I am beginning to feel this week’s theme becoming all-encompassing. As hard as I might try, it looks like it will be the Houston Astros second World Series appearance. During the first one back in 2005, I was in the corporate world, in the legal department and most assuredly not blogging. Just goes to show what a difference 12 years can bring.

Yesterday, I blogged about Satan’s Press Conference upon hearing the Astros were back in the World Series and there is real possibility that Hell can freeze over (predicted if the Astros ever win the World Series by every fan in Houston). The seminal play from the ultimate game was when Alex Bergman threw out Greg Bird at home plate on Todd Frazier’s infield dribbler in the fifth inning, to maintain the shutout and shut down the Yankees.

The situation was that were Yankee runners on first and third with one out. The Astros had clearly practiced the play and some idea of what to expect in that situation. The Astros catcher Brian McCann, had signaled the play to be made to the entire infield before Bird stepped to the plate. The two pitches thrown by Astros pitcher Charlie Morton were both inside fastballs designed to induce a ground ball to the left side of the infield. When Bergman fielded the ball, he did not even try to get a double play or even go the safest route by getting one out at first base. He gunned it to home. It still took a great catch by Bergman, with a perfect throw to McCann behind the plate; who then held onto the ball as Bird slid into it for the out to be called.

In compliance parlance, it was all about process. A situation has been practiced so a plan was in place to utilize when the risk of a man on third with a runner on first appeared. The correct risk management strategy was then called by the head of the infield, the catcher. The rest of the infield, in the person of Bergman, executed the risk management strategy to perfection. The result was a running saving out and the game momentum solidified for the Astros.

What I was not aware of until today was that precise situation had occurred only a few weeks ago in the regular season. Bergman had tried to start a double. After the game, Houston Manager A.J. Hinch pulled him aside and said that in the playoffs, it is more important to save a run than get two outs. This is because in the playoffs, runs become much, much more valuable. More valuable than even the single run themselves as they can shift the momentum of an entire series.

I thought about the manager’s words to Bergman which caused him to make a decision in the playoffs that was different to the one he made in the regular season. How would a Board of Directors consider such a scenario? In the strategic management of risk, the key is for the Board of Directors to use their expertise and ask the right questions. The problem is that many Board members do not know what questions to ask in this area. Some of the following are good areas to begin your inquiry.

  • What is the risk assessment process? When was the last time your risk assessment was performed? Was it enterprise wide or limited in scope?
  • How effective is your overall risk assessment process? Is it stale? Here you are focusing not so much on the recency of your risk assessment but have corporate circumstances changed so that the risks which were previously assessed?
  • Who is involved in the risk assessment process? Was it performed in-house? Did you bring in a regular service provider who may have created the processes which are now being assessed?
  • Does the risk assessment process take into account any new legal or compliance best practices developments? Technology development speeds along for every business. Even the Department of Justice (DOJ) recognizes this in every Deferred Prosecution Agreement (DPA) it enters into for Foreign Corrupt Practices Act (FCPA) violations by requiring companies to take into account relevant developments in the field and evolving international and industry standards for best practices in compliance.
  • Are there any new operations that pose substantial compliance risks for the company? Where has your company moved geographically or product-wise? Have there been any significant acquisitions or other business developments which have changed thing for the company?
  • Is your company tracking enforcement trends? 2016 was one of the most significant years in FCPA enforcement but anti-corruption enforcement is only one of the major risk developments which can be derived from reviewing the FCPA enforcement actions. The Wells Fargo fraudulent accounts scandal, the Uber scandal, Harvey Weinstein scandal and the ongoing Volkswagen (VW) emissions-testing scandal continue to resonate throughout the business world.
  • Equally important, are any competitors facing enforcement actions? This piece of information has long been a real source of information to Chief Compliance Officers (CCOs) as they have assessed and opened internal investigations based on enforcement actions involving competitors. In a speech, last year at the ACI National FCPA Conference, then Securities and Exchange Commission (SEC) Director of Enforcement, Andrew Ceresney, said that hedge funds and private equity companies will continue to be under SEC scrutiny for FCPA violations around their hiring practices for family members of foreign government officials, as well as other violations of US securities laws. If you are on the Board of such an entity, you might want to ask some very pointed questions about now.
  • Has the company moved into any new markets which impose new or additional risks? This moves beyond the questions I suggested above to consider such things as supply chain and supplier risk. Even a name and shame law like the California Supply Chain Transparency Act can cause reputational damage. Aggressive states’ Attorney Generals or other state regulators are now armed with a new law to enforce.
  • Has the company developed any new product or service lines which change the company’s risk profile? As there will always be some business development along these lines, what changes have increased risk for your business? 

For a Board of Directors to be truly effective and informed it must know where the company stands not only now, but also knows that the company has a strategic plan for the management of risk going forward. Arnold & Porter LLP partner Stephen Martin suggests that such knowledge is encapsulated in a 1-3-5-year compliance game plan. I would add that this formulation should be expanded to encapsulate greater risk management. Yet a compliance program must be nimble enough to respond to new information or actions, such as mergers or acquisitions (M&A), divestitures or other external events. If something dramatically changes, you want to get your Board’s attention on the changes which may need to happen with your risk management program. This type of agility is best accomplished by obtaining buy-in from the Board through its understanding of the role of forecasting a compliance program going forward.

I hope you are ready for some compliance lessons from baseball as I have the distinct feeling they will be coming down the pike all week. The Astros demonstrated how a robust risk management protocol can work so that if you practice for the situation, when a very high risk arises, and you are ready to implement a risk management strategy, you can obtain even greater results. In the business world, such an approach can lead to greater profits. For the Astros, it contributed their appearance in the 2017 World Series.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017