Has this new era of FCPA enforcement resulted in compliance fatigue and its unintended negative consequence of numbing individuals to the FCPA?
“Rules and controls and training programs are essential in any organization, but at some point, the burdens imposed by intricate matrices of rules, complex reporting and approval processes, and seemingly never-ending training requirements become a net drag on the business. […] The deleterious effects of too much compliance activity include much more than a drag on productivity. A system that is overly-controlled, that has passed its optimal point of compliance activities, will engender backlash and bewilderment from those who are being controlled. Managers and other employees will balk at a sclerotic network of rules and processes, and they won’t—and in many instances may not be able to—comply. Rules and signoffs will be overlooked, and training courses never taken. Such backlash can actually move a program backward down the benefits curve. And when an employee population sees the compliance program as overly burdensome and poorly aligned with business reality, they will undermine the credibility of the entire enterprise.”
At a recent compliance industry conference compliance officers expressed concerns “about too much compliance” across a wide variety of areas. More to the point, a recent survey found that although “many companies have intensified their efforts to combat bribery and corruption, especially given the aggressive enforcement environment” many executives “must overcome a certain degree of institutional fatigue about anti-corruption compliance initiatives.” The survey concluded:
“We found many boards felt increasingly swamped by risk management and control information. Combined with a growing sense of [bribery and corruption] compliance fatigue, this contributes towards a ‘tick the box’ approach to managing risk.”
Annual FCPA training, annual FCPA certifications, databases full of customers with government ownership, an automated process for this and that, periodic FCPA compliance reminders, FCPA compliance as an agenda item on each meeting, etc. All of these are considered best practices, but the question is asked – is too much FCPA compliance actually a net negative?
Think of a typical television commercial for a new drug. Thirty seconds of the commercial is devoted to describing the benefits of the drug. However, because of regulatory requirements and the company’s potential legal liability associated with the drug, ninety seconds of the commercial is devoted to a laundry list of negative side effects associated with the drug. At some point, viewers disengage from the message and the positive attributes of the drug (the reason for the commercial in the first place) are lost.
Applying this dynamic to FCPA compliance, is trying to anticipate and address every potential instance of FCPA risk through training slides and compliance modules diverting attention away from the big picture of FCPA compliance and numbing employees and others who operate on the company’s behalf to the underlying objectives of the company’s FCPA compliance policies and procedures? In short, when it comes to FCPA compliance, is less more?
A compliance professional observed:
“In response [to this new era of FCPA enforcement], companies have begun to provide more and more accessible (read: web-based) anti-corruption and related regulatory training programs. Predictably, a panoply of vendors have surfaced offering state-of-the-art customizable online training modules, complete with scenarios, live actors, knowledge checks and certifications. Online compliance training has now become a cottage industry serving a wide array of organizations faced with the daunting task of communicating a Western regulatory concept to tens of thousands of employees across multiple languages, cultures and jurisdictions – again, under the watchful eye of various enforcement bodies. […] [Does] repeated online and other mass training over time actually have the unintended effect of desensitizing employees to, rather than making them more aware and cautious of, bribery and other corrupt activity.”
What do you think? Is compliance fatigue real?
