I have a pet peeve. Over my 35 year career I’ve seen some brilliant decisions and I’ve seen some, well, not so brilliant ones. Human nature sometimes tempts us to do the bare minimum to get by. In other words, good enough is good enough.
So what’s my pet peeve? I have done a great deal of work in corporate compliance. Specifically, I worked on a number of Foreign Corrupt Practices Act (“FCPA”) engagements. One common theme that I often see in FCPA compliance is a very detailed checklist of things that need to be accomplished, evidenced and safeguarded. I’ve seen worldwide deployment of vendor vetting processes, worldwide training of the new corporate compliance policy and I’ve seen worldwide distribution of compliance certifications. There are reams of paperwork documenting compliance with policies and procedures related to the FCPA. The general attitude is, “If all the boxes are checked we must be in compliance”. My pet peeve is, we should be in compliance not because we need to check off all the boxes. Rather, we should be in compliance to position our company to be safe and secure, with integrity and trust.
It’s all in the attitude.
I would venture to bet that many companies are “in compliance” but have serious internal control or reporting issues.
A Little Backstory
I once met with a group of very experienced FCPA attorneys. Because I believe in Benjamin Franklin’s theory that, “an ounce of prevention is worth more than a pound of cure”, I tried to convince these attorneys that we could help their clients prevent FCPA violations through preventative techniques and controls. The concept is simple, identify likely methods that bribes could take place and install preventative controls to identify FCPA violations BEFORE they occur, so that there was a chance to prevent a bribe from occurring.
To my surprise, the unified consensus of the attorneys was that preventative investigations were very dangerous. They explained to me that if through our investigative process reviews we determined that there was not only potential for, but evidence that something inappropriate had taken place, that they would be forced to act upon it. This is the last thing they wanted to do. Identifying such transactions would be expensive and time-consuming. They left me with the belief that they wanted to just “not know.”
This concept of blissful ignorance just seems contrary to sound ethical behavior. In my view, management should understand their business risks, evaluate them, and perform measures to improve them on an ongoing basis. Should evidence of an inappropriate payment be identified, it should be investigated and controls implemented to prevent it from happening again. Pretending that it didn’t happen is not just counterproductive, it’s wrong.
I am not an attorney and I don’t pretend to understand the intricacies of the law as the attorneys certainly do. However, in this situation, it seems that compliance for the sake of compliance is more important than doing the right thing. Could it be that the penalties or costs of identifying these inappropriate payments are so steep that companies cannot survive if they investigated them? If this is true, regulation should be addressed that encourages active monitoring and corrective action, not the opposite.
As I grow older and watch how our social norms and culture have changed over the years, I sense that it’s becoming more and more tolerated to be less than honest. There are too many examples of corporate misconduct. Our politicians are mistrusted, often for good reason. And how do we, as a society, react to these episodes of misconduct? We bailout corporate America with tax dollars and we look the other way when our elected officials say one thing, and do another.
You can delegate authority, but you cannot delegate responsibility.
We need to be less tolerant. We, as a society and as individuals, should hold people accountable for that which they are responsible. We need to reward the behavior that makes us a better society or better corporate citizen, and penalize those that choose to defy ethics, or simply look the other way. We should enforce compliance with FCPA regulations, not because the law tells us to, but because ethical behavior, and thus FCPA compliance, is our true license to do business.
I recognize that it is not always simple to comply with the mandates of the FCPA. For this reason, I have prepared a simple guide to help you spot some of the more obvious ‘Red Flags’ to watch out for when diagnosing potential FCPA violations.
Sam H. Carr is the Managing Partner of Carrtegra, LLC. Sam has over 30 years of experience in accounting, auditing, financial management and consulting. Sam has focused much of his career on process improvement and redesign. Sam holds an MBA and is a CPA, CIA, CISA and a Certified Compliance and Ethics Professional (CCEP). Sam is a finance and operations executive with broad-based experience that includes 12 years as a CFO or Chief Accounting Officer in both public corporations and private entities, and fourteen years with an international public accounting firm. Sam orchestrated an Initial Public Offering of a consolidation of dental practices throughout the United States. In addition to his IPO experience, he owns a powerful track record of demonstrated skills in a wide range of business environments including designing financing, mergers and acquisitions and growth companies. Sam has been the Chief Executive of a management consulting firm for the most recent 10 years. Sam’s focus has been substantially on quality of services and valued solutions as well as client and employee retention.