One of America’s most unique personalities died, as Texan Ross Perot passed away this week. According to his New York Times (NYT) obituary, “He was no quitter: an Eagle Scout, a Navy officer out of Annapolis, a top I.B.M. salesman, the founder of wildly successful data processing enterprises, a crusader for education and against drugs, a billionaire philanthropist. In 1969, he became a kind of folk hero with a quixotic attempt to fly medicine and food to American prisoners of war in North Vietnam.” One thing that Perot continually mandated was accurate information from which he developed his opportunities, which informs today’s blog post on ongoing monitoring as laid out in the Justice Department’s recently released Evaluation of Corporate Compliance Programs, 2019 Guidance.

The 2019 Guidance mandated that one of the critical elements required in any best practices compliance program is to  use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report or any other manner to remediate the situation which allowed it to arise. Under the third general question of how you demonstrate your compliance program actually works in practices, the Guidance  states:

Finally, a hallmark of a compliance program that is working effectively in practice is the extent to which a company is able to conduct a thoughtful root cause analysis of misconduct and timely and appropriately remediate to address the root causes.

Moreover a key component of this requirement is to use the information you have garnered in continuous monitoring, root cause analysis and other tools to improve your compliance program. This is demonstrated by a continuous feedback loop. Compliance practitioners are often confronted with the question: that is how to put into practice these requirements. One solution worth considering has been put forth by Alistair Croll, in an eBook entitled “Planning for Big Data” published by O’Reilly Radar, he notes that big data will allow innovation through the “feedback economy.” This is a step beyond the information economy, because you are using the information that you have generated and collected as a source of information to guide you going forward. Information itself is not the greatest advantage but using it to make your business more agile, efficient and profitable is the greatest advantage.

Croll draws on military theory to illustrate his concept of a feedback loop. It is the OODA loop, which stands for observe, orient, decide and act. This comes from military strategist John Boyd who realized that combat “consisted of observing your circumstances, orienting yourself to your enemy’s way of thinking and your environment, deciding on a course of action and then acting on it.” Croll believes that the success of OODA is in large part due to its circular nature, which drives early actions to feed back into later (and hopefully wiser) actions. This should allow combatants to “get inside their opponent’s loop, outsmarting and outmaneuvering them” because the system itself learns. For the CCO, this means that if your company can collect and analyze information better, you can act on that information faster.

Croll believes one of the greatest impediments to using this OODA feedback loop is the surplus of noise in the data. “We need to capture and analyze it well, separating the digital wheat from the digital chaff, identifying meaningful undercurrents while ignoring meaningless flotsam”. “To do this we need to move to more robust system to put the data into a more usable format.” Croll moves through each of the steps in how a company collects, analyzes and acts on data.

The first step is data collection, where the challenge is both the sheer amount of data coming in and its size. Once the data comes in, it must be ingested and cleaned. If it comes into your organization in an unstructured format, you will need to cut it up and put into the correct database format for use. Croll touches on the storage component of where you place the data, whether in servers or on the cloud.

A key insight from Croll is the issue of platforms, which are the frameworks used to crunch large amounts of data more quickly. His key intuition is to break up the data, so it can be considered and acted upon more quickly.

Another important component is machine learning and its importance in the data supply chain. Machines are better at filtering extraneous data, but as important as machine learning is in big data collection and analysis, there is no substitute for human analysis. However, for many business leaders, displaying the data is most difficult because it is not generally in a readable form. It is important to portray the data in more visual style to help convey various data sources into navigable 3D environments.

Of course, having all this data is of zero use unless you act on it. Big data can be used in a wide variety of decision making, from employment evaluations around hiring and firing decisions, to strategic planning, to risk management and compliance programs. But it does take a shift in compliance thinking to use such data.

Croll ends his chapter by noting, “big data supply chain is the organizational OODA loop.” But unlike the OODA loop, it is more than simply about the loop and plugging information as you move through it. He believes “big data is mostly about feedback”; that is, obtaining the impact of the risks you have accepted. For this to work in compliance, a company’s compliance discipline needs to both understand and “choose a course of action based upon the results, then observe what happens and use that information to collect new data or analyze things in a different way. It’s a process of continuous optimization.”

Whether you consider the OODA loop or the big data supply chain feedback mechanism, this process, coupled with the data that is available to you, should facilitate a more agile and directed business. The feedback components in both processes allow you to make adjustments literally on the fly.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2019

Today we honor the US Women’s Soccer team who won their fourth World Cup over the weekend by defeating The Netherlands. The US controlled the entire match, much as they had for the entire tournament. They were tested to be sure by host country France, England and Sweden but they were clearly the most talented and deepest squad. The tournament capped off a great few weeks of soccer, not women’s soccer, just soccer. The US team did all this while locked in a dispute with the US Soccer Federation about their unequal pay with the men’s team. Even though the US Women’s team now brings in more revenue than the men’s team; the US Soccer Federation claims that should not be the basis of compensation. The blatant discrimination by the US Soccer Federation informs today’s consideration of the role of Human Resources (HR) in compliance.

I have long advocated for a greater role of HR in compliance. Indeed, one sign of a mature Foreign Corrupt Practices Act (FCPA) compliance and ethics program is the extent to which a company’s HR Department is involved in implementing a compliance solution. While many practitioners do not immediately consider HR as a key component of a compliance solution, it can be one of the lynch pins in spreading a company’s commitment to compliance throughout the employee base. HR can also be used to ‘connect the dots’ in many divergent elements of a compliance and ethics program.

Even more important is the operationalization of compliance into the fabric of the business. One of the key indicia of compliance program effectiveness is how thoroughly each separate corporate discipline incorporates compliance into its everyday job functions. An active and functioning compliance program will literally be alive in each department in an organization.

HR has as many touchpoints as any other corporation function with employees. From interviews to onboarding, through evaluations and performance appraisals, even to the separation process; HR leads many of the corporate touchpoints. Each one of these touchpoints can be used to teach, educate and reinforce the message of doing business ethically and in compliance with laws such as the FCPA.

The Evaluation of Corporate Compliance Programs, 2019 Guidance, listed at least three specific areas of HR touchpoints in a best practices compliance program:

Human Resources Process– Who participates in making disciplinary decisions, including for the type of misconduct at issue? Is the same process followed for each instance of misconduct, and if not, why? Are the actual reasons for discipline communicated to employees? If not, why not? Are there legal or investigation-related reasons for restricting information, or have pre-textual reasons been provided to protect the company from whistleblowing or outside scrutiny?

 Consistent Application– Have disciplinary actions and incentives been fairly andconsistently applied across the organization? Are there similar instances of misconduct that were treated disparately, and if so, why?

 Incentive System– Has the company considered the implications of its incentives and rewards on compliance? How does the company incentivize compliance and ethical behavior? Have there been specific examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethics considerations? Who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel?

When you consider the number of touchpoints HR has in the employment lifecycle, from pre-employment screening and interviewing; onboarding; training; annual reviews and assessments; promotions to exit strategies, its role in facilitating the operationalization of compliance becomes clear. At each of these touchpoints, HR can take the lead in operationalizing compliance. Additionally, each touchpoint provides an opportunity for ongoing communications with a prospective employee, newly hired employee, seasoned employee or one moving up into the ranks of management about the need for ethical dealings and compliance with company values as set out in the Code of Conduct and operationalized in the compliance policies and procedures.

By using these touchpoints HR can demonstrate the shared commitment requirement found in the 2019 Guidance as well as the requirement for ongoing communications. There are few other corporate departments which have so many employee touchpoints as HR. Every compliance practitioner should use HR to operationalize compliance through the variety of touchpoints and expertise available to a compliance professional through a corporate HR department. As a key first step, I would suggest that every compliance professional head down to your corporate HR department and have a cup of coffee with your functional equivalent in HR. Find out not only what they do but how they do it and then explore how you can further operationalize your compliance program through these HR-employee touchpoints.

Hats off the US Women’s team for true excellence in the face of such discrimination by their own soccer federation.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2019

 

In this episode of the FCPA Compliance Report, I visit Justin Muscolino, Head of North American Compliance Training Operations for GRC Solution.

Some of the highlights include:

  1. Why do organizations struggle so much with culture and what impact can compliance training have to improve this?
  2. What do organizations often get wrong when it comes to training?
  3. What happens when organizations do not target their training?
  4. One of the issues that organizations face is measuring the effectiveness of their training benchmarking that their compliance is working. How can a compliance professional consider benchmarking?
  5. In a blog post on the GRC Solutions website you also look at the training compliance professionals to improve their culture?  How can you train compliance officers around this issue?
  6. Any advice for companies trying to get the right culture in their organizations?

You can find more information on GRC Solutions by checking out their website, here.

Starting from the conviction that the collaborative work between French professionals of the Compliance realm brings a new approach of the risk management, the association “Le Cercle de la Compliance” or “The Circle of the Compliance” (The Circle), was created in 2011. It brought together compliance professionals from all walks of life; in-house compliance officers, lawyers, Audit, Internal Control, Supply Chain, Procurement, Human Resources, external law firms, consultants and compliance service providers. The Circle’s mission is to raise awareness of Compliance in France with legal directors, compliance specialists and general management.

The Circle organizes major events, conferences, breakfasts and other panels, led by experts and specialists from France and abroad. In 2017, France passed the seminal anti-corruption law, Sapin II, which created an electroshock in France and mobilized the compliance profession within the country. The Circle fulfills a huge need in the French compliance community. I was privileged to speak at the recently concluded Retreat and CompTech Forum in Paris.

President Catherine Delhaye has held the position since November 2017 and opened the conference, leading panel discussion on the state of the compliance profession in France. The event was a two-day affair, with Day One focused on the compliance professional and profession in France. Day One ended with a keynote speech by Google’s Global Privacy Counsel, Peter Fleischer with a fascinating discussion of the challenges in data privacy/data protection and  some of the advances in AI that are here today.  Day Two was focused on corporate compliance programs in France. I led off the discussion on Day Two with a talk on fully operationalizing a corporate compliance program. Other programs included investigations and interviews, best practices for the management of third parties and the use of ComTech (or what the French call ‘CompTech’) in a best practices compliance program. A highlight for me was the panel on investigations where Max Roche,  Compliance Manager, Direct Funding at the World Economic Forum talked about his self-styled role of Columbo he used during interviews. He had all the techniques down, save and except the rumpled trench coat. But who knows, he may wear the coat into the interview to full out his persona.

One of the things that I found most interesting about the state of corporate compliance programs in France is that as a relatively corporate discipline it has the opportunity to bypass the phase of compliance “by lawyers, for lawyers” that existed from 2004 to 2015. This was the era where Codes of Conduct, Policies and Procedures were largely drafted by lawyers, with little to no reference to business processes. In this phase compliance professionals were largely seen as ‘Dr. No from the Land of No’ because of mindset of in-house counsel, where the goal was to protect the corporation, not prevent, detect and remediateas was advocated by the Department of Justice (DOJ) and most compliance commentators.

However, that phase ended with the awareness that compliance is a business process which not only facilitates greater business efficiency but enhances corporate profitability. The Circle recognizes this through its embracing of technological service providers as a key component of the compliance solution. This unique situation allows French compliance professionals to move directly to operationalizing compliance programs, which of course is the most recent thinking of the DOJ. Much of the conference focused on the use of technological tools and how compliance, properly seen, is a business process.

It was fascinating to watch and listen to compliance professionals consider how they could integrate compliance directly into their business. It was an exciting process to see as the attendees at the conference were ready, willing and eager to learn not only about current best practices but also the cutting edge of technical solutions for their corporate compliance programs.

One of the most interesting initiatives of The Circle is Compliance 2024. Shortly after the passage of Sapin II, Paris was awarded the 2024 Olympic Games. The Circle believes that the “duty of vigilance under this law marks the convergence between compliance and respect for human rights.” What is the relationship between these events for the French compliance communities? As France will be at the highest level on the world’s stage for the Olympics, the Circle believes that “compliance and ethics prevail throughout the organization of the Olympics of Paris 2024.”

With a will driven by a new breath, the International Olympic Committee (IOC) is leading the fight  against corruption and violation of human rights. Paris will be the first host city of the Olympic Games to comply with a new obligation to fight against corruption and respect for human rights as part of its contract with the IOC. The compliance program that will be put in place as well as the integrity of future Games could therefore become a reference for the future of not only the Olympics but also other major sporting events.

Compliance 2024 brings together French players who want to make the Paris Olympics a model of integrity likely to inspire the next host cities and other major sports organizations. Compliance 2024 has partnered with one of the top compliance professionals in academia, Professor Andy Spalding, a global expert on Olympic compliance issues. In this context, The Circle asked Professor Spalding to form an Olympic Compliance Task Force (of which I am a member) to bring together international opinion leaders on human rights issues and corruption in mega-sporting events to help. Compliance 2024 will identify good practices and specific risks of corruption and human rights abuses and will be represented in the Task Force by Cécilia Fellouse-Guenkel, General Secretary of The Circle.

The Circle is fast becoming one of the leading compliance and ethics forums in France. Much as the Greater Houston Business and Ethics Roundtable (GHBER) fills a need for compliance professionals in the City of Houston, The Circle is rapidly filling that need in France. I found it exciting and exhilarating to be surrounded by such a group of compliance professionals, unencumbered with the legacies of the past, which have largely been discarded, moving forward to create compliance for 2020 and beyond.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2019

In this episode of the FCPA Compliance Report, I visit with Brandon Daniels, who is the President of Global Technology Markets for Exiger. Daniels is regulatory expert and technology practitioner, bringing more than 15 years in senior management across the financial services, life sciences and energy sectors. He has a reputation for technological innovation in regulatory investigations and compliance management.

Some of the highlights include:

  1. Daniels’ professional background, how he got to Exiger and his current role at the company.
  2. What are some of the key technological innovations Daniels has recently seen in the way in which investigations are being handled?
  3. We discuss how can Exiger’s technological solutions help a CCO get their arms around the unstructured data which is available to them inside their organization?
  4. How can technology be used to create predictive models to rank offshore companies for potential tax and corruption risk?
  5. How can a technological solution can be used to help perform a compliance risk assessment?
  6. How do Exiger technological solutions assist compliance professionals to improve their corporate culture?

For more information on Exiger, check out the firm’s website here. For more information on Brandon Daniels, check out his firm profile here.