The life of a Repo Man is always intense…

That was one of the greatest lines from one of the greatest movies from one of the greatest laconic actors of all time. Of course it was Harry Dean Stanton who died over the weekend. Along with Jack Elam, Stanton had one of the most expressive faces of any actor ever. The New York Times obituary, said of Stanton, he was “the gaunt, hollow-eyed, scene-stealing character actor who broke out of obscurity in his late 50s in two starring movie roles”. The tributes listed in this piece were simply exceptional. Vincent Canby had written that “Stanton’s “mysterious gift” was “to be able to make everything he does seem immediately authentic.”” Roger Ebert said, “Stanton was one of two character actors (the other was M. Emmet Walsh) whose presence in a movie guaranteed that it could not be “altogether bad.””

He was in some of the most memorable movies around, in addition to Repo Man his corpus included Alien, Pretty in Pink, Escape from New York, Cool Hand Luke and The Last Temptation of Christ. However, my favorite was Repo Man, one of the great satirical commentaries on the 70s “Me” generation. Rolling Stone said of the role, “Writer-director Alex Cox’s ode to classic Hollywood noir, bratty L.A. punk and Seventies’ midnight movies is perfect in pretty much every way. But the best choice Cox made was to hire Stanton to play a philosophical veteran repo man named Bud, who teaches the rootless hero Otto (Emilio Estevez) how to swipe deadbeats’ cars with no regrets. A devout believer of a social order – on his own terms, at least – Bud makes ruining poor people’s lives sound like a religious calling.”

Even if his life and roles were intense, Stanton never gave it away. Similarly, the life of a Chief Compliance Officer (CCO) can also be intense and the most powerful tool you have is persuasion. Stanton and his laconic acting style demonstrated that is often soft skills which win the day. This means a CCO needs to bring another skill set to bear to do their job. Jenny O’Brien, CCO at United Health Care, has talked about the techniques that a CCO can use to influence decision making in a company in order to do business in compliance and ethically. She has called these techniques of persuasion “Seven Steps of Influence” and advocates a CCO to employ to help influence decision-making within an organization.

  1. Collaboration. As a CCO you need to know your company’s business. If you are new to an organization she said you must take time to learn the business. You should sit in on sales meetings and, when appropriate, you should go out on sales call. Channeling your inner Atticus Finch, you must walk in the shoes of the business leaders you are assisting. By doing so, you will not only understand the products and services that your company offers but also the challenges that your business development team will face out in the world.
  2. Listen. You must work constantly at active listening, which is listening, thinking and then speaking, and not just jump into the middle of a conversation, talk to people in a manner that will address their concerns. When you do speak, be prepared to make the case for the compliance proposition that you are trying to get across. As a CCO, strive to be relevant in every interaction you have with your senior management peers. This sometimes it means speaking up at meetings or other forums but sometimes it means listening. Develop a rapport with your business team and this rapport can lead to trust building.
  3. Relationships. This is not inter-personal relationships but those between the compliance function and other functions in an organization through a CCO or compliance practitioner can bring influence to bear. It all begins with building trust with others within your organization. Invest time to find others in your organization that you want to work and with those with whom you desire to build relationships. The key relationships that a CCO or compliance practitioner can develop are with the audit function, the legal department, Human Resources, IT and corporate communications.
  4. Humility. Humility is important because it empowers. It can empower others to expand the circle of influence and get others in a corporation to influence an ever-expanding circle on behalf of compliance. The CCO does not need center stage. Echoing the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs requirement that compliance should be operationalized, business units should solve compliance issues, as compliance is just another business process. Through such influence where you can get the business unit resources to solve a compliance problem, you will hold down the costs of the compliance function. It is not about being right but about moving the compliance ball forward in the right direction.
  5. Negotiation. A compliance practitioner you need to learn the art of compromise. Negotiation is not about the dichotomy of winning and losing an argument or debate. A CCO should strive to redefine what a win might look like or what a win might consist of for a business unit employee. When faced with such a confrontation, try to determine what both sides wanted then give them something else in addition to what they thought they wanted. A CCO can be considered a mediator not just simply an enforcer or Dr. No from the Land of No.
  6. Triple ‘C’. Calm, cool and collected because all company employees, up and down the chain, are watching the CCO. For this reason, a compliance practitioner should channel their inner Harry Dean Stanton and have a laconic face, at all times. The Triple C’s are important because organizations look to the CCO to solve complex issues with simple solutions. When faced with a compliance issue or an obstacle you should endeavor to keep everything on an even keel and never let them see you sweat.
  7. Credibility. The final of the seven pillars was that the CCO role needs to be adequately scoped and that the accountabilities need to be clearly defined. Put another way, what is your job scope as the CCO and what is the function of the compliance department? What is your accountability to decide the resolution to an issue? As a CCO, you must demonstrate your value as a non-revenue function. This may require you to get out of your office and put on a PR campaign for compliance. A CCO needs to guard their independence in job function and reporting. You must make clear that you will have independent reporting up to the Board or Audit Committee of the Board.

Influencing, using persuasion is not a one-time activity. It is ongoing. Think of Harry Dean Stanton in Repo Man showing a young Emillo Estevez the ropes or perhaps as one of the crew of the Nostradamus in Alien; even the lost soul in Paris, Texas, who emerges from the desert and gradually reconnects with the family he abandoned. But think of Stanton and channel that inner ability to be great all the while keeping a cool face.

 

For a YouTube clip of the iconic line Repo Man’s always intense, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Sometimes I pick a topic for a week’s theme of blog posts, as I did last week with the topic of soft skills needed to navigate a successful remediation. Then there are times where it appears the theme picks me or at least informs the week’s blog topics. With all that has happened to my hometown and a good part of south Texas this week, it appears this will be a weather-themed week; as today I want to focus on the decision-making process that General Dwight Eisenhower used around the one factor he could not control around the D-Day invasion – the weather.

The story has been well told many times. According to This Day in History, in early June, 1944, some 156,000 allied troops, were marshalled on the southern coast of England, “poised to travel by ship or plane over the English Channel to attack the German army dug in at Normandy, France, on June 5. Eisenhower had a window of only four days of decent weather in which an invasion would be possible. When bad weather hit the channel on June 4, Eisenhower wrestled with the idea of postponing Operation Overlord. Weather conditions were predicted to worsen over the next two weeks and he had thousands of personnel and thousands of tons of supplies that were in his words, hanging on the end of a limb. After a promising but cautious report from his meteorologist.” After a few minutes of reflection, Eisenhower told his staff, “I am quite positive that the order must be given.” June 6, 1944 became forever known as D-Day.

Yet it was Eisenhower’s lengthy decision making process which allowed him to synthesize the facts and move to a correct decision quickly and decisively. Eisenhower himself has been quoted as saying “Make big decisions in the calm”. In a recent book by Raymond M. Kethledge and Michael S. Erwin, entitled Lead Yourself First, they call this process “analytical clarity”. It is this process which I believe can be useful for any Chief Compliance Officer (CCO) or business leader faced with a decision which allows “the breaking down of complexity to a single point of clarity.” It requires a CCO or business leader to “identify as clearly and precisely as he can, the goal he seeks to achieve or problem he seeks to solve.” This type of process is particularly well suited to today’s information overload business world where there may literally be thousands of inputs and data points.

Analytical clarity allows a CCO or business leader “to focus clearly and specifically, on the key variable that will determine whether a decision brings success or failure.” It is through identification of this key variable which can lead to analytical clarity. Once you have focused on the key variable, you are in the best position to determine in which direction the variable will go.

Interestingly one of the techniques Eisenhower used to help crystalize his thinking was to write himself Memoranda. His son John Eisenhower was quoted that “throughout his life, my father put many of this thoughts on paper, partly for the information of others but even more to clarify thoughts in his own mind.” Eisenhower took the time and energy to use this creative practice for distilling his thinking throughout his military career. The historian Stephen Ambrose has said, “one of Eisenhower’s characteristics was his desire to simplify. Faced with a complex situation, he usually tried to separate it into its essentials, extract a principal point, then make that point his guiding star for decisions.” For the final decision on when to go, Eisenhower had distilled the issue down to “we must go unless there is a real and very serious deterioration in the weather.”

The meteorologist Group Captain James Martin Stagg had initially predicted clear skies for June 5. However, on the morning of June 4, he reported an incoming storm over the Irish Sea which had the “lowest barometric pressures ever recorded that century around the British Isles in June.” In other words, June 5 was going to be one very bad weather day. However, at their 9:30 p.m. meeting, Stagg had indicated he saw a break in the weather later that evening and through the day of June 6th. Further, this window would only be open for 36 hours or so, as Stagg believed stormy weather would reappear over the channel on June 7. On the morning of June 5, after a 4 AM staff meeting, Eisenhower considered his decision one more time and gave his final order Let’s go.

This process for analytical clarity can be a powerful tool for any CCO or business leader. It requires discipline and structure in your decision-making process. Indeed, it is the rigor in the process which makes it so powerful. However, Kethledge and Erwin note there is one other requirement which may be particularly prescient for the 2017 CCO or business leader, “because of its difficulty, and its glacial pace—it is best done, and perhaps only done, in solitude.

Consider the decision by a CCO about resources for a compliance initiative, particularly involving a technological change. You will begin with a large amount of often disparate information. The first step is to logically sort the information by considering such questions as the changes it will require to your current compliance infrastructure, how it will impact related systems such as IT and data governance issues, then what will be the use by or preferences of your compliance customer base; i.e. your employees. Your next step is to put together “a series of logical premises” which begins “with certain facts that are known or likely to exist.” You then proceed to “certain rules or principles” such as the initiative must be come in at a certain cost, be a date certain or under certain legal or corporate compliance standards. This process should lead to a distillation of information “which at first may seemed important, is in fact immaterial” as it does not impact the decision in either way. This allows you to focus on the key variable which will determine whether the decision “brings failure or success.”

Any CCO or business leader is going to make multiple, crucial decisions. Fortunately, they will not be as critical as the decision made by Eisenhower to go on June 6th. Yet the same skills and techniques he brought to bear can be used by you if you are faced with a decision with multiple source inputs and data. Eisenhower’s technique of memo writing and reflection are techniques you can use going forward which, at the end of the day, will make your compliance program and company stronger.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

I conclude my five-part series on the soft skills a Chief Compliance Officer (CCO) needs to employ when working through the remediation component of a potential Foreign Corrupt Practices Act (FCPA) compliance violation. I have been joined this week by Dan Chapman, well-known in the compliance community for his in-house compliance roles at Baker Hughes Inc. and his CCO roles at Parker Drilling and Cameron International. Today I will consider step five: post resolution.

If you have successfully navigated the four prongs of the Department of Justice’s (DOJ’s) 2016 FCPA Pilot Program of (1) self-disclosure; (2) extensive cooperation; (3) thorough remediation; and (4) profit disgorgement; you should have been able to make a resolution with the government. While you would certainly hope to achieve a declination with disgorgement, it may be there was a penalty assessed as well.

Whatever your result your company will, in all likelihood, be required to have ongoing reporting obligations to the government. This can be in the form of an independent monitor, retained to ensure adherence to the obligations set forth in the resolution documents, such as Deferred Prosecution Agreement (DPA), Non-Prosecution Agreement (NPA) or other forms of settlement. It can also be the company reporting to the government on its continuing remediation efforts after resolution. In this area, I want to focus on two aspects, transparency and feedback, as I believe they are inter-related and tie into the DOJ’s 2017 Evaluation of Corporate Compliance Programs (Evaluation).

In the area of transparency, this is something which should have overlaid your entire remediation effort and, indeed, your interactions with the government during the investigative phase. But this is not simply ‘opening the kimono’ to be open and honest with the government. In the post settlement phase this means having clear reporting lines for compliance. This is important so there is both accountability and action-ability. The accountability comes from know who to go to in an organization to implement and then enforce a compliance issue. In my final corporate position, that was one of the clearest requirements from our corporate monitor, demanding know who was responsible.

The corporate monitor wanted to know how compliance initiatives, monitoring and assessment were done on an ongoing basis, and he worked to assess that transparency. He made clear there should be not be any inconsistency between our company’s organizational charts, what supervisory lines would infer and what happened in practice. If there was an issue regarding the hiring of a third party, whether on the sales side or through the Supply Chain (SC), the monitor wanted to be able to go directly to the responsible person and determine if the compliance requirements had been fulfilled. He would do so via the written record and then follow up with an in-person interview. If the person interviewed had not done the appropriate compliance steps, it was immediately apparent.

This ties into the final topic noted by Chapman, feedback. When you consider the Evaluation’s emphasis on feedback through the questions it poses and the few public remarks of former DOJ Compliance Counsel Hui Chen; it is clear that not only must you ask substantive questions and obtain data, but you must use that data as well. Two of the topics found under Prong 9 of the Evaluation (Continuous Improvement, Periodic Testing and Review) are as follows: 

Control TestingHas the company reviewed and audited its compliance program in the area relating to the misconduct, including testing of relevant controls, collection and analysis of compliance data, and interviews of employees and third-parties? How are the results reported and action items tracked? What control testing has the company generally undertaken?

Evolving UpdatesHow often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries?

It is clear how important the DOJ considers this for any compliance program. For one just coming out of a FCPA enforcement action, it is even more critical.

Chapman emphasized this criticality in the post-settlement phase, noting, “you have to show that the feedback loop works by obtaining data through solid testing and taking corrective action based upon that data.” It is also critical that you actually “test your testing methods” to demonstrate that the validity of the data going into this feedback loop. Chapman noted that unfortunately “not a lot of people think about this,” but that it is critical. Chapman provided an example around the area of compliance training, stating “if you are using a questionnaire to assess the strength of training, you need to be able to show and demonstrate that your sample for gathering this data is sufficient. You simply did not ask five people about training when you’ve trained 2,000, that you did sample testing of at least, a reasonably appropriate percentage of trainees, and you need to be able to explain how you selected these trainees for their feedback and your survey methods used in developing and deploying the questionnaire.”

This type of information is clearly important when you begin your initial discussions with the government. Yet this requirement extends through the life of the enforcement action and into the post-settlement phase.  Chapman concluded by saying, “You do have to show that your input into that feedback loop has been sufficiently tested and that your data is solid.” It is not limited to training but in all areas of your compliance program, as expressed in the Evaluation.

As Chen stated, in an interview with Matt Kelly on his podcast Radical Compliance, “We wanted people to see that we put a lot of emphasis on evidence and data. Don’t just tell us that you have a hotline. Show us how you know it’s working and how you’re using the information that you gain from these hotlines. When you say you have a great compliance portal, don’t just show us screenshots of it. Show us the hit rates and how you use that data to help you refine how you communicate with your audience.” The same is true for the requirement of strong leadership by senior management and tone from the top. Chen related, “If you tell us you have a strong, talented top, show us what concrete actions your leaders have taken personally to demonstrate that. It’s not just some words that they say” but show the evidence. That is the essence of a feedback loop.

I hope that you have enjoyed this week-long exploration of some of the key soft skills needed in any compliance program remediation. There are many offerings on the technical aspects of performing an extensive remediation during a FCPA investigation, but I think this series demonstrates that the soft skills not taught in law school or business school are equally important. This is yet another reason it is critical for any company which is facing such a challenge to have top notch compliance talent in the CCO seat and compliance function. My other suggestion would be for you to get in contact with Dan Chapman.

 

Dan Chapman can be reached at jdanielchapman@gmail.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Today I continue a five-part series on the soft skills a Chief Compliance Officer (CCO) needs to employ when working through the remediation component of a potential Foreign Corrupt Practices Act (FCPA) compliance violation. I am joined in this exploration by Dan Chapman, well-known in the compliance community for his in-house compliance roles at Baker Hughes Inc. and his CCO roles at Parker Drilling and Cameron International. Today I will consider step four: when you are done?

On this point Chapman was clear, you can never be done until after you have settled. Yet even at that point, your task is not fully completed as “Enforcement officials want to see continuous improvement, then monitoring.” He went on to note, “They want to see that a compliance program developed to the point it is sustainable and that it performs sufficiently. In other words, you have all your controls in place. Your controls have been tested and retested and retested, and retested – then improved after every testing cycle. It’s about laying the correct foundation and then continuously improving.”

Obviously, your remediation will begin with benchmarking, with industry peers and others to update your compliance with new policies and procedures, perhaps a Code of Conduct update and internal controls. All of this can be handled directly by the CCO as Project Manager (PM) or using outside specialists as an additional resource. Chapman believes it would largely depend on the subject matter and on the sensitivity. There are certain things the CCO and compliance function should accomplish, and there are tasks that could be outsourced out of the compliance department. Chapman’s mantra to overlay on all of this was “keep it simple”.

Chapman provided some examples. He said, “if we needed to update our chart of accounts to make it simpler or to prevent misleading entries, I would certainly get Finance involved. It would not be appropriate to demand that Finance do it without my input, and it would not be appropriate do it myself without Finance’s involvement. It would be a combination of efforts. If I needed to develop a due diligence program for third party representatives, that would probably be driven mainly by compliance personnel. On the other hand, if I needed to implement an onboarding training module, I may design the content but I may outsource its implementation and its management to HR. It really depends on the subject matter and the risk involved.”

Moving from internal communications with stakeholders to communications with the Department of Justice (DOJ) or the Securities and Exchange Commission (SEC), Chapman noted, “it’s wise to provide an update on remediation, even if brief, at every opportunity you get to talk to the government.” Given the expectations laid out in the written guidance released in conjunction with the Pilot Program, it appears that the DOJ want very focused and robust communications around your investigation and remediation. Chapman believes that you will very rarely, if ever, be in a situation where the government is purely focused on your investigation and at some later point, purely focused on your risk assessment or remediation. He said, “I think that every time you meet with them to talk about the investigation, you also should talk about the Company’s risks and how you’re remediating them.” Chapman also said that one thing which will come up in discussion with the DOJ is “you will be asked to discuss your compliance program, as it existed prior to or at the time of the wrongdoing and then any improvements and changes you’ve made.”

So, when are you able to go to the government and tell them you are “done” and you are ready to settle? Chapman responded that it is not his experience a company informs the government it is ready to settle but “what you can do is you can give the government a green light, but it’s up to the government to decide when they want to proceed to a final resolution.” He did note he believes a company can indicate to the government that the company is not yet ready to settle, stating, “You can say, “No,” but you can’t say, “Yes.” Settlement from the government side is often driven by their perspective of what you should do and, in many cases, their current caseload.”

Another question which may arise at this point is whether the government will require the company to employ an external monitor for some period after resolution. Chapman believes, if the company has demonstrated a commitment to compliance during the pendency of both the investigation and remediation and if the FCPA violations were isolated and not systemic to the organization, there is a lower chance of a monitorship being required by the government. Some of the indicia would include the amount of time and resources the company has devoted to developing its compliance program, whether the compliance program has reached the point of testing and monitoring, and whether that testing information results in compliance program improvements.

Chapman concluded with what he called the “Number One” thing to show the government: that you can monitor yourself. You do this by demonstrating “that you have advanced your compliance program to the point that you are testing yourself, and, not only are you testing yourself, you can demonstrate to the government that you have fully implemented corrective actions based on the results of that testing. In other words, you’ve created a feedback loop that shows continuous improvement.”

The ‘when are you done’ question may be one of the trickiest as it has so many moving parts. Understandably, there will be pressure from stakeholders to achieve closure and move forward. However, you do not want to represent to the government that you are ready to settle at a point when the government still does not believe you are ready. If you do, you may well risk receiving an independent monitor.

Tomorrow I will consider issues around post-resolution in the remediation process.

 

Dan Chapman can be reached at jdanielchapman@gmail.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Today I continue a five-part series on the soft skills a Chief Compliance Officer (CCO) needs to employ when working through the remediation component of a potential Foreign Corrupt Practices Act (FCPA) compliance violation. I am joined in this exploration by Dan Chapman, well-known in the compliance community for his in-house compliance roles at Baker Hughes Inc. and his CCO roles at Parker Drilling and Cameron International. Today I will consider step three: communications with stakeholders in the execution phase of the remediation.

You need to think through the timing of your communications and what is in those communications. Communications with stakeholders have multiple functions, but two key functions are (1) to report facts on the ground so the stakeholders are not surprised and (2) “to establish your credibility and build a level of trust.” Regarding the second point, Chapman notes, “The frequency of significant progress reports will slow as the ‘quick win’ opportunities become more scarce in the longer term. Therefore, your credibility and their level of trust in your ability to make progress will become more important over time.”

If you are engaged with highly focused gatekeepers, with a high level of compliance understanding, you can start off with relatively frequent meetings. Chapman noted, in the “beginning, as you are working through some of the short-term items, I think it may make sense to have more frequent meetings, whether it’s weekly, bi-weekly or monthly.” Here you once again must be respectful of the level of focus of your Board and C-Suite executives, and your communications should always be meaningful and substantive.

However, as you begin to move into the later phases of the remediation, your rate of specific project closures may slow as you move from the short to medium and longer term projects. Your frequency of meetings should probably lessen as well. One thing you do not want to have is a meeting where you essentially have little or nothing in the way of progress to report. There may be little benefit to both you as the CCO and the stakeholders. Chapman cautioned that too frequent meetings with too little progress to report could lead to the stakeholders wondering, “Is the CCO asking the stakeholders to do the CCO’s job? Are you asking them to make the decisions of a compliance expert? I found that it’s much healthier if the day to day running of the compliance function remains with the compliance experts, and Board members should receive reports and provide general oversight. In other words, they hold the CCO accountable, at a very high level, for the compliance function and, if they see something to which they object, they should object.”

Chapman cautioned he would “be conservative” in terms of frequency of communications. You want to make certain you have enough information to support a weekly call, but the pace will probably slow as you move through your remediation as you discover new issues, and they begin to consume more of your time. This can cause your rate of change to slow due to a number of issues that you are addressing in remediation. So, if you begin with 5 issues but then they expand to 15 or 20, this will require more substantive remediation, leaving less time for communications.

Once again, Chapman believes it is critical to set expectations that your rate of communications will slow during the pendency of the remediation. If you do so, this “will give confidence to your Board because they will look at the compliance officer and say, “He saw this coming. We now know that what he tells us is going to happen in the future will happen.”” You develop that credibility by correctly predicting what will happen.

Another issue which can arise in the communications area occurs when a Board member or C-Suite executive insists that an issue is high-priority where you have assessed it as low risk. If you move to remediate what you believe is clearly a secondary issue at best, it will consume both time and resources that you believe could have been used for more high-risk and high-priority remediation items. Yet, as the CCO you are required to address their concerns. Chapman suggested a couple of approaches to employ in this situation.

The first is “to let people know of your concern as politely as possible. Don’t stop reminding people of your concern. It is important to say something along the lines of “I understand that your compliance issue is critical, but this also is inhibiting our ability to deal with our FCPA remediation efforts.”” Because this requirement will take you away from more important high-risks that you have identified, “you must make tough decisions and be highly persuasive if you feel that you may be forced to spend time or resources on a non-risk-based basis.”

Another approach would be to try and address their concerns more directly but in a manner which does not detract from your time as CCO. This could mean additional resources be placed on the topic, such as training or another solution where you might be able to bring in an outside resource to try and deal with concern in a quick and efficient manner, while not diverting you too much from your higher assessed risks. But, as Chapman noted, “Ultimately, you will be held accountable, regardless of what the reasons or the excuses may have been, because in the real-world people do not care about the excuses, they care about performance.”

The frequency of communications and their quantum can be fluid throughout the remediation process. As a CCO, you will have multiple pulls and tugs on your time and resources. You will be required to navigate through many different paths and personalities. Managing your communications will be critical for both the long-term success of your remediation efforts and your efforts to move the compliance program forward.

Tomorrow I will consider the question of ‘how do you know when you are done’ in the remediation process.

 

Dan Chapman can be reached at jdanielchapman@gmail.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017