We previously considered how artificial intelligence (AI) can be used as business advantage for compliance. However, the power of AI can also extend the more traditional functions of prevention, detection and remediation. The first way is in simply the mass amount of data which could inundate a compliance practitioner. Many compliance practitioners are overwhelmed about the amount of data available to them and do not know how or even where to begin.

Patrick Taylor, President and CEO of Oversight Systems, Inc. has noted that AI allows the compliance practitioner to understand the “subtle clues in that pattern of activity that will clue me in to take a different look”. He likened to seeing a pattern in “raked leaves” which allows you to then step in and take a deeper and broader look at an issue, either through an audit or investigation.  This is where compliance practitioner can step back and literally keep an eye on the big picture and longer term as opposed to just the immediate numbers and information in front of them. It may also be the best hope for finding that kind of systemic fraudulent behavior.

This speaks to one of the difficult issues for the compliance practitioner, which is what does all the information mean? Consider the example of GlaxoSmithKline (GSK) in China. The Chinese business unit employees were working en masse to create fraudulent reimbursable invoices, inflating the cost of industry events to create a pool of money to pay bribes. They would stage an event around a drug product, or service in a hotel. They would inflate the hotel charge 20% above the actual costs and submit the entire amount to the corporate office for reimbursement. In some cases, GSK employees would submit invoices for events which never took place.

Now layer on top of these deceptions, in China, there is a rampant sale of fake receipts. For every Marriott the Chinese business unit utilized, personnel they could buy an official Marriott receipt, which showed the price that was paid and it was a backup documentation for the auditor to look at on that expense report. Finally, there was the illegal sale of official Chinese government real tax stamps to tier on another level of complexity.

Taylor said that AI would provide you the opportunity to detect even this type of massive and systemic fraud because, statistically those charges would not make sense. Taylor said the reason this type of fraud can be so difficult to detect and prevent is the charges were on credit cards, so recorded and there was paper documentation to back up the charges. Standard modalities of detection will not assist the compliance practitioner. You just know that something does not make sense. AI allows a compliance professional to gather and compute statistics across a wide variety of customers and situations; such as geographic and time dimensions.

Using these two data points, you can analyze what is a reasonable amount to spend at a hotel or other venue. But also includes such variables as the time of year as some cities have tremendous seasonality in their hotel charges. Yet others do not and indeed there may even be zero variability in transportation cost across seasons. AI allows you to pull geographic, time, type of expense and even specific vendors statistics for a big-picture analysis.

In a broader manner, consider all the data points in the lifecycle of any business transaction which produce data analytics for a compliance practitioner. When Business Development (BD) initially makes a call on a potential customer; when a request for proposal (RFP) comes into an organization; when the response is formulated with pricing and proposed discounts; during any subsequent contract negotiations; post-contract obligations for travel and training; and continued business development contacts with a customer.

Each of these steps could provide data, which taken singularly might not raise any red flags or even be outside company specifications, but taken as a whole it might be a transaction which would lend itself to compliance oversight. Starting with the BD representative, what was the spend on gifts, meals and entertainment (GTE)? Even if that information is not available to the compliance department it is available from employee reimbursement requests so it can be used to take an appropriate business deduction from the Internal Revenue Service (IRS). From the Foreign Corrupt Practices Act (FCPA) perspective, is the BD representative entertaining a foreign government official under the Act? If so, what is the aggregate spending by any one such government official over a 12-month period by one BD representative? What is the BD spend on one particular state owned enterprise official by several company BD representatives? Has there been any travel involved to tour company facilities? If so, what was the aggregate spend and was it correlated with other GTE spends?

Moving on to any contract negotiations which might take place, were any discounts offered outside the standard discount range? If so were these discounts properly vetted through the internal company process? Was this process documented and was there senior management sign-off in place? Did the customer suggest the use of any third parties as suppliers to the prime contract? Were there any charitable donations requested by the customer? Were there any charitable donations made during any part of this process or within 12 months after a successful contract negotiation? Was the contract properly vetted by all required internal processes: by management, legal, and compliance?

If the business function was successful in concluding the contract; did it specify any travel for the customer? How about ongoing training and if so where and for how long? Was there a specification of business class or above travel accommodations? Has any required compliance or FCPA training been delivered to third parties involved in the contract? Was there any Corporate Social Responsibility (CSR) requirement going forward? Does compliance have visibility into this or does is go through a company charitable donation group or committee?

These are but some of the data points which could be inputted and analyzed to determine if any compliance issues arose. But they would also provide the company with a wealth of information on its internal efficiencies around sales and their corresponding processes. Obviously, AI holds both promise and challenge for CCOs. However, when a compliance function embraces the use of AI and embraces this human and technological approach for forecasting and risk assessments and then keeps improving their risk management techniques, it will create a sustainable strategic business, compliance and intelligence advantage over its competition.

Three Key Takeaways

  1. Do you know what your information means?.
  2. AI can help both the detect and prevent prongs in a best practices compliance program.
  3. AI can help you to see the patterns in raked leaves.

 

This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights on Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.

Walter Becker died on Sunday. For anyone who went to college during the 1970s, he will be forever known as one-half of the team behind the legendary band Steely Dan. I hesitate to call them a rock band for although they did play some good old rock and roll, their music was much broader than one genre. As much as any “rock” group, they (and a long-lost friend, Bobby Dobbins, who turned me on the Dan) introduced myself and an entire generation (or maybe two) of rock and rollers to jazz.

Iconically, the group was named for a motorized sex toy portrayed by William Burroughs in The Naked Lunch. The group’s star rose and shone most brightly from the early to mid-seventies; in the most formative and influential period of my rock and roll education. From their debut album of Can’t Buy a Thrill (1973) which included the classic guitar song “Reelin’ in the Years” (Skunk Baxter playing the iconic solo) to Pretzel Logic (1974) with “Rikki Don’t Lose that Number” to Katy Lied (1975) with the darkly comic yet icon “Black Friday” to 1976’s Royal Scam with the ultimate druggie tribute, “Kid Charlemagne” (I thought it was about the Elvis movie Kid Galahad – boy was I wrong; it was about the premier LSD concocter of the 60s) to the album which took them into the stratosphere Aja (1977). This final album of the 70s included the title song of the same name, “Peg”, “Deacon Blues” and “Black Cow”. After one more album in 1980, the group broke up for 13 years until a reunion in the 90s.

Steely Dan was legendary for its recording perfectionism, reportedly with up to 60 takes for a song. Unfortunately for me, the group stopped touring in 1974 so I did not see them live until the summer of 2016. Even then, to hear that guitar solo in “Reelin’ In the Years” was worth the price of ticket. As much as I love that song, there is one which is more meaningful to me “Midnight Cruiser” which (I think) is about low riders in Brooklyn and Queens in the 70s. I cannot explain why but the opening line of Felonious my old friend, step on in and let me shake your hand got under my skin the first time I heard it and it still is embedded there today.

Last Friday on September 1, I began a new installment of my year-long podcast series, where each month I focus on a different compliance topic. This month, I am focusing on innovation in compliance. The sponsor of the September installment is Oversight Systems, Inc. and recently I had the chance to visit with company Chief Executive Officer (CEO) and President Patrick Taylor on how Artificial Intelligence (AI) can make your compliance program more efficient. Taylor had one phrase that struck me almost as much as “Midnight Cruiser” got under my skin; it was “finding patterns in raked leaves”.

Taylor noted that AI allows the compliance practitioner to understand the “subtle clues in that pattern of activity that will clue me in to take a different look”. He likened to seeing a pattern in “raked leaves” which allows you to then step in and take a deeper and broader look at an issue, either through an audit or investigation. This is where the compliance practitioner can step back and literally keep an eye on the big picture and longer term as opposed to just the immediate numbers and information in front of them. It may also be the best hope for finding that kind of systemic fraudulent behavior.

This speaks to one of the difficult issues for the compliance practitioner, which is what does all the information mean? Consider the example of GlaxoSmithKline plc (GSK) in China. The Chinese business unit employees were working en masse to create fraudulent reimbursable invoices, inflating the cost of industry events to create a pool of money to pay bribes. They would stage an event around a drug product, or service in a hotel. They would inflate the hotel charge 20% above the actual costs and submit the entire amount to the corporate office for reimbursement. In some cases, GSK employees would submit invoices for events which never took place.

Now layer on top of these deceptions, in China, there is a rampant sale of fake receipts. For every hotel the Chinese business unit utilized, GSK personnel could buy an official receipt, which showed the price that was paid and was provided as backup documentation for the auditor to look at for the expense reports. Finally, there was the illegal sale of official Chinese government real tax stamps to tier on another level of complexity.

Taylor said that AI would provide you the opportunity to detect even this type of massive and systemic fraud because, statistically those charges would not make sense. Taylor said the reason this type of fraud can be so difficult to detect and prevent is the charges were on credit cards, so recorded and there was paper documentation to back up the charges. Standard modalities of detection will not assist the compliance practitioner. You just know that something does not make sense. AI allows a compliance professional to gather and compute statistics across a wide variety of customers and situations; such as geographic and time dimensions.

Using these two data points, you can analyze what is a reasonable amount to spend at a hotel or other venue. But also includes such variables as the time of year as some cities have tremendous seasonality in their hotel charges. Yet others do not and indeed there may even be zero variability in transportation cost across seasons. AI allows you to pull geographic, time, type of expense and even specific vendors statistics for a big-picture analysis.

These are but some of the data points which could be inputted and analyzed to determine if any compliance issues arose. But they would also provide the company with a wealth of information on its internal efficiencies around sales and their corresponding processes. Obviously, AI holds both promise and challenge for Chief Compliance Officers (CCOs). However, when a compliance function embraces the use of AI and embraces this human and technological approach for forecasting and risk assessments and then keeps improving their risk management techniques, it will create a sustainable strategic business, compliance and intelligence advantage over its competition.

I hope you will check out and enjoy this month’s podcast feature of One Month of Innovation in Compliance, sponsored by Oversight Systems, Inc. It posts daily at 10 AM on the FCPA Compliance Report, at noon on iTunes and Libsyn. It also posts on YouTube and JDSupra.

The Compliance Evangelist’s favorite Steely Dan discology:

To listen to a YouTube version of…

Midnight Cruiser, click here.

Reelin’ in the Years, click here.

Rikki Don’t Lose that Number, click here.

Kid Charlemagne, click here.

Black Friday, click here.

Deacon Blues, click here.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

 

 

 

Show Notes for Episode 25, week ending October 7, 2016-the Krakow Edition

  1. Breakdown of GSK Foreign Corrupt Practices Act settlement with SEC and declination from the DOJ, click here for SEC Order and here for commentary in the in the FCPA Compliance and Ethics Blog;
  2. The SCCE 2016 Compliance Effectiveness Survey, click here for the survey;
  3. My interview with Professor Sam Buell on the FCPA Compliance Report,
  4. Wells Fargo clawbacks from CEO John Stumpf and Carrie Toldstet, as reported in the Financial Times and in the New York Times and here for my commentary;
  5. The International Gaming Tech (IGT) SEC penalty, which is the first enforcement action for relational only, as reported in the FCPA Blog; and
  6. Jay previews his Weekend Report.

oscar-meyer-wienerLast week a true American original died when Richard Trentlage passed away. If you do not know his name you certainly know signature contribution to American culture, the Oscar Meyer Weiner Song. Rather amazingly Trentlage wrote the jingle in response to a contest sponsored by the Oscar Meyer Wiener Company for a new theme in 1962 and did so in an hour. According to his  obituary in the New York Times the song “debuted in 1962 a3 and became the company’s signature advertising tune in 21 English speaking countries until 2010.” Moreover the “song became a part of the fabric of American culture, with airings on the children’s television show ‘Captain Kangaroo’, on the cartoon ‘The Jetsons’ and on an episode of the ‘The Simpsons’ in 1990. The song and its writer were true American originals.

Another original was in the news last week when the UK pharmaceutical giant GlaxoSmithKline PLC resolved its outstanding Foreign Corrupt Practices Act (FCPA) issues with its settlement with the Securities and Exchange Commission (SEC) by agreeing to pay $20 million civil penalty when China-based subsidiaries spent millions of dollars on pay-to-prescribe schemes for several years to pump up sales. Even more amazingly the company received a declination from the Department of Justice. I say even more amazingly because at the time of the conduct at issue, GSK was under a Corporate Integrity Agreement, the pharma equivalent of a Deferred Prosecution Agreement. The CIA required GSK not only to obey laws (and to pay bribes) but have a functioning compliance program in place, which the company obviously did not give one whit about, at least in China.

For those who have long forgotten our friends over at GSK (hum the Oscar Meyer Wiener theme now) they were four or five major corruption scandals ago, way back in the summer of 2013 when news broke that the Chinese  government had accused the company of five years of institutional bribery and corruption. Senior GSK business unit leaders were arrested and GSK claimed to be shocked, just shocked that anyone would accuse it of bribery and corruption, especially after just paying the US government $3bn for false labeling products. Yet the corruption continued even after being reported by an anonymous whistleblower (cleverly monikered GSK Whistleblower) the company was not able to turn up any indicia of bribery and corruption in its China business in six months of looking.

As lightly as GSK apparently took these allegations, the Chinese authorities took them very seriously and in a few months of investigation turned up the massive and pervasive bribery scheme. They put numerous senior GSK China employees under house arrest and even managed to illicit a confession or two on public television.

All of this led to a secret trial in August 2014 where the company was fined approximately $490MM and the four top executives of GSK China were convicted. The non-Chinese citizens were deported. There was even a sex tape aspect to the matter but it was somewhat tangential to the case and (apparently) not a part of the SEC enforcement action. Most interestingly the SEC Order did not mention the fine paid in China and it is not part of the Order, although surely the SEC took it into account. At least I hope so.

Yet the SEC enforcement was not without some interest. The Order noted, “Between at least 2010 and June 2013, employees and agents of GSK’s China-based subsidiary and a China-based joint-venture engaged in various transactions and schemes to provide things of value to foreign officials, including healthcare professionals (“HCPs”), in order to improperly influence them and increase sales of GSK products in China.  This misconduct was facilitated in part by the use of collusive third parties that ostensibly provided legitimate travel and other services. The funds used for the improper inducements were frequently obtained under the guise of, and falsely recorded in GSK’s books and records as, legitimate travel and entertainment expense, marketing expense, speaker payments, medical associations payments, and promotion expense. Throughout this period GSK failed to devise and maintain a sufficient system of internal accounting controls and lacked an effective anticorruption compliance program. The deficiencies in GSK’s internal accounting controls and compliance program also led to instances of similar improper conduct in connection with sales in other countries in which GSK operates.”

Yet we learned more in the SEC Order about GSK China’s bribery scheme. One emphasis was the China business unit wide pervasiveness of the corruption. The Order noted that bribes were actually written into sale plans for the company, stating, “a 2013 work plan submitted by a sales representative to a regional sales manager described the intent to pay, among other things, an HCP RMB 20/box of prescribed product every month, and deliver appropriate gifts on each holiday in exchange for a guarantee of more than 40 boxes of prescribed product every month.”

There was also some attempt to investigate the conduct of the China business unit but they all failed uncover the systemic bribery of GSK China. One set of investigations noted, “During this period, local internal audit and compliance reviews identified controls deficiencies and evidence of some mechanisms that were used to fund the improper payments, but they were treated as isolated instances rather than signs of a larger problem.”

Even more damning was the following, “As early as 2010, internal audit identified problems related to sales and promotions staff practices in China. Among other findings it noted: [d]uring 2010, several new policies governing commercial activities such as grants and donations and sponsorships were introduced. The significant changes, combined with the high staff turnover, contribute to an environment where many commercial and medical staff do not understand how to apply policies or the rationale behind them. This was evidenced by approval of non-compliant activities, a lack of clarity on which policy to apply for activities such as grants, and weaknesses in documentation to support the legitimate intent of activities such as advisory.”

One wonders whether the internal audit staff was simply not competent to properly identify the bribery and corruption or if they simply knew not to look with any more depth or seeing their findings as “signs of a larger problem.” However given the finality of these resolutions with the SEC and DOJ, it is doubtful there will be any further investigations going forward as to GSK’s China issues.

Nevertheless the matter continues to present multiple lessons to be learned for the compliance practitioner. Assuming one wants to actually find nefarious conduct, stop it and then remediate it, GSK in China presents several lessons on what to look for and how to move forward. The SEC Order also re-emphasizes the bribery schemes used by the company. What the SEC Order and DOJ declination may ultimately symbolize is the end of a long and sordid affair for the company.

One might also consider the damage the scandal did to the parent company and the legacy of the soon-to-retire chief executive Sir Andrew Witty. While the scandal did not reach either the corporate parent in England and certainly not Sir Andrew, the $490MM fine in China and the $20MM fine in the US, pale beside the true cost to GSK, which was its sales targets in China. GSK had targeted the over $30 bn Chinese medical product and services market to be 20% of GSK total revenue by 2020. That strategy is now in tatters as the Chinese prosecution made GSK a non-entity in the Chinese health care market. Any transaction involving GSK involving a Chinese health care provider, invites government scrutiny. It is far easier for health care providers to purchase pharmaceuticals, health care products and medical services from companies which have not gone through such a prosecution.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

 

 

Cartoon caption bubbleI hope everyone had a great 4th of July. One of the small pleasures I take each week is reading the New Yorker’s Cartoon Caption contest. I have entered most weeks for the past 10 years or so when the spirit moved me with a caption to submit. I won once, in the issue dated February 11 & 18, 2008. So you might imagine my surprise and thrill when I received a call from the section Editor, Bob Mankoff, last week to tell me I am a finalist yet again, for the July 25, 2016 issue. My request is that you go over to the contest and, if the spirit so moves, you will vote for me. You do not have to be a subscriber to vote but you do have to vote by Sunday, July 10th. You can go to the Cartoon Caption contest by clicking this link.

As you see from my entry, I was inspired by the long drought of Cleveland in winning a major sports championship, remedied by the Cavaliers in dramatic fashion in June. Having lived in or near Houston most of my life, I certainly understand futility of sports franchises. Yet I was reminded of my entry, the overcoming futility in a dearth of championship banners and their intersection with compliance in a The Atlantic magazine article by Jerry Useem, entitled “What Was Volkswagen Thinking?” Useem reviews the design and implementation of the VW defeat device that led to its emissions-testing scandal. He pointed to the sociologist Diane Vaughan, who coined the term normalization of deviance to explain the “cultural drift in which circumstances classified as ‘not Okay’ are slowly reclassified as ‘okay’.”

It is this type of corporate culture that leads to not only total disaster, such as currently being experienced by VW, but also allows companies to slip into conduct that violates the Foreign Corrupt Practices Act (FCPA). One step is that management does not model the behavior that it alleges to aspire to for its employees. Yet Vaughn goes further to describe the process as a “script” which develops a definition of the situation, which allows the employees to carry on as if nothing was wrong. It is this script about marching to make your numbers that causes many employees to come to grief. For it does not matter what your Code of Conduct says or even what senior management might say, it means if the focus is on making your numbers, employees will get that message.

Consider the recently concluded Analogic Corporation (Analogic) and BK Medical ApS (BK Medical) FCPA enforcement action. Here there were two separate high-level red flags raises over the BK Medical bribery program and neither the subsidiary, BK Medical, nor the parent, Analogic, followed through with an investigation, discovered the rather obvious (and blatant) conduct and ended it. How could this occur? Useem notes that Vaughan’s theory allows employees to move beyond acting as if nothing is wrong. They come to believe, “bringing to mind Orwell’s concept of doublethink, the method by which a bureaucracy conceals evil from not only the public but itself.”

Contrast the VW and Analogic examples of Useem who further wrote about Johnson & Johnson (J&J) who had one of the greatest corporate scares of all-time when there were cyanide-laced capsules sold in Chicago area stores in 1982. J&J set the gold standard for corporate crisis response when it pulled every bottle of Tylenol nationwide, warned consumers not to take the product and sustained a $100MM loss. Yet it turns out the genesis of this crisis response had occurred three years earlier when the company’s Chief Executive Officer (CEO), James Burke, became concerned that the J&J Credo, which included a duty to protect those who used the company’s products “had become something like the Magna Carta: an important historical document, but hardly a tool for modern decision making.” Burke led a reinvigoration of the company’s core values into its business practices.

This reinvigoration led directly to the company’s response to the Tylenol-cyanide poisoning. Indeed, Useem said the company’s actions “flowed more or less automatically from the signal sent three years earlier. Burke, in fact, was on a plane when the news of the poisoning broke. By the time he landed, employees were already ordering Tylenol off the store shelves.”

Useem’s article points towards why tone at the top is so important. The tone to do business in compliance with the FCPA must be set by senior management and that message must be continually communicated. When those communications stop and the message becomes ‘make your numbers’ then the company’s commitment to doing business the right way will also falter. Even disgraced former Chief Financial Officer (CFO) of Enron, Andy Fastow, recognized this when he was quoted in Useem’s article for the following, “A robust ‘code of conduct’ can be emasculated by one action of the CEO or CFO.”

The setting of unrealistic sales goals individually or even by region can lead to the cutting of corners. Consider the illegal actions of GlaxoSmithKline PLC (GSK) in China, which led to a fine of approximately $497MM for the company’s bribery of Chinese government officials in the health care sector. GSK had set sales growth of 20% annually in China. How were the leaders of the Chinese business unit to hit these numbers? Apparently that was not something senior management in the corporate office was too worried about. The setting of such unrealistic sales goals can be the simple message that over-rides all the statements about doing business in concert with the business ethics expressed in your Code of Conduct.

Tone at the top does matter. But it is more than simply saying the right thing. It is setting your goals in a realistic manner that can allow employees to reach them without engaging in bribery and corruption or, in the case of VW, fraud. Useem ends his piece with the following, “Decisions may be the product of culture. But culture is the product of decisions.”

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016