A notable passing last week was that of Forrest Gregg, one of the greatest players on one of the greatest teams in the long history of pro football, the 1960s Green Bay Packers. Gregg played right tackle for the Packers and according to his obituary in the New York Times (NYT), coach Vince Lombardi called him the “finest player I have ever coached.” High praise indeed. Gregg was seven-time All-Pro and was “selected for the Pro Bowl nine times. He was elected to the Pro Football Hall of Fame in Canton, Ohio, in 1977, his first year of eligibility, and was named to the N.F.L.’s 75th anniversary team in 1994.”

Gregg’s final year in the National Football League (NFL) was with my team, the Dallas Cowboys, and he used all his amassed wiles to help the Cowboys win their first world championship, defeating the Miami Dolphins in Super Bowl VI in 1972. Gregg also coached after his playing days were over. He took the Cincinnati Bengals to Super Bowl XVII in 1983 where they lost to the San Francisco 49ers. He also led Southern Methodist University (SMU) out of the abyss after it was delivered the Death Penalty, coaching at his alma mater from 1989 to 1993.

Gregg introduces us to consistent greatness. In the compliance world, consistency is one of the keys to a successful compliance program. One of those areas where consistency is mandated is in contracting. I was therefore intrigued by a 2018 piece by Beverly Rich, writing in a Harvard Business Review (HBR) article, entitled “How AI is Changing Contracting”. In this article Rich explored several areas where Artificial Intelligence (AI) can assist the compliance professional. I was particularly interested in her opening sentence, “Contracting is a common activity, but it is one that few companies do efficiently or effectively. In fact, it has been estimated that inefficient contracting causes firms to lose between 5% to 40% of value on a given deal, depending on circumstances. But recent technological developments like artificial intelligence (AI) are now helping companies overcome many of the challenges to contracting.”

Having consistency in the compliance terms and conditions of any contract is a critical aspect of the compliance professional. While there will certainly be negotiation over a wide variety of terms and conditions, from the financial and payment terms, to the operational terms, to the legal terms, companies need consistency with their compliance terms and conditions. This is particularly true given the paucity of compliance terms which should be put in place.

Equally importantly, AI can easily extract data and clarify the content of contracts to perform a number of analysis. Rich notes AI can “quickly pull and organize the renewal dates and renegotiation terms from any number of contracts. It can let companies review contracts more rapidly, organize and locate large amounts of contract data more easily, decrease the potential for contract disputes (and antagonistic contract negotiations), and increase the volume of contracts it is able to negotiate and execute.” Moreover, it can lead to an increase in both “productivity and efficiency in their contracting.”

Rich believes by using AI contracting software there is the potential to improve how organizations contract in three ways: “by changing the tools firms use to contract, influencing the content of contracts, and affecting the processes by which firms contract.” The first area is in contract management. Here AI contracting software can identify contract types through algorithms to recognize patterns and extract key variables. This allows management of contracts more effectively so you can more efficiently determine the terms in each contract. Rich noted one specific compliance component, “AI contracting software can quickly sort through a large volume of contracts and flag individual contracts based on firm-specified criteria.”

The next area is around contract consistency. Here the key is maintaining term and usage consistent in your contracts. But it also works at scale as well. Rich relates, “Being able to identify and extract key data points helps firms organize and execute contracts as well.” In an organization with a large number of vendor contracts, you need to ensure documentation of exceptions to standard terms and conditions as variations in compliance provisions are the bane of compliance professionals. Rich concluded, “Managing variations is a huge undertaking that requires proactive organization. But AI contracting software can record and standardize these provisions in the company’s contracts and in those that vendors send, making it far easier to identify instances of noncompliance and ensure that unfavorable provisions are dealt with promptly.” Of course, AI can quickly (and efficiently) point out clauses which are suboptimal as well.

For the compliance professional this probably means less time pushing through rote terms and conditions and more time focusing on true risk assessments and risk management in the contracting process. Compliance professionals, even those with legal training and perhaps a legal role at the organization, will shift their focus from routine activities to much more high value work involved in shaping strategies and navigating complex compliance issues.

AI will not replace compliance practitioners, contracting professional or lawyers. This means you must understand what AI can and cannot do in the contracting realm. While AI currently offers the highest value add to companies with large volumes of contracts by cutting time spent in contract review and drafting for issues that come from more routinized transactions. Rich concluded her piece by noting that AI around contracting is “currently at a midpoint: One stream of development will be in industries with highly routinized, template-based contracts. Here, AI contracting technology will be used in a blockchain model, allowing contracts to evolve and essentially re-write themselves according to the parties’ needs. The other main use will be to help develop contracting standards, such as how to debate and structure certain clauses. When companies negotiating a contract can easily access every similar contract from the past twenty years” to “see what wording is most commonly used, we should see less onerous negotiating over clauses, leading to an easier contracting process.”

For the compliance professional this means that less may well slip through the cracks and you will not be in an after the fact position of finding out that your agent or distributor in a high-risk venue does not have an audit clause.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2019

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I take a deep dive into recently released NAVEX Global 2019 Ethics & Compliance Hotline Benchmark Report. We consider the details from the report and ask the following question “are you using all the right intake channels to capture a true sense of misconduct and corporate culture at your organization?” Some of the highlights include:

Some of the highlights include:

  • What are the intake channels available to your organization?
  • If you are only tracking complaints through a formal system, you may well be missing a wider variety and rich source of information.
  • Moving your intake past simply what the law requires will give you a much better accounting of your organization’s culture.
  • How can you improve your intake?
  • Has closure time for reported increase or decrease?
  • What has been the continued impact of #MeToo?

For more reading check out Matt’s blog post “Hotline Metrics-are you missing any?”

To read the full NAVEX Global 2019 Ethics & Compliance Hotline Benchmark Report, click here.

I recently had the chance to visit with David Childers, Senior Vice President at The Ethics & Compliance Initiative (ECI). We discussedECI’s High Quality Ethics & Compliance Program (HQP) Self-Assessment Tool. You can check out the full podcast here. We also discussed ECI’s great new resource, HQP, which is something that every compliance practitioner should take advantage of for their corporate compliance program.

ECI’s HQP is great way for every compliance professional to consider their corporate compliance program from a variety of approaches. HQP can help you to design, implement or assess a compliance program. Childers explained, “We spent a couple of years, really studying this to come down to five principles. The principles are related to strategy, risk management, culture speaking up and accountability. What I think most people would consider to be a pillar, a good ethics and compliance program.”

Childers went on to flesh out each principle, “We think about strategy in an ethics and compliance program as central to the business operations and strategy. Second, compliance risks are identified, owned, managed and mitigated in the same way that organizations look at other aspects of their Enterprise Risk Management program.” One of the things that ECI research has shown “is that managers and supervisors have an amazing amount of influence in an organization.” This leads to Principal 4 that “leaders at all levels across the organization build and sustain a culture of integrity. Under Principle 4, an organization itself encourages, protects and values the reporting of concerns and suspected wrong doing. Finally, under Principle 5, an organization takes action and holds itself and the people in its organization accountable when things go wrong.”

HQP is a measure of where an organization believes their ethics and compliance (E&C) program operates based on the five principles. “The assessment can be used in several ways. We have organizations that are looking for program improvement. The assessment can be a baseline for measured improvement. It can also be a qualification. As we said this isn’t about a score. In some industries, being at the managing level of maturity may be sufficient for their risk. Most of all it is a great way to create dialog and discussion with your leadership using a definitive measure of your program.”

One great thing about HQP is that it ties directly into what the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) expect, as articulated in the Ten Hallmarks of an Effective Compliance Program. Indeed, it fits directly into Hallmark Nine regarding ongoing monitoring by a company to monitor its own program, then remediate or improve as appropriate. Moreover, from the DOJ’s perspective, they continually ask us how can you demonstrate your program is effective? This means if a company finds itself embroiled in a Foreign Corrupt Practices Act (FCPA) investigation, they must be able to present solid factual data that the program is effective.

HQP can help a company to see if its program is effective. If not, what are the deficiencies? Further, “it would assist a company to understand what they need to do to move towards having an effective program. This would allow a compliance practitioner, in a variety of ways, from literally sitting at their desk, to see where our program might be benchmarking, but if a regulator comes knocking, they certainly have the data to demonstrate effectiveness.”

Moreover, as Childers explained, it does so in a “a non-invasive way. The survey doesn’t take long to complete, yet the information that you gained from it is quite telling. Using the HQP Assessment Tool a compliance professional has the opportunity to be able to do an assessment throughout a year or over a period of time as you are making changes to your program. It also creates a great baseline for improvement.”

Childers also noted that there are other insights provided by HQP, which “we are starting to see from some of the data that is coming from different industries.” This means, “based upon the risk profile of an organization, you may not need to be at 100% of the capacity for an ethics and compliance program, 70% may be more than justified.” This type of information is critical for the DOJ  and SEC as well, because “they’re not comparing all programs the same because we all know that everybody’s program is somewhat different. The results are also beginning to show us some of the areas where compliance programs may be based upon a number of factors which may make optimization more difficult.” Childers concluded it is “exciting for me because it just opens up another realm of research for us to move into, to look at how we might be able to help organizations get over some of those hurdles and move to a higher level of optimization.”

While the HQP methodology is fairly complex, in practice it is straight-forward to use. “For any participant it is only 107 multiple choice questions and it takes less than 30 minutes to complete. It is designed to measure compliance program maturity based on a combination of questions regarding 27 operating components and more than 100 program practices. It consists of four categories of reporting information for each principal, which include: (1) What to measure/review; (2) Questions to consider; (3) Potential sources of information; and (4) Leading practices illustrative of HQPs.”

Finally, this year’s ECI annual conference is entitled “The Ultimate Ethics & Compliance Benchmarking Event” and will feature multiple sessions around ECI’s revolutionary HQP Self- Assessment Tool. You will learn about obtaining:

  • Actual measures of the maturity of your E&C program
  • Reliable benchmarks of the progress of your organization, compared to industry peers
  • Ideas from best practice, specifically related to the areas where you are hoping to improve

Further, through a series of keynotes and small-group benchmarking sessions, you will obtain industry comparisons, contextualize the benchmarks, define what they mean for your program and organization, and discuss practical strategies for improvement. All of this will give you never-before-seen insights in to the way your E&C program functions.

I will be leading a panel on the HQP Self-Assessment Tool so I hope you can plan to join me at this great event. For registration and information on IMPACT2019 click here.

For more information on HQP, go to www.ethics.org

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2019

We are at the end of my exploration of the long-awaited Fresenius Medical Care AG & Co. KGaA (FMC) Foreign Corrupt Practices Act (FCPA) enforcement action. I have explored the background, the underlying facts, the bribery schemes used and lessons for the compliance professional from those bribery schemes, the steps the company took which facilitated its steep discount of the eventual penalty paid. We have now had three significant FCPA enforcement actions in 2019; FMC, Cognizant Technology Solutions Corporation (Cognizant) and Mobile TeleSystems PJSC (MTS). All three demonstrated the 2017 FCPA Corporate Enforcement Policy (Policy) at work.

In a speech to the 33rd Annual ABA National Institute on White Collar Crime Conference last month,  Assistant Attorney General Brian Benczkowski spoke about the Policy. Initially this Policy has led to greater transparency from the Department of Justice (DOJ). Benczkowski  said that the DOJ strives “to be open books about which factors we find aggravating, which we find mitigating, and how each is penalized, credited, and ultimately weighed.” Yet it is more than having transparency. It is also about clarity in conveying “the right incentives for responsible corporate behavior” and not simply slapping on fines and penalties “imposed for penalties’ sake.” Finally, it is about fairness as the DOJ “will avoid penalties that disproportionately punish innocent employees, shareholders, customers, and other stakeholders.”

 

But more than simply all this, is the clarity brought by the Policy and how the DOJ has implemented it. Benczkowski noted that the Policy details “standards for what constitutes voluntary self-disclosure, full cooperation, and timely remediation”. Further, the Policy “fosters transparency about when credit is due, and how we will award that credit.  With that information, companies and their officers will be better equipped to engage in rational decision-making about the steps they should take to qualify for a declination.” He ended this section of his remarks by stating, “At the end of the day, companies that voluntarily self-disclose, take steps to prevent misconduct through robust compliance programs, and take appropriate remedial steps when misconduct is detected should know that they will get a fair shake from the Department.”

Fresenius

With no self-disclosure, FMC was not eligible for a Declination. Yet the company did receive a 40% reduction from the minimum of the US Sentencing Guidelines as its criminal penalty. They achieved this reduction through an extensive remediation program and robust cooperation with the DOJ in the investigation, which I have previously highlighted. It not only included the robust nature of the investigation but its assistance to the DOJ. FMC went above and beyond in obtaining and providing documents, securing witness testimony and presenting witnesses to the DOJ and disclosing conduct that was outside the scope of its initial voluntary self-disclosure. In the area of remedial action, the company took swift steps to terminate or separate from employment those directly involved in the bribery schemes, enhancing its internal controls, policies and procedures, upgrading its third-party program and increasing oversight and monitoring.

Cognizant Technology

While the FMC FCPA enforcement action did not feature a self-disclosure by the company, the Cognizant FCPA enforcement action did. This self-disclosure was a critical element in the company receiving a full Declination in the face of C-Suite directing the bribery scheme. About that Declination, Benczkowski said, “Notwithstanding the fact that the misconduct reached the highest levels of the company, we declined prosecution. And we have made it clear why: The company voluntarily self-disclosed the conduct within two weeks of when the company’s board learned of it. As a result, the Department was able to identify the culpable individuals – and indeed, we have announced charges against the former president and the former chief legal officer of the company for their alleged involvement in the scheme.”

MTS

In the MTS FCPA enforcement action there were none of the factors present that led to FMC or Cognizant receiving reductions. In applying the Policy factors, MTS did not voluntarily disclose the matter to the DOJ; MTS’s cooperation and remediation was lacking because it was slow to provide information and evidence in response to DOJ requests and MTS failed to discipline senior executives involved in the conduct. The DOJ also noted a mitigating factor included the fact that the Uzbek government expropriated MTS’s telecommunications assets in Uzbekistan, resulting in no realized pecuniary gain to the companies’ telecommunications assets in Uzbekistan. As a result, the DOJ and MTS agreed that MTS would pay a total fine equal to 25% above the bottom of the US Sentencing Guidelines range.

Beyond MTS’ monetary penalty, the company’s wholly owned Uzbek subsidiary pled guilty to conspiracy to violate the FCPA’s anti-bribery and books and records provisions. The DOJ also announced charges against two individuals, the former Uzbek government official Gulnara Karimova and Bekhzod Akhmedov, the former Chief Executive Officer (CEO) based in Uzbekistan.

There are those who still criticize the DOJ for even developing the Policy or applying it. Such criticism fails to even consider the application of the Policy in practice and therefore does not speak to the compliance aspect of the Policy or even to the compliance professional. For it is in the application of the Policy where the rubber meets the road. One can only conclude from the application of the Policy since its inception in November 2017, through the additions and modifications made to date, it is working. Companies are receiving real benefits just as the DOJ intended.

Going forward, through this application of the Policy, the DOJ has laid out what companies need to do from the compliance perspective if they find themselves in a FCPA enforcement action.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2019

What if compliance training didn’t have to be boring? Joining us on this episode is Andrew Rawson, the Chief Learning Officer for Traliant, a compliance training company. Today we’re talking about the future of compliance training: how to make it truly effective, useful, and even fun.

The importance of training

The last couple of years have seen the intersection of two seismic forces that have created tremendous demand for quality training. The first was the #MeToo movement, which has brought up the whole topic of compliance training around sexual harassment — so much so that it’s become a need to have instead of a nice to have, even in states where it isn’t required. The second was a change in regulations in different states across the country, now requiring more than 10 million people to be trained.

Effective compliance training

There is a difference between teaching people about the law and teaching them what to do. At Traliant, they wanted to train people how to behave. What do you do when you’re faced with a particular situation? That should be the focus.

The training is also intentionally more modern: well-designed interfaces, interactive videos, professional actors, point systems, getting senior management to record training segments for their peers  — all of which help make learning more engaging.

An important part of making training effective is making sure that people are encouraged to speak up, and that when they do, they’ll be protected. You might not be able to stop bad actors, but you can encourage witnesses to point out the behavior.

Moving away from check-the-box training

Much of compliance training is very check-the-box: a once-a-year thing that companies do to get it over with. But that’s not an effective approach. Traliant has gone from doing one-and-done sessions to creating a more holistic training approach. Examples are 15-20 minute courses for managers involved in investigations and two-minute training videos on dating in the workplace that they call “sparks” — because they’re meant to spark conversations.

Preventing Workplace Sexual Harassment: 4 Top Trends for 2019

  1.  The Equal Employment Opportunity Commission (EEOC) is keeping workplace harassment training front and center, remaining one of its top priorities.
  2. Harassment training continues to evolve, and we’re seeing a shift from helping companies avoid liability to helping people behave properly.
  3. Training is highly state-driven, given their different requirements. So Traliant has built a platform where people can access the training relevant to them, instead of a one-size-fits-all course.
  4. There is a focus on building respectful, inclusive work cultures that embrace compliance training not because they have to, but because they want to.

Resources

Andrew Rawson (LinkedIn)

Traliant (Website)

Preventing Workplace Sexual Harassment: 4 Top Trends for 2019