This recent article in the Journal of Judgment and Decision Making titled “On the Reception and Detection of Pseudo-Profound Bullshit” caught my eye. The article focuses “on pseudo-profound bullshit, which consists of seemingly impressive assertions that are presented as true and meaningful but are actually vacuous.”
Perhaps you’ve noticed the emergence of the term “compliance 2.0” in the Foreign Corrupt Practices Act space and beyond?
Panels at conferences are titled “Compliance 2.0: How to Build and Implement a Strong Compliance Program for FCPA” and other areas.
You can read the above links and decide for yourself whether those promoting Compliance 2.0 as some kind of secret sauce have a point or are mostly speaking in vague generalities and thus gobbledygook.
My own two cents is that Compliance 2.0, as used in the FCPA space, is mostly a meaningless buzzword.
Using the word “no” FCPA issue is a bit strong because, after all, a broken clock is right twice a day (pardon the buzzword / cliche).
However, few if any FCPA issues are going to be “nipped in the bud” (pardon the buzzword / cliche) based on the following purported components of Compliance 2.0: the reporting relationship between a board of directors and chief compliance officer or general counsel; a CEO or other executive officer’s “tone at the top” (another mostly meaningless buzzword in the FCPA space); or consideration of other stakeholders.
Rather, FCPA issues arise – and can thus best be mitigated and managed – by understanding how real people, operating in foreign countries with real business conditions, interact with real foreign officials.
The narrative roadmap for many FCPA issues is as follows.
- Barriers, distortions and conditions create bureaucracy
- Bureaucracy creates points of contact with foreign officials
- Points of contact with foreign officials create discretion
- Discretion creates the opportunity for a foreign official to misuse their position by making bribe demands.
Instead of complicating the compliance playbook with a mostly meaningless buzzword, business organizations should keep it simple and focus on blocking and tackling type issues (pardon the buzzword / cliche) such as the following questions relevant to conducting an FCPA risk assessment:
- In which countries does the company do business? As to each country, what is the country’s reputation for corruption?
- Who are the company’s customers or potential customers in each country? Is the customer a government (whether federal, state, or local) department, agency or instrumentality? Does a government department, agency, or instrumentality, or individual associated with such units, have an ownership or equity interest in the customer?
- How does the company do business and/or interact with customers or potential customers in the country? Does the company use third parties in the foreign countries?
- How does the company’s product enter and exit the country? Does the company use the services of a customs broker or freight forwarder?
- What licenses, permits, or certifications does the company need to do business in the country? As to each license, permit or certification, how does the company obtain such approvals?
- Is the company subject to other unique forms of government regulation in the country? What other points of contact does the company have with foreign government in the country (such as tax and immigration authorities)?
Understanding the answers to the above questions and incorporating them into an FCPA compliance program are leaps and bounds more important than “tone at the top” and the specifics of the reporting relationship between a chief compliance officer and the board of directors.
Moreover, Compliance 2.0, like most buzzwords, can be counter-productive because they create a false sense of results by inferring that adherence to the buzzword will show results. Indeed, a recent survey by the Institute of Leadership & Management suggests that a meaningful percent of employees consider management jargon as pointless and often irritating.
In short, decide for yourself whether Compliance 2.0 is a useful concept or mostly a meaningless buzzword.
And when you are done with that, turn your attention to Compliance 3.0 (see here).