The current economic climate continues to be in flux, with many companies falling back to Plan C, which is hunker down and ride things out until the next Presidential election and hope for some clarity in 2020. This obviously requires continued perseverance even if your crystal ball remains murky. For US, multinational companies with a global focus, this challenge is doubly difficult given the instability of the government’s position on a wide variety of international issues, literally from day-to-day. Now add in the compliance practitioner’s responsibilities and you begin to see the difficulties moving forward.

I was therefore interested in a recent article in the Harvard Business Journal (HBJ), entitled Globalization in the Age of Trump”, where Pankaj Ghemawat provided insights into how businesses might think about moving forward. I found many of the ideas useful for a Chief Compliance Officer (CCO) of a multinational to think about assessing not only the Trump effect on compliance but the inherent protectionism and what it might mean for compliance going forward.

The first key insight is that globalization has not gone into reverse. To be sure it has slowed somewhat but is still steady. The DHL Global Connectedness Index, which tracks international trade, capital, information and people flows, noted that for the latest year where data is available, 2015, globalization has slowed but not gone into reverse. The author believes this finding turns on two principals which govern commercial globalization. The first is that “international activity, while significant, is much less intense than domestic activity.” The second is that “international interactions are dampened by distance along cultural, administrative, geographic, and, often, economic dimensions.”

If you consider both of those principals from the compliance perspective you can begin to see some of the challenges which lie ahead for any CCO or compliance practitioner. The first is that compliance tends to be more robust where there is the greatest amount of business and for almost every US company that means in the US. The second challenge presented is that international operations bring on their own unique set of cultural, administrative, geographic and economic challenges not presented inside the US. I would ask each CCO to consider whether they have assessed, let alone addressed, your compliance program from these parameters.

The author went on to put forward three different ways for a business leader to consider moving forward under the current Trump administration uncertainty. For any CCO or compliance professional you should contemplate these approaches and then consider the compliance function response. Obviously, they present different risks but with the mandate to operationalize your compliance program as set out in the Department of Justice’s (DOJ’s) Evaluation of Corporate Compliance Program (Evaluation), this type of approach is warranted.

The first question Ghemawat posed is “Where to Compete?” and he noted, “in an environment of plunging commodity prices, dropping demand for globalization-related services, and, for U.S. companies, shifts in exchange rates—factors that clearly played outsize roles in the performance numbers. And longer-term declines over the past decade coincide with a period in which globalization actually slowed down.” Yet what he found lacking was any significant analysis of why there was any downturn in a specific market, using “a case-by-case approach in which a globalization-related move is evaluated on its own merits rather than subjected to some sweeping injunction about whether to go forth and globalize or to come back home.” However, even without such a rigorous assessment, “many multinational companies do need to pay renewed attention to where they compete—in other words, to market selection.”

This type of analysis would seem almost self-evident to any robust compliance program. However, without true operationalization of compliance my guess would be most compliance programs take a much broader global approach and consider the business in every market. The author believes that most companies have four top markets, including their home market, which generally accounts for up to 60% of corporate sales. This information allows a CCO to marshal the compliance resources for those markets, perform risk assessments which identify, analyze and address the compliance risks faced in those markets and manage them going forward.

From the compliance perspective, you might consider looking towards business “opportunities where they can find cultural, administrative/political, geographic, and economic affinities.” Such an approach would allow compliance to build upon existing structures and culture to more fully integrate compliance into the business planning going forward. This is the type of operationalization I think the Evaluation is designed to foster going forward.

The second factor Ghemawat puts forward is “How to Compete?” as your business may be required to use a mix of strategies going forward. Here he points to three globalization strategies he has previously articulated; “Companies use adaptation when they want to adjust to cross-country differences in order to be locally responsive. They use aggregation to achieve economies of scale and scope that extend across national borders. And arbitrage strategies are used to exploit differences, such as low labor costs in one country or better tax incentives in another.”

Your business answers to these questions will go a long way towards dictating your compliance response. But you will only know where to start if you are participating in these decisions or at least are aware of them so you can adequately assess the compliance risks. If it turns out that one strategy is more problematic than another from the compliance perspective, you can add that to senior management’s decision making calculus.

In one of his more interesting insights, Ghemawat also advised that beyond where and how to compete is the issue of engaging with the local society. Here he pointed to the backlash against globalization, both in the US and abroad as really a backlash against big business. He wrote that “Multinational companies need to craft governmental and societal agendas that are both localized and linked across countries. Anti-globalization pressures require that multinationals deliver more local benefits—and communicate about them—in the countries where they operate. Such efforts must go well beyond compliance to include contributions in the form of jobs, technology, and so forth.”

Not only does this final point speak to the greater requirements of a sustainable Corporate Social Responsibility (CSR) program but it also relates to the operationalization requirement by moving the compliance functions closer to the front lines of a business where it will be in a better position to do more business ethically and in compliance which can only help to win over local markets. This is yet another way in which compliance can be used to further business goals, make business more efficient and at the end of the day more profitable.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017

In this episode I visit with James Koukios, a partner at Morrison and Foerster on the firm’s newsletter, Top Ten International Anti-Corruption Developments for May 2017. Our topics include:

  1. FCPA Assistant Chief BJ Stieglitz has been selected for detail to UK Financial Enforcement Authorities. We discuss how does a prosecutor work overseas, what this might mean for prosecutions going forward both in the US and UK and what is the relationship of the DOJ with its British counterparts?
  2. The DOJ has moved to terminate its DPA over Hewlett-Packard. We discuss what it means to have a DPA terminated and what is the role of the DOJ in this phase? We also consider what is the decision-making process if a DPA has to be extended due to continued or new conduct by a company under such an agreement.
  3. Finally, we consider some of the difficulties of some of the DOJ’s Challenges in Obtaining Foreign Evidence, through a recent ruling in Civil Forfeiture Case. On May 9, 2017, In the case of United States v. Prevezon Holdings Ltd., Southern District of New York Judge William H. Pauley III, ruled that certain evidence obtained by prosecutors from foreign sources was admissible in a civil asset forfeiture case, notwithstanding that the documents lacked the requisite certifications under the Federal Rules of Evidence. We consider the process for getting information from overseas; why it takes so long, what happens if it does not meet US evidentiary or even admissibility standards?

To see a full copy of the firm’s publication, Top Ten International Anti-Corruption Developments for May 2017, click here.

Just as he did in 2013, in 2015 and in 2016, Kenyan-born British cycling star Chris Froome crossed the finish line in Paris wearing the Yellow Jersey as this year’s winner of the Tour de France. As reported by Chris Chavez, in Sport Illustrated online journal, “He took the victory without winning any of the 21 stages. He is Britain’s first four-time winner of the Tour. Froome previously won the Tour in 2013, 2015 and 2016.” So, for the fourth time, a tip of the cycling helmet to Chris Froome.

Chavez further noted that Froome “is the fifth rider to win four Tour de France titles and next year he could join Jacques Anquetil, Eddy Merckx, Bernard Hinault and Miguel Indurain as the five-time champions.” While he has certainly not been as flashy as many champions or even stage winners he has done the work to be the Sky Team leader and now four-time champion. I thought about Froome’s win as I read an article in today’s New York Times (NYT) opinion section, entitled “Let’s Get Excited About Maintenance!”, by Andrew Russell and Lee Vinsel. The article began with the current state of infrastructure in the United States, citing a wide variety of public transit, roads, bridges, airports and sewers all of which the authors described as being in “decrepit condition.”

Yet the authors did not focus on the lack of Presidential or Congressional action to fund such projects as the issue. They focused on “a deeper problem, one that is too seldom discussed: Americans have an impoverished and immature conception of technology, one that fetishizes innovation as a kind of art and demeans upkeep as mere drudgery. When Americans talk about technology, they often use “innovation” as a shorthand. But “innovation” refers only to the very early phases of technological development and use. It also tends to narrow the scope of technology to digital gadgets of recent vintage: iPhones, social media apps and so on. A more expansive conception of technology would take into account the diverse array of tools, including subways and trains, that we humans use to help us reach our goals.”

The authors go on to point out that there is a large financial benefit to the maintenance profession as “corporations like General Electric and Boeing make heavy investments in tools and procedures for predictive maintenance, since their success depends on the reliability of their products and the existence of orderly routines to follow when things break down. Even in the digital industries, where the gospel of innovation is sacrosanct, the kings of “disruption” — Netflix, Amazon — keep their customers happy only through reliable and well-maintained data and distribution networks.”

All of this is significant to the compliance practitioner. One of the areas of inquiry in the Department of Justice’s (DOJ’s) Evaluation of Corporate Compliance Programs (Evaluation) is Continuous Improvement, Period Testing and Review. The Evaluation asked whether or not the company had taken the information obtained through auditing, monitoring and testing and used it to update the compliance program going forward.

One way to consider using the information you obtain to engage in continuous improvement is to use some of the concepts laid out in an eBook, entitled “Planning for Big Data – A CIO’s Handbook to the Changing Data Landscape”, by the O’Reilly Radar Team, with a chapter by Alistair Croll, entitled “The Feedback Economy”, which I have adapted for the compliance practitioner.

It is based on the concept that information itself is not the greatest advantage but using that information to prevent, detect and remediate is. Croll draws on military theory to illustrate his concept of a feedback loop. It is the OODA loop, which stands for observe, orient, decide and act. The success of OODA is in large part “the fact it’s a loop” so that the results of “earlier actions feedback into later, hopefully wiser, ones.” For the Chief Compliance Officer (CCO) or compliance practitioner this means that if your compliance program is able to collect and analyze information better and you can act on that information faster; you can then use it maintain your compliance program.

The first step is data collection about your compliance program. Once the data comes in it must be ingested and cleaned. If it comes into your organization in an unstructured format, you will need to cut it up and put into the correct database format for use. A key insight from Croll is the issue of platforms, which are the frameworks used to crunch large amounts of data more quickly. His key insight is to break up the data “into chunks that can be analyzed in parallel” so the data can be considered and acted upon more quickly. Another technique he considers is “to build a pipeline of processing steps, each optimized for a particular task.”

Another important component is machine learning and its importance in the data supply chain. Croll observes, “we’re trying to find signal within the noise, to discern patterns. Humans can’t find signal well by themselves. Just as astronomers use algorithms to scan the night’s sky for signals, then verify any promising anomalies themselves, so too can data analysts use machines to find interesting dimensions, groupings or patterns within the data. Machines can work at a lower signal-to-noise ratio than people.”

Yet Croll correctly notes that as important as machine learning is in big data collection and analysis, there is “no substitute for human eyes and ears.” Yet for many CCOs or compliance practitioners, displaying the data is most difficult because it is not generally in a readable form. To say lawyers are not as proficient as other corporate types in excel or similar tools would be to state the obvious, yet that is about as sophisticated as many practitioners can get. It is important to portray the data in more visual style to help convey the “dozens of independent data sources” into navigable 3D environments.

Of course, having all this data is of zero use unless you act on it. This is a key insight from the Evaluation; that you must use the data to maintain your compliance program. But it does take a shift in compliance thinking to use such data. Once again lawyers are particularly ill suited to consider such information for reasons as diverse as training and temperament. This is but another reason why compliance has evolved to Compliance 2.0, Compliance 3.0 and beyond. Big data allows you to make a quicker assessment of the impact of measured risks. It advocates “fast, iterative learning.”

Croll ends his chapter by noting that the “big data supply chain is the organizational OODA loop.” But unlike the OODA loop, it is more than simply about the loop and plugging information as you move through it. He believes “big data is mostly about feedback”; that is, obtaining the impact of the risks you have accepted. For this to work in compliance, a company’s compliance discipline needs to both understand and “choose a course of action based upon the results, then observe what happens and use that information to collect new data or analyze things in a different way. It’s a process of continuous optimization”.

As you work to operationalize your compliance program, use the Evaluation to begin to ask questions. Then layer over the concept of maintenance as not only prolonging the lifecycle of your compliance program but making it more robust and effective. In the case of Froome, this type of approach has led to the rarified air of four Yellow Jerseys. As Russell and Vinsel noted in their NYT piece, maintenance can be the key to a successful infrastructure program. Finally, never forget that compliance is a part of the infrastructure of your organization and it must be properly maintained.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017

This week, Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories, including:

  1. Will Canada approve DPAs for use in anti-corruption prosecutions? TI-Canada recommends they come into use. See article in Corporate Compliance by clicking here. Also see interview with RCMP Superintendent Denis Desnoyers in GIR.
  2. Midyear FCPA enforcement report by Stanford Law Journal. See article in WSJ.
  3. The first half of 2017 has brought the final resolutions of only two FCPA matters from the new administration, but they were both declinations. Both declinations have significantly strengthened the FCPA Pilot Program as a clear path forward for every company that finds itself in FCPA hot water. See Tom’s article in Compliance Week.
  4. Are Mexican anti-corruption efforts moving forward or not. See pro see article entitled, New Mexican Anti-Corruption Law Enters into Force Global Compliance News. For con see article by Juan Montes Mexican Antigraft Efforts Falter, in WSJ.
  5. With the departure of Walter Shaub from the US Office of Governmental Ethics and Hui Chen as the Compliance Counsel, who will lead the US ethics and compliance efforts. See Jaclyn Jaeger’s article in the Compliance Week.
  6. Everything Compliance-Episode 14 is out. Topics include Walter Shaub’s departure from OGE and does it even matter? Jesse Eisinger’s book The Chickenshit Club; the SFO, UK Bribery Act and the Rolls-Royce enforcement action; differences in DPA practice in the US & UK; Trump Administration & FCPA enforcement; EU’s GDPR; and Hui Chen’s departure from Justice Department; both her public rebuke of Trump, and the substance of how she believes her guidance has been mis-interpreted. Episode 15 will go up on July 27.
  7. Former Haitian Telco exec pleads guilty, Dick Cassin reports in the FCPA Blog. Dmitrij Harder jailed five years for FCPA offenses. See article by Dick Cassin the FCPA Blog.
  8. The twins are back home from summer camp. What does it mean for the Rosen household?
  9. Jay previews his weekend report.

Show Notes for Everything Compliance-Episode 14

Topics from Matt:

  1. Trump Administration & FCPA enforcement— we have two declinations now; maybe a compare-and-contrast, and speculation on what a tough Trump Admin enforcement WOULD look like;
  2. EU’s GDPR— Do EU regulators really know what they want to do with enforcement of this law; although if they follow the lead of the anti-competition people whacking Google, it could be a big deal;
  3. Hui Chen’s departure from Justice Department; both her public rebuke of Trump, and the substance of how she believes her guidance has been mis-interpreted; and
  4. Ethical leadership and the lack thereof; the menace of abusing perks and privilege, connecting my posts about Uber’s leaders and Chris Christie vacationing on a closed beach.

Topics from Jay:

  1. How do the Campaign Finance Laws mirror/or differ from the FCPA?
  2. Will the Russian Collusion Investigation reveal the ultimate FCPA violation?
  3. Regarding Walter Shaub’s departure from Office of Governmental Ethics (OGE), does it matter? What is OGE supposed to do and why did it work for the past 40+ years, but fell on deaf ears with the Trump administration?
  4. Dovetailing with Matt’s question about a slow H1 for FCPA enforcement and in light of the just released Gibson Dunn FCPA Mid-Year Report, does the current climate (and lack of vigorous enforcement) provide a perfect storm for companies to look the other way if they fall off the E&C wagon, or do we think that companies are still being vigilant in spite of a perception of decreased enforcement?

Rants follow this week’s episode.