FCPA Compliance and Ethics Blog

November 8, 2012

How Do You Change a Corrupt Culture?

As most compliance practitioners know Siemens AG paid not only the largest Foreign Corrupt Practices Act (FCPA) fine in the history of the world at $800MM but also paid the same amount to the German government, this makes for a total fine of $1.6bn back in 2008 when that was real money. In addition to these fines and penalties the New York Times (NYT), in an article entitled “The Mounting Costs of Internal Investigations”, stated that Siemens “reported incurring costs of more than $1 billion for a global inquiry into payment of bribes to foreign officials to win business.” In other words, it cost Siemens an uber amount money to clean up this huge mess.

Nevertheless clean it up they did and the company has come back even stronger and more profitable. A recent article in the November issue of the Harvard Business Review (HBR), entitled “The CEO of Siemens On Using a Scandal To Drive Change” explains how he did so. In late 2007, Peter Löscher was hired as the first outsider to become the company’s Chief Executive Officer (CEO) since its founding in 1847. Löscher’s attitude when he was hired can be summed up with the following quote from the article “never miss the opportunities that come from a good crisis – and we certainly didn’t miss ours.” More importantly, Löscher’s recognized that as strong as a strategy might be, the key is in how you execute that strategy. In other words, it does not matter how strong your compliance program is, if you do not follow it, you will most probably fail in this area.

The First 100 Days

Löscher had two immediate goals to achieve in his first 100 days as Siemens’ CEO. The first was to get to know the company. The second was to work quickly to change how it was organized. To accomplish his first goal Löscher literally went on a round the world tour of the company’s facilities, including meetings with customers, local governmental officials and Siemens employees. He accomplished this final component through meetings with local leadership teams, town hall-style meetings with all employees and dinners with top leadership teams in specific locations. He basically learned that Siemens employees were “shocked and ashamed, because they were very proud to be a part of Siemens.”

This last point, the pride that company employees had in Siemens, made his next series of steps not only easier but possible. Löscher had to get rid of the two tiered Board system that Siemens had in place; that being a Managing Board and a Supervisory Board. He had to ask 80% of the membership of the Managing Board to leave their positions. He reduced 12 operating units down to eight. Finally, Löscher had to create new positions for the heads of Supply Chain, Legal and Compliance.

Löscher recognized that Siemens would have to change its operational structure as well. Many of the country organizations were focusing on non-core business or were actually competing against other groups within Siemens. The geographic organization of the company was grouped into 70 clusters of such businesses and Löscher reduced them down to 20. Global CEO’s of these clusters would report directly back to Löscher. He believed all of these changes were important to help reduce the company’s bureaucratic structure so that it could operate more nimbly across the globe.

Löscher thought it was also important for all of the company to review what Siemens termed “megatrends” through which it would organize its businesses to take advantage of broad global changes. For instance, changes in demographics, globalization and one added by Löscher, that being an environmental portfolio. This last component was the company’s first new strategic pillar. To this Löscher then added an emphasis on company infrastructure and lastly to be industry “pioneers” through innovation.

Löscher also took on the diversity, or rather the lack of it, in Siemens. This campaign began with this simple statement to the Financial Times (FT), “Our organization is too male, too white and too German.” While this statement caused an uproar, it did clearly set out the tone that Löscher was trying to communicate to the employees of the company. He clearly set the tone at the top of the company and the employees knew that if Löscher said it, he meant it.

From the Compliance Perspective

Löscher stepped into a company where bribes were not only legal in its home country of Germany until 1999 but German corporations could deduct bribes from taxable income as business expenses. The HBR article reported that Siemens identified $1.6bn in “questionable payments” that it made around the globe from 2000-2006. Both US and German prosecutors investigated the company in what has to date been the most massive international corporate corruption and bribery investigation.

The lessons from Peter Löscher and how he changed the business culture at Siemens are very pertinent for the compliance practitioner. The first is that there must be a clear ‘tone at the top’ that bribery and corruption will not be tolerated and he made it clear that bribery and corruption would not be tolerated. While the company instituted the gold standard of compliance programs, it is the execution of this program which makes Siemens stand out today. From the organizational perspective it is the direct and clear reporting channels which are the biggest structural change. The compliance function needs not only clear reporting channels but there must be clear lines of authority for the business units to access when compliance issues arise. This leads not only to transparency but also accountability by the business unit. This last point makes the monitoring and auditing function more viable as tools within the company’s overall compliance regime.

The Siemens story is an important one in both the compliance world and in the greater business world. It demonstrates that a company can change not only its culture but its infrastructure so that it can operate and do business ethically. The final word is that Siemens is now more profitable that it ever has been, even with all the investigative costs, fines and penalties and organization and structural changes. It has become an example of how a company can do business ethically and profitably.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

October 23, 2012

Money, Money, Money: Use of Big Data in Your Compliance Program

What is No. 2 on the biggest selling rock and roll album of all-time list? It’s Pink Floyd’s Dark Side of the Moon. In addition to learning that there is no “dark side” to the Moon as it is all dark really; my favorite cut off the album was the song Money. I was thinking about that song and how it might have some relevance to the Foreign Corrupt Practices Act (FCPA) or Bribery Act, in a rock and roll sort of way, when I came across an article in the October issue of the Harvard Business Review, entitled “Big Data: The Management Revolution” by authors Andrew McAfee and Erik Brynjolfsson. The authors’ basic premise is that by exploiting vast new flows of information, a company can improve its performance. However, to do so there must be a corresponding change in the company’s decision-making culture. In business today, many companies are concerned about having not the new thing but the new, new thing. In the FCPA world we might call that evolving best practices as it is another way to phrase many of the emerging business techniques and strategies that can have application to the FCPA compliance practitioner.

What is Big Data?

The authors differentiate ‘Big Data’ from other analytics through three key facets. First is the sheer volume of data that is now available to companies. The authors note that “more data comes across the internet every second than were stored in the entire internet twenty years ago.” The second difference is in velocity with the abundance of real-time or “nearly real-time information”. The authors believe that the “speed of data creation is even more important than the volume.” The final difference is in the form of the data; it is not simply numbers from structured databases but “big data takes the form of messages, updates and images posted to social networks, readings from sensors; GPS signals from cell phones, and more.”

A New Culture of Decision Making

While noting that the technical challenges in capturing or storing ‘Big Data’ can be formidable, the authors believe that the managerial challenges can be even greater. When data is scarce, expensive to obtain or not available in digital forms, the authors posit that “it makes sense to let well placed people make decisions, which they do on the basis of experience they’ve built up and patterns and relationships that that they’ve observed and internalized”, in other words “intuition.” The authors believe that when ‘Big Data’ is involved the Highest Paid Persons Opinion (HiPPO) must “be muted.”

There must be a shift in thinking by the decision makers. The authors believe that two key questions should be “What does the data show?” and then follow up with some more specific questions such as “Where did the data come from? “What kinds of analysis were conducted?” and “How confident are we in the results?” However, as important as these questions might be the bigger challenge by any decision maker using ‘Big Data’ is that they “can allow themselves to be overruled by the data”. The authors believe that nothing speaks louder to employees than “seeing a senior executive concede when data has disproved a hunch.”

Five Management Challenges

The authors write that there are five “particularly important areas” in the effective management of change when it comes to ‘Big Data’.

  1. Leadership. ‘Big Data’ does not erase the need for leadership’s vision and insight. However companies will succeed using ‘Big Data’ because leadership teams “set clear goals, define what success looks like, and ask the right questions.” The authors believe that the companies who lead the way in the use of ‘Big Data’ will be those who use these time honed techniques while changing the way they make decisions.
  2. Talent Management. While data scientists and other similar professionals skilled at working with large amounts of numbers will be important; the authors believe that “cleaning and organizing” the data so that a decision can be made will be equally important. They note that such skills are not currently taught in universities so that company personnel will need to develop the ability in “crossing the gap between correlation and causation.”
  3. Technology. The authors recognize that at the end of the day it is people who will analyze the data but that technology is “always a necessary component of a ‘Big Data’ strategy.” They also believe that the tools available to handle ‘Big Data’ are out there in the marketplace but there is still a skill set required that most IT departments do not have, which is to “integrate all the relevant internal and external sources of data.”
  4. Decision Making. Here the authors believe the key is that company personnel who understand the problem must be brought together with the right data and that these same personnel must have “problem solving techniques that can effectively exploit” the ‘Big Data’. This requires a company leadership which puts “information and the relevant decision making rights in the same location”. The authors termed it as the “not invented here syndrome” and that employees must work throughout the decision making calculus.
  5. Company Culture. In addition to moving away from the HiPPO syndrome noted above, executives must stop claiming that they are using data and analytics to make decisions when they are simply spicing up their reports “with lots of data that supported decisions they have already made”. The authors believe that the first question that a company should ask is not “What do we think?” but “What do we know?” Such an inquiry will allow businesses to gravitate away from making decisions based on “hunches and instinct” to those based upon the data.

What about the application of ‘Big Data’ to FCPA and Bribery Act compliance? I think this article shows the power of not only data analytics but also continuous monitoring. In their article the authors end by stating “Data-driven decisions tend to be better decisions.” The same is true in compliance. Whether you use a software tool, such as Catelas software to pull down large amounts of information and make decisions based upon this data or design a protocol to continually monitor segments of your information through the guys at Visual Risk IQ, cutting edge technology is available to assist the compliance practitioner. But with all data, the key is how to use it and I believe that compliance practitioners who can review large amounts of information from their own internal company and analyze it quickly and efficiently will be able to better protect their companies and keep them in compliance. This will inevitably lead to more complete and better decisions and companies will be able to respond more quickly to compliance challenges as they arise.

And Pink Floyd? Just remember, Money, Money, Money…or listen to the You Tube version by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

September 5, 2012

The Art of Strategic Compliance Plan – A Seven Step Process

I recently wrote about my colleague Stephen Martin’s thoughts on having a 1-3-5 year strategic plan for your company’s Foreign Corrupt Practices Act (FCPA) or Bribery Act compliance program. I am often asked where a compliance practitioner can come up with some ideas to put in such a strategic plan. Clearly one excellent area to study are the ongoing enforcement actions, which are all publicly released. They not only provide insight into the Department of Justice’s (DOJ) thinking on current best practices in the area of FCPA compliance programs but with the recent addition of “Enhanced Compliance Obligations” as found in the Johnson & Johnson (J&J) and Pfizer Deferred Prosecution Agreements (DPAs) there is solid information on some of the most cutting edge compliance initiatives which companies are now using. While you should recognize that these “Enhanced Compliance Obligations” are tailored for the specific company the DPA deals with, nevertheless you can review the concepts and implement those which are appropriate for your company.

Like many compliance practitioners, I came to this field through a corporate law department. As such the focus was usually not on strategic objectives nor did we typically receive much training on how to go about such a process. I was therefore interested in an article in the September issue of the Harvard Business Review (HBR), entitled “Bringing Science to the Art of Strategy”, co-authored by A. G. Lafley, Roger Martin, Jan Rivkin and Nicolaj Siggelkow, which explored the idea that company leaders could be much better in “marrying empirical rigor and creative thinking.” The authors laid out a provocative calculus for developing novel strategies through a “genuine inquiry that’s at the heart of the scientific method.” The authors set forth a step-by-step process in which creative thinking yields possibilities and tests these possibilities using rigorous analysis. The steps are:

1.      Move from Issues to Choice. You need to convert your issue into at least two mutually exclusive options which might resolve the issue. This is because most organizations “will fall into the trap of investigating data related to issues rather than exploring and testing possible solutions.” By framing the problem or issue as a choice, you will focus on “what you have to do next, not on describing or analyzing the challenge.”

2.      Generate Strategic Possibilities. You will need to broaden your list of options to ensure that there is an inclusive range of possibilities. By this the authors mean that possibilities should be creative. Further they identified three key components for such possibilities. First, detail the advantage the possibilities aim to achieve. Second, the scope across which the advantage applies. Third, the activities that will deliver the intended advantage.

3.      Specify the Conditions for Success. For each possibility that you or your group generates, you must describe what must be true for the possibility to be strategically sound. The authors make it clear that this step is not intended “for arguing about what is true” nor is it intended to “explore the soundness of logic behind various possibilities.” This step is intended to require the skeptic to “specify the exact source of skepticism” and require the possibility progenitor to “understand the skeptic’s reservations and develop the proof to overcome them.”

4.      Identify Barriers to Choice. This step is designed to put a “critical eye on the conditions” identified in Step 3. To do this you should determine which conditions are the least likely to hold true. Interestingly, in this step the authors suggest the following process: ask the group members to “imagine that they could buy a guarantee that any particular conditions [identified in Step 3] would hold true.” The condition chosen should be the condition which is the greatest barrier to success. You should then continue the process until all conditions are ranking in such an order.

5.      Design Tests for Barrier Conditions. For each key barrier, you should devise a test which you deem to be valid and sufficient to generate commitment within your organization. The authors do not specify any particular test but say that “the only requirement is that the entire group believes that the test is valid and can form the basis of rejecting the possibility in question or generating comment to it.”

6.      Conduct the Tests. In this step you should start with the test for the barrier conditions in which you have the least confidence. The authors suggest that you bring in outside professionals to administer the test or at least some other group within your company. They caution that the role of these testers is to test; their role is not to revisit or analyze the conditions that your group has set. The key is that the testing has to be “an inch wide and a mile deep” which the authors explain requires that the testing should target the “concerns which could prevent the group from choosing an option and exploring those areas thoroughly enough to meet the group’s standard of proof.”

7.      Make the Choice. Finally, you will need to review your key conditions in light of your test results in order to reach a conclusion. The authors believe that the correct strategy will appear from the results and that greater team consensus will be generated by the seven step approach they suggest.

I found this article very interesting as it provided a useful guide on how to think through devising a strategic plan. In the compliance arena, if you could weld this process to Stephen Martin’s ideas for a 1-3-5 year strategic plan, it would provide a powerful tool for you to use not only in promoting your compliance initiatives internally but if the government ever comes knocking at your door.

I will be co-presenting with Stephen Martin next week in Chicago at an event hosted by Kreller. It will be Tuesday, September 11 at the University Club of Chicago. If you are in the area, please come by and here about Stephen’s 1-3-5 plan and much more about FCPA compliance programs. For more information, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

June 19, 2012

Ethical Leadership: Leading a Company Conversation on Compliance

Ethical leadership is absolutely mandatory to have a successful compliance program, whether it is based upon the US Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act. Senior management must not only be committed to doing business in compliance with these laws but they must communicate these commitments down to the organization. But leadership is not limited only to senior management within an organization. Tone at the Top begets Tone in the Middle; which begets Tone at the Bottom. At each rung there is the need for compliance leadership. In an article in the June issue of the Harvard Business Review, entitled “Leadership is a Conversation”, authors Boris Groysberg and Michael Slind discuss how to improve employee engagement in today’s “flatter, more networked organizations.”

The authors posit that the issue of how leaders handle communications within their organizations is as important as the message. They believe that the process should be more dynamic and more nuanced and is a process that they term “conversational”. Building on this concept they suggest a model of leadership which they call “organizational conversation” which resembles ordinary person-to-person conversations. They believe that this model has several advantages, including that it allows a large company to function like a small one and it can enable leaders to “retain or recapture some of the qualities…that enable start-ups to out-perform better established rivals.” The authors have found four elements of organizational conversation which “reflect the essential attributes of an interpersonal conversation.” They are: intimacy, interactivity, inclusion and intentionality.

Intimacy: Getting Close

Here the authors appear to focus on two works: listening and authenticity. Recognizing that physical proximity may not always be feasible but emotional or mental proximity is required. They advise leaders to “step down from their corporate perches and then step up to the challenge of communicating personally and transparently with their people.” This technique shifts the focus of change from a top-down hierarchical model to a “bottom-up exchange of ideas.”

Interactivity: Promoting Dialogue

Interactivity should make a conversation open and more fluid. You can obtain this by talking with and not just talking to an employee. The purpose of interactivity builds upon the first prong of intimacy. The authors believe that efforts to close the gap between employees will founder if both tools are not in place along with institutional support which gives employees the freedom and courage to speak up. The authors believe that social media can be a useful tool to help foster such interactivity, but care must be taken to ensure that managers do not simply use social media as another megaphone. The authors suggest that more than just social media is required and that something extra is needed and that is social thinking.

Inclusion: Expanding Employees Roles

Following on intimacy is inclusion as intimacy should force a leader to get closer to employees while inclusion challenges the employee to play a greater role in the communication process. Inclusion expands on interactivity by enabling employees to put forward their ideas “rather than simply parrying the ideas that others present.” Clearly this is the prong that brings employee engagement into the communication process by calling on employees to “generate the content that makes up a company story.” Employees who become committed to a message can become the best brand ambassadors that a company can ever hope to have on its payroll.

Intentionality: Pursuing an Agenda

While the first three prongs of the authors’ model focuses on opening up the flow of communication, intentionality is designed to bring a measure of closure to the process. The goal here is to have voices merge into a single vision of what the company’s communication is for. In other words, the conversation should reflect a “shared agenda that aligns with the company’s strategic objectives” that will allow employees to “derive a strategically relevant action from the push and pull of discussion and debate.” The leaders role here is to “generate consent rather than commanding assent” for a strategic objective. The authors believe that this enables employees at the top; at the middle; and at the bottom to “gain a big-picture view of where their company stands” on any issue which has gone through the process.

The Box Score of Organizational Conversation

Intimacy Interactivity Inclusion Intentionality
Old Model: Corporate Communications Information flow is primarily top down;Tone is formal and corporate Messages are broadcast to employees;Print newsletters, memos and speeches Top Execs create and control messaging;Employees are passive consumers of information Communication is fragmented, reactive and ad hoc;Leaders use assertion to achieve strategic alignment
New Model Organizational Communications Communication is personal and direct;Leaders value trust and authenticity Leaders talk with employees, not to them;Organizational culture fosters back and forth, face-to-face interaction Leaders relinquish a measure of control over content;Employees actively participate in organizational messaging A clear agenda informs all communications;Leaders carefully explain the agenda to employees;Strategy emerges from a cross-organization conversations
What it means for employers and employees Leaders emphasize listening to employees, rather than just speaking to them;Employees engage in a bottom-up exchange of ideas Leaders use video and social media tools to facilitate two-way communication;Employees interact with colleagues through blogs and discussion forums Leaders involve employees in telling the company story; Employees act as brand ambassadors and thought leaders Leaders build their messaging around company strategy;Employees take part in creating strategy via specifically designed communication vehicles

Reading this article was a real eye-opener for me. I could not stop thinking about the possibilities for the compliance practitioner in using these techniques throughout an organization. Just think how employees might feel if senior management engaged them directly regarding compliance and how the company is going to do business ethically. As a compliance practitioner you can leverage this to seek more ideas from business unit folks on how to do compliance more efficiently and most probably with greater results for the company. Also imagine what it might do for employee moral if they thought that senior management “had their backs” when it came to being rewarded or even acknowledged for doing business the right way. The possibilities seem endless and you are only limited by your own imagination. But read the article, as I have only scratched the surface of the content that the authors have presented.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

February 10, 2012

Creating Sustainable (Compliance) Performance

Compliance practitioners are continually tasked with moving a company’s culture of compliance forward. However, the day-to-day work is sometimes too granular to see results. In an article in the January-February issue of the Harvard Business Review, entitled “Creating Sustainable Performance”, authors Gretchen Spreitzer and Christine Porath explore some different techniques that managers can use to “help employees thrive at work.” They note that even in a down economy, thriving employees out produce non-thriving employees. The authors defined ‘thriving’ as employees who are not only “satisfied and productive but also engaged in creating the future” for their organization. I thought about these concepts within the context of promoting a culture of compliance within your organization.

The authors posit that there are two components to such thriving employees. They are vitality: “the sense of being alive, passionate and excited” and learning: that being the “growth that comes from gaining new knowledge and skills.” These two concepts work in concert and lead to employees who “deliver results and find ways to grow” on the job. Just think about the power of these concepts if you could apply them to advancing your company’s compliance program. The authors list four steps that managers can take to help employees thrive, which I have adapted for the goal of promoting compliance within your company.

Provide decision making discretion. Here the authors believe that employees will be energized if they can make decisions which affect their work. For your compliance program, it means listening to and working with your local employees to come up with better ways to implement and enhance compliance. But you must take care not to cut back on empowerment simply if a person makes a mistake. Such an eventuality can and should be used as teaching opportunity.

Share information. People will contribute to an organization more effectively when they understand how their specific work fits within the company’s overall mission and strategy. It is difficult to look for innovative solutions if the impact cannot be seen. Compliance should be open and transparent to allow employees to see the fruits of their ideas and efforts as systems which make information widely available should build trust and confidence.

Minimize incivility. This one should be held close by the lawyers in compliance and legal departments. I do not mean yelling and screaming but taking the time to listen and explain. As a lawyer, I sometimes revert to my legal training that all I need to do is explain the rules and that should be enough for everyone to understand. If employees face incivility the authors believe they are “likely to narrow their focus to avoid risks and lose opportunities to learn in the process.”

Offer performance feedback. The authors believe that feedback is the mechanism by which opportunities for learning are presented. Further, the more direct and the quicker the feedback is presented to an employee, the more useful it is as it resolves feelings of uncertainty and provides focus. This can help an employee get back on track or provide the impetus to match a culture of compliance.

One of the significant factors for each of these four mechanisms is that they do not require a substantial investment or enormous efforts. It does require leadership to be open to empowering employees. The authors conclude that these four mechanisms must be used in conjunction as each one reinforces the other. But the results can be very helpful in moving your company forward. In the 2012 economic climate putting such building blocks in place can be a powerful tool for your compliance efforts going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

January 11, 2012

Compliance Due Diligence Checks – The Reference Interview

A compliance evaluation is becoming a more common component of the employee selection and hiring process. Many companies now specifically include background checks (or due diligence in compliance parlance) when hiring senior managers or others who will hold high levels of authority for a company. Many practitioners feel that a reference is not of value because prospective candidates will only list references who they believe will provide glowing recommendations of character. This leads to a pro forma reference check. However, in an article in the January-February issue of the Harvard Business Review, entitled, “Gilt Groupe’s CEO on Building a Team of A Players” author Kevin Ryan explodes this misconception by detailing how he views the entire hiring process and specifically checking references.

In the hiring of personnel, Ryan details the three steps his company takes: (1) Resume review; (2) In-Person interview; and (3) Reference checks. Ryan believes that resumes are good for establishing “basic qualifications for the job, but not for much else.” He believes that the primary problem with in-person interviews is that they are skewed in favor of “persons who are well spoken [or] present well.” For Ryan, the key check is through references and he says that “References are really the only way to learn these things?”

Ryan recognizes that many people believe that reference checks are not of great value because companies cannot or will not give out much more information than confirming dates of employment. However, he also believes that “the way around it is to dig up people who will speak candidly.” He also recognizes that if you only speak to the references listed on a resume or other application, you may not receive the most robust appraisal. Ryan responds that the answer is to put in the work to check out references properly. Ryan believes this is one of the key strengths of search firms and that companies should emulate this practice when it comes to reference checks.

He notes that anyone who has worked in an industry for any significant length of time will have made many connections. Invariably some of these connections will be acquainted with you or those in your current, and former, company. Ryan gave the following example: A longtime friend who was employed at another company called and said that he had been asked by his hiring partner to find out “the real story” on a hiring candidate by asking Ryan his candid opinion of the candidate. Ryan’s response was “Don’t hire him.” Lest you think that such refreshing honesty no longer exists when informal employment references are provided, you are mistaken. In my past corporate position, I was charged in performing compliance due diligence on senior executives and I spent time doing what Ryan suggested, calling acquaintances that I knew and asking such direct questions. More than 75% of the time, I got direct responses.

Ryan believes that you must invest your company in the hiring process to get the right people for your company. The same is true in compliance. You do not want people with a propensity for engaging in corrupt acts working for, or leading, your company. As far back as Opinion Release 04-02 the Department of Justice (DOJ) realized this was an important part of an overall compliance program when it approved a proposed compliance program which had the following requirement:

Clearly articulated procedures which ensure that discretionary authority is not delegated to persons who the company knows have a propensity to engage in illegal or improper activities.

So give the reference check some respect, for if you respect it, it can be a valuable and useful tool for you and your compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

December 6, 2011

The Visible Hand: A New Compliance Model

In an article in the December issue of the Harvard Business Review, entitled “First Let’s Fire All the Managers”, author Gary Hamel writes about the concept that “Management is the least efficient activity in your organization.” He articulated that this inefficiency is derived from a top-heavy management model that many companies employ, “that is both cumbersome and costly.” While his article is focused on a supplier business I found some of his concepts could lead to a more robust, dynamic and agile compliance program.

Hamel described one of the functions of managers is to “amalgamate thousands of disparate contributions into a single product or service.” This effect was termed by business historian, Alfred Chandler Jr. as the “visible hand.” But Hamel posed the question, “Wouldn’t it be great if we could get the freedom and flexibility of an open market with the control and flexibility of tightly knit hierarchy?”

For a compliance program, this sounded like an excellent goal. Your company guide drives down the compliance function into the DNA of the business so that all employees are thinking about how to do business in a compliant manner, just as they think about performing an activity in the safest way possible. Put another way, if safety is job criteria No. 1, what can you do to make compliance, job criteria No. 1A? Hamel’s article is a jumping off point for that guidance.

Initially a company must recognize that a top down philosophy in compliance is not consistent with such self-management. A Compliance Department can certainly have a highly valuable function in a more self-managed company compliance program. But a company must trust that its employees will conduct business in a manner which satisfies an anti-corruption and anti-bribery program, whether such program is based upon the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-corruption and anti-bribery regime. Hamel identifies four steps in the “road to self-management” all of which apply to such a companywide system for compliance.

Personal Mission

Everyone should write down, such as in their annual personal employment goals, the answer to the following or similar question, “What is the compliance and ethics value that you want to create for your peers?” This is designed to challenge employees to “focus on benefits delivered rather than activities performed?” This does not need to be a lengthy thesis. Hamel believes that a few sentences should cover it. This statement should be critiqued by a peer group and used as a touchstone for movement towards “peer negotiated accountability.”

Expand Employee Autonomy

A company should look for small ways to expand employee autonomy in the compliance area. This does not mean a complete abdication of the role of the Compliance Department but it does mean a “notch-by-notch” transfer of authority to persons in the field. This will probably require close monitoring initially, and certainly the Compliance Department will need to be a resource to the business units. However, such transfer can have a powerful effect. I would temper this with the Ronald Reagan admonition to “Trust but verify”.

Financial Impact

Here Hamel suggests that employee’s should be able to calculate the financial impact of their decisions. This means the costs savings that are derived by having business unit employees participate in the compliance function. An initial calculation should be made on third party representatives. Does your company really need all of the sales agents it currently uses? Is there overlap or duplication in the Supply Chain? The answers to these questions can go a long way towards reducing overall compliance risk and adding points to the bottom line. Further, properly trained, a business unit employee can perform some of the underlying due diligence investigation work for any third party business representative. The self-management of the business unit to fulfill these functions can drive down the overall cost of compliance.

Democratize the Process

This final step involves the commitment of managers to those whom they lead. All managers must enumerate their pledges to the business unit employees. Employees who are managed should have input into these commitments but it is imperative that managers must be accountable.

A company, and indeed an industry, can change its DNA. I defended companies in the oilfield service industry and chemical plant industry for over 20 years. In the late 1980s and early 1990s the death and personal injury rate in both of these industries was significantly higher than it is now. However, due to increased government regulation and increased costs in the form of insurance rates and lawsuit awards sometime in the late 1990s this began to change. The death and personal injury rate is lower now than it was 15 years ago.

While it should be recognized that this model may not be the right model for all companies and the learning curve may be steep, Hamel’s article provides an example for companies to consider about how to burn compliance into the DNA of a company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

November 8, 2011

Jeannette Rankin, Infosys, Ethics and Compliance

Who was Jeannette Rankin and why do we celebrate her today in the context of ethics and compliance? She was the first female to be elected to Congress, as a Representative from Montana in the 1916 elections. In 1917 she was one of 50 votes opposing America’s entrance into World War I. She had the courage to vote with the conviction of her conscience. Her reason for opposing entry into the War, how could Congress support a war to “make the world safe for democracy” yet still refuse “the small measure of democracy to the women of our country” by denying them the right to vote? Vilified after this vote, she was not returned to Congress in the next election.

History is filled with ironies and in one of the most ironic twists that could be imagined, Jeannette Rankin was returned to Congress from Montana in 1940. In 1941 she was the sole vote, of 389, against America entering World War II against Japan, declaring “As a woman, I can’t go to war and I refuse to send anyone else.” As noted in the November 2011 issue of the ABA Journal, “She told her constituents, that she’d voted her convictions.”

I thought about Jeannette Rankin’s story as I was reading an article in the November issue of the Harvard Business Review (HBR), entitled “Why Don’t We Try To Be India’s Most Respected Company?” which was an interview by HBR’s Anand Raman with N. R. Narayana Murthy who was a founder of the Indian company Infosys and its most recent Chairman of the Board. I often write about “Tone at the Top”, noting that not only does the US Department of Justice (DOJ) mandate it as one of the requirements for a best practices compliance program, but in reality it is the only way to set the tone for a corporation’s ethics and compliance program.

Murthy said that he was one of the original founders of Infosys and his vision of the company included the question “Why don’t we aim to be India’s most respected company?” To obtain the respect of governments, this meant to “never violate any laws”. To help to achieve this goal, the founders agreed to create a “values-based organization.” Murthy said that he believed that business would come if the company was respected.

He said that while it took some time for this ethical corporate reputation to take hold, eventually it did. One of the results was that corrupt government officials stopped asking the company for ‘favors’. This ethical reputation also led to the generation of greater and greater business because “our clients entrusted us with increasingly bigger projects.” He said that “you have to learn to stand by your principles; it’s wrong to believe that you have to bribe your way to success.”

Murthy said that Infosys managers are expected to lead by example, explaining that “Leaders have to be careful not to create dissonance between what they say and do.” One example he discussed was the consistency of discipline. He cited the examples of board members, who paid “heavy fines for what could be considered minor infractions.” Murthy believes that “Setting an example at the top is the best way to instill confidence throughout the company.”

So what do Jeannette Rankin’s two votes against America entering two World Wars have to do with Murthy’s interview? They both laid down their beliefs in the most transparent manner possible. I wondered what would be the effect if a US company Chief Executive Officer gave such an interview. Even if his or her company was a values-based organization, would they have the courage of their conviction to speak about it in such an open manner? (We will leave aside the question of whether the Law Department would allow them to do so.) Nevertheless imagine the effect it would have on employees and the commitment to doing business in an ethical manner if they did so.

————————————————————————————————–

This Week in FCPA, Episode 22 is up. Howard Sklar and I debate of the use of DPAs in the UK;  Freeport-McMoRan, United Steelworkers, and paying for police protection; Embraer; Tognum resignation; Dadeleh; Allianz;  plus a Breakout on Training.

———————————————————————————————–This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

October 21, 2011

Around the World for Your Compliance Program

In the October issue of the Harvard Business Journal, in an article entitled “How ‘Mystery Shopping’ Helped Spark a Turnaround”, Office Depot’s President Kevin Miller wrote about his experiences as a ‘mystery shopper’. He began this tour to determine if the high customer satisfaction scores the Office Depot was achieving were correct. To do so Miller toured 70 Office Depot stores in over 15 states as a ‘mystery shopper’. It turned out that customers did have high satisfaction over the products and services that they were asked to rate, however, this high satisfaction did not drive sales. It turned out that Office Depot was measuring the wrong things. Miller then began to assess what customers needed and turned that information into sales.

The recent Watts Water Technologies settlement with the Securities and Exchange Commission (SEC) regarding internal controls violation of the Foreign Corrupt Practices Act (FCPA) of a subsidiary in China was a reaction to the background facts. One of the things that struck me was how the allegations of FCPA violations initially came to the attention of the General Counsel during the course of FCPA training for senior members of the Chinese subsidiary. Watts’ “corporate counsel became aware of potential FCPA violations at [the Chinese subsidiary] through conversations with…sales personnel who were participating in the training.” This point reinforced to me one of the most important things that a compliance practitioner can do, which is get out into the field.

I have often heard my colleague Mary Shaddock Jones, former Assistant General Counsel and Director of Compliance for Global Industries (GI), speak about her experiences in traveling across the world to train the third party business representatives of GI. She often talks about the personal relationships she was able to build with both the people and companies because she took the time, effort and money to come to their area of the world and put on training. But she also speaks of the questions, observations and ideas that these parties would give to her. It also allowed her to have an ‘ear on the ground’ as a front line member of GI’s compliance department.

The same holds true for employees who receive compliance training. When I was in the Halliburton Legal Department, one of my assignments was to travel overseas to put on contract training. At every training session, which was announced well in advance, employees would bring to me questions, comments or concerns that they had been saving up and did not ask over the phone or via email, for whatever reason. Such queries might be asked over lunch, dinner, or some other more relaxed social setting before or after the formal training. This taught, and continues to drive home to, me that lawyers and compliance department members need to get out of the office and out into the field.

While web-based compliance training certainly has its function in a multi-national corporation with thousands of employees, it cannot and does not take the place of live, in-person training. The Legal Department of Watts Water Technologies learned the value of this lesson first hand. If certain of the employees who received the compliance training had not spoken to the Legal representative of their concerns, the company might not have started down the path which led to a civil penalty only for FCPA violations.

Near the end of his article, the President of Office Depot stated, “I still try to visit stores as frequently as possible. It’s really the only way to know how your business is doing.” The same is true for the Compliance Department. You can take all the metrics you like, but you have to get out into the field to understand what is truly going on in your company. You need not traverse the world in 80 days but you do need to get out and meet folks. An additional point might be [with apologies to Tip O’Neill] “All compliance is (mostly) local.”

————————————————————————————————–

I have been honored to be nominated as one of the Top 25 Business Blogs of 2011 by LexisNexis. If you would like to support my nomination, please comment on the announcement post on our Corporate & Securities Community

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

September 27, 2011

Lean Knowledge Principles: Application to the Compliance Program

In the October 2011 issue of Harvard Business Review is an article, entitled “Lean Knowledge Work”, where authors Bradley Staats and David Upton explore the issue of whether the lean knowledge principles derived from the Toyota Production System can be applied to knowledge work. While there is no one definition of ‘lean’ it has generally included “numerous approaches to improving operations, all based upon the same principles; relentless attention to detail, commitment to data-driven experimentation and charging workers with the ongoing task of increasing efficiency and eliminating waste in their jobs.”

The authors began by noting that most people in the business world believe that ‘knowledge’ based work does not lend itself to lean principles. The reason for this is that knowledge based work is not repetitive based and cannot be repetitively defined. The use of a knowledge based decision making calculus involves use of expertise and judgment, which as the authors put it, is “locked inside the worker’s head.” However, the authors posit that much knowledge based “can be articulated”. Moreover, many knowledge based activities have nothing to do with applying judgment but “can be streamlined to continually find and root out waste.” From my own corporate experience, such knowledge should be captured in a Knowledge Management (KM) system or the company risks losing such knowledge when senior employees retire or move on to other assignments. Under KM a base of knowledge should be available to a wide number of employees to draw upon and not be limited to being inside the head of a limited number of employees.

The authors draw upon six principles to make knowledge based organizations lean.  They are:

1.      Eliminate Waste

The authors point to several ‘wastes’ which are endemic to a knowledge based organization and can ‘eat up huge amounts of time.” These include printing documents, requesting information need to make decisions, setting up meetings and other routine administrative tasks. While recognizing that most employees in corporate America today do not have any administrative support to handle such tasks, the authors suggest that employees not focus simply on eliminating large, obvious forms of waste but focus on small waste which they termed “nickels [of waste] that no one has bothered to pick up.”

2.      Specify the Work

My corporate experience in a legal department is that very little knowledge is written down. Usually there is no attempt at anything resembling KM. However, the authors suggest that employees start with the repeatable parts of a process and codify them. You do not have to specify everything, but certain parts of a process could be specified and made available for others to learn from or draw upon in future work or transaction

 3.      Specify How Workers Should Communicate With One Another

The authors note that in a knowledge based system, ‘many problems are too big or too complex for one person to tackle” so that organizations may use teams to perform  knowledge based work. This can also be true in the compliance context where the Compliance Department may work with a Legal Department, an internal Compliance Champion, or external third parties going through a vetting process or others. When multiple parties are involved it is imperative that good communications be carried out throughout the entire process involved. The authors suggest three guidelines: (1) Define who should be communicating, how often and what should be communicated; (2) Create a shared understating of what is being communicated; and (3) Resolve any disagreements with facts, not opinions.

4.      Address Any Problems Which Arise Quickly and Directly

The authors advocate that if a problem crops up, it should be resolved by the employee who created it. This is because that person usually has a quicker and more expeditious solution. If such a person cannot do so, a team member should work on it or at least participate in the resolution. This would also hold true for the location where any problem arises. It should be resolved in that location. Lastly, do not let problems fester and grow. They should be resolved as soon as possible as they arise.

5.      Plan for an Incremental Journey

The authors suggest that you start small on your journey to lean; as you probably will not get it right the first time. Further you should write down your lessons learned in the process so you will have a record of what worked and what did not work so that at least you will not have to redo that part of the process. Moreover, the lean process implementation is not one set in stone. Be nimble and agile so that you can respond to opportunities to improve the process as they arise. Also remember that not every lean approach works for every knowledge based task or system. Lean focuses on the more repetitive work so spend your time and efforts there.

6.      Engage Your Managers

The authors believe that lean principles result from “bottom up improvement’. However, middle managers should be engaged with their teams, both through education on its benefits and with support throughout the project. Additionally and not surprisingly, senior managers must be long term champions for any such change. For employees to take innovation seriously, senior management must actively support the process. Such a sea-change will require man-power investment, training and monetary investment all of which senior management must actively support. There must be a clear, long term commitment from such senior management to the project.

This article presents a new way for many in a Compliance or Legal Department to think through the challenges of a compliance program, whether based on the Foreign Corrupt Practices Act (FCPA), the UK Bribery Act or both. I continually press that the top priority of a compliance program is to “document, document, document” all the while understanding that a compliance program is very much process driven. The lean approach can be used in many of the process steps where documentation is the key. The discretion and expertise brought to bear in compliance programs can then be overlaid on this system. In today’s economic reality, this approach can help a corporate compliance department deliver a more robust, yet more economical compliance product.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

« Previous PageNext Page »

Blog at WordPress.com.