Categories
The Corruption Files

Episode 13: Avon China Bribes

When beauty company Avon Products Inc. was charged in 2014 with violating the Foreign Corrupt Practices Act (FCPA) due to failure to detect and prevent bribery acts happening in China, they settled for ten times more than the cost they paid for in “gifts.”

Today, the FCPA investigation and enforcement action still stand as one of the most interesting cases for companies and compliance professionals to learn much from.

Tune in to this new episode of The Corruption Files — The Avon China Bribes with Tom Fox and Michael DeBernardis.

Key points discussed in the episode:

  1. Tom Fox shares the background facts on such an “insane case,” with the investigation almost as interesting and important as the resolution.  
  2. Michael DeBernardis states that Avon China Bribes the grandfather case for a couple of other similar FCPA cases. 
  3. The internal audit department identified this issue of paying gifts and recommended FCPA training for the team, which did not push through due to the lack of budget.
  4. In-fighting or territoriality is not surprisingly uncommon at big companies, leading to compliance and corruption problems. 
  5. Tom cites how in 2012, the government became so frustrated with Avon that they started issuing grand jury subpoenas for individuals. 
  6. A key part of the corporate process is to have systems that talk to each other. And if you don’t, the costs can be astronomical. 
  7. Avon’s $8 million in bribes led to $500 million in pre-settlement costs, $135 million in settlement costs, and $250 million in post-settlement resolutions.  
  8. Tom reminds companies that if there’s a potentially high reward, it generally means there’s a high risk.
  9. Michael emphasizes that Compliance budgets can be tight, but skipping small training can catch up with you in the long run. 

—————————————————————————-

Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.

Categories
Innovation in Compliance

The Agile Audit with Toby DeRoche

Tom Fox’s guest on this week’s show is Toby DeRoche, a professional auditor and Senior Manager of Risk Management at Verizon. He and Tom talk about the importance of risk assessment and how it has changed in recent years. 

Agile Audit

Agile Audit is simply auditing the things that matter at the current moment. It’s an iterative approach, going through the entire audit lifecycle and compressing it down to the essentials. “We’re saying, so here’s everything that I could audit, but here’s what’s most important to the organization today,” Toby tells Tom. “It’s this continual cycle… giving you the answers to what’s the most burning question you have related to risk and control in your organization today.” 

 

Focus on The Highest Risk

If an audit plan isn’t focused on relevant issues, or the highest risk, no one is going to care how well the auditing plan was executed. Focusing on low-risk issues wastes everyone’s time. “We should be focusing on the things that are the highest risk and only those things,” Toby says. If internal auditors aren’t focused on management support, strategic objectives, and challenges, then they aren’t doing their jobs. 

 

Communicating Vs Reporting

Tom asks Toby to differentiate between communicating and reporting results as an internal auditor. Giving reports is not communication, he responds; it’s just regurgitating facts. “A much more effective way of getting the information across is to make it more digestible,” Toby remarks, because it’s much more impactful, and people can more easily grasp what you’re trying to say. 

 

Looking Ahead

Companies in the future will have no choice but to use the concepts of risk assessment, continuous improvement, and continuous risk assessment. Auditing must be part of the company’s objectives. “Anything that we’re doing that’s not focused on what matters to management and the highest risk to them achieving their goals right now, then we’re completely missing the picture,” Toby stresses. 

 

Resources

Toby DeRoche | LinkedIn  

Only Audit What Matters 

Categories
Daily Compliance News

November 29, 2022 the Light of Day Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you four compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Stories we are following in today’s edition of Daily Compliance News:

  • Meta was fined $276MM for data-scraping. (WSJ)
  • Will the Supreme Court gut corruption laws? (Reuters)
  • Auditors nervous edition. (FT)
  • Does the SEC whistleblower program need greater transparency? (Bloomberg)
Categories
Blog

Compliance and Corporate Principles in Today’s World

For corporations, navigating the political landscape has become an increasingly difficult task. While being admonished to ‘stay in their lane’ by some; businesses are just like their stakeholders, impacted by the ever-changing political miasma. When this new reality is coupled with the new levels of transparency in companies, which are only amplified by social media, a company can find itself embroiled in very public controversies with one or more stakeholder groups. As these situations occur, Chief Compliance Officers (CCOs) and compliance professionals will be called upon to help companies navigate this fraught process.

I was therefore intrigued by a recent Harvard Business Review (HBR) article, entitled Strategy in a Hyperpolitical World, where authors Roger L. Martin and Martin Reeves opined on how companies can make smart choices when values clash. Some recent examples the authors pointed to included “when Delta stopped offering discounts to NRA members following a 2018 school massacre in Florida, it was threatened with the withdrawal of fuel subsidies in Georgia. When Disney spoke up on LGBTQ+ rights in Florida, it lost its special governance status and rights in the state. When H&M voiced concerns about cotton sourcing and human rights in China, its revenues in that country plummeted. When the Ukraine crisis broke, McDonald’s was forced to exit the business it had painstakingly built in Russia over a 30-year period.”

This change for corporations has been percolating for some time. As with many changes over the past few years, this politicizing of corporations accelerated during Covid-19 and the Russian invasion of Ukraine. In addition to the increased amplification through social media noted above, the authors believe, “the workplace has become the main vehicle for socialization and self-expression. As employees seek to express their identities and beliefs at work, they increasingly expect that their companies will support the issues they care about.” Companies have for years wanted this type of commitment and engagement with its employees but with all these changes, new risks are presented. Moreover, “many CEOs who have taken a stance on social issues say the impetus was that their employees expected and lobbied for it.” In other words, as the authors believe, the corporate playing field has expanded beyond simply justifying strategic decisions in purely business terms.

How can compliance help a company navigate through all of this? The authors state, “To make and implement the best strategic choices in this environment, leaders will have to (1) develop robust principles to guide strategic choices, (2) address ethical issues early, (3) consistently communicate and implement their choices, (4) engage beyond the industry to shape the context, and (5) learn from mistakes to make better choices in the future.” This is a process that can be facilitated by the corporate compliance function, and I have adapted the authors process for compliance.

Develop Robust Principles

The authors believe the “first step is understanding the salient social and political issues for your company. The second step is envisioning where and how those issues might intersect with your business and the choices that they imply. The third step is hearing and understanding the opinions of your employees on those issues—because, as we’ve noted, they are often the reason that companies take a position on political issues.” They caution the principles must be broad enough “to apply across the major sources of political tension to which a company is likely to be exposed” and they should be clear. Finally, they should be easily audited.

Address Ethical Issues Early

Admittedly, “anticipating and shaping ethical challenges requires a delicate balancing act” but companies are now required to be more nimble and more agile. The authors note, “Individual companies may be able to move earlier and with greater control, but eventually complex issues may necessitate collective action, often initiated by a market leader.” An organization should assess where and how it should operate as well as its “need to anticipate, preempt, and shape nascent ethical challenges. That may require a high degree of creative problem-solving, but it often garners outsize public goodwill and strategic advantages for early movers. Once an issue has become front-page news, political camps will be entrenched, and the company’s room for maneuver will be limited.” This was seen most strikingly in the wake of the Russian invasion of Ukraine where companies were presented with a stark choice from their employees and other stakeholders; support Democracy or suffer the impacts of being pro-Putin. Companies who quickly responded were also in a much better position when the inevitable economic and trade sanctions began to be levied.

Consistently Communicate and Implement Choices

It is critical that principles should “be communicated to and understood by all employees. Because they will influence the expectations of stakeholders outside the company, they should also be publicly transparent.” As the Fair Process Doctrine implies, “Principles are credible only if they are consistently applied.” The authors interpret this to mean “they must be part of the everyday making of business decisions, not simply called up in response to pressure after a situation has exploded.” But just as senior leaders must not simply “Talk the Talk but Walk the Walk”, principles which only “inform communications but not action will not be credible over time or effective in navigating risk.” A CCO should use its company’s principles to “engage with and solve issues preemptively and collaboratively whenever possible. A company standing against corruption will have a greater impact if it works with other stakeholders to address that issue and improve the context—even if, at the end of the day, a decision about whether to stay in the business in question or exit it is required.”

Engage Beyond the Industry

If there has been one change around principles, it has been that some issues are larger than any one company can impact. Some issues are beyond even an entire industry and businesses “need to work with civil society and government on the hardest and most deeply entrenched issues to effect change.” Failing to do so can lead to “accepting the unpredictability of an endless series of ad hoc responses or having regulation forced on the industry owing to insufficient impact from their own efforts. And there are important new issues around which to build consensus.”  Perhaps the clearest example of this is human trafficking and human slavery in the business context and the passage of the Uyghur Forced Labor Prevention Act (UFLPA). This legislation sailed through the US Congress, almost unanimously, as many corporations had taken stands on the abuse of such persons who were potentially embedded somewhere in their supply chain. This type of public/private collaboration is now seen in many other areas such as trade and economic sanctions in the wake of the Russian invasion of Ukraine and the fight against money laundering.

Continuous Improvement

Your business will not always get everything right. Indeed, a compliance program is designed to prevent, detect and remediate. This means fix problems as they are detected. I was therefore gratified when the authors cited to Siemens AG for such an example, in the wake of their massive corruption scandal involving Foreign Corrupt Practices Act (FCPA) violations. The authors noted, “Siemens began by cleaning house: It hired the company’s first-ever external CEO, Peter Löscher, who, within months of taking over, had replaced about 80% of the top level of executives, 70% of the next level down, and 40% of the level below that. Next, it made earnest and long-term commitments to atone for its past actions: It has supported government investigations and set up the global Siemens Integrity Initiative to fund collective action to reduce corruption, which has allowed the company to continue to bid for government contracts.”

If you work through these steps, you should be able to prepare your organization for the next major shock.