By Richard Bistrong – Richard is a FCPA Blogger & former FBI/UK Cooperator
When Ethical Boardroom invited me to write this article, I started thinking about issues that go beyond the ‘bolt-on’ model of anti-bribery compliance.
For, as Alison Taylor, director of energy and extractives at BSR (Business for Social Responsibility), stated in her 2014 Forbes article Compliance and Risk: Clearing the Org Chart Hurdle 2014: “The traditional preventative approach to risk management is proving inadequate in the face of regulatory complexity, volatility and an environment of constant change, but what should replace it is not yet clear.”
As I eye my social media feeds, I see a stream of articles that provides a continuous repacking of enforcement actions, discussion about whom compliance should report to and much about ‘tone from the top’. Speaking of which, on the top or perhaps bottom of my anti-bribery reading list is a 42-page analysis of the recent Alstom Foreign Corrupt Practices Act (FCPA) settlement. Which is longer, I wonder, the analysis of the settlement or the settlement?
I concur with what attorney Mike Volkov said in a January 2015 post on his Corruption, Crime and Compliance blog: “Most of what I read in the ethics, compliance or governance space is not helpful. It is filled with platitudes, general principles and no real world application. That is a real deficiency in this important time in compliance.”
Indeed, those papers and updates do nothing to help those in the field and those who are tasked with helping them manage corruption risk.
As Dr Roger Miles, behavioural risk lead at Thomson Reuters, wrote in a 2013 white paper Risk Culture and Conduct Control: Time for a More Enlightened Approach: “Shouldn’t the designers of financial controls spend some time looking at the dark side? Instead of regulating by defining and enforcing some formulated version of normal behaviour, a better approach for supervisors seeking to regulate conduct might be to identify the pathologies of ‘bad behaviour’. What are the warning signs and leading indicators? Can these be found in financial reports? (Hint: No, they cannot). Where do we need to look?”
I think we need to look beyond FCPA to gain a significantly greater understanding of corruption. We need to address its drivers, its implications and its consequences to reach substantially beyond rules and procedures that may be viewed at the field level as nothing but a set of workarounds.
Why bother? If we can get beyond a relentless focus on satisfying the letter of FCPA to understand the behaviours and forces that facilitate overseas bribery, we can strive to create a practical set of tools and measures to help those who face corruption on the frontlines of international business and those who help them manage corruption risk.
OECD Foreign Bribery Report
A good place to start is by reading the Organisation for Economic Co-operation and Development (OECD) Foreign Bribery Report. Those of you who sit on risk, audit and compliance committees should take notice. As the report states in the introduction: “Corporate leadership is involved, or at least aware, of the practice of foreign bribery in most cases, rebutting perceptions of bribery as the act of rogue employees.”
While the details are well-defined among the 17 countries and 437 enforcement cases used in the analysis, the fact that in 41 per cent of cases, management-level employees paid or authorised the bribe is a disturbing statistic that should not be ignored.
If we analyse this data and combine it with useful reports on corruption and corporate fraud from organisations such as Control Risks and EY, we find in each instance an arrow pointing to management conduct that is either participatory (at worst) or wilfully blind (at best) when it comes to organisational behaviour regarding corruption and bribery. Given these findings, how are those at the frontlines supposed to respond when ethics, standards and reputational concern that should emanate from the C-Suite are potentially dysfunctional? While we don’t want to overdraw conclusions from a limited data set, concern is warranted.
“Unwind growth forecasts and incentive plans and start at ground zero to see how both align or conflict with the messages and programmes of anti-bribery compliance”
The 13th EY fraud survey Overcoming Compliance Fatigue points to a “persistent minority of executives (that) appears willing to justify unethical behaviour”. The 12th EY survey Growing Beyond: A Place for Integrity points to 15 per cent of CFO respondents as “willing to make cash payments to win business”. In addition, the 12th survey found that a greater proportion of executives, including CFOs, “expressed an increased willingness to misstate financial performance”. As to foreign corruption, more specifically “44 per cent of respondents report that background checks (on third parties) were not being performed”. Finally, as to training, only 46 per cent of all CFOs attended anti-bribery and compliance training. Is anyone worried yet?
Together with a downturn in commodity prices that’s unlikely to bring out the best in business practices as competition increases for the same business at less revenue, we face a potential perfect storm of misbehaviour. As Control Risks stated in its paper International Business Attitudes Towards Corruption: “These days many companies are good at talking about principles. Not all of them are able to demonstrate that they put principles into practice.”
Add to this dynamic the aggressive growth forecasts in high-risk (low-integrity) markets, often linked to lucrative incentive packages. Boards and C-Suites may comfortably respond to surveys as they leave it to those on the frontlines of international business to ponder the zero-sum game of complying with anti-bribery standards while attempting to satisfy growth forecasts. In this light, no amount of reading on enforcement actions, fines, deferred prosecution agreements or arrests will sweep you beyond FCPA to where you can meaningfully address the relevant organisational issues.
Where do you start? From my perspective, unwind the growth forecasts and incentives plans and start at ground zero to see how both align – or conflict – with the messages and programmes of anti-bribery compliance. Ask if the spoken rules of compliance and the unspoken rules of ‘how we do things around here’ all carry the same message: ‘We don’t bribe’.
The risks presented by the FCPA cut across every part of a multinational company’s business model. Tackling corruption risk requires clear-eyed consideration as to whether an organisation’s strategic goals are realistic in high-risk markets. It requires leadership that provides meaningful oversight and models ethical behaviour. It requires incentive systems that reward creative approaches to combating bribery, instead of rewarding those who meet unattainable goals by any means necessary. It requires a fundamental acceptance of values and norms that embrace transparency, along with an understanding of the wider social consequences of corporate actions.
The realities of power and implicit messaging mean that the forces of compliance cannot control a company’s corruption risk in the face of contradictory messaging from a leadership team that clings to plausible deniability. The organisation’s entire culture must be shifted to meaningfully address the FCPA. This requires transformational change.
For a clear analogy, consider the financial services industry, whose quantitative-risk models and pervasive compliance processes did little to check bankers’ pathological risk-taking behaviour. Compliance systems can always be gamed. Corruption is varied and nuanced. It involves humans making decisions in real time, often under significant pressure. No mere process can solve a problem rooted in social norms and how groups behave in organisations.
The social cocoon of crime
Going beyond FCPA must also address the consequences and implications of bribery upon society, governance and security. While we hear very little of this within the compliance community per se, I am grateful to the non-governmental organisations (NGOs) and thought leaders who have raised this issue and who are now amplifying the message to the business community. Corrupt businesses tend to underplay the effects of their behaviour; such euphemisms for bribery as the need to ‘grease a few wheels’ and the argument that there‘s no other option in certain markets all speak to this.
It’s becoming harder and harder to downplay the caustic effects of corruption as observers credibly link it to an increased risk of terrorism and civil war and expose it as a driver of poverty and inequality. A company cannot view its approach to corruption as separate from its broader contract with the societies in which it operates.
Campaigners are also focused on a new phase of individual accountability that has profound implications for companies. The strategic shifts of Transparency International (TI), the sector’s leading NGO, over the last few years accurately reflect the new environment for corruption risk. With its Unmask the Corrupt campaign, TI has broadened its mission from thought leadership and commentary to tackling the sensitive and difficult issue of holding corrupt individuals accountable. This moves the NGO right onto the frontline of anti-corruption. It will put companies’ relationships with politically exposed people under more scrutiny than ever.
Asking James Cohen, an Ottawa-based consultant who has written and worked on the links among international development, governance and security, about frontline corruption’s impact, he notes: “There’s a mentality of ‘you gotta do it’ to win, but really it’s OK because who does it hurt? The link between corruption and human rights violations are not often discussed, notably because there’s still a desire to see corruption as potentially beneficial, but they’re there. It’s uncomfortable to think about an expat just trying to get a job done, but by bribing that cop or even a bureaucrat who issues licenses, it perpetuates a system that wants to maintain its status.”
Let’s take a look at the ecosystem of bribery that was well encapsulated in Culture Corrupts! A Qualitative Study of Organisational Culture in Corrupt Organisations, a 2014 article by Jamie-Lee Campbell and Anja S Goritz in The Journal of Business Ethics.
The authors describe the mechanisms of rationalisation, socialisation and institutionalisation that form a social cocoon of organisational culture in which “it forms assumptions, values and norms of employees to support corruption”. Furthermore, “this corrupt organisational culture has the purpose to ensure employees’ support of corruption”. While the leaders of corrupt organisations and their corporate conspirators might establish offshore accounts and more sophisticated means of corruption, “employees, by contrast, implement corrupt tasks in their work routines”.
“We are talking about sophisticated, integrated criminal organisations that are masquerading as governments”
That might be soliciting a bribe in lieu of a traffic ticket or, as in the spark for the Arab Spring in Tunisia, permission to open up a fruit stand – but it is all the same; employees of state and their corporate benefactors, as parts of corrupt organisations, behaving criminally. As Campbell and Goritz state, those in the social cocoon of corruption “facilitate corruption, expect their colleagues to act corruptly and punish those who refuse to engage in corruption”.
But what does this have to do with FCPA? Everything. I call your attention to Thieves of State, a recent book by Sarah Chayes, senior associate at Carnegie Endowment for International Peace. In a recent interview posted on my blog (www.richardbistrong.com), I asked her to connect the dots between small bribery and greater criminality for the benefit of those who work in high-risk markets.
Sarah responded: “Many people choose to think that ‘petty corruption’ is just the work of the cop on the street. ‘Poor guy, he doesn’t get enough salary to live on anyway. He’s just trying to make ends meet.’ That’s true. But the corruption doesn’t stop with him. In nearly all the countries I have looked at, people BUY their positions in the police. Now why would a person go into debt to buy a job with a lousy salary? Because – with the bribes they can extract – the job is so lucrative. The candidates usually have to pay a lump sum, but then also [give] a monthly cut of their take to their superiors. Those superiors pay their superiors and so on, up the line, all the way to the minister of the interior… who also benefits from fantastic opportunities to facilitate drug smuggling, or customs fraud, or whatever.”
Added Sarah: “To reiterate: we are not talking about governments that are plagued by some corruption here. We are talking about sophisticated, vertically integrated criminal organisations that are masquerading as governments.”
That is the ‘social cocoon’ of corruption. I believe that when organisations and business teams start to embrace what the ‘supply side’ means to that ecosystem, as the source of its life blood, a true revulsion and ethical opposition to corruption will take hold beyond FCPA.
When I asked Sarah about governments serving as criminal organisations and how the concept might affect compliance professionals and those on the frontlines of international business, she said: “Businesspeople seeking to engage in these environments should think about it that way. They should think about their reputational risk, too, as more and more Western consumers become alert to this type of abuse, the way they have become alert to labour standards in countries manufacturing our consumer goods. And they should think about corporate social responsibility in broader terms. If this type of corruption is indeed fuelling security threats, such as terrorism, then don’t they have a responsibility not to enable it?”
Given these issues of corporate management, cocoons of corruption and criminal organisations masquerading as governments, I hope you will begin to view bribery as something that overshadows and transcends FCPA. Let’s regard it as a dark process that’s bigger than FCPA, beyond FCPA.
About The Author:
Richard now blogs at Richard Bistrong about current anti-bribery compliance issues, drawing from his own perspective and experience to discuss trends and compliance challenges, especially as they might impact overseas sales and marketing organisations. He has a BA from the University of Rochester and an MA in Foreign Affairs from the University of Virginia, including studies at the Institute for European Studies in Vienna, Austria. He is a member of the Society of Corporate Compliance and Ethics. Richard resides in the New York Metropolitan area with his wife and has two children.
Richard can be reached via his blog, LinkedIn, or at Richardtbistrong@gmail.com. He frequently tweets about #compliance and #fcpa topics at @richardbistrong. He is also available to speak to groups (corporate or industry) about real-world compliance issues.