Lear's FoolI conclude my week honoring the 400th anniversary of the death of Shakespeare by using my favorite character in all his work to introduce today’s post. He is The Fool from King Lear. Of Shakespeare’s many theatrical innovations, his transformation of The Fool from the Renaissance Court Jester of songs, music, storytelling, medieval satire and physical comedy to commentator is right up there for me. The Fool became closer to the Greek Chorus. Shakespeare brought the Chorus commentary function back. As noted in Wikipedia, “Where the jester often regaled his audience with various skills aimed to amuse, Shakespeare’s fool, consistent with Shakespeare’s revolutionary ideas about theater, became a complex character who could highlight more important issues. Like Shakespeare’s other characters, the fool began to speak outside of the narrow confines of exemplary morality. Shakespeare’s fools address themes of love, psychic turmoil, personal identity, and many other innumerable themes that arise in Shakespeare”.

While Lear’s Fool was actually a font of wisdom and commentary, the same cannot always be said for the corporate fools who put evidence of bribery and corruption in emails, excel spreadsheets and PowerPoint slide deck presentations. In Foreign Corrupt Practices Act (FCPA) training I always remind attendees that if you put your bribery scheme in emails, it will be uncovered. Further, if you put together an excel spreadsheet tying your nefarious acts, such as hiring the family member of a foreign official or state owned enterprise employee to the award of a contract, it will be uncovered. Now I find I must supplement my training to add the following admonition: do not put your fraudulent scheme in a PowerPoint slide deck for presentation to senior management.

The issue previously arose with our friends at GlaxoSmithKline PLC (GSK) who put together such a presentation in 2013 for targeted bribery campaign code named “Vasily” borrowing its name from Vasily Zaytsev, a noted Russian sniper during World War II. According to Wall Street Journal (WSJ) reporter Laurie Burkitt the campaign “targeted 48 doctors and planned to reward them with either a percentage of the cash value of the prescription or educational credits, based on the number of prescriptions the doctors made.” While Burkitt did note “A Glaxo spokesman has said the company probed the ‘Vasily’ program and [the] investigation has found that while the proposal didn’t contain anything untoward, the program was never implemented.” But, from my experience, if you have a bribery scheme that has its own code name enshrined in a PowerPoint slide deck presentation, even if you never implemented that scheme, it probably means that the propensity for such is pervasive throughout the system.

Yet now we have more and greater evidence of corporate tomfoolery from the Volkswagen (VW) emissions-testing scandal. In an article in the New York Times (NYT), entitled “VW Presentation in ’06 Showed How to Foil Emissions Tests”, Jack Ewing reported that a top technology executive at VW prepared a PowerPoint presentation for management in 2006, laying out in detail how the automaker could cheat on emissions tests in the United States. Ewing wrote, “It provides the most direct link yet to the genesis of the deception at Volkswagen, which admitted late last year that 11 million vehicles worldwide were equipped with software to cheat on tests that measured pollution in emissions.”

The article noted, “It is not known how widely the presentation was distributed at Volkswagen. But its existence, and the proposal it made to install the software, highlight a series of flawed decisions at the embattled carmaker surrounding the emissions problem.” Moreover, “As the PowerPoint underscored, people inside Volkswagen were aware that its diesel engines were polluting significantly more than allowed. Yet company executives repeatedly rejected proposals to improve the emissions equipment, according to two Volkswagen employees present at meetings where the proposals were discussed.”

As more and more of the internal investigation dribbles out, VW’s claim that its emission-testing defeat device was the creation of a small group of ‘rogue engineers’ is rightly dying a death of 1000 cuts. The company began to understand that “The pattern of those [regulatory] tests, the presentation said, was entirely predictable. And a piece of code embedded in the software that controlled the engine could recognize that pattern, activating equipment to reduce emissions just for testing purposes.” This language demonstrates not only the reason behind the defeat device but the requisite mens rea to prove intent to deceive.

But VW did not stop at this aha moment of realization. The company made the defeat device better over the years. The article reported that the defeat device had been enhanced over the years. The software that allowed VW cars to appreciate when the car was being tested, differentiated from when the car was in use on the road. It measured such criteria as determining whether the steering wheel was in use and “During regulators’ tests, the engine software would turn up the pollution controls. When it was on the road, equipment designed to neutralize harmful nitrogen oxides would turned down, resulting in emissions that were up to 40 times the legal limit.” In tech terms, the software was upgraded from defeat device 1.0 to 2.0 and beyond to “detect other telltale signs of a regulatory test.”

The rogue employee defense was never going to work. To have software in place for over 10 years designed to defraud a regulatory scheme, requires a wide swath of knowledge in any organization. But not only within the organization, those vendors in the supply chain, which supplied component parts or products had to be in on the entire scheme as well. Moreover, the very top of the company has been shown to have been aware of these issues. Ewing said, “The management board led by Martin Winterkorn, the chief executive who resigned in September after the admission of cheating, repeatedly rebuffed lower-ranking employees who submitted technical proposals for upgrading the emissions controls, according to the two people who attended meetings where the proposals were discussed. The management board rejected the proposals because of cost”.

You might think only idiots would put into emails, spreadsheets and PowerPoint presentations not only intent to violate laws but also their plans. As bad as all of this is, it points to an even greater insight relevant to FCPA enforcement, that being the Myth of the Rogue Employee. Davide Torsello and Alison Taylor, in a post in the FCPA Blog, detailed some of the major reasons why the myth is just that, a myth. The VW PowerPoint adds yet another spike in its coffin. If your corporate culture is such that you not only communicate internally about illegal conduct but also record those communications, it speaks to a culture that supports and embraces skirting the rules. Commentators who claim that companies should not be punished by the actions of a small group of employees miss this greater truth; these employees would not engage in illegal conduct if their company, either through compensation, succession or other remuneration, did not reward them for engaging in such conduct.

That is the greater truth that Lear’s Fool would impart to corporate management.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

OthelloWhich play in Shakespeare’s cannon presents the biggest clash of cultures, which leads to the most catastrophic result? I would have to opine Othello, one of the great tragedies in all of Shakespeare. Othello, a Moor and General in the service of the Venetian republic, wins great honors on the fields of battle with the Turks. He also wins the hand of the lovely Desdemona. However, off the battlefields, Othello falls prey to the whiles of Iago, who convinces Othello of the infidelity of his bride. Othello murders his wife and then, realizing his mistake, takes his own life.

There are many culture clashes going on in the play. The military ethos vs. the deceit of civilian life, African tribal culture vs. the isolation of life in Venice, and even the warm bloodedness of a Moor vs. the chilly civilization of 16th century Venice. Yet it all leads to one thing – destruction.

One of the more difficult things to predict in a merger and acquisition (M&A) context is how the cultures of the two entities will merge. Further, while many mergers claim to be a ‘merger of equals’ the reality is far different as there is always one corporate winner that continues to exist and one corporate loser that simply ceases to exist. This is true across industries and countries; witness the debacle of DaimlerChrysler and the slow downhill slide of United after its merger with Continental.

In the Foreign Corrupt Practices Act (FCPA) space this clash of cultures is often seen. One company may have a robust compliance program, with a commitment from top management to have a best practices compliance program. The other company may put profits before compliance. Whichever company comes out the winner in the merger, it can certainly mean not only conflict but if the winning entity is not seen as valuing compliance, it may mean FCPA investigations and possibly even FCPA violations going forward.

A recent article by Andrew Hill, in the On management column in the Financial Times (FT), entitled “Dealmakers need new tools to predict M&A culture clash”, he focused on the fact that the “potential for cultural mismatch is usually one of the first red flags raised over complex deals.” He went on to state, “There is a crying need to improve the supposedly softer side of dealmaking and cut the great financial and psychological cost of finding out too late that the partners do not get on.”

Hill recognizes it is often difficult to begin such a discussion without engaging in cultural anecdotes or even cultural stereotypes, such as the French and the Americans will never get along or even appreciate how the other does business. Even such tried and tested methods based on “observation and interview can be unsystematic or prone to bias.” He also points out the problems with self-reported surveys that “go stale quickly or suffer from self-censorship.” This is even truer when one company has an ethos of punishing those who actually answer surveys honestly or report incidents. Finally, Hill notes that even questions by one group towards the other can bring a certain biting critique.

Of course all of this comes in the context of the employees from the acquired side that may be fearful for their jobs and employment prospects going forward. I once asked a friend going through a takeover what it was like and he said it was every employee for him or herself, each wondering when they would get axed. Certainly that is not positive either.

Yet even when working towards merging cultures in systematic manner, companies can make miss-steps. Hill points to the Hewlett-Packard acquisitions of Compaq as a classic example. He noted that after the two entities had “poured hours into their due diligence on their contrasting cultures before the deal was complete” which included 138 focus groups, consisting of 127 executives and 1600 staff in 22 countries, they still could not get it right. He pointed to the Compaq cultural value of keeping in touch with all employees through routine reports of what projects they were working on, clashing with the HP culture which saw this same action as “being micromanaged and not trusted.”

The quandary of how to determine cultural clashes is an ongoing problem during any acquisition. However, Hill reported that a new approach may provide some insight. A study, by University of California Professor Sameer Srivastava and Stanford University Professor Amir Goldberg, looked at it from a different angle; the email angle. They crunched “the language in 10.3m internal emails sent over five years by staff at a medium-sized technology company. Comparing the results against personnel records, they were able to map the trajectory of staff as they joined, got used to the culture and stayed, quit or were forced out. Among the findings: the reciprocal use of swear words in emails is one important clue to cultural fit; so are message exchanges about families.”

As Hill dryly noted, “Such studies are valuable not only for those building sweary or homely teams. They could tell managers more about subgroups within supposedly monolithic organisations”. I have previously written about Catelas, a software company that can review your internal emails to determine patterns that might detect nefarious conduct. If you couple the power of such software with the insights of Professors Srivastava and Goldberg, you might be able determine areas of compliance trouble in a merged entity.

This is all the more important with the compressed time frames required after an M&A to complete the acquisition integration as set out in the Ten Hallmarks of An Effective Compliance Program, as laid out in the 2012 FCPA Guidance. Coupled with the Opinion Release 08-02, involving Halliburton and two enforcement actions, Data Systems & Solutions LLC (DS&S) and Johnson and Johnson (J&J), the time frames for your post-acquisition, integration, investigation and any remediation are quite tight. The DOJ makes clear that rigor is needed throughout your entire compliance program, including M&A. This rigor should be viewed as something more than just complying with the FCPA; it should be viewed as just making good business sense.

FCPA Post-Acquisition Time Frame Summary 

Time Frames Halliburton 08-02 J&J DS&S
FCPA Audit 1.     High Risk Agents – 90 days

2.     Medium Risk Agents – 120 Days

3.     Low Risk Agents – 180 days

18 months to conduct full FCPA audit As soon “as practicable
Implement FCPA Compliance Program Immediately upon closing 12 months As soon “as practicable
Training on FCPA Compliance Program 60 days to complete training for high risk employees, 90 days for all others 12 months to complete training As soon “as practicable

Using the approach laid out by the Professors might well give you a leg up on any potential problems that need to be investigated, remediated and reported so that you can receive the benefits of meeting the post-acquisition time lines for a safe harbor. Such an analysis might also tell you if an acquired company or merger partner is as serious about compliance as your company is going forward.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Much Ado About NothingHow does Shakespeare portend social media in the 21st century? I would submit that one only need look at Much Ado About Nothing to see how it should all play out. As with all Shakespeare’s plays there is quite a bit going on but the play centers around the action and dialogue of Benedick and Beatrice who go after each other in a manner which shames modern NBA trash-talkers. Apparently everyone else in the play understands the two are meant for each other so they engage in a very social media style of communication to put the two together. Of course, as this is a comedy, everyone ends up married so Beatrice and Benedick, prompted by their friends’ interference, finally, and publicly, confess their love for each other.

Yesterday I wrote about ways to think through using social media in your Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program. Today I want to explore how one company and one Chief Compliance Officer (CCO) actively uses social media to make more effective the company’s compliance regime. The company is the venerable Dun & Bradstreet (D&B) and its CCO, Louis Sapirman, whom I visited with about his company’s integration of social media into compliance.

Initially Sapirman emphasized the tech savvy nature of the company’s work force. It is not simply about having a younger work force. If your company is in the services business it probably means an employee base using technological tools to deliver solutions. He also pointed to the data driven nature of the D&B business so using technological tools to deliver products and solutions is something the company has been doing for quite a while. This use of technological tools led the company to consider how such techniques could be used internally in disciplines which may not have incorporated them into their repertories previously.

Not surprisingly, with most any successful corporate initiative, Sapirman said it began at the top of the organization, literally with the company’s Chief Executive Officer (CEO), Robert Carrigan. Sapirman noted that the CEO saw the advantage of using social media internally and challenged many in his organization to take a new look at the manner in which their functions were using social media. From there Sapirman and his team saw the advantages of using social media for facilitating a two-way communication. Moreover, Sapirman comprehended the possibility for use of social media for compliance with those external to the company as well.

Internally Sapirman pointed to a tool called Chatter, which he uses similarly to those in Twitter engaging in a Tweet-up. He has created an internal company brand in the compliance space, using the moniker #dotherightthing, which trends in the company’s Chatter environment. He also uses this hashtag when he facilitates a Chatter Jam, which is a real-time social media discussion. He puts his compliance team into the event and they hold it at various times during the day so it can accessed by D&B employees anywhere in the world.

He said that he ‘seeds’ Chatter Jam so that employees are aware of the expectations and to engage in the discussion respectfully of others. When they began these sessions he also reminded employees that if they had specific or individual concerns they should bring them to Sapirman directly or through the hotline. However he does not have to make this admonition any more, as everyone seems to understand the ground rules. Now this seeding only relates to the topics that each Chatter Jam begins with going forward.

One of the concerns lawyers tend to have about the use of social media is with general and specific topics coming up on social media and the ill it may cause the organization. Sapirman believes that while such untoward situations can arise, if you make clear the ground rules about such discussions, these types of issues do not usually arise. That has certainly been the D&B experience.

Each employee uses their own names during these Chatter Jams so there is employee accountability and transparency as well. Sapirman said they further define each communication through a hashtag so that it can not only immediately be defined but also searched in the archives going forward. He provided the examples of specific regulatory issues and privacy. This branding also enhances the process going forward.

I asked Sapirman if he could point to any specific compliance initiatives that arose during or from these Chatter Jams. Sapirman emphasized that these events allow employees the opportunity to express their opinions about the compliance function and what compliance means to them in their organization. One of these discussions was around the company’s Code of Conduct. He said that employees wanted to see the words “Do The Right Thing” as the name of the Code of Conduct.

I inquired about D&B’s use of social media in connection with their third parties. Sapirman said that the company allows some of them access to its internal Chatter tools to facilitate direct communications. Further, these external contractors can connect with both Sapirman and the company through Twitter. He said that he is consistently communicating to the greater body of customers about the compliance initiatives or compliance reminders on what the D&B compliance function is doing and how it is going about doing them. He believes it is an important communications tool to make sure that he and his team are getting their compliance messages out there.

Sapirman also described using Chatter in a manner that sounded almost like Facebook and its new live video function. He said they can deliver short video vignettes about compliance to employees. The compliance function or the employee base can develop these.

All of the initiatives Sapirman described drove home to me three key insights. The first is how compliance, like society, is evolving, in many ways ever faster. As more millennials move into the workforce, the more your employee base will have used social media all their lives. Once upon a time, email was a revelatory innovation. Now if you are not communicating, you are falling behind the 8-ball. Employees expect their employers to act like and treat them as if this is the present day, not 1994 or even 2004.

The second is that these tools can go a long way towards enhancing your compliance program going forward. Recall the declination to prosecute that Morgan Stanley received from the Department of Justice (DOJ), back in 2012, when one of its Managing Directors had engaged in FCPA violations? One of the reasons cited by the DOJ was 35 email compliance reminders sent over 7 years, which served to bolster the annual FCPA training the recalcitrant Managing Director received. You can use your archived social media communications as evidence that you have continually communicated your company’s expectations around compliance. It is equally important that these expectations are documented (Read – Document, Document, and Document).

Finally, never forget the social part of social media. Social media is a two-way communication. Not only are you setting out expectations but also these tools allow you receive back communications from your employees. The D&B experience around the name change for its Code of Conduct is but one example. You can also see that if you have several concerns expressed it could alert you earlier to begin some detection and move towards prevention in your compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Henry VMost people remember the St. Crispin’s Day speech in Henry V as one of the greatest speeches in all of Shakespeare. However many people do not focus on what led to that speech which was that Henry went out among his troops, disguised as a commoner to ask they what they thought and to hear what they had to say about the upcoming battle with the French. One of the most important things that Henry learns is that his men, while willing to do their duty, believe they will all die the next day in battle, most particularly because of the overwhelming size differential in the two armies. Henry takes this information and incorporates those fears, together with English patriotism, into the rousing speech he gave before he led his men to victory.

I am a huge fan of using social media in your compliance function. I often point to Louis Sapirman, the Vice President (VP), Associate General Counsel (AGC) and Chief Compliance Officer (CCO) at Dun & Bradstreet, as an example of a company and CCO that has embraced the use of social media to advance their best practices compliance program.

CCOs and compliance practitioners often ask me how they could begin to get their arms around how to structure such a program for their company. In an article in the MIT Sloan Management Review, entitled “Finding the Right Role for Social Media in Innovation”, Deborah Roberts and Frank Pillar reviewed companies that were not deriving significant benefit from their customer facing social media efforts. I found their discussion of potential remedies as a useful tool to help CCOs design an internal company wide social media campaign.

After acknowledging that social media focuses on the social aspects of the communication, I think the most important thing to remember is that communication in social media is two-way; both inbound and outbound. It can help to bring your employee base together in an efficient manner to create an environment conducive to compliance for your organization. It also has the benefit of continued engagement. It is more than putting on training or even a Compliance Week set of initiatives, you can continue the conversation and enthusiasm about compliance going forward.

The authors break this down further into three parts that emphasize (1) the need to listen to and learn from user-generated content; (2) the need to engage and facilitate dialogue with employee innovators; and (3) to find an audience of early adopters to create excitement and collect feedback. No doubt inspired by some fond childhood memories, the authors monikered these three concepts as (a) Camp Explore, (b) Camp Create and (c) Camp Communicate.

Camp Explore

This is the method the authors suggest of how to generate employee insights into your compliance program “where activities are designed to extend the breadth and depth of how organizations search for innovations” even in the compliance arena. The key is that the compliance function must be listening and listening in a manner which they may not have used previously. The authors write that you will need to “learn to read the signals from large, diverse, disconnected, and unstructured pools of data generated by users. In addition, they will learn to analyze and convert blog posts, tweets, and user-generated content into valuable insights for new products.”

Compliance professionals will need the skills of both a social scientist and a data scientist at Camp Explore. This is because compliance practitioners will need to “assimilate, combine, and utilize data from many different sources” across the globe. The authors noted, “they will need to acquire skills in computational techniques to unveil trends and patterns within and between the various data sets.” The overall award from Camp Explore “is to sharpen their business acumen and teach them how to communicate the findings to those involved in [compliance] projects.”

Camp Cocreate

If a company has matured past Camp Explore, the next step the authors suggest is Camp Cocreate for companies that “know they actively want to engage and involve [employees] in the innovation process” around compliance. The overall goal is to be more collaborative to allow employees to be more involved in the design process. As a CCO or compliance professional you will “learn how to engage, identify, and select the right participants and develop the right incentives to encourage their participation. Creativity is both an input and an output of the cocreation process. Managers will also develop skills in relationship building and gain experience in the art of conversation and dialogue, a key aspect of collaboration. Managers will learn how to become better facilitators and community managers.”

One of the important factors is to visit with “unconventional users” to help facilitate the creative process. Here social media itself can be a powerful tool, facilitating a two-way communication street to allow the compliance function to hear and even see what business and other types in the field may see and hear. The model of involving employees for in-house innovation has always been useful to help build buy-in and acceptance but the authors also found that more diverse participation in the creation process can provide a richer developed process. 

Camp Communicate

This learning camp focuses on the most obvious uses of social media, to communicate and tell a story. The authors write, “As social media becomes an ever more integral part of people’s work and social lives, people have come to expect communication about products and brands via social media channels.” Social media can also afford the compliance function the opportunity to interact more directly with its customer base, the company’s employees, in a manner that is far more engaging than the old command and control approach.

If your goal in the compliance function is to create awareness and publicize your compliance program and initiatives, social media can be a powerful tool for you. Indeed the authors believe it should be a “core activity.” Through the use of social media tools, your compliance function can not only tell the story of compliance but also communicate expectations and even train. Yet once again it is simply more than a one-way tool as using social media facilitates a two-way communication. Just as employees are more apt to tell you about a concern immediately or soon after they have been trained on that issue; they may well communicate directly with you after having received a social media communication on subjects such as managing of third party relationships.

The authors end their article on a cautionary note. They believe many companies are approaching social media in the same manner as they approached the dot-com boom of the 1990s. Companies are embracing the technologies but simply following the herd, “In the case of social media, they embrace whatever social media sites and strategies are in vogue without developing a coherent strategy for tying their social media activity to new product development. Having a Facebook page, creating a brand community, or having a social media page dedicated to a new [compliance] launch will not, on its own, improve a company’s [compliance] performance.”

CCOs and compliance practitioners need to develop a dedicated compliance strategy around social media, in the context of your corporate objectives. Just as Henry V gave one of the most rousing speeches in all of Shakespeare, basing it on the input he received from his men, you can take the input from your employee base and create a compliance experience that your employees will embrace.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016