Big Data 3Today I continue my exploration of big data in a best practices Foreign Corrupt Practices Act (FCPA) compliance program. Yesterday, I considered how you might use big data in a best practices compliance program. Today I want to explore how visualization of data can assist you in a wide variety of ways in both the detect and prevent prongs of your compliance program. The topic of this series of blogs is based upon an eBook, entitled “Planning for Big Data – A CIO’s Handbook to the Changing Data Landscape, by the O’Reilly Radar Team, with a series of authors each contributing a chapter. Today I will focus on a chapter by Julie Steele, entitled “A Picture is Worth a 1000 Rows”.

 Joe Oringel, co-founder of Visual Risk IQ, is often heard saying, there is a reason his company is named Visual Risk IQ. It is because his company specializes in visualizing the results of the transactions they monitor or analyze. Steele asks “How are you going to make sense of all that information efficiently so you can make a good decision?” She believes “Data Visualization is an important answer to that question.” Put another way, visualization allows you to see the data.

Recognizing that not all visualizations are helpful, Steele writes, “The best data visualizations are ones that expose something new about the underlying patterns and relationships contained within the data. Understanding those relationships – and so being able to observe them – is key to good decision-making. The Periodic Table is a classic testament to the potential of visualization to reveal hidden relationships in even small data sets. One look at the table, and chemists and middle school students alike grasp the way atoms arrange themselves in groups: alkali metals, noble gasses, halogens.” All of this means “If visualization done right can reveal so much in even a small data set like this, imagine what it can reveal within terabytes or petabytes of information.”

Steele says there an “important distinction lies between visualization for exploring and visualization for explaining.” She explains that while visualization for exploring can be imprecise, it is “useful when you’re not exactly sure what the data has to tell you, and you’re trying to get a sense of the relationships and patterns contained within it for the first time. It may take a while to figure out how to approach or clean the data, and which dimensions to include. Therefore, visualization for exploring is best done in such a way that it can be iterated quickly and experimented upon, so that you can find the signal within the noise.” She concludes by noting, “Software and automation are your friends here.”

Steele believes that “Visualization for explaining is best when it is clean.” This is because paring down information to its simplest form, by removing as much noise as is as possible, will allow the “efficiency with which a decision maker can understand” the data. She notes this is the preferred approach “to take once you understand what the data is telling you, and you want to communicate that to someone else.” Moreover, “Visualization for explaining also includes infographics and other categories of hand-drawn or custom made images.”

Incumbent throughout these blogs posts on big data is embedded the concept that the customer base of any company’s compliance function is its employee base. So if you consider that “Many kinds of data visualization, from complex interactive or animated graphs to brightly-colored infographics, can help” to explain to your employee base many of the key issues around compliance. This can allow your employees to better understand your company’s values, the expectations under your Code of Conduct and compliance program and their obligations going forward. It can also be a useful teaching tool to help prevent inadvertent actions that may become more nefarious later. Steele believes that “As Big Data becomes bigger, and more companies deal with complex data sets with dozens of variables, data visualization will become even more important.”

Here is another area where the compliance function can draw upon other talents in a company as Steele suggests you should work with an in-house designer or better yet a team of designers to help you put together visualizations. This is because “Visualization for explaining works best when someone who understands not only the data itself, but also the principles of design and visual communication, tailors the graph or chart to the message.”

Such a designer can work as your translator “Since data visualization is like a foreign language, in the same way, hire an experienced designer for important jobs where precision matters. If you’re making the kinds of decisions in which your customer, product, or profit hangs in the balance, you can’t afford to base those decisions on incomplete or misleading representations of the knowledge your company holds.”

In the concluding chapter in the eBook, entitled “The Future of Big Data”, Edd Dumbill noted, “Visualization fulfills two purposes in a data workflow: explanation and exploration. While business people might think of a visualization as the end result, data scientists also use visualization as a way of looking for questions to ask and discovering new features of a dataset. If becoming a data-driven organization is about fostering a better feel for data among all employees, visualization plays a vital role in delivering data manipulation abilities to those without direct programming or statistical skills.”

The ability to put disparate pieces together in a way that company employees, from top management to the business development person in the AsiaPacific region, understand and see the connections is an important method that should be used by any Chief Compliance Officer (CCO) or compliance practitioner. Consider such analysis as buying patterns of foreign governments in the context of charitable donations. In both the Schering-Plough and Eli Lilly Securities and Exchange Commission (SEC) FCPA enforcement actions, the SEC simply put in a table showing the date of donation to the decision maker’s personal charity and the date of obtaining or retaining business by the company in question. Imagine if the CCO had had that data visually displayed, it might have detected an issue that could have then been prevented before it became a full-blown FCPA violation. It might have led to remediation. It might also lead to additional investigation to see if the charitable donation met the company’s internal requirements or if any exceptions were granted and if so were they properly vetted.

I hope that this series on big data has given you some ideas on what might be available to you, hiding in plain sight, in your own company data.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Big Data 2Today I continue my exploration of big data in a best practices Foreign Corrupt Practices Act (FCPA) compliance program. Yesterday, I considered what big data is and some ways to think about it. Today I want to move into some thoughts on how to use it going forward. The topic of this series of blogs is based upon an eBook, entitled “Planning for Big Data – A CIO’s Handbook to the Changing Data Landscape”, by the O’Reilly Radar Team, with a series of authors each contributing a chapter. Today I will focus on a chapter by Alistair Croll, entitled “The Feedback Economy”.

Croll believes that big data will allow continuous optimization through what he terms the “feedback economy”. This is a step beyond the information economy because you are using the information that you have generated and collected as a source of information to guide you going forward. Information itself is not the greatest advantage but using that information to prevent, detect and remediate in a compliance program is.

Croll draws on military theory to illustrate his concept of a feedback loop. It is the OODA loop, which stands for observe, orient, decide and act. This comes from military strategist John Boyd who realized that combat “consisted of observing your circumstances, orienting yourself to your enemy’s way of thinking and your environment, deciding on a course of action and then acting on it.” Croll believes that the success of OODA is in large part “the fact it’s a loop” so that the results of “earlier actions feedback into later, hopefully wiser, ones.” This should allow combatants to “get inside their opponent’s loop, outsmarting and outmaneuvering them” because the system itself learns. For the Chief Compliance Officer (CCO) or compliance practitioner this means that if your compliance program is able to collect and analyze information better and you can act on that information faster; you can then use it have a more efficient and more robust compliance program.

Croll believes one of the greatest impediments to using this OODA feedback loop is the surplus of noise in our data; that “We need to capture and analyze it well, separating the digital wheat from the digital chaff, identifying meaningful undercurrents while ignoring meaningless flotsam. To do this we need to move to more robust system to put the data into a more usable format.” Croll moves through each of the steps in how a company collects, analyzes and acts on data.

The first step is data collection where the challenge is both the sheer amount of data coming in and its size. Once the data comes in it must be ingested and cleaned. If it comes into your organization in an unstructured format, you will need to cut it up and put into the correct database format for use. Croll touches on the storage component of where you place the data, whether in servers or on the cloud.

A key insight from Croll is the issue of platforms, which are the frameworks used to crunch large amounts of data more quickly. His most important acumen is to break up the data “into chunks that can be analyzed in parallel” so the data can be considered and acted upon more quickly. Another technique he considers is “to build a pipeline of processing steps, each optimized for a particular task.”

Another important component is machine learning and its importance in the data supply chain. Croll observes, “we’re trying to find signal within the noise, to discern patterns. Humans can’t find signal well by themselves. Just as astronomers use algorithms to scan the night’s sky for signals, then verify any promising anomalies themselves, so too can data analysts use machines to find interesting dimensions, groupings or patterns within the data. Machines can work at a lower signal-to-noise ratio than people.”

Yet Croll correctly notes that as important as machine learning is in big data collection and analysis, there is “no substitute for human eyes and ears.” Yet for many CCOs or compliance practitioners, displaying the data is most difficult because it is not generally in a readable form. To say lawyers are not as proficient as other corporate types in excel or similar tools would be to state the obvious, yet that is about as sophisticated as many practitioners can get. It is important to portray the data in more visual style to help convey the “dozens of independent data sources” into navigable 3D environments. As Joe Oringel is want to say, there is a reason his company is named Visual Risk IQ.

Of course having all this data is of zero use unless you act on it. Croll believes that big data can be used in a wide variety of corporate decision making, from “hiring and firing decision, to strategic planning, to market positioning.” I would certainly add compliance programs as well. But it does take a shift in compliance thinking to use such data. Once again lawyers are particularly ill suited to consider such information for reasons as diverse as training and temperament. This is yet another reason why compliance has evolved to Compliance 2.0, Compliance 3.0 and beyond. Big data allows you to make a quicker assessment of the impact of measured risks. It advocates “fast, iterative learning.”

Croll ends his chapter by noting that the “big data supply chain is the organizational OODA loop.” But unlike the OODA loop, it is more than simply about the loop and plugging information as you move through it. He believes “big data is mostly about feedback”; that is, obtaining the impact of the risks you have accepted. For this to work in compliance, a company’s compliance discipline needs to both understand and “choose a course of action based upon the results, then observe what happens and use that information to collect new data or analyze things in a different way. It’s a process of continuous optimization”.

The three prongs of any best practices anti-corruption compliance program are prevent, detect and remedy. Whether you consider the OODA loop or the big data supply chain feedback, this process, coupled with the data that is available to you should facilitate a more agile and directed compliance program. The feedback components in both processes allow you to make adjustments literally on the fly. For the CCO or compliance practitioner reviewing and analyzing disparate pieces of information available to you, could help you to recognize troubling trends that are not yet full FCPA violations and deliver a solution before you have self-disclose in the new age of the Yates Memo and Department of Justice (DOJ) Pilot Program.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2016

Surfin BirdSurf music is certainly an under-rated rock and roll genre. One of my favorites is The Trashmen’s Surfin’ Bird. It reached Number 4 on the Billboard Chart in 1963. I happened to hear it recently when I was reading about some interesting corporate governance issues and how they relate to anti-corruption compliance.

Sometimes it really is unbelievable how tone-deaf companies can be at the highest level. While the Board of Transocean awarded bonuses to top management for safety the same year as the Transocean drilling rig Deepwater Horizon caught fire and sunk causing the largest oil spill in recorded history and 10 dead or missing. BP had its share of tone-deafness in and around that tragedy too but the company has recently been back in the news for a different tone-deaf act.

Last week the Board of Directors of BP awarded a pay raise of effectively 20% to the Chief Executive Officer (CEO) Bob Dudley. This was in spite of a company wide ban on salary raises during the economic downturn in the energy sector. As Houston Chronicle business columnist Chris Tomlinson wrote, in a piece entitled “Times tough at BP, so chief executive gets raise, this raise was “in compensation for managing the company through a dramatic drop in share price, for laying off thousands of employees and endangering the company’s dividend.” Brooke Masters writing in the Financial Times (FT) column The Top Line, in a article entitled “BP chief’s pay rise is maladroit and out of step with Europe, said the pay raise was after the company ran up a $5.2bn loss in 2015.

All of this is rather amazing in light of the BP shareholder near revolt over this pay raise. As Tomlinson noted, there was “a nonbinding vote where 59 percent of those shareholders said Dudley shouldn’t get a raise.” As Master noted, “The only time a UK pay vote has come out worse was in 2009, when shareholders in part-nationalised Royal Bank of Scotland slammed the decision to pay a £703,000 annual pension to Fred Goodwin, the man who drove the bank into the ground.” BP’s response to this criticism? Masters reported that the company “argues Mr. Dudley met all is operational targets and should not be blamed for falling oil prices, or a $9.8 bn charge to settle claims related to the 2010 Gulf of Mexico oil spill.”

Yet it really even gets better (or worse depending on your point of view). Tomlinson reported the Chairman of BP’s Board of Directors said about the shareholder vote “Let me be clear. We hear you.” That is about as close to flipping the proverbial (surfin’) bird at shareholders as one can come. Tomlinson wrote, “Apparently the board can hear but doesn’t care what shareholders think.” Finally, Tomlinson wrote, “What makes Dudley’s compensation hike even more outrageous is that his salary was frozen along with other executives. To get around the companywide policy, the board boosted his bonus 40 percent over last year’s and doubled the payment to his retirement fund.”

Tomlinson raises all of this in the context of just who does the Board represent? In the case of BP, he asks “are they the management team’s peer who run their companies and want the board deferential to them.” Masters focuses more on the optics of the pay rise, arguing “BP’s move seems particularly maladroit at a time of rising anxiety about income equality.” Couple BP’s move with the concerns raised by the release of the Panama Papers and you can see that BP has a very awkward public relations issue on its hands. (Or perhaps, see [Surfin’] Bird, above.)

The only other commentator who consistently ties questions about compensation to corruption is Richard Bistrong. He writes about incentives and how those issues impact employees ‘on the front lines’ of Foreign Corrupt Practices Act (FCPA) compliance. Yet the actions by BP’s board raise some equally troubling issues about compensation at the very top of an organization.

Tomlinson nailed it when he asked who does the Board represent, management or the shareholders? Now imagine a Board who is cozy with management and is made aware of a potential FCPA violation. If that Board has not shown the independence to even objectively evaluate the CEO’s performance in conjunction with compensation, what would give shareholders any comfort they would objectively investigate and evaluate such conduct? After all, any fine and penalty levied for a corporate FCPA violation will, at the end of the day, be borne by the shareholders to pay, not the culpable executives.

Moreover, how will such a Board attitude play out under the strictures of the Yates Memo and Department of Justice (DOJ) Pilot Program for enhanced credit for self-disclosure, investigating and remediation? One might hope that with criminal penalties hanging over their collective heads, Boards of Directors would follow their legal obligations and investigate thoroughly but if the Board is there to simply perform lip service to top management who knows?

This Board attitude also impacts employees in the trenches as well. While Tomlinson asks the basic question “Ask BP employees laid off in Houston if they got a big bonus and a doubling of retirement benefits”? I think the implication for a company’s FCPA compliance program may be equally troubling. I have often used the anecdote about the employee who is more worried about making his quarterly numbers than he is in following the Code of Conduct to make a sale.

Yet here, the Board would seem to be saying it does not really matter what you do (or don’t do). When you are at a high enough senior management level, we are going to reward you. If all that stands between an employee being laid off, without the packages mentioned by Tomlinson, what financial incentive do they have if senior management will receive a pay raise no matter what the individual employee does going forward?

In the area of executive compensation, Tomlinson believes greater government oversight is the answer. Masters, perhaps taking a more English view, hopes Boards and senior management will actually think about not only the consequences of their actions but the optics as well.

On that final note, perhaps an acknowledgment to Volkswagen (VW) might be in order. Last week, VW agreed to cut the bonuses of its top executives. This was done at the request of the Chairman of the Board on down. Too bad there is no cross-fertilization from the VW Board to the BP Board.

For a YouTube version of Surfin Bird, Click here.

For some additional ideas on leadership, just out my most recent book, Effective Leadership Skills in Compliance: CCO 3.0 and Beyond.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

DOJThis week I have been exploring the implications of the Department of Justice (DOJ) announcement last week of a new program Pilot Program around Foreign Corrupt Practices Act (FPCA) enforcement, together with the document, entitled “The Fraud Section’s Foreign Corrupt Practices Act Enforcement Plan and Guidance” (herein “The Guidance”), more fully laying out the specifics of this Pilot Program and providing more background and information for the compliance practitioner. I visited with Arnold & Porter LLP partner Stephen Martin on this exploration and today I conclude this series by looking at what is the impact for the compliance practitioner.

The FCPA commentariat has had several different views of this new Pilot Program. The FCPA Professor has said the Pilot Program is nothing new and renewed his call for a compliance defense, Billy Jacobsen, writing in the FCPA Blog, called the Pilot Program a “swing and a miss” and Mike Volkov said the Pilot Program is a “mixed bag”. My conclusion is different from all of these commentators. I find the Pilot Program to have provided solid, tangible benefits for the Chief Compliance Officer (CCO) or compliance practitioner around the issue of whether or not to self-disclose, coupled with more and additional information about the DOJ expectations for a best practices compliance program.

There are two new categories of credit that companies can receive. These categories are not new but they are identified in writing so that a CCO or compliance practitioner can point to them when having a conversation with a Board of Directors or senior management about the tangible benefits of self-disclosure. As stated in the Guidance, a company can receive up to a 25% reduction off the bottom guideline of the US Sentencing Guidelines fine range if it cooperates and engages in appropriate remediation. A company can receive up to a 50% reduction off the bottom end of the Sentencing Guidelines and will generally not have to sustain a corporate monitor if it self-discloses, cooperates and fully remediates. This means that self-disclosure can lead to a 25% discount greater than no self-disclosure.

As Stephen Martin said, “The question you always get from the general counsel, from the CEO, from the Board of Directors is how do we know we will get credit and what does that credit really look like?” He went on to say, “That was always a tough discussion with the senior manager and the Board of Directors because they look at publicly are these huge fines, huge investigation expenses and they don’t really understand or see the fact that a number of cases are declined for prosecution or really never really go forward. You only see the ones that the wealthy settlements that are out there in the fines. It had been a very tough discussion to have with the senior manager and Board of Directors.” Now you can point directly to this Guidance and tell them “you get a reduction fine up to fifty percent off of the bottom level from the Sentencing Guidelines and not require the appointment of a monitor. It’s a very clear statement from the Department of Justice as to what does it mean to self disclose,” cooperate and remediate.

Yet there is another reason why I think this potential discount is so powerful – you will get double discount credit for engaging in the same conduct. Recall that this Guidance supplements but does not supplant the Sentencing Guidelines. Under those Sentencing Guidelines, there is a reduction in the Culpability Score of up to -5 for self-disclosure, full cooperation and demonstration of responsibility. A company will receive an additional discount of 25% or 50% for engaging in the same activities, in addition to remediation.

Martin believes that these numbers will not only make it easier to speak to a Board and senior management but it will also make it easier for those bodies to grasp the tangible benefits they are receiving by engaging in such conduct. More importantly, he said that it speaks to that long sought metric of what is the return on investment for compliance. Martin stated, “The reality is if you are doing compliance the right way inside of a company and your working on strategic business initiatives and your working with the management and the business immediately. What you are really trying to do is help the company be pro-active, help it understand and reduce it’s risk profile and maximize profitability and if you are doing your job the compliance officers in that fashion you are not a cross netter you are actually a real benefit to the business. Sometimes that is hard to understand, executives when they are looking at budgets and costs. This then ultimately gives a very clear message if you invest in your compliance program, you have an effective compliance program it’s going to protect the business… Those are very clear signals about why this is a great return on investments”.

I also think the Guidance points out the growing importance of the compliance function in a company and the growing need for professionalism among compliance practitioners. This is first time I have heard the DOJ talk about the “quality and experience” of a company’s compliance personnel. Clearly this means that a corporate legal department cannot simply assign an Associate General Counsel to be a CCO. They must have real compliance skills, beyond simply learning the law. Compliance is a much different discipline than a corporate legal department and while a solid legal training and grounding in the law is a start, it is only a start.

The other trend I see at play is the direction of Leslie R. Caldwell and Andrew Weissmann. They have both called for greater clarity and greater transparency in the FCPA enforcement process. They have both worked assiduously to make this the DOJ policy, which I think the Pilot Program and Guidance are a part of going forward. Yet the incentives laid out in the Guidance also support the DOJ focus stated in the Yates Memo, that being to go after individuals who have violated the FCPA. I recognize the proof will be in the pudding but prosecutions move more slowly so it may be some time going forward before there is a dramatic uptick in individual prosecutions under the FCPA.

Yet the Yates Memo (focused on all white collar prosecutions, not simply FCPA) incentivizes corporations to turn over individuals and prosecutors to go after individuals. The now doubled sized of the DOJ’s FCPA unit and three new FBI investigative teams add some real resources and they will not be sitting around doing nothing. The Guidance reinforces the incentives companies have to investigate individuals and name names to the DOJ.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016