Earlier this week, Donald R. Keough died. He was the leader of Coca-Cola, who pressed for and introduced the infamous New Coke to the world in 1985 and then the return of the original formula just 10 weeks later. Since I was not alive during the Ford Motor Company introduction of the Edsel, I have to rate New Coke as the biggest product failure of all-time. As reported in his obituary in the New York Times (NYT), “When the company introduced New Coke, using a sweeter formula that many consumers said they preferred to the original and to Coke’s longtime rival Pepsi-Cola, it knew it was taking a risk. But the reaction was far more intense than Coke had anticipated. At the news conference when the reversal was announced, Keough said “All of the time and money and skill that we poured into consumer research could not reveal the depth of feeling for the original taste of Coca-Cola.”” Amen.
I have been writing about the economic downturn in the energy space and how it might impact compliance functions. As with economic cycles, corporate response to them is cyclical. Here in Houston we are in the panic phase of ‘we have to cut employees and expenditures now’ but (hopefully) within the next couple of quarters, companies will stop their collective over-reaction and budgets will loosen up to rise to some sort of equilibrium. For the Chief Compliance Officer (CCO) or compliance practitioner who has gone through the doing less with less phase, it may become the time that you have additional resources and some money to spend.
This might be the time that you consider a technological solution to help manage your Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program going forward. It may be that if you can spend between $50-$100K on such a solution, you can come out running a more effective program, yet ultimately spending less money because you do not have to replace the employees who were laid off during your company’s initial response to the downturn. What are some to the areas that a technological solution will work for you most efficiently?
A. Third Party Management
Ranked as the highest FCPA risk is generally third party management, at least on the sales side. This is a process that can be automated both through the onboarding process, due diligence, contracting and management of the relationship after the contract is signed. While nothing will ever take the place of a well-trained compliance practitioner reviewing and evaluating due diligence, if you can automate the document obtaining and retention process coupled with the back end relationship management you can significantly cut your costs going forward. Moreover, this process will help you in the Document, Document, and Document function of any best practices compliance program.
B. Internal Controls
Here there is no better example than our friends from GlaxoSmithKline PLC (GSK) to demonstrate not only the failure of internal controls but also how a technological solution can assist your compliance going forward. The company got into hot water in China through two prime methods of paying bribes in China: the direct incentives and indirect incentives method. They paid out enormous sums in sales expenses, including travel costs and fees for sales meetings, marketing business development and other expenses. Most of the largest expenses were travel costs or meeting fees and the expenses of the companies’ sales teams were, in every case, several multiples of the net profits each company earned the prior year. A simple automated internal control requiring a second set of eyes on such expense would go a long way to preventing or detecting fraud, in the form of bribery and corruption against the company.
Additionally it would be reasonable to expect that internal controls over gifts would be designed to ensure that all gifts satisfy the required criteria, as defined and interpreted in Company policies. It should fall to a compliance officer, by putting a second set of eyes on any such requests to finalize (read prevent) and approve a definition of permissible and non-permissible gifts, travel and entertainment and internal controls will follow on from such definition or criteria set by the company. Further, by automating this process, you also have a fallback protection on the detect prong.
C. Ongoing Monitoring
Saving the best and most important for last, a final technological solution is around monitoring. Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region, or market sector during a particular timeframe in order to uncover and/or evaluate certain risks.
Here I want to focus on two technological solutions of ongoing monitoring which can help you to manage your FCPA compliance risks more effectively. The first is relationship monitoring. In the GSK matter, internal company emails showed the company’s sales staff in China were instructed by local managers to use their personal email addresses to discuss marketing strategies related to Botox. Relationship software imports and analyzes communications data, like email, IM, telephony and SMTP log files from systems such as Microsoft Exchange Servers and Lotus Notes. The software then leverages social network analysis and behavioral science algorithms to analyze this communications data. These interactions are used to uncover and display the networks that exist within companies and between the employees of companies. Additionally, relationships between employees and external parties such as private webmail users, competitors and other parties can be uncovered.
The second type of monitoring is transaction monitoring. Generally speaking, transaction monitoring involves review of large amounts of data. The analysis can be compared against an established norm which is derived either against a businesses’ own standard or an accepted industry standard. If a payment, distribution or other financial payment made is outside an established norm, thus creating a red flag that can be tagged for further investigation.
In every crisis is an opportunity to learn. Even in an economic downturn, you can learn to do things smarter and more efficiently even if it is because you are forced to do so. As I discussed yesterday, you may have to learn to do less with less but after this initial radical downsizing, if you can demonstrate greater efficiency and a longer cost effectiveness in using a technological solution to your compliance program, that may be exactly the message that not only your senior management may want to hear but will respond favorably to and provide some funding. But you have to do your homework and be able to demonstrate value going forward. In other words, do not be like the Coca-Cola Company who pulled one of the most bone-headed marketing ploys of all-time by trying to change their most successful product.
