Social Media 1Welcome to Part I of Social Media Week. I recently did a webinar, hosted by The Network, on the use of social media in your Foreign Corrupt Practices Act (FCPA) compliance program. The response was as great as almost any other webinar in which I have participated. Based upon the overwhelming feedback, this week I will post a series of blogs on the use of social media in your compliance program. In Part I, I begin with a discussion of why you should integrate social media into your compliance program.

I have been studying the business side of social media for some time now as a way to help understand how I might more effectively and more creatively bring the message of doing compliance to my readers and podcast listeners. This led me to think about the message of compliance inside of a corporation and how it is distributed. In a compliance program, a large portion of your consumers/customers are your employees. Social media presents some excellent mechanisms to communicate the message of compliance going forward. Many of the applications that we use in our personal communication are free or available at very low cost. So why not take advantage of them and use those same communication tools in your internal compliance marketing efforts going forward.

On the Social Media Examiner site, which brands itself as “Your Guide to the Social Media Jungle”, is a podcast entitled “Social Sharing: How to Inspire Fans to Share Your Stories”, hosted by Michael Stelzner, Chief Executive Officer (CEO) and Founder of the site. In the podcast Stelzner interviews Simon Mainwaring, author of “We First: How Brands and Consumers Use Social Media to Build a Better World”, who said that to allow them to market successfully there are three key components, (1) Let your employees know what you stand for; (2) Celebrate their efforts; and (3) Give them a tool kit of different ways to participate. I think each of these concepts can play a key role for the compliance practitioner in internally marketing their compliance program.

Let Your Employees Know What You Stand For

In the FCPA Guidance, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) said that the basis of any anti-corruption compliance program is the Code of Conduct as it is “often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” That well known @CodeMavencc, Catherine Choe, has said that she believes “Two of the primary goals of any Code are first, to document and clarify minimum expectations of acceptable behavior at a company, and second, to encourage employees to speak up when they have questions or witness misconduct.”

But more than the Code of Conduct, does your company really communicate that it stands for compliance? Obviously formal anti-corruption training under the FCPA is important but I think that more is required to reinforce that your company has a culture of compliance throughout the organization. In other words, are you communicating what you stand for and not simply the rules and regulations of a compliance program?

Celebrate Their Efforts

Once again the FCPA Guidance speaks to the need to incentivize employees in the company realm. The Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many Guiding Principles of Enforcement forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.” But more than simply incentives, it is important to “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well.”

Mainwaring’s concept means going beyond incentivizing. To me his word ‘celebrate’ means a more public display of success. Financial rewards may be given in private, such as a portion of an employee’s discretionary bonus credited to doing business ethically and in compliance with the FCPA. While it is certainly true those employees who are promoted for doing business ethically and in compliance are very visible and are public displays of an effective compliance program. I think that a company can take this concept even further through a celebration to help create, foster and acknowledge the culture of compliance for its day-to-day operations. Bobby Butler, at Universal Weather and Aviation, Inc., has spoken about how his company celebrated compliance through the event of Compliance Week. He said that he and his team attended this event and used it as a springboard to internally publicize their compliance program. Their efforts included three separate prongs: they were hosting inter-company events to highlight the company’s compliance program; providing employees with a Brochure highlighting the company’s compliance philosophy and circulating a Booklet which provided information on the company’s compliance hotline and Compliance Department personnel.

Give Your Employees a Tool Kit For Compliance

Obviously a key component of any effective compliance program is an internal reporting mechanism. The FCPA Guidance states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” The Guidance goes on to also discuss the use of an ombudsman to address employee concerns about compliance and ethics. I do not think that many companies have fully explored the use of an ombudsman but it is certainly one way to help employees with their compliance concerns. Interestingly, in an interview in the Wall Street Journal (WSJ) with Sean McKessy, Chief of the SEC’s Office of the Whistleblower, he stated, “What I hear is that companies are generally investing more in internal compliance as a result of our whistleblower program so that if they have an employee who sees something, they’ll feel incentivized to report it internally and not necessarily come to us.”

Two of the newest and perhaps coolest tools a Chief Compliance Officer (CCO) or compliance practitioner can utilize in the realm of social media are Meerkat and Periscope. Both tools allow you to tell a compliance story in real time, throughout your organization and beyond. They are both live streaming apps that enable you to create a video and open the portal to anyone who wants to use it. Anybody in your Twitter community can click on that link and watch whatever you’re showing on your phone. The big piece is the mobile aspect. It’s as simple as a basic tweet and hitting the “stream” button.

However, there are a wide variety of social media tools available that you can incorporate into your compliance program. Apps like Pinterest, Snapchat, Instagram and others may seem like tools that are solely suited to personal use. However their application is much broader. Over the next week, I will be exploring some of these apps and tools and how they might be used in doing compliance. As with many ideas in the compliance space, a CCO or compliance practitioner is only limited by their imagination. For these apps, they can be most useful when you tell the story of compliance in your company. Hootsuite did a campaign called “Follow the Sun” using Periscope. They decided to let their employees showcase what they called #HootsuiteLife. They gave access to different people in every company office around the globe. Throughout the day, it would “Follow the Sun,” and people in different offices would log into the Hootsuite account and walk around and show off their culture, interviewing their friends, etc. They talk about the importance of culture and now they are proving it. The number of inbound applications drastically increased after people got that sneak peek into their company.

Yet there are other tools available, at no cost, and can be downloaded onto a mobile device such as a smartphone or iPad. These include the O’Melveny & Myers LLP Foreign Corrupt Practices Act Handbook; which concentrates solely on the FCPA and is primarily a new vehicle to distribute content it already makes available upon request. This content includes O’Melveny’s FCPA Handbook and In-House Counsel’s Guide to Conducting Internal Investigations. In addition, the app features five resource sections that serve as an interactive, illustrative directory with titles ranging from ‘O’Melveny Authored Client Alerts’ to ‘DOJ Opinion Releases’.

Another approach is found in the Latham & Watkins LLP’s AB&C Laws app which takes an international approach to anti-corruption and anti-bribery laws, with the content focused on organizing and easing access to statutes and regulatory guidance according to specific fields of interest, from legislative frameworks to extra-territorial application to enforcement and potential penalties. It also includes official guidance such as steps (where available) that can be taken to reduce the risk of liability for bribery and corruption.

There is much to be learned by the CCO and compliance practitioner from the disciplines of marketing and social media. These concepts are useful to companies in getting their sales pitches out and can be of great help to you, the CCO or compliance practitioner, in collaborating and marketing throughout your company. I hope you will follow this week’s Use of Social Media series as I will endeavor to provide to you not only with a discussion of some new tools which you can incorporate into your compliance program going forward but also a different way to think about who your customers are and how you are reaching them with your message of doing compliance.

Finally, I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, The FCPA Compliance and Ethics Report.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

EmpathyCan you empathize with those who work for you, around you and those you report to? While many leaders, particularly those who might be labeled the ‘command and control’ type seem to think that empathy is a negative; I think that it is an important habit for any Chief Compliance Officer (CCO) or compliance practitioner to not only practice but also master. Recently there were a couple of articles in the New York Times (NYT) that discussed this character trait and I found them useful to consider for the leadership toolkit of the CCO or compliance profession.

The first was by Daryl Cameron, Michael Inzlicht and William A. Cunningham, entitled “Empathy is Actually a Choice” and the second was in the Corner Office section by Adam Bryant, entitled “Is Empathy on Your Résumé?”, in which Bryant profiled Stewart Butterfield, the co-founder and chief executive of Slack, a communication service for businesses. The first piece focused on research by the authors and the second was Bryant’s weekly piece on business leadership.

The researchers noted, “While we concede the exercise of empathy is, in practice, often far too limited in scope, we dispute the idea that this shortcoming is inherent, a permanent flaw in the emotion itself…we believe that empathy is a choice that we make to extend ourselves to others. The “limits” to our empathy are merely apparent, and can change, sometimes drastically, depending on what we want to feel.” The authors ended by stating, “Arguments against empathy rely on an outdated view of emotion as a capricious beast that needs to yield to sober reason. Yes, there are many situations in which empathy appears to be limited in its scope, but this is not a deficiency in the emotion itself. In our view, empathy is only as limited as we choose it to be.”

Bryant’s article on Butterfield and his leadership style brought these concepts home. Most interestingly, Butterfield began by self-disclosing, “I’m good at the leadership part. But I’ve always said that I’m a terrible manager. I’m not good at giving feedback. People are like horses — they can smell fear. If you have a lot of apprehension going into a difficult conversation, they’ll pick up on that. And that’s going to make them nervous, and then the whole conversation is more difficult.”

Another insight on leadership was something as simple as meetings. Butterfield said that “if you’re going to call a meeting, you’re responsible for it, and you have to be clear what you want out of it. Have a synopsis and present well. At the same time, if you’re going to attend a meeting, then you owe it your full attention. And if it’s not worth your attention, then say so — but don’t be a jerk about it — and leave the meeting.” So more than simply taking responsibility for one’s own time, he put out the empathy to allow you to consider how your agenda (or lack thereof) may have negative repercussions on others on your team or in your organization.

Another interesting insight from Butterfield were his thoughts on empathy as it related to leadership. This is a sought out trait for employees, as early as in the interview process. He said, “When we talk about the qualities we want in people, empathy is a big one. If you can empathize with people, then you can do a good job. If you have no ability to empathize, then it’s difficult to give people feedback, and it’s difficult to help people improve. Everything becomes harder.”

Similarly to his examples around meetings, Butterfield believes that empathy can express itself as courtesy. He said, “One way that empathy manifests itself is courtesy. Respecting people’s time is important. Don’t let your colleagues down; if you say you’re going to do something, do it. A lot of the standard traits that you would look for in any kind of organization come down to courteousness. It’s not just about having a veneer of politeness, but actually trying to anticipate someone else’s needs and meeting them in advance.”

I found it interesting that on the same day in the same newspaper, theory not only met practice but the practice had a business application. For those out there who feel leadership skills are ingrained into your DNA, the authors pointed out “Likewise, in another recent study, the psychologists Karina Schumann, Jamil Zaki and Carol S. Dweck found that when people learned that empathy was a skill that could be improved — as opposed to a fixed personality trait — they engaged in more effort to experience empathy for racial groups other than their own. Empathy for people unlike us can be expanded, it seems, just by modifying our views about empathy.”

Yet for the CCO or compliance practitioner, Butterfield pointed out specific areas where the trait of empathy can yield great respect for you and your position in any corporation. People rarely think of courtesy and respect as leadership skills but if you can bring these to bear in your compliance practice, you can garner greater influence as not only someone who cares but someone who cares and gets things accomplished. For any corporate disciple which relies on influence to succeed these simple tools can go a long way to providing to you a wider manner to impact corporate culture, become a trusted partner and be a part of any significant business conversation earlier rather than later in the game.

TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

How to Succeed in BusinessIn 1961, one of my favorite Broadway musical comedies appeared How to Succeed in Business Without Really Trying. It ran for over 1400 performances in its original Broadway run and was based on the 1952 book by Shepherd Mead, entitled “How to Succeed in Business Without Really Trying: The Dastard’s Guide to Fame and Fortune”. The book is a satire of an instructional manual and pokes fun at (then) contemporary office life in the United States in the guise of a self-help book. It details the rise of one J. Pierrepont Finch, from window washer to Chairman of the Board in only two weeks.

The play was later adapted into a movie in 1967. Robert Morse played the lead role in both the original theatrical run and the movie, with Matthew Broderick and Daniel Radcliff taking the role in 2000 era revivals. My favorite song from the movie is I Believe in You, which Finch sings to himself in front a Men’s Room mirror immediately before going to a big meeting. Most interestingly when Mead’s book was re-released in 1995, in connection with a revival of the play, the Library of Congress cataloged it as non-fiction under “business books”, with the subject headings “Success in business”, “Management”, and “Career development”.

I wondered how I could help corporate compliance departments better succeed in compliance? So inspired by Finch to help all corporate compliance departments, Chief Compliance Officers (CCOs) and compliance practitioners succeed, today I am announcing a new service offering: the Compliance Retreat. Why a strategic retreat? It is unlikely you can explore the wide range of issues that you might need to consider by simply performing a risk assessment and going forward. While a risk assessment is a key tool, it is only one tool. The Compliance Retreat will allow you to work through a wide range of compliance issues specific to your company, your risk profile, your industry and your culture. Taking time to discuss compliance issues large and small in a one day Compliance Retreat will allow you to think differently about your compliance program, all facilitated by one of the top Nuts and Bolts compliance practitioners around.

The role of facilitator is crucial for several reasons. First, and foremost, you should have a neutral party, one with no stake in the outcome. This means that you should not bring in your regular counsel or compliance advisors because they will have a vested interest in projects moving forward. Further, the facilitator needs to be well versed in not only the anti-corruption compliance field but also someone who has seen a wide variety of best practices in compliance in multiple businesses and industries. In the compliance field many practitioners want to know what other companies are doing and how they are facing unique challenges in many areas. Only an expert in the compliance arena can bring all of these skills to bear.

What should the Compliance Retreat look like? A visual representation would be the following:Compliance Retreat

 

It starts with a Facilitator prepared to discuss your compliance program; the current structure, risk assessments, audits and outstanding issues at this time. A Facilitator could then help lead a discussion based on wide compliance discipline knowledge for steps to consider in building your program. From there, you can move towards building out and enhancing your own compliance program. It would end with actions and steps that can be measured moving forward.

The Compliance Retreat is more than simply getting away for one day to discuss the specifics of your compliance program. Sarah Kessler, writing in an Inc.com article, entitled “How to Plan a Company Retreat”, listed some of the key principles of a strategic retreat that I have adapted for the Compliance Retreat. They include:

  • Collaborate. Make certain that all participants have the ability to collaborate.
  • Make discussion introvert-friendly. Ask the participants to write down answers to questions instead of blurting them out, and ask every person in the room to give their opinion in an organized manner.
  • Encourage people to express themselves. It is important that all opinions are heard and make certain that minority opinions have a way to be heard.
  • Combine team building with work. Compliance is always about teamwork so your compliance team should decide their next steps in the future, versus just experiencing a task together and deciding that the group can simply work well together.
  • Stay on topic. It is important to stay focused on compliance issues.
  • Diverge, converge. You should break up your group for more focused discussions then bring them back to the larger group for discussion.
  • Document your next steps. Assign a champion for each step that the compliance team has agreed on, making those steps as specific as possible. You should document who does what, when they will accomplish the task and how, at the end of the day, you will measure it.

Through my new service offering the FCPA Master Class Training I will be bringing the most current best practices on the nuts and bolts of FCPA compliance to a wide variety of compliance practitioners across the US. With the Compliance Retreat I will be able to offer the best practices to any compliance department or similar corporate function that wants to have a facilitated, focused retreat on its compliance program. Imagine you could focus for one day on your compliance program and be able to pick the brain of the one of the tops Nuts and Bolts compliance practitioners around. Now you have the chance. What will it cost to have such a service? You will have to contact me, via email at tfox@tfoxlaw.com, for that information but it will be a fixed fee service so you know what your cost is going in with no surprises of hourly rate or multiple lawyers and support personnel showing up on the invoice.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

*** Potential SPOILER ALERT if you have not read “Go Set a Watchman” ***

Go Set a WatchmanOne of my all-time favorite books has always been To Kill a Mockingbird. As a lawyer and a Southerner, I have admired Atticus Finch in print and on the silver screen for well over 50 years. So it was with more than some trepidation that I read “To Set a Watchman” the recently released Harper Lee novel that predated Mockingbird in creation but post-dates Mockingbird by some 20 years on the timeline of the stories.

Randall Kennedy, writing in the New York Times (NYT) book review, entitled “Harper Lee’s ‘Go Set a Watchman’”, spoke for many Southerners when he said, “Generations have admired Finch for his fidelity to due process even at the risk of unpopularity and personal harm.” In Watchman, Atticus is an old and bitter man, who derides the rise of civil rights and that “supposed paragon of probity, courage and wisdom, was a white supremacist.” He even joined the racist white Citizens Counsel for his home county. The Citizen Counsels were simply upscale organizations of their more famous cousin, the KKK. But it was just as evil and not the club you want your boyhood and professional hero to join or be a member of.

I have often wondered if an author’s works not published during his or her lifetime, should be published thereafter. I certainly felt like some of Hemingway’s work that he did not see fit to publish could well have stayed unpublished after his death. Of course Harper Lee is still alive and kicking and apparently approved release and publication of Watchman. Yet it clearly is not the work that Mockingbird is and as Kennedy noted, “Would it have been better for this earlier novel to have remained unpublished? Though it does not represent Harper Lee’s best work, it does reveal more starkly the complexity of Atticus Finch, her most admired character.” Further, does the new book go as far as Kennedy suggests and “demands that its readers abandon the immature sentimentality ingrained by middle school lessons about the nobility of the white savior and the mesmerizing performance of Gregory Peck in the film adaptation of “To Kill a Mockingbird”?

I have not worked out that final question in my own head as yet. I could simply say that they are two different works of fiction, with separate character arcs. Or perhaps the Atticus of Mockingbird and the 1930s has become a bitter old man of Watchman in the 1950s. But in the end I think both portrayals are accurate reflections of the contradictions that I grew up with in a segregated South.

Contrasting my ambivalence about Watchman and the 1950s version of Atticus Finch, is today’s topic of five key questions for a Chief Compliance Officer (CCO) or compliance practitioner to ask about their internal message of compliance. It is based on an article in the September 2015 issue of Writer’s Digest, entitled “Think Like a Nonfiction Editor – 5 Key Questions to Ask Yourself In Revising Your Article or Book”, by Debbie Harmsen. She asks you to step back and consider how your book or article will be viewed by your editor. I have adapted her insights for the CCO or compliance practitioner.

Is your message tailored to the right audience? 

It would seem to be a basic axiom that any compliance practitioner would write a message about compliance. Harmsen cautioned that you need to not only “strike the right note” but also set the right tone. This may mean you adapt your compliance message differently for different groups of employees. It would seem self-evident that a message that resonates in the US may not resonate with the same force in China or some other far-flung geographic location outside the US.

Have you chosen the strongest possible structure? 

Harmsen writes, “Structure is critical to every piece of writing. It’s the framework that hold content together. It guides the reader along and, in doing so, subtly lets them know they can trust you… If your structure helps readers know where they’re going and feel confident about the types of information and entertainment they’ll get along the way, they’re more likely to trust you and what you have to say.” For the compliance practitioner they key is whether your message is consistent and cohesive. Make sure you do not send mixed signals.

Am I offering overall takeaways? 

How many times have your heard the business folks say, don’t tell the rules, tell me what I can and can’t do. Any communication you make as a compliance practitioner is made to convey information. So have you provided any useful information that the business team can put to use in their day-to-day operations? Harmsen ended with a great line that I think sums it up neatly, “A good gut check when you’re revising your piece is to see if you executed your story in such a way that it lives up to your title/subtitle’s promise.” Does your message match up and provide a solid takeaway that the title promised?

Does each section or chapter have a clear purpose? 

I often rewrite compliance policies and procedures that were drafted by lawyers in law firms who have never practiced law, let alone compliance, from an in-house perspective. These policies and procedures read like they were written by lawyers for lawyers to read and digest. The businessperson trying to read the company policy and do the right thing has little to no chance in such scenarios. Harmsen’s dictum to “look at each section of your article or each chapter of your book and note what purpose it serves to the overall piece. If it doesn’t have one, it likely needs to be either revised or cut” translates precisely into communications from the compliance function. If language does not serve a purpose, make sure that it does in the final version. Finally, make sure that everything appears “in an order that flows logically and easily from one to the next”.

Is my voice authoritative without being overbearing? 

Harmsen nails her final section with the following, “Where is your ego in all of this? Are you like the guy who is trying too hard to impress his date?” The core of writing is like the core of compliance communications; it is about the content and not about you, the author. You certainly need to be competent in your communications around compliance but you need to also make sure your content is competent and at the end of the day that is what your written, verbal or video compliance message is about.

So I say good-bye the Atticus Finch of my youth. I still have not sorted out how I feel about Watchman but he now exists in the Harper Lee oeuvre. However Harmsen’s points are excellent guides for you to consider in any compliance communication going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Tacoma Narrows BridgeI conclude my Great Structures Week with a focus on structural engineering failures: suspension bridges and the challenges of wind in their construction and maintenance. I am drawing these posts from The Great Courses offering, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. In his chapter on suspension bridges he notes that the “Tacoma Narrows Bridge was the third longest span in the world when it opened to the world, this month of July in 1940.” Yet it collapsed only four months later, in one of the most famous visual images of a bridge’s collapsing. This is due to the “inherent flexibility of cable as a structural form”. A bridge can move in longitudinal vibration, that is up and down and in torsion, where it twists from side-to-side.

Most people recognize unstiffened suspension bridges as old as man and engineering itself. It was not until the 1820s that serious study was brought to bear on the issue of wind-related collapse of suspension bridges. The initial solution was to simply use more weight to reinforce the span. However, while that solution did bring some stability, it reinforced damage as the structure became a textbook example of Newton’s Second Law of Motion, which states that the acceleration of an object is dependent upon two variables – the net force acting upon the object and the mass of the object; meaning that once a heavy weight is in motion, it is more resistant to deceleration.

Yet it was scientific methodology that led to the disaster with the Tacoma Narrows Bridge. An engineer named Leon Moisseiff had developed a theory that long spanned suspension bridges were heavy enough that they did not require stiffening trusses because “their mass stabilized them against wind-induced vibrations.” However this theory failed to take into account how air flows around a bridge and the “dynamic response of the structural system.” Ressler concludes this section by stating, “this case has become a classic symbol of the dangers of arrogance born of overconfidence in science-based design methods, and belt-and-suspenders engineering has made a bit of a comeback.”

I thought about the catastrophic failure of the Tacoma Narrows Bridge in the context of one of the greatest risks in Foreign Corrupt Practices Act (FCPA) compliance; that being third parties. Many non-compliance corporate employees assume that if a third party passes due diligence muster; they are in the clear. After all, you cannot stop a third party from making a bribe or other corrupt payment. Fortunately the Department of Justice (DOJ) does not take such a myopic view as many business types. Under the FCPA, a company is responsible for the actions of its third party representatives.

The real work around your third party compliance program begins after the contract is signed and it is in the management of the third party relationship. While the FCPA Guidance itself only provides that “companies should undertake some form of ongoing monitoring of third-party relationships”. Diana Lutz, writing in the White Paper by The Steele Foundation entitled “Global anti-corruption and anti-bribery program best practices”, said, “As an additional means of prevention and detection of wrongdoing, an experienced compliance and audit team must be actively engaged in home office and field activities to ensure that financial controls and policy provisions are routinely complied with and that remedial measures for violations or gaps are tracked, implemented and rechecked.”

Carol Switzer, writing in the Compliance Week magazine, set out a five-step process for managing corruption risks, which I have adapted for third parties.

  1. Screen – Monitor third party records against trusted data sources for red flags.
  2. Identify – Establish helplines and other open channels for reporting of issues and asking compliance related questions by third parties.
  3. Investigate – Use appropriately qualified investigative teams to obtain and assess information about suspected violations.
  4. Analyze – Evaluate data to determine “concerns and potential problems” by using data analytics, tools and reporting.
  5. Audit – Finally, your company should have regular internal audit reviews and inspections of the third party’s anti-corruption program; including testing and assessment of internal controls to determine if enhancement or modification is necessary.

Additionally there several different functions in a company that play a role in the ongoing monitoring of the third party. While there is overlap, I believe that each role fulfills a critical function in any best practices compliance program. 

Relationship Manager

There should be a Relationship Manager for every third party which your company does business. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the third party.

Compliance Professional

Just as a company needs a subject matter expert (SME) in anti-bribery compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, third parties also need such access. A third party may not be large enough to have its own compliance staff so I advocate a company providing such a dedicated resource to third parties. This role can also include anti-corruption training for the third party, either through onsite or remote mechanisms. The compliance practitioner should work closely with the relationship manager to provide advice, training and communications to the third party. 

Oversight Committee

A company can have an Oversight Committee review documents relating to the full panoply of a third party’s relationship with the company. It can be a formal structure or some other type of group but the key is to have the senior management put a ‘second set of eyes’ on any third parties who might represent a company in the sales side. In addition to the basic concept of process validation of your management of third parties, as third parties are recognized as the highest risk in FCPA or Bribery Act compliance, this is a manner to deliver additional management of that risk.

After the commercial relationship has begun the Oversight Committee should monitor the third party relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the third party. The Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. In addition to the above remedial review, the Oversight Committee should review all payments requested by the third party to assure such payment is within the company guidelines and is warranted by the contractual relationship with the third party. Lastly, the Oversight Committee should review any request to provide the third party any type of non-monetary compensation and, as appropriate, approve such requests.

Audit

A key tool in managing the relationship with a third party post-contract is auditing the relationship. I hope that you will have secured audit rights, as that is an important clause in any compliance terms and conditions. Your audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed.

Perhaps now you will understand why I say that managing the relationship of your third party’s is where the real work of your FCPA compliance program comes to the fore. It also demonstrates a key difference in having a paper compliance program and doing compliance. Having a paper compliance program is simple but doing compliance is not always easy; you have to work at it to maintain an effective program.

I hope that you have enjoyed this week’s offering based around some of the world’s greatest structures, their engineering concepts and innovations and how they all related to a best practices compliance program. I am a huge fan of The Great Courses offerings and if you are interested in learning in a great many areas it is one of the best resources available to you. For a more detailed discussion of how you can develop and implement a best practices anti-corruption compliance program, I hope you will check my book Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week. You can review the book and obtain a copy by clicking here.

For a dramatic video of the collapse of the Tacoma Narrows Bridge on YouTube, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015