FCPA Compliance and Ethics Blog

September 5, 2012

The Art of Strategic Compliance Plan – A Seven Step Process

I recently wrote about my colleague Stephen Martin’s thoughts on having a 1-3-5 year strategic plan for your company’s Foreign Corrupt Practices Act (FCPA) or Bribery Act compliance program. I am often asked where a compliance practitioner can come up with some ideas to put in such a strategic plan. Clearly one excellent area to study are the ongoing enforcement actions, which are all publicly released. They not only provide insight into the Department of Justice’s (DOJ) thinking on current best practices in the area of FCPA compliance programs but with the recent addition of “Enhanced Compliance Obligations” as found in the Johnson & Johnson (J&J) and Pfizer Deferred Prosecution Agreements (DPAs) there is solid information on some of the most cutting edge compliance initiatives which companies are now using. While you should recognize that these “Enhanced Compliance Obligations” are tailored for the specific company the DPA deals with, nevertheless you can review the concepts and implement those which are appropriate for your company.

Like many compliance practitioners, I came to this field through a corporate law department. As such the focus was usually not on strategic objectives nor did we typically receive much training on how to go about such a process. I was therefore interested in an article in the September issue of the Harvard Business Review (HBR), entitled “Bringing Science to the Art of Strategy”, co-authored by A. G. Lafley, Roger Martin, Jan Rivkin and Nicolaj Siggelkow, which explored the idea that company leaders could be much better in “marrying empirical rigor and creative thinking.” The authors laid out a provocative calculus for developing novel strategies through a “genuine inquiry that’s at the heart of the scientific method.” The authors set forth a step-by-step process in which creative thinking yields possibilities and tests these possibilities using rigorous analysis. The steps are:

1.      Move from Issues to Choice. You need to convert your issue into at least two mutually exclusive options which might resolve the issue. This is because most organizations “will fall into the trap of investigating data related to issues rather than exploring and testing possible solutions.” By framing the problem or issue as a choice, you will focus on “what you have to do next, not on describing or analyzing the challenge.”

2.      Generate Strategic Possibilities. You will need to broaden your list of options to ensure that there is an inclusive range of possibilities. By this the authors mean that possibilities should be creative. Further they identified three key components for such possibilities. First, detail the advantage the possibilities aim to achieve. Second, the scope across which the advantage applies. Third, the activities that will deliver the intended advantage.

3.      Specify the Conditions for Success. For each possibility that you or your group generates, you must describe what must be true for the possibility to be strategically sound. The authors make it clear that this step is not intended “for arguing about what is true” nor is it intended to “explore the soundness of logic behind various possibilities.” This step is intended to require the skeptic to “specify the exact source of skepticism” and require the possibility progenitor to “understand the skeptic’s reservations and develop the proof to overcome them.”

4.      Identify Barriers to Choice. This step is designed to put a “critical eye on the conditions” identified in Step 3. To do this you should determine which conditions are the least likely to hold true. Interestingly, in this step the authors suggest the following process: ask the group members to “imagine that they could buy a guarantee that any particular conditions [identified in Step 3] would hold true.” The condition chosen should be the condition which is the greatest barrier to success. You should then continue the process until all conditions are ranking in such an order.

5.      Design Tests for Barrier Conditions. For each key barrier, you should devise a test which you deem to be valid and sufficient to generate commitment within your organization. The authors do not specify any particular test but say that “the only requirement is that the entire group believes that the test is valid and can form the basis of rejecting the possibility in question or generating comment to it.”

6.      Conduct the Tests. In this step you should start with the test for the barrier conditions in which you have the least confidence. The authors suggest that you bring in outside professionals to administer the test or at least some other group within your company. They caution that the role of these testers is to test; their role is not to revisit or analyze the conditions that your group has set. The key is that the testing has to be “an inch wide and a mile deep” which the authors explain requires that the testing should target the “concerns which could prevent the group from choosing an option and exploring those areas thoroughly enough to meet the group’s standard of proof.”

7.      Make the Choice. Finally, you will need to review your key conditions in light of your test results in order to reach a conclusion. The authors believe that the correct strategy will appear from the results and that greater team consensus will be generated by the seven step approach they suggest.

I found this article very interesting as it provided a useful guide on how to think through devising a strategic plan. In the compliance arena, if you could weld this process to Stephen Martin’s ideas for a 1-3-5 year strategic plan, it would provide a powerful tool for you to use not only in promoting your compliance initiatives internally but if the government ever comes knocking at your door.

I will be co-presenting with Stephen Martin next week in Chicago at an event hosted by Kreller. It will be Tuesday, September 11 at the University Club of Chicago. If you are in the area, please come by and here about Stephen’s 1-3-5 plan and much more about FCPA compliance programs. For more information, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 23, 2012

The FCPA Compliance Strategic Plan – Some Lessons for the Astros

The Houston Astros were swept this week by the St. Louis Cards and are now on a 7-43 run, the worst in the majors since 1943. On the upside, the entire starting nine fielded by the Astros’ on Thursday had only one player, outfielder Ben Francisco, making more than the league minimum (approximately $483,000) and their combined salary was about $4 million less than the one-year deal of $9.75 million that Cardinals starter Jake Westbrook has just signed. So our new Astros owner should have plenty of money for those new American League uniforms he has been secretly working on.

One of the things that my colleague Stephen Martin talks about is the need for strategic planning for your Foreign Corrupt Practices Act (FCPA) compliance program. He suggests a 1, 3 and 5 year strategic plan which you should utilize as a road map for your compliance program in these time frames. Equally important, as a former state and federal prosecutor, he believes that such a document would be an important item to produce to a prosecutor, who might be reviewing your compliance program in the event of a voluntary self-disclosure, a Dodd-Frank or other whistleblower event, which has led your company to receive a subpoena or letter of inquiry or an industry sweep. He believes that such a strategic plan could well lead to the development of credibility for your company and your compliance program in the event of one of the aforementioned eventualities.

I pondered over Stephen’s thought on the subject of a strategic plan recently when I heard the Houston Astros General Manager say that he was not sure what plan he has to make the Astros a winning if not relevant, team again. Basically he said it was a 1, 3 or 5 year plan, or perhaps something else, he just wasn’t sure. With those words of encouragement in mind it would appear that the Astros plan is the following: (1) Year One: Lose to a new set of teams as the Astros will move from the National League to the America League; (2) Year 3: Continue to lose; (3) Year 5: Be all you can be. How is that for a strategic plan?

With the above in mind I was interested to read an article in the Houston Business Journal, entitled “Strategic planning needs constant follow-up to be successful” by Bruce Rector. As with Martin he recognizes that while a strategic plan can serve as guide for your company going forward, it must actually be utilized to garner any use out of it. Rector notes that “if your company and management team have expended the time and resources to pull together a strategic plan, the next logical step is to follow up and keep things on track.” While Rector’s article is not aimed at the compliance arena, I believe that the steps he lays out, translate without difficulty, into steps a compliance officer can take to meet the suggestion laid out by Martin above.

  • Review the Goals of the Strategic Plan. This requires that you arrange a time for the Chief Compliance Officer (CCO) and team to review the goals of the Strategic Plan. Rector advises that to the extent possible this should be done in person. The CCO should lead a discussion of the Strategic Plan and determine how this goal in the Plan measures up to its implementation in your company.
  • Design an Execution Plan. Here Rector advises that the “Keep it Simple Sir” or KISS method is the best to move forward. This would suggest that for each compliance goal, there should be a simple and straight forward plan to ensure that the goal in question is being addressed. Rector notes that any “plan must be specific with clear tasking and deliverables and a definite timeline for delivery.”
  • Put Accountabilities in Place. In any plan of execution, there must be accountabilities attached to them. Simply having a time line is not enough. This means that the persons tasked with the responsibility of performing the tasks be clearly identified, by both the individual so tasked and the actual task they are assigned to complete. Accountability also includes a “follow-up mechanism to ensure that these vital goals are achieved.” This requires the CCO or other senior compliance department representative to put these in place and then mandate a report requirement on how the task assigned is being achieved.
  • Schedule the Next Review of the Plan. Most interestingly, Rector recommends a review of the foregoing process on a weekly basis. While noting that this may seem time consuming, he believes that once the group assigned with this responsibility gets “into the rhythm, it can go smoothly.” While I would not necessarily agree that weekly meetings are required, Rector does correctly note that such regularity allows any problems which may arise to be detected and corrected more quickly than if meetings are held at a less frequent basis.

Martin’s guidance that a FCPA strategic plan can be a key part of your overall compliance program is sound advice. However, simply developing a strategic plan is not enough. Rector concludes by stating that “Part of management’s responsibility is to continually reinforce the vision and goals of the company, as set forth in this plan.” This is particularly true in the compliance arena, where assessment and updating are critical to an ongoing best practices compliance program. If you follow the process laid out by Rector, you will put a mechanism in place to demonstrate your company’s commitment to compliance by following through on intentions as set forth in your strategic plan.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Blog at WordPress.com.