One of the lessons we have learned from various FCPA enforcement actions over the years is how complexity in business organizations can work to defeat compliance programs. Whether a corrupt employee is working to actively hide a pot of money, which can or will be used to pay a bribe, or an improper payment slips through the cracks, complexity can work to defeat a best practices compliance program. A compliance function needs visibility into a business unit, how it does business, and where its payments are going, or else it may be due to design defects or inadvertent complexity.

Compliance is now in an era of brisk innovation and evolution. It is prone to technological change and rapid obsolescence of the lawyer-driven, spreadsheets, and word document-based compliance programs. As we advance, the compliance professional needs to understand that a “package of resilience, adaptability, coordination, and inimitability becomes more attractive than the package of efficiency, understandability, manageability, and predictability.” The key is to learn how to harness complexity on a sustainable basis.

Three key takeaways:

1. Not all complexity is bad.
2. If you cannot figure out how a foreigner does business, you have a problem.
3. Compliance is now properly seen as a business process.

For more information, check out The Compliance Handbook, 4th edition, here.