Close to the EdgeDown at the edge, round by the corner.

Close to the edge, down by a river.

I continue to explore my list of Tom’s favorite prog rock albums by focusing today on the English band Yes. The group dominated prog rock in the early 1970s with three great albums; The Yes Album, (1971), Fragile (1971), and Close to the Edge (1972). For my money Close to the Edge is the top of the three. Will Hermes, writing in Rolling Stone, said, “Yes’ greatest prog statement is a complex pair of multi-part suites, plus the dazzlingly unintelligible showpiece.” A headphone journey with album’s cryptic lyrics are well worth the trip. The album was released just eight months after Fragile. While drummer Bill Bruford left the band after the grueling studio sessions, the album “might be his ultimate showpiece. He quoted Rush’s Geddy Lee that Close to the Edge, is “To my mind, Yes may be the single most important of all the progressive rock bands and that it is “among my favorite rock albums of all time.”

The single Close to the Edge encapsulates prog rock about as well as one song can. I agreed with its entry in Wikipedia, that the song’s glory is revealed immediately as the song opening fades in with the sounds of running water, wind chimes, and birds chirping; a layering of sounds derived primarily from “environmental tapes” collected by lead vocalist Jon Anderson. These nature sounds fade into a crescendo and into a somewhat menacing guitar solo, the backdrop for which is a cacophonous musical passage that serves as a replacement for the natural cacophony that preceded it. The guitar solo is punctuated by a series of sudden vocals. Again, a crescendo signals a transformation, this time into a more down to earth melody. Like a classical composition, this melodic passage is the establishment of a theme that will go through many variations throughout the life of the song. The lyrics themselves come are inspired by the Hindu/Buddhist mysticism of Hermann Hesse’s book Siddhartha. It does not get much better than this.

I thought about all this interconnectedness when I read a recent article from the Harvard Business Review (HBR), entitled “How Smart, Connected Products are Transforming Companies”, by Michael E. Porter and James E. Heppelmann. While the focus of their article was on new products they also had some interesting insights into both the interconnectedness of processes and structures, which apply to the compliance practitioner going forward. I call it “connected compliance.”

Process in Connected Compliance

Processes are being reshaped by the data which is now available and more “intense coordination among [corporate] functions is now required.” Regarding structures, the authors believe, “new forms of cross-functional collaboration and entirely new functions are emerging.” I will explore both in this post.

Obviously compliance is a permanent process. Yet it should also be a continuous process. The data from a wide variety of sources should be used to track the types of risk that compliance professionals must manage. This begins with third parties. Continuous monitoring of third party watch lists seems almost pedestrian now yet many companies do not understand they have a continuing obligation to understand who they are doing business with, even after the contract is signed. Put simply, due diligence once every two years is a recipe for trouble. But this type of information should not only be limited to third parties’ in your sales business. You should also consider your exposure from your customers.

However, what if a large part of your company is exposed to the financial risk of a corrupt company slowing down its business? If you are in the auto supply business or even the software industry, have you considered how much of your business is at risk through your relationship with a company like Volkswagen (VW)? Most Foreign Corrupt Practices Act (FCPA) risk analysis considers corruption risks involving third parties in the sales arena or vendors that come in through the Supply Chain, now, based upon the VW, Petrobras or you name the scandal, you may need to know the corruption propensity of your customers as well.

Finally, connected compliance will help make people, materials, energy, plant and equipment far more productive, and the repercussions for business processes will be felt throughout the economy. The authors’ state, “We will see a whole new era of “lean.” Data flowing to and from products will allow product use and activities across the value chain to be streamlined in countless new ways.” For the compliance practitioner, waste will be cut or eliminated. Connected compliance will also allow a compliance solution to be delivered when certain thresholds are met, rather than according to a schedule. New data analytics will lead to previously unattainable efficiency improvements and allow you to do more business in compliance going forward.

Structures in Connected Compliance

Just as processes will evolve in connected compliance, so will structures. As the authors note, the classical organizational approach combines “two basic elements: differentiation and integration. Dissimilar tasks, such as sales and engineering, need to be “differentiated,” or organized into distinct units. At the same time, the activities of those separate units need to be “integrated” to coordinate and align them.” Connected compliance will have a major impact on both differentiation and integration in your company going forward.

This structural changes means that compliance will be integrated into diverse functional units of the company such as manufacturing, logistics and SC, sales and finance. This integration across functional units will occur through the business unit leadership team and through the design of formal processes for connected compliance with multiple units having roles.

This sounds quite like burning compliance into the DNA of your company. It is. However connected compliance gives you the means and methods to think through how to accomplish this goal. You will have to coordinate between and across multiple functions within your organization. It will require the critical function of not only data management but also data analysis. What does it all mean?

The authors believe that such an approach will require “dedicated data groups that consolidate data collection, aggregation, and analytics, and are responsible for making data and insights available across functions and business units.” Once again the compliance function is uniquely situated to be at the fulcrum of this connectedness. No other discipline within an organization can tap into so many areas and have such an effect. Scott Lane, Executive Chairman of the Red Flag Group, has described this as a straight line of sight. Connected compliance indeed.

It is through connected compliance that all groups within a company will become responsible for compliance. The integration of this data into compliance is still viewed as cutting edge; nonetheless companies have this data, structured within their own ERP systems. Connected compliance will allow senior management to view information to make the business more efficient and allow a company to take more risk because the risks will be managed more effectively.

Today, I present all three of the great Yes albums for your listening pleasure…

To listen to The Yes Album on YouTube, click here.

To listen to Fragile on YouTube, click here.

To listen to Close to the Edge on YouTube, click here.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

FoxtrotAs noted by Dan Epstein, in the Rolling Stone article “50 Greatest Prog Rock Albums of All Time”, the Genesis album Foxtrot was arguably the band’s first great album. The album “took the eccentric worldview and symphonic grandiosity of 1971’s Nursery Cryme and upped the ante with more consistent songwriting and a tougher musical attack. It also added two prog-rock classics to the Genesis canon: the UFO-via-Mellotron fantasy “Watcher of the Skies,” which gave the album a bracingly powerful opener, and the 23-minute closer “Supper’s Ready””.

For my money it is Supper’s Ready that makes my Top 5 list of the greatest prog rock songs I am celebrating this week. The song was “partly inspired by some unsettling supernatural events experienced by front man Peter Gabriel, the stunning seven-movement suite offered up heavy doses of Biblical and Greek mythological imagery, some of the band’s most adventurous playing and the use of several unusual time signatures”. The song is divided into seven separate sections where both musical and lyrical themes interact and intertwine.

My favorite section is the roaring self-explanatory section Apocalypse in 9/8. The Genesis program notes for the song describe it as follows, “At one whistle the lovers become seeds in the soil, where they recognise other seeds to be people from the world in which they had originated. While they wait for Spring, they are returned to their old world to see Apocalypse of St John in full progress. The seven trumpeteers cause a sensation, the fox keeps throwing sixes, and Pythagoras (a Greek extra) is deliriously happy as he manages to put exactly the right amount of milk and honey on his corn flakes.”

Oddly this song introduces today’s topic that I derive from columnist Michael P. Maslanka who writes in the Texas Lawyer. He penned a column, entitled “5 Mindsets for Better Lawyer Health, which I have adapted for the Chief Compliance Officer (CCO) or compliance practitioner. The mental health and substance abuse issues in the legal profession are well documented. Maslanka writes, “20 percent of lawyers combat depression; 44 percent of lawyers grapple with alcohol/substance abuse; and 19 percent fight off anxiety.” With those types of numbers, his piece is a must read at every law firm in the country.

Mindset No. 1: “Be Yourself, Everyone Else is Taken”

This quote comes from Oscar Wilde. Maslanka is worried that many lawyers look around and see someone smarter or better and they feel “Cue the scene from Wayne’s World – “I’m not worthy!” Except you are. For the CCO, I think this means there will always be someone else in your company who has more of something you might think you need to do your job well (or even better). First, and foremost, if you are not yourself in the corporate world, you will be labeled a phony as soon as you are discovered and this will end your ability to do your job effectively. Moreover, you are not competing with others, only doing your job as well as you can.

Mindset No. 2: “Do Not Be a Lever Monkey”

Here Maslanka discusses the well-known experiment by Walt Bachman where he wired up monkeys and delivered electric shocks to them (no word on PETA’s reaction). One monkey had a lever in front of him and the other did not, the lever had no function or effect on the shocks yet he furiously pulled. At their time of death autopsies were performed on the monkeys, the lever monkeys had developed ulcers while the monkeys which were shocked, yet had no lever, did not.

From this Maslanka draws the conclusion, “work hard and advocate hard, but realize that there is only so much you can control.” For the CCO this is equally true but more so. The compliance function has many more moving parts than a corporate law department. At the end of the day, the CCO’s role is to prevent, detect and remediate while the lawyer’s job is to protect the company. Clearly the process of doing compliance is the key to moving forward. A CCO is not Harry Potter and there is certainly no magic wand, but it is a simple program. Your company must simply want to do business ethically and in compliance.

Mindset No. 3: “All experiences are good ones if you draw the right lessons”

Maslanka believes, “All experiences are good ones if you draw the right lessons.” Indeed he even says that his “mother taught me this mindset: while self-examination is painful for the ego, it is indispensable for growth.” He has used that concept to mandate to himself to conduct “an after action report (a military concept) after every project. I ask what I did right and what could I have done better, and resolve to do more of each.” He concludes, “When we do not treat our failures as lessons, then the event is just something that happened to us.”

The only difference I might have from Maslanka here is that you do not always need to draw the ‘right’ lessons but draw lessons, as there are always a multitude of lessons to be learned. Moreover, in the compliance world, there will always be lessons to be learned and improvements to be made. Simply because there is a failure in the prevent prong of your compliance regime may not mean there is a Foreign Corrupt Practices Act (FCPA) violation as you may well have detected it.

No. 3 leads directly into No. 4, which is:

Mindset No. 4: Learn to accept the truth about losing

You are going to make mistakes in your compliance practice. The reason – you are human and humans make mistakes. The point is not only what did you learn from it, but “What did you do about it?” that is why McNulty’s Maxims have a No. 3. The next step is what did you do after you found out about it? Maslanka intones that you cannot despair over the fact that you made a mistake, for if you do you will be paralyzed with fear. You cannot be an effective compliance professional if you work yourself up into such a state. Not only will you suffer but the company will suffer as well for if the CCO is paralyzed by fear, the chance of something very bad occurring increases quite a bit.

Mindset No. 5: “I Must Not Sacrifice Myself and My Well Being for Others”

Maslanka reminds us that you must “Secure your own oxygen mask before assisting others.” He believes that you do not owe anyone, “your health, your family, your sanity, your identity, or your integrity.” Since many CCOs are recovering lawyers, the martyrdom gene is always omnipresent and must be kept under control. If you have worked yourself into a mental and physical wreck you are not going to do anyone any good.

Mindset No. 6: “Embrace the journey, not the arrival”

I know Maslanka’s piece was entitled “5 Mindsets” but he goes on to list a sixth. I found it be perhaps the most important. He quotes from Constantine P. Cavafy’s poem Ithaka about Odysseus’s journey home from Troy:

“Hope your voyage is a long one … don’t hurry it at all/Better if it lasts for years,/so you’re old by the time you reach the island/Wealthy with all you’ve gained on the way … Wise as you will have become, so full of experience,/ You’ll have understood by then what these Ithakas mean.”

This trait may be the most important for a CCO. The compliance discipline is evolving as compliance programs evolve, the interpretations and enforcement of the relevant anti-corruption laws, such as the FCPA and UK Bribery Act, progress and regulators expectations of a minimum best practice compliance program advance. You should evolve as well. Read, study and stay abreast of trends that you might incorporate into your company’s program to make it better. Moreover, you need to understand that your company and its business will evolve as well. New risks will arise which will require new risk management tools and techniques. Yet, for me, that is one of the greatest joys of our profession.

To listen to the studio version of Supper’s Ready, click here.

To listen to the live version of Supper’s Ready, click here.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Head ScratchingLast week the Securities and Exchange Commission (SEC) concluded a Foreign Corrupt Practices Act (FPCA) enforcement action against Qualcomm Inc. for violations on the Accounting Provisions of the FCPA, including both the books and records and internal controls provisions. The enforcement action presented an interesting mix of clear FPCA violations of not having proper internal controls in place, a demonstration of the growing trend towards strict liability for violations of the Accounting Provisions and, finally, one head scratcher which would seem to point towards internal controls which did work. Taken together there are several important lessons to be learned for the compliance practitioner.

Hiring and Internal Controls Violations

In the Princeling enforcement category, first seen the Bank of New York Mellon FCPA enforcement action from 2014, we see how widely Qualcomm varied from its standard hiring protocols to hire the sons and daughters of officials of a state owned enterprise in China. Consider these business justifications for hiring a daughter of an official, as set out in the SEC Cease and Desist Order (Order):

  • “We received a request from the GM of [the telecom company’s subsidiary] to help find an internship position for her daughter (currently studying in the U.S.) within QC. I discussed this with [high level official] and determined that it would be important for us to support given our cooperation with [the subsidiary].”
  • Qualcomm employees understood that the daughter’s “parents are [SOE 2 subsidiary] Dept. GM level and gave us great help for Q.C. new business development.” Because “[the regional branch] is our strategic partner in China and plays an important role in leading all [the telecom company] adopting Qualcomm’s technologies,”
  • Qualcomm employees believed that the internship “would be important for us to support given our cooperation with [the subsidiary].” Specifically, the internship “would be good because we are doing quite a bit with [the subsidiary]”.

In another instance, the company provided the following for a son of an official:

  • support from a $75,000 research grant to an American university where he was studying, allowing him to retain his position in a PhD program and renew his student visa;
  • a Qualcomm internship;
  • subsequent permanent employment despite interviewers concluding that he did not meet Qualcomm’s hiring standards for the position; and
  • a business trip to China followed by leave to visit his parents over the Chinese New Year, despite other employees expressing concern regarding his qualifications for the assignment. The EVP also personally provided this employee with a $70,000 loan to buy a home.

What is even more amazing about the hiring of the son is that after the initial hiring interview he was rated as a “No Hire” because not only was he not a “skill match” for the company but he did not even “meet the minimum requirements for moving forward with an offer”. Finally, among the Qualcomm team involved in the interview process, “there was an agreement that he would be a drain (not even neutral) on teams he would join.” Yet he was offered a job as a “special favor”. [Emphasis supplied]. If someone is so unqualified that employing them will negatively impact the company, there must be another very good reason to hire them, such as providing a benefit to their father, who is an official under the FCPA.

Both of these instances demonstrate clear violations of internal controls around the company’s hiring process. If a candidate does not make it out of the initial interview with anything more that a “No Hire” rating that should be the end of the decision making process around compliance, full stop. Do not pass Go, do not Collect $200. As the Order succinctly noted, “FCPA compliance, however, was not considered in Qualcomm’s hiring process.” A fine and penalty for this transgression was clearly warranted, as it was a clear violation of internal controls around the company’s hiring process.

Books and Records and Strict Liability

In summary fashion, the Order states “when it provided things of value and engaged in transactions that caused the company to fail to make and keep books, records, and accounts, which, in reasonable detail accurately and fairly reflected the transactions and disposition of assets of the company.” The recordation was done in a “generic and non-descript manner that obscured their purpose.” The items and other things of value included un-named and undesignated gifts, travel and entertainment, with the specific notation that “meals, gifts and entertainments were repeatedly noted as missing from Qualcomm’s gift logs.”

This portion of the Qualcomm enforcement action points towards a growing trend of a strict liability standard in FCPA enforcement under the Accounting Provisions. While there may well be wide disagreement as to whether such a standard is warranted under the FCPA, I think it is coming and it is something every Chief Compliance Officer (CCO) and compliance practitioner needs to be ready to address if and when the day comes that your company is under the shadow of a FCPA investigation.

This means if your books and records comes under investigation, you will have to demonstrate that it meets some minimum standard that satisfies the SEC. The FCPA Guidance states, “under the “books and records” pro­vision, issuers must make and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect an issuer’s transactions and dispositions of an issu­er’s assets.” Moreover, “the accounting provisions ensure that all public companies account for all of their assets and liabilities accurately and in reasonable detail”. Obviously, the question is what is ‘reasonable detail’? This enforcement action does not provide much guidance.

The Head-Scratcher

There was one instance of the alleged failure of internal controls that seems so anomalous that it needs to be explored. I quote in full from the Order:

  1. For example, Qualcomm offered at least 15 foreign officials lavish hospitality packages worth approximately $95,000 per couple for the 2008 Beijing Olympics. Then, in mid to late-July 2008, a member of Qualcomm’s finance department raised FCPA issues related to the Olympics with Qualcomm counsel. In August 2008, just days before the Olympics began, Qualcomm rescinded the five hospitality invitations that had been accepted due to Qualcomm’s FCPA-related concerns. The disinvited guests were from three Chinese state-owned enterprises.

 Why does this seem so anomalous? It is because the company’s internal controls stopped this seeming violation. The internal controls did what they were supposed to do, detect a potential violation and even prevent it before it happened. Even if the local business folks started down this road, it is clear that the corporate office stopped it. If a compliance program is now going to be criticized in the form of an enforcement action for doing what it is supposed to do, detecting and then preventing FCPA violations, it may be will nigh impossible for any company to be in compliance with the FCPA.

Of course, this Order was the product of negotiations between the SEC and Qualcomm so there may be additional facts around this, questionable at best, hospitality play by Qualcomm. However, if there was more to this story, the SEC needs to use those facts to educate and inform companies on their obligations and not hold them liable for actually stopping bribery and corruption.

The Qualcomm FCPA enforcement action reinforces the need for robust internal controls around the hiring process. It should be studied by both the compliance function and your company’s Human Resources (HR) function. The lessons you can learn from this enforcement action can help you to forestall a similar fate for your company.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Effecrtive Leadership in ComplianceI am one of the firm believers in the evolution of the compliance profession. Long gone are the days when the General Counsel (GC) could adequately perform both the GC that and Chief Compliance Officer (CCO) roles. Structurally the roles have become so large in multi-national, multi-billion dollar organizations, it is difficult to have one person do both roles adequately. Moreover, strategically the roles have very different focus with the GC’s role to protect the company and the CCO’s role to find, fix and remediate issues and problems.

In a recent blog post, entitled “What is Compliance Experience?”, SCCE President Roy Snell discussed the myriad of skills needed in the compliance discipline. His list included talents as diverse as “audit, education, risk, legal, investigations, ethics, policy development”. To Roy’s list I would add one that lawyer’s are sorely trained for, that being leadership. This is not something taught in law schools or given much acumen in law practices. Guidance in corporate training for lawyers in this skill is also sadly lacking. As a former GC who has moved into the compliance discipline I can attest to all the foregoing.

For this reason, and indeed a myriad of others, I am pleased to announce I have published my latest book, Effective Leadership Skills in Compliance: CCO 3.0 and Beyond, which is designed to provide the compliance professional with both tactical and strategic leadership skills to help navigate the host of corporate disciplines involved with the compliance function in the this modern era.

Over the past few years I have provided the compliance practitioner with solid information that can be used to implement, review and enhance a US Foreign Corrupt Practices Act (FCPA) or UK Bribery Act based compliance program. I have written several books that provide you with information that can be used for the nuts and bolts of compliance with a goal of providing the specifics of best practices for an anti-corruption/anti-bribery compliance program.

My new book moves beyond the technical aspects that a CCO or compliance professional must master to have success in their field. I aim to provide solid guidance about the non-legal, non-technical skills needed to move past CCO 2.0 to CCO 3.0 and beyond. This is the landscape where the truly outstanding compliance professional will move to make compliance a part of the everyday DNA in the manner in which a company does business.

Just as the understanding of anti-corruption and corresponding compliance programs have evolved, the CCO and compliance practitioner position will continue to evolve. This book provides you with the tactics and strategy to advance your own professional skills so that you will become one of the most important components of any business moving forward. For failure to move compliance into the very fabric of your organization, whether you manufacture cars in Germany, are a large multi-national retailer, extract minerals around the globe or simply do business in China, puts your company’s reputation at risk in a way that cannot be measured or even foretold.

I break the book down into three general areas for discussion. In Part I, I discuss communication skills that you need to be an effective CCO. I review areas as diverse as incorporating the concepts and tools of social media into your compliance program, the conversation that all true leaders engage in and how to just say no and the power of that word. Finally, I review the always difficult issue of culture across the globe and how you can communicate across cultural boundaries in a multi-national organization.

In Part II, I investigate several techniques, which you can use to put innovation into your compliance program. There are two disciplines that are not associated with the compliance profession that I believe can help you to think through innovation for your organization: project execution and design thinking. Another area for innovation and even inspiration that you can turn to in your own organization is the supply chain (SC) so I explore how techniques in this area can help you move the ball forward. I conclude Part II with some thoughts about how you can not only drive compliance into the fabric of your organization but also even burn compliance into the DNA of your company.

In Part III, I review the always significant area of influence. I consider how you should manage both up and down the organization and use empathy in your compliance practice. I talk about managing talent in both your own compliance department and the company as a whole. I even drill down into the weeds, tactically speaking, by providing some thoughts on that bane of corporate existence, never ending meetings by including a section on how to run a more efficient and effective meeting.

As the compliance function matures, the roles called upon by the CCO and compliance department teams will continue to both expand and grow. The worldwide explosions of corruption scandals, best exemplified by Volkswagen (VW), will put more pressure on corporate compliance functions to be prepared to respond to persons and groups as diverse as the Board of Directors to the Chief Executive Officer (CEO) to regulators, shareholders and even the public. The skillset needed for this most important role will continue to grow as well.

As many compliance practitioners came out of a corporate legal department or have a law school background, they traditionally have received very little training on how to lead. Knowing the answer or going to look it up and then writing a well-crafted memo thereon was about as much leadership training as those persons received. However, in the second half of this decade, those legal-training skills are simply not enough to be effective in the wide variety of roles a compliance practitioner currently has and will have in the future.

To be an effective compliance officer, you have to embrace skills that you may not have been trained for academically. These leadership skills are required to move compliance into the DNA of an organization, it will take much more than the brute force used by most corporate legal departments. Persuasion, influence, and communication skills will be required going forward. After all the roles of compliance and legal are very different. A corporate legal department is there to protect the interests of a company while the role of compliance is to prevent, find and fix problems before they become legal violations. Put another way, the role of legal is to tell the truth and the role of compliance is to tell the whole story. These are different roles that require very different skill sets in today’s corporation.

Nonetheless there are specific skills, tools and techniques that you can use to move forward both the message of compliance and burning it into the fabric of your organization. I have laid out some of the tools that I believe you can implement at little to no cost to you and your organization. The role of the compliance function has moved from the structural change identified in Compliance 2.0, where the CCO function moved out from under the legal department to the a functional unit, to CCO 3.0 which advocates incorporating cutting edge communication tools, for example social media, the two-way discussions. Moreover, the workplace is evolving. As a leader, you will need to evolve your leadership skills to lead generations as diverse as the greatest generation, to baby-boomers, gen-Xers, millennials, and I-gens. Both soft skills and hard skills are needed. This book gives you the tools you need to move forward into the next era of the compliance profession.

To purchase a copy of this book on Amazon.com, click here.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

AlamoOn March 2, we here in the great state of Texas celebrated the 180th founding of our Republic, which occurred in 1836 with the aptly named settlement of Washington-on-the–Brazos, where delegates signed the Texas Declaration of Independence. Tomorrow, March 5, we will celebrate one of the moments defining what it means to be a Texan, the fall of the Alamo. Usually, I use this date to recall former Head of the Department of Justice (DOJ) Foreign Corrupt Practices Act (FCPA) unit Chuck Duross’ comment that Chief Compliance Officers (CCOs) are the Alamo of their company. I should note that Duross cited it to convey the concept that CCOs are the last line of defense in a company against bribery, corruption and other associated illegal acts, not the part of the Alamo legend where everyone is slaughtered for their standing up for their beliefs.

Today I want explore the March 2 anniversary as my starting point to think about the Holy Grail of compliance, that being the Return on Investment (ROI) for your compliance program. In an interesting The Accounting Review academic paper, entitled “An Analysis of Firms’ Self-Reported Anticorruption Efforts”, the authors, Paul M. Healy and George Serafeim, looked at the issue of not simply profitability of companies, which had more robust anti-corruption compliance programs but also what was the direct effect on the companies’ return on equity (ROE) in countries that were perceived to have a high incidence of corruption, under the Transparency International – Corruption Perceptions Index (TI-CPI). Although the piece was very math heavy, it yielded some very interesting results.

The first finding was that companies with good governance tended to have more robust compliance programs. The authors noted, “Managers of firms with independent and engaged board oversight may take anticorruption laws and enforcement seriously and adopt/enforce policies to deter corruption.” Conversely, they noted, “some investors, boards, and managers may jointly view corruption as an unavoidable cost of doing business in certain parts of the world, yet engage in cheap talk in an effort to reduce regulatory costs.” This good governance was more than simply tone at the top. It was also measured by board independence and board oversight of a company’s compliance program.

Not surprisingly, in countries where there is a low risk for corruption, there was not much difference in the sales growth for companies with robust anti-corruption compliance programs and those businesses feature in the authors’ ‘cheap talk’ category. However, when it came to growth in countries that had a high propensity of corruption, there was a dramatic difference.

While it was laid out in table form, the authors’ explained, “Using the across-firm segment classification, the estimates imply that for the median sample company, a 10 percent increase in sales in low corruption geographic segments increases ROE by 17 basis points (0.10 * 1.738), whereas a 10 percent increase in sales in high corruption segments decreases ROE by 7 basis points (0.10 * 0.733). Using the within firm geographic segment classification, the estimates imply that a 10 percent increase in sales in low corruption geographic segments increases ROE by 14 basis points, whereas a comparable sales increase in high corruption segments decreases ROE by 10 basis points. Therefore, the effect on company ROE from increasing sales in high versus low corruption segments is -24 basis points.”

Translating that into language for a lawyer or compliance practitioner, this means there is a negative relation between investments and a company’s return on that investment in high countries where the company did not have an effective compliance program. This is true even in the face of increased sales growth. For firms that had as high as 10% growth in high-risk countries, if they did not have a robust compliance program in place, the negative ROE was between 24 to 30%. As the authors stated, “for firms with high residual anticorruption ratings and sales growth in corrupt geographic segments is positive and significant… Firms with high residual ratings that grow sales in high corruption geographic segments, therefore, do so without lowering their ROE.

Having been raised in an academic household, when quantitative types say the following, “The magnitudes of the estimated coefficients are economically interesting”; it is a HUGE deal. These findings are equally large and important for the CCO or compliance practitioner. The authors conclude by making several observations. First, companies that have more robust compliance programs are from countries that have more robust enforcement and monitoring. Second, the more robust your compliance program is the lower your sales growth may be but the higher your overall return in a high-risk country will be going forward. Finally, even if a company sustains high sales grow in a high-risk country, if it does not have a robust compliance program, the sales will drop off dramatically and may well lead to negative ROE.

All of this information points to companies that are on the Ethisphere list of the World’s Most Ethical Companies and their financial performance. They have better than average financial performance because they are better run. They are on this list because they have robust finance internal controls that include compliance internal controls. To mix metaphors, robust internal controls around compliance do not slow you down but allow you to go faster and move more safely into high-risk countries.

So the next time some business type tries to say that following the law by having a robust FCPA anti-corruption compliance program in place hinders business, you can correct him. Spikes in sales in high-risk countries do not translate into sustained growth and without an effective compliance program in place your company may actually lose money.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016