One of the lessons we have learned from various FCPA enforcement actions over the years is how complexity in business organizations can work to defeat compliance programs. Whether a corrupt employee is working to actively hide a pot of money, which can or will be used to pay a bribe, or an improper payment slips through the cracks; complexity can work to defeat a best practices compliance program. If a compliance function does not have visibility into a business unit, how it does business and where its payments are going; it may be due to design defect or inadvertent complexity.

Compliance is now in an era of brisk innovation and evolution. It is prone to technological change and rapid obsolescence of the lawyer-driven, spreadsheets and word document-based compliance programs. Going forward the compliance professional needs to understand that a “package of resilience, adaptability, coordination, and inimitability becomes more attractive than the package of efficiency, understandability, manageability, and predictability.” The key is to learn how to harness complexity on a sustainable basis.

Three key takeaways:

  1. Not all complexity is bad.
  2. If you cannot figure out how a foreign does business you have a problem.
  3. Compliance is now properly seen as a business process.