How to Introduce Change into Your FCPA Compliance Program (Without Blowing It Up)

by Thomas Fox

Thucydides or Herodotus; Herodotus or Thucydides. Which is your favorite? I admit to vacillating between the two. Thucydides wrote about the end of the Athenian dynasty from the Peloponnesian War and the debacle of the Sicilian Invasion. Herodotus wrote about the beginnings of the Golden Age of the Greek City State through the defeat of the Persian Invasion of Greece. Slogging through both is never easy but it is far and away worth the effort. One of the things that both of these ancient authors wrote about was massive change.

I recently read a book review of a couple of new volumes which looked at these authors and thought about the changes wrought when implementing or enhancing a Foreign Corrupt Practices Act (FCPA) compliance program. In making a large change, most compliance practitioners think of bringing it all to a company in one fell swoop. This is usually based on a Board of Directors or senior management directive to ‘get it done’. Sometimes this can simply be overwhelming to the compliance practitioner or information overload to the troops in the field, particularly those outside the US. However, a recent article in the MIT Sloan Management Review, entitled “How to Change an Organization Without Blowing It Up”, suggests that a different approach might be appropriate. In this article, author Karen Golden-Biddle writes that there is a middle ground between wholesale change and tentative pilot projects which could allow an organization to operate more effectively.

The author believes that “Too often, conventional approaches to organizational transformation resemble the Big Bang theory.” Further, that this “Big Bang transformation attempts often fail, fostering employee discontent and producing mediocre solutions with little lasting impact.” To overcome this she believes that “organizations can seed transformation by collectively uncovering “everyday disconnects” — the disparities between our expectations about how work is carried out and how it actually is. The discovery of such disconnects encourages people to think about how the work might be done differently.”

She suggests that there are three techniques for discovering these disconnects and turning them into a way to “seed transformation from the bottom up.” These three techniques are (1) Work Discovery; (2) Better Practices; and (3) Test Training. I will look at all three and discuss how a compliance practitioner can bring them to bear to help move a compliance program forward.

I.         Work Discovery – Examine Firsthand the Work Where It Is Actually Conducted

The author states that “instead of assuming that you know if the work process will be successful as it is designed, you should examine it firsthand, “as it is actually conducted.”” This will allow a company to “turn the (inevitable) surprises you uncover into assets.” She advises that senior management needs to actually see how the organization works to understand not only the expectations that they have set but also to uncover disconnects in the process. She cautions that this is not the same as a pilot project but rather should be viewed as part of a larger exploration of how a system might become the best that it can be. Put another way, the initial “design and rollout was always connected with the larger possibility, even though the possibility was in the process of becoming defined.”

For the compliance practitioner, this examination ‘in the field’ allows you to find the  disconnect in the proposed compliance program or changes to facilitate the reconsideration of expectations in the program or understanding of how the program is designed to be conducted, but further allows you to  entertain new possibilities  of how to make the program work better. Compliance professionals can talk through the proposed changes to generate insights and possibilities for change and help company employees understand what the program changes will be and how the compliance program will work in their day-to-day operations.

II.       Better Practices – Instead of Adopting the Best Practices of Others, Screen Your Work Through Those Best Practices in Order to Generate New Ideas

Often times, particularly in the compliance arena, companies will simply review and determine the best compliance practices and then adopt them into their organization. This approach was certainly not suggested by the recently released Department of Justice (DOJ) and Securities and Exchange Commission (SEC) FCPA Guidance, where it stated “When it comes to compliance there is no one-size-fits-all program.” This sentiment was echoed by Golden-Biddle when she recommended that a company should not simply adopt another organization’s best practices, but instead should screen the way work gets done in your company and use those other’s best practices in order to generate new ideas. “In other words, use best practices to generate even better practices.”

However other companies’ best practices can be more effectively used as a discovery technique, enabling people to go beyond replication and discover new methods for meaningful change. The author opines that by studying other companies’ best practices as a discovery technique this will allow employees to compare their expectations of how a new system or program will work as it is currently constituted with what might be offered by the best practice. Further, “this discovery tool imports the unfamiliar in the form of others’ best practices and pairs them with the familiar. Exploring this pairing enables people to move beyond their expectations and tease out new possibilities that are suggested by best practices elsewhere. Overlaying your current practices with someone else’s best practices in this way generates better practices — better than best because they are relevant in highly specific ways to your organization’s work.”

Ways that a compliance practitioner might do this is to ask the following questions. First, what would you do differently as a result of the new compliance practice and what might you wish to incorporate into the company’s compliance practices? Next, is there anything in the new compliance policy that was not included that you believe should have been or are there any issues in the new policy which you did not know how to address when using the new policy?

III.     Test Training – Use Training to Experiment With Emergent Possibilities for the Way Work Will Be Done

This part may be the most intriguing and useful as the author advocates that you can use training to develop new possibilities so that “Instead of locking down standard operating procedures during training, experiment with other, potentially better possibilities for changing the way the work will get done.” Training typically comes at the end of a policy/program revamp or enhancement. However, the use of the phrase “test training” means something different than the usual corporate training. She says that it allows a company to uncover the “disconnects between people’s expectations for how proposed solutions might operate and the actual experience of the solution in experimental settings such as training or trials. This enables people to see and come to understand what they don’t know about the solution as well as to continue to shape it for implementation, often in significant ways.”

This type of testing would allow the compliance practitioner to obtain insights from those in the field on not only what does not work but also what might work better. Consider training on a third party management program. You would usually walk the designated training group through all of the steps your policy would entail. But those in the training test group might suggest new, other or different information that might be relevant to evaluate a third party in the context of compliance. But also such “test training” provides an opportunity to find out what is not being discovered through the third party investigation process and provide the opportunity to suggest a new solution.

Golden-Biddle ends her article with five points that she believes Discovery Techniques can bring to an organization. They are:

  1. Achieve the benefits of transformation without risking wholesale disruption of operations.
  2. Build a culture of continuous improvement that is embraced by leadership and employees throughout the organization.
  3. Avoid the often exorbitant costs of Big Bang transformation associated with wholesale replacement of employees.
  4. Leverage existing employee knowledge and experience for transformation.
  5. Cultivate collective, not just individual, capacity in surfacing disconnects and generating new insights and ideas that seed transformation.

To her list I would add one more but I might put it as Number 1 on the list. It is that you bring your employees into the process. By listening to them and incorporating their ideas on what works and what does work, they not only become invested in the final compliance product but they feel like you care about what they think. That may be the biggest reason to take up some of Golden-Biddle’s Discovery Techniques.

If you want to look at how change blew things up, pick up a copy of Herodotus or Thucydides and settle down for a long winter’s read.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.