Harvard Business Review | FCPA Compliance and Ethics Blog

June 19, 2015

Tribute to John David Crow and an Innovation Strategy for Your Compliance Program

Filed under: Best Practices,Compliance,compliance programs,Department of Justice,FCPA,FCPA Guidance,Harvard Business Review,IAP,Innovation,Ten Hallmarks of an Effective Compliance Program — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, DOJ, FCPA, Harvard Business Review, HBR

John David Crow died Wednesday. Until Johnny Football, he was the only football player from Texas A&M University to win the Heisman Trophy. He played under the legendary Paul ‘Bear’ Bryant at A&M and for all of Bryant’s success, Crow was the his only player to win the award given annually to the nation’s best collegiate football player. Crow had a productive professional football career making the Pro-Bowl four times. He was also the Athletic Director at A&M from 1989 to 1993. So here’s to John David Crow, one of the Junction Boys and one of the greatest players in the history of Texas A&M. Finally, let me say something I almost never say, Gig ‘Em, John David.

I thought about John David Crow and his legacy of greatness when I read an article in the June issue of the Harvard Business Review (HBR), entitled “You Need an Innovation Strategy”, by Gary P. Pisano. While Pisano’s article dealt more generally with innovation in marketing, I found it highly relevant for the Chief Compliance Officer (CCO) or compliance practitioner, particularly in the context a Foreign Corrupt Practices Act (FCPA) compliance program. Earlier this week, the Department of Justice (DOJ) announced the resolution of a FCPA investigation involving IAP Worldwide Services, Inc. (IAP) via a Non-Prosecution Agreement (NPA). In the NPA, the company committed to implementing and enhancing a best practices FCPA compliance program. Listed at element 18 of its compliance program is the following: “The Company will conduct periodic reviews and testing of its anti-corruption compliance code, policies, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, policies, and procedures, taking into account relevant developments in the field and evolving international and industry standards.”[Emphasis supplied]

This means that the DOJ expects innovation in your compliance program to keep up with evolving international and industry standards. This requires you to implement an innovation strategy. While Pisano’s article does not specifically focus on compliance, I found that its concepts would help a CCO or compliance practitioner sustain the mandate for innovation in a compliance regime. Pisano’s article begins by stating the problem that many companies face is that “innovation remains a frustrating pursuit.” While acknowledging that failure to execute is an issue, Pisano believes the issue is deeper than simply a failure to execute, he believes there is a “lack of an innovation strategy.”

I found some of his basic definitions most useful for the compliance practitioner to think through innovation in the compliance function. Pisano wrote, “A strategy is nothing more than a commitment to a set of coherent, mutually reinforcing policies or behaviors aimed at achieving a specific competitive goal. Good strategies promote alignment among diverse groups within an organization, clarify objectives and priorities, and help focus efforts around them. Companies regularly define their overall business strategy (their scope and positioning) and specify how various functions – such as marketing, operations, finance, and R&D – will support it. But during my more than two decades studying and consulting for companies in a broad range of industries, I have found that firms rarely articulate strategies to align their innovation efforts with their business strategies.”

The key to success is something that every CCO or compliance practitioner should take to heart. Paraphrasing Pisano for the compliance practitioner is that the compliance function “should articulate an innovation strategy that stipulates how their [compliance] innovation efforts will support the overall business strategy.” Moreover, “creating an innovation strategy involves determining how innovation will create value for customers [of compliance, i.e. Employees], how the company will capture that [compliance] value, and which types of [compliance] innovation to pursue.”

Pisano posed several questions around this key area of connecting innovation to strategy. Initially he asked, “How will innovation create value for potential customers?” In my formula, customers become employees or others who will make use of your compliance innovation going forward. Here you should focus on the benefit for your end-using customer. Your innovation can make compliance faster, easier, quicker, more nimble and so on. But focus on that creation of value going forward. Pisano’s next question was “How will the company capture a shore of the value its innovations generate?” He suggests companies think through how to “keep their own position in the [compliance] ecosystem strong” through innovation. Pisano next asked, “What types of innovation will allow the company to create and capture value, and what resources should each type receive?” Here Pisano notes two major forms of innovation equally applicable to the CCO or compliance practitioner. They are a change in technology and a change in a business process. Both are equally valid.

Another problem that Pisano addresses is termed “overcoming prevailing winds” and this means that innovation can be driven downward or backward if there is not sufficient management support. This means not only must there be sufficient resource allocations but management must also incentivize the business units to proceed with implementing the innovations, particularly “when an organization needs to change its prevailing patterns.”

Another area Pisano addresses is “managing trade-offs” because it is inherent in any innovation strategy that there will be trade-offs. Here he terms the two key differences as “supply-push” and “demand-pull”. The supply-push approach comes when your innovation is focused on something that does not yet exist, for example if you are initially implementing a FCPA compliance regime. The demand-pull approach works more closely with your existing customer base to determine what they might need and work to implement innovation around those needs.

Interestingly Pisano ends his article with a discussion about “the leadership challenge”. I say interestingly because I would have thought that was required up front as it is the function of senior management to create the capacity for innovation in the first instance. Pisano writes, “There are four essential tasks in creating and implementing an innovation strategy.” Task 1 is to “answer the question “How are we expecting innovation to create value for customers and for our company?” and then explain that to the organization.” Task 2 “is to create a high-level plan for allocating resources to the different kinds of innovation.” Task 3 is “to manage trade-offs. Because every function will naturally want to serve its own interests, only senior leaders can make the choices that are best for the whole company.” Finally, task 4 dovetails with what almost every DOJ/SEC speaker I have ever heard say when they talk about the basics of any best practices compliance program. It is that “innovation strategies must evolve. Any strategy represents a hypothesis that is tested against the unfolding realities of markets, technologies, regulations, and competitors. Just as product designs must evolve to stay competitive, so too must innovation strategies. Like the process of innovation itself, an innovation strategy involves continual experimentation, learning, and adaptation.”

Pisano’s article provides the CCO or compliance practitioner with a framework to think through to help bring the innovation to a compliance program. I would have put leadership first, both in the compliance department and at senior management level. But however you go about it, you must recognize that your compliance program will have to evolve. That is one of the key differences between those who advocate static compliance standards embodied in a written compliance program and those who advocate that it is Doing Compliance that creates an active, vibrant and effect compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Leave a Comment

December 4, 2014

Sherlock Holmes and Innovation in the Compliance Function – Part IV, The Valley of Fear

Filed under: Compliance,Compliance and Ethics,compliance programs,Innovation — tfoxlaw @ 12:01 am
Tags: CCO, CCO 2.0, compliance, compliance programs, Harvard Business Review, HBR

Today I conclude my dual-themed week of blog posts featuring Conan Doyle’s four Sherlock Holmes novels and innovation in the compliance function. As the compliance profession matures and we move into what I call the era of CCO 2.0. Today we celebrate Doyle’s final novel, The Valley of Fear. This novel was written in 1914 and serialized in the Strand Magazine between 1914 1915. It was notable for two reasons. The first that it was at least inspired by events in America involving the Molly Maguires, the Pinkerton Agency and its undercover agent James McParland.

In this story, Holmes decodes a cipher from Professor Moriarty’s organization for a person named Douglas in Birlstone. It is discovered that there is a corpse who was an assassin sent to kill Mr. Douglas. Douglas literally blew the head off of his American assassin and dressed the body as himself. Holmes intoned that a dumb-bell weighed down the killer’s clothes in a moat. The assassin left a calling card, monikerred VV341, which was a code for the Vermissa Valley Lodge 341. This was a reference to undercover work that Douglas did years before for the Pinkerton Agency when he went undercover, first with Freemen in Chicago, then west to a desolate mountain coal mine area, to take down corrupt murderers who ran the Valley Freemen Lodge. Years later the US criminals enlisted Professor Moriarty to find Douglas. Holmes warns Douglas to flee England. The second item of interest is that Moriarty prevails as the story ends with Mrs. Douglas wiring Holmes that her husband was lost overboard on his way to South Africa.

I thought about this final Holmes novel, with its multi-continent settings, when I read another article on innovation in the December issue of the Harvard Business Review (HBR), entitled “Managing Yourself Getting Virtual Teams Right”, by Keith Ferrazzi. As any compliance function will have a truly global reach and most likely a number of personnel in cities across the globe, virtual compliance teams are almost a given. The author states, “The appeal of forming virtual teams is clear. Employees can manage their work and personal lives more flexibly, and they have the opportunity to interact with colleagues around the world. Companies can use the best and lowest-cost global talent and significantly reduce their real estate costs.” But in the compliance arena this may go past a simple appeal and become a true need. This means that mastering this most valuable and necessary tool is a skill that any Chief Compliance Officer (CCO) or compliance practitioner will need to become proficient in using.

While this skill may seem straightforward or even intuitive, the author believes that efficient use of virtual teams can greatly increase productivity. He believes that “there are four must-haves: the right team, the right leadership, the right touchpoints, and the right technology. By following simple high-return practices for each, managers can maximize the productivity of teams they must lead virtually.”

The Right Team

The author believes that your team composition is your beginning point. He says you need to consider the right people, the right size and the right roles. This means that the virtual team members have the appropriate set of abilities, such as “good communication skills, high emotional intelligence, an ability to work independently, and the resilience to recover from the snafus that inevitably arise. Awareness of and sensitivity to other cultures is also important in global groups.” He believes this equates to a team that is no larger than 10 people. For roles the author suggests an approach which “defines three tiers of team members: core, operational, and outer. The core consists of executives responsible for strategy. The operational group leads and makes decisions about day-to-day work but doesn’t tackle the larger issues handled by the core. And the outer network consists of temporary or part-time members who are brought in for a particular stage of the project because of their specialized expertise.”

The Right Leadership

Here the author cites to key behaviors that are critical in virtual teams. The first is trust. He said you should provide the opportunity for the team members to get to know each other as people, if only through the virtual format. Once trust is established the next step is foster open dialogue or what he calls “Observable candor” because without frankness among the team it will not succeed. Finally, it is important to clarify goals and guidelines or “the importance of establishing a common purpose or vision, while also framing the work in terms of team members’ individual needs and ambitions. Explain to everyone why you are coming together and what benefits will result, and then keep reiterating the message.”

The Right Touchpoints

The author believes that even virtual teams will need to come together at certain key points. He identifies three: kickoff; onboarding and milestones. Getting together at kickoff will allow everyone to put a face with a name and will help to set “expectations for trust and candor, and clarifying team goals and behavioral guidelines. Eye contact and body language help to kindle personal connections and the “swift trust” that allows a group of strangers to work together before long-term bonds develop.” Onboarding is when you bring a new person onto the virtual team and Ferrazzi explains that it can be intimidating to come on board a team after it is up and running. He suggests bringing a new person to the corporate office and welcome them in person. Finally, Ferrazzi says that even the most dedicated teams can lose momentum as team members begin to feel disconnected. To counter-act this, he suggests bringing the full team together at certain intervals.

The Right Technology

Ferrazzi believes that even the best virtual teams “can be felled by poor technology.” He identifies conference calling, direct calling and text messaging and virtual team rooms all which can make the virtual team experience “open and searchable, making it easy for existing teams to find subject-matter experts or review their own work and for ad hoc teams to form around business-related passions.” Ferrazzi cited to one example where, when data on employee resource use was made available, “a few interested parties self-organized into a virtual project team to create a system that documents individuals’ cost savings over time. As people began to compete for the biggest savings, the company benefited.”

The earliest virtual teams were formed to facilitate innovation among top experts around the world who didn’t have time to travel. However in today’s corporate environment, teams of physically dispersed employees are more often just a necessity of doing business. The compliance function will almost always be dispersed across a wide multi-national area. Some of the tips presented herein can help you run a more efficient organization while allowing greater flexibility going forward.

This post will conclude this week’s Sherlock Holmes-Innovation in the compliance function series. I hope that you have enjoyed it and benefited from it as well. As we move to CCO 2.0, many of these soft skills will become more and more important in the doing of compliance.

© Thomas R. Fox, 2014

Leave a Comment

December 3, 2014

Sherlock Holmes and Innovation in the Compliance Function, Part III – The Hound of the Baskervilles

Filed under: Best Practices,Chief Compliance Officer,Compliance,Compliance and Ethics,compliance programs,Harvard Business Review,Innovation,Sherlock Holmes — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, FCPA, Harvard Business Review, HBR

Today we honor Conan Doyle’s third Sherlock Homes novel, The Hound of the Baskervilles. The novel, originally serialized in The Strand from 1901 to 1902, is generally recognized by Sherlockians as the premier Doyle work regarding his fictional detective. Interestingly, Bertram Fletcher Robinson, a 30-year-old journalist, assisted Doyle with the plot for this novel.

Doyle’s idea for the story derived from the legend of Richard Cabell, which was a tale of a hellish hound and a cursed country squire. Squire Cabell was a hunting man and who was described as a “monstrously evil man”. He had a reputation “for, amongst other things, immorality and having sold his soul to the Devil. He was also alleged to have murdered his wife. As the story goes, Cabell was laid to rest in ‘the sepulchre’, but night of his interment saw a phantom pack of hounds come baying across the moor to howl at his tomb. From that night onwards, he could be found leading the phantom pack across the moor, usually on the anniversary of his death. If the pack were not out hunting, they could be found ranging around his grave howling and shrieking. In an attempt to lay the soul to rest, the villagers built a large building around the tomb, and to be doubly sure a huge slab was placed. To add good measure, the folklore of the county where the tale occurs, Devon, includes tales of a fearsome supernatural dog known as the Yeth hound.”

The Hound of the Baskervilles was a tale that appeared to have supernatural implications. Yet, upon closer examination, a more temporal solution was determined. I thought of this novel when reading the article entitled “Build an Innovation Engine in 90 Days” by Scott D. Anthony, David S. Duncan and Pontus M. A. Siren in the December 2014 issue of the Harvard Business Review (HBR). I found their insights quite useful for the Chief Compliance Officer (CCO) or compliance practitioner who might be faced with implementing or enhancing a compliance solution for an organization as the authors’ insights could also be used to help a CCO or compliance practitioner move a compliance function down into the DNA of an organization to make compliance a more standard process for doing everyday commercial operations.

The authors recognize that innovative ideas get brought to the marketplace often through “individual heroism and a heavy dose of serendipity” but companies need a mechanism to “make the process more reliable and repeatable without making major organizational changes.” To do so, they suggested a solution they call the “minimum viable innovation system” which can bring an innovation to fruition within 90 days. I have adapted their system for the compliance function.

Day 1 To 30 – Define Your Innovation Buckets

Initially the authors note that innovations can either be inward or outward facing. “In one are innovations that extend today’s business, either by enhancing existing offerings or by improving internal operations. In the other are innovations that generate new growth by reaching new customer segments or new markets, often through new business models.” This is also true in the compliance function as your compliance program relates to your own internal clients, customers and your third parties. It all begins with two steps (1) Determine between compliance goals and current operations; and (2) determine broad categories of compliance solutions which could fill that gap. If your gap is large, you might sub-divide your compliance efforts so that “you can map them to different directions for future [compliance] growth.” Per the authors recommendations you probably should not take on more than three as an initial effort.

Day 20 To 50 – Zero in on a Few Strategic Opportunity Areas

In this time frame, the authors believe that you meet with your customer base to “probe unmet needs”. As one class of your compliance customers will be your internal employee base, you can use a wide number of mechanisms to accomplish this, including town meetings, compliance focus groups or meetings with individual employees. You should also look outside your company by engaging in benchmarking through investigation on new developments in your industry and in the compliance space. This is also a time when you can best use big data through an appropriate data analytic approach to spots trends in your organization that might present opportunities for compliance innovation.

You should synthesize this down and the authors recommend the following, “lock the members of the senior leadership team in a room for an afternoon, share the findings, and instruct them not to leave until they have identified three strategic opportunity areas that each combine the following”: (1) A compliance function that no one is addressing very well; (2) Enable a technological solution that will enable your business unit to perform a compliance function much more easily, cheaply, or conveniently, or a change in the compliance landscape that is greatly intensifying the need for that job; and (3) Incorporate some special capability of your company that will give you an advantage in seizing this compliance opportunity.

Day 20 To 70 – Form a Small Dedicated Team to Develop the Innovations

Here the authors suggest three steps. First, dedicate a handful of the company to developing the compliance innovations. Second, work with the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) to eliminate “zombie” compliance projects. Third is to develop a process checklist.

Everyone in a corporation has a day job. This is particularly true for a CCO or compliance practitioner. While there is no need for your compliance innovation team to be particularly large, the authors suggest that it have the capability “to handle at least two ideas once, since there will be inevitable course corrections and failure.” The authors define zombie projects as “walking undead that shuffle along slowly but aren’t headed anywhere.” Their reference hails to both the elimination of the AMC show The Walking Dead and the zombie banks from the Japanese financial crisis of the 1990s. The reference to the AMC television offering is that these projects are dead on arrival for a variety of reasons. The reference to the Japanese financial crisis is that because as long as these zombie projects exist, they will consume compliance innovation resources. Here the authors suggest identifying and deleting projects that hare neither core nor strategic.

Developing a checklist is a critical process step because it requires you to create a protocol to make sure you do not omit any critical step throughout the process. In order to develop this checklist, the authors suggest asking the following questions. (1) Is your compliance innovation team “spearheaded by a small, focused team of people who have relevant experience or are prepared to learn as they go?” (2) Has your compliance innovation team spent enough time directly with your business function to develop an understanding of what they can use going forward? (3) Was appropriate benchmarking performed? (4) Has your compliance innovation team defined the internal customer(s) and paths for reaching others? (5) Is your compliance innovation team’s idea “consistent with a strategic opportunity area in which the company has a compelling advantage?” (6) Does your compliance innovation team have a plan for testing? Does each test have a clear objective, a hypothesis, specific predictions, and a tactical execution plan?

Day 45 To 90 – Create a Mechanism to Shepherd Projects

During this time frame, the authors suggest two major goals for oversight. First is that the CCO needs to select and train compliance leaders to oversee the innovation team and to establish oversight rules. The group of compliance leaders who will have the autonomy to make decisions about starting, stopping, or redirecting compliance innovation projects. You should take care not to simply replicate the current executive committee, because if you do, it will be too easy for group members to default to their corporate-planning mindset or to let day-to-day business creep into discussions about compliance innovations meant to fulfill long-term goals.

The authors turned to the world of Venture Capital (VC) funding to help this group work on compliance initiatives. (1) There can be disagreement about which projects to move forward, your committee does not require unanimity. (2) The group should set a threshold monetary level that the project team(s) can spend without having to come back for every funding request. (3) Your compliance innovation projects should not be locked into a 3/6 month or other budget cycles. It may take time but when the time for review or a GO/NO GO decision to be made the oversight team needs to be ready to convene and make a decision. From this point you should be ready to pressure test your compliance innovation.

The authors’ formulation is an excellent way for a CCO or compliance practitioner to think through the process to design and create innovation in your compliance function. Just as Holmes methodically worked through the clues in front of him (and some behind him) in the The Hound of the Baskervilles you can use this protocol to assist you moving forward.

© Thomas R. Fox, 2014

Leave a Comment

December 2, 2014

Sherlock Holmes and Innovation in the Compliance Function, Part II – The Sign Of Four

Filed under: Best Practices,Compliance,compliance programs,Harvard Business Review,Innovation,Sherlock Holmes — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, ethics and compliance, Harvard Business Review

Today we honor Conan Doyle’s second Sherlock Homes novel, The Sign of Four. The novel was published in 1890 but the story is set in 1888. The story entails a complex plot involving service in East India Company, India, the Indian Rebellion of 1857, a stolen treasure, and a secret pact among four convicts and two corrupt prison guards. It presents the detective’s drug habit and humanizes him in a way that had not been done by Doyle to-date. It also has a rather happy ending as it introduces us to Dr. Watson’s future wife, Mary Morstan to whom he proposes at the end of the novel.

The Sign of Four was an intricate tale with many strands woven throughout. I thought of this novel when reading the article entitled “Leading Your Team into the Unknown” by Nathan Furr and Jeffrey H. Dyer in the December 2014 issue of the Harvard Business Review (HBR). I found their insights quite useful for the Chief Compliance Officer (CCO) or compliance practitioner who might be faced with implementing or enhancing a compliance solution for an organization. But equally interesting, were that the authors’ insights could also be used to help a CCO or compliance practitioner help move a compliance function down into the DNA of an organization to make compliance a more standard process for doing everyday commercial operations.

The authors posit that “Innovation is at heart a process of discovery, and so the role of the person leading it is to set other people down a path, not to short-circuit it by jumping to a conclusion right at the start. To lead innovation, you don’t have to be the next Steve Jobs, nor do you need to guess the future. Rather, you must carve out the mental space within which the innovation process can be carried out. How? First, by setting the expectation that innovation will push boundaries. Fashion designers often include very bold designs in their lines to inspire customers to try more-flamboyant styles. . .You need not go so far. You can push boundaries just as dramatically by demonstrating a willingness to reimagine some of your organization’s most fundamental assumptions about products, customers, and business models.”

For the CCO or compliance practitioner, I think this means that innovation in the compliance function requires a different approach to leadership than the standard command and control or even collaborative approach. For a successful CCO or compliance practitioner this is accomplished by leading compliance integration into the DNA of a company through example and not simply dictated. The authors suggest, “by asking questions rather than making decisions; clearing a path to the unknown for the innovative team rather identifying the end goal; and give people the right kind of time, the right constraints and the right tools” to come up with a solution. I found the authors implications for such an approach appropriately inspiring, “Innovative leaders can create a sustainable competitive advantage not through superiority of a particular invention but by creating an organization that can learn from mistakes faster, more efficiently and more consistently than competitors do.”

The authors provide what they call “A Comprehensive Approach to Innovation” which I have adapted for the CCO or compliance practitioner to facilitate innovation in the compliance function. It consists of four steps.

Generate Insights. The authors state, “Use questioning, observational, and networking skills to search far and wide for broad insights into problems that may be worth solving.” As a CCO or compliance practitioner, you can push compliance boundaries just as dramatically by demonstrating a willingness to reimagine some of your organization’s most fundamental assumptions about products, customers, and business models. But it means getting out there and seeking input from those outside your direct compliance function.

Identify an Important Problem. Here the authors recommend “Through direct observation look for an unsolved problem or an unfilled emotional or social need that enough people have for the opportunity to be worth pursuing.” This also means giving your team an opportunity to synthesize the issues. You will need to dedicate both resources and time for the process to run its course. I recognize that all corporate employees have a day job so you will need to set aside specific time for such issue identification. In addition to providing resources and time, you will need to provide your innovation team support by removing the inevitable organizational barriers, which will be thrown up in their path.

Develop the Solution. The authors advocate constructing prototypes so rather than building a complete compliance solution, quickly construct a set of simple prototypes of many different compliance tools. For each, start with a theoretical example, if that looks promising internally, move to a virtual prototype to test throughout a pre-selected business unit or process. Start with a visual representation, which could be just a drawing; next move to testing a minimum viable prototype with internal consumers of the compliance solution through the simplest, quickest physical version of the offering you can devise. Finally, pilot test the full-blown compliance solution with a wider audience, including trusted and integral third parties to your organization.

Devise the Business Model. Finally, the authors note that once you have worked out the offering, apply the same experimental approach to developing and testing the components of the business model, including approaches to implementation. They suggest that there are three values to such an approach. The first is that you will have generated “insight value-that is, the insight into the unknown that comes from reducing uncertainty.” The second is “option value-the option upon resolving an unknown, to pursue, alter, or abandon a course of action.” The third is “strategic value” which is both the value derived by your internal compliance consumers but also that of all the knowledge you will have gained throughout the course of the project; what worked and what did not work and, more importantly, why.

As a lawyer who moved into compliance, I initially thought that anti-corruption compliance was a function of telling everyone the rules and having them followed. Some companies are still at this stage of compliance. However, if there is one over-riding theme that the Department of Justice (DOJ) has communicated over the years it is that your compliance function needs to constantly evolve. It certainly must evolve as the corruption risks your company encounters develop but also it should also mature as your compliance program grows and becomes more ingrained in your organization. Innovation is not a concept that comes naturally to lawyers who are generally trained to study the past (i.e. read case law precedent) and apply it going forward. The idea of innovation simply does not jive with what many believe should be a static list of rules and regulations that businesses should operate under. However, as compliance moves into its next phase and becomes the best practice of a well-run business, innovation will become more of a focus.

© Thomas R. Fox, 2014

Comments (1)

July 2, 2014

Gettysburg Day 2 – A Failure of Culture in Leadership and How to Overcome It

Filed under: Chief Compliance Officer,Compliance and Ethics,Compliance Insider,Ethical Leadership,Harvard Business Review,Leadership — tfoxlaw @ 5:59 am
Tags: best practices, compliance, compliance programs, ethical leadership, ethics and compliance, Harvard Business Review, HBR, Leadersihp

Today is the 151^st anniversary of Day 2 of the Battle of Gettysburg. Last year I focused on Union General Dan Sickles and how is disobeying of his commanding officer’s order, destroyed his brigade and ended his military career. Today, I want to focus on the Confederate side and how the non-use of information doomed the Confederate attack on Day 2 when it failed to dislodge the Union Army from the heights south of the town of Gettysburg.

If you have ever been to the battlefield, you were most probably struck by the rockiness of the heights to the south of town. While much of the area around the town had been cleared for farming there were some very rocky and stark ridges that ran south of Gettysburg. The Confederate plan had been to size this high ground using a road that split the rocky crags as a launching point. However, Confederate General James Longstreet’s failed to follow this order when he ordered his men to make a long, circuitous route that could not be seen by Union Army Signal Corps observers on Little Round Top. It was 4 pm by the time his two divisions reached their jumping off points, and then he and his generals were astonished to find the Union Army’s III Corps planted directly in front of them. Confederate General John Hood argued with Longstreet that this new situation demanded a change in tactics; he wanted to swing around, below and behind, Round Top and hit the Union Army in the rear. Longstreet, however, refused to consider any modifications to Lee’s order as the Confederate Army had suffered a significant defeat by not dislodging their enemy. A Confederate staff officer remarked that Lee was “not in good humor over the miscarriage of his plans and his orders.”

Longstreet’s refusal to take account of the changed conditions in implementing his orders had disastrous consequences for the Confederates on Day 2. Other than the slaughter of their troops in places like the Wheatfield, the Peach Orchard, Devil’s Den, Big Round Top and Little Round Top; they did not accomplish any military objectives. In the compliance world the failure to take changed or different circumstances into account can have negative consequences as well. I thought about some of these concepts when reading a recent article in the May issue of the Harvard Business Review (HBR), entitled “Navigating the Cultural Minefield”, by Erin Meyer, where she wrote about learning how to work more effectively with people from other countries. As all Chief Compliance Officers (CCOs) or compliance practitioners who work in a company subject to the Foreign Corrupt Practices Act (FCPA) work with employees outside the United States I found her insights useful when thinking about how to deal with employees from other cultures.

Myer has developed a tool she calls the Culture Map. It consists of eight scales representing the management behaviors where cultural gaps are most common. By comparing the position of one nationality relative to another on each scale, the user can decode how culture influences day-to-day collaboration. Her eight scales are “based on decades of academic research into culture from multiple perspectives. To this foundation I have added my own work, which has been validated by extensive interviews with thousands of executives who have confirmed or corrected my findings.” They are:

Communicating. Meyer compares cultures along the Communicating scale by measuring the degree to which they are high- or low-context, a metric developed by the American anthropologist Edward Hall. She believes that in “low-context cultures, good communication is precise, simple, explicit, and clear. Messages are understood at face value. Repetition is appreciated for purposes of clarification, as is putting messages in writing.” This contrasted with high-context cultures, where “communication is sophisticated, nuanced, and layered. Messages are often implied but not plainly stated. Less is put in writing, more is left open to interpretation, and understanding may depend on reading between the lines.”

Evaluating. Here Meyer “measures a preference for frank versus diplomatic negative feedback. Evaluating is often confused with Communicating, but many countries have different positions on the two scales.” She notes that the French “are high-context (implicit) communicators relative to Americans, yet they are more direct in their criticism” but “Spaniards and Mexicans are at the same context level, but the Spanish are much more frank when providing negative feedback.”

Persuading. Meyer notes that the manner “in which you persuade others and the kinds of arguments you find convincing are deeply rooted in your culture’s philosophical, religious, and educational assumptions and attitudes.” So, for instance, a senior “Western executive will break down an argument into a sequence of distinct components (specific thinking), while Asian managers tend to show how the components all fit together (holistic thinking).” But she evens delineates this scale further by finding that, “people from southern European and Germanic cultures tend to find deductive arguments (what I refer to as principles-first arguments) most persuasive, whereas American and British managers are more likely to be influenced by inductive logic (what I call applications-first logic).”

Leading. This scale measures the degree of respect and deference shown to authority figures, placing countries on a spectrum from egalitarian to hierarchical.

Deciding. Meyer articulates that this scale, measures the degree to which a culture is consensus-minded. She believes that Westerners wrongly believe that the “most egalitarian cultures will also be the most democratic, while the most hierarchical ones will allow the boss to make unilateral decisions.” She found that while “Germans are more hierarchical than Americans, but more likely than their U.S. colleagues to build group agreement before making decisions.” Further. she noted that the “Japanese are both strongly hierarchical and strongly consensus-minded.”

Trusting. Meyer splits this into the old ‘from the head’ (cognitive trust) or ‘from the heart’ (affective trust) analysis. She wrote, “In task-based cultures, trust is built cognitively through work. If we collaborate well, prove ourselves reliable, and respect one another’s contributions, we come to feel mutual trust. In a relationship-based society, trust is a result of weaving a strong affective connection. If we spend time laughing and relaxing together, get to know one another on a personal level, and feel a mutual liking, then we establish trust.”

Disagreeing. While Westerners, particularly Americans, tend to believe that a little open disagreement is healthy; other “cultures actually have very different ideas about how productive confrontation is for a team or an organization. This scale measures tolerance for open disagreement and inclination to see it as either helpful or harmful to collegial relationships.”

Scheduling. This one is my personal bane as there are some cultures that take the position that people treat scheduling, deadlines and meeting times as a mere “suggestion.” Her “scale assesses how much value is placed on operating in a structured, linear fashion versus being flexible and reactive.”

From this scale, Meyer has developed four rules to help bridge the cultural gap.

Do Not Underestimate the Challenge. Most management styles have been developed over a lifetime of work. For most CCOs this includes a stint in a corporate legal department. But as Meyer notes, “Succeeding would depend on taking an entirely different approach and making ongoing adjustments over the long term.” Further, you may well need to unlearn many of the techniques that have made you successful.
Apply Multiple Perspectives. More than simply recognizing the cultural perception of other employees is not enough as you will need to look “through multiple lenses.” Meyer writes that you need to understand the cultural position of one country to another, subsequently “You need to understand how the Koreans perceive the Indians, how the Indians perceive the Brazilians, and so on, and manage across the map. As you learn to look through multiple lenses, you may see that on some scales the Brazilians, for example, view the Indians in a very different way than the Koreans do.”
Find the Positive in Other Approaches. Here people tend to see the negative when looking at how other cultures work but Meyer suggests that you should try and understand what it is that makes a cultural work. Further, if you have a compliance team from different cultural backgrounds this can bring strength to your overall position. Lastly, you can achieve a “complex understanding of various [cultural] strengths on the team” so that you can choose the best players for going forward.
Adjust and The Readjust Your Position. Meyer believes that “More and more teams are made up of diverse and globally dispersed members. So as a leader, you’ll frequently have to tweak or adapt your own style to better mesh with your working partners. It’s not enough to shift to a new position on a single scale; you’ll need to widen your comfort zone so that you can move more fluidly back and forth along all eight.”

Meyer’s article provides some very good insight for the compliance practitioner. We all will have to deal with many cultures in a multi-national corporate compliance practice. By using the techniques that Meyer has developed you can not only come to understand how better to lead but also you can use your team members from other cultures to facilitate greater communication of compliance principles, training and issues throughout the organization.

© Thomas R. Fox, 2014

Leave a Comment

June 23, 2014

An Event That Changed the World and Fostering Compliance Leadership – Part I

Filed under: Best Practices,Chief Compliance Officer,compliance programs,Ethical Leadership,Harvard Business Review,Leadership — tfoxlaw @ 12:01 am
Tags: compliance, compliance programs, ethical leadership, ethics, ethics and compliance, Harvard Business Review, HBR

This coming Saturday, June 28th, is the 100^th anniversary of most probably the single most momentous event of the 20^th century; the assassination of Archduke Ferdinand and his wife Sophie in Sarajevo, then located in the Austro-Hungarian Empire. I view it as the singular event of the prior century because it led directly to the following events: the First World War, the Second World War, the Russian Revolution, the fall of the Hapsburg, Romanov and Prussian monarchies, the Cold War and a host of other events. One can point to 1963 in Dallas and 9/11 as direct descendants of the actions of the Sarajevo assassins.

One of the best articles I have ever read on the assassination was in the March 22^nd edition of the Financial Times (FT) in a piece by Simon Kuper, entitled ‘The crossroads of history”. Kuper returned to modern day Sarajevo “to try and understand his act in its local context – the context both of 1914 and 2104.” I think that Kuper did come to some understanding through his reporting, which I found to be first rate. The attack on the Archduke itself came about through a plethora of mis-steps, foolish decisions and idiotic mistakes that rival any modern day industrial catastrophe. Kuper quoted the author Rebecca West for the following, “Nobody worked to ensure the murder on either side as the people who were murdered.” As this assassination started Europe down a road that led to well over 20 million deaths, it is an appropriate start to many more posts I will have during the centenary of 1914.

Just as Gavrilo Princip changed the course of history, I recently read an article in the May edition of the Harvard Business Review (HBR) which I think could significantly modify how you, as a Chief Compliance Officer (CCO) or compliance practitioner, will think about getting employees to “apply their talent and energy to move organizations forward” in compliance and ethics. The article is entitled “Blue Ocean Leadership”. In this two-part series I will explain the authors view of the problem that “According to Gallup’s 2013 State of the American Workplace report, 50% of employees merely put their time in, while the remaining 20% act out their discontent in counterproductive ways, negatively influencing their coworkers, missing days on the job, and driving customers away through poor service. Gallup estimates that the 20% group alone costs the U.S. economy around half a trillion dollars each year.” The authors believe that “poor leadership is a key cause” of this problem. The authors posit that leadership is a “service that people in an organization “buy” or “don’t buy” and when employees come to value you as a leader, they “in effect buy your leadership.”

Today I will focus on how ‘Blue Ocean Leadership’ differs from conventional leadership and tomorrow I will review strategies of how to execute this type of leadership and explore its implications for the CCO or compliance practitioner.

Key Differences from Conventional Leadership Approaches

The authors point to three key differences between ‘Blue Ocean Leadership’ and traditional leadership approaches.

The first key difference is that ‘Blue Ocean Leadership’ “focuses on what acts and activities leaders need to undertake to boost their teams’ motivation and business results, not on who leaders need to be. This difference in emphasis is important. It is markedly easier to change people’s acts and activities than their values, qualities, and behavioral traits. Of course, altering a leader’s activities is not a complete solution, and having the right values, qualities, and behavioral traits matters. But activities are something that any individual can change, given the right feedback and guidance.”

The second under ‘Blue Ocean Leadership’ is to “connect closely to market realities”. This is accomplished by having “the people who face market realities are asked for their direct input on how their leaders hold them back and what those leaders could do to help them best serve customers and other key stakeholders. And when people are engaged in defining the leadership practices that will enable them to thrive, and those practices are connected to the market realities against which they need to perform, they’re highly motivated to create the best possible profile for leaders and to make the new solutions work.” This allows not only employee buy-in both also quicker and more efficient engagement of the implementation of a leaders program.

The third key difference is that ‘Blue Ocean Leadership’ distributes leadership across all levels of management. The authors quoted one senior executive who said, “The truth is that we, the top management, are not in the field to fully appreciate the middle and frontline actions. We need effective leaders at every level to maximize corporate performance.” However ‘Blue Ocean Leadership’ is more robustly “designed to be applied across the three distinct management levels: top, middle, and frontline. It calls for profiles for leaders that are tailored to the very different tasks, degrees of power, and environments you find at each level. Extending leadership capabilities deep into the front line unleashes the latent talent and drive of a critical mass of employees, and creating strong distributed leadership significantly enhances performance across the organization.”

The Four Steps of Blue Ocean Leadership

Most importantly the authors believe that you have to see your leadership for what it is and not what you wish it to be. If you do not have a “common understanding of where leadership stands and is falling short, a forceful case for change cannot be made.” The authors created a template that they called “Leadership Canvases” which are visual representations to show what leaders actually do, rather than what they think they do. The authors’ research showed that 20% to 40% of all actions taken by managers are of little value to the organization. This led to the “biggest “aha” for the subteams was that senior managers appeared to have scarcely any time to do the real job of top management—thinking, probing, identifying opportunities on the horizon, and gearing up the organization to capitalize on them.”

Based upon this initial finding, the authors began to explore alternative leadership profiles. Here you are required “to think beyond the bounds of the company and focus on effective leadership acts they’ve observed outside the organization, in particular those that could have a strong impact if adopted by internal leaders at their level. Here fresh ideas emerge about what leaders could be doing but aren’t. This is not, however, about benchmarking against corporate icons; employees’ personal experiences are more likely to produce insights. Most of us have come across people in our lives who have had a disproportionately positive influence on us. It might be a sports coach, a schoolteacher, a scoutmaster, a grandparent, or a former boss. Whoever those role models are, it’s important to get interviewees to detail which acts and activities they believe would add real value for them if undertaken by their current leaders.”

The next step begins to take what I call some real corporate courage. It requires that middle and frontline managers critique what senior management has come up with in step 2, developing alternative leadership profiles. Some of the more interesting changes were ‘Cut through the Crap’ in which “frontline leaders did not defer the vast majority of customer queries to middle management and spent less time jumping through procedural hoops. Their time was directed to training frontline personnel to deliver on company promises on the spot” and to resolve problems. Another was ‘Liberate, Coach and Empower’ where leaders “time and attention shifted from controlling to supporting employees.” Finally, there was ‘Delegate and Chart the Company’s Future’ where the front and middle line managers had more responsibility so “senior managers would be freed up to devote a significant portion of their time to thinking about the big picture—the changes in the industry and their implications for strategy and the organization. They would spend less time putting out fires.”

‘Blue Ocean Leadership’ challenges companies to allow its employees to “think about which acts and activities leaders should do less of because they hold people back, and which activities they should do more of because they inspire people to give their all.” Just as you begin to think through the changes wrought by one action in a small town, very long ago, which changed the 20^th Century forever, you may wish to use these concepts to think about how your leadership can be made more effective.

In tomorrow’s post I will look at how the authors believe you can execute a ‘Blue Ocean Leadership’ change in your company.

© Thomas R. Fox, 2014

Leave a Comment

May 16, 2014

Compliance Hiring Practices under the FCPA

Filed under: Best Practices,compliance programs,Ethical Leadership,Ethics,FCPA,Harvard Business Review,Wall Street Journal — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, ethical leadership, ethics and compliance, FCPA, Harvard Business Review, HBR, Wall Street Journal, WSJ

Hiring practices under the Foreign Corrupt Practices Act (FCPA) are not often given much thought or widely discussed. They have come up for discussion more recently because of the issues surrounding the hiring of sons and daughters of foreign government officials most publicized with JPMorgan Chase & Co. But numerous other company’s similar hiring practices are under regulator scrutiny. As far back as 2004, in Opinion Release 04-02, the Department of Justice (DOJ) realized this was an important part of an overall compliance program when it approved a proposed compliance program that had the following requirement:

Clearly articulated procedures which ensure that discretionary authority is not delegated to persons who the company knows have a propensity to engage in illegal or improper activities.

I thought about some of these issues when I read The Saturday Essay in the Wall Street Journal (WSJ), entitled “How to Trick the Guilty and Gullible into Revealing Themselves” by Steven Levitt and Stephen Dubner, which they adapted from their most recent book Think Like a Freak. In their essay they began by comparing two diverse tactics used by King Solomon and the band Van Halen to see who might be telling the truth, or not, in a specific situation. In the oft-told tale involving King Solomon he decreed that he would split a baby and give one-half each to two women who claimed to be the mother. The true mother told him to give the baby to the other woman. King Solomon used this fact to determine which was the real mother. In the case of rock band Van Halen, they had a 53-page rider giving “point-by-point instructions” in in their touring contract. This rider had technical and security specifications for each venue the band played. It also had language in ALL CAPS that stated “M&M’s (WARNING: ABSOLUTELY NO BROWN ONES).” Initially this language was derided as simply rock and roll excess to the hilt, but band member David Lee Roth explained that if he went into the dressing room and found no brown M&Ms, it signified to him that the local promoter had read the contract. If there were brown M&Ms, the band had to perform extra reviews of the stage electrical and lighting requirements.

Why is hiring so important under the FCPA? It is because hiring is important to any company’s health and reputation. At this point, until the US Supreme Court tells us that a corporation is the same as a human being, with both obligations and rights; a company is only as strong as its employees. Like most areas of FCPA compliance good hiring practices for those employees who will do business in compliance with anti-corruption laws such as the FCPA are simply good business practice. Levitt and Dubner cite the following statistic, “By one industry estimate, it costs an average of roughly $4,000 to replace a single employee, and one survey of 2,5000 companies found that a single bad hire can cost more than $25,000 in lost productivity, lower morale and the like.” For one of the energy Services Company where I worked this estimate went as high as $400,000 to hire and fully train a new employee. I would add that those costs could go up significantly if a bad hire violates the FCPA.

Brooke Denihan Barrett, Chief Executive Officer (CEO) of the Denihan Hospitality Group, interviewed in the New York Times (NYT) Corner Office column said that by the “time somebody meets me, you can assume that the skills are there. So what I interview for is fit. And I’m always very curious to know, what is it about our company that appeals to that person?” She asks specifically about culture, requesting the candidate define it and how do you think that culture is special. She also asks candidates to talk about a failure and what lessons that they learned from the experience and how they dealt with the experience. I would suggest that both of those lines of inquiries should be used when evaluating a candidate for hire.

In a completely different arena, Houston Dash General Manager (GM) Brian Ching talked about the expectations he and his club have for the female soccer players on the squad. In addition to the obvious requirement for a professional soccer player to be technically proficient in the game of soccer, the team expects each player to have significant community involvement to help develop a fan base for the club. In the player interview process, this is thoroughly explained and each prospective player is asked if they would be willing to take on this additional role. But more than simply using this Q&A as an evaluation technique, it allows the team to communicate its expectations to each potential team member.

This is something that Human Resources (HR) and others involved in the hiring process can take to heart. They should have a serious and frank discussion with all potential hires, particularly those going into senior management or FCPA-related high-risk areas. This not only allows an evaluation along the lines that Barrett uses to determine if a hire will be a cultural fit for her company but it permits a company to directly express its expectations surrounding FCPA compliance and doing business ethically if a person is hired.

Another area that is often overlooked is the reference check. Many practitioners feel that a reference is not of value because prospective candidates will only list references that they believe will provide glowing recommendations of character. This leads to a pro forma reference check. However, in an article in Harvard Business Review (HBR), entitled “Gilt Groupe’s CEO on Building a Team of A Players”, author Kevin Ryan explodes this misconception by detailing how he views the entire hiring process and specifically checking references. I would add that it could be a valuable and useful tool for you and your compliance program.

In the hiring of personnel, Ryan details the three steps his company takes: (1) Resume review; (2) In-Person interview; and (3) Reference checks. Ryan believes that resumes are good for establishing “basic qualifications for the job, but not for much else.” He believes that the primary problem with in-person interviews is that they are skewed in favor of “persons who are well spoken [or] present well.” For Ryan, the key check is through references and he says, “References are really the only way to learn these things?”

Ryan recognizes that many people believe that reference checks are not of great value because companies cannot or will not give out much more information than confirming dates of employment. However, he also believes that “the way around it is to dig up people who will speak candidly.” He also recognizes that if you only speak to the references listed on a resume or other application, you may not receive the most robust appraisal. Ryan responds that the answer is to put in the work to check out references properly. Ryan believes this is one of the key strengths of search firms and that companies should emulate this practice when it comes to reference checks.

He notes that anyone who has worked in an industry for any significant length of time will have made many connections. Invariably some of these connections will be acquainted with you or those in your current, and former, company. Ryan gave the following example: A longtime friend who was employed at another company called and said that he had been asked by his hiring partner to find out “the real story” on a hiring candidate by asking Ryan his candid opinion of the candidate. Ryan’s response was “Don’t hire him.” Lest you think that such refreshing honesty no longer exists when informal employment references are provided, you are mistaken. In my past corporate position, I was charged with performing compliance due diligence on senior executives and I spent time doing what Ryan suggested, calling acquaintances that I knew and asking such direct questions. More than 75% of the time, I got direct responses.

Ryan believes that you must invest your company in the hiring process to get the right people for your company. The same is true in compliance. You do not want people with a propensity for engaging in corrupt acts working for, or leading, your company.

The hiring of someone who will perform business activities in compliance with anti-corruption laws such as the FCPA or UK Bribery Act will continue to be as much art as science because the hiring of quality employees for senior management positions is similarly situated. But that does not mean a company cannot work to not hire those persons who might have a propensity to engage in bribery and corruption if the situation presented itself. The hiring process is just one more tool that can be utilized to build an effective compliance program.

Leave a Comment

April 7, 2014

The Battle of Shiloh, Corruption in Ukraine and Things to Come

Filed under: ADM,Best Practices,Bribery Act,compliance programs,Enforcement Actions,FCPA,Harvard Business Review,Trade Groups — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, DOJ, ethics, ethics and compliance, FCPA, Harvard Business Review, HBR

On this day 126 years ago the two-day battle of Shiloh ended. On the second day, the Union troops under General Grant largely recovered the ground that the Confederate troops had taken on the first day. Grant was severely criticized for allegedly being taken by surprise by the Confederate attack but he managed to survive the firestorm. The Confederates lost their most senior commander, General Albert Sydney Johnson, on the first day of the fighting.

With the successful Union counter-attack on the second day the battle is generally viewed as a tactical victory for the North. However, for me the thing that is most significant about this battle is that it was the first horrific slaughter of the Civil War. There were over 23,000 casualties on both sides. Unfortunately it presaged more to come. I will never forget Shelby Foote’s comments in Ken Burn’s documentary The Civil War. Shiloh was not an aberration but there were 25 more Shiloh’s to come. It truly was a sign of things to come.

The recent events in Ukraine have had a variety of interpretations, results and predictions. But one thing is clear, the government of Ukraine allowed systemic corruption to occur. One can look to the Archer-Daniels-Midland Corp. (ADM) Foreign Corrupt Practices Act (FPCA) enforcement action to see the effects in play. In that matter, ADM paid bribes to obtain tax rebates to which it was legally entitled. Unfortunately for ADM it developed opaque schemes to fund bribery payments and then hid them on its books and records. Not good for FPCA compliance.

Or consider the case of Ikea. In an article in Bloomberg, entitled “Dashed Ikea Dreams Show Decades Lost to Bribery in Ukraine”, Agnes Lovasz wrote that Ikea has tried for over a decade to open a store in the country but has been unable to do so because it refuses to pay bribes to do so. She wrote that according to Transparency International’s (TI’s) Corruptions Perceptions Index (CPI), “Stuck between the European Union and its former imperial master Russia, Ukraine has emerged as the most corrupt country on the continent.” She quoted Erik Nielsen, chief global economist at UniCredit SpA in London, for the following, “Even before this latest crisis, Ukraine was a mess beyond description”. How about this recommendation from Lennart Dahlgren, a retired Ikea executive who led the company’s entry into Russia, who said in an interview with Russkiy Reporter magazine in 2010, that compared with Ukraine, Russia, the most corrupt major economy, “is whiter than snow”. Faint praise indeed.

While a US, UK, EU or other western government response is certainly appropriate, I thought about a business led response to such a situation when I read a recent article in the April issue of the Harvard Business Review (HBR), entitled “The Collaboration Imperative”, by authors Ram Nidumolu, Jib Ellison, John Whalen and Erin Billman. In this article they discussed business collaborations in the context of sustainability. I found their concepts should be considered by companies or industry groups when trying to develop strategies to fight corruption. As Jason Poblete continually reminds us, the marketplace is one important place to look for solutions to problems and this article certainly provides some starting points for such an analysis.

The authors posit that collaboration models should be divided into two categories: (1) coordinated processes and (2) coordinated outcomes. Adapting these to anti-corruption/anti-bribery programs, this means that under the ‘coordinated processes’ prong businesses should identify and share industry-wide operational processes that prevent and detect bribery and corruption. Under the ‘coordinated outcomes’ prong, the authors work translates into developing industry benchmarks and standardized systems for measuring anti-corruption/anti-bribery performance across the value chain.

The authors had some specific steps in their article which I thought also provided insightful for implementing their ideas in the anti-corruption/anti-bribery context. First you should being this journey “with a small, committed group.” The reason to do so is “to prevent the logjams that can occur when many stakeholders with conflicting goals try to work together, start by convening a small “founding circle” of participants. The members must have a common motivation and have mutual trust at the outset. This group develops the project vision and selectively invites subsequent tiers of participants into the project as it develops.” Next you should try to “link self-interest to shared interest.” This is because to help facilitate success, “collaboration initiatives must ensure that each participant recognize at the outset the compelling business value that it stands to gain when shared interests are met.” The participants need to then try to monetize the system value by “linking self-interest and shared interest is to quantify how the collaboration reduces costs or generates revenue for each participant.” It helps to build a direct path to some early successes because it is important “to generate momentum and commitment, the action plan must also emphasize quick wins. Business thrives on visible and immediate results, and sustainability collaborations are no exception. Even if these wins are small initially, the cost savings or incremental revenues provide proof to other executives inside participants’ organizations that the investment is worthwhile.”

As many in such a collaborative group will have conflicting priorities, the authors believe it is important to have “independent project-management specialists with demonstrated competence in trust building among diverse stakeholders. Additionally, the project management function must be seen by all participants as neutral and committed to the success of the project, rather than to any individual stakeholder.” Interestingly, the authors note that there should be built in competition which should be “structured to support shared goals.” Finally, and perhaps most obviously, any such group must have a culture of trust. Fortunately, in the anti-corruption/anti-bribery world there are very few trade secrets but beyond this, the “building and maintaining trust is an ongoing practice foundational to every other practice during the collaboration project.”

Perhaps the people or the leadership of Ukraine may at some point realize that the perceived endemic nature of corruption in their economic system, helped lead in part to its current problems. Maybe the citizens in Crimea thought the Russian government less corrupt. While I do not pretend to know the answers to these questions, the collaboration model that the authors have detailed for sustainability initiatives is certainly one that US companies might wish to consider on some type of industry wide basis.

Leave a Comment

July 31, 2013

Dylan Goes Electric and Innovation in Your Compliance Strategy

Filed under: Best Practices,compliance programs,Ethical Leadership,Ethics,FCPA,FCPA Guidance — tfoxlaw @ 1:01 am
Tags: best practices, compliance, compliance programs, FCPA, Harvard Business Review, HBR

This past weekend was the 48^th anniversary of the Newport Folk Festival where Bob Dylan went electric. At this event, Dylan played an electric guitar for the first time publicly. Many of his folk music aficionados were horrified, with some even calling him ‘Judas’. But Dylan changed the face and style of not only his own music and basically created the folk rock genre with that innovation. And of course, he has been electric since that time. Rock on, Bob.

Dylan’s change of style introduces the topic of innovation in your compliance program. Mike Volkov, Donne Boehme, Jeff Kaplan and others often write about creating strategic advantage through your compliance and ethics program. But how can you maintain that strategic advantage? Rita Gunther McGrath, in an article in the June issue of the Harvard Business Review, entitled “Transient Advantage”, says that the “dominant idea in the field of strategy—that success consists of establishing a unique competitive position sustained for long periods of time—is no longer relevant for most businesses.” She believes that businesses need to learn how to launch strategic initiatives “again and again” and that to do so will require a new set of corporate operational capabilities.

I thought about her concept in the context of a compliance program. Certainly innovation is not an alien concept to the compliance practitioner. I have long heard the following quote attributed to former Assistant Attorney General, for the Criminal Division of the US Department of Justice (DOJ), Lanny Breuer, “Your compliance program is a living entity; it should be constantly evolving.” This concept is enshrined in the FCPA Guidance as one of the Ten Hallmarks of an Effective Compliance Program, No. 10 entitled “Continuous Improvement: Periodic Testing and Review”. The Guidance states that “a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its industry. In addition, compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.”

McGrath believes that the life cycle of competitive strategy is outdated and needs to be viewed through the lens of a more fast-moving world which requires more corporate dexterity. She provides “a portfolio of transient advantages” that companies need to use in the way they operate around strategies. Using her eight major shifts, I will tie them to the requirements for a constantly evolving compliance strategy.

Think about arenas, not industries. In the compliance world, this means you need to look outside your industry for opportunities or issues which might impact your company. Remember the Watts Water Foreign Corrupt Practices Act (FCPA) enforcement action? That came about because the company’s General Counsel (GC) read about another company in another industry which used a similar sales model as Watts Water in China. He wondered if his company might have some FCPA exposure and it turned out that the company did. Similarly, if you are doing business in China today and use travel agencies for travel, entertainment, business courtesies, or any other reasons, I would suggest that you take a close look at those practices as soon as possible, based on what has happened to GlaxoSmithKline PLC (GSK) over the past couple of weeks.
Set broad themes, and then let people experiment. Here McGrath talks about ways for a company to “rethink their business model, reinvent their workforces, and rewire their operations.” This is precisely true for the compliance function as well. Most generally, employees want to do business in the right way and ethically. Give them the tools and opportunities to do so through training and support. Two examples might be that if your company still allows facilitation payments, use your employee base to come up with alternative methods of dealing with this issue. You can use smaller employee groups to drive home the message of compliance through less formal training mechanisms which provide more support for them. And here you are only limited by your imagination.
Adopt metrics that support entrepreneurial growth. For the compliance practitioner, I think that increased metrics should mean more monitoring on the back end of transactions. This is because it not only makes good compliance sense, it makes good business sense. So if you have a significant sales spike in a new international region or area, what happened and how do you know? In answering these questions, it is clearly important that management understands the business cause of significant sales increases and that there could be other issues involved in the situation that may require consideration by the compliance practitioner.
Focus on experiences and solutions to problems. Under this prong, I believe the key is to listen to what your employees have to say. Travel to multiple company locations across the globe and meet with as many employees as possible. You can do this through town hall settings with key employee leaders, meetings with key stakeholders and employees identified as high risk, or in smaller groups. Listen to their concerns and then use their ideas as suggested enhancements to your compliance program; those ideas can often form the basis of a large core of the enhancements to your existing compliance program. After rolling out your enhanced compliance program, during training, you can then give specific examples of how employee input led to the changes in the enhanced program. This engages the employees and made them feel like they were a part of, and had a vested interest in, the company’s compliance program; which in turn can lead to greater employee buy-in.
Build strong relationships and networks. McGrath relates that the most valuable company employees are those with strong internal networks and relationships. This should be music to the ears of a compliance practitioner. Once again the key is engagement but I would also say that it can also be considered internal marketing. For this point I would suggest that you might consider the path taken by Peter Löscher who was hired as the Chief Executive Officer (CEO) of Siemens in 2007, in the depths of the largest bribery and corruption scandal of any company ever (at least to-date). In his first 100 days as CEO, Löscher went on a round the world tour of the company’s facilities, including meetings with customers, local governmental officials and Siemens employees. He accomplished this final component through meetings with local leadership teams, town hall-style meetings with all employees and dinners with top leadership teams in specific locations. He basically learned that Siemens employees were “shocked and ashamed, because they were very proud to be a part of Siemens.” He used these forums as a basis to begin to change the culture of the company which was then enmeshed in what became the world’s largest and most costly bribery and corruption scandal to date.
Avoid brutal restructuring; learn healthy disengagement. While McGrath speaks in terms of restructuring, downsizing or mass firings, I believe that this point also has significance for the compliance practitioner. It may be that some of the ‘old ways’ of doing business need to change. Think about facilitation payments and how thinking has evolved on that topic, even in the past couple of years. Whatever you might think of small bribes they can act as an entry level into the wider world of actual bribery and corruption, remember that facilitation payments are not authorized under the UK Bribery Act. If your company has a UK subsidiary or UK citizens working for it you are required to maintain a ‘carve out’ for the UK subsidiary and UK citizens from your exemption of facilitation payments. This is an administrative nightmare for your books and records and one that many companies do not maintain all that well. But a key is your communication on this point.
Get systemic about early-age innovation. McGrath believes that you must have a process for filling your innovation pipeline with new initiatives. Similarly, in the FCPA world resting on your laurels will not suffice. Here I think that the advice that my colleague, Stephen Martin, partner at the law firm of Baker and McKenzie, is certainly applicable. Martin suggests that each compliance department have a 1-3-5 year plan for upgrading of your compliance program. Such a plan can be reviewed on regular intervals and updated as new information, ideas or techniques become available. Such a plan can be used as your roadmap for moving forward and can be further supplemented by an annual risk assessment which may look more at the business to determine what or how its changes may have modified its compliance risks.
Experiment, iterate, learn. McGrath advises that companies should “focus on experimentation and learning, and be prepared to make a shift or change as new discoveries happen.” In the compliance world, this can mean as new techniques for doing business in compliance become available, as new business models initiate new compliance risks, or as laws change. Witness the recent troubles of GSK in China. I think a clear sign from these events will be the increased anti-corruption enforcement of the Chinese government. It is fair or even right? I do not think that is the question for a compliance practitioner to ask. I think the question should be how can I use this information to help create a more effective compliance program going forward for my company? This might also be a good time to think about the advice I adapted from Michael Maslanka, that being that “all news is good news”. What does this mean for your compliance program? If you make an observation, see if it opens up or closes off other options for you. But the key is to pick an option and then act. And always, as Maslanka suggests, “Repeat until resolution.”

McGrath ends her piece by noting that one thing about strategy that has not changed and that is “it still requires making tough choices”. But by defining how you are going to do business in compliance and then how you will move forward from each new situation that presents itself until the next one will be a critical advantage to keep you from hot water or to help you navigate moving forward with regulators if you find yourself in such a situation.

Comments (1)

February 19, 2013

Internal Advertising of Your FCPA Compliance Program

Filed under: Best Practices,compliance programs,Ethics,FCPA,Harvard Business Review — tfoxlaw @ 1:01 am
Tags: best practices, compliance, compliance programs, FCPA, Harvard Business Review, HBR

Spring training is upon us and I have always enjoyed this time of year because, as one might say, ‘hope springs eternal’ especially for baseball fans. But this year I have no hope for the Astros as they have cut their payroll even further and now have the Major League Baseball (MLB) low of $25 million. Sportswriters are opining that the only thing the Astros are in contention for this year is to beat the MLB record of losses in a season, now at the number of 120. Jim Crane, fresh from his redesign of the Astros uniform, played golf with President Obama this past weekend, so at least he has some money to spend.

I thought about the Astros and their advertising campaign that they have a plan to make the Astros competitive in 5 years or so whilst reading an article in the March issue of the Harvard Business Review (HBR), entitled “Advertising’s New Medium: Human Experience”, by Jeffery Rayport. In his piece, Rayport’s thesis is that “to engage customers, advertisers must focus on where and when they will be receptive” to your message. I think that his ideas can be used by a compliance practitioner to internally market not only a compliance program but the equally important message of compliance.

Rayport believes that advertising has traditionally been “ubiquitous but often poorly targeted, intrusive, ignored at best and actively rejected at worst.” Further, in a “media saturated world, advertising strategies built on persuading through interruption, repetition, and brute ubiquity are increasing ineffective.” He believes that advertisers must expand their definition of what advertising really is so that they can craft and place their messages so that they are not only accepted but welcomed by consumers. That sounds to me like a great goal for a compliance practitioner who is trying to sell the message of compliance throughout a world-wide based, international company.

Rayport says that a message should be less about its target and more about what you are doing for the target audience. In other words, how does the idea set out in the message “sustain and reward” affect the audience’s life? It must engage through “relevance and value”. So what does Rayport prescribe? He believes that there are four domains through which you can reach a target audience.

The Public Sphere

This is the area where we move from one place or activity to another, both online and off-line. Rayport suggests that public-sphere ads are effective through the use of one or more of four principles. (1) They are relevant in context – the message aligns with the consumer’s experience at the moment they encounter the advertising. (2) They help people reach personal objectives – this is advertising conceived as problem solving. (3) They are brand interventions – these enter consumers’ lives in targeted and useful ways and when they are needed. (4) They are engaging, refreshing, or compelling experiences – these address a specific practical function, but they can also exert influence in the remaining spheres. These four criteria should be a goal of every compliance training session. If you can help your company’s employees achieve their goals through compliance, you will go quite a long way towards selling not only your compliance program but also the message of compliance.

The Social Sphere

Rayport says that the social sphere “emphasizes broad diverse networks.” This is where we interact with and relate to one another. So messages in this sphere should help people, “forge new connections or enrich existing ones.” But it must appear at the right time and the right place to be effective. The message itself should address a specific need or problem but the key is that it facilitates social interactions. The message can both reinforce relationships and reinforce the brand. Think how powerful the compliance message could be if it met these criteria. One thing the recently released Foreign Corrupt Practices Act (FCPA) Guidance made clear is that gift-giving is not prohibited by the FCPA. You can provide gifts as tokens of esteem in parts of the world where this is a long-standing customer and practice. But I think the key is that you can tailor your message for your audience.

The Tribal Sphere

This is the area where will typically affiliate with groups to define or express our identity. It is an area of “more-focused social engagement”. But this sphere provides an opportunity to create a message that identifies with this group. Messages here must suit the “character and values of those involved” and “empower the individual.” While you may need to have some consistency across your company regarding your compliance message, this sphere would also suggest that the message in West Africa could be tailored to that market, rather than simply the same message that you give in the United States. I heard a very good example by Dan Chapman, Chief Compliance Officer (CCO) at Parker Drilling, who, when confronted with a question during overseas FCPA training about why people in his company should not bribe in a country where it was customary, explained how corruption was ruing the fabric of the country in question, and if the person asking the question did not engage in bribery and corruption perhaps he could be one step in bringing his country out of that sordid state.

The Psychological Sphere

This is the sphere is the “domain of language, cognition and emotion.” Here, Rayport believes that the message you send will serve as “shorthand for complex concepts, inspiring actions or triggering positive feelings.” Somewhat surprisingly, in the psychological realm, messages can provide, “new ways to articulate ideas, engender habit formation, guide reasoning and elicit emotion.” Rayport states that there are four different ways in which messages in this sphere can work. (1) Messages use language to establish a cognitive beachhead for a concept – the use of one or just a few more can convey a much longer and thoughtful message. (2) The message seeks to establish a habit – this means more than simply a thought of what to do, but how one should do it. (3) Such messages guide cognition – this means that messages can and should be both inspiring and practical. (4) Messages should connect on an emotional level – messages here should promote a frame of mind, in the psychological sense. Imagine if you could create a compliance message that worked on this level. Clearly this has been done by many large corporations in the area of safety, with such simply messages as ‘Safety First’ or ‘Do Safe Work’. I might suggest that you look at your company’s stated values. On the General Electric (GE) website it states that “The board expects GE directors, as well as officers and employees, to act ethically at all times and to acknowledge their adherence to the policies comprising GE’s code of conduct set forth in the Company’s integrity manual, “The Spirit & The Letter”. What if your message was simply “The Spirit & The Letter”? If an employee heard that and they immediately thought of acting ethically and adhering to your company’s compliance program, it could be quite a powerful message.

Rayport’s article provided many different ways for a compliance practitioner to think through how they might internally market a compliance program. For a company with large international work force, the traditional FCPA training may not be the only method for a compliance practitioner to reach the employees. As you begin to think of other ways to get out the message of compliance you could try some of Rayport’s ideas. As for the Astros, I would suggest that they take some of that TV money they are squirreling away and spend it on an upgrade.

Leave a Comment

FCPA Compliance and Ethics Blog

June 19, 2015

Tribute to John David Crow and an Innovation Strategy for Your Compliance Program

December 4, 2014

Sherlock Holmes and Innovation in the Compliance Function – Part IV, The Valley of Fear

December 3, 2014

Sherlock Holmes and Innovation in the Compliance Function, Part III – The Hound of the Baskervilles

December 2, 2014

Sherlock Holmes and Innovation in the Compliance Function, Part II – The Sign Of Four

July 2, 2014

Gettysburg Day 2 – A Failure of Culture in Leadership and How to Overcome It

June 23, 2014

An Event That Changed the World and Fostering Compliance Leadership – Part I

May 16, 2014

Compliance Hiring Practices under the FCPA

April 7, 2014

The Battle of Shiloh, Corruption in Ukraine and Things to Come

July 31, 2013

Dylan Goes Electric and Innovation in Your Compliance Strategy

February 19, 2013

Internal Advertising of Your FCPA Compliance Program

January

Blogroll

Pages

Admin

Read by Email

Recent Posts from FCPA Compliance and Ethics Report: FCPA Compliance and Ethics Report

Episode 240-Bill Coffin on Compliance Week 2016

Episode 239-Jonathan Armstong On EU Privacy Shield

Episode 238-John Allen on HR Touch Points in Compliance

Episode 237-Steve McCalmont on the Avior Risk Management Platform

Episode 236-Adam Turteltaub and SCCE CCO Survey