TrainingI am pleased to announce the initiation of my FCPA Master Class training sessions. I will put on a two-day Foreign Corrupt Practices Act (FCPA) training class, which will be unlike any other class currently being offered. The focus of the FCPA Master Class will be on the doing of compliance. For it is only in the doing of compliance that companies have a real chance of avoiding FCPA liability.

The FCPA Master Class will provide a unique opportunity for any level of FCPA compliance practitioner, from the seasoned Chief Compliance Officer (CCO) to the practitioner who is new to the compliance profession. If you are looking for a training class to turbocharge your knowledge on the nuts and bolts of a FCPA compliance program going forward, this is the class for you to attend.

As one of the leading commentators in the FCPA compliance space for several years, I will bring a unique insight of what many companies have done right and many have done not so well over the years. This professional experience has enabled me to put together a unique educational opportunity for any person interested in FCPA compliance. Simply stated, there is no other FCPA training on the market quite like it. Armed with this information, at the conclusion of the FCPA Master Class, you will be able to implement or enhance your compliance program, with many ideas at little or no cost.

The FCPA Master Class will move from the theory of the FCPA into the doing of compliance and how you must document this work to create a best practices compliance program. Using the Ten Hallmarks of an Effective Compliance as a guide, you will learn the intricacies of risk assessments; what should be included in your policies and procedures; the five-step life cycle of third party risk evaluation and management; tone throughout your organization; training and using other corporate functions to facilitate cost-effective compliance programs.

Highlights of the will include:

  • Understanding the underlying legal basis for the law, what is required for a violation and how that information should be baked into your compliance program;
  • What are the best practices of an effective compliance program;
  • Why internal controls are the compliance practitioners best friend;
  • How you can use transaction monitoring to not only make your compliance program more robust but as a self-funding mechanism;
  • Your ethical requirements as a compliance practitioner;
  • How to document what you have accomplished;
  • Risk assessments – what they are and how you can perform one each year.

You will be able to walk away from the FCPA Master Class with a clear understanding of what the FCPA is and what it requires; an overview of international corruption initiatives and how they all relate to FCPA compliance; how to deal with third parties, from initial introduction through contracting and managing the relationship, what should be included in your gifts, travel, entertainment and hospitality policies; the conundrum of facilitation payments; charitable donations and political contributions, and trends in compliance. You will also learn about the importance of internal controls and how to meet the strict liability burden present around this requirement of FCPA compliance.

The FCPA Master Class will be based around my book, Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program, which focuses on the creation, implementation and enhancement of a best practices compliance program. Each participant will receive a copy of my book, as well as all training materials to keep and use for reference purposes going forward.

The first FCPA Master Class will be held in Houston, TX on September 10 and 11 at the offices of Merrill Brink International, 315 Capitol St #210, Houston, TX 77002. A Certificate of Completion will be provided to all who attend in addition to the continuing education credits that each state approves. The cost to attend is $1,195 per person. Group pricing is available. Breakfast, lunch and refreshments will be provided both days. For more information or a copy of the agenda, contact Tom Fox via email at or telephone at 1-832-744-0264. Additional information and registration details are available on my website, Advanced Compliance Solutions.

There will be additional FCPA Master Class training sessions at other locations across the US later this year. I hope that you can join me for one of them.







To find out what type of student you are, please take this Quiz by clicking here.

Chris BauerEd. Note-today we have a guest post from noted ethics and compliance expert, as well as steel guitar player, Chris Bauer.

Okay, you know that you need to have effective compliance training but do you really know what will actually make it effective? The reality is that far too many compliance training program fail on multiple counts. With compliance as critical as it is, that is unacceptable. Thankfully, there are a few areas which, if attended to well, can correct many of the most-frequently seen problems with the development and execution of these programs.

Here are five of the areas I see getting missed time after time in compliance training programs.

Do you actually have a solid, working definition of what compliance is? I see ethics, compliance, and accountability as being ‘cross-defined’ all the time. Do they inter-relate? Absolutely and it’s even a great idea to inter-relate them in your training. However, until you are clear about what you mean by all three of those terms, your training will leave employees confused and confusion is never good for compliance training…

To Do – Find or create definitions for all three of these terms that are clear, concise and, above all, practical. The moment these terms become hazy or academic you have already lost too many of your employees’ ability to build your ideas into their minute-to-minute, day-to-day practices. Also, be sure to use language that fits the culture of your organization. Just because something sounds good in another organization – or another part of your organization – doesn’t mean that it will work for anyone, let alone everyone, in every corner of your company. This is one of the many reasons that ‘one size fits all’ training is rarely effective. Different parts of your organization are likely to need things said and demonstrated in different ways. You have the choice; you can whine about the inconvenience of that or go about creating a great compliance training program.

Is your training practical? An awful lot of compliance training is little more than a coma-inducing parade of Powerpoint slides with the rules, regulations, and, perhaps, a few key updates. Is that information critical? Perhaps so. However, for starters be sure that the information really is critical before overwhelming employees with so much information that they can’t actually retain it.

To Do – Always build in opportunities for employees to ask how your training really applies to what they do on the job. If they can’t fully see the behaviors in which they are and are not to engage – or if they don’t believe those behaviors are possible in their circumstances – your training has missed the mark. Also, remember that employees are unlikely to tell you spontaneously that they don’t think they can do what you’re asking of them. Be active in seeking out feedback on not only their level of understanding of the material but, as importantly, their confidence that they can do what you’re asking of them. If they don’t think they can do it, it is your job to help them figure out how to deal with any roadblocks – real or perceived – they might see.

Are you simply transferring information or are you providing employees with solid ideas and tools to put the rules and regulations into practice? If you want a culture where compliance is topmost in your employees’ minds, they had better be able to first mentally retain and then apply the mandated rules and regulations. If you aren’t helping them apply what you’re telling them, it will have been an entirely academic exercise.

To Do – Here again, everything you train on needs to have clear, ‘do-able’ behaviors attached. Employees have to know exactly what they need to be doing to bring your compliance program to life. It’s not enough for you to believe that they ought to be able to figure it out; they really need to know and they need to hear it from you. (Mind you, they may also have ideas you haven’t thought of yet. Great! Just don’t pretend it isn’t your job to help them figure it out.)

Are you creating information overload? True, there’s a lot out there that your employees will need to know about compliance. However, are you giving so much in each sitting that it simply can’t be retained? Again, if they can’t retain the information – or, at least, find it easily – they certainly can’t put it into practice. Consider providing training in smaller, on-going chunks. Less time-efficient? Maybe. However, that will more than pay off in having your employees actually recall and apply what they’ve been trained on.

To Do – Remember that smaller chunks of information ‘stick’ better. Further, information that clearly has practical applications does the same. Work to avoid simply smothering employees with regulatory and oversight information. Make it real for them by providing it in digestible, easily recalled, practical chunks. Here again, whine if you like about this being inconvenient but the facts remain; you need to attend to this if you really want your compliance training to be effective.

Are you making compliance a tool for your employees’ personal success? I see a lot of organizations doing a fine job of conveying to employees how their bottom line can be wildly, adversely affected by compliance problems. However, they fail to show employees how compliance is important to them personally. Sure, we all want our employees to put our organization first but, really, is that realistic? If your goal is to motivate employees to attend to compliance – and that had better be one of your goals – you’ll get far more bang for your buck if you can help them see how their lives and careers will be easier/better if they keep their mind on compliance.

To Do – Without your employees, your organization would quite literally be nothing. They are already contributing all day, every day, to the success of your organization. Make compliance training – along with every other training your provide – a tool that they can use for their personal success as well. Maybe that success has to do with advancement, maybe it has to do with some kind of incentive. At the rock bottom, it has to do with them keeping their job. The point is that there will always be ways you can think of to help them see that a focus on compliance is as much for their personal benefit as the company’s. Do your homework and figure out what those motivations are for your employees. It will not only make your training a whole lot more effective, it’s a nice thing to help your employees be successful, yes?

It is all-too-easy to overlook all five of the above requirements for effective compliance training. In fact, by ignoring them, it will be far easier for you to create your training program; just throw a bunch of regulatory requirements onto a Powerpoint presentation or webinar and slam through it for as long as it takes. You will, in fact, be telling your employees what they are required to hear. If, however, your goal is to not sabotage your training and actually get employees to take action and create a culture where compliance is top-of-mind, ignore any of the above five concerns at your own risk.

Christopher Bauer is an expert on creating cultures of ethics, compliance, and accountability. Information on his programs as well as his Trust Foundry blog can be found at Information specific to his programs on professional ethics can be found at In addition to speaking, training, and consulting on creating cultures ethics, compliance, and accountability, he publishes a Weekly Ethics Thought seen by thousands or readers worldwide. Free subscriptions are available by visiting either of his websites.

Tales from the CryptNote-I asked the Two Tough Cookies if they could put together a series of blog posts wrapping up the lessons they have seen and learned and written about in their series of Tales from the Crypt. They graciously put together a series of posts on the seven elements of an effective compliance program from their 10 tales of Business Conduct. Today, Part II of a Three Part Series…

3. Exercise Due Diligence to Avoid Delegation of Authority to Unethical Individuals

This one is tough, especially in global organizations. In many countries, you simply cannot run a background check, as criminal records are not public. In others, you can run them, but the criminal offense must be related to the job to exclude the candidate from being hired.   In yet others, you can run them, but you can’t use them due to overly strict privacy rules. Then there’s the matter of cost relating to doing all this due diligence. The best thing you can do is determine the following:

  • First, is your business subject to a potential FCPA violation? If you are not “at risk” of public corruption because you are not engaging at any level with foreign government officials, then half the battle is won. Of course, you still run the risk of commercial corruption (bribes, kick backs, etc. with trading partners), but at least the spectre of government sanctions is not looming so large over you.
  • If you are “at risk” of an FCPA violation (you have interaction with govt. officials, including customs) have you developed a robust due diligence program, based on some corruption index to determine the level of due diligence required for your staff, your trading partners?
  • Have you identified your red flags thoroughly to spot anomalies in your business that would signal a deeper view is recommended?
  • Do you have staff to conduct the due diligence, or a vendor to do it on your behalf?
  • Are background checks run on everyone, or just certain individuals, or certain risk areas?
  • Have you taken a hard look at your gift policies to determine whether or not there are glaring holes that could give rise to inappropriate influence in business dealings?
  • Have you taken cultural considerations under advisement in your gift policies? Are they more stringent, or lax, compared to the US? Are the gift policies in Russia different than the gift policies in the US, because someone convinced someone else that you just can’t get things done without greasing a palm here or there?
  • Do you have a formal committee reviewing all charitable contributions, or, are ‘charitable contributions” acceptable as “facilitation” to get non-discretionary government functions moving along? Does your organization allow “facilitation payments” – if so, you better take a second, third, fourth look….

The point I’d like to emphasize here is that even companies that make it on the “World’s Most Ethical Companies” list also make it to the DOJ’s investigation list for foreign corruption, or violation of embargoes, sanctions, and the like. People interpret rules when the rules change, depending on the country. People then make mistakes in favor of what makes business sense to them, in their country, in their environment. You just have to make sure you’ve done what’s reasonable to prevent those mistakes.

  1. Communicate and Educate Employees on Compliance and Ethics Programs

Here’s where the tone from the top, middle and bottom are key to your culture. This is probably the most important thing you want to measure. I am fond of saying 90% of a good ethics & compliance program is communication, and 10% is actions/deeds. While deeds do speak louder than words, it’s the communications – what you say, how you say it, what you mean by it, your intent – that frames up the actions of others.     So you want to measure

  • Are the messages the same, the deeper you get into the organization? Is the understanding of the messages cascading from above the same the further down you go? Easy enough to measure with post-learning survey tools. Give all top, middle, and lower management the same “meeting in a box” and see if the understanding after delivery is the same. Reminds me of that campfire game, where the story starts at one end of the circle, and is completely different by the time the last person hears the tale. Your objective, of course, is to ensure that every person in the corporate audience hears the same message, and has the same take-aways, no matter who is telling the tale.
  • What kind of audience do you have? Does everyone have access to a computer, or do you have the challenge of manufacturing workers, with multiple languages and facilities to manage, and no technical means of reaching them? Have you done what’s necessary to ensure your training and communications mechanisms address every type of audience, or are pockets left out of the mix?
  • What learning aids do you have to help with understanding the code of conduct? Are the examples you use for harassment appropriate for your audience? Do you have a team of global reviewers who will not only preview your training, but offer suggestions on how to localize it to make it appropriate, meaningful and relevant to the teams they serve? If so, do they look at all communications pieces, or only certain ones? If only certain ones, which ones? And why?
  • Are there any leaders who go above and beyond when you launch your annual or quarterly training? I had an Asian business President who made sure he took the course the first day it was launched, and then sent a message to his leadership team about what he learned from the course, and what he wanted them to take away to their teams after they took the course. All of his team had the course done within the first month. I wanted to clone the guy, I swear!

I’m also reminded of mandatory harassment training I gave in Brazil one year. I relied upon the canned on-line training to help with my meeting amongst management, who all spoke English well. I was planning on asking them to cascade the messages to their teams while I was there, but they pointed out that the training was a farce. Women, they told me, wanted wolf calls lobbed in their direction in Brazil – it was not only culturally acceptable, but encouraged. This was substantiated by the several women in the room. Check. Fortunately, I had other examples at the ready to use for a facilitated session, which I vetted with the women on the team prior to delivery. Lesson learned? Make sure your ethics & compliance steering committee has global membership, and are willing to preview your training and communications prior to launch to ensure cultural relevance. If you don’t do this, your ethics & compliance program will be perceived as a joke. Not a desirable outcome, I would say….

  1. Monitor and Audit Compliance and Ethics Programs for Effectiveness

So, how do you measure a non-event? I often ponder…. The challenge in highly ethical organizations is that you have, at first blush, very little to measure. If everyone’s doing a good job, how do you measure effectiveness. Is it because you have a great program that you have absolutely no calls on the hotline? Or is it that everyone is trembling in fear of retaliation the reason for no calls to the hotline? Hmmm.

Some of the things you can measure include

  • Indicators and ‘yardsticks’ – do you crawl, walk, or run to goals?
  • Do you seek periodic stakeholder feedback (including E&C council input)
  • What kind of documentation do you collect – trend analyses of HelpLine metrics, feedback on program enhancements as they are implemented, feedback on training and communications
  • Do you routinely conduct a “Lessons Learned” exercise after substantiated hotline calls?
  • Does your HR team engage in site assessments when a location, facility, or team seems to have a lot of issues that arise from a single manager or set of team leaders?
  • How often are your Code, policies, procedures updated and reviewed?   Are they tested for readability and understanding? Are they just published, or is training introduced for new policies as they are issued?
  • Do you conduct risk assessments and/or change training or communications based on perceived risk areas?
  1. Ensure Consistent Enforcement and Discipline of Violations

Does your organization allow for mistakes? Many will say they do, but when the rubber meets the road, you will find that they can be unforgiving for some transgressions, and unbelievably forgiving for others…. You will want to measure

  • Whether or not there appears to be wiggle room when folks stray. Deeds in this aspect do speak louder than words.
  • Are roles and responsibilities clearly defined, with escalation clauses when things go wrong?
  • Does your organization communicate when things go wrong as well as when things go right? I know one organization that struggled mightily when I suggested we let everyone know what actions we took for certain code violations. The attorneys were all worried that someone would sue, of course, but in the end, integrity prevailed. We were able to sanitize the situations in such a way to communicate what had been done, and what discipline was taken, without anyone learning personal details. Importantly, it drew a virtual line in the sand by publicizing transgression and discipline, so that people knew boundaries. Of course, this was after years of me observing that discipline seemed to be discretionary within the organization, and as a result, trust in management “doing right” was eroding significantly. It didn’t hurt that my observations were followed by multiple hotline calls saying the same thing… but it should never get to that point, should it?

Also measure whether or not policies and communications:

  • Encourage reporting
  • Identify resources to raise concerns
  • Prohibit retaliation for good faith concerns
  • Identifies management as the primary resource for issues or concerns
  • The average timeline to resolve complaints
  • Whether or not you benchmark reports that express fear of retaliation or unwillingness to consult with management first. This is tough to do, unless you build it in to your hotline reporting mechanism as a “customer service” function at the end of every call or report, actively soliciting this very feedback when a report is made.
  1. Respond Appropriately to Incidents and Take Steps to Prevent Future Incidents

So, you are at the point where you have confidence you have the right policies and procedures in place to keep yourselves honest. But in case someone didn’t get the memo of “expected behavior” you have to make sure you respond appropriately, and take steps to avoid future missteps. One organization I worked at realized the culture of an acquired subsidiary was so awful that it opted to sell it off rather than try to fix it. They had other issues in the larger organization, but they knew a bad deal when they saw it, and took steps to rid themselves of an untenable position. Another organization I worked at kept throwing money at a subsidiary, when it probably would have been better to toss in the towel. Different organization, different results, neither perfect, but it fit them as they saw things.

When gauging the culture of your organization, some things you want to look at are the rewards and sanctions for behavior:

Positive rewards:

  • Retention of employment
  • Recognition
  • Appreciation
  • Commendation
  • Monetary or stock reward

Negative sanctions:

  • Termination or Suspension
  • Demotion
  • Probation
  • Appraisal comments/warnings
  • Reduction in compensation or bonus

You also want to measure your Performance Appraisal Systems, and look to see whether or not they include sections on:

  • Demonstrated Ethics and values in workplace conduct
  • Good communication skills
  • Building trust with stakeholders
  • Being fair or equitable
  • Maintaining a high level of quality or integrity in decision-making
  • Reporting Concerns
  • Empowering subordinates to reporting concerns
  • Training and development initiatives for the team

Tomorrow the Two Tough Cookies sum it all up…

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The authors, their affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Authors give their permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the authors.


Naval AcademyMonday is Memorial Day and is the day wherein the men and women who died while serving in the United States Armed Forces are remembered. The holiday is celebrated every year on the final Monday of May. The first recorded Memorial was held on May 1, 1865 in Charleston, South Carolina to commemorate the soldiers who died in the Civil War. By the 20th century, Memorial Day had been extended to honor all Americans who have died while in the military service.

I thought about Memorial Day when I toured the US Naval Academy this week. This is also Commissioning Week for graduating seniors who will become officers in the Navy or Marine Corps this coming Saturday. One of the buildings that I toured was the US Naval Academy Museum. The mission of the Naval Academy Museum is to collect, preserve, and exhibit the artifacts and art that are the physical heritage of the US Navy and the Naval Academy in order to instill in Midshipmen a knowledge of the history and heritage of the Navy and the Naval Academy and to supplement the instruction of all academic departments of the Academy, as well as to demonstrate to the public the contributions of Academy graduates to the military services and to the Nation. And to motivate in young people a desire to become part of the Brigade of Midshipmen and to begin a career of service to their Nation.

The Museum is many ways a teaching museum. One of the courses taught directly in classrooms in the building is on leadership. Of course, the curriculum teaches the overriding theme of the Naval Academy, which is Duty Honor Loyalty, but it goes beyond this to a moral and ethical dimension to its leadership classes. The firm belief at the Academy is that leadership can be taught through the modeling from prior leaders.

I thought about this concept of modeling leadership in the context of compliance. One area that is not focused on too often in company-sponsored training is that of leadership. Moreover, while many business leaders receive substantial training on the technical aspects of doing business, they rarely receive training or are even assessed on leadership attributes to do business ethically and in compliance with laws such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. It occurred to me that if the US Naval Academy can teach leadership, this is something that US businesses could also teach.

While you are pondering this question, I hope that you might think about all the men and women who have gave their lives so that we might live in freedom and are honored this and every Memorial Day. While in Annapolis I had another reminder of their sacrifice. While having some lunch at Chick and Ruth’s, the owner came over the PA and asked us all to stand and say The Pledge of Allegiance. He said the reason that he made the request was “because we could stand and say it.” I realized that we are honoring those people who made ultimate sacrifice.

Happy Memorial Day to all but I would ask that you take a moment to thank all those we honor for this holiday and to honor the men and women of the US Naval Academy who will be commissioned this weekend and will serve us all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2014