May the 4th Be Wtih YouMay 4th is universally recognized (at least in the universe I inhabit) as Star Wars Day. According to Wikipedia, “May 4 is called Star Wars Day because of the popularity of a common pun spoken on this day. Since the phrase “May the Force be with you” is a famous quote often spoken in the Star Wars films, fans commonly say “May the fourth be with you” on this day.” Given the rejuvenation of the franchise, in the form of Star Wars VII – The Force Awakens all Star Wars fans have reason to celebrate this May 4th in a manner we have not seen for some time.

The most recent entry into the Star Wars oeuvre revolves around a young girl, Rey, a scavenger who was abandoned as a child on the desert planet Jakku. She is patiently waiting for her family to return. She is completely self-sufficient and does everything for herself, until she is drawn into the intergalactic battle. It turns out The Force is strong in Rey and at the end of the movie she returns Luke Skywalker’s light sabre to him, strong implying that he is her father. Not so has intoned director J.J. Abrams, who has said publicly that Rey’s father did not appear in Episode VII. Rey is also, as my teenaged daughter informed me, “kick-ass”.

So whether you are waiting for the unfurling of the story of Rey and her family, are cheered by the return of a beloved movie franchise from its putrid depths of Episodes 1-3 or just enjoy a kick-ass, rollicking good time; we all have great reason to celebrate this May 4th.

I thought about all this in the context of the report in the Financial Times (FT) by Richard Milne, in an article entitled “Norway’s oil fund to target high executive pay votes”. Both Matt Kelly and I recently wrote about BP and its Board of Directors’ thumb-nose to its shareholders who overwhelmingly voted against a pay raise for BP’s Chief Executive Officer (CEO), Bob Dudley. Dudley effectively received a 20% pay raise in spite of a company wide ban on salary raises during the economic downturn in the energy sector. As Houston Chronicle business columnist Chris Tomlinson wrote, in a piece entitled “Times tough at BP, so chief executive gets raise, this raise was “in compensation for managing the company through a dramatic drop in share price, for laying off thousands of employees and endangering the company’s dividend.”

Tomlinson nailed it when he asked who does the Board represent, management or the shareholders? Now imagine a Board who is cozy with management and is made aware of a potential Foreign Corrupt Practice Act (FCPA) violation. If that Board has not shown the independence to even objectively evaluate the CEO’s performance in conjunction with compensation, what would give shareholders any comfort they would objectively investigate and evaluate such conduct? After all, any fine and penalty levied for a corporate FCPA violation will, at the end of the day, be borne by the shareholders to pay, not the culpable executives.

Moreover, how will such a Board attitude play out under the strictures of the Yates Memo and Department of Justice (DOJ) Pilot Program for enhanced credit for self-disclosure, investigating and remediation? One might hope that with criminal penalties hanging over their collective heads, Boards of Directors would follow their legal obligations and investigate thoroughly but if the Board is there to simply perform lip service to top management who knows?

This Board attitude also impacts employees in the trenches as well. While Tomlinson asks the basic question “Ask BP employees laid off in Houston if they got a big bonus and a doubling of retirement benefits”? I think the implication for a company’s FCPA compliance program may be equally troubling. I have often used the anecdote about the employee who is more worried about making his quarterly numbers than he is in following the Code of Conduct to make a sale.

Kelly looked at it from several angles in his article entitled “How BP’s Board Undermines Its Drive for Compliance”. I was particularly intrigued by his analysis through the prism of the COSO 2013 Framework. Kelly wrote, “Remember that one main message from regulators this year has been the board’s responsibility for corporate governance and ensuring that a “culture of compliance” exists at the business. The compliance officer plays a crucial role in supporting that culture, and in facilitating conversations among other parts of the enterprise so that culture thrives – but the board is the group with ultimate responsibility for putting the right elements in place.

If those elements sound familiar, that’s because they are all the same principles that go into the control environment of COSO’s framework for internal control. And that’s the key point here: a strong culture of compliance is a strong control environment. They are the same thing. Like any environment or any culture, they surround all the specific actions that transpire at your company every day. If they are rotten, all those actions become less effective.”

That is why I was absorbed when I read in Milne’s FT piece, “The world’s biggest sovereign wealth fund is launching a crackdown on executive pay, targeting high salaries at companies around the globe in an attempt to exert its influence in a debate that has been gathering pace in recent months.” As Yngve Slyngstad, chief executive of the fund, told the FT, “We have so far looked at this in a way that has focused on pay structures rather than pay levels. We think, due to the way the issue of executive remuneration has developed, that we will have to look at what an appropriate level of executive remuneration is as well.”

Excessive executive pay is certainly an issue that resonates across the globe. However now this issue has been tied to corporate governance. For if a Board of Directors, who are (in theory) in place to protect the interests of shareholders abdicates that duty to not only enrich but to protect executives, is there really any certainty that the Board will fulfill its other corporate governance duties?

One way to effect change is through enhanced regulation. Yet another effective manner is through the market. If there are large investors who believe that good corporate governance is a good business practice, this will lead the march towards more robust oversight of corporate conduct. Mike Volkov has said that he believes the increase in anti-corruption compliance programs has been one of the most significant developments in corporate governance. With the entry of the Norwegian wealth fund into a more forceful role in the corporate governance of the entities which it holds interests, how long might it be before they begin to consider compliance related issues?

With the release of Star Wars VII – The Force Awakens the Star Wars universe rejoiced. This move by the Norwegian sovereign wealth fund may equally portend a positive movement towards not only a cap on excessive executive pay but also a more rounded approach to seeing companies engage in good corporate governance.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Big Data 3Today I continue my exploration of big data in a best practices Foreign Corrupt Practices Act (FCPA) compliance program. Yesterday, I considered how you might use big data in a best practices compliance program. Today I want to explore how visualization of data can assist you in a wide variety of ways in both the detect and prevent prongs of your compliance program. The topic of this series of blogs is based upon an eBook, entitled “Planning for Big Data – A CIO’s Handbook to the Changing Data Landscape, by the O’Reilly Radar Team, with a series of authors each contributing a chapter. Today I will focus on a chapter by Julie Steele, entitled “A Picture is Worth a 1000 Rows”.

 Joe Oringel, co-founder of Visual Risk IQ, is often heard saying, there is a reason his company is named Visual Risk IQ. It is because his company specializes in visualizing the results of the transactions they monitor or analyze. Steele asks “How are you going to make sense of all that information efficiently so you can make a good decision?” She believes “Data Visualization is an important answer to that question.” Put another way, visualization allows you to see the data.

Recognizing that not all visualizations are helpful, Steele writes, “The best data visualizations are ones that expose something new about the underlying patterns and relationships contained within the data. Understanding those relationships – and so being able to observe them – is key to good decision-making. The Periodic Table is a classic testament to the potential of visualization to reveal hidden relationships in even small data sets. One look at the table, and chemists and middle school students alike grasp the way atoms arrange themselves in groups: alkali metals, noble gasses, halogens.” All of this means “If visualization done right can reveal so much in even a small data set like this, imagine what it can reveal within terabytes or petabytes of information.”

Steele says there an “important distinction lies between visualization for exploring and visualization for explaining.” She explains that while visualization for exploring can be imprecise, it is “useful when you’re not exactly sure what the data has to tell you, and you’re trying to get a sense of the relationships and patterns contained within it for the first time. It may take a while to figure out how to approach or clean the data, and which dimensions to include. Therefore, visualization for exploring is best done in such a way that it can be iterated quickly and experimented upon, so that you can find the signal within the noise.” She concludes by noting, “Software and automation are your friends here.”

Steele believes that “Visualization for explaining is best when it is clean.” This is because paring down information to its simplest form, by removing as much noise as is as possible, will allow the “efficiency with which a decision maker can understand” the data. She notes this is the preferred approach “to take once you understand what the data is telling you, and you want to communicate that to someone else.” Moreover, “Visualization for explaining also includes infographics and other categories of hand-drawn or custom made images.”

Incumbent throughout these blogs posts on big data is embedded the concept that the customer base of any company’s compliance function is its employee base. So if you consider that “Many kinds of data visualization, from complex interactive or animated graphs to brightly-colored infographics, can help” to explain to your employee base many of the key issues around compliance. This can allow your employees to better understand your company’s values, the expectations under your Code of Conduct and compliance program and their obligations going forward. It can also be a useful teaching tool to help prevent inadvertent actions that may become more nefarious later. Steele believes that “As Big Data becomes bigger, and more companies deal with complex data sets with dozens of variables, data visualization will become even more important.”

Here is another area where the compliance function can draw upon other talents in a company as Steele suggests you should work with an in-house designer or better yet a team of designers to help you put together visualizations. This is because “Visualization for explaining works best when someone who understands not only the data itself, but also the principles of design and visual communication, tailors the graph or chart to the message.”

Such a designer can work as your translator “Since data visualization is like a foreign language, in the same way, hire an experienced designer for important jobs where precision matters. If you’re making the kinds of decisions in which your customer, product, or profit hangs in the balance, you can’t afford to base those decisions on incomplete or misleading representations of the knowledge your company holds.”

In the concluding chapter in the eBook, entitled “The Future of Big Data”, Edd Dumbill noted, “Visualization fulfills two purposes in a data workflow: explanation and exploration. While business people might think of a visualization as the end result, data scientists also use visualization as a way of looking for questions to ask and discovering new features of a dataset. If becoming a data-driven organization is about fostering a better feel for data among all employees, visualization plays a vital role in delivering data manipulation abilities to those without direct programming or statistical skills.”

The ability to put disparate pieces together in a way that company employees, from top management to the business development person in the AsiaPacific region, understand and see the connections is an important method that should be used by any Chief Compliance Officer (CCO) or compliance practitioner. Consider such analysis as buying patterns of foreign governments in the context of charitable donations. In both the Schering-Plough and Eli Lilly Securities and Exchange Commission (SEC) FCPA enforcement actions, the SEC simply put in a table showing the date of donation to the decision maker’s personal charity and the date of obtaining or retaining business by the company in question. Imagine if the CCO had had that data visually displayed, it might have detected an issue that could have then been prevented before it became a full-blown FCPA violation. It might have led to remediation. It might also lead to additional investigation to see if the charitable donation met the company’s internal requirements or if any exceptions were granted and if so were they properly vetted.

I hope that this series on big data has given you some ideas on what might be available to you, hiding in plain sight, in your own company data.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Big Data 2Today I continue my exploration of big data in a best practices Foreign Corrupt Practices Act (FCPA) compliance program. Yesterday, I considered what big data is and some ways to think about it. Today I want to move into some thoughts on how to use it going forward. The topic of this series of blogs is based upon an eBook, entitled “Planning for Big Data – A CIO’s Handbook to the Changing Data Landscape”, by the O’Reilly Radar Team, with a series of authors each contributing a chapter. Today I will focus on a chapter by Alistair Croll, entitled “The Feedback Economy”.

Croll believes that big data will allow continuous optimization through what he terms the “feedback economy”. This is a step beyond the information economy because you are using the information that you have generated and collected as a source of information to guide you going forward. Information itself is not the greatest advantage but using that information to prevent, detect and remediate in a compliance program is.

Croll draws on military theory to illustrate his concept of a feedback loop. It is the OODA loop, which stands for observe, orient, decide and act. This comes from military strategist John Boyd who realized that combat “consisted of observing your circumstances, orienting yourself to your enemy’s way of thinking and your environment, deciding on a course of action and then acting on it.” Croll believes that the success of OODA is in large part “the fact it’s a loop” so that the results of “earlier actions feedback into later, hopefully wiser, ones.” This should allow combatants to “get inside their opponent’s loop, outsmarting and outmaneuvering them” because the system itself learns. For the Chief Compliance Officer (CCO) or compliance practitioner this means that if your compliance program is able to collect and analyze information better and you can act on that information faster; you can then use it have a more efficient and more robust compliance program.

Croll believes one of the greatest impediments to using this OODA feedback loop is the surplus of noise in our data; that “We need to capture and analyze it well, separating the digital wheat from the digital chaff, identifying meaningful undercurrents while ignoring meaningless flotsam. To do this we need to move to more robust system to put the data into a more usable format.” Croll moves through each of the steps in how a company collects, analyzes and acts on data.

The first step is data collection where the challenge is both the sheer amount of data coming in and its size. Once the data comes in it must be ingested and cleaned. If it comes into your organization in an unstructured format, you will need to cut it up and put into the correct database format for use. Croll touches on the storage component of where you place the data, whether in servers or on the cloud.

A key insight from Croll is the issue of platforms, which are the frameworks used to crunch large amounts of data more quickly. His most important acumen is to break up the data “into chunks that can be analyzed in parallel” so the data can be considered and acted upon more quickly. Another technique he considers is “to build a pipeline of processing steps, each optimized for a particular task.”

Another important component is machine learning and its importance in the data supply chain. Croll observes, “we’re trying to find signal within the noise, to discern patterns. Humans can’t find signal well by themselves. Just as astronomers use algorithms to scan the night’s sky for signals, then verify any promising anomalies themselves, so too can data analysts use machines to find interesting dimensions, groupings or patterns within the data. Machines can work at a lower signal-to-noise ratio than people.”

Yet Croll correctly notes that as important as machine learning is in big data collection and analysis, there is “no substitute for human eyes and ears.” Yet for many CCOs or compliance practitioners, displaying the data is most difficult because it is not generally in a readable form. To say lawyers are not as proficient as other corporate types in excel or similar tools would be to state the obvious, yet that is about as sophisticated as many practitioners can get. It is important to portray the data in more visual style to help convey the “dozens of independent data sources” into navigable 3D environments. As Joe Oringel is want to say, there is a reason his company is named Visual Risk IQ.

Of course having all this data is of zero use unless you act on it. Croll believes that big data can be used in a wide variety of corporate decision making, from “hiring and firing decision, to strategic planning, to market positioning.” I would certainly add compliance programs as well. But it does take a shift in compliance thinking to use such data. Once again lawyers are particularly ill suited to consider such information for reasons as diverse as training and temperament. This is yet another reason why compliance has evolved to Compliance 2.0, Compliance 3.0 and beyond. Big data allows you to make a quicker assessment of the impact of measured risks. It advocates “fast, iterative learning.”

Croll ends his chapter by noting that the “big data supply chain is the organizational OODA loop.” But unlike the OODA loop, it is more than simply about the loop and plugging information as you move through it. He believes “big data is mostly about feedback”; that is, obtaining the impact of the risks you have accepted. For this to work in compliance, a company’s compliance discipline needs to both understand and “choose a course of action based upon the results, then observe what happens and use that information to collect new data or analyze things in a different way. It’s a process of continuous optimization”.

The three prongs of any best practices anti-corruption compliance program are prevent, detect and remedy. Whether you consider the OODA loop or the big data supply chain feedback, this process, coupled with the data that is available to you should facilitate a more agile and directed compliance program. The feedback components in both processes allow you to make adjustments literally on the fly. For the CCO or compliance practitioner reviewing and analyzing disparate pieces of information available to you, could help you to recognize troubling trends that are not yet full FCPA violations and deliver a solution before you have self-disclose in the new age of the Yates Memo and Department of Justice (DOJ) Pilot Program.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2016