The Art of Strategic Compliance Plan – A Seven Step Process

The Art of Strategic Compliance Plan – A Seven Step Process

I recently wrote about my colleague Stephen Martin's thoughts on having a 1-3-5 year strategic plan for your company's Foreign Corrupt Practices Act (FCPA) or Bribery Act compliance program. I am often asked where a compliance practitioner can come up with some ideas to put in such a strategic plan. Clearly one excellent area to study are the ongoing enforcement actions, which are all publicly released. They not only provide insight into the Department of Justice's (DOJ) thinking on current best practices in the area of FCPA compliance programs but with the recent addition of "Enhanced Compliance Obligations" as found in the Johnson & Johnson (J&J) and Pfizer Deferred Prosecution Agreements (DPAs) there is solid information on some of the most cutting edge compliance initiatives which companies are now using. While you should recognize that these "Enhanced Compliance Obligations" are tailored for the specific company the DPA deals with, nevertheless you can review the concepts and implement those which are appropriate for your company.

Like many compliance practitioners, I came to this field through a corporate law department. As such the focus was usually not on strategic objectives nor did we typically receive much training on how to go about such a process. I was therefore interested in an article in the September issue of the Harvard Business Review (HBR), entitled "Bringing Science to the Art of Strategy", co-authored by A. G. Lafley, Roger Martin, Jan Rivkin and Nicolaj Siggelkow, which explored the idea that company leaders could be much better in "marrying empirical rigor and creative thinking." The authors laid out a provocative calculus for developing novel strategies through a "genuine inquiry that's at the heart of the scientific method." The authors set forth a step-by-step process in which creative thinking yields possibilities and tests these possibilities using rigorous analysis. The steps are:

1.      Move from Issues to Choice. You need to convert your issue into at least two mutually exclusive options which might resolve the issue. This is because most organizations "will fall into the trap of investigating data related to issues rather than exploring and testing possible solutions." By framing the problem or issue as a choice, you will focus on "what you have to do next, not on describing or analyzing the challenge."

2.      Generate Strategic Possibilities. You will need to broaden your list of options to ensure that there is an inclusive range of possibilities. By this the authors mean that possibilities should be creative. Further they identified three key components for such possibilities. First, detail the advantage the possibilities aim to achieve. Second, the scope across which the advantage applies. Third, the activities that will deliver the intended advantage.

3.      Specify the Conditions for Success. For each possibility that you or your group generates, you must describe what must be true for the possibility to be strategically sound. The authors make it clear that this step is not intended "for arguing about what is true" nor is it intended to "explore the soundness of logic behind various possibilities." This step is intended to require the skeptic to "specify the exact source of skepticism" and require the possibility progenitor to "understand the skeptic's reservations and develop the proof to overcome them."

4.      Identify Barriers to Choice. This step is designed to put a "critical eye on the conditions" identified in Step 3. To do this you should determine which conditions are the least likely to hold true. Interestingly, in this step the authors suggest the following process: ask the group members to "imagine that they could buy a guarantee that any particular conditions [identified in Step 3] would hold true." The condition chosen should be the condition which is the greatest barrier to success. You should then continue the process until all conditions are ranking in such an order.

5.      Design Tests for Barrier Conditions. For each key barrier, you should devise a test which you deem to be valid and sufficient to generate commitment within your organization. The authors do not specify any particular test but say that "the only requirement is that the entire group believes that the test is valid and can form the basis of rejecting the possibility in question or generating comment to it."

6.      Conduct the Tests. In this step you should start with the test for the barrier conditions in which you have the least confidence. The authors suggest that you bring in outside professionals to administer the test or at least some other group within your company. They caution that the role of these testers is to test; their role is not to revisit or analyze the conditions that your group has set. The key is that the testing has to be "an inch wide and a mile deep" which the authors explain requires that the testing should target the "concerns which could prevent the group from choosing an option and exploring those areas thoroughly enough to meet the group's standard of proof."

7.      Make the Choice. Finally, you will need to review your key conditions in light of your test results in order to reach a conclusion. The authors believe that the correct strategy will appear from the results and that greater team consensus will be generated by the seven step approach they suggest.

I found this article very interesting as it provided a useful guide on how to think through devising a strategic plan. In the compliance arena, if you could weld this process to Stephen Martin's ideas for a 1-3-5 year strategic plan, it would provide a powerful tool for you to use not only in promoting your compliance initiatives internally but if the government ever comes knocking at your door.

I will be co-presenting with Stephen Martin next week in Chicago at an event hosted by Kreller. It will be Tuesday, September 11 at the University Club of Chicago. If you are in the area, please come by and here about Stephen's 1-3-5 plan and much more about FCPA compliance programs. For more information, click here.

 Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

For more information about LexisNexis products and solutions connect with us through our corporate site.