Compliance issues?

Employees in the trenches are tired of management talking to them like non-compliant kids. Instead, ask them to think with the curiosity, courage and clarity of kids. Here are ways to elicit anti-fraud compliance by understanding operating environments, clearly stating instructions, avoiding proscriptive rules and more.

In-house anti-fraud and compliance teams in multinational companies have a tougher job now than ever. Barely a month goes by without some new regulation, legislation or guidance issued. Most teams are now covering every facet of fraud: corruption to conflicts of interest, anti-trust issues to anti-money laundering, privacy concerns to whistleblower regulation, and so on. They’re investigating fraud across increasingly diverse but nationalistic emerging and established markets.

Naturally, this results in a constant churn of policies, procedures and training. The busy people in frontline markets don’t always read, or welcome, this stream of rules and edicts from the head office (HQ). Those are the people I work with. In the past decade operating across Asia, I’ve counseled hundreds of people facing extortive, unethical and/or conflicting demands from local stakeholders — often public officials or clients — who don’t care for the U.S. or European laws and barely respect their own.

Too many top-down directives have caused fatigue. The folks in the trenches are tired of HQ management talking to them like non-compliant kids.

Lost in translation

Have you ever given unclear instructions to a kid? I have — more than a few times. It never ended well and usually resulted in the demise of home furnishings. It’s not just kids though. To pick one example, I’ve investigated the “I thought I was doing you a favor by breaking the law” scheme across multiple industries and countries in the Asia-Pacific region.

This case comes from Indonesia, but it could occur in many places. Here’s a paraphrasing of a telephone conversation between HQ’s compliance department and the head of government relations (and part-time “compliance champion”) at an Indonesia subsidiary.

HQ compliance: “The UK Bribery Act [UKBA] prohibits facilitation payments. The U.S. Foreign Corrupt Practices Act doesn’t, but you need to record them properly, or you’ll be committing a ‘Books and Records’ violation. But if you record them, we may have a UKBA liability.”
Indonesia subsidiary: “What’s a facilitation payment?”
HQ: “Requests for an additional payment by a public official to properly fulfill their duties without a tariff or fees or receipt.”
Indonesia subsidiary: “Have you ever been here? You got a taxi from the airport I assume? Did you get an official receipt? No, the driver handed you a blank letterheaded ‘receipt’ and encouraged you to fill in the details.”
HQ: “Well, you need to get official receipts now. But be careful about recording them.”
Indonesia subsidiary: “Errr, so do we record them or not?”
HQ: “Well, we’d prefer you didn’t pay them.”
Indonesia subsidiary: “We won’t get anything through customs again, or get our license renewed, or proper environmental inspections, or police escort for heavy/wide vehicles, or occupancy permits for construction, or, or, or …”
HQ: “Is there another way?”
Indonesia subsidiary: “Let us think about it.”

A few months later, the audit team members arrived from HQ. They were pleased to see that payments to public officials had fallen through the floor. But a bit of digging revealed irregularities in third-party payments. Many of the same suppliers were charging more for the same services. Audit alerted HQ, who said, “Are you telling us we have a major fraud on our hands — kickbacks?” The audit team explained, “Not really. The total amounts are less than $30,000.” After some head-scratching, the HQ compliance team dispatched investigators and contracted local investigative support. Some awkward interviews later, the office manager said:

Have you ever given unclear instructions to a kid? I have — more than a few times. It never ended well and usually resulted in the demise of home furnishings.

What went wrong?

Quite a few things, but these four areas account for the majority of integrity violations I’ve seen where there’s been a disjoint between HQ and the frontline.

Failure to understand operating environment

Regulations drafted in developed economies with a strong rule of law don’t always travel well. The onus is on the people in HQ functions to get in the trenches with operational folks in complex and/or emerging markets to understand where that regulation might come up against local resistance. If travel budgets or time restraints prohibit this, use surveys, video calls, interviews and so on.

The analogy I heard that best describes this issue came from a mining exec: “If your anti-fraud program is a Ferrari, that’s great on the Pacific Coast Highway. But it’s not going to last long on a Laotian mountain pass.” You’ll need to adapt your program — usually by making it more robust, sturdy and simple — so it’s less Ferrari and more Toyota pickup for many challenging frontier markets.

Failure to understand processes

Processing a working visa for a foreigner in Indonesia — depending on the technical nature of their job — can take around nine to 15 steps involving multiple government agencies. If you want that processed quickly, hands might be outstretched for “expediting fees.”

In your home country, most government interactions probably are online with fees scheduled and receipts given, but that’s not necessarily the way it’s done elsewhere. Again, to properly handle these issues you’ll need to understand processes that often seem intentionally vague and convoluted to allow opportunities for capricious interpretation. Sometimes this means you’ll need local advice. Common headache areas are tax, customs, business licenses, immigration, product regulations and anything at all to do with land.

A lack of clear guidance

If you don’t fully understand points 1 and 2 above, your guidance and instruction will be at best rigid and impractical, and at worst nonsensical. Learn before teaching.

A strategy focused only on reward not risk

Why is your organization expanding into emerging and complex markets? Because they promise opportunities. However, that usually means ambitious targets (20% year-on-year growth targets aren’t uncommon). Senior leaders at the regional HQ level should make efforts to assess addressable markets (how much of the market can be serviced within your anti-fraud risk appetite).

I remember a regional CEO of a major steel business traveling to Vietnam, which was then in a construction boom. As he heard from the local team about the myriad ethical and integrity challenges — from forced land clearance (the government removes citizens from their homes), to fraud, to corruption and money laundering — he said, “Okay, so we know the market opportunity is $500 million, but what is the addressable market — the market we can operate in cleanly?” The answer was around 20% of the total market opportunity, which was still a hefty chunk of change.

Key takeaway

Anti-fraud efforts are battlegrounds in many complex and emerging markets, and the decks are stacked in favor of local authorities who control the rule of law and rules of the game. So, why would you go into any battle without first assessing the terrain and the enemy? If you want to minimize fraud, maximize the intelligence you gather about the operational abilities, and then adapt your controls and strategy to succeed.

Checklists versus common sense

Have you ever been too proscriptive in your advice to a kid? I have. Like when I told my daughter that “Crayons are not meant for human hair,” to discourage an extreme makeover. The dog didn’t appreciate the pink highlights.

Again, limiting or proscriptive rules can also be the undoing of the anti-fraud professional. Well-intentioned organizations set rules because they’re understandably concerned about violations. For example, a Swedish engineering company experienced problems with lavish entertainment of officials in an expensive Eastern European city. So, it set a $150 per-head entertainment allowance. This edict was possibly reasonable for expensive Northern European standards, but it was wrong in Myanmar where that allowance allowed its sales team at the Swedish company’s subsidiary to recreate an episode of “Entourage.”

I frequently see organizations’ quantified rules, such as per-head allowances, per-diem limits and acceptable margins (for example, permitted commission ranges for third parties or maximum discount limits on certain products). This makes a lot of sense, but they can run afoul of the “If you’re a hammer, all you see are nails” maxim. Vigilant organizations can rigidly enforce adherence but miss the intentions of the rules. Here’s an example.

A European medical devices and diagnostics company operating in Vietnam observed China’s crackdown on fraud and feared Vietnam might follow suit. The company had banned entertainment with health care professionals (HCPs). It told the Vietnam office’s senior leaders, “No more gifts, no more entertainment” and plastered posters with that message around its offices. So, the company’s new legal and compliance head of Southeast Asia was somewhat alarmed to see a claim from the sales and marketing team for $6,000 for “renting hospital space for product demo.” When he enquired, he found out the sales guys had wanted to pitch a new medical product to HCPs at a government hospital. The HCPs, knowing the “no fun” rules had said, “Sure, we’ll sit for your pitch, but you’ll need to rent out an operating theatre in our hospital that’s big enough to properly demo it. We have one in mind.” The “rental” offer (government hospital space is rarely for rent in Vietnam) was just another conduit for kickbacks, but the local sales guys seemed genuinely confused that HQ had rejected the request.

What went wrong?

The health care company in Vietnam emphasized the rules but not the intention behind them. What are some of the first things we teach kids? Depending on your culture, it’ll often be universal religious or philosophical lessons like fables. Rules and limits are important, of course, but if they’re not communicated with clear intentions, they’re of limited use.

Instead of saying “No more gifts and entertainment for HCPs,” the Vietnamese company management should’ve focused more on its intention: “We don’t make payments that can, or could be perceived as, improperly influencing any stakeholder.”

Instead of treating employees like kids, how do you get them to think with the curiosity, courage and clarity of kids?

The company should’ve been training its employees to ask “why” when faced with requests from customers and vendors. For example, a Malaysian hospital told another health care company that was selling it expensive scanners that it could only use one of two nominated contractors for the refitting and construction of the rooms in which the scanners were to be housed. If a hospital says you have to use a nominated contractor or pay $6,000 to rent a room, your first question has to be “Why!?” Anyone who’s ever spent time with kids will know that common three-letter word.

Key takeaway

As the anti-fraud professional covering markets where your stakeholders might not always have your best intentions at heart, you need to empower your people to ask why and not just follow rules. Employees can circumvent didactic rules in oh-so-many creative ways.

Channel your inner kid

Instead of treating employees like kids, how do you get them to think with the curiosity, courage and clarity of kids?

Learn together

Many successful organizations are built on a culture of “Don’t bring me problems, bring me solutions.” That doesn’t always work in risk management. As the in-house, anti-fraud professional (or outside counsel), your team’s role is to build a culture in which people ask questions, bring you problems and share knowledge.

A decade or so ago, two colleagues who worked for the same organization met for the first time at a global leadership conference. One was based in Moscow, the other in Sao Paolo. After 10 minutes of discussion about fraud and integrity risk they announced, “The weather might be different, but many of the problems are similar in our two countries.” If one part of the organization has struggled with a particular issue, another part might have found solutions.

Train employees to push back

Ever tried giving a kid an unrealistic task? They told you it was unrealistic, right? Encourage employees to speak up if the organization is asking them to abide by an unrealistic edict — be it financial targets, or negotiating favorably with a powerful and unethical regulator. To do this, implement anonymous reporting lines (ideally) or confidential reporting channels to an independent legal and compliance function. Reporting channels must be widely, clearly and repeatedly communicated to employees. This allows employees to report to those outside of their immediate teams. Their team members might be part of the problems.

Rationalization

Cressey’s Fraud Triangle tells us that employees rationalize fraudulent acts. I wish I received a dollar every time I heard this rationalization: “It’s just the way things are done in … (insert sweeping generalization about a country, region, culture, industry, etc.).”

Kids will often push back if you ask them to rationalize gray-tinged or just plain wrong decisions. One way I try to explain this to people struggling with morally questionable dilemmas is to ask them, “What advice would you give to your kid or someone you love if they came to you with this problem?” Or just ask them if they’d feel happy telling their family what they’d done or plan to do.

Silence the cynic, promote the inner child

You and your colleagues can find it difficult to maintain professional skepticism in investigations when you encounter unethical demands or pressure from powerful stakeholders. The kid in you will want to make the world a better place.

I remember a workshop in the Philippines where a member of the expatriate management team uttered the “It’ll always be like this,” surrender when a participant challenged him about persistent fraud issues at the local port. But the local finance manager stood up and said, “No! It cannot continue. We cannot keep paying bribes just to get every basic service.”

Brave citizens have toppled governments for unethical, corrupt, fraudulent and dishonest acts. Don’t give in to the cynicism. Use your inner child to think hopefully and laterally as this company did when they began to ship their goods and equipment through a different local port where the local officials were more amenable.

Make life easier

Most people have good internal moral compasses, and those that don’t will be easier to weed out if you show more respect for employees’ intrinsic values.

Following the latest corporate or government scandals, victims — quoted in news articles — lament, “Why do good people do bad things?” The answer is simple: Organizations fail to empower employees to exercise their judgment, and/or employees couldn’t attain their organizations’ goals without cutting corners.

The great skill here is determining what in your anti-fraud framework is ostensibly common sense and what requires expertise to navigate. For example, most people know obtaining that to which they’re not entitled is wrong — as is lying and turning a blind eye to the wrongs of others. That covers much of corruption, asset misappropriation, falsification and negligence, among others.

Instilling a culture in which employees are empowered to exercise good judgment and escalate concerns might free up time to focus on other complex problems possibly caused by unwitting employees’ errors, such as violations of data privacy or competition laws, cyberfraud, modern slavery issues in the supply chain, and so on. (The U.K. and Australian governments have enacted modern slavery acts that require businesses above a certain size to report what they’re doing to eradicate these problems, which include such offenses as forced and bonded labor.)

Key takeaway

Empower your people by letting them think for themselves, which could free up your time to focus on the knotty and complex problems that sadly will always remain.

Thinking like kids

Headquarters’ compliance edicts regularly bombard employees on the frontlines in multinational companies. Don’t treat them like recalcitrant children. Instead, appeal to them to think with the curiosity, courage and clarity of kids as they grapple with ethical questions and work to follow the rules within complex environments. If you do, you’ll improve your prevention and deterrence of fraud.

Rupert Evill, CFE, is the director of Ethics Insight Pte Ltd. in Singapore. Contact him at rupert@ethicsinsight.co.