qtq80-0i5583When I was in the corporate world, I cannot begin to recall the number of times senior management had an overly optimistic forecast regarding some transaction; whether the transaction was the purchase of a smaller company, a joint venture (JV), teaming agreement or you name the business venture. Unfortunately, such unrealistic forecasting is not simply limited to business ventures as the UK learned in the run up to the Brexit vote and the US learned in the most recent presidential election. Tim Harford, writing in his Undercover economist column in the Financial Times (FT), said “the truth is once Trump secured the nomination, a Trump presidency was always a strong possibility. The betting markets seemed to recognize this, offering odds of three-to-one a week or so before the” election. Of course, three-to-one shots “happen all the time – or at least, about a quarter of the time.”

What I found interesting was three lessons Harford suggested from the wildly inaccurate polling before the US election. Drawing on research by Guy Mayraz from Oxford University’s Experimental Social Science center, the first lesson is the bias towards predicting what they hope will happen. If you want your business to increase, you have to believe your transaction/investment/deal will always make money. After all, have you have ever seen a business plan that was designed to lose money?

The second lesson derived from something called the Good Judgment project and almost sounds like someone channeled their inner Howard Sklar and his maxim of “Water is Wet”. It is that that “self-critical, open-minded forecasters do a better job than narrow-minded overconfident ones.” He goes on to further note that dwelling on our own fallibility is not something people do very well; whether it involves hanging out with our friends or on cable news. The result is that “Confident, eye-catching forecasts are the snack food of analysis”. Unfortunately, this is even more true in the business world.

Finally, forecasters must always remember that more than one outcome is possible. A strong possibility may be a possibility but it is not a certainty. Harford suggests that one way to overcome this bias is to develop alternative scenarios. My 12 O’Clock High podcast host Richard Lummis calls this the “devil’s advocate” role at the business planning table. Harford further formalizes this contra-concept by suggesting every scenario-planner create at least two contradictory alternatives to their rosier, positive scenario.

Harford’s ultimate point is that in any forecast there must be preparedness for contra-events. Elizabeth Holmes, founder of Theranos, famously said that if you have a Plan B as a back-up, you have already lost. I find that to be worse than not helpful in any setting, particularly the business setting. No matter what your forecasting or scenario planning model shows, prepare for other results. For any Board of Directors overseeing a compliance program or managing any type of risk, it all begins by asking questions.

Just as any compliance program begins with your risk assessment so should a Board begin at this point. However, the Board should start by reviewing what process is being used to identify risks, whether those risk be corruption in violation of such law as the Foreign Corrupt Practices Act (FCPA), violation of anti-trust law such as the Sherman Act or any other risk which might arise in a business segment, product line or geographic area. This risk analysis should be broader than simply a legal/compliance risk assessment and should be tied to other matters, such as business continuity planning, crisis response plans and even basic fraud which led to the sales incentive program which recently laid Wells Fargo low.

The key is that Boards of Directors need to use their expertise and ask the right questions. The problem is that many Board members do not know what questions to ask in this area. Some of the following are good areas to begin your inquiry.

  • What is the risk assessment process? When was the last time your risk assessment was performed? Was it enterprise wide or limited in scope?
  • How effective is your overall risk assessment process? Is it stale? Here you are focusing not so much on the recency of your risk assessment but have corporate circumstances changed so that the risks which were previously assessed?
  • Who is involved in the risk assessment process? Was it performed in-house? Did you bring in a regular service provider who may have created the processes which are now being assessed?
  • Does the risk assessment process take into account any new legal or compliance best practices developments? Technology development speeds along for every business. Even the Justice Department recognizes this in every Deferred Prosecution Agreement (DPA) it enters into for FCPA violations by requiring companies to take into account relevant developments in the field and evolving international and industry standards for best practices in compliance.
  • Are there any new operations that pose substantial compliance risks for the company? Where has your company moved geographically or product-wise? Have there been any significant acquisitions or other business developments which have changed thing for the company?
  • Is your company tracking enforcement trends? 2016 has been one of the most significant years in FCPA enforcement but anti-corruption enforcement is only one of the major risk developments which can be derived from reviewing the FCPA enforcement actions. The aforementioned Wells Fargo fraudulent accounts scandal and the ongoing Volkswagen (VW) emissions-testing scandal continue to resonate throughout the business world.
  • Equally important, are any competitors facing enforcement actions? This piece of information has long been a real source of information to Chief Compliance Officers (CCOs) as they have assessed and opened internal investigations based on enforcement actions involving competitors. In a speech at the recent ACI-FCPA Conference, Securities and Exchange Commission (SEC) Director, Division of Enforcement, Andrew Ceresney again said that hedge funds and private equity companies are and will continue to be under SEC scrutiny for FCPA violations around their hiring practices for family members of foreign government officials, as well as other violations of US securities laws. If you are on the Board of such an entity, you might want to ask some very pointed questions about now.
  • Has the company moved into any new markets which impose new or additional risks? This moves beyond the questions I suggested above to consider such things as supply chain and supplier risk. Even a name and shame law like the California Transparency in Supply Chain Act can cause reputational damage. Moreover, even if some types of enforcements lessen under a Trump administration, aggressive states’ Attorney Generals or other state regulators could well pick up the slack.
  • Has the company developed any new product or service lines which change the company’s risk profile? As there will always be some business development along these lines, what changes have increased risk for your business?

For a Board of Directors to be truly effective and informed it must know where the company stands not only at the present moment, but also known that the company has a strategic plan for the management of risk going forward. Arnold & Porter partner Stephen Martin suggests that such knowledge is encapsulated in a 1-3-5-year compliance game plan. I would add that this formulation should be expanded to encapsulate greater risk management. Yet a compliance program must be nimble enough to respond to new information or actions, such as mergers or acquisitions (M&A), divestitures or other external events. If something dramatically changes, you want to get your Board’s attention on the changes which may need to happen with your risk management program. This type of agility is best accomplished by obtaining buy-in from the Board through its understanding of the role of forecasting a compliance program going forward.

Harford ends his piece with this final lesson from the 2016 UK Brexit vote and US election, “uncertainties are not going away, so it’s not too late to learn.” For every Board of Director or CCO, you need to start a forecasting review now to be ready to respond if an incident arises so that it will not become a full legal violation. Better yet, such forecasting could lead you to prevent such conduct before it even arises and needs detection and remediation.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

whos-afraid-of-virginia-woolfEdward Albee died last week. To my mind he was right up there with Arthur Miller and August Wilson as one of America’s greatest playwrights of the second half of the 20th century. His works were known, as noted in his New York Times (NYT) obituary, as “psychologically astute and piercing dramas explored the contentiousness of intimacy, the gap between self-delusion and truth and the roiling desperation beneath the facade of contemporary”. I would simply call them gut-wrenching. After the first time I saw Who’s Afraid of Virginia Woolf I recall leaving the theater feeling as if I had been psychologically worked over with a wet mop. It was certainly the last time I saw one of his works for weekday entertainment, at least seeing one of his play’s on Friday or Saturday night gave me a day to work off the psychic hangover.

I thought Albee and his type of works would make a very good introduction to a multipart series I will be writing about the Wells Fargo cultural miasma which led to the recent $185MM fines levied by Consumer Finance Protection Board (CFPB) ($100 million), the largest in the agency’s short history. Another $85 million was tacked on by paying $35 million to the Office of the Comptroller of the Currency and $50 million to the City and County of Los Angeles. The total fines were assessed based upon the bank’s conduct of opening over 2 million bank and credit card accounts, usually without customers’ knowledge.

The fraud was all domestic so there were no Foreign Corrupt Practices Act (FCPA) violations. However, the actions which led to this record breaking fine, the actions of Wells Fargo during the violations and thereafter may well be one of the best teaching moments for any FCPA compliance practitioner around a variety of issues related to FCPA compliance. Today I want to look at the sales strategy and compensation structure which led to the scandal.

The sales strategy under which Wells Fargo came to such grief is simple and even benign, cross-selling of products. As noted by Rachel Louise Ensign, writing in a Wall Street Journal (WSJ) article entitled “Banks Simple Strategy Gets Tangled”, “the concept sounds simple enough. If a customer has a checking account, why not sell him a mortgage, wealth management services and credit card as well?” She went on to write, “with banks becoming larger over the past two decades, cross-selling has become a mantra.” You can also think of the cross-selling McDonalds engages in every time you buy a Big Mac when the representative asks you “Would you like french fries with that?”

Yet there are other reasons for engaging in this type of business practice. Each and every time a company has a touchpoint, particularly a commercial touchpoint with a business, it strengthens the relationship. According to Gary Silverman, writing in the Financial Times (FT) in an article entitled “John Stumpf, the Labrador of Main Street , Wells Fargo’s Chief Executive Officer (CEO) “Mr Stumpf’s take on traditional Wells teaching was to promote deeper, more frequent contact with the people it serves. “If there’s one word to describe this company, it’s ‘relationship,’” he told the Financial Times in May. “What we’re trying to do is make sure that every team member, in every interaction with a customer, gets it right. If we don’t get it right, we try to make it right, really quickly.””

So what starts off as a legitimate, legal and beneficial business strategy becomes not only high risk but illegal because of the manner in which Wells Fargo administered its approach to cross-selling. As with any sales initiative, if a company wants to push it, it will set up incentives for the sales team to engage in such behavior. This can be done by increasing commissions around the service or product being emphasized, such as the banks products. Ensign noted, “Banks have tried to create incentives for cross-selling.” At some banks, “Branch employees can get bonuses—sometimes 10% or more of their salaries—when they sell additional products.” Companies can also increase sales by making clear that you will be evaluated on how much you sell a product or service. In other words, whether you receive a bonus, pay raise or even keep your job will be evaluated, in some part, on how much you cross-sell.

You can even have a hybrid of the above, which may be the worst of all worlds. At Wells Fargo, employees were evaluated for continuing employment by supervisors on cross-selling. Yet they did not receive the same financial incentives to make such cross-selling. Branch managers and supervisors could receive bonuses of up to $10,000 per month for meeting cross-selling quotas when employees who hit their monthly quotas, received, in addition to continued employment, $25 gift cards.

Last week Richard Bistrong wrote a piece in the FCPA Blog, entitled “Wells Fargo stretch goals brought out the sandbaggers”, in which he discussed stretch incentives as a process that could lend itself to abuse. While there will always be a dynamic tension between operations, in the form of the sales force, to lower sales projections so that goals set can be more easily met (called: sandbagging) and the corporate office, which wants to set higher goals to generate more overall revenue, I do not think that the Wells Fargo matter is one of such sandbagging.

I think the Wells Fargo case is broader with multiple corporate failures. Emily Glazer and Christina Rexrode, in a WSJ article entitled “Wells Boss Says Staff at Fault for Scams”, wrote of one former employee who said, “a former Wells Fargo teller in Pennsylvania, said of responsibility for the sales tactics, “It was all management: their boss, then their boss, then their boss.” Ms. Bhowmick took early retirement from the bank in 2014 at age 58. “They are putting pressure on employees, and it’s sad,” Ms. Bhowmick added. “People need their jobs.”” When you put people’s job on the line, they will usually do whatever it takes to keep it.

The learning point for this blog post is risk assessment and risk management. If you put a selling system in place that says if you do not meet your quotas, you are history; that is the message your employees will take home. It really does not matter what the CEO says the culture is or what he or she aspires it to be. Do I think CEO Stumpf ordered this draconian a system from on high? Not much chance of that as he was quoted, by Glazer and Rexrode, as saying “the bank doesn’t want a dime of income that’s not properly earned.”

This is why a risk assessment must look beyond simply what is being sold to how it is being sold. Tomorrow we will consider the culture of Wells Fargo and how you, as compliance practitioner, might use the bank’s failing to improve your own corporate culture.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

 

 

 

This Week in FCPA-Episode 19, the International Edition

Show Notes for Week ending August 26, 2016

  1. John Kerry: Corruption is ‘root cause’ of terrorism, on FCPA Blog.
  2. Eric Ben-Artzi Op-Ed piece on why he turn down his whistleblower award, as featured in the Financial Times.
  3. Lessons from History-the Tudors on compliance, from the FCPA Compliance Report.
  4. FedEx trial debacle for the DOJ, and Paul Pelletier’s recommendation to fix recent spate of ill-fated and advised DOJ prosecutions, as featured in the FCPA Blog.
  5. Hallmarks 1-5 of the Ten Hallmarks of an Effective Compliance Program, as featured in the FCPA Compliance Report.

Henry VIIII am on assignment in Oxford on a two-week study course, focusing on the Tudors. For the first week we focused on Richard III to the end of Henry VIII’s reign. Although Richard III was not a Tudor, we began with him to study the ‘bad rap’ of negative publicity he received from the Tudor court, specifically Sir Thomas Moore and most particularly Shakespeare’s play, Richard III.

In the career of Henry VIII, we discussed the role of Thomas Cromwell and the series of steps leading up to the split from Rome to obtain his divorce from Catherine of Aragon and his dissolution of the Catholic Church in England to create the Church of England. One of the questions initially posed by our tutor, Janet Dickinson, was whether there was an overarching plan to take these steps or if they were made more on an ad hoc basis in response to events on the ground.

The consensus of our group was the steps taken were in response to the changing and evolving circumstances not only in England but also on the Continent, both in Rome and in the wider sphere of European politics. Initially it appeared the Pope was inclined to grant Henry his annulment but that solution was foreclosed when greater European politics intervened. This intervention was the invasion of Italy by the Spanish King Charles V, who was the nephew of Catherine of Aragon. Charles was disinclined to allow the Pope to grant Henry an annulment of the marriage of his aunt to Henry.

Making Henry the head of the Church of England was only one part of the break from Rome. The second part was the dissolution of the Catholic monasteries and passing of Catholic Church land to the English crown, as head of the Church of England. We may never know who initially came up with these ideas, whether it was Cromwell, another advisor or even if Henry himself came up with some or all of the plans. It does seem relatively clear that Cromwell developed the legal arguments supporting the legal claim for Henry to head up the church in England.

Yet, even at this point there was no clear plan to dissolve the Catholic Church’s property in England to the English crown. This move appears to have come in response to an attempt to clarify religious doctrine after the break with Rome. These widespread popular and clerical uprisings found support among the gentry and even the nobility; all culminating in the Pilgrimage of Grace.

If you are a loyal reader of this blog, you know that I am in the midst of a two-week series on the Ten Hallmarks of an Effective Compliance Program, as it was first laid out in the 2012 FCPA Guidance. I find the series of events I outlined above, from our first week of study of the Tudor period of English history, illustrate a key theme of compliance programs. It is that compliance programs must be flexible and have the ability to evolve. Simply put, it is not in the business interest of US companies (or others subject to the Foreign Corrupt Practices Act (FCPA)) to have a static compliance program. Compliance programs must have the flexibility to respond to a wide variety of factors, including changing market conditions both inside a corporation and on the ground.

Moreover, companies need to have the flexibility to design, create and implement a compliance program that manages the risks they face. As companies mature in their compliance function, they can begin to manage more, additional and further sophisticated risks. For instance, audits of third parties should not begin when your compliance program is made operational. It should wait an appropriate period of time so that you have enough information to review and study.

Additionally chronological developments drive more and greater compliance. Transaction monitoring is one clear area that has achieved significant growth in the past few years alone. If a static approach to compliance had been advocated by the Department of Justice (DOJ) this development might have never occurred.

Finally, the times of Henry VIII informs us that companies need to be ready to respond to events on the ground. Not only must companies have a compliance response to new products or service and entry into new markets; they must respond to new and more sophisticated ways to fund bribery and corruption. The sad fact is that the funding of bribery and corruption occurs from internal funds from a company; whether it is mis-labeling marketing expenses or charitable donations, burying commission payments in unauthorized discounts or making subsidiary financial statements so complicated that home office auditors cannot read them; businesses need to respond to the ever changing landscape. The monies to fund bribes come from the company itself, thus there is always a fraud upon the company by its own employees.

The goal of any best practices compliance program is to prevent, detect and remediate. To achieve this the DOJ and Securities and Exchange Commission (SEC) give companies a wide latitude to achieve these goals. The FCPA Guidance says “each compliance program should be tailored to an organization’s specific needs, risks, and challenges, the information provided below should not be considered a substitute for a company’s own assessment of the corporate compliance program most appropriate for that particular business organization. In the end, if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately.”

I have long been drawn to the lessons of history and what they teach us in the present day in the field of compliance. The reason the events of the 1520s and 1530s can and do resonate today are that they are based on the actions of people. I find these lessons build into how companies should think about compliance in the 21st century.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016