People-ProcessIt is rare you are able to write about someone who directly changed the quality of your life. Rarer yet that you did not know about him, only what he created, until you read his obituary. That happened to me recently when I read about the death of Dr. Peter J. Jannetta in the New York Times (NYT). Dr. Jannetta discovered a rare medical condition that affects hundreds of thousands Americans. That disease is trigeminal neuralgia, which affects cranial and facial nerves. It can cause such intense pain that its nickname was the suicide disease because that was the only way for many of those afflicted to make the pain stop. Yes it is that bad.

What Dr. Jannetta discovered was that in those afflicted, the fifth cranial nerve becomes entangled with hyper small veins, arteries and capillaries would impinge on the nerve, setting off intense pain. Yet Dr. Jannetta did not stop there, as he hypothesized that if such impingement was the cause of the pain, by removing the impingement, it might end the pain. It turns out he was correct and he developed the surgery called arterial decompression.

Dr. Jannetta made these discoveries and surgical developments in the 1960s. No one in the medical profession bothered to tell me about the procedure until 2012 and I had been diagnosed with the condition in 1976. If the medical profession had been a bit more open to this diagnosis and surgical technique, perhaps I might not have suffered for so long. If you know of anyone with there condition, tell them there is hope.

I thought about Dr. Jannetta, his decades long fight for people like me against the lack of acceptance by the medical profession when I read an article in the MIT Sloan Management Review, entitled “Learning the Art of Business Improvisation, by Edivandro Carlos Conforto, Eric Rebentisch, and Daniel Amaral. In this article the authors explore the issue of improvisation and write that while it “may seem to be spontaneous, but managers can foster it in innovation projects through the deliberate development of certain processes and capabilities.” For what improvisation really comes down to is the ability to “create and implement a new or unplanned solution in the face of an unexpected problem or change.”

Compliance is certainly one area that requires such flexibility because of the ever-changing business conditions that exist in today’s multinational organizations subject to the Foreign Corrupt Practices Act (FCPA). Moreover, as we saw last week with the announcement by Novartis that its South Korean subsidiary is under criminal investigation for allegations of paying bribes to physicians, this less than 60 days after agreeing to a FCPA enforcement action which involved payment of a $25 million dollar fine for the companies actions by Chinese subsidiaries.

Whether deliberately or not, compliance departments must improvise. Such compliance “Improvisation can foster problem solving, creativity, and innovation, and it is becoming a requirement for many organizations. Although improvisation might seem to be spontaneous and intuitive, to do it well requires the development of disciplined and deliberate processes and capabilities. Managers working in dynamic, fast-paced, and highly innovative project environments should develop and refine capabilities in these three areas to create a project environment that will enhance a team’s improvisation competencies – ultimately with an eye toward improving project results and innovation.” I have adapted their piece for the compliance practitioner.

The authors believe there are three general areas which a company can improve upon to help advance its abilities to adapt and change. They are (1) Build a culture that recognizes and views changes positively. (2) Create the right team structure and project environment. (3) Provide management practices and tools that facilitate improvisation.

Build a culture that recognizes and views changes positively

Here the authors believe that change can come from teams that have a “positive attitude toward dealing with and accepting ambiguity and project changes.” Not surprisingly, this does not come from top down leadership but allowing “higher level of autonomy in making decisions.” Further, the farther out from the corporate office, the more “teams should be empowered to make decisions locally, be informed about and willing” to take make changes and provide enhanced compliance risk management, and not overly fear potential failure.

Clearly the ability to make changes requires a robust compliance regime to begin with. However, having such a system in place, particularly through internal controls, allows a compliance department to “help them to reduce uncertainty more quickly and effectively learn from their experiences. Teams equipped with a broad array of tools and techniques can use them to respond to different types of challenges. The focus should be on helping teams anticipate and recognize changing circumstances and make more rapid and accurate decisions.”

Create the right team structure and project environment

Not surprisingly a key to making improvisation work is that you have good communication between the compliance function and business unit. This is not a new concept and communications runs two ways. If the business unit sees the Chief Compliance Officer (CCO) as Dr. No from the Land of No, they will not likely be calling for assistance. Yet compliance does not always know what business opportunities arise without that information so they cannot craft appropriate risk management solutions. The authors suggest that weekly interactions between leaders and key stakeholders are good first step.

Perhaps counter-intuitively, the authors also note that smaller teams appear to have more and better success. The authors observed “greater levels of improvisation in smaller teams that displayed more self-directing and self-organizing characteristics, such as being responsible for monitoring and updating the status of their activities and deliverables.” This can allow the compliance department to play a key oversight and support role “on the aggregated information and on more strategic issues related to the project.”

Provide management practices and tools that facilitate improvisation

Finally the authors found that “teams with greater improvisation characteristics were more likely to use agile management approaches, techniques, and tools. In fact, teams that embraced an agile approach were nine times more likely to have high levels of improvisation compared with teams that used a more traditional (waterfall) approach.” This means that not only will a command and control structure not be able to move as quickly and efficiently but also you need to operate at a level of sophistication beyond simply spreadsheets.

The authors also found, “The agile methods we observed in the teams with higher levels of improvisation included iterative development, supported by recurring delivery of higher-value deliverables; constant interactions between stakeholders and the project team; the use of visual tools to collaboratively manage the project with team members; and active involvement with the client and/or user in the development process.”

The ability to be agile is an important component of any best practices compliance program. The need to respond to business changes is always paramount. Yet there is no end to the variety of corrupt schemes engaged in by company employees. The Novartis matter in South Korea allegedly involved bribery through excessive payments for articles published in medical journals. Just as the bribery and corruption scandals involving GlaxoSmithKline PLC (GSK) and others in China demonstrate new and creative ways to put pots of money together to pay bribes, the Novartis issues may show another area that bears compliance scrutiny. A compliance function must be ready to adapt. When you do improvise, be sure to document it.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Lear's FoolI conclude my week honoring the 400th anniversary of the death of Shakespeare by using my favorite character in all his work to introduce today’s post. He is The Fool from King Lear. Of Shakespeare’s many theatrical innovations, his transformation of The Fool from the Renaissance Court Jester of songs, music, storytelling, medieval satire and physical comedy to commentator is right up there for me. The Fool became closer to the Greek Chorus. Shakespeare brought the Chorus commentary function back. As noted in Wikipedia, “Where the jester often regaled his audience with various skills aimed to amuse, Shakespeare’s fool, consistent with Shakespeare’s revolutionary ideas about theater, became a complex character who could highlight more important issues. Like Shakespeare’s other characters, the fool began to speak outside of the narrow confines of exemplary morality. Shakespeare’s fools address themes of love, psychic turmoil, personal identity, and many other innumerable themes that arise in Shakespeare”.

While Lear’s Fool was actually a font of wisdom and commentary, the same cannot always be said for the corporate fools who put evidence of bribery and corruption in emails, excel spreadsheets and PowerPoint slide deck presentations. In Foreign Corrupt Practices Act (FCPA) training I always remind attendees that if you put your bribery scheme in emails, it will be uncovered. Further, if you put together an excel spreadsheet tying your nefarious acts, such as hiring the family member of a foreign official or state owned enterprise employee to the award of a contract, it will be uncovered. Now I find I must supplement my training to add the following admonition: do not put your fraudulent scheme in a PowerPoint slide deck for presentation to senior management.

The issue previously arose with our friends at GlaxoSmithKline PLC (GSK) who put together such a presentation in 2013 for targeted bribery campaign code named “Vasily” borrowing its name from Vasily Zaytsev, a noted Russian sniper during World War II. According to Wall Street Journal (WSJ) reporter Laurie Burkitt the campaign “targeted 48 doctors and planned to reward them with either a percentage of the cash value of the prescription or educational credits, based on the number of prescriptions the doctors made.” While Burkitt did note “A Glaxo spokesman has said the company probed the ‘Vasily’ program and [the] investigation has found that while the proposal didn’t contain anything untoward, the program was never implemented.” But, from my experience, if you have a bribery scheme that has its own code name enshrined in a PowerPoint slide deck presentation, even if you never implemented that scheme, it probably means that the propensity for such is pervasive throughout the system.

Yet now we have more and greater evidence of corporate tomfoolery from the Volkswagen (VW) emissions-testing scandal. In an article in the New York Times (NYT), entitled “VW Presentation in ’06 Showed How to Foil Emissions Tests”, Jack Ewing reported that a top technology executive at VW prepared a PowerPoint presentation for management in 2006, laying out in detail how the automaker could cheat on emissions tests in the United States. Ewing wrote, “It provides the most direct link yet to the genesis of the deception at Volkswagen, which admitted late last year that 11 million vehicles worldwide were equipped with software to cheat on tests that measured pollution in emissions.”

The article noted, “It is not known how widely the presentation was distributed at Volkswagen. But its existence, and the proposal it made to install the software, highlight a series of flawed decisions at the embattled carmaker surrounding the emissions problem.” Moreover, “As the PowerPoint underscored, people inside Volkswagen were aware that its diesel engines were polluting significantly more than allowed. Yet company executives repeatedly rejected proposals to improve the emissions equipment, according to two Volkswagen employees present at meetings where the proposals were discussed.”

As more and more of the internal investigation dribbles out, VW’s claim that its emission-testing defeat device was the creation of a small group of ‘rogue engineers’ is rightly dying a death of 1000 cuts. The company began to understand that “The pattern of those [regulatory] tests, the presentation said, was entirely predictable. And a piece of code embedded in the software that controlled the engine could recognize that pattern, activating equipment to reduce emissions just for testing purposes.” This language demonstrates not only the reason behind the defeat device but the requisite mens rea to prove intent to deceive.

But VW did not stop at this aha moment of realization. The company made the defeat device better over the years. The article reported that the defeat device had been enhanced over the years. The software that allowed VW cars to appreciate when the car was being tested, differentiated from when the car was in use on the road. It measured such criteria as determining whether the steering wheel was in use and “During regulators’ tests, the engine software would turn up the pollution controls. When it was on the road, equipment designed to neutralize harmful nitrogen oxides would turned down, resulting in emissions that were up to 40 times the legal limit.” In tech terms, the software was upgraded from defeat device 1.0 to 2.0 and beyond to “detect other telltale signs of a regulatory test.”

The rogue employee defense was never going to work. To have software in place for over 10 years designed to defraud a regulatory scheme, requires a wide swath of knowledge in any organization. But not only within the organization, those vendors in the supply chain, which supplied component parts or products had to be in on the entire scheme as well. Moreover, the very top of the company has been shown to have been aware of these issues. Ewing said, “The management board led by Martin Winterkorn, the chief executive who resigned in September after the admission of cheating, repeatedly rebuffed lower-ranking employees who submitted technical proposals for upgrading the emissions controls, according to the two people who attended meetings where the proposals were discussed. The management board rejected the proposals because of cost”.

You might think only idiots would put into emails, spreadsheets and PowerPoint presentations not only intent to violate laws but also their plans. As bad as all of this is, it points to an even greater insight relevant to FCPA enforcement, that being the Myth of the Rogue Employee. Davide Torsello and Alison Taylor, in a post in the FCPA Blog, detailed some of the major reasons why the myth is just that, a myth. The VW PowerPoint adds yet another spike in its coffin. If your corporate culture is such that you not only communicate internally about illegal conduct but also record those communications, it speaks to a culture that supports and embraces skirting the rules. Commentators who claim that companies should not be punished by the actions of a small group of employees miss this greater truth; these employees would not engage in illegal conduct if their company, either through compensation, succession or other remuneration, did not reward them for engaging in such conduct.

That is the greater truth that Lear’s Fool would impart to corporate management.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

OthelloWhich play in Shakespeare’s cannon presents the biggest clash of cultures, which leads to the most catastrophic result? I would have to opine Othello, one of the great tragedies in all of Shakespeare. Othello, a Moor and General in the service of the Venetian republic, wins great honors on the fields of battle with the Turks. He also wins the hand of the lovely Desdemona. However, off the battlefields, Othello falls prey to the whiles of Iago, who convinces Othello of the infidelity of his bride. Othello murders his wife and then, realizing his mistake, takes his own life.

There are many culture clashes going on in the play. The military ethos vs. the deceit of civilian life, African tribal culture vs. the isolation of life in Venice, and even the warm bloodedness of a Moor vs. the chilly civilization of 16th century Venice. Yet it all leads to one thing – destruction.

One of the more difficult things to predict in a merger and acquisition (M&A) context is how the cultures of the two entities will merge. Further, while many mergers claim to be a ‘merger of equals’ the reality is far different as there is always one corporate winner that continues to exist and one corporate loser that simply ceases to exist. This is true across industries and countries; witness the debacle of DaimlerChrysler and the slow downhill slide of United after its merger with Continental.

In the Foreign Corrupt Practices Act (FCPA) space this clash of cultures is often seen. One company may have a robust compliance program, with a commitment from top management to have a best practices compliance program. The other company may put profits before compliance. Whichever company comes out the winner in the merger, it can certainly mean not only conflict but if the winning entity is not seen as valuing compliance, it may mean FCPA investigations and possibly even FCPA violations going forward.

A recent article by Andrew Hill, in the On management column in the Financial Times (FT), entitled “Dealmakers need new tools to predict M&A culture clash”, he focused on the fact that the “potential for cultural mismatch is usually one of the first red flags raised over complex deals.” He went on to state, “There is a crying need to improve the supposedly softer side of dealmaking and cut the great financial and psychological cost of finding out too late that the partners do not get on.”

Hill recognizes it is often difficult to begin such a discussion without engaging in cultural anecdotes or even cultural stereotypes, such as the French and the Americans will never get along or even appreciate how the other does business. Even such tried and tested methods based on “observation and interview can be unsystematic or prone to bias.” He also points out the problems with self-reported surveys that “go stale quickly or suffer from self-censorship.” This is even truer when one company has an ethos of punishing those who actually answer surveys honestly or report incidents. Finally, Hill notes that even questions by one group towards the other can bring a certain biting critique.

Of course all of this comes in the context of the employees from the acquired side that may be fearful for their jobs and employment prospects going forward. I once asked a friend going through a takeover what it was like and he said it was every employee for him or herself, each wondering when they would get axed. Certainly that is not positive either.

Yet even when working towards merging cultures in systematic manner, companies can make miss-steps. Hill points to the Hewlett-Packard acquisitions of Compaq as a classic example. He noted that after the two entities had “poured hours into their due diligence on their contrasting cultures before the deal was complete” which included 138 focus groups, consisting of 127 executives and 1600 staff in 22 countries, they still could not get it right. He pointed to the Compaq cultural value of keeping in touch with all employees through routine reports of what projects they were working on, clashing with the HP culture which saw this same action as “being micromanaged and not trusted.”

The quandary of how to determine cultural clashes is an ongoing problem during any acquisition. However, Hill reported that a new approach may provide some insight. A study, by University of California Professor Sameer Srivastava and Stanford University Professor Amir Goldberg, looked at it from a different angle; the email angle. They crunched “the language in 10.3m internal emails sent over five years by staff at a medium-sized technology company. Comparing the results against personnel records, they were able to map the trajectory of staff as they joined, got used to the culture and stayed, quit or were forced out. Among the findings: the reciprocal use of swear words in emails is one important clue to cultural fit; so are message exchanges about families.”

As Hill dryly noted, “Such studies are valuable not only for those building sweary or homely teams. They could tell managers more about subgroups within supposedly monolithic organisations”. I have previously written about Catelas, a software company that can review your internal emails to determine patterns that might detect nefarious conduct. If you couple the power of such software with the insights of Professors Srivastava and Goldberg, you might be able determine areas of compliance trouble in a merged entity.

This is all the more important with the compressed time frames required after an M&A to complete the acquisition integration as set out in the Ten Hallmarks of An Effective Compliance Program, as laid out in the 2012 FCPA Guidance. Coupled with the Opinion Release 08-02, involving Halliburton and two enforcement actions, Data Systems & Solutions LLC (DS&S) and Johnson and Johnson (J&J), the time frames for your post-acquisition, integration, investigation and any remediation are quite tight. The DOJ makes clear that rigor is needed throughout your entire compliance program, including M&A. This rigor should be viewed as something more than just complying with the FCPA; it should be viewed as just making good business sense.

FCPA Post-Acquisition Time Frame Summary 

Time Frames Halliburton 08-02 J&J DS&S
FCPA Audit 1.     High Risk Agents – 90 days

2.     Medium Risk Agents – 120 Days

3.     Low Risk Agents – 180 days

18 months to conduct full FCPA audit As soon “as practicable
Implement FCPA Compliance Program Immediately upon closing 12 months As soon “as practicable
Training on FCPA Compliance Program 60 days to complete training for high risk employees, 90 days for all others 12 months to complete training As soon “as practicable

Using the approach laid out by the Professors might well give you a leg up on any potential problems that need to be investigated, remediated and reported so that you can receive the benefits of meeting the post-acquisition time lines for a safe harbor. Such an analysis might also tell you if an acquired company or merger partner is as serious about compliance as your company is going forward.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016