The Compliance Evangelist is still on assignment in Brazil. Today, I had the opportunity to speak to a group of lawyers, compliance professionals and others at the Koury Lopes Advogados (KLA) where I was hosted by Isabel Franco. It was a very informed and dynamic group which gathered at the law firm’s offices. My remarks were around the use of data to not only drive compliance into the fabric of your business but also to make your company run more efficiently and more profitably.
Some of the questions I began with were: Can you see the pattern in raked leaves? As a Chief Compliance Officer (CCO) or compliance professional, what data do you have at your disposal? Finally, are you able to even access your own company’s data? The patterns in raked leaves come from the ability to synthesize large amounts of data so that you can see unusual patterns which might present anomalies or red flags for further compliance review. The data you have at your disposal and the access you have to your own company’s data are often questions that bedevil many compliance professionals in beginning this new phase of their compliance program.
I next detailed where you should begin. The first thing you must do is to lay out your strategy in a manner which demonstrates how it will positively impact the business. Next you need to consider who are your customers in this exercise? Obviously, your own employees are the customers of your compliance initiatives but what about any third-parties, distributors, joint venture or other business partners? Finally, how will you capture the innovations in your compliance program which bring greater value to the business.
The next series of considerations turn on not only creating your strategy but implementing it as well. Moving from the final question above on “how are we expecting innovation to create value?”, your next step should be to create a high-level plan for allocating resources to the different kinds of innovation. During the entire process you will be required to manage trade-offs so senior leaders can make the choices that are best for the whole company. Finally, as with your entire compliance program your strategy must evolve as facts and circumstances change in the business.
I next turned to some specific examples from enforcement actions where the use of Artificial Intelligence (AI) could have helped uncover bribery schemes. The first thing to remember about bribery schemes is that the money to fund the bribes must come from somewhere. Deep Throat was right when he told Woodward and Bernstein to ‘follow the money’ during their Watergate Investigation as that maxim holds true in any robust anti-corruption program. The ‘where’ the money comes from is usually theft from the corporation itself.
One of the best and most straight-forward examples of this theft through employee embezzlement was the sordid story of GlaxoSmithKline PLC (GSK) in China. There literally the entire Chinese business unit was in on the scam to create fake events, fake invoices, fake conferences and other non-existent reimbursable events to create a pot of money so great that over some 7 years, it totaled almost $500 million. The GSK in China case brings up two dimensions which AI is suited to help find such unusual patterns. The dimensions of geography and time.
The dimension of geography is simply that the price of gifts, meals and entertainment wildly differs across the globe. A meal in São Paulo, New York or Oslo will obviously be much different in cost than Houston, Birmingham, Lagos or Kuala Lumpur. There will even be regional variations in China. The dimension of time is that there will be increased gift-giving during holiday seasons across the globe. In the US or western Europe, it may be Christmastime. In China, it may be the Chinese New Year. In Vietnam, it may be during Tet. In Brazil, it may be during Carnival. All of these contribute the dimension of time.
Next consider the sales cycle and the steps where corruption could occur in it. Some of the steps may include the following: 1. A pre-sale response to a request for proposal, a bid or simply a sales initiative; 2. In this pre-bid phase there could be gifts, travel and/or entertainment (GTE) spend on any of the customers or potential customers; 3. What is the sales pricing discount range? Is it outside the standard range and have all commercial approvals been granted for any discounts given? and 4. Are there any rebates which have or will be paid to the customer?
Some of the questions you might want to consider include some of the following. What is the aggregate spend on any one foreign government official over a 12-month period by one business development (BD) representative? What was the BD spend on one foreign government official by several company BD representatives? Has there been any travel involved to tour company facilities in a location outside the country where the contract will be performed? What has been the aggregate spend for this sales initiative and was it correlated with other GTE spends? What did that correlation show?
Regarding the contract itself, some of the inquiries you can make from the data include the following. Were any discounts offered outside the standard discount range?
Were these discounts properly vetted through the internal company process?
Was the sales discounting process documented and was there senior management sign-off in place? Was the contract properly vetted by all required internal processes, i.e. by management, legal, and compliance?
Obviously any third parties you might have used could be high-risk. In addition to following a lifecycle management of third parties review, you should consider the commission rate and total compensation paid to the third parties involved. Was it within a standard range or did it exceed what had been previously paid?
Further, a charitable donation review should also be completed. Were there any charitable donations made at or near the time of the contract award? Was there any Corporate Social Responsibility (CSR) requirement written into the contract which applied going forward?
Does compliance have visibility into this or does it go through a company charitable donation group or committee?
Travel after the contract has been signed can also be a place where corruption can creep in. Did the contract specify any travel for the customer? If so did it indicate who would be involved or even make the selection? How about ongoing training and if so where and for how long? Was there a specification of business class or above travel accommodations? If there was travel agreed upon as part of the contract was the spend on these items consistent with prior travel spends?
These are just some of the inquiries you can make with the data that currently exists in your organization. But if you think about these inquiries, they are not simply compliance inquiries but they are a part of your overall business process. Remember it is a sales process and cycle and it is a contract lifecycle. This means these processes can be improved upon. This improvement is fostered by a more robust, qualitive review of your own data by your compliance function.
Thanks again to Isabel Franco and KLA for hosting me.
Innovation can not only make your compliance program more robust but your business more efficient.Click to tweet
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2018