Expanding Your Compliance Decision-Making Tool Kit

by Thomas Fox

7K0A0223There can be a variety of reasons why bad decisions get made in the corporate world. Last week I wrote about psychopaths in the C-Suite and Boardroom. Today I want to look at some less flamboyant, more mundane ways that a company might get into compliance hot water through poor decision making. In an article in the November issue of the Harvard Business Review, entitled Deciding How to Decide, authors Hugh Courtney, Dan Lovallo and Carmina Clarke reviewed how senior decision makers in a company might go about strategic decision making. One of the areas that they explored was how systemic roadblocks might get in the way of making a valid decision.

I found their discussion very interesting from the compliance perspective. The FCPA Guidance emphasized the need for companies to have a robust pre-acquisition due diligence process, in addition to a vigorous post-acquisition integration. The FCPA Guidance stated, “In the context of the FCPA, mergers and acquisitions present both risks and opportunities. A company that does not perform adequate FCPA due diligence prior to a merger or acquisition may face both legal and business risks. Perhaps most commonly, inadequate due diligence can allow a course of bribery to continue—with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability.” But what are some of the biases which might prevent a company from making a good strategic decision even with adequate pre-acquisition due diligence. The authors set out five which I will explore in more detail.

When You Don’t Know What You Don’t Know

Under this bias, the authors believe that the decision maker’s ability to make accurate decisions is in large part based on “being able to accurately determine the level of ambiguity and uncertainty they face.” Unfortunately, just as compliance programs have to deal with humans and human fallibilities, strategic decision makers are subject to both “cognitive limitations and behavioral biases.” The authors note that “executives don’t know what they don’t know, but are happy to assume that they do.” It is this overconfidence in the ability to forecast uncertain outcomes that will lead to unwarranted confirmation of incorrect hypotheses.

Cognitive Bias Creep

Here the authors note that every corporation has biases and these biases can creep into any significant strategic decision. The key is that they manage these biases going forward so that they do not prevent an accurate decision from even having the chance of being made. The authors believe that this can be helped “if, when a strategic decision is being considered, managers choose their decision-making approach in a systematic, transparent, public manner during their judgments which can be evaluated by peers.” This concept is well established in any best practices compliance program through an oversight committee or other similar structure proving review of the compliance function. It is through these techniques that key players “are less likely to assume that their decisions are straightforward or even intuitive.” The authors conclude this section by stating that, “This is especially important when a relatively new or unique strategic investment is under consideration.”

Organizational Process Gets In the Way

I try to be a process guy and to be process oriented. I tend to believe that if you have a robust process in place, it can help you to greatly reduce, ameliorate or manage your compliance risks. The authors believe this as well but feel there are times when the organizational process of a company can get in the way of making a strategic decision. Fortunately many of the techniques to overcome this problem are relatively straight-forward. Although not phrased in this manner, one is the concept of segregation of duties (SODs). In other words, do not have the people who will benefit from a favorable analysis be the only group or discipline within the company to review a decision or even its underlying facts. The authors answer is to have some “commonsense protocols” which allow for an independent eye on things.

Reliance on a Single Tool

One of the areas that the authors maintain throughout their article is the criticism by decision makers on a single analytical tool. They believe that most corporate decision makers rely solely on “conventional capital-budgeting techniques.” They argue that it is most often more useful for decision makers to supplement this basic tool. They articulate that decision makers use other sources of insight. They are particularly critical of only looked to so-called ‘expert opinions’ and suggest that a company seek a wider group of opinions, even within the employee base of their own company. Another technique is to seek out persons in different disciplines simply because they will bring a different underlying analysis and perspective. The authors end this section by stating, “A robust analysis of analogous situations forces decision makers to look at their particular situation more objectively and tends to uncover any wishful thinking built into their return expectations.”

The Option to Delay

The final bias the authors address is the option that is often overlooked – the option to wait or as the authors put it “Deciding when to decide is often as important as deciding how to decide.” If you have ever been on a large project evaluating a merger or acquisition target or other business opportunity, you know that things can take on a momentum of their own. The authors call this “learning-based, iterative experimentation.” This is not a situation of sometimes the best deals are the ones you do not sign on to but deciding to use other tools or techniques to evaluate the timing of your decision making process. This can not only keep you from doing deals that may not make any sense but allow for a more well-rounded decision making process.

The clear message of the authors’ piece is that you should use a wider variety of tools available to you. The FCPA Guidance gives you some of the things that the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) think are important. In addition to the use of transaction, third party and relationship monitoring, I would suggest that you add some or all of the following tools to your toolkit.

  • Review high risk geographical areas where your company and the target do business. If there is overlap, seek out your own sales and operational people and ask them what compliance issues are prevalent in those areas. If there are compliance issues that your company faces, then the target probably faces them as well.
  • Obtain from the target a detailed list of sales going back 3-5 years, broken out by country. If you can obtain a further breakdown by product or services get that as well. You do not need to investigate de minimis sales amounts but focus your Foreign Corrupt Practices Act (FCPA) due diligence inquiry on high sales volumes in high risk countries.
  • If the target uses a sales model of third parties, obtain a complete list, including joint ventures (JVs). It should be broken out by country and the amount of commission paid. Review all underlying due diligence on these foreign business representatives, their contracts and how they were managed after the contract was executed. But your focus should be on large commissions in high risk countries.
  • You will need to speak to the target company personnel who are responsible for its compliance program to garner a full understanding of how they view their compliance program.
  • You will need to review the travel and entertainment records of the target’s top sales personnel in high risk countries. You should retain a forensic auditing firm to assist you with this effort. Use the resources of your own company personnel to find out what is reasonable for travel and entertainment in the same high risk countries which your company does business.
  • While always an issue fraught with numerous considerations, there may be others in the mergers and acquisition (M&A) context, such as any statutory obligations to disclose violations of any anti-bribery or anti-corruption laws in the jurisdiction(s) in question; what effect will disclosure have on the target’s value or the purchase price that your company is willing to offer.
  • While you are performing the FCPA due diligence, you should also review issues for anti-money laundering (AML) and export control issues.

The moral of this story to use a wide variety of tools and resources when evaluating a strategic decision; whether it is compliance based or business based. Do not get caught in myopic thinking or analysis.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.