into the unknown that comes from reducing uncertainty.” The second is “option value-the option upon resolving an unknown, to pursue, alter, or abandon a course of action.” The third is “strategic value” which is both the value derived by your internal compliance consumers but also that of all the knowledge you will have gained throughout the course of the project; what worked and what did not work and, more importantly, why.

As a lawyer who moved into compliance, I initially thought that anti-corruption compliance was a function of telling everyone the rules and having them followed. Some companies are still at this stage of compliance. However, if there is one over-riding theme that the Department of Justice (DOJ) has communicated over the years it is that your compliance function needs to constantly evolve. It certainly must evolve as the corruption risks your company encounters develop but also it should also mature as your compliance program grows and becomes more ingrained in your organization. Innovation is not a concept that comes naturally to lawyers who are generally trained to study the past (i.e. read case law precedent) and apply it going forward. The idea of innovation simply does not jive with what many believe should be a static list of rules and regulations that businesses should operate under. However, as compliance moves into its next phase and becomes the best practice of a well-run business, innovation will become more of a focus.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 1, 2014

Sherlock Holmes and Innovation in the Compliance Function, Part I – A Study In Scarlet

A Study in ScarletToday begins a week of double themed blog-posts. First I am back with an homage to Sherlock Holmes, for it was in the magazine Beeton’s Christmas Annual that the characters Sherlock Holmes and Watson were introduced to the world in 1887, in the short story A Study in Scarlet. The second theme will be innovation in the compliance department. I will take some recent concepts explored in the December issue of the Harvard Business Review (HBR) and apply them to innovation and development of your compliance function. I hope that you will both enjoy my dual themed week and find it helpful.

Today I begin with the first novel, A Study in Scarlet. There are two items of note that I learnt in researching this work. The first is that it was written in 1886 and even Conan Doyle had trouble finding a publisher for what went on to become the most famous detective character of all-time. The second was the title. I had always thought it referred to the color of blood but it turns out that it comes from a speech given by Holmes to Dr. Watson on the nature of his work, in which he describes the story’s murder investigation as his “study in scarlet”: “There’s the scarlet thread of murder running through the colourless skein of life, and our duty is to unravel it, and isolate it, and expose every inch of it.” Furthermore, a ‘study’ is a preliminary drawing, sketch or painting done in preparation for a finished piece.

I thought Doyle’s first work would provide an excellent entrée into today’s topic, that being leadership in the compliance function. While many compliance departments may have begun more as a command and control function, set up by lawyers to comply with anti-bribery laws such as the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or others; this type of leadership model is now becoming outmoded in today’s world. It is not that employees are interested in the ‘why’ they should do business ethically and in compliance with such laws but it is more that power is shifting inside corporations. In a HBR article, entitled “Understanding “New Power””, authors Jeremy Heimans and Henry Timms explore how leadership dynamics are changing and what companies might be able to do to harness them. I found them to have some excellent insights, which a Chief Compliance Officer (CCO) moving to CCO 2.0 or compliance practitioner might be able to garner for a compliance function.

The authors begin by noting that ‘new power’ differs from ‘old power’ in a bi-lateral dimension of intersection. This intersection is between the models used to exercise power and the values which are now embraced. It is the understanding of this shift in power, which will facilitate the compliance function moving more to the forefront of a business integration role. The new power models are fourfold. Under sharing and shaping a company is much more integrated with its customers and supply chain. Second is funding which continues this integration by adding a vertical component of funding, whether equity positions or some other type of funding. Third is producing in which “participants go beyond supporting or sharing other people’s efforts and contribute their own.” Finally, there is co-ownership, which is the most decentralized, pushing participation down to the lowest or most basic levels.

But beyond these new power systems, the authors believe that “a new set of values and beliefs is being forged. Power is not just flowing differently; people are feeling and thinking differently about it.” The authors call them “feedback loops” which “make visible the payoffs of peer-based collective action and endow people with a sense of power. In doing so, they strengthen norms around collaboration”.

The authors lay out five new values. They include the area of governance where the authors note, “new power favors informal, networked approaches to governance and decision making.” Next is in the area of collaboration where the authors believe that this new power value rewards “those who share their own ideas, spread those of others, or build on existing ideas to make them even better.” The next new value is DIO or do it ourselves. Under this value, there is a “belief in amateur culture in arenas that used to be characterized by specialization and professionalization.” Next is transparency which, while not a new concept, says that more permanent transparency between business and social lives will lead to a “response in kind from our institutions and leaders who are challenged to rethink the way they engage with their constituencies” specifically including their employee base. The final new value identified by the authors is affiliation, which means that new and younger employees are less like to “forge decades-long relationships with institutions.”

The authors have three prescriptions that I found could be useful for the CCO or compliance practitioner to incorporate into a mature and evolving compliance program moving forward. Compliance functions need to “engage in three essential tasks: (1) assess their place in a shifting power environment, (2) channel their harshest critic, and (3) develop a mobilization capacity.

Assess where you are

This prong is quite close to something compliance practitioners are comfortable with in their role, a risk assessment. However the authors suggest that the assessment be turned inward so you should assess the compliance function on this “new power compass—both where you are today and where you want to be in five years.” You can benchmark from other companies in responding to this query. Internally, you can begin this process with a conversation about new realities and how the compliance function should perform. More importantly such an assessment can help you identify the aspects of their core models and values that should not be changed.

Incorporate business unit interests

The authors note, “Today, the wisest organizations will be those engaging in the most painfully honest conversations, inside and outside, about their impact.” However, I think this question should be asked first by the CCO or compliance practitioner. For it is not only what you are doing to work with your business units but more importantly what are you doing to incorporate their concerns and suggestions into your compliance regime. If you are going to ask the business unit to be a significant partner or better yet be your business partner, you will need to have a mechanism in place to engage your business unit so there can be an inflow of input before the compliance function has an output of requirements. As the authors write, “This level of introspection has to precede any investment in any new power mechanisms” to which I would add any successful compliance function.

Mobilize your capacity

Here I suggest you consider contracted third parties and other third parties such as joint venture (JV) partners as an avenue through which the compliance function can bring greater benefits to an organization. I have often heard compliance expert Mary Jones talk about her training of her company’s third parties and how thankful they were that when she, Global Industries Director of Compliance, would personally travel to their locations and put on in-person training. Her efforts to travel to their locations, spend the money required to do so not only directly strengthened Global Industries’ compliance function but created allies for her efforts by giving these suppliers the information and training they needed to comply with their customers requirements. By reaching out in this manner, Global Industries used its contracted third party suppliers to create a stronger company compliance program.

As the anti-corruption compliance profession matures, it will become more a component of a company’s business function. This means less of a lawyer’s top down mentality of do it because I said to do it, to more collaboration. It also means, as with the premier of Sherlock Holmes in A Study in Scarlet that something new is on the horizon and it could be here for quite sometime to come.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,087 other followers