FCPA Compliance and Ethics Blog

June 19, 2015

Tribute to John David Crow and an Innovation Strategy for Your Compliance Program

John David CrowJohn David Crow died Wednesday. Until Johnny Football, he was the only football player from Texas A&M University to win the Heisman Trophy. He played under the legendary Paul ‘Bear’ Bryant at A&M and for all of Bryant’s success, Crow was the his only player to win the award given annually to the nation’s best collegiate football player. Crow had a productive professional football career making the Pro-Bowl four times. He was also the Athletic Director at A&M from 1989 to 1993. So here’s to John David Crow, one of the Junction Boys and one of the greatest players in the history of Texas A&M. Finally, let me say something I almost never say, Gig ‘Em, John David.

I thought about John David Crow and his legacy of greatness when I read an article in the June issue of the Harvard Business Review (HBR), entitled “You Need an Innovation Strategy”, by Gary P. Pisano. While Pisano’s article dealt more generally with innovation in marketing, I found it highly relevant for the Chief Compliance Officer (CCO) or compliance practitioner, particularly in the context a Foreign Corrupt Practices Act (FCPA) compliance program. Earlier this week, the Department of Justice (DOJ) announced the resolution of a FCPA investigation involving IAP Worldwide Services, Inc. (IAP) via a Non-Prosecution Agreement (NPA). In the NPA, the company committed to implementing and enhancing a best practices FCPA compliance program. Listed at element 18 of its compliance program is the following: “The Company will conduct periodic reviews and testing of its anti-corruption compliance code, policies, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, policies, and procedures, taking into account relevant developments in the field and evolving international and industry standards.”[Emphasis supplied]

This means that the DOJ expects innovation in your compliance program to keep up with evolving international and industry standards. This requires you to implement an innovation strategy. While Pisano’s article does not specifically focus on compliance, I found that its concepts would help a CCO or compliance practitioner sustain the mandate for innovation in a compliance regime. Pisano’s article begins by stating the problem that many companies face is that “innovation remains a frustrating pursuit.” While acknowledging that failure to execute is an issue, Pisano believes the issue is deeper than simply a failure to execute, he believes there is a “lack of an innovation strategy.”

I found some of his basic definitions most useful for the compliance practitioner to think through innovation in the compliance function. Pisano wrote, “A strategy is nothing more than a commitment to a set of coherent, mutually reinforcing policies or behaviors aimed at achieving a specific competitive goal. Good strategies promote alignment among diverse groups within an organization, clarify objectives and priorities, and help focus efforts around them. Companies regularly define their overall business strategy (their scope and positioning) and specify how various functions – such as marketing, operations, finance, and R&D – will support it. But during my more than two decades studying and consulting for companies in a broad range of industries, I have found that firms rarely articulate strategies to align their innovation efforts with their business strategies.”

The key to success is something that every CCO or compliance practitioner should take to heart. Paraphrasing Pisano for the compliance practitioner is that the compliance function “should articulate an innovation strategy that stipulates how their [compliance] innovation efforts will support the overall business strategy.” Moreover, “creating an innovation strategy involves determining how innovation will create value for customers [of compliance, i.e. Employees], how the company will capture that [compliance] value, and which types of [compliance] innovation to pursue.”

Pisano posed several questions around this key area of connecting innovation to strategy. Initially he asked, “How will innovation create value for potential customers?” In my formula, customers become employees or others who will make use of your compliance innovation going forward. Here you should focus on the benefit for your end-using customer. Your innovation can make compliance faster, easier, quicker, more nimble and so on. But focus on that creation of value going forward. Pisano’s next question was “How will the company capture a shore of the value its innovations generate?” He suggests companies think through how to “keep their own position in the [compliance] ecosystem strong” through innovation. Pisano next asked, “What types of innovation will allow the company to create and capture value, and what resources should each type receive?” Here Pisano notes two major forms of innovation equally applicable to the CCO or compliance practitioner. They are a change in technology and a change in a business process. Both are equally valid.

Another problem that Pisano addresses is termed “overcoming prevailing winds” and this means that innovation can be driven downward or backward if there is not sufficient management support. This means not only must there be sufficient resource allocations but management must also incentivize the business units to proceed with implementing the innovations, particularly “when an organization needs to change its prevailing patterns.”

Another area Pisano addresses is “managing trade-offs” because it is inherent in any innovation strategy that there will be trade-offs. Here he terms the two key differences as “supply-push” and “demand-pull”. The supply-push approach comes when your innovation is focused on something that does not yet exist, for example if you are initially implementing a FCPA compliance regime. The demand-pull approach works more closely with your existing customer base to determine what they might need and work to implement innovation around those needs.

Interestingly Pisano ends his article with a discussion about “the leadership challenge”. I say interestingly because I would have thought that was required up front as it is the function of senior management to create the capacity for innovation in the first instance. Pisano writes, “There are four essential tasks in creating and implementing an innovation strategy.” Task 1 is to “answer the question “How are we expecting innovation to create value for customers and for our company?” and then explain that to the organization.” Task 2 “is to create a high-level plan for allocating resources to the different kinds of innovation.” Task 3 is “to manage trade-offs. Because every function will naturally want to serve its own interests, only senior leaders can make the choices that are best for the whole company.” Finally, task 4 dovetails with what almost every DOJ/SEC speaker I have ever heard say when they talk about the basics of any best practices compliance program. It is that “innovation strategies must evolve. Any strategy represents a hypothesis that is tested against the unfolding realities of markets, technologies, regulations, and competitors. Just as product designs must evolve to stay competitive, so too must innovation strategies. Like the process of innovation itself, an innovation strategy involves continual experimentation, learning, and adaptation.”

Pisano’s article provides the CCO or compliance practitioner with a framework to think through to help bring the innovation to a compliance program. I would have put leadership first, both in the compliance department and at senior management level. But however you go about it, you must recognize that your compliance program will have to evolve. That is one of the key differences between those who advocate static compliance standards embodied in a written compliance program and those who advocate that it is Doing Compliance that creates an active, vibrant and effect compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

December 4, 2014

Sherlock Holmes and Innovation in the Compliance Function – Part IV, The Valley of Fear

Valley of FearToday I conclude my dual-themed week of blog posts featuring Conan Doyle’s four Sherlock Holmes novels and innovation in the compliance function. As the compliance profession matures and we move into what I call the era of CCO 2.0. Today we celebrate Doyle’s final novel, The Valley of Fear. This novel was written in 1914 and serialized in the Strand Magazine between 1914 1915. It was notable for two reasons. The first that it was at least inspired by events in America involving the Molly Maguires, the Pinkerton Agency and its undercover agent James McParland.

In this story, Holmes decodes a cipher from Professor Moriarty’s organization for a person named Douglas in Birlstone. It is discovered that there is a corpse who was an assassin sent to kill Mr. Douglas. Douglas literally blew the head off of his American assassin and dressed the body as himself. Holmes intoned that a dumb-bell weighed down the killer’s clothes in a moat. The assassin left a calling card, monikerred VV341, which was a code for the Vermissa Valley Lodge 341. This was a reference to undercover work that Douglas did years before for the Pinkerton Agency when he went undercover, first with Freemen in Chicago, then west to a desolate mountain coal mine area, to take down corrupt murderers who ran the Valley Freemen Lodge. Years later the US criminals enlisted Professor Moriarty to find Douglas. Holmes warns Douglas to flee England. The second item of interest is that Moriarty prevails as the story ends with Mrs. Douglas wiring Holmes that her husband was lost overboard on his way to South Africa.

I thought about this final Holmes novel, with its multi-continent settings, when I read another article on innovation in the December issue of the Harvard Business Review (HBR), entitled “Managing Yourself Getting Virtual Teams Right”, by Keith Ferrazzi. As any compliance function will have a truly global reach and most likely a number of personnel in cities across the globe, virtual compliance teams are almost a given. The author states, “The appeal of forming virtual teams is clear. Employees can manage their work and personal lives more flexibly, and they have the opportunity to interact with colleagues around the world. Companies can use the best and lowest-cost global talent and significantly reduce their real estate costs.” But in the compliance arena this may go past a simple appeal and become a true need. This means that mastering this most valuable and necessary tool is a skill that any Chief Compliance Officer (CCO) or compliance practitioner will need to become proficient in using.

While this skill may seem straightforward or even intuitive, the author believes that efficient use of virtual teams can greatly increase productivity. He believes that “there are four must-haves: the right team, the right leadership, the right touchpoints, and the right technology. By following simple high-return practices for each, managers can maximize the productivity of teams they must lead virtually.” 

The Right Team

The author believes that your team composition is your beginning point. He says you need to consider the right people, the right size and the right roles. This means that the virtual team members have the appropriate set of abilities, such as “good communication skills, high emotional intelligence, an ability to work independently, and the resilience to recover from the snafus that inevitably arise. Awareness of and sensitivity to other cultures is also important in global groups.” He believes this equates to a team that is no larger than 10 people. For roles the author suggests an approach which “defines three tiers of team members: core, operational, and outer. The core consists of executives responsible for strategy. The operational group leads and makes decisions about day-to-day work but doesn’t tackle the larger issues handled by the core. And the outer network consists of temporary or part-time members who are brought in for a particular stage of the project because of their specialized expertise.” 

The Right Leadership

Here the author cites to key behaviors that are critical in virtual teams. The first is trust. He said you should provide the opportunity for the team members to get to know each other as people, if only through the virtual format. Once trust is established the next step is foster open dialogue or what he calls “Observable candor” because without frankness among the team it will not succeed. Finally, it is important to clarify goals and guidelines or “the importance of establishing a common purpose or vision, while also framing the work in terms of team members’ individual needs and ambitions. Explain to everyone why you are coming together and what benefits will result, and then keep reiterating the message.”

The Right Touchpoints

The author believes that even virtual teams will need to come together at certain key points. He identifies three: kickoff; onboarding and milestones. Getting together at kickoff will allow everyone to put a face with a name and will help to set “expectations for trust and candor, and clarifying team goals and behavioral guidelines. Eye contact and body language help to kindle personal connections and the “swift trust” that allows a group of strangers to work together before long-term bonds develop.” Onboarding is when you bring a new person onto the virtual team and Ferrazzi explains that it can be intimidating to come on board a team after it is up and running. He suggests bringing a new person to the corporate office and welcome them in person. Finally, Ferrazzi says that even the most dedicated teams can lose momentum as team members begin to feel disconnected. To counter-act this, he suggests bringing the full team together at certain intervals.

The Right Technology

Ferrazzi believes that even the best virtual teams “can be felled by poor technology.” He identifies conference calling, direct calling and text messaging and virtual team rooms all which can make the virtual team experience “open and searchable, making it easy for existing teams to find subject-matter experts or review their own work and for ad hoc teams to form around business-related passions.” Ferrazzi cited to one example where, when data on employee resource use was made available, “a few interested parties self-organized into a virtual project team to create a system that documents individuals’ cost savings over time. As people began to compete for the biggest savings, the company benefited.”

The earliest virtual teams were formed to facilitate innovation among top experts around the world who didn’t have time to travel. However in today’s corporate environment, teams of physically dispersed employees are more often just a necessity of doing business. The compliance function will almost always be dispersed across a wide multi-national area. Some of the tips presented herein can help you run a more efficient organization while allowing greater flexibility going forward.

This post will conclude this week’s Sherlock Holmes-Innovation in the compliance function series. I hope that you have enjoyed it and benefited from it as well. As we move to CCO 2.0, many of these soft skills will become more and more important in the doing of compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 3, 2014

Sherlock Holmes and Innovation in the Compliance Function, Part III – The Hound of the Baskervilles

Hound of the BaskervillesToday we honor Conan Doyle’s third Sherlock Homes novel, The Hound of the Baskervilles. The novel, originally serialized in The Strand from 1901 to 1902, is generally recognized by Sherlockians as the premier Doyle work regarding his fictional detective. Interestingly, Bertram Fletcher Robinson, a 30-year-old journalist, assisted Doyle with the plot for this novel.

Doyle’s idea for the story derived from the legend of Richard Cabell, which was a tale of a hellish hound and a cursed country squire. Squire Cabell was a hunting man and who was described as a “monstrously evil man”. He had a reputation “for, amongst other things, immorality and having sold his soul to the Devil. He was also alleged to have murdered his wife. As the story goes, Cabell was laid to rest in ‘the sepulchre’, but night of his interment saw a phantom pack of hounds come baying across the moor to howl at his tomb. From that night onwards, he could be found leading the phantom pack across the moor, usually on the anniversary of his death. If the pack were not out hunting, they could be found ranging around his grave howling and shrieking. In an attempt to lay the soul to rest, the villagers built a large building around the tomb, and to be doubly sure a huge slab was placed. To add good measure, the folklore of the county where the tale occurs, Devon, includes tales of a fearsome supernatural dog known as the Yeth hound.”

The Hound of the Baskervilles was a tale that appeared to have supernatural implications. Yet, upon closer examination, a more temporal solution was determined. I thought of this novel when reading the article entitled “Build an Innovation Engine in 90 Days” by Scott D. Anthony, David S. Duncan and Pontus M. A. Siren in the December 2014 issue of the Harvard Business Review (HBR). I found their insights quite useful for the Chief Compliance Officer (CCO) or compliance practitioner who might be faced with implementing or enhancing a compliance solution for an organization as the authors’ insights could also be used to help a CCO or compliance practitioner move a compliance function down into the DNA of an organization to make compliance a more standard process for doing everyday commercial operations.

The authors recognize that innovative ideas get brought to the marketplace often through “individual heroism and a heavy dose of serendipity” but companies need a mechanism to “make the process more reliable and repeatable without making major organizational changes.” To do so, they suggested a solution they call the “minimum viable innovation system” which can bring an innovation to fruition within 90 days. I have adapted their system for the compliance function.

Day 1 To 30 – Define Your Innovation Buckets

Initially the authors note that innovations can either be inward or outward facing. “In one are innovations that extend today’s business, either by enhancing existing offerings or by improving internal operations. In the other are innovations that generate new growth by reaching new customer segments or new markets, often through new business models.” This is also true in the compliance function as your compliance program relates to your own internal clients, customers and your third parties. It all begins with two steps (1) Determine between compliance goals and current operations; and (2) determine broad categories of compliance solutions which could fill that gap. If your gap is large, you might sub-divide your compliance efforts so that “you can map them to different directions for future [compliance] growth.” Per the authors recommendations you probably should not take on more than three as an initial effort.

Day 20 To 50 – Zero in on a Few Strategic Opportunity Areas

In this time frame, the authors believe that you meet with your customer base to “probe unmet needs”. As one class of your compliance customers will be your internal employee base, you can use a wide number of mechanisms to accomplish this, including town meetings, compliance focus groups or meetings with individual employees. You should also look outside your company by engaging in benchmarking through investigation on new developments in your industry and in the compliance space. This is also a time when you can best use big data through an appropriate data analytic approach to spots trends in your organization that might present opportunities for compliance innovation.

You should synthesize this down and the authors recommend the following, “lock the members of the senior leadership team in a room for an afternoon, share the findings, and instruct them not to leave until they have identified three strategic opportunity areas that each combine the following”: (1) A compliance function that no one is addressing very well; (2) Enable a technological solution that will enable your business unit to perform a compliance function much more easily, cheaply, or conveniently, or a change in the compliance landscape that is greatly intensifying the need for that job; and (3) Incorporate some special capability of your company that will give you an advantage in seizing this compliance opportunity.

Day 20 To 70 – Form a Small Dedicated Team to Develop the Innovations

Here the authors suggest three steps. First, dedicate a handful of the company to developing the compliance innovations. Second, work with the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) to eliminate “zombie” compliance projects. Third is to develop a process checklist.

Everyone in a corporation has a day job. This is particularly true for a CCO or compliance practitioner. While there is no need for your compliance innovation team to be particularly large, the authors suggest that it have the capability “to handle at least two ideas once, since there will be inevitable course corrections and failure.” The authors define zombie projects as “walking undead that shuffle along slowly but aren’t headed anywhere.” Their reference hails to both the elimination of the AMC show The Walking Dead and the zombie banks from the Japanese financial crisis of the 1990s. The reference to the AMC television offering is that these projects are dead on arrival for a variety of reasons. The reference to the Japanese financial crisis is that because as long as these zombie projects exist, they will consume compliance innovation resources. Here the authors suggest identifying and deleting projects that hare neither core nor strategic.

Developing a checklist is a critical process step because it requires you to create a protocol to make sure you do not omit any critical step throughout the process. In order to develop this checklist, the authors suggest asking the following questions. (1) Is your compliance innovation team “spearheaded by a small, focused team of people who have relevant experience or are prepared to learn as they go?” (2) Has your compliance innovation team spent enough time directly with your business function to develop an understanding of what they can use going forward? (3) Was appropriate benchmarking performed? (4) Has your compliance innovation team defined the internal customer(s) and paths for reaching others? (5) Is your compliance innovation team’s idea “consistent with a strategic opportunity area in which the company has a compelling advantage?” (6) Does your compliance innovation team have a plan for testing? Does each test have a clear objective, a hypothesis, specific predictions, and a tactical execution plan?

Day 45 To 90 – Create a Mechanism to Shepherd Projects

During this time frame, the authors suggest two major goals for oversight. First is that the CCO needs to select and train compliance leaders to oversee the innovation team and to establish oversight rules. The group of compliance leaders who will have the autonomy to make decisions about starting, stopping, or redirecting compliance innovation projects. You should take care not to simply replicate the current executive committee, because if you do, it will be too easy for group members to default to their corporate-planning mindset or to let day-to-day business creep into discussions about compliance innovations meant to fulfill long-term goals.

The authors turned to the world of Venture Capital (VC) funding to help this group work on compliance initiatives. (1) There can be disagreement about which projects to move forward, your committee does not require unanimity. (2) The group should set a threshold monetary level that the project team(s) can spend without having to come back for every funding request. (3) Your compliance innovation projects should not be locked into a 3/6 month or other budget cycles. It may take time but when the time for review or a GO/NO GO decision to be made the oversight team needs to be ready to convene and make a decision. From this point you should be ready to pressure test your compliance innovation.

The authors’ formulation is an excellent way for a CCO or compliance practitioner to think through the process to design and create innovation in your compliance function. Just as Holmes methodically worked through the clues in front of him (and some behind him) in the The Hound of the Baskervilles you can use this protocol to assist you moving forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014





November 25, 2014

How to Avoid a Mousetrap – Resource Reductions in Your Compliance Function

The MousetrapOn this day, 62 years ago, “The Mousetrap”, a murder-mystery written by Agatha Christie, opened at the Ambassadors Theatre in London. The crowd-pleasing whodunit has become the longest continuously running play in history, with more than 10 million people attending its more than 20,000 performances. The play opened with Sir Richard Attenborough and his wife, Sheila Sim, in the cast. To date, more than 300 actors and actresses have appeared in the roles of the eight characters. David Raven, who played “Major Metcalf” for 4,575 performances, is in the “Guinness Book of World Records” as the world’s most durable actor, while Nancy Seabrooke is noted as the world’s most patient understudy for 6,240 performances, or 15 years, as the substitute for “Mrs. Boyle.” The play is still going strong in London’s West End and at theaters across the world today.

The Mousetrap has survived the vicissitudes of one of the most fickle phenomenons known, the theater going public. Unfortunately, not all businesses can make the same claim to longevity, either in revenue sourcing or spending. For instance the energy industry is now facing a future with the price of oil at something currently around $80 per barrel. This has already led to proposed contraction in the energy services industry with the number 2 company, Halliburton Energy Services, buying the number 3 company, Baker Hughes. Halliburton has already announced they hope to achieve financial benefits through elimination of redundancies in the combined organizations.

Given this new thread of economics going through the energy industry, I wondered what it might all mean for a company’s compliance function? I thought about this question when I read a recent article in the Harvard Business Review (HBR), entitled “How Not to Cut Health Care Costs”, by Robert S. Kaplan and Derek A. Haas. Their article posited that many “cost-cutting initiatives actually lead to higher costs and lower-quality care.” This is because “Administrators typically look to reduce line-item expenses and increase the volume of patients seen.” But the authors opine that this is not the best way to cut costs or even deliver a superior health care service. They advocate, “Administrators, in collaboration with clinicians, should examine all the costs incurred over the care cycle for a medical condition. This will uncover multiple opportunities to benchmark, improve, and standardize processes in way that lower total costs and delver better care.”

Just as health care providers deliver services, so do compliance practitioners. This led me to view their article with the angle of a Chief Compliance Officer (CCO) or compliance practitioner that has been told to cut head count or resources. First, and foremost, is to keep in mind the direction provided in the FCPA Guidance, which is well thought out and considered, and will be viewed with a better eye by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) if they take a look at your compliance program after it has been cut. And, as with everything else that is Foreign Corrupt Practices Act (FCPA), UK Bribery Act or any other anti-corruption compliance program related, you must remember the most important aspect, that being Document, Document, and Document. Whatever you do, you should document that you have studied it, considered it and then articulated a reason for taking the steps you decided upon. This means you should take the authors advice and not simply reduce “line-item expenses on their P&L statements” but you should “consider the best mix of resources needed to deliver excellent [compliance] outcomes in an efficient manner.” To do so, the authors examine five cost cutting mistakes, which I will adapt for the compliance practitioner.

Mistake #1 – Cutting Back on Support Staff

Just as in the medical services-delivery world, the compliance arena support staff are a key component of a compliance program’s efficiency. Cutting such functions requires CCOs or others to spend more time on administrative matters and less on actually doing compliance. This can be up to ten times more costly for more senior compliance managers to perform such tasks than properly trained, efficient administrative staff. Arbitrary constraints or cuts in personnel spending, uninformed by the need to deliver high quality compliance outcomes can not only lead to a diminution in the compliance product but very dissatisfied internal compliance consumers.

Mistake #2 – Underinvestiging in Space and Equipment

While this is perhaps more self-evident in the health care services industry, I would argue that it applies to technology in the compliance arena. Underinvesting in technology can lead to a lowering of productivity for a company’s most expensive compliance resource; its compliance group. Further, once technology has been used in one area, the marginal cost to utilize it in a second area is often much lower than the initial cost. A case in point is translation services to translate your Code of Conduct, compliance policy and procedures into languages other than English. After the initial cost, the marginal cost for each update you make is considerably lower. Moreover, the authors point to the “folly of attempting to cut costs by holding down spending in isolated categories. More often than not, much higher costs soon show up in another category.” The key is to measure the costs of all resources used by the compliance function so that the appropriate trade-offs can be made. 

Mistake #3 – Focusing Narrowly on Procurement Prices

Often executives simply say that an overhead function, such as compliance, must “aim their reductions” at outside vendors. This may lead to more negotiations over suppliers’ pricings or attempts to negotiate high discounts. However the author’s note that this blanket approach often fails to take into account the precise mix of goods and services that a compliance department may use. Further, this gross approach focuses too narrowly on negotiating the price and fails to examine how the compliance function might actually consume goods and services from outside vendors. The authors note, “As a result, they miss potential large opportunities to lower spending.”

Mistake #4 – Maximizing Throughput

This mistake revolves around simply trying to get professionals to work faster. However, as with physicians, this mistake “is not sensitive to the impact of seemingly arbitrary standards on [compliance] outcomes.” Interesting what may be true is quite the opposite that a compliance function can receive greater overall productivity by spending more time with fewer problems. This is because by spending less time with problems up front, a compliance professional may be able to bring greater risk management techniques to bear, which can work to prevent or even proscribe a compliance issue rather than simply detecting it after something has occurred. The more time the compliance function can spend in counseling, monitoring or performing in-person training, the more benefits will be paid off from preventing compliance issues from becoming FCPA violative events.

Mistake #5 – Failing to Benchmark and Standardize

Benchmarking is recognized as a key tool of the compliance practitioner. However it is rarely thought of a cost-cutting tool or a cost-efficiency mechanism. Many compliance practitioners can only see the no ‘one-size-fits-all’ proscription which blocks them from seeing what other compliance practitioners might be doing to achieve similar results. If other companies can be used to determine a range of compliance techniques and strategies, perhaps they could also be consulting for the standardization of certain processes or procedures, which might lead to greater cost efficiencies. One constant about compliance is that there are no trade secrets in compliance. A constant about compliance professionals is that they will always share information on their program. Use the knowledge of others to help you deliver a compliance solution in a more cost-effective approach.

The compliance profession is maturing. Costs and inefficiencies can be the result of “mismatched capacity, fragmented delivery, suboptimal outcomes and inefficient use of technology.” In their penultimate paragraph the authors state, “The current practice of managing and cutting costs from a P&L statement does nothing to address those problems.” Unlike the theater version of The Mousetrap, compliance will experience ups and downs in funding similar to other corporate overhead functions. However, such pinch points might present opportunities for the compliance professional to review and assess a company’s compliance program and come up with ways to make it run more efficiently. For if it is true that there is no ‘one-size-fits-all’ approach to compliance; it is equally true that you are only limited by your imagination. But document how you got there and why and be prepared to defend how you identified your risk, coupled with your management of them.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014


October 1, 2014

Creation of Yosemite and Putting Compliance at the Center of Strategy

YosemiteOn this day in 1890, an act of Congress created Yosemite National Park, home of such natural wonders as Half Dome and the giant sequoia trees. Environmental trailblazer John Muir (1838-1914) and his colleagues campaigned for the congressional action, which was signed into law by President Benjamin Harrison.

In 1889, John Muir discovered that the vast meadows surrounding Yosemite Valley, which lacked government protection, were being overrun and destroyed by domestic sheep grazing. Muir and Robert Underwood Johnson, a fellow environmentalist and influential magazine editor, lobbied for national park status for the large wilderness area around Yosemite Valley. With this persuasion, Congress set aside over 1,500 square miles of land for what would become Yosemite National Park, America’s third national park. In 1906, the state-controlled Yosemite Valley and Mariposa Grove came under federal jurisdiction with the rest of the park to create the Yosemite that we know today. It clearly was a triumph for Muir and Johnson but more so for the American people.

I recently read an article in the Harvard Business Review (HBR) that seemed to draw inspiration from the actions of Muir and Johnson. The article by Frank Cespedes, entitled “Putting Sales at the Center of Strategy”, discussed how to connect up management’s new sales plans with the “field realities your salespeople face.” Referencing the well-known Sam Waltonism that “There ain’t many customers at headquarters”; Cespedes believes that “If you and your team can’t make the crucial connections between strategy and sales, then no matter how much you invest in social media or worry about disruptive innovations, you may end up pressing for better execution when you actually need a better strategy or changing strategic direction when you should be focusing on the basics in the field.”

The problem is usually clear. Senior management and the C-Suite make clear their commitment to doing business ethically and in compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA). The company even has a best practices compliance. But the problem is that the installation or enhancement of a compliance regime is usually perceived as a ‘top-down’ exercise. The reality of the employee base that must execute the compliance strategy is not considered. Even when there are comments, it is derisively characterized as ‘push-back’ and not taken into account in moving the compliance effort forward. I thought Cespedes piece had some great insights for the compliance practitioner so borrowing from his four-point process, I will rework it for a compliance professional.

Communicate the Strategy

It can be difficult for an employee base to implement a strategy that they do not understand. Even with a company wide training rollout, followed by “a string of e-mails from headquarters and periodic reports back on results. There are too few communications, and most are one-way; the root causes of underperformance are often hidden from both groups.” Here Cespedes’ insight is that clarification is a leadership responsibility and in the compliance function that means the Chief Compliance Officer (CCO) or other senior compliance practitioner. Moreover, if the problem is that employees do not understand how to function within the parameters of the compliance program, then there is a training problem and that is the fault of the compliance department. I once was subjected to a PowerPoint of 268 slides, which lasted 7.5 hours, about my company’s compliance regime. To say this was worse than useless was accurate. The business guys were all generally asleep one hour into the presentation as we went through the intricacies of the books and records citations to the FCPA. The training was a failure but it was not the fault of the attendees. If your own employees do not understand your compliance program that is your fault.

Continually improve your compliance productivity

I thought this point was insightful. Cespedes talked about incentivizing your sales force. Why not do the same concepts around compliance? You can work with your Human Resources (HR) department to come up with appropriate financial incentives. Many companies have ad hoc financial awards, which they present to employees to celebrate and honor outstanding efforts. Why not give out something like that around doing business in compliance? Does your company have, as a component of its bonus compensation plan, a part dedicated to FCPA compliance and ethics? If so, how is this component measured and then administered? There is very little in the corporate world that an employee notices more than what goes into the calculation of their bonuses. HR can, and should, facilitate this process by setting expectations early in the year and then following through when annual bonuses are released. With the assistance of HR, such a bonus can send a powerful message to employees regarding the seriousness with which compliance is taken at the company. There is nothing like putting your money where your mouth is for people to stand up and take notice.

Improve the human element in your compliance program

This is another area where HR can help the compliance program. More than ongoing assessment of employees for promotion into leadership positions, here HR can assist on the ground floor. HR can take the lead in asking questions around compliance and ethics in the interview process. Studies have suggested that certainly Gen Y & Xers appreciate such inquiries and want to work for companies that make such business ethics a part of the discussion. By having the discussion during the interview process, you can not only set expectations but you can also begin the training process on compliance.

However, this approach should not end when an employee is hired. HR can also assist your compliance efforts by tracking employees through their company career to identify those who perform high in any compliance metric. This can also facilitate the delivery on more focused compliance training to those who may need it because of changes on FCPA risk during their careers.

Make your compliance strategy relevant

Cespedes notes, “Most C-suite executives know these value-creation levers, but too few understand and operationalize the sales factors that affect them.” In the sales world this can translate into a reduction in assets to underperforming activities. This is all well and good but such actions must be coupled with an understanding of why sales might be underperforming in certain areas. In the compliance realm, I think this translates into two concepts, ongoing monitoring and risk assessment. Ongoing monitoring can allow you to move from a simple prevent mode to a more prescriptive mode; where you can uncover violations of your company’s compliance program before they become full blown FCPA violations. By using a risk assessment, you can take the temperature of where and how your company is doing business and determine if new products or service offerings increase your compliance risks.

Above all, you need to get out and tell the compliance story. Louis D’Amrosio was quoted for the following, “You have to repeat something at least 10 times for an organization to fully internalize it.” If there is a disconnect between your compliance strategy and how your employee base is implementing or even interpreting that strategy, get out of the office and go out to the field. But you need to do more that simply talk you also need to listen. By doing so, can help to align your company’s compliance strategy with both the delivery and in the field.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 2, 2014

Gettysburg Day 2 – A Failure of Culture in Leadership and How to Overcome It

James LongstreetToday is the 151st anniversary of Day 2 of the Battle of Gettysburg. Last year I focused on Union General Dan Sickles and how is disobeying of his commanding officer’s order, destroyed his brigade and ended his military career. Today, I want to focus on the Confederate side and how the non-use of information doomed the Confederate attack on Day 2 when it failed to dislodge the Union Army from the heights south of the town of Gettysburg.

If you have ever been to the battlefield, you were most probably struck by the rockiness of the heights to the south of town. While much of the area around the town had been cleared for farming there were some very rocky and stark ridges that ran south of Gettysburg. The Confederate plan had been to size this high ground using a road that split the rocky crags as a launching point. However, Confederate General James Longstreet’s failed to follow this order when he ordered his men to make a long, circuitous route that could not be seen by Union Army Signal Corps observers on Little Round Top. It was 4 pm by the time his two divisions reached their jumping off points, and then he and his generals were astonished to find the Union Army’s III Corps planted directly in front of them. Confederate General John Hood argued with Longstreet that this new situation demanded a change in tactics; he wanted to swing around, below and behind, Round Top and hit the Union Army in the rear. Longstreet, however, refused to consider any modifications to Lee’s order as the Confederate Army had suffered a significant defeat by not dislodging their enemy. A Confederate staff officer remarked that Lee was “not in good humor over the miscarriage of his plans and his orders.”

Longstreet’s refusal to take account of the changed conditions in implementing his orders had disastrous consequences for the Confederates on Day 2. Other than the slaughter of their troops in places like the Wheatfield, the Peach Orchard, Devil’s Den, Big Round Top and Little Round Top; they did not accomplish any military objectives. In the compliance world the failure to take changed or different circumstances into account can have negative consequences as well. I thought about some of these concepts when reading a recent article in the May issue of the Harvard Business Review (HBR), entitled “Navigating the Cultural Minefield”, by Erin Meyer, where she wrote about learning how to work more effectively with people from other countries. As all Chief Compliance Officers (CCOs) or compliance practitioners who work in a company subject to the Foreign Corrupt Practices Act (FCPA) work with employees outside the United States I found her insights useful when thinking about how to deal with employees from other cultures.

Myer has developed a tool she calls the Culture Map. It consists of eight scales representing the management behaviors where cultural gaps are most common. By comparing the position of one nationality relative to another on each scale, the user can decode how culture influences day-to-day collaboration. Her eight scales are “based on decades of academic research into culture from multiple perspectives. To this foundation I have added my own work, which has been validated by extensive interviews with thousands of executives who have confirmed or corrected my findings.” They are:

Communicating. Meyer compares cultures along the Communicating scale by measuring the degree to which they are high- or low-context, a metric developed by the American anthropologist Edward Hall. She believes that in “low-context cultures, good communication is precise, simple, explicit, and clear. Messages are understood at face value. Repetition is appreciated for purposes of clarification, as is putting messages in writing.” This contrasted with high-context cultures, where “communication is sophisticated, nuanced, and layered. Messages are often implied but not plainly stated. Less is put in writing, more is left open to interpretation, and understanding may depend on reading between the lines.”

Evaluating. Here Meyer “measures a preference for frank versus diplomatic negative feedback. Evaluating is often confused with Communicating, but many countries have different positions on the two scales.” She notes that the French “are high-context (implicit) communicators relative to Americans, yet they are more direct in their criticism” but “Spaniards and Mexicans are at the same context level, but the Spanish are much more frank when providing negative feedback.”

Persuading. Meyer notes that the manner “in which you persuade others and the kinds of arguments you find convincing are deeply rooted in your culture’s philosophical, religious, and educational assumptions and attitudes.” So, for instance, a senior “Western executive will break down an argument into a sequence of distinct components (specific thinking), while Asian managers tend to show how the components all fit together (holistic thinking).” But she evens delineates this scale further by finding that, “people from southern European and Germanic cultures tend to find deductive arguments (what I refer to as principles-first arguments) most persuasive, whereas American and British managers are more likely to be influenced by inductive logic (what I call applications-first logic).”

Leading. This scale measures the degree of respect and deference shown to authority figures, placing countries on a spectrum from egalitarian to hierarchical.

Deciding. Meyer articulates that this scale, measures the degree to which a culture is consensus-minded. She believes that Westerners wrongly believe that the “most egalitarian cultures will also be the most democratic, while the most hierarchical ones will allow the boss to make unilateral decisions.” She found that while “Germans are more hierarchical than Americans, but more likely than their U.S. colleagues to build group agreement before making decisions.” Further. she noted that the “Japanese are both strongly hierarchical and strongly consensus-minded.”

Trusting. Meyer splits this into the old ‘from the head’ (cognitive trust) or ‘from the heart’ (affective trust) analysis. She wrote, “In task-based cultures, trust is built cognitively through work. If we collaborate well, prove ourselves reliable, and respect one another’s contributions, we come to feel mutual trust. In a relationship-based society, trust is a result of weaving a strong affective connection. If we spend time laughing and relaxing together, get to know one another on a personal level, and feel a mutual liking, then we establish trust.”

Disagreeing. While Westerners, particularly Americans, tend to believe that a little open disagreement is healthy; other “cultures actually have very different ideas about how productive confrontation is for a team or an organization. This scale measures tolerance for open disagreement and inclination to see it as either helpful or harmful to collegial relationships.”

Scheduling. This one is my personal bane as there are some cultures that take the position that people treat scheduling, deadlines and meeting times as a mere “suggestion.” Her “scale assesses how much value is placed on operating in a structured, linear fashion versus being flexible and reactive.”

From this scale, Meyer has developed four rules to help bridge the cultural gap.

  1. Do Not Underestimate the Challenge. Most management styles have been developed over a lifetime of work. For most CCOs this includes a stint in a corporate legal department. But as Meyer notes, “Succeeding would depend on taking an entirely different approach and making ongoing adjustments over the long term.” Further, you may well need to unlearn many of the techniques that have made you successful.
  2. Apply Multiple Perspectives. More than simply recognizing the cultural perception of other employees is not enough as you will need to look “through multiple lenses.” Meyer writes that you need to understand the cultural position of one country to another, subsequently “You need to understand how the Koreans perceive the Indians, how the Indians perceive the Brazilians, and so on, and manage across the map. As you learn to look through multiple lenses, you may see that on some scales the Brazilians, for example, view the Indians in a very different way than the Koreans do.”
  3. Find the Positive in Other Approaches. Here people tend to see the negative when looking at how other cultures work but Meyer suggests that you should try and understand what it is that makes a cultural work. Further, if you have a compliance team from different cultural backgrounds this can bring strength to your overall position. Lastly, you can achieve a “complex understanding of various [cultural] strengths on the team” so that you can choose the best players for going forward.
  4. Adjust and The Readjust Your Position. Meyer believes that “More and more teams are made up of diverse and globally dispersed members. So as a leader, you’ll frequently have to tweak or adapt your own style to better mesh with your working partners. It’s not enough to shift to a new position on a single scale; you’ll need to widen your comfort zone so that you can move more fluidly back and forth along all eight.”

Meyer’s article provides some very good insight for the compliance practitioner. We all will have to deal with many cultures in a multi-national corporate compliance practice. By using the techniques that Meyer has developed you can not only come to understand how better to lead but also you can use your team members from other cultures to facilitate greater communication of compliance principles, training and issues throughout the organization.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014


June 23, 2014

An Event That Changed the World and Fostering Compliance Leadership – Part I

Archduke Ferdinand AssassinationThis coming Saturday, June 28th, is the 100th anniversary of most probably the single most momentous event of the 20th century; the assassination of Archduke Ferdinand and his wife Sophie in Sarajevo, then located in the Austro-Hungarian Empire. I view it as the singular event of the prior century because it led directly to the following events: the First World War, the Second World War, the Russian Revolution, the fall of the Hapsburg, Romanov and Prussian monarchies, the Cold War and a host of other events. One can point to 1963 in Dallas and 9/11 as direct descendants of the actions of the Sarajevo assassins.

One of the best articles I have ever read on the assassination was in the March 22nd edition of the Financial Times (FT) in a piece by Simon Kuper, entitled ‘The crossroads of history”. Kuper returned to modern day Sarajevo “to try and understand his act in its local context – the context both of 1914 and 2104.” I think that Kuper did come to some understanding through his reporting, which I found to be first rate. The attack on the Archduke itself came about through a plethora of mis-steps, foolish decisions and idiotic mistakes that rival any modern day industrial catastrophe. Kuper quoted the author Rebecca West for the following, “Nobody worked to ensure the murder on either side as the people who were murdered.” As this assassination started Europe down a road that led to well over 20 million deaths, it is an appropriate start to many more posts I will have during the centenary of 1914.

Just as Gavrilo Princip changed the course of history, I recently read an article in the May edition of the Harvard Business Review (HBR) which I think could significantly modify how you, as a Chief Compliance Officer (CCO) or compliance practitioner, will think about getting employees to “apply their talent and energy to move organizations forward” in compliance and ethics. The article is entitled “Blue Ocean Leadership”. In this two-part series I will explain the authors view of the problem that “According to Gallup’s 2013 State of the American Workplace report, 50% of employees merely put their time in, while the remaining 20% act out their discontent in counterproductive ways, negatively influencing their coworkers, missing days on the job, and driving customers away through poor service. Gallup estimates that the 20% group alone costs the U.S. economy around half a trillion dollars each year.” The authors believe that “poor leadership is a key cause” of this problem. The authors posit that leadership is a “service that people in an organization “buy” or “don’t buy” and when employees come to value you as a leader, they “in effect buy your leadership.”

Today I will focus on how ‘Blue Ocean Leadership’ differs from conventional leadership and tomorrow I will review strategies of how to execute this type of leadership and explore its implications for the CCO or compliance practitioner.

Key Differences from Conventional Leadership Approaches

The authors point to three key differences between ‘Blue Ocean Leadership’ and traditional leadership approaches.

The first key difference is that ‘Blue Ocean Leadership’ “focuses on what acts and activities leaders need to undertake to boost their teams’ motivation and business results, not on who leaders need to be. This difference in emphasis is important. It is markedly easier to change people’s acts and activities than their values, qualities, and behavioral traits. Of course, altering a leader’s activities is not a complete solution, and having the right values, qualities, and behavioral traits matters. But activities are something that any individual can change, given the right feedback and guidance.”

The second under ‘Blue Ocean Leadership’ is to “connect closely to market realities”. This is accomplished by having “the people who face market realities are asked for their direct input on how their leaders hold them back and what those leaders could do to help them best serve customers and other key stakeholders. And when people are engaged in defining the leadership practices that will enable them to thrive, and those practices are connected to the market realities against which they need to perform, they’re highly motivated to create the best possible profile for leaders and to make the new solutions work.” This allows not only employee buy-in both also quicker and more efficient engagement of the implementation of a leaders program.

The third key difference is that ‘Blue Ocean Leadership’ distributes leadership across all levels of management. The authors quoted one senior executive who said, “The truth is that we, the top management, are not in the field to fully appreciate the middle and frontline actions. We need effective leaders at every level to maximize corporate performance.” However ‘Blue Ocean Leadership’ is more robustly “designed to be applied across the three distinct management levels: top, middle, and frontline. It calls for profiles for leaders that are tailored to the very different tasks, degrees of power, and environments you find at each level. Extending leadership capabilities deep into the front line unleashes the latent talent and drive of a critical mass of employees, and creating strong distributed leadership significantly enhances performance across the organization.”

The Four Steps of Blue Ocean Leadership

Most importantly the authors believe that you have to see your leadership for what it is and not what you wish it to be. If you do not have a “common understanding of where leadership stands and is falling short, a forceful case for change cannot be made.” The authors created a template that they called “Leadership Canvases” which are visual representations to show what leaders actually do, rather than what they think they do. The authors’ research showed that 20% to 40% of all actions taken by managers are of little value to the organization. This led to the “biggest “aha” for the subteams was that senior managers appeared to have scarcely any time to do the real job of top management—thinking, probing, identifying opportunities on the horizon, and gearing up the organization to capitalize on them.”

Based upon this initial finding, the authors began to explore alternative leadership profiles. Here you are required “to think beyond the bounds of the company and focus on effective leadership acts they’ve observed outside the organization, in particular those that could have a strong impact if adopted by internal leaders at their level. Here fresh ideas emerge about what leaders could be doing but aren’t. This is not, however, about benchmarking against corporate icons; employees’ personal experiences are more likely to produce insights. Most of us have come across people in our lives who have had a disproportionately positive influence on us. It might be a sports coach, a schoolteacher, a scoutmaster, a grandparent, or a former boss. Whoever those role models are, it’s important to get interviewees to detail which acts and activities they believe would add real value for them if undertaken by their current leaders.”

The next step begins to take what I call some real corporate courage. It requires that middle and frontline managers critique what senior management has come up with in step 2, developing alternative leadership profiles. Some of the more interesting changes were ‘Cut through the Crap’ in which “frontline leaders did not defer the vast majority of customer queries to middle management and spent less time jumping through procedural hoops. Their time was directed to training frontline personnel to deliver on company promises on the spot” and to resolve problems. Another was ‘Liberate, Coach and Empower’ where leaders “time and attention shifted from controlling to supporting employees.” Finally, there was ‘Delegate and Chart the Company’s Future’ where the front and middle line managers had more responsibility so “senior managers would be freed up to devote a significant portion of their time to thinking about the big picture—the changes in the industry and their implications for strategy and the organization. They would spend less time putting out fires.”

Blue Ocean Leadership’ challenges companies to allow its employees to “think about which acts and activities leaders should do less of because they hold people back, and which activities they should do more of because they inspire people to give their all.” Just as you begin to think through the changes wrought by one action in a small town, very long ago, which changed the 20th Century forever, you may wish to use these concepts to think about how your leadership can be made more effective.

In tomorrow’s post I will look at how the authors believe you can execute a ‘Blue Ocean Leadership’ change in your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 16, 2014

The Magna Carta and Scrutiny of Your Compliance Program

Magna CartaYesterday, June 15 was Father’s Day so for all us fathers out there, it was our day and I hope that you enjoyed and cherished it. It was also the anniversary of what I believe was one of the greatest achievements in Anglo jurisprudence, the signing of the Magna Carta, by King John and the Barons who opposed his tyranny. In 1215, the barons rose up in rebellion against the King’s abuse of feudal law and custom. The legal document drafted up for King John, required him to make specific guarantees of the rights and privileges of his barons and the freedom of the church.

On June 15, 1215, King John met the Barons at Runnymede on the Thames and set his seal to the Articles of the Barons, which after minor revision was formally issued as the Magna Carta. I have visited the field at Runnymeade where the Magna Carta was signed. Next year will be the 1100th anniversary of the signing of this document. For me, the Magna Carta is symbol of the sovereignty of the rule of law over the King. Its grant was of fundamental importance to the constitutional development of England and to the rest of the common law world such as the United States.

I thought about how King John was forced to sign the Magna Carta, clearly against his will, when I read an article in the May issue of the Harvard Business Review (HBR), entitled “How to Outsmart Activist Investors”, by Bill George and Jay W. Lorsch. While the article focuses on steps a company can take before an activist shareholder buys into a company and demands changes, I thought the process of preparation that the authors listed as something that a Chief Compliance Officer (CCO) should consider in his or her company’s compliance program.

The authors lay out the problem faced by company’s as follows, “Their game is simple: They buy stocks they view as undervalued and pressure management to do things they believe will raise the value, such as giving more cash back to shareholders or shedding divisions that they think are driving down the stock price. With increasing frequency they get deeply involved in governance—demanding board seats, replacing CEOs, and advocating specific business strategies.” They proposed a six-step process that allows a company to be ready for such an attack. However, I saw these six-steps as delineations a CCO could institute which would prepare a compliance program for a wide range of reviews, including audits, reviews by government regulators, queries by Board members or other high ranking company officials who may want to know more about a compliance program on a quick basis. So I have adapted the authors’ six steps to advise the CCO on how to be ready for such an event or perhaps a myriad of others.

Have a Clear Strategic Focus and Stick to It

In their article, the authors pointed to PepsiCo’s move to it’s “Performance with Purpose, a strategy targeting three growth areas: (1) “good for you” products, including Quaker Oats and Gatorade; (2) product innovations; and (3) emerging markets. Part of the idea was to fund the substantial investments—including acquisitions—required to build these categories with the cash flow from PepsiCo’s core business. PepsiCo did precisely that, acquiring a number of food and beverage companies in emerging economies such as Brazil, India, Russia, and Ukraine.” For the compliance practitioner, I think it means you need to stick to your guns and move your program forward. It does not mean that you will not hit road bumps along the way but if you have something like Stephen Martin’s suggestion for a 1 – 3 – 5 year program in writing and are following it, you can reject calls for major mid-course changes. 

Analyze Your Business as an Activist Would

In their article, the authors said, “CEOs need to ensure that their boards understand the tactics of activist investors and have a game plan for responding. That means analyzing both how the activists might try to increase short-term shareholder value—through spin-offs and divestitures or financial engineering such as stock buybacks and increased debt—and the company’s possible vulnerabilities in strategy and capital structure. Specific examples from other companies can help.” For the compliance practitioner, I believe this means you need to keep abreast of the most current information available on the Foreign Corrupt Practices Act (FCPA) or other types of anti-corruption compliance. While the 2012 FCPA Guidance still provides some of the best articulation of what the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) believe constitute an effective compliance program, you should still monitor enforcement actions and other information. So if your company is in the tech space, the March HP enforcement action is something you should review to determine if any of HP’s compliance failures might have implications for your company.

Have Your External Advisers Lined Up in Advance and Familiar with Your Company

The authors believe that to fight such proxy challenges “both management and the board must have external advisers whose guidance they can rely on.” However, for the compliance practitioner, it means that you have taken steps to assess and verify the efficacy of your compliance program. Certainly you can benchmark your program against others in your industry but also having third parties assess, benchmark and verify your compliance program can be an excellent way to show where your program stands if someone comes looking at it.

Build Board Chemistry

Obviously when fighting an activist investor, Board cohesion is paramount. The authors note, “Activist investors are often out to divide a target company’s board. To address the issues they raise in an objective and constructive manner, directors need the unity that comes from years of building board chemistry. That chemistry is enhanced through repeated engagement on important issues, weathering crises together, and candid dialogue with the CEO. The latter requires a high degree of transparency from the CEO and a willingness to share even the most sensitive information involved in decision making. To cope with an activist’s challenges, directors must be fully committed to the company and its long-term objectives.” But the same is true for a CCO. Having Board support is imperative to any long-term success for a compliance program. It is up to you to develop the relationships and provide timely information so that there are no surprises, or as few surprises as possible, in the area of compliance.

Perform in the Short Run Against Declared Goals

Just as “the best defense against an activist investor is consistent performance that realizes the company’s stated goals; anything else makes the company vulnerable”, I believe that a compliance program should also measure itself against stated goals. The FCPA Guidance makes clear that a compliance program begins with a risk assessment. The reason is not only to use the risk assessment to determine where your compliance program might stand but also to create a road map for future enhancements. It is also important to set realistic expectations. Overly ambitious compliance goals, which ultimately fall short can trip up a CCO and make a program vulnerable to criticisms.

Don’t Dismiss Activist Ideas Out of Hand

The authors note “Most activist investors are smart, motivated people who often notice things that boards and managers overlook. It is generally worth listening to their recommendations and implementing the ones that make sense.” For the CCO or compliance practitioner, I have long advocated listening to the business units to help see what works and what does not work. This does not mean a compliance program can only be followed when feasible, but it may require compliance program flexibility to allow it to not only measure and assess risk but to adequately manage compliance risk.

Doing What’s Best for All Your Shareholders

The authors believe “One of a board’s most important roles is to ensure that the company stays true to the mission and values that have made it successful. In recent years several activist fund managers with no industry experience have come to corporations with proposals for radical, unproven course changes. Sometimes major changes are needed, but companies that allow outside activists to implement them without full and careful consideration risk losing the commitment and engagement of their employees and customers.” Similarly, a CCO or compliance professional needs “to work to ensure the long-term viability of the company’s [compliance] mission and strategy.”

Whether you are a lawyer or not, I believe that the Magna Carta is one of the most significant legal documents in the history of Anglo jurisprudence. Even if King John signed it at the point of a knife to his throat, or not, it became one of the foundation documents for English and, later, American law. But another lesson one may draw from it was that King John was not prepared when his Barons revolted against him. The HBR article provides a clear path for the compliance practitioner to follow to prepare for excess, outside, unwanted or other scrutiny.



If you are interested in learning about mergers and acquisitions under the FCPA I am involved in to upcoming events designed to give you the most up-to-date advice on this area of compliance. Both events are sponsored by The Network. The first event is a webinar entitled appropriately enough, “Mergers and Acquisitions Under the FCPA” and is scheduled for  Tuesday, June 17th, 2014 TIME: 2:00 pm EDT. For registration and additional information click here. On Tuesday, June 24th the always popular Tom Fox/Stephen Martin roadshow travels to Denver where I will speak live on Merger and Acquisitions Under the FCPA and Stephen will talk about risk assessments under the FCPA. For information on the Denver event, click here


World Cup 2014I am putting on a four part podcast series on the World Cup, detailing issues of bribery and corruption, together with an ongoing discussion of Team USA and this year’s tournament. I am joined by Mike Brown, the Managing Director of Infortal. You can check out Part I by clicking here of the series where we discuss bribery of referees in the lead up to the 2010 World Cup held in South Africa and FIFA’s response. Mike and I then review Team USA and it’s draw in Group G-the Group of Death. I hope that you will check out this series and enjoy it as much as Mike and I enjoy recording the episodes. Also remember, my podcast, the FCPA Compliance and Ethics Report is available for download at no charge on iTunes so you can listen to Part I on your commute to work. So sign up for the podcast from WordPress or iTunes and enjoy our series.




This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.


© Thomas R. Fox, 2014

May 16, 2014

Compliance Hiring Practices under the FCPA

King Solomon and the BabyHiring practices under the Foreign Corrupt Practices Act (FCPA) are not often given much thought or widely discussed. They have come up for discussion more recently because of the issues surrounding the hiring of sons and daughters of foreign government officials most publicized with JPMorgan Chase & Co. But numerous other company’s similar hiring practices are under regulator scrutiny. As far back as 2004, in Opinion Release 04-02, the Department of Justice (DOJ) realized this was an important part of an overall compliance program when it approved a proposed compliance program that had the following requirement:

Clearly articulated procedures which ensure that discretionary authority is not delegated to persons who the company knows have a propensity to engage in illegal or improper activities.

I thought about some of these issues when I read The Saturday Essay in the Wall Street Journal (WSJ), entitled “How to Trick the Guilty and Gullible into Revealing Themselves” by Steven Levitt and Stephen Dubner, which they adapted from their most recent book Think Like a Freak. In their essay they began by comparing two diverse tactics used by King Solomon and the band Van Halen to see who might be telling the truth, or not, in a specific situation. In the oft-told tale involving King Solomon he decreed that he would split a baby and give one-half each to two women who claimed to be the mother. The true mother told him to give the baby to the other woman. King Solomon used this fact to determine which was the real mother. In the case of rock band Van Halen, they had a 53-page rider giving “point-by-point instructions” in in their touring contract. This rider had technical and security specifications for each venue the band played. It also had language in ALL CAPS that stated “M&M’s (WARNING: ABSOLUTELY NO BROWN ONES).” Initially this language was derided as simply rock and roll excess to the hilt, but band member David Lee Roth explained that if he went into the dressing room and found no brown M&Ms, it signified to him that the local promoter had read the contract. If there were brown M&Ms, the band had to perform extra reviews of the stage electrical and lighting requirements.

Why is hiring so important under the FCPA? It is because hiring is important to any company’s health and reputation. At this point, until the US Supreme Court tells us that a corporation is the same as a human being, with both obligations and rights; a company is only as strong as its employees. Like most areas of FCPA compliance good hiring practices for those employees who will do business in compliance with anti-corruption laws such as the FCPA are simply good business practice. Levitt and Dubner cite the following statistic, “By one industry estimate, it costs an average of roughly $4,000 to replace a single employee, and one survey of 2,5000 companies found that a single bad hire can cost more than $25,000 in lost productivity, lower morale and the like.” For one of the energy Services Company where I worked this estimate went as high as $400,000 to hire and fully train a new employee. I would add that those costs could go up significantly if a bad hire violates the FCPA.

Brooke Denihan Barrett, Chief Executive Officer (CEO) of the Denihan Hospitality Group, interviewed in the New York Times (NYT) Corner Office column said that by the “time somebody meets me, you can assume that the skills are there. So what I interview for is fit. And I’m always very curious to know, what is it about our company that appeals to that person?” She asks specifically about culture, requesting the candidate define it and how do you think that culture is special. She also asks candidates to talk about a failure and what lessons that they learned from the experience and how they dealt with the experience. I would suggest that both of those lines of inquiries should be used when evaluating a candidate for hire.

In a completely different arena, Houston Dash General Manager (GM) Brian Ching talked about the expectations he and his club have for the female soccer players on the squad. In addition to the obvious requirement for a professional soccer player to be technically proficient in the game of soccer, the team expects each player to have significant community involvement to help develop a fan base for the club. In the player interview process, this is thoroughly explained and each prospective player is asked if they would be willing to take on this additional role. But more than simply using this Q&A as an evaluation technique, it allows the team to communicate its expectations to each potential team member.

This is something that Human Resources (HR) and others involved in the hiring process can take to heart. They should have a serious and frank discussion with all potential hires, particularly those going into senior management or FCPA-related high-risk areas. This not only allows an evaluation along the lines that Barrett uses to determine if a hire will be a cultural fit for her company but it permits a company to directly express its expectations surrounding FCPA compliance and doing business ethically if a person is hired.

Another area that is often overlooked is the reference check. Many practitioners feel that a reference is not of value because prospective candidates will only list references that they believe will provide glowing recommendations of character. This leads to a pro forma reference check. However, in an article in Harvard Business Review (HBR), entitled “Gilt Groupe’s CEO on Building a Team of A Players”, author Kevin Ryan explodes this misconception by detailing how he views the entire hiring process and specifically checking references. I would add that it could be a valuable and useful tool for you and your compliance program.

In the hiring of personnel, Ryan details the three steps his company takes: (1) Resume review; (2) In-Person interview; and (3) Reference checks. Ryan believes that resumes are good for establishing “basic qualifications for the job, but not for much else.” He believes that the primary problem with in-person interviews is that they are skewed in favor of “persons who are well spoken [or] present well.” For Ryan, the key check is through references and he says, “References are really the only way to learn these things?”

Ryan recognizes that many people believe that reference checks are not of great value because companies cannot or will not give out much more information than confirming dates of employment. However, he also believes that “the way around it is to dig up people who will speak candidly.” He also recognizes that if you only speak to the references listed on a resume or other application, you may not receive the most robust appraisal. Ryan responds that the answer is to put in the work to check out references properly. Ryan believes this is one of the key strengths of search firms and that companies should emulate this practice when it comes to reference checks.

He notes that anyone who has worked in an industry for any significant length of time will have made many connections. Invariably some of these connections will be acquainted with you or those in your current, and former, company. Ryan gave the following example: A longtime friend who was employed at another company called and said that he had been asked by his hiring partner to find out “the real story” on a hiring candidate by asking Ryan his candid opinion of the candidate. Ryan’s response was “Don’t hire him.” Lest you think that such refreshing honesty no longer exists when informal employment references are provided, you are mistaken. In my past corporate position, I was charged with performing compliance due diligence on senior executives and I spent time doing what Ryan suggested, calling acquaintances that I knew and asking such direct questions. More than 75% of the time, I got direct responses.

Ryan believes that you must invest your company in the hiring process to get the right people for your company. The same is true in compliance. You do not want people with a propensity for engaging in corrupt acts working for, or leading, your company.

The hiring of someone who will perform business activities in compliance with anti-corruption laws such as the FCPA or UK Bribery Act will continue to be as much art as science because the hiring of quality employees for senior management positions is similarly situated. But that does not mean a company cannot work to not hire those persons who might have a propensity to engage in bribery and corruption if the situation presented itself. The hiring process is just one more tool that can be utilized to build an effective compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 7, 2014

The Battle of Shiloh, Corruption in Ukraine and Things to Come

Things to ComeOn this day 126 years ago the two-day battle of Shiloh ended. On the second day, the Union troops under General Grant largely recovered the ground that the Confederate troops had taken on the first day. Grant was severely criticized for allegedly being taken by surprise by the Confederate attack but he managed to survive the firestorm. The Confederates lost their most senior commander, General Albert Sydney Johnson, on the first day of the fighting.

With the successful Union counter-attack on the second day the battle is generally viewed as a tactical victory for the North. However, for me the thing that is most significant about this battle is that it was the first horrific slaughter of the Civil War. There were over 23,000 casualties on both sides. Unfortunately it presaged more to come. I will never forget Shelby Foote’s comments in Ken Burn’s documentary The Civil War. Shiloh was not an aberration but there were 25 more Shiloh’s to come. It truly was a sign of things to come.

The recent events in Ukraine have had a variety of interpretations, results and predictions. But one thing is clear, the government of Ukraine allowed systemic corruption to occur. One can look to the Archer-Daniels-Midland Corp. (ADM) Foreign Corrupt Practices Act (FPCA) enforcement action to see the effects in play. In that matter, ADM paid bribes to obtain tax rebates to which it was legally entitled. Unfortunately for ADM it developed opaque schemes to fund bribery payments and then hid them on its books and records. Not good for FPCA compliance.

Or consider the case of Ikea. In an article in Bloomberg, entitled “Dashed Ikea Dreams Show Decades Lost to Bribery in Ukraine”, Agnes Lovasz wrote that Ikea has tried for over a decade to open a store in the country but has been unable to do so because it refuses to pay bribes to do so. She wrote that according to Transparency International’s (TI’s) Corruptions Perceptions Index (CPI), “Stuck between the European Union and its former imperial master Russia, Ukraine has emerged as the most corrupt country on the continent.” She quoted Erik Nielsen, chief global economist at UniCredit SpA in London, for the following, “Even before this latest crisis, Ukraine was a mess beyond description”. How about this recommendation from Lennart Dahlgren, a retired Ikea executive who led the company’s entry into Russia, who said in an interview with Russkiy Reporter magazine in 2010, that compared with Ukraine, Russia, the most corrupt major economy, “is whiter than snow”. Faint praise indeed.

While a US, UK, EU or other western government response is certainly appropriate, I thought about a business led response to such a situation when I read a recent article in the April issue of the Harvard Business Review (HBR), entitled “The Collaboration Imperative”, by authors Ram Nidumolu, Jib Ellison, John Whalen and Erin Billman. In this article they discussed business collaborations in the context of sustainability. I found their concepts should be considered by companies or industry groups when trying to develop strategies to fight corruption. As Jason Poblete continually reminds us, the marketplace is one important place to look for solutions to problems and this article certainly provides some starting points for such an analysis.

The authors posit that collaboration models should be divided into two categories: (1) coordinated processes and (2) coordinated outcomes. Adapting these to anti-corruption/anti-bribery programs, this means that under the ‘coordinated processes’ prong businesses should identify and share industry-wide operational processes that prevent and detect bribery and corruption. Under the ‘coordinated outcomes’ prong, the authors work translates into developing industry benchmarks and standardized systems for measuring anti-corruption/anti-bribery performance across the value chain.

The authors had some specific steps in their article which I thought also provided insightful for implementing their ideas in the anti-corruption/anti-bribery context. First you should being this journey “with a small, committed group.” The reason to do so is “to prevent the logjams that can occur when many stakeholders with conflicting goals try to work together, start by convening a small “founding circle” of participants. The members must have a common motivation and have mutual trust at the outset. This group develops the project vision and selectively invites subsequent tiers of participants into the project as it develops.” Next you should try to “link self-interest to shared interest.” This is because to help facilitate success, “collaboration initiatives must ensure that each participant recognize at the outset the compelling business value that it stands to gain when shared interests are met.” The participants need to then try to monetize the system value by “linking self-interest and shared interest is to quantify how the collaboration reduces costs or generates revenue for each participant.” It helps to build a direct path to some early successes because it is important “to generate momentum and commitment, the action plan must also emphasize quick wins. Business thrives on visible and immediate results, and sustainability collaborations are no exception. Even if these wins are small initially, the cost savings or incremental revenues provide proof to other executives inside participants’ organizations that the investment is worthwhile.”

As many in such a collaborative group will have conflicting priorities, the authors believe it is important to have “independent project-management specialists with demonstrated competence in trust building among diverse stakeholders. Additionally, the project management function must be seen by all participants as neutral and committed to the success of the project, rather than to any individual stakeholder.” Interestingly, the authors note that there should be built in competition which should be “structured to support shared goals.” Finally, and perhaps most obviously, any such group must have a culture of trust. Fortunately, in the anti-corruption/anti-bribery world there are very few trade secrets but beyond this, the “building and maintaining trust is an ongoing practice foundational to every other practice during the collaboration project.”

Perhaps the people or the leadership of Ukraine may at some point realize that the perceived endemic nature of corruption in their economic system, helped lead in part to its current problems. Maybe the citizens in Crimea thought the Russian government less corrupt. While I do not pretend to know the answers to these questions, the collaboration model that the authors have detailed for sustainability initiatives is certainly one that US companies might wish to consider on some type of industry wide basis.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

Blog at WordPress.com.