Compliance and the Criminal Mind
We can all agree on one thing – Lance Armstrong is a disgrace. I have never seen a more pathetic performance of contrition, riddled with lies, and confirmation of a true sociopath.
His public relations strategy was a disaster. It is hard to know who to blame but perhaps it was an impossible assignment. There was no way to take a sociopath and make him human.
As a former federal prosecutor for 17 years, I have had extensive contact with the criminal mindset. There is a distinct line between sociopaths and psychopaths. Lance Armstrong is nothing more than a white collar criminal, full of self-serving justifications with a virulent strain of hostility and narcissism.
The lesson for compliance officers is instructive.
How do you build a compliance program which is designed to prevent and detect individuals from violating the law and/or company policies? Thinking like a criminal is a helpful exercise. Another way of framing the issue is to ask oneself, “If I wanted to obtain bribe money, how would I do so?” It is a great way to focus attention on the weaknesses in your control system.
The first inquiry focuses on offices where the risk of bribery is high. Companies know the high-risk countries in their operation.
The second inquiry is more specific – how would an employee or agent obtain the cash or items of value needed to pay bribes?
In this analysis, companies need to “think like a criminal” – how does a criminal get the money? How does the criminal avoid detection?
Internal controls are the key. If you know the controls, then you can identify how to circumvent them. For each high-risk country, the compliance program needs to focus on the opportunity for bribes — contracting opportunities and potential business, and regulatory approvals and interactions. In those cases where significant risks exist, then the compliance officer needs to define how bribes are likely to occur (through third parties or company sales personnel) and how much money would be needed. Sources of cash within the company’s office in the region or country should be identified and the existing controls in those offices should be examined.
With all of this information, two strategies exist – a targeted audit or some initial transaction testing. Between these two options, the key is to move quickly and conduct whatever audit or test is needed. Time is of the essence and bribery schemes have to be unearthed and stopped as soon as possible.
It is hard for compliance personnel to act nimbly but an “emergency” response team is important to include as part of a compliance program. This is a new “cutting-edge” strategy with very real benefits.
While proactive auditing is the new area of compliance innovation. A new “emergency” response team strategy can be created at minimal costs to try to identify “real risks” as opposed to theoretical “high risk” proactive audits.
What about the role of prostitution in corruption?