Info

FCPA Compliance Report

Tom Fox has practiced law in Houston for 30 years and now brings you the FCPA Compliance and Ethics Report. Learn the latest in anti-corruption and anti-bribery compliance and international transaction issues, as well as business solutions to compliance problems.
RSS Feed Subscribe in Apple Podcasts
FCPA Compliance Report
2017
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
March
February


2015
December


Categories

All Episodes
Archives
Categories
Now displaying: Category: compliance know-how
Nov 22, 2017

One of the greatest things about the compliance profession is that it is only limited by its collective imagination. If you can think it up, you can probably do it. This has led not only continuing evolution of compliance programs but continuing innovation in the compliance function. As compliance programs evolve and innovate, regulators take note and the cycle becomes almost a continuous feedback loop. One technique new to compliance but squarely in the 360-degree view of communication is internal crowdsourcing, to enlist new ideas from employees, to open new sources of compliance innovation.

Internal corporate crowdsourcing was explored in  “Developing Innovative Solutions through Internal Crowdsourcing, where the authors noted, “It allows employees to interact dynamically with coworkers in other locations, propose new ideas, and suggest new directions to management. Because many large companies have pockets of expertise and knowledge scattered across different locations, we have found that harnessing the cognitive diversity within organizations can open up rich, new sources of innovation. Internal crowdsourcing is a particularly effective way for companies to engage younger employees and people working on the front lines.” They came up with seven key elements companies should use to aid in moving such an effort forward, which apply forcefully to the CCO and compliance practitioner.

  1. Keep the focus on innovation. You should use this technique for long-term initiatives and not short-term improvements. Establish the grounds for employee creativity with criteria such as (1) ability to meet employees’ unmet needs, (2) delighting the employee, (3) the solution’s newness, (4) marketability, (5) commercial viability, and (6) scalability.
  2. Give internal crowdsourcing participants slack time. If your company wants you focused solely and only on your day job, it will, by definition, limit your participation in a company crowdsourcing project to nights and weekends. This may not be when and where you do your best work. Companies must arrange to allow employees the time and space during working hours to participate meaningfully.
  3. Allow for anonymous participation. Trust is always a key issue in these types of project. Anonymous participation can help build and maintain that trust because when organizational identities are revealed in an internal crowdsourcing project, “some individuals may feel compelled to defend their formal positions.” Companies need to ensure participants “feel safe about contributing knowledge, regardless of their seniority or role in the company.”
  4. Take steps to ensure that company experts don’t exert their influence too heavily. Internal company experts will have their ideas given additional heft if their identities are known. This can have the unintended effect of intimidating others or lessening their voices in the process. Yet you must work to keep the process open to diverse perspectives, for internal crowdsourcing to produce innovative outcomes. You should have the company’s compliance experts operate as moderators and to do what they can to encourage others to come up with compliance innovations.
  5. Use a collaborative process for internal crowdsourcing. Much like Louis Sapirman’s use of social media to communicate with and obtain information from D&B’s employee base, use of an internal crowdsourcing project has the positive by-product of engagement, stating, “It’s also to build a system through which people within the organization share knowledge, learn from one another, and offer pertinent knowledge for use in new solutions.” If you can engage your employees in compliance, you will not only have a better chance of keeping them engaged, but you will also more fully burn compliance into the fabric of your organization or operationalize compliance in your organization.
  6. Design platforms that facilitate shared development and evolution of solutions. A key to internal crowdsourcing success draws inspiration from open source software. It is that employees need to see what other employees have contributed so they can build upon it. You must find a way to share knowledge among the employee base on an ongoing basis. The authors found three major benefits to such an approach: “(1) knowledge sharing among the crowd across a variety of knowledge types (not just ideas); (2) the opportunity for coevolution of solutions by the crowd; and (3) the degree to which feedback from the crowd helps to refine ideas.”
  7. Be transparent about plans for follow-up post-crowdsourcing. Not surprisingly, one major defect around internal crowdsourcing projects is lack of follow-up and lack of transparency for the employee participants. Simply put, employees not only want to know the results but they also want to know if their ideas were used. This can be a powerful motivator for future participation or the opposite. Companies need to make the process open and fair.

By internally outsourcing compliance function enhancements, a CCO can increase employee engagement in compliance. The entire process draws from your diverse employee base which brings both organizational learning and knowledge diffusion into the continuous improvement of your compliance program. Just as the data in your organization is your data, so you should not only utilize it but monetize it; your employee base can be a large and untapped source of information which can more readily be implemented and have a more rapid impact on your compliance program going forward.

Three Key Takeaways

  1. In compliance, you are only limited by your imagination.
  2. Build trust and be transparent in your process.
  3. Through internally outsourcing compliance function enhancements, a CCO can increase employee engagement in compliance. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 20, 2017

One of the ways that CCOs and compliance practitioners can better use 360-degrees of communication is through Twitter. In “How Twitter Users Can Generate Better Ideas”, authors Salvatore Parise, Eoin Whelan and Steve Todd found “employees with a diverse Twitter network – one that exposes them to people and ideas they don’t already know – tend to generate better ideas.” Their research led them to three interesting findings: (1) Employees who used Twitter had better ideas than those who did not do so; (2) There was a link between the amount of diversity in employees’ twitter networks and the quality of their ideas; and (3) Twitter users who combined idea scouting and idea connecting were the most innovative. 

I do not think the first point is too controversial or even insightful as it simply confirms that persons who tend have greater curiosity tend to be more innovative. The logic is fairly-straightforward, good ideas emerge when new information received is shared with what a person already knows. In today’s digitally connected world, the amount of information in almost any area is significant. Yet by using Twitter, “the potential for accessing a divergent set of ideas is greater.”

The key concept for the compliance profession are the roles of Idea Scout and Idea Connector. An idea scout is an employee who looks outside the organization to bring in new ideas. An idea connector, is someone who can assimilate the external ideas and find opportunities within the organization to implement these new concepts.” It is the ability to identify, assimilate and exploit new compliance ideas, which makes this concept so powerful. However to improve your compliance innovation, “you need to maintain a diverse network while also developing your assimilation and exploitation skills.”

For the compliance practitioner, Twitter is a gateway to solution and a way to obtain different perspectives and to challenge the status quo in one’s thinking. The key is not your number of followers on Twitter but rather the diversity within your Twitter network, as “Diversity of employee’s Twitter network is conductive to innovation.” An Idea Scout will “identify external ideas from experts and resources on Twitter.” The compliance practitioner can take advantage of experts within the anti-corruption compliance field, but there is an equally rich source of innovation from those outside this arena.

Even with modern social media tools, the first key to good leadership is to listen. Listening can be enhanced, through the “breadcrumb” approach of finding innovation leaders and thought-provokers. This entails listening to colleagues and industry leaders who are Twitter “including what they are tweeting about, who they are following and replying to on the platform, who is being retweeted often”.

Equally important to this Idea Scout is the Idea Connector, who is putting the disparate strands from tweets together. For the compliance function, this will be someone who identifies compliance best practices or other information from Twitter ideas, can then put them together and direct the information to the relevant company stakeholders. Finally, such a person can “Curate Twitter ideas and matches them with company resources needed to implement them.”

There are a variety of ways an Idea Connector can use Twitter. One is to try to sift through your Twitter feed and look for trends and relationships between topics. You bring value when you stamp your own analysis and interpretation on it. Another method is to focus on analytics and one user “filtered specific subsets of the topic for different stakeholders” at his company. Another method was to create “social dashboards or company blogs based on the insight” received thought Twitter. Interesting, one of the key requirements for successfully mining Twitter was in finding ways to share its content “since many employees, especially baby-boomers don’t use the platform themselves.” Conversely by mining information from Twitter and presenting it, this can allow these ‘technologically challenged’ older employees to ascertain how they can target millennial’s.

But as much as these concepts can move a CCO or compliance practitioner to innovation in a compliance program, it can also foster additional communication through the following of your own employees. It is well known that Twitter can facilitate greater communication to and between the compliance function and its customer base, aka the company employees. The use of Twitter to enable this same type of innovation because it “is different than email and other forms of information sources in that it enables continuous engagement”.

Twitter was created to allow people to connect with one and other and communicate about their activities. However the marketing potential was immediately seen and used by many companies. Now a deeper understanding of its use and benefits has developed. For the compliance practitioner one thing you want to consider is to align your Twitter and great social media strategy with your compliance strategy; match your Twitter strategy to your compliance strategy.

Twitter can be powerful tool for the compliance practitioner. It is one of the only tools that can work both inbound for you to obtain information and insight and in an outbound manner as well; where you are able to communicate with your compliance customer base, your employees. You should work to incorporate one or more of the techniques to help you burn compliance into the DNA fabric of your organization.

 Three Key Takeaways

  1. Twitter can be powerful tool for the compliance practitioner.
  2. Data mine twitter for not only best practices but see what the regulators may be saying.
  3. Curiosity may have killed the cat but it makes for a far better and more effective compliance practitioner.

 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 17, 2017

Other than the skill of listening, asking questions is about as important to the compliance practitioner as any other that can be employed. Yet, equally critical is to ask the right question, which is an issue explored Brian Grazer and Charles Fishman explored this concept in their book “From a Curious Mind: The Secret to a Bigger Life.

Grazer is a well-known and successful Hollywood director who has directed such movies as Splash, A Beautiful Mind and Cinderella Man. He believes that much of the success he has achieved is because he asks lots of questions and that “Questions are a great management tool.” This is because “Asking questions elicits information” and it also “creates the space for people to raise issues they are worried about that a boss, or colleagues, may not know about.” By asking questions, you allow “people to tell a different story than the one you’re expecting.” Finally, and perhaps most significantly, “asking questions means people have to make their case for the way they want a decision to go.”

Getting your employees to not simply talk to you but tell you the truth about how they feel or what they may be thinking is a key skill for any leader. As a CCO, you may find this particularly difficult in far-flung reaches of an international company, which is subject to the FCPA, UK Bribery Act or other anti-bribery/anti-corruption law. Whether you are performing a risk assessment or simply getting out of the corporate home office, you need to be able to engage employees across the globe and from a variety of cultures.

Ask open-ended questions so you will not receive back a simple Yes/No answer. Some key foundational questions include, “What are you focused on? Why are you focused on that? What are you worried about? What is your plan?” By asking these or other questions, such as “What are you hoping for? What are you expecting? What’s the most important part of this for you?” as a CCO, you can get much more engagement from the people with whom you work.

Consider pursuit of a high profit deal in a high-risk geographic area. You might want to sit down with the business unit person in charge of the project and ask them, what is your plan to sign this contract and execute it, consistent with your obligations within the company’s compliance program? In doing so you are communicating two key concepts, using a 360-degree approach. First, you make clear there should be a plan in place. Second, you are make clear the employee is in charge of that plan. Therefore, by simply asking the question, you are communicating the employee has both the responsibility for the problem and the authority to come up with the solution. This type of approach allows those who so desire to step up to do so, as “It’s a simple quality of human nature that people prefer to choose to do things rather than be ordered to do them.”

Equally important are the values you can transmit by asking questions. If you do have to fly to China or some other local office, you do not want to be seen as the US corporate executive coming to deliver some bad news or that costs need to be cut. By asking questions you can solicit ideas to help solve problems. This is because asking questions creates the authority in people to come up with ideas, coupled with the responsibility for moving things forward. Questions create space for all kinds of ideas and the sparks to come up with those ideas. Most important, questions send a very clear message: We’re willing to listen, even to ideas or suggestions or problems we weren’t expecting.” This is not about being warm or fuzzy, it is demonstrating curiosity in the employee.

You should also consider asking questions in the context of 360-degrees of communication. Louis Sapirman has made clear this concept is more than simply a two-way; up and down approach. It really demonstrates not only a level of knowledge but the communication itself important in every other direction in the workplace. People should ask their bosses questions. If employees feel comfortable enough to ask these questions, it allows CCO to be clear about things that they think are clear, but more importantly which may not be clear at all. Finally, if a person asks a question, they most usually listen to the answer. This is because “People are more likely to consider a piece of advice, or a flat-out instruction, if they’ve asked for it in the first place.”

You too can use this simple and straight-forward technique to improve not only your leadership qualities in the compliance function but your organization’s compliance function as well. The reason that asking questions is so much better than simply giving orders is that you have a vast talented workforce you can tap into it help you do business in compliance. But the how of doing a business process that is, or should be, burned into your company can be facilitated by possibilities that are out there in your employees’ minds.  360-degrees of communications allows you to create an atmosphere where nobody is afraid to ask a question. Perhaps equally importantly no one is afraid to answer a question.

Three Key Takeaways

  1. Asking questions is a great technique to elicit information.
  2. Asking questions creates the authority in people to come up with ideas, coupled with the responsibility for moving things forward.
  3. Create an atmosphere where no employee is afraid to ask or answer a question. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 16, 2017

A 360-degree approach to communications entails looking at all forms of interactions as a way to interconnect. This means both verbal and non-verbal and in clues, hints in addition to directly. This concept can be particularly helpful in relating to and with cultures outside the United States as one of the things most critical issues to a compliance function is breaking through a company’s internal cultural boundaries. In “Getting to Si, Ja, Oui, Hai and Da; How to negotiate across cultures”, Erin Meyer explained that “managers often discover that perfectly rational deals fall apart when their [business] counterparts make what seem to be unreasonable demands or don’t respect their commitments.” She laid out a five-point solution that I have adapted for the CCO or compliance practitioner in communicating a compliance program across a multi-national organization.

Initially look for as many cultural bridges as you can find as it will help you understand what your international audience is communicating to you, in both verbal and non-verbal formats, during a wide variety of activities familiar to any compliance professional such as training, investigations or simple meetings where the compliance perspective must be articulated in any business setting. If you fail to have an understanding or even a person who can navigate these signs for you, here are five steps to help you out: (1) Adapt the way you express disagreement; (2) Know when to bottle it up and let it all pour out; (3) Learn how the other culture builds trust; (4) Avoid yes or no questions; and (5) Be careful about putting it in writing.

Adapt the way you express disagreement

Simply because someone disagrees with you, it is not a sign that the discussion is going poorly but that it is an invitation to engage in a lively talk. The key is to listen for verbal cues when interacting. These sources are “what linguistics experts call “upgraders” and “downgraders.” Upgraders are words you might use to strengthen your disagreement, such as “totally,” “completely,” “absolutely.” Downgraders - such as “partially,” “a little bit,” “maybe” - soften the disagreement.” It is incumbent to understand upgraders and downgraders within their own cultural context.

Know when to bottle it up and let it all pour out

Some cultures have very demonstrative ways of speaking and gesturing. However other cultures are not comfortable with such displays. You need to understand this key difference. Meyer writes, “So the second rule of international negotiations is to recognize what an emotional outpouring (whether yours or theirs) signifies in the culture you are negotiating with, and to adapt your reaction accordingly. Was it a bad sign that the Swedish negotiators sat calmly across the table from you, never entered open debate, and showed little passion during the discussion? Not at all. But if you encountered the same behavior while negotiating in Israel, it might be a sign that the deal was about to die an early death.”

Learn how the other culture builds trust

Most Americans think that building trust in a business setting is gained by demonstrating your usefulness and competency in providing solid information. However, this type of approach is not always the most effective across the globe. There are two different approaches to building trust:  cognitive and affective.

In the cognitive approach, you gain trust by “the confidence you feel in someone’s accomplishments, skills and reliability.” In short, you know your stuff and for the compliance practitioner there is usually not much higher a compliment. This type of trust is more valued by Americans, Germans, Australians and Brits. Meyer says this is the trust that comes from the head. Conversely, affective trust may be termed to come from the heart. But it is not simply emotive. It derives from “emotional closeness, empathy, or friendship.” It means that you see each other on a personal level. In the BRIC countries, Southeast Asia, trust of this type is not likely to be achieved until this type of connection can be made.

Some of the techniques you can employ to build trust are to, “Invest time in meals and drinks (or tea, karaoke, golf, whatever it may be), and don’t talk about the deal during these activities. Let your guard down and show your human side, including your weaknesses. Demonstrate genuine interest in the other party and make a friend. Be patient: In China, for example, this type of bond may take a long time to build. Eventually, you won’t have just a friend; you’ll have a deal.”

Avoid yes or no questions

This is something Americans have an innate amount of trouble getting our heads around. Most generally when we ask a direct question requiring a direct Yes-or-No answer; we expect that whichever the answer is, it will be adhered to going forward. In many other cultures that may not always be correct. In some cultures, it is rude to tell someone you respect and have trust for ‘No’ directly. While they may say ‘Yes’, they may really mean ‘No’. Conversely, even when the verbal response is a strong or even a multiple ‘No’ answer, it may simply mean that the party needs more time to respond.

This means you should try to avoid a simple Yes-or-No response, by asking a more open question that elicits additional information that will help provide the context for the answer. You should also watch body language and other signals more closely, “Even if something is affirmative, something may feel like no: an extra beat of silence, a strong sucking of breath” or a muttering. Be watchful and listen closely.

Be careful about putting it in writing

This last point may be the most difficult for the CCO and compliance practitioner, especially if you accept my mantra to Document, Document, and Document. In many cultures, even the follow up to a conversation with something in writing could well seem like a slap in the face, the lack of trust or even communicating that the listener did not comprehend what you were communicating. You may need to do some additional amount of explanation around your written compliance documentation. Do not be dogmatic about it, but emphasize the need for written materials in the appropriate situation.

Communications in compliance must be largely drawn around trust. For any compliance practitioner, this is a key to working with your employee base across the globe. Implicit in building trust is that you get out of your home office and travel to your other office locations. While you can build cognitive trust through demonstrating your usefulness to an overseas business unit from your home office in America, you will never build affective trust sitting in the corporate office. Get out and about and meet your employees and build the trust that will allow a successful a 360-degree approach to communication.

Three Key Takeaways

  1. Communications in compliance must be largely drawn around trust.
  2. Look for as many cultural bridges as you can find as it will help you understand what your international audience is communicating to you.
  3. One of the things most critical issues to a compliance function is breaking through a company’s internal cultural boundaries. 

 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 15, 2017

What if you could multiple the impact and effectiveness of your compliance program throughout your company? That would be a great boon to any compliance practitioner and compliance program. It is also something that is very possible by considering a 360-degree view of communications in compliance using multipliers. 

Liz Wiseman is the co-author with Greg McKeown of Multipliers: How the Best Leaders Make Everyone Smarter, which is a book about the various types of leaders. They focus two different types of leaders, Diminishers and Multipliers. Multipliers are leaders who encourage growth and creativity from their workers, while Diminishers are those who hinder and otherwise keep their employees’ productivity at a minimum. 

These techniques not only beneficial for every Chief Compliance Officer to use as a business leader within your organization, but also for every compliance practitioner to more fully operationalize corporate compliance programs. The also help you to understand more fully the concept of 360-degrees of communication because in every interaction you can multiply the power of your communication by using a variety of simple and even straight-forward tools and techniques. 

Multipliers increase, often exponentially, the intelligence of the people around them through communication. They lead organizations or groups that can understand and solve hard problems rapidly, achieve their goals, and adapt and increase their capacity over time. On the other hand, diminishers literally drain the intelligence, energy and capability from the employees or team members around them. They lead groups that operate in silos, find it hard to get things done, seem unable to do what’s needed to reach their goals. 

Multipliers break down into five disciplines in which they differentiate themselves from diminishers. The first is the Talent Magnet, who attracts and optimizes talent; the second is the Liberator, who creates intensity that requires an employee’s best thinking; next is the Challenger who extends challenges by having others do the hard lifting so that they can stretch themselves; next is the Debate Maker who facilitates a debate between his or her team which leads to a decision improving a process or issue; and finally is the Investor, who instills ownership and accountability with his/her employee base. Interestingly Wiseman believes that multipliers increase efficiency and productivity by two times. 

Diminishers also break down into five different prototypes. They are the Empire Builder, who is only interested in collecting very talented people around themselves so that they look good; next is the Tyrant, whose name is almost self-disclosing but ruins all those around them with their insistent criticisms; next is the Know-it-all who give directives simply to showcase how much they know limiting what their teams can achieve to what they themselves know how to do. This means the team must try to deduce, literally in the dark, the soundness of the decision instead of executing it; and finally, there is Micromanager, who generally believes they are only person who can figure something out and approach execution by maintaining ownership, jumping in and out of a project and reclaiming responsibility for problems which they have delegated. Diminishers usually reduce efficiencies by up to 50%. 

Wiseman presented several ways that a leader could use multiplier effects and I found many of them would work particularly well for the compliance practitioner who is working to operationalize a best practices compliance program. This is particularly true because it is through persuasion that compliance works best by getting other corporate disciplines to embrace compliance. 

Some of the specific multiplier techniques are to identify not only what the skills are for those on your team, but also what comes easily and natural to them. By doing so you can more effectively utilize their talents in implementing a compliance regime. Interestingly you can get employees to stretch through a technique called ‘supersizing’ where you give someone a task that may be “one size too big” for them, but allows them to grow into it. This is certainly applicable when working to operationalize compliance in business units outside the United States which may only have been dictated to previously but where not involving in doing compliance. 

As the CCO or compliance leader working to more fully operationalize your compliance program, you should work to limit your direct comments to a minimum going forward. This will allow the non-compliance team members to not only stretch themselves but also allows for more impactful intervention when necessary but the simple fact is you are intervening less. Louis Sapirman, the CCO at Dun & Bradstreet said that while he holds the office, he is not the face of compliance at the company. It is him employee base. He has literally multiplied the influence of the compliance function both inside and outside the company in this manner. 

Mistakes are going to happen in any implementation. The same is true when you are operationalizing your compliance program. To overcome this there are a couple of strategies. The first is to talk up your mistakes within the team for debriefing and analysis. The second is to actually make room for mistakes (think of a sandbox) where your team can experiment, take some risks and recover from the mistakes. 

I found her next point fascinating, which was to lead by asking questions. Every question is answered by another question. Her technique of leading with questions works with all five categories of multipliers. The reason it is so successful is that people are smart, the not only want to get things right but they want to build and eventually they will figure out how to do it. It is not simply a case of getting out of their way. It is about guiding them with your compliance expertise to come up with not only the right answer but a solution which will work. 

Now imagine applying this leadership technique as you are trying to more fully operationalize your compliance program. If you take this approach of leading by asking questions, you not only guidance the functional unit but you get greater buy-in to the entire concept and process as it becomes their process. The non-compliance team may design it and have ownership over it. 

Wiseman concluded by challenging each of us to multiply our influence to make those with work with and even work for better. You can use these skills to more fully operationalize your compliance program. If you do so, you will not only fulfill the requirements of the Department of Justice, laid out in the Evaluation of Corporate Compliance Programs, you will bake compliance into the DNA of your company by making it a part of the way you conduct your business. 

Three Key Takeaways 

  1. Multipliers are leaders who encourage growth and creativity from their workers.
  2. Diminishers are those who hinder and otherwise keep their employees’ productivity at a minimum.
  3. Multiply the influence of the compliance function both inside and outside the company in this manner.

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 14, 2017

Many compliance professionals in the corporate world work long and hard to rise to the senior management level in their organizations. It takes subject matter expertise, hard work and sometime propitious good fortune to get to the C-Suite level in a large company. However, many of the skills which work to get you there do not always serve you in the context of a 360-degree view of communication at the senior management level. 

One thing many compliance practitioners have in common is self-reliance. Not every lawyer and compliance practitioner is a Type A driven personality but many are. In many ways, it is what makes us a success. However, in the corporate world, just like any other, there are limits to self-reliance. Put another way, if you do not have a culture where everybody appreciates the importance of their role in showing the type of behavior that is expected within your organization; then you are probably not doing a very good job of driving culture.  Adam Bryant explored this theme in a New York Times (NYT) Corner Office column where he interviewed Lori Dickerson Fouché, the Chief Executive Officer (CEO) of Prudential Group Insurance. 

A key lesson is to ask for help. Fouché said it “stemmed from the fact that I had been used to thinking, “I can get through the brick wall. I can make this happen.” I was very self-reliant, and I figured that if I could do it, so could the team. So, I overworked some teams early on, and that led to an early lesson around asking for help. It’s O.K. not to have all the answers and not to be able to do everything and to put your hand up and say, “I need help.” I was so surprised by how people really wanted to help. They loved being invited into the process.” Building on the Wiseman concept of multipliers, you see how you can expand the influence only yourself and your corporate compliance function. 

From these experience, Fouché also learned to prioritize. She noted, “You simply can’t do everything. There were times I would walk into a new job, and my eyes would be huge and I would feel like a kid in a candy shop. I’d think, “Let’s just get after it,” instead of, “O.K., let’s pause. What’s the most important thing to really get after?” Being able to say “No” or “Not now” were important lessons for me.” 

Another interesting lesson concerns transparency. Fouché related “to share my thoughts so that other people could follow them. I learned an important lesson from a colleague when I was C.E.O. at another company, who said: “Lori, this is a little bit like being on the train and you’re in the front of the train and we’re in the dark. You can see the light at the end of the tunnel. But there are people who are toiling in the back, and they’re throwing coal in the engine, and they’re working the cars, and that’s all they know. You should be at the front of the train, but your job is to shorten the distance between you and the back of the train so that we can all see what you see at the front.”” 

In other words, prioritize and start the slogging work of going through the issues in front of you. It not only gives you some semblance of control but also helps you to focus on doing the next right thing. As a business leader, others in your team and cascading down will take their clues from you and begin to operate in the same analytical manner. This also ties into one of Fouché’s key points about her leadership style. 

Not only does she strive for personal transparency, she expects it from others. She said, “I expect my leaders to listen. I expect them to ask questions. I expect them to understand what’s going on. I am somewhat infamous for saying, “So how’s it going?” And they’ll say, “Great.” Then I’ll say, “How do you know?” It’s one thing when people start telling you anecdotes and it’s another thing when they can say, “Well, because we track this and we measure that.” We make sure we’re analytical in our approaches.” 

If you couple this with two characteristics Fouché looks for when hiring: resilience and perseverance; it gives you a hint on some key characteristics. This is because she believes that when “working in big companies, and you have to find a way to navigate and negotiate to an end result. It could be a winding path. Make sure that people feel like they know how to do that, and do it in a way that is respectful of the system.” You will have more success in communications and in use of social media if you first start with a relationship, particularly in getting to know the leaders in a given geographic market within your organization.

Aesop noted many eons ago that the race is not always won by the fastest but often the strongest and the steadiest. Many of the characteristics which allow you to rise within a corporation may need to be ameliorated somewhat at the C-Suite.  Fouché’s lessons around a 360-degree approach to both leadership and communications give you some good starting points.

Three Key Takeaways 

  1. Learn to ask for help.
  2. As a CCO share your thoughts so others can follow them.
  3. Leadership often involves taking employees on a winding path. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 13, 2017

The life of a Chief Compliance Officer (CCO) can be intense and the one of the most powerful tools you have is persuasion. Jenny O’Brien, CCO at United Health Care, has talked about the techniques that a CCO can use to influence decision making in a company to do business in ethically and in compliance. She has called these techniques of persuasion “Seven Steps of Influence” and advocates a CCO employ them help influence decision-making within an organization. 

  1. Collaboration. As a CCO you need to know your company’s business. If you are new to an organization you must take time to learn the business. You should sit in on sales meetings and, when appropriate, you should go out on sales call. Channeling your inner Atticus Finch, you must walk in the shoes of the business leaders you are assisting. By doing so, you will not only understand the products and services that your company offers but also the challenges that your business development team faces out in the world.
  2. You must work constantly at active listening, which is listening, thinking and then speaking, and not just jump into the middle of a conversation, talk to people in a manner that will address their concerns. When you do speak, be prepared to make the case for the compliance proposition that you are trying to get across. As a CCO, strive to be relevant in every interaction you have with your peers in senior management. This sometimes it means speaking up at meetings or other forums but sometimes it means listening. Develop a rapport with your business team and this rapport can lead to trust building.
  3. Relationships. This is relationships between the compliance function and other corporate functions in an organization, through a CCO or compliance practitioner can bring influence to bear. It all begins with building trust with others within your organization. Invest time to find others in your organization with which you want to work and with those with whom you desire to build relationships. The key relationships that a CCO or compliance practitioner can develop are with the audit function, the legal department, Human Resources, IT and corporate communications.
  4. Humility. Humility is important because it empowers. It can empower others to expand the circle of influence and get others in a corporation to influence an ever-expanding circle on behalf of compliance. The CCO does not need center stage. Echoing the DOJ Evaluation of Corporate Compliance Programs requirement that compliance should be operationalized, business units should solve compliance issues, as compliance is just another business process. Through such influence you can get business unit resources to solve a compliance problem, you will hold down the costs of the compliance function. It is not about being right but about moving the compliance ball forward in the right direction.
  5. Negotiation. A compliance practitioner you need to learn the art of compromise. Negotiation is not about the dichotomy of winning and losing an argument or debate. A CCO should strive to redefine what a win might look like or what a win might consist of for a business unit employee. When faced with such a confrontation, try to determine what both sides wanted then give them something else in addition to what they thought they wanted. A CCO can be considered a mediator not just simply an enforcer or Dr. No from the Land of No.
  6. Triple 'C'. Keep calm, cool and collected because all company employees, up and down the chain, are watching the CCO. For this reason, a compliance practitioner should channel their inner Harry Dean Stanton and have a laconic face, at all times. The Triple C’s are important because organizations look to the CCO to solve complex issues with simple solutions. When faced with a compliance issue or an obstacle you should endeavor to keep everything on an even keel and never let them see you sweat.
  7. Credibility. The final of the seven pillars was that the CCO role needs to be adequately scoped and that the accountabilities need to be clearly defined. Put another way, what is your job scope as the CCO and what is the function of the compliance department? What is your accountability to decide the resolution to an issue? As a CCO, you must demonstrate your value as a non-revenue function. This may require you to get out of your office and put on a PR campaign for compliance. A CCO needs to guard their independence in job function and reporting. You must make clear that you will have independent reporting up to the Board or Audit Committee of the Board. 

Influencing and using persuasion is not a one-time activity. It is ongoing. If you consider it within the context of the 360-degree approach to communication, it means calibrating every which manner of influence and with all your stakeholders, both inside and outside your organization. Persuasion touches all forms of communications whether those are formal communications, informal communications, or simply accidental communications. It includes using all the right methods of communications to maximize the influence you can bring to bear. 

Three Key Takeaways 

  1. Persuasion is probably the key tool for any CCO.
  2. Persuasion touches all forms of communications.
  3. Influencing, using persuasion is not a one-time activity; t is ongoing as in literally all the time. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 10, 2017

The first 100 days. Franklin D Roosevelt’s first term is the standard by which all other Presidents are measured for their first days in office. Why? It is because not only did FDR hit the ground going full speed but also passed legislation, which changed the shape of America for years to come. While the first thing he did was declare a Bank Holiday to save the nation’s banking system, he also passed significant legislation to try to stem the effects of the Great Depression. These bills included the Agricultural Adjustment Act, the Federal Emergency Relief Administration, the Civilian Conservation Corps, and, finally, the National Industrial Recovery Act. He also enacted the Truth-in-Lending and Glass-Steagall Acts to help regulate the stock market, whose collapse had heralded the economic downturn. Even if these acts did not turn the tide of the Great Depression, it gave people hope because at least it appeared FDR was doing something to fight the economic calamity.

Now imagine that you finally have been able to secure a new position as Chief Compliance Officer in the compliance field. Every company believes that they are ethical and that they certainly do business ethically but what are some of the things that you can do in your first 100 days? Hopefully you will not be dropped into a corporate situation as dire as the one FDR faced for the US in 1933 but the reality is that many new heads are still judged on these mythical first 100 days.

The key is to try and make a clear transition. The best situation is if you can take some time off to prepare yourself between your old and new positions. You should try and use this time to learn more about your new employer and supplement the information you were able to garner during the hiring process. If you cannot take time off, the article suggests studying every night to prepare for your new position. If you want to hit the ground running, you must be ready to do so.

You will be required to learn quite a bit on the job, very, very quickly. Some key areas for immediate inquiry, which include your new company’s investigations and hotline issues; the internal audit documents relating to compliance; the annual reports for any notes about investigations or other Securities and Exchange Commission issues; and a general review to see what is happening the industry to see if there are ongoing Foreign Corrupt Practices Act (FCPA) investigations or recent enforcement actions. I would suggest meeting many of your new colleagues in the organization to interview them about the company’s existing compliance program. From these interviews, you can reach out to begin to build a network for further interviews.

You need to first identify the highest compliance risks and then try to focus on the risks which are not being managed effectively. A new CCO must work quickly to determine where the highest risks are and which of these risks will have the biggest effect on the business. The part that is more challenging as managing risk while focusing on the areas that have the biggest business value can be a tricky proposition. Business value can be measured in country value, profit or reputation. It can also be measured in reducing potential exposure in fines or prosecutions, or growing revenue and profits.

You do not need to try and fix the company’s entire compliance program in the first 100 days. But you do need to find a way to identify opportunities to build both personal credibility and credibility for the compliance function within the organization. You can take on an issue, which seems to have the highest profile within the company and work towards resolving it. Some of your work may come with instituting good process and may be as simple as focusing on adding value, removing obfuscation and helping to grow the business, rather than being Dr. No from the Land of No.

One obvious thing to generate success in the corporate world is to have a good relationship with your boss. You should have important conversations around expectations, working style, resources and your personal development. To facilitate these discussions the following points are posited:

  • There is no value in trashing the existing compliance program.
  • You need to drive the discussions with your boss.
  • Your boss is looking for solutions, not problems.
  • Your boss is not interested in running through your checklist of things to do.
  • Make sure that you connect with the people that your boss values and admires, such as their mentor.
  • Set expectations.

If you have not done so through the hiring process, you should have a clear understanding of what compliance means at your new company and what your role will be. While you were hired for FCPA or other anti-bribery legislation compliance, does compliance means something broader in your new role? Are there other areas for compliance intervention such export control, anti-money laundering, harassment, data protection or third party risks?

You will probably be called on to make some difficult personnel decisions in this area but one that is necessary. Your ability to select the right people for the right positions is among the most important drivers of success during your transition and beyond. You also need to hold onto the right people. The focus for every solid manager is to concentrate on the best people and only those people – the rest should quickly be managed up or out. If compliance is seen as ‘The Land of No’ populated by one or more Dr. No characters, it is time to make a change and the sooner the better.

One of the biggest keys for any successful compliance program is the ability to influence people outside your direct line of control. Supportive alliances, with all compliance stakeholders, are necessary if you are to achieve your goals. You will need to try and identify those persons and develop relationships, then create coalitions with them. This means you will need to get out of the office and get overseas as quickly as possible. While your manager, be it the Chief Executive Officer (CEO) or other, will probably want you in the office, you need to get out of your office and build relationships in the field.

These first 100 days will be a time of very high stress. This may well be compounded by your travel schedule and working very long hours to try and fulfill the concepts. The right advice-and-counsel network is an indispensable resource. Use your outside network of mentors, coaches and friends which you have developed over the years, to discuss your part at the company and what you have been experiencing. The key is to use whatever resources are available to you during your first 100 days.

Just as FDR accelerated his actions during his first 100 days, a large part of his success was that he accelerated those around him. You should take this key component of FDR’s success to heart in your new role. Get your direct reports, bosses, and peers to accelerate their own transitions. The fact that you are in transition means they are too. The quicker you can get your new direct reports up to speed, the more you will help your own performance.

It is difficult to imagine today a harder situation than the country faced when FDR came to power in 1933. The task must have seemed overwhelming. Starting a new compliance leadership position at a new company can seem equally daunting. You need to not only think through your steps going forward but also how to execute them for maximum performance in this early part of your corporate career.

Nov 10, 2017

What is the most famous line in Shakespeare about lawyers? That is an easy one because lawyer-haters across the world (and lawyer-lovers as well) know it - First thing we do is kill all the lawyers. It comes from Henry IV, Part II. Most lawyers understand that by killing all the lawyers, it will create an atmosphere that would allow for tyranny and anarchy. Unfortunately, this clear import is not as widely seen by civilians (i.e. non-lawyers). 

The debate about whether the compliance function should be located in a company’s legal department or in a separate compliance function has largely concluded that it should be independent because of the difference in the two discipline’s mandates; many in a corporate compliance function came from the General Counsel’s office or have legal training. The lack of law schools providing training in leadership skills has led to a paucity of such proficiencies in my legal brethren. 

I was intrigued by an article in MIT Sloan Management Review, entitled “Leading by the Numbers, by Byron Hanson, where he discussed the sometimes difficult transition which financial professionals have to make when moving to broader leadership roles. I found some of his insights to be useful to the lawyer moving from a corporate legal department or large law firm into a leadership role in a compliance department.  He listed five changes needed which I have adapted for lawyers. 

Transition 1 - From Expert to Leveraging Expertise 

Most lawyers feel they are experts in the law, which can be thought of as a technical expertise. Hanson quoted the experiences of Colin Pavlovich, who said, “When I came into a senior leadership role, in the first six months I had to get used to just letting go…that you’re not in a technical role day to day with a set agenda, that you’re a professional manager and need to step away from being the expert to [being] a leader in strategy development and execution.” The key is to recognize that “leadership does not mean a loss of expertise but rather an opportunity to leverage your…skills in a more valued way.” 

Transition 2 - From Apprenticeship to Coaching 

Many lawyers still learn in the old-fashioned apprenticeship model where you learn through working with and for more “senior professional, who provide a heavy degree of oversight of their subordinates’ work to ensure that mistakes are minimal.” That is certainly true at most large law firms. It is also true that many legal assignments are so large, they can become too complex or even too complicated for a junior lawyer to handle so there is fair degree of oversight involved by senior practitioners. 

Clearly this model can build up technical expertise but when a lawyer moves into a Chief Compliance Officer role, they take on a broader remit. Hanson wrote, “Delegating, trusting, and empowering are all part of a coaching framework” which must be used for lawyers to add value once they move into a CCO role. You can use your technical expertise to help guide but you will need to allow your compliance team to grow for you to become an effective leader. 

Transition 3 - From Reporter to Translator 

Every lawyer worth his or her salt can perform triage on a contract, an acquisition or you name the legal issue and report his or her findings from the legal perspective. However, as a leader in the compliance function, your analysis must change from simply reporting on the legal aspects to a mindset of prevent, detect and remediate compliance risks before they arise and after they have arisen. Chief executives rarely need a recitation of the Foreign Corrupt Practices Act as a law; they want to know what the compliance risks are going forward. If the risk is moving into a higher category, can that risk be managed? Your ability as a CCO is to create meaning and simplicity around risk. 

Transition 4 - From the Right Answer to Multiple Possibilities 

Many lawyers tend to see one right answer for a complicated legal issue. Yet as a CCO you must “navigate complex problems that have multiple plausible answers.” In compliance, there will be a wide variety of factors that legal analysis will not consider. Hanson quoted Paul Sims for the following, “You’ve got to understand your environment and the context in which you’re presenting these numbers [legal analysis] and is that really the right answer? You need to unleash your thinking a bit.” Clearly as risk goes up the management of that risk will need to increase. As your risk management increases you will need to find ways of auditing or monitoring that risk which will aide you in making any adjusts you might need to go forward. 

Transition 5 - From Value Protector to Value Creator 

This one is probably the biggest challenge for lawyers, particularly those who move from an in-house corporate legal department to the CCO chair. The mandate of the legal department is to protect the company. The mandate of the compliance function is to prevent, detect and remediate. These are quite different. As Roy Snell has said, if lawyers could do compliance, we would not have needed to create a whole new profession. 

Yet moving to a CCO role also means seeing the world not simply through a legal lens but also through a business lens. For it is in the value created by compliance that will assure its success going forward. Lawyers must transition their thinking from conservative and risk-averse to how can we get something done in compliance. Moreover, most in-house lawyers have been assigned roles that are essentially legal risk mitigation and stewardship. If a CCO focuses too much on those areas, value creation opportunities will be missed going forward. 

The ability to think critically is still the gift that most US law schools bestow on their graduates. That ability can serve you well as an in-house lawyer and as a CCO. However, the mandates of the legal department and the compliance department are so different and in many ways divergent that the transition from one to the other is not always guaranteed to be smooth. 

Three Key Takeaways

  1. Many compliance professionals come out of the General Counsel’s office which has a different focus than the compliance department.
  2. Law schools do not prepare their students for the holistic requirements of compliance practitioner, only how to be a lawyer.
  3. Learn to read a spreadsheet. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 9, 2017

The 360-degree approach to compliance works with all the stakeholders in a compliance program, even the Document Document Document stakeholders; IE., the regulators. By using innovative techniques, one law firm came up with mechanism to present verifiable evidence to regulators, using the basic techniques of social media in operationalizing compliance as a solution to a difficult compliance issue around, of all things, honey. This example shows how creative thinking by a lawyer, in the field of import compliance, led to the development of a software application, using some of the concepts of social media. Once again demonstrating the maxim that compliance practitioners (and lawyers) are only limited by their imagination, the use of this software tool demonstrates the power of what a 360-degree view can bring to your compliance program. 

Gar Hurst, partner at the law firm of Givens and Johnston PLLC in Houston, faced an issue around US anti-dumping laws for honey that originated in China. The US Government applies anti-dumping trade sanctions to goods from a specific list of countries. They do this when a domestic interest group alleges and proves, at least theoretically, that the producers in certain foreign countries are selling their goods into the US market at below fair-market value. By doing this, they are harming the US domestic industry. The dumping duties, which can result from this, can easily be 100, 200, even up to 500% of import duties. To get around the anti-dumping laws, importers would ship Chinese originated honey to Indonesia, Vietnam or some other country and pass it off as originating from one of those locations. 

The problem that faced was how to prove the honey did not originate from China. Hurst said, “We were working with a Southeast Asian honey producer. They were in this situation where Customs was essentially treating them as though they were a Chinese producer. We’ve provided them documents. We’ve provided them invoices. We’ve provided them production documents but there was nothing that we could give them documentary that they didn’t believed could be faked. That was the problem, documents on their face are just a form of testimonial evidence. Meaning, somebody somewhere said, this honey is from the Philippines. It’s only as good as the word of the person who wrote it on. We needed something that would get beyond that problem.” 

Using awareness around communications through a smart phone, Hurst and his team came up with an idea “that with the explosion of smartphone technology which is in the hands of basically everybody in the United States and soon to be everyone in the world, these devices basically allow a person to take a picture that is geo-tagged and time and date stamped and then upload that picture to a database in the cloud. Effectively, that’s what we did.” As Hurst explained the process which they came up it was amazingly simply, “We basically created an app that resided on Android phone that they could then go around and document the collection of all these various barrels of honey and its processing. Every time they take a picture, it would be time and date stamped with geo-tagging as well. You know when and where a picture of a particular barrel of honey which we would label with some special labels so you could identify it when and where that was taken.” The product they came up with is called CoVouch

From there the information is uploaded into a secure database that Hurst and his team created in the cloud. His firm then took all the evidence they had documented that the honey originated in Indonesia, not China, and presented it to the US Customs service to show his client had not sourced its honey in China. In version 2.0 Hurst and his development team are creating a searchable database which US Customs can use to make spot checks and other determinations. 

Recognizing the level of technical sophistication of honey farmers in Asia, CoVouch is amazingly simply to use. It takes pictures, puts time stamps on them and puts geo-tags that show the location where the picture was taken and with glued or pasted on bar codes, you can trace the shipment of honey throughout its journey. But it does so in a way that tells a story. Hurst said, “you’re telling the story but the provenance, of one imported barrel of honey and how did it get to where it’s at. It’s different. That’s exactly what we’re trying to do and trying to do it in a way that is easy enough so that, as you put it, a fairly, uneducated farmer in Indonesia can do it and a busy Customs agent in the United States can review it.” 

Such a software system uses the concepts around social media to make a honey farmer a provider of documents evidence, through photographs, to meet US anti-dumping laws. But I see the application as a much broader tool that could be used by anyone who needs to verify information on delivery, delivery amounts, delivery times and delivery locations. This could be a field hand who is delivering chemicals even West Africa and does not know how to speak English. Hurst pointed to uses around whether something might be eligible for special import or export regulations due to NAFTA, whether restricted trade goods, such as those used in the oilfield industry, worked their way into Iran and even applicability under the Buy American Act around the US content in goods. 

For the compliance practitioner, you could use such a tool to not only receive information, and more importantly photographic evidence, but you could also deliver information. But the key is that you are only limited by your imagination. CoVouch could be a tool that you use internally for delivery of information and receipt of information inside your company. 

Three Key Takeaways

  1. Use the tools of social media to help tell your story of compliance.
  2. You are only limited by your imagination.
  3. Converging text, pictures and data can be a powerful tool in compliance. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 8, 2017

One of the more difficult things to predict in a merger and acquisition context is how the cultures of the two entities will merge. Further, while many mergers claim to be a ‘merger of equals’ the reality is far different as there is always one corporate winner that continues to exist and one corporate loser that simply ceases to exist. This is true across industries and countries; witness the debacle of DaimlerChrysler and the slow downhill slide of United after its merger with Continental.    

In the compliance space this clash of cultures is often seen. One company may have a robust compliance program, with a commitment from top management to have a best practices compliance program. The other company may put profits before compliance. Whichever company comes out the winner in the merger, it can certainly mean not only conflict but if the winning entity is not seen as valuing compliance, it may mean investigations and possibly even violations going forward. 

These cultural differences were discussed by Erin Meyer in the Harvard Business Review article “Being the Boss in Brussels, Boston and Beijing”. The author identified four different cultures of leadership. Somewhat surprisingly, they are not segregated by geographic region. The author found that “attitudes toward decision making can range along a continuum from strongly top-down to strongly consensual; attitudes towards authority can range from extremely egalitarian to extremely hierarchical.” The four are: (1) Consensual and egalitarian; (2) Consensual and hierarchical; (3) Top-down and hierarchical; and (4) Top-down and egalitarian. 

Consensual and egalitarian 

This type of leadership is typically found in Scandinavian countries; Denmark, Netherlands, Norway and Sweden. The author notes, “Consensual decision making sounds like a great idea in principle, but people from fundamentally nonconsensual cultures can find the reality frustratingly time-consuming.” Some of the things you should expect are decisions to take longer, with more meetings and process which requires you, as a Chief Compliance Officer (CCO), to demonstrate patience in the process. As a CCO you will be seen as a facilitator and must “take the time to ensure that the decision you make is the best one possible, because it will be difficult to change later.” 

Consensual and hierarchical 

This type of leadership is found in Belgium, Germany and Japan; where the groups favor a leader investing more time in winning support of his underlings before coming to a decision. This means that your group will expect you as the leader to be a part of the discussions while being a part of the decision-making process. You should focus on the quality and completeness of information gathered and the soundness of the reasoning process because final decisions are commitments and not “easily altered.” Yet there should be a consensus and you must “invest the time necessary to get each stakeholder on board.” 

Top-down and hierarchical 

This group has the widest geographic range, including countries as diverse as Brazil, China, France, India, Indonesia, Mexico, Russia and Saudi Arabia. It is incumbent to remember you are the boss and expected to make the decision. The key ingredient is to “Be clear about your expectations. If you want your staff to present three ideas to you before asking your opinion, or to give you input before you decide, tell them. Old habits die hard for all of us, so reinforce—with clarity and specificity—the behavior you are looking for.” Particularly as an American, you must be care as an analogy may be interpreted as a decision. 

Top-down and egalitarian 

This will be the structure that Americans are most familiar with and it includes countries most like the US: Australia, Canada and United Kingdom. Meyer believes these can be seen as speak up cultures, “no matter what your status is. You might not be asked explicitly to contribute, but demonstrate initiative and self-confidence by making your voice heard. Politely yet clearly provide your viewpoint even when it diverges from what the boss seems to be thinking.” Yet the final point, and this is what drives many other cultures crazy under this type of structure, is that decisions are not typically set in stone, there is a continual feedback loop of information which can affect a change in the decision when warranted so you must remain flexible. 

These cultures will impact your compliance program as well, in addition to your role as a leader. Simply think of your hotline and the reluctance of many cultures to ‘speak-up’ or even raise their hand when they see an ethical or compliance issue. You must work with your various cultures within your organization to overcome such reluctance. Understanding this cultural disconnect is important. For many businesses, “the greatest business opportunities lie in the big emerging economies, which include Bangladesh, China, India, Indonesia, Russia, and Turkey. In nearly every case, these are cultures where hierarchy and deference to authority are deeply woven into the national psyche.” The management style of pushing decisions down in the “organization does not fit easily into the emerging-market context and often trips up Western companies on their first ventures abroad on the business side and most certainly in the compliance realm”, particularly if there is a different perception of what might be termed ‘ethical’. 

Learning how your employees in other countries will approach decision-making and leadership will give you, as the CCO, insight into how they will approach compliance. It will require you to get out into the field to talk with folks. If your company grows organically or through mergers and acquisitions or goes the joint venture route, it will need to understand how your new employees will not only think through issues but how they will relate to instructions from the home office in America. 

Three Key Takeaways

  1. Culture clash through a merger can be extremely negative for a company.
  2. What are the cultures of leadership in your organization?
  3. Learning how your employees approach decision making can provide insight into how the will approach compliance. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 7, 2017

Next in 360-degrees of communication is the sharing of information, which Bryan Kramer discussed in his book “Shareology: How Sharing is Powering the Human Economy. It is a study of how, what, where, when and why people and brands share. 

The answer comes down to one thing: connection. He found that “People all have the desire to reach out and connect with other people, whether it’s through sharing content and having someone reply back or by sharing other people’s content and helping them out.” Kramer identified six types of people who share: 

  • Altruist: Someone who shares something specific about one topic all the time.
  • Careerist: Someone who wants to become a thought leader in their own industry, so they can see their career grow.
  • Hipster: Someone who likes to try things for the first time and share it faster than everyone else.
  • Boomerang: Someone who asks a question so they can receive a comment only to reply.
  • Connector: Someone who likes to connect one or more persons to each other.
  • Selective: This is the observer. 

All of these categories are relevant to a CCO or compliance practitioner in considering the use of social media in a compliance program. They describe not only the reasons to use social media but they can also help you to identify who in your organization might be inclined to use social media and how it can facilitate your compliance program going forward. 

The Altruist, Hipster and Careerist speak to how a CCO or compliance practitioner can be seen in getting out the message of compliance throughout your organization. Whichever category you might fall into, it is still about the message or content going forward. There is nothing negative in being one or the other if your message is useful. There is certainly nothing wrong with incorporating a little Hipster into your communication skills. As my daughter often reminds me, Dad you are so uncool that you are retro, but that is cool too. Applying that maxim to your compliance regime, if you can communicate in a manner your workforce sees as interesting or even hip, it may well help incorporation of that message into corporate DNA. 

The Boomerang, Connector and Selective categories as good ways to think about how your customer base in compliance (i.e. your employees) might well use social media tools to communicate with the compliance function. The use of social media is certainly a two-way street and every compliance practitioner must be ready to accept those communications back to you. Indeed, some comments by your customer base could be the most important interactions that you have with employees as their comments or questions could lead you to uncovering issues which may have arisen before they become Code of Conduct or compliance violations. More importantly, it could allow you to introduce a proscriptive solution which moves your program beyond even the prevent phase. 

A key message is that companies do not write the way they speak, and do not speak the language of their employees. [Even more true for lawyers!] Compliance can be seen as a brand and “brands and the people representing those brands need to change their language. If they focus on the title and the quality of the content, among other things, it’ll resonate more with their audience.” 

Sharing is a primary method to communicate and connect. In any far-flung international corporation this is always a challenge, particularly for discipline which can be viewed as home office overhead at best; the Land of No populated by Dr. No at worst. Work to hone your message through social media. Part of this is based on experimenting on what message to send and how to send it. Another aspect was based upon the Wave (of all things); its development and coming to fruition in the early 1980s. It took some time for it to become popular but once it was communicated to enough disparate communications, it took off, literally. “It’s the same thing with social media. On social media, we think something will go viral because the art is beautiful or the science is full of deep analytics, but at the end of the day it really takes time to build the community.” 

This means that you will need to work to hone your message but also continue to plug away to send that message out. The Morgan Stanley Declination will always be instructional as one of the stated reasons the Department of Justice (DOJ) did not prosecute the company as they sent out 35 compliance reminders to its workforce, over 7 years. Social media can be used in the same cost effective way, to not only get the message of compliance out but also to receive information and communications back from your customer base, the company employees. 

Three Key Takeaways

  1. What makes your employees want to share information?
  2. Facilitate mechanisms which allow sharing with the compliance function.
  3. The Morgan Stanley declination still resonates.

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 6, 2017

In this episode, I visit Lauren Briggerman and Dawn Murphy-Johnson on the Fall 2017 issue of Executives at Risk. It is newsletter put out by the law firm of Miller & Chevalier, where they both work. Some of this quarter’s highlights which discuss are: 

  1. Compelled testimony-The Second Circuit's decision overturning two convictionsin the Department of Justice's (DOJ's) London Interbank Offered Rate (LIBOR) currency manipulation investigation, which came as a result of DOJ's reliance on testimony compelled by a foreign jurisdiction. Does this decision make life for prosecutors more difficult or does it make it impossible?
  2. The German expansion of investigation into VW scandal, does this mean the German government will actually prosecute any individuals?
  3. The German prosecutorial raid on the law firm of Jones Day and documents seized from its work on the VW case. We consider where does the matter stands in light of the German Court halting prosecutors' access to seized law firm documents.
  4. We consider the matter of Thomas Haidar, the former Chief Compliance Officer from MoneyGram who was banned for three years and fined for failure to prevent money Laundering violations. We consider just how significant this case is for CCOs or does it simply follow the line of cases that says if a CCO is a part of the fraud they can be prosecuted.
  5. Judge Rakoff criticism of the US Sentencing Guidelines as "Number-Crunching Gibberish,” as he slashes a sentence for former manager.  
  6. We conclude with the recent remarks by DAG Rod Rosenstein that enforcement agencies will continue to focus on individual Defendants. We end with an exploration of Rosenstein’s recent announcement that the DOJ is looking a new policy statements so where do you all think this may go. 

For a copy of Executives at Risk: Key Developments - Fall 2017, click here.

Nov 6, 2017

I am a huge fan of using social media in your compliance function. But how can you get your arms around how to structure such a program for their company? In an article in the MIT Sloan Management Review, entitled “Finding the Right Role for Social Media in Innovation”, Deborah Roberts and Frank Pillar reviewed companies that were not deriving significant benefit from their customer facing social media efforts. I found their discussion of potential remedies as a useful tool to help CCOs design an internal company wide social media campaign. 

After acknowledging that social media focuses on the social aspects of the communication, the most important thing to remember is that communication in social media is two-way; both inbound and outbound. It helps to bring your employee base together in an efficient manner to create an environment conducive to compliance for your organization. It also has the benefit of continued engagement. It is more than putting on training or even a Compliance Week set of initiatives, you can continue the conversation and enthusiasm about compliance going forward throughout the year. 

The authors break this down further into three parts that emphasize (1) the need to listen to and learn from user-generated content; (2) the need to engage and facilitate dialogue with employee innovators; and (3) to find an audience of early adopters to create excitement and collect feedback. 

Listen First 

This is the method the authors suggest of how to generate employee insights into your compliance program “where activities are designed to extend the breadth and depth of how organizations search for innovations” even in the compliance arena. The key is that the compliance function must be listening and listening in a manner which they may not have used previously. You will need to “learn to read the signals from large, diverse, disconnected, and unstructured pools of data generated by users. In addition, they will learn to analyze and convert blog posts, tweets, and user-generated content into valuable insights for new products.” 

Compliance professionals will need the skills of both a social scientist and a data scientist. This is because compliance practitioners will need to “assimilate, combine, and utilize data from many different sources” across the globe as compliance practitioners need “to acquire skills in computational techniques to unveil trends and patterns within and between the various data sets.” The overall goal “is to sharpen their business acumen and teach them how to communicate the findings to those involved in [compliance] projects.” 

Engage and Facilitate a Discussion 

The next step is companies understand is to actively engage and involve employees in the innovation process around compliance. The overall goal is to be more collaborative to allow employees to be more involved in the design process. As a CCO or compliance professional you will learn how to engage, find, and pick the right participants, then develop the right incentives to encourage participation. Creativity is both an input and an output of the process. Managers must also develop skills in relationship building and gain experience in the art of conversation and dialogue, which is a key aspect of any collaboration. Managers must learn how to become better facilitators and community managers. 

One of the important factors is to visit with “unconventional users” to help facilitate the creative process. Here social media itself can be a powerful tool, facilitating a two-way communication street to allow the compliance function to hear and even see what business and other types in the field may see and hear. The model of involving employees for in-house innovation has always been useful to help build buy-in and acceptance but the authors also found that more diverse participation in the creation process can provide a richer developed process. 

Collect Feedback 

Social media facilitates a two-way street of communication. Social media can also afford the compliance function the opportunity to interact more directly with its customer base, the company’s employees, in a manner that is far more engaging than the old command and control approach. 

If your goal in the compliance function is to create awareness and publicize your compliance program and initiatives, social media can be a powerful tool for you. This is so paramount it should become a core activity of your compliance function. Using social media tools, your compliance function can not only tell the story of compliance but also communicate expectations and even train. Yet once again it is simply more than a one-way tool as using social media facilitates a two-way communication. Just as employees are more apt to tell you about a concern immediately or soon after they have been trained on that issue; they may well communicate directly with you after having received a social media communication on subjects such as managing of third party relationships. 

CCOs and compliance practitioners need to develop a dedicated compliance strategy around social media, in the context of your corporate objectives. It allows you a 360-degree view of compliance, through which you can take the input from your employee base and create a compliance experience that your employees will embrace. 

Three Key Takeaways

  1. Never forget that social media is a two-way communication.
  2. Company employees are the customers of the compliance department.
  3. As with all compliance issues, assess what works for your company and tailor your social media approach appropriately.

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 3, 2017

How does one company and one Chief Compliance Officer (CCO) actively use social media to make more effective the company’s compliance culture. The company is the Dun & Bradstreet (D&B) and its CCO, Louis Sapirman, whom I visited with about his company’s integration of social media into compliance. 

Sapirman emphasized the tech savvy nature of the company’s work force. It is not simply about having a younger work force. If your company is in the services business it probably means an employee base using technological tools to deliver solutions. He also pointed to the data driven nature of the D&B business so using technological tools to deliver products and solutions is something the company has been doing for quite a while. This use of technological tools led the company to consider how such techniques could be used internally in disciplines which may not have incorporated them into their repertories previously. 

Not surprisingly, with most any successful corporate initiative, Sapirman said it began at the top of the organization, literally with the company’s Chief Executive Officer, Robert Carrigan. Sapirman noted that the CEO saw the advantage of using social media internally and challenged many in his organization to take a new look at the way their functions were using social media. From there Sapirman and his team saw the advantages of using social media for facilitating a two-way communication. Sapirman comprehended the possibility for use of social media for compliance with those external to the company as well. 

Internally Sapirman pointed to a tool called Chatter, which he uses similarly to those in Twitter engaging in a Tweet-up. He has created an internal company brand in the compliance space, using the moniker #dotherightthing, which trends in the company’s Chatter environment. He also uses this hashtag when he facilitates a Chatter Jam, which is a real-time social media discussion. He puts his compliance team into the event and they hold it at various times during the day so it can be accessed by D&B employees anywhere in the world. 

He said that he seeds Chatter Jam so that employees are aware of the expectations and to engage in the discussion respectfully of others. When they began these sessions he also reminded employees that if they had specific or individual concerns they should bring them to Sapirman directly or through the hotline. However, he does not have to make this admonition any more, as everyone seems to understand the ground rules. Now this seeding only relates to the topics that each Chatter Jam begins with going forward. 

One of the concerns lawyers tend to have about the use of social media is with general and specific topics coming up on social media and the ill it may cause the organization. Sapirman believes that while such untoward situations can arise, if you make clear the ground rules about such discussions, these types of issues do not usually arise. That has certainly been the D&B experience. 

Each employee uses their own names during these Chatter Jams so there is employee accountability and transparency as well. Sapirman said they further define each communication through a hashtag so that it cannot only immediately be defined but also searched in the archives going forward. He provided the examples of specific regulatory issues and privacy. This branding also enhances the process going forward. 

I asked Sapirman if he could point to any specific compliance initiatives that arose during or from these Chatter Jams. Sapirman emphasized that these events allow employees the opportunity to express their opinions about the compliance function and what compliance means to them in their organization. One of these discussions was around the company’s Code of Conduct. He said that employees wanted to see the words “Do The Right Thing” as the name of the Code of Conduct. 

I inquired about D&B’s use of social media in connection with their third parties. Sapirman said that the company allows some of them access to its internal Chatter tools to facilitate direct communications. Further, these external contractors can connect with both Sapirman and the company through Twitter. He said that he is consistently communicating to the greater body of customers about the compliance initiatives or compliance reminders on what the D&B compliance function is doing and how it is going about doing them. He believes it is an important communications tool to make sure that he and his team are getting their compliance messages out there. 

Sapirman also described using Chatter in a manner that sounded almost like Facebook and its new live video function. He said they can deliver short video vignettes about compliance to employees. The compliance function or the employee base can develop these. 

All the initiatives Sapirman described drove home to me three key insights. The first is how compliance, like society, is evolving, in many ways ever faster. As more millennials move into the workforce, the more your employee base will have used social media all their lives. Once upon a time, email was a revelatory innovation. Now if you are not communicating, you are falling behind the 8-ball. Employees expect their employers to act like and treat them as if this is the present day, not 1994 or even 2004. 

The second is that these tools can go a long way towards enhancing your compliance program going forward. Recall the declination to prosecute that Morgan Stanley received from the Department of Justice, back in 2012, when one of its Managing Directors had engaged in FCPA violations. One of the reasons cited by the DOJ was 35 email compliance reminders sent over 7 years, which served to bolster the annual FCPA training the recalcitrant Managing Director received. You can use your archived social media communications as evidence that you have continually communicated your company’s expectations around compliance. It is equally important that these expectations are documented (Read – Document, Document, and Document). 

Finally, never forget the social part of social media. Social media is a two-way communication. Not only are you setting out expectations but also these tools allow you to receive back communications from your employees. The D&B experience around the name change for its Code of Conduct is but one example. You can also see that if you have several concerns expressed it could alert you earlier to begin some detection and move towards prevention in your compliance program. 

Three Key Takeaways

  1. How does 360 degrees of communication work in compliance.
  2. Focus on the ‘social’ part of social media.
  3. Use internal corporate social media to have a conversation.

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 2, 2017

What is the message of compliance inside of a corporation and how it is distributed? In a compliance program, the largest portion of your consumers/customers are your employees. Social media presents some excellent mechanisms to communicate the message of compliance going forward. Many of the applications that we use in our personal communication are free or available at very low cost. So why not take advantage of them and use those same communication tools in your internal compliance marketing efforts going forward.

On a Social Media Examiner podcast entitled “Social Sharing: How to Inspire Fans to Share Your Stories”, Michael Stelzner, interviewed Simon Mainwaring, author of “We First: How Brands and Consumers Use Social Media to Build a Better World”, who discussed three key components to  successful marketing, (1) Let your employees know what you stand for; (2) Celebrate their efforts; and (3) Give them a tool kit of different ways to participate. I think each of these concepts can play a key role for the compliance practitioner in internally marketing their compliance program.

Let Your Employees Know What You Stand For

In the 2012 FCPA Guidance, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) said that the basis of any anti-corruption compliance program is the Code of Conduct as it is “often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” Catherine Choe, has said that she believes “Two of the primary goals of any Code are first, to document and clarify minimum expectations of acceptable behavior at a company, and second, to encourage employees to speak up when they have questions or witness misconduct.” 

But more than the Code of Conduct, does your company really communicate that it stands for compliance? Obviously formal compliance is important but more is required to reinforce that your company has a culture of compliance throughout the organization. In other words, are you communicating what you stand for and not simply the rules and regulations of a compliance program?

Celebrate Their Efforts

The 2012 FCPA Guidance speaks to the need to incentivize employees in the company realm. The Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many Guiding Principles of Enforcement forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.” But more than simply incentives, it is important to “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well.”

Mainwaring’s concept means going beyond incentivizing. To me his word ‘celebrate’ means a more public display of success. Financial rewards may be given in private, such as a portion of an employee’s discretionary bonus credited to doing business ethically and in compliance. While it is certainly true those employees who are promoted for doing business ethically and in compliance are very visible and are public displays of an effective compliance program. I think that a company can take this concept even further through a celebration to help create, foster and acknowledge the culture of compliance for its day-to-day operations. Bobby Butler, former CCO at Universal Weather and Aviation, Inc., has spoken about how his company celebrated compliance through the event of a corporate Compliance Week celebration. He said that he and his team attended this event and used it as a springboard to internally publicize their compliance program. Their efforts included three separate prongs: they were hosting inter-company events to highlight the company’s compliance program; providing employees with a Brochure highlighting the company’s compliance philosophy and circulating a Booklet which provided information on the company’s compliance hotline and Compliance Department personnel.

Give Your Employees a Tool Kit For Compliance

A key component of any effective compliance program is an internal reporting mechanism. The 2012 FCPA Guidance states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” The Guidance goes on to also discuss the use of an ombudsman to address employee concerns about compliance and ethics. I do not think that many companies have fully explored the use of an ombudsman but it is certainly one way to help employees with their compliance concerns. Interestingly, in an interview in the Wall Street Journal with Sean McKessy, the initial and now former, Chief of the SEC’s Office of the Whistleblower, said, “companies are generally investing more in internal compliance as a result of our whistleblower program so that if they have an employee who sees something, they’ll feel incentivized to report it internally and not necessarily come to us.”

One tool a compliance practitioner can utilize in the realm of social media is Periscope. It allows you to tell a compliance story in real time, throughout your organization and beyond. They are both live streaming apps that enable you to create a video and open the portal to anyone who wants to use it. Anybody in your Twitter community can click on that link and watch whatever you’re showing on your phone. The big piece is the mobile aspect. It’s as simple as a basic tweet and hitting the “stream” button.

However, there are a wide variety of social media tools available that you can incorporate into your compliance program. Apps like Pinterest, Snapchat, Instagram and others may seem like tools that are solely suited to personal use. However, their application is much broader. As with many ideas in the compliance space, a CCO or compliance practitioner is only limited by their imagination. For these apps, they can be most useful when you tell the story of compliance in your company.

Hootsuite did a campaign called “Follow the Sun” using Periscope. They asked their employees showcase what they called #HootsuiteLife. They gave access to different people in every company office around the globe. Throughout the day, it would “Follow the Sun,” and people in different offices would log into the Hootsuite account and walk around and show off their culture, interviewing their friends, etc. They talk about the importance of culture and now they are proving it. The number of inbound applications drastically increased after people got that sneak peek into their company. Think how powerful such a presentation could be for your organization.

There is much to be learned by the CCO and compliance practitioner from the disciplines of marketing and social media. These concepts are useful to companies in getting their sales pitches out and can be of great help to you in collaborating and marketing throughout your company. These are only some of the tools which you can incorporate into your compliance program going forward but also a different way to think about who your customers are and how you are reaching them with your message of doing compliance.

Three Key Takeaways

  1. Let Your Employees Know What You Stand For.
  2. Celebrate not only successes but even employees’ efforts.
  3. Give employees a tool kit for compliance using social media.

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Oct 31, 2017

In the final episode of this month’s series of One Month to More Effective Compliance for Business Ventures, I sat down with this month’s podcast sponsor, Mike Volkov, CEO of the Volkov Law Group to explore the key insight from this month’s series. It is that business ventures, whether joint ventures (JVs), partnerships, franchises, team agreements, strategic alliances or one of the myriad types of business relationships a US company can form outside the US are different than the usual risk presented by third parties. The problems for companies is that they tend to treat business venture risk the same as third party risk. They are different and must be managed differently.

These problems continue to exist in places like China and India where there have been a number of FCPA enforcement actions involving U.S. companies which enter these market via joint ventures. They have some sort of arms-length business relationship with a Chinese or Indian company; then they move to a joint venture relationship; and as the final step they end up buying out the foreign partner so that they bring the joint venture into the company. By the time of the full merger into the US organization, the corruption is so established and ingrained that it continues. Then it is no longer them doing bribery and corruption; it is now you doing the bribery and corruption.

Volkov explained it begins with the business reason for setting up the JV. The US company wants a connected, well-placed partner who can gain them influence in the foreign market. That foreign partner may be a government official, employee of a state-owned enterprise, or a state-owned enterprise itself. He noted “by definition then the JV relationship you are creating has risks in terms of why you are even doing business with them or even bringing them to the joint venture.” The next problem is in JV governance.

The first problem was why the JV was created but the next is how it will be created? Will it be 50/50 ownership between the US and foreign partner or something else? If its 50/50 how will you split the Board or other governing body. How will resolve final disputes? All of these questions should be considered from the FCPA perspective.

Next, what are the incentives of all the parties and what were the roles that everybody was going to take on regarding the business operation. Volkov said “if you have a 50/50 joint venture then you would have a situation where the joint venture itself retains third parties or distributors.” Whose third-party risk management program will be followed? What if red flags arise, who and more importantly, how will they clear them going forward.

Next is the JV going to use lobbyists and consultants to facilitate the JV operations. The foreign partner may want to hire without such third parties with no US partner input. The bottom line is that this is an incredibly high risk which requires more than just third party risk management strategies because you need to get into the guts of the business; how it was created, how it operates and then how is it going to operate.

A different situation comes into play with franchisors and international franchising. Here the issue may be one of control and you must look at the nature of the relationship between the parties in a franchise relationship. Most franchise agreements raise significant FCPA risks. They are outside the classic agent/distributor situation a business needs to take a hard look at the nature of the business venture or how it is operating, why the people have gotten together, next look at the intricacies of the business; and finally apply a risk analysis to the entire transaction.

In addition to the following the money issues present in every business relationship, the franchisee may also hire its own third parties, have its own interactions with foreign government regulators, need to train on compliance programs and of course have its own compliance program in place. Yet how many international franchisors have thought through all of these compliance requirements. Regarding franchising, it is both structure and oversight that are required. A company must use it full compliance tool kit in managing the relationship. Sitting back, putting compliance requirements in a franchise agreement will simply not suffice. There must be active management of the compliance risk going forward on an ongoing basis.

The bottom line is that may compliance practitioners have not thought through the specific risks of business ventures such as joint ventures, franchises, strategic alliances, teaming partner or others as opposed to sales agents or representatives on the sales side of the business. I hope that this series will help facilitate a discussion that maybe people will begin to think about more of the issues and more of the risk and perhaps put a better risk management strategy in place.

Three Key Takeaways

  1. Business ventures bring different FCPA risks from third parties.
  2. JVs have both external compliance risks and corporate governance risks.
  3. Use your compliance tool kit for business ventures in managing the FCPA risk for franchises.

 Business Ventures must be managed differently than third party agents under the FCPA.

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 30, 2017

Most franchisors have thorough financial vetting requirements before allowing any person or business to become a franchisee. However, how many of these same businesses perform compliance due diligence on their prospective overseas franchises? How many US franchisors have compliance training programs? How many evaluate, on an ongoing basis, the compliance program of their overseas franchisees? How many US franchisors have a compliance hotline or other reporting mechanism for any compliance violations made against their franchisees? 

Another way to look at this issue comes from Aaron Murphy in his book, entitled “Foreign Corrupt Practices Act – A Practical Resource for Managers and Executives”. In a chapter entitled “You Do More With the Government Than You Think”, Murphy has several examples of how any US company doing business overseas will come into contact with a foreign governmental official and, thereby, create a possible FCPA liability. Many of these are areas which a US based franchisor would have to utilize to do business in a foreign country, including some or all of the following: 

  • Interactions with Customs Officials. Every time your company sends raw materials into, or brings them out of, a country there is an interaction with a foreign governmental official in the form of a customs official. Every customs transaction involves a payment to a foreign government and every transaction involves some form of a foreign governmental regulatory process. While the individual payment per transaction can be small, the amount of total transactions can be quite high, if a large volume of goods are being imported into a foreign country.
  • Interaction with Tax Officials. While interacting with international tax authorities can present problems similar to those with customs officials, the stakes can often be much higher since tax transactions may be less in frequency but higher in financial risk. These types of risks include the valuation of raw materials for VAT purposes before such materials are incorporated into a final product, or the lack of segregation between goods to be sold on the foreign country’s domestic market as opposed to those which may be shipped through a free trade zone for sale outside that country’s domestic market.
  • Licensing and Permits. Your company is a retail seller of clothes and cosmetics, franchises its operations outside the US and you do not understand how the FCPA applies to your foreign sales operations? Every physical location that you sell your goods in will require some type of license to operate your business. It could require multiple licenses such as a national license, state license and local municipal license, additionally you will need a building permit if you intend to build out or modify your retail stores.
  • Work Permits and Visas. If your company franchises overseas it will have to send someone from the home office to operate in-country at some point. In the post-9/11 world this probably means that, at a minimum, your company will have to obtain a visa for each employee who enters the foreign country and perhaps a work permit as well. The visa process can start in the United States with a trip to foreign government consulate or even the embassy and at that point you are dealing with a foreign governmental official. The work permit process can also begin in the United States but often may continue in the foreign country.
  • Inspections and Certifications. Consider the Tex-Mex restaurant chain that desires to take this cuisine across the world. In any city in the world there will be some type of certification process to enable to the business to set up and start operating and then there will be the need for ongoing inspections for sanitary conditions. Such inspections may be rare but if there is “slime in the ice machine” it may be grounds to close the restaurant. 

How would all of this play out for a franchisor? As a franchisor moves into foreign markets there could well be the temptation to “grease the skids” and make payments or offer gifts to government officials, or their family members, to get the permits or permissions necessary to open and operate. In many countries, bribery is a common way of getting business done, and there can be tremendous pressure from local agents or franchisee candidates to follow regional customs and use bribes to become or remain competitive. Even if it is not the US franchisor's own employees that engage in the FCPA violations, the US franchisor will still face the risk of an enforcement action if the franchisee’s employees engage in such conduct. 

Three Key Takeaways

  1. Franchises can bring an unexpected level of FCPA exposure.
  2. Franchisors must have more than financial vetting for potential franchisees.
  3. Use your compliance tool kit for business ventures in managing the FCPA risk for franchises.

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 27, 2017

I am often asked about franchisor liability under the FCPA. Franchising has been a successful model in the US and now many corporations are looking at overseas expansion opportunities. Franchise law has become well developed across the US, with many states developing laws to protect the rights and obligations of both parties in a franchise agreement. According to an International Franchise Association survey of nearly 1,600 franchise systems, “nearly two-thirds (61 percent) of respondents currently franchise or operate in non-U.S. markets and three-fourths (74 percent) plan to begin international expansion efforts or accelerate their current ventures immediately.” 

There are no reported FCPA enforcement actions regarding franchisors. However, the factors in a franchise relationship would appear to lead to clear FCPA responsibility of the franchisor for its overseas franchisee’s actions. Additionally, court interpretation of the FCPA has held that it is applicable where conduct, violative of the Act, is used “to obtain or retain business or secure an improper business advantage” which can cover almost any kind of advantage, including indirect monetary advantage even as nebulous as reputational advantage. As everyone knows, the FCPA prohibits payments to foreign officials to obtain or retain business or secure an improper business advantage. Nevertheless, many US companies view franchisees as different from other types of more direct sales representatives, such as company sales representatives, agents, resellers or even joint venture partners, for the purposes of FCPA liability. 

I believe that such an analysis is misguided as the DOJ takes the position that a US company’s responsibilities extend to the conduct of a wide range of business venture partners, including franchisors. It does not take too great a leap of imagination to see that a franchise relationship could be contained within this interpretation. It does not take too many legal steps to see that a franchisee’s actions can impute FCPA liability to a US franchisor. 

There are other factors, unique to the franchise relationship, which would point towards FCPA liability of the US franchisor. A US franchisor’s intent and the degree of control it exercises over its overseas franchisees’ operations are factors the DOJ/SEC might consider in determining whether to pursue a FCPA case against a franchisor for bribes made by one of its foreign franchisees. It is always in the financial interest of a US franchisor for its franchisees to be successful businesses. Additionally, most US franchisors require its overseas franchisees to use the same company name for branding. Of course, not only the initial franchise fee but the franchisee’s monthly royalty payment roll up into the books and records of a franchisor so that might well catch the attention of the SEC if there is a FCPA books and records violation. 

Most franchisors have thorough financial vetting requirements before allowing any person or business to become a franchisee. However, how many of these same businesses perform FCPA compliance due diligence on their prospective overseas franchises? How many US franchisors have FCPA compliance training programs? How many evaluate, on an ongoing basis, the FCPA compliance and program of their overseas franchisees? How many US franchisors have a compliance hotline or other reporting mechanism for any compliance violations made against their franchisees? 

Victor Vital and Jessica Parker-Battle, writing in the Franchise Law Journal, Winter 2012 Issue, in an article entitled “Implications of the Foreign Corrupt Practices Act for International Franchising”, identified several different types of franchising models, all of which demonstrate potential FCPA risks. 

The direct-unit franchising model is perhaps the most commonly used model in the United States in which a franchisor sells one of its units at a time and has direct involvement with the franchisee. There is no third party involved in the operations between the franchisor and franchisee. Therefore, it is the franchisor's responsibility to handle training, marketing, supplies, and other support to the franchisee. Here the FCPA exposure is direct. 

The area development franchising model is used where the franchisor contracts with an area developer who operates multiple local franchises in a specified geographic area. It may or may not be exclusive. The area developer will have a contract agreement with the franchisor and then separate agreements with the area franchises. Here the FCPA exposure is both direct and indirect. 

The master franchising model is typically the most used model in international franchise expansion. It generally revolves around a master franchise agreement between the US based franchisor and a master franchise agreement in a specific geographic territory. This master franchisee then contracts with third-party sub-franchisees within the specified territory. Typically, the US-based franchisor will have no contractual relationship with the international sub-franchisees. The master franchisee acts as the franchisor in the local market recruits, trains, and provides other support in the local area on behalf of the US franchisor. Here the FCPA exposure is both direct and indirect. 

The authors believe that a franchisor may not have direct involvement in conduct prohibited by the FCPA, as there may not be the requisite corrupt intent required under the statute. However, I believe unless a franchisor has an adequate compliance program in place, a franchisor may well find itself in the shoes of Frederick Bourke and sustain a finding of conscious indifference. 

Three Key Takeaways

  1. Consider the different types of international franchise agreements to help assess your compliance risk.
  2. There are no reported FCPA enforcement actions involving international franchisors, yet.
  3. Franchisors must conduct thorough research in both the foreign market they hope to enter and on their potential franchisees. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 26, 2017

Many compliance practitioners generally view distributors as a part of their third-party risk management program, with most of their attention to the pre-contract phase of the risk management process. Typically, most of the efforts are spent on due diligence with less on managing the relationship after the contract is signed.  However, many facets of a corporate relationship with a distributor are closer to those of other business venture partners. 

One of the issues in any compliance program is the compensation paid to a business venture partner as FCPA exposure arises when companies pay money - either directly or indirectly - to fund bribe payments.  In the traditional intermediary scenario, the company funnels money to a business venture partner, who then passes on some or all of it to the bribe recipient.  Often, the payment is disguised as compensation to the intermediary, and some portion is redirected for corrupt purposes.  

When companies grant distributors uncommonly steep discounts, bribes can result either: 1) because the distributor is instructed by the company to use the excess amounts to fund corrupt payments; or 2) because the distributor pays bribes on its own, without the express direction or implicit suggestion from the company to do so, to gain some business advantage. The 2012 FCPA Guidance, it noted that common red flags associated with third parties include “unreasonably large discounts to third-party distributors”.  The distributor enforcement cases offer lessons to combat the scenario, which is where legitimate companies require assistance.  

How can risk that distributors present be managed?  One mechanism is to install a distributor discount policy and monitoring system tailored to the company’s operational structure.  In virtually every business, there exists a range of standard discounts granted to distributors.  Under the approach recommended here, discounts within that range may be granted without the need for further investigation, explanation or authorization (absent, of course, some glaring evidence that the distributor intends use even the standard cost/price delta to fund corrupt payments).  

Where the distributor requests a discount above the standard range, however, the policy should require a legitimate justification.  Evaluating and endorsing that justification requires three steps: (1) relevant information about the contemplated elevated discount must be captured and memorialized; (2) requests for elevated discounts should be evaluated in a streamlined fashion, with tiered levels of approval (higher discounts require higher ranking official approval); and (3) elevated discounts are then tracked, along with their requests and authorizations, to facilitate auditing, testing and benchmarking.  This process also works to more fully operationalize your compliance regime as it requires multiple and increasingly upper levels of management involvement, approval and oversight.    

Capturing and Memorializing Discount Authorization Requests           

Through whatever means are most efficient, a discount authorization request (“DAR”) template should be prepared.  While remaining mindful of the need to strike a balance between the creation of unnecessary red tape and the need to mitigate risk, the DAR template should be designed to capture a given request and allow for an informed decision about whether it should be granted.  Because the specifics of a DAR are critical to evaluating its legitimacy, it is expected that the employee submitting the DAR will provide details about how the request originated (e.g., whether as a request from the distributor or a contemplated offer by the company) as well as explain the legitimate justification for the elevated discount (e.g., volume-based incentive).  In addition, the DAR template should be designed to identify gaps in compliance that may otherwise go undetected (e.g., confirmation that the distributor has executed a certification of FCPA compliance). 

Evaluation and Authorization of DARs 

Channels should be created to evaluate DARs submitted.  The precise structure of that system will depend on several factors, but ideally the goal should be to allow for tiered levels of approval.  Usually, three levels of approval are sufficient, but this can be expanded or contracted as necessary.  Ultimately, the greater the discount contemplated, the more scrutiny the DAR should receive.  Factors to be considered in constructing the approval framework include the expected volume of DARs and the current organizational structure.  The goal is to ensure that all DARs are vetted in an appropriately thorough fashion without negatively impacting the company’s ability to function efficiently. It also mandates the operationalization of this compliance issue into multiple disciplines within your organization. 

Tracking of DARs 

Once the information gathering, review and approval processes are formulated, there must be a system in place to track, record and evaluate information relating to DARs, both approved and denied.  This captured data can provide invaluable insight into FCPA compliance and beyond.  By tracking the total number of DARs, companies will find themselves better able to determine where and why discounts are increasing, whether the standard discount range should be raised or lowered, and gauge the level of commitment to FCPA compliance within the company (e.g., confirming the existence of a completed and approved DAR is an excellent objective measure for internal audit to perform as part of its evaluation of the company’s FCPA compliance measures).  This information, in turn, leaves these companies better equipped to respond to government inquiries down the road. 

Rethinking approaches to evaluating distributor activities is but one of the ways that the increased number of enforcement actions, 2012 FCPA Guidance and Justice Department’s Evaluation of Corporate Compliance Programs document have provided insight into how the government interprets and enforces the FCPA.  This information, in turn, allows companies to get smarter about FCPA compliance.  With a manageable amount of forethought, companies who rely on distributors can create, install and maintain systems which allow them to spend fewer resources to more effectively prevent violations.  Moreover, these systems generate tangible proof of a company’s genuine commitment to FCPA compliance, by more fully operationalizing this aspect of their compliance program.   

Many companies have been involved in FCPA enforcement actions because of distributors. This sales side channel does not receive the focus equal to that of commissioned sales agents. Yet it can present an equally large compliance risk. By using this DAR approach, you will have created a well-thought out process which will operationalize your compliance program around distributor compensation, in a manner which documents your decision-making calculus. 

Three Key Takeaways

  1. The creation of well-thought out process which operationalizes your compliance program around distributor compensation, in a manner which documents your decision-making calculus is key.
  2. Require multiple levels of approval for an out of range distributor discount.
  3. Tracking distributor discounts globally make your company more efficient. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 25, 2017

One area not usually considered around your business ventures is the financial health of the joint venture partner, teaming partner, strategic partner or any other type of business partner or relationship which might occur in a business venture. It turns out such an oversight may have some significantly ramifications for an accurate picture of a business venture partner. The financial health of a business venture partner as not only a key metric but also a key tool which allows a more robust assessment prior to contract signing and in managing the relationship after the contract has been signed. 

A business venture partner which is in a weakened financial position can come back to damage your business in a variety of ways. Obviously, a company which is under financial strain is more susceptible to cutting corners to obtain business. You can almost begin to see the fraud triangle forming at this point and a rationalization for committing a FCPA violation forming in the mind of a business venture partner. 

But it is more than simply being open to potentially illegal conduct such as violating the FCPA to get business. Cyber security is a very hot topic and will continue to be so for the foreseeable future. A company that, at the beginning of a working relationship, maybe onboarding or the due diligence procurement event, one may do a series of checks from a compliance and info security perspective and that company looks fine, it gets green lit and it comes on board as a business venture partner. Over time, if that business venture partner is weakening in its financial condition, the chances are likely that they are going to begin under-investing in maintaining the quality of their cyber security program. Over time, a business venture partner of your company may induce increased risks for a cyber security breach, because that business venture partner is weakening and are not managing the financial condition of it on an ongoing basis. This might lead to a catastrophic failure such as with Equifax where the miss a leading indicator of that cyber security problem, fail to implement a software update or patch then it is too late. It has the impact to effect revenue, effect reputation and indeed your ability to do business together moving forward.   

A database of financial health is important because “traditional risk management has focused more on protecting downside risk and detecting downside risk is being able to understand where a company or a partner exists on a spectrum of risks that can be from poor to really good, and that means a user of our data is in a position to be able to do more than just protect from a company’s failing for one reason or another, but be able to align with the strongest partners and that creates resiliency and a business venture partner ecosystem”. 

This is considering your third parties in much broader manner which allows a more robust assessment of their strengths and weaknesses. The financial health of a business venture partner may tell you how well that business venture partner will perform. Such information can be useful to you for business planning, particularly around strategic risk. Understanding the financial viability of third parties, be they traditional vendors, business partners, or even fourth parties, can help you meet your compliance requirements, maintain operational stability, through the avoidance of business disruption and support business continuity initiatives. Even better, you can cut through siloes to develop risk management strategies across multiple business functions. 

This moves compliance into the business process cycle, creates greater efficiencies and at the end of the day, more profitability. This type of approach allows the compliance function to demonstrate solid return on investment going forward. It also allows compliance to cut through many corporate siloes including such disciplines as business development, supply chain or procurement, manufacturing and finance. 

Continuous improvement through monitoring of ongoing financial health is a tool where technological solutions can have an impact. Understanding the financial viability of third parties can help the compliance practitioner meet the Department of Justice (DOJ) requirement to more fully operationalize a compliance program. It can also lead to more and better operational stability and with that ever-sought increase in corporate profitability. As compliance moves into the business process, this type of review should become part of your compliance toolkit going forward. 

Three Key Takeaways

  1. What is the financial health of your business venture partners? Do you even know?
  2. Poor financial results can open a business venture partner to engaging in risky behavior.
  3. Financial health monitoring is a key tool in maintaining ongoing monitoring of business venture partners. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 24, 2017

One area not often considered by the CCO as a key part of any compliance regime is the corporate Controller. The Controller generally has the responsibility to accurately record and report the financial transactions of the company, to design, implement and execute the financial processes and controls of the company to be both effective and efficient, and to safeguard the financial assets of the company. Some of the compliance responsibilities of the Controller include: (1) Designing and implementing internal controls that impact ethics and compliance risks; (2) Accurately recording the financial transactions of the company; and (3) Preventing and detecting fraudulent activity. All of this means, in practical terms the Controller is both being the keeper of the books and records and the implementer of internal controls. Moreover, while many of these internal controls would most probably be viewed financial internal controls, there are additional internal controls which are not financial in nature. 

Russ Berland, the Chief Compliance Officer at Dematic has noted, “Those guys live really in the battle zone. They are constantly looking at financial transactions. They’re evaluating them. They’re figuring out where things go within the books and records. They are implementing the processes that should be keeping fraud from happening; keeping bribery and corruption from happening.” 

This means that not only can the Controller be one of the compliance function’s strongest corporate allies, the role of a Controller by its nature works to operationalize compliance. This is because to implement the appropriate internal controls around compliance, the Controller must know the specific requirements of the FCPA, know what kinds of issues are likely to come up that might create a risk of bribery and corruption, all leading to an appropriate understanding of the appropriate compliance internal controls to implement. 

This is most particularly true around offshore payments, which are generally defined as payments made to a location other than the home domicile of the party or the location where the services where delivered. If a Tunisian agent who performs services in Dubai asks for payment in a location other than Dubai or Tunisia, that would qualify as an offshore payment. If you train people who are in the Controller’s group on this issue, “all of a sudden you’ll get someone in the Controller you will pick up the phone and call compliance and say ‘Hey, we just saw a request for a payment to this guy in this Middle Eastern country and we’re just not sure what it’s for.’ That’s where the controls are really working, as opposed to that person just really dealing with it on an administrative level instead of keeping your antenna up.” Those are the types of communications, when properly documented, demonstrate that your compliance program is operationalized into the fabric of the organization. 

Another way to view it is if there is a Controller control for such a scenario which notes the exception and requires the clearance of a red flag through additional investigation, elevation for approval and documentation of the entire process. This is a financial control which acts as a compliance control as well. It strengthens the company’s internal controls to both prevent and detect key compliance risks going forward.  

Another area would on a company’s Vendor Master List (VML). Some obvious internal controls are that no person or business venture partner gets paid unless they are properly on the VML; no person or business venture partner is admitted to the VML unless they have gone through the appropriate level of due diligence, which varies by task, function and country. The Controller can also put internal controls in place to prevent workarounds, which are always a bête noir for compliance. Such t financial controls also include those around the manual check process and your internal requirements for international wire transfers. Finally, even to this day petty cash continues to be a source of funds to fuel bribery and corruption. The Controller is on the front lines for petty cash. 

These issues are usually dealt with internal controls viewed as specific to controlling the outflow of money to business venture partners. These controls are housed in the Controller’s domain and are generally ‘owned’ in a corporation but the Controller’s function. Additional benefits to the corporate compliance function include the retrieval and analysis of financial data and design of internal controls. It allows the compliance function to rely on actual financial expertise rather than “home grown” financial expertise within the compliance department. It extends the compliance function influence through the Controller. Finally, the compliance function is made aware of relevant concerns found by recording transactions, executing internal controls and financial monitoring. 

These benefits are not a one-way street for compliance as a Controller benefits from a closer relationship with the corporate compliance function as well. The Controller can leverage compliance resources. The compliance function can bring its observations and insights from investigations and emerging risks to the Controller. A closer collaboration will broaden awareness of compliance risks which relate to the company’s financial processes. By more fully integrating compliance into the Controller function a more robust picture of enterprise risk emerges, one which encompasses legal, compliance, ethics, internal controls, financial, business and governance risks. 

Three Key Takeaways

  1. CCOs need to integrate the function of the Controller into their compliance regime.
  2. Offshore payments must be flagged for further investigations.
  3. The Controller is both the keeper of the books and records and the implementer of internal controls. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 24, 2017

Tom Fox: Welcome to Episode 4 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we will focus on typical myths and mistakes regarding compliance trainings. We will do it in plain language so to say and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts or more accurately misconceptions from in-house compliance reality. We check out if these concepts work at emerging jurisdictions. For each podcast, we divide roles with Timur, a practitioner who focuses on embedding compliance programs at high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince audience that that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Myth #1 Compliance training is not an entertainment. It is a very serious thing. Such trainings are about anticorruption, criminal enforcement and consequently could be delivered only by legally trained compliance team members.  Tim, do you agree with this statement?        

Tim Khasanov-Batirov: It is a very typical assumption. Let’s see what pros we have:   

Argument #1.

Obviously, the training should cover anticorruption matters based on corporate rules, local and applicable extra-territorial legislations (like FCPA, for instance). Referring to relevant enforcement cases from the specific industry is vital to make training close to reality. Should we have as trainers only lawyers from compliance team? I would say, yes. Lawyers are expected to know and naturally are close to such things as legislation, corporate rules and alike;

Argument #2.

Now let’s discuss if compliance training could be delivered in entertaining form. As we remember, Tom, may be 10 years ago compliance trainings were supposed to be dull and lengthy. They were so to say the best cure to fight insomnia. Now we have the opposite situation. In attempt to be modern, we have appealing, funny and entertaining compliance shows. The problem is that the content of training in many such cases become something secondary after the form of delivery;

Thomas:  I think, Tim that there are some cons here as well: 

Argument #1 is about having only lawyers as compliance trainers.

I believe for some audiences’ deep knowledge of regulations is not needed. This might be a case for instance when audience should understand just basic rules. Therefore, you can deploy HR team or non-lawyers from compliance department to conduct session for the staff. Moreover, lawyers tend to train employees as if they were talking to other lawyers, which is usually not the case for compliance and ethics training.

Argument #2 is about entertaining. I think the best way is to define what specific matters should be communicated and what are the best ways to do it for the target group. The answer on how to do training basically depends on corporate culture. I think the main test is whether compliance practitioner can deliver the message or no matter in what form.        

Tim: Tom, I agree with you. As we have started to talk about trainings maybe we can refer to the topic of their evaluation or as you might say in the US, their effectiveness?    

Tom: Good idea, Tim. We can formulate the next concept or maybe misconception in the following way: 

Myth #2“Do not complicate things, there is no need to evaluate compliance trainings. It is just about communicating the rules”. Tim, will you agree with this concept?  

Tim: I strongly disagree with this concept. 

To start with, training will be evaluated by participants informally. If compliance training is about rules which are irrelevant to participants or compliance session is not tailored per audience people will notice that. This situation is depicted in Episode 3 of Compliance Man comics series. Unfortunately, it is a typical problem of global companies. It looks like that: there is a requirement to conduct compliance training for local personnel using standard presentation from the HQ.  A local compliance officer conducts this training. Formally, everything is fine. In reality, participants understand nothing.

Even if you are not fan of training evaluation or it does not work in your situation for some reason here is a tip. First, do the homework and learn about the department for which you are going to conduct training. Talk to key managers to explore specifics of department’s activity, which are relevant to topic of compliance training. This will help you to tailor the session for that audience. I also strongly recommend engaging supervisor of this unit to be your co-speaker at the training session. People will follow what their boss it is telling them to do. In our case that will be compliance requirements.    

What are your views on necessity to evaluate compliance training, Tom?

Tom: I have some thoughts, which might look controversial at first sight but hopefully could be of value to compliance practitioners:

The first thing is about illusions. As you fairly depicted in Compliance Man Illustrated the feedback or evaluation of the training will pop up anyway. It will be communicated among personnel informally.   Probably you will never learn about it. Another situation, which comes to my mind. If there is colleague from compliance team or Legal man (as in the Illustrated series) who supports you he will tell you that everything was just perfect. This could be illusion as well.          

Argument #2.

Having said all that, be sure that if you are going to evaluate the training you must formulate very specific questions to avoid general answers from participants of no practical value. Some companies demand to identify the name of the participant in the training evaluation survey. Obviously, in this case you will not get impartial answers.   

But this evaluation of effectiveness is critical as the regulators, literally from across the globe, are now focusing on your compliance training program’s effectiveness. This means you must not only design appropriate questions but also test the questions and responses in a way which gives you real answers. Of course if these questions show your training is not effective, you must use that same information to revise your training so that it is effective.      

Tim: Agreed, Tom. As key takeaways from today discussion, I think we can mention the following:

  • Compliance training should not be of formal and irrelevant to audience nature. Find ways to tailor your session so your messages will be delivered and appreciated by the audience.

Thomas: Fair enough, Tim. It looks to be a practical tip. Tom Fox and Tim Khasanov-Batirov were here for you.   Join us for the next episode of Compliance Man Go Global episode of FCPA Compliance Report International Edition.  Let’s bust more corporate compliance myths with us.

Oct 23, 2017

 

Do FCPA considerations come into play for customers? How should you think about your obligations under the FCPA for a group not traditionally associated with FCPA liability or even FCPA risk? These questions and perhaps others are raised by the FCPA investigation into certain transactions in Venezuela by Derwick Associates and a US company ProEnergy Services. ProEnergy Services supplied turbines that Derwick Associates resold to the Venezuelan government and then installed in that country. This investigation demonstrates why businesses need to be more concerned with not only who they do business with but how their customers might be doing business. In banking and financial services parlance, you now need to ramp up your Know Your Customer (KYC) information to continue throughout a seller-purchaser relationship, in the context of the FCPA. 

A good starting point is the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) rules on customer due diligence. While they deal specifically with banks, brokers-dealers, and mutual funds, they inform the broader number of US commercial enterprises doing business outside the United States. They emphasize that AML programs should have four elements: 

  1. Identify and verify the identity of customers;
  2. Identify and verify the identity of beneficial owners of legal entity customers;
  3. Understand the nature and purpose of customer relationships; and
  4. Conduct ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions. 

Clearly any anti-corruption compliance based due diligence would focus on point 2. A definition of “beneficial owner” should have two prongs: 

  • Ownership Prong: any individual who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25% or more of a legal entity customer, and
  • Control Prong: An individual with significant responsibility to control, manage, or direct a customer, including an executive officer or senior manager; or (ii) any other individual who regularly performs similar functions. 

Under point 3, company needs to “Understand the nature and purpose of customer relationships”. The regulation further explained “to gain an understanding of a customer in order to assess the risk associated with that customer to help inform when the customer’s activity might be considered “suspicious.”” Such an inquiry could help a business to “understand the relationship for purposes of identifying transactions in which the customer would not normally be expected to engage. Identifying such transactions is a critical and necessary aspect of complying with the existing requirement to report suspicious activity and maintain an effective AML (or anti-corruption compliance) program.” 

The final point 4 relates to ongoing monitoring. Once again consider the position of the US Company, ProEnergy Services, in the Derwick Associates FCPA investigation. What can or should it have done in the way of ongoing monitoring of its customer. The regulation stated, “industry practice generally involves using activity data to inform what types of transactions might be considered “normal” or “suspicious.”” It may be that the Derwick Associates types of transactions were suspicious. 

FinCEN understands that information from monitoring could be relevant to the assessment of risk posed by a customer. The requirement to update a customer’s profile because of ongoing monitoring, including obtaining beneficial ownership information for existing customers on a risk basis, is different and distinct from a categorical requirement to update or refresh the information received from the customer at the outset of the account relationship at prescribed periods. Lastly “the obligation to understand the nature and purpose of customer relationships, monitoring is also a necessary element of detecting and reporting suspicious activities”. 

There does not have to be a direct bribe or other corrupt payment made by a US company to have liability under the FCPA. FCPA enforcement is littered with companies that have paid bribes through third parties. However, as the Fifth Circuit said in Kay v. US, “[W]e hold that Congress intended for the FCPA to apply broadly to payments intended to assist the payor, either directly or indirectly,” [emphasis mine]. While at first blush, ProEnergy Services may appear to be at the edge of potential FCPA liability; if it knew, had reason to know, or should have taken steps to know about some nefarious conduct by its customer, it does not take too many steps to get to some FCPA exposure. The FinCEN rules on customer due diligence for financial institutions are a good starting point for other commercial entities to base their compliance program for customers around. 

Three Key Takeaways

  1. Non-banking and non-financial service entities need to consider their KYC obligations in the context of FCPA risk.
  2. FinCEN rules on customer due diligence are a good starting point for the non-financial institution.
  3. Ongoing monitoring should be used and the information incorporated into your customer risk profile going forward. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 20, 2017

As I conclude this section on joint ventures, I want to emphasize again the risk they pose under the FCPA. Mike Volkov has stated, “A joint venture requires the integration of disparate company cultures. It can be successful, and is usually one of the significant reason for the joint venture itself.” Both parties should assess each other and decide that the joint venture is a good fit, meaning that each side will benefit. Too much time is spent on looking at the joint venture partner’s compliance toolbox (e.g. policies, procedures, and controls), and not enough time is spent on identifying compliance strengths and weaknesses. You must bring it all together with one format.

While the 2012 FCPA Guidance only provided that “companies should undertake some form of ongoing monitoring of third-party relationships”. This means that you must have an experienced compliance and audit team, actively engaged in the corporate office and in the business units, to ensure that financial controls and compliance policies are followed and that remedial measures for violations or gaps are tracked, implemented and rechecked, as additional detection and prevention. Caldwell noted it is a more encompassing “sensitization” to anti-corruption compliance that is needed. There are several ways for you to do so in a joint venture relationship. 

The starting point for the both the compliance and business management of a joint venture, is a Relationship Manager for every joint venture with which your company does business. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the joint venture. Some of the duties of the Relationship Manager may include:

  • Point of contact with the joint venture for all compliance issues;
  • Maintaining periodic contact with the joint venture;
  • Meeting annually with the joint venture to review its satisfaction of all company compliance obligations;
  • Submitting annual reports to the company’s Compliance Oversight Committee summarizing services provided by the joint venture;
  • Assisting the company’s Compliance Oversight Committee with any issues with respect to the joint venture.

Just as a company needs a subject matter expert in compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, joint ventures also need such access to such a resource. A joint venture may not be large enough to have its own compliance staff so a company should provide such a dedicated resource to joint venture, if so required. I do not believe that this will create a conflict of interest or that there are other legal impediments to providing such services. The US partner can also include compliance training for the joint venture, either through onsite or remote mechanisms. The compliance professional should work closely with the Relationship Manager to provide advice, training and communications to the joint venture. 

A company should have a Compliance Oversight Committee review all documents relating to the full panoply of a joint venture’s compliance program. It can be a formal structure or some other type of group but the key is to have the senior management put a ‘second set of eyes’ on any joint ventures. In addition to the basic concept of process validation of your risk management of joint ventures, this is a manner to deliver additional management of that risk going forward.

After the commercial relationship has begun the Compliance Oversight Committee should monitor the joint venture on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplemental risk associated with any negative information discovered from a review of financial audit reports on the joint venture. The Compliance Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company’s of joint venture’s Code of Ethics. In addition to the above remedial review, the Compliance Oversight Committee should review all compliance-impacted payments by the joint venture to assure such payment are within the company guidelines and are warranted by the contractual relationship with the joint venture. Lastly, the Compliance Oversight Committee should review any request to provide the joint venture any type of non-monetary compensation and, as appropriate, approve such requests.

A key tool in managing the affiliation with a joint venture post-contract execution is auditing. Audit rights are a key clause in any compliance terms and conditions and must be secured. Your compliance audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed. Noted fraud examiner expert Tracy Coenen described the process as (1) capture the data; (2) analyze the data; and (3) report on the data, which is also appropriate for a compliance audit. 

In addition to monitoring and oversight of your joint ventures, you should periodically review the health of your joint venture management program. The robustness of your joint venture management program will go a long way towards preventing, detecting and remediating any compliance issue before it becomes a full-blown FCPA violation. As with all the steps laid out, you need to fully document all steps you have taken so that any regulator can review and test your metrics. The Evaluation of Corporate Compliance programs lays out what the DOJ will be reviewing and evaluating going forward for your compliance program. You should also use these metrics to conduct a self-assessment on the state of your compliance program for your joint ventures. 

Three Key Takeaways

  1. It all starts with a Relationship Manager.
  2. Have company oversight of all joint ventures. Couple this with a Compliance Oversight Committee for a second set of eyes.
  3. Audit, monitor and remediate (as appropriate) your joint ventures on an ongoing basis.

What is your process for managing the compliance risk in international joint ventures.

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

1 2 3 4 5 6 7 Next » 11