Podcast: Culture & Compliance Chronicles: Behavioral Science – The Audit & Monitoring Perspective

April 2, 2020
26:51 minutes

Welcome to Culture & Compliance Chronicles, a new Ropes & Gray podcast series focused on the behavioral sciences approach to risk management. In this inaugural episode—part one of a two-part series—Ropes & Gray litigation & enforcement attorneys Amanda Raad and Tina Yu are joined by special guests Richard Bistrong, CEO of Front-Line Anti-Bribery LLC, and Jules Colborne-Baber, a partner and forensic audit expert at Deloitte UK, to take a deep dive into behavioral sciences and compliance, with a focus on how organizations can develop more effective tools to identify misconduct.

Download a summary of this episode.


Tina YuTina Yu: Welcome, everyone, and thank you for joining us on Culture & Compliance Chronicles, a podcast series focused on the behavioral sciences approach to risk management. I am Tina Yu, a litigation & enforcement associate at Ropes & Gray. I'm joined by my colleague Amanda Raad, a litigation & enforcement partner and co-chair of Ropes & Gray's global anti-corruption and international risk practice. We have two very special guests with us today. We're thrilled to welcome back Richard Bistrong, CEO of Front-Line Anti-Bribery LLC, a consultancy dedicated to assisting organizations with anti-bribery compliance challenges as they impact front-line business teams. Our other guest is Jules Colborne-Baber, a partner at Deloitte, which I'm sure all of our listeners are familiar with. Jules, however, is our expert for today, as we will be delving into the very important role that behavioral science can play in testing and monitoring, and how to make our tools more effective in identifying misconduct.

A little background on how this podcast came about: Jules, Richard and Amanda were going to have an engagement in London in early March, bringing together compliance leaders from the greater London business community – this podcast was going to be part of that event. But due to what were then initial outbreaks of COVID-19 in London, we cancelled the in-person event, but went ahead with this podcast, albeit from our respective and separate locales with thanks to the remote technologies that we are using here. In this podcast, you will hear us address issues including compliance communications, partnerships with business peers, messaging, monitoring and testing, among others. When we start to return to business, these issues are going to be even more critical – multinationals are going to be anxious to return to business, to re-establish supply chains and connect with customers and to re-start revenue streams. At the same time, compliance initiatives, especially in-person training and interactions, have been postponed, with uncertainty as to when they will be resumed. Addressing these commercial pressures with shifting compliance resources is going to be a challenge. Thus, as you hear our exchange of perspectives, from different legal, forensic, investigatory and commercial experiences, we hope you will challenge yourselves and to think about how these issues can be addressed in your organizations. This is especially the case to keep your compliance programs moving forward in tough commercial and market conditions. We wish everyone good health, safety and well-being. Thank you for joining us. So with that, let's get started. To kick us off, I'd be very interested to hear your perspective on what you think is the weakest link in a traditional compliance program?

Amanda RaadAmanda Raad: Thanks, everybody, for joining today. I think one of the biggest challenges in compliance programs is the segregation or separation between those really on the front lines in the business, and the compliance or control functions – and really a disconnect between what each is trying to accomplish and what the reality of the situation is on the front line for the people that are in the business. Sometimes I think we make policies and procedures that are tailored and, of course, are risk-based and fit the law, and do all of the things that we want them to do, but without having enough conversations with the people that are really going to be using those policies and procedures, and understanding exactly what are the challenges that they might be facing – how are they going to interact with the policies and procedures, and what day-to-day is life going to be like. And so more dialogue, more discussion and more just not assuming the law is going to tell us what the policy and procedure should look like, I think, is really needed in this space. But, Jules, I’d be interested in your thoughts on this.

Jules Colborne-BaberJules Colborne-Baber: Amanda, I agree. I think collaboration between the business and the front line is crucial. Senior management, I think, have a very important role to play to champion the behaviors that they expect, which will help drive the compliance agenda and therefore help drive that collaboration. For me, there's also the challenge around embeddedness. I often see organizations having put a lot of effort into risk assessment and the design of policies and procedures, and then come the challenges they really face. Where the rubber hits the road is the embeddedness of those policies and procedures, and the implementation of them throughout the organization. There might be some of those practical issues that we all know about in terms of remote locations or operations in different jurisdictions that can create problems with implementation, but then I think there's the second piece to it, clearly, which is much more than policies and procedures. It’s around developing the appropriate culture such that the everyday behaviors of employees are in alignment with the compliance objectives and the wider firm objectives. The other bit for me, beyond embeddedness then, is ensuring a compliance program is appropriately embedded – it's then ensuring that that the compliance program remains relevant and remains at the forefront of people's agendas. I think anything with a human factor in it, naturally, that decays over time in terms of its efficiency and effectiveness – and I see that as a significant danger with compliance programs; that their effectiveness can decay over time because humans are involved. So ensuring that people have appropriate and very relevant training on an ongoing basis, ensuring that senior management aren't simply championing policies and then forgetting about it, but it's an ongoing activity that must keep these programs at the forefront of people's minds and at the forefront of the agenda. So I think that's probably some of the key areas of weakness I see. Richard, what about your experience?

Richard BistrongRichard Bistrong: I think that you and Amanda just well described a bit of our compliance journey. If we look over just the past four or five years, so many of these programs were originally developed with sort of a criminal law lens – an eye toward the regulator. So when I first started deep diving into the compliance discourse, the debate seemed to be around, "What do we need to do to have a defensible program?” If there's a regulatory issue, “What are the core elements of a program that we need to have to demonstrate that we have a good faith effort here?" Where now, as you've both described, it's more along, "Well, we might have great controls. We think we have a defensible program, but is it embraced and understood by the workforce as a partner to commercial success?" As Jules described, that's not a one-size-fits-all challenge and it's not a one-size-fits-all solution. So does a global program make sense to the different parts of the world where people work and where they face much different risk? That's anything but static – that's very fluid. So I think it's a good sign that we're having this discussion now, because it really is about, "How is our program intertwined and embraced with the needs of business growth?"

Jules Colborne-Baber: I think that's right. I think what we've seen in the recent period around the much, much greater public scrutiny about how organizations behave and people's choices are starting to be made in terms of whether they purchase, acquire from particular organizations, that can be driven by the integrity with which the organization undertakes its business activities. So now, we're seeing an alignment or a gradual alignment of commercial success and decisions made with integrity or business integrity, which clearly captures the compliance issues we're talking about. So, increasingly for organizations, the compliance agenda is actually aligning with commercial success because you have a population that is starting to make decisions in terms of which businesses it supports and which it doesn't based upon the integrity with which those businesses undertake their activities.

Amanda Raad: It's really interesting when you think about aligning compliance strategies with commercial success because it sounds pretty obvious, but in order to do that you really have to have all of the people involved in the discussion, the planning and the decision making. It cannot be done in a silo, and it's hard, especially as we add resources, which are clearly important compliance resources to all of our institutions, and work on these programs. How do you make sure that all of those resources then are sufficiently embedded within the business, have a voice and are at the table when you're making the business decisions and you're making the business plan? Richard, maybe you can just comment from some of your experience on whether you in your past felt that you were able to work together with a compliance function and whether just working with some of the companies you work with now, actually, how you see that going and where you see some of the challenges there?

Richard Bistrong: In my commercial journey as an international sales executive from 1997-2007, there wasn't much of a discussion about embedding and intertwining. But now, Amanda, we're starting to see the growth – and it's really wonderful to witness this – where we're seeing these compliance champion programs or compliance ambassadors. These are individuals that are embedded often in sales (this is their day job, so to speak), or finance, or HR, but they also have a little bit of ethics and compliance in their DNA, and they are a part of the compliance team as well to help articulate and to spread the compliance word among their business peers. So I think when we're starting to see folks that are working in these support functions and these commercial functions that are also these compliance champions and compliance ambassadors. From my understanding, in a lot of the organizations I'm working with, there’s a waiting list to get one of those roles – they’ve become very popular. So I think that's another great sign that these discussions about the pressure to succeed and the pressure to comply are starting to now come together and people are thinking, "How do we align these so that people on the front lines don't think that they're in the middle of competing corporate objectives?"

Jules Colborne-Baber: Richard, what do you think of the Business Roundtable commitment that was made in August last year? The 181 organizations that signed up to the commitment to give primacy not only to shareholders, but to shareholders, customers, employees, suppliers and their community. So, effectively, looking at those five stakeholder sets and saying, "In terms of our corporate objectives and the way we act and behave in our corporate activities, we will consider all of those five sets of stakeholder groups with equal importance."

Richard Bistrong: Jules, that's a great question. I'm not sure if it's a solvable one because from the C-suite, and the board and high altitude, so to speak, I mean, that's a wonderful commitment and a wonderful way to engage globally. But what does that look like to someone who's tasked with KPIs and financial performance in a commercial function in a specific country or region that's got high-risk? How does that get operationalized? What do you and Amanda think about that?

Jules Colborne-Baber: I completely agree with you – I think the commitment itself is a really admirable thing. The real challenge is in order to create that paradigm shift, because I don't think it's anything less than a paradigm shift, but in order to do that, as you say, the real challenge is, how do you understand what that means at a high-level from a strategy and purpose perspective for all of those different stakeholders? Because clearly the stakeholder groups will have some competing objectives. How do you operationalize that into the organization? That's a real challenge and it will be very interesting to see whether anything tangible really is driven out of that commitment.

Amanda Raad: And you do seem to have competing objectives, as you say, perhaps. I mean, they may be aligned, but they're still somewhat competing, where you have different metrics. People are measured by different metrics perhaps on what they're trying to achieve. One of the things that we've talked about before, Richard, is that sometimes we don't ask as many questions when performance is going well. So if you look at the front-line business that is trying to achieve certain metrics and targets, when that's going well and they're meeting those targets, there's not an issue that we're trying to solve for or a problem that we're trying to solve for. As a result, there aren't as many questions asked and as many discussions around compliance, or really just around strategy and how to make sure that all of these various agendas are aligned appropriately. Could you comment a little bit on that?

Richard Bistrong: Amanda, I think that's very well said. There's a book called The Fearless Organization by Amy Edmondson, and she calls it "dangerous silence," where sometimes we think that no news means good news. It's not like it's intuitive that we come into work and say, "What's working well in the organization? Let's turn over that rock and see what lies beneath." But bad behavior can hide behind good performance. So, I think that, again, part of this compliance journey is to take a look at the atmospherics of success and to say, "Does this make sense?" If our market is experiencing some headwinds and yet our commercial groups in these particular regions seem to be doing quite well, maybe we need a better understanding of how that's getting done instead of just accolades to that team for doing a great job. I mean, that is not intuitive, and I don't think that comes easy to every organization.

Jules Colborne-Baber: I think we've seen a number of instances in history where even when you have what appears to be or initially appears to be very strong performance, then there are even indicators that contradict that strong performance, and yet people still get blinded by the perception of good performance. You could pick up Nick Leeson as a perfect example, who was making margin calls and asking the bank for money. They kept on paying money to him to make those calls. If he was being profitable, he would never have had to ask for that money, and so you can even see organizations or people in organizations being blinded by that veneer of success. Richard, if there had been someone who had been checking in on you throughout your career and through the issues that you experienced, do you think that would've helped and that would have made a difference to what happened to you?

Richard Bistrong: That may have been the one question I had 14-and-a-half months of incarceration to think about, Jules, because it's sort of like, "What would have stopped this story before it started?" I am not that unusual in that I spent part of my career in one part of a sales organization, which was the U.S. market, and then I took a role in another part of a sales organization, which was the international market. I certainly had the opportunity and was presented with the FCPA to read, review and ask questions if I had any before I took my first flight in this new, exciting role. So I understood that bribery was illegal, but then I started flying around the world, and I'm in the middle of risk, Jules. I think that if early on in this new chapter in my career if someone had been calling and said, "Richard, you should be calling us. It's inevitable that you're coming in contact with corruption and corruption risk in your new role. We know you signed the FCPA paperwork, but how are things going? What are some of the challenges that you've been hearing or seeing? We want to make sure that we're helping you." Because "just say no" doesn't operationalize this, which goes back to something that we addressed before. Amanda and I have called it an “accountability partner” – someone that if you're not calling them, they're calling you to see how things are going. So I think if that would have happened early on in this new chapter in my international sales career, I would have said, "I'm having a difficult time. I love this new work. I find it challenging. It's exciting. But I am struggling to understand how we're supposed to succeed in some high-risk marketplaces. I need support." If they would have made that call after ten years of a very slippery slope, I don't think I would have been as forthright in asking for that help because at some point I'm just indexing one bad act to the prior one before it. So, again, I think it goes back to the challenges of: Are we preparing people for the real world risk that they're facing before they're in the middle of it? And I think that's when people are more likely to course correct and share, "You know what? I may have just made a bad decision. Maybe we should talk about it and revisit it." That's the way I think we can get people to talk about these issues.

Amanda Raad: I think it's really interesting to think about how you would actually engage in what might be a tough discussion. So it's definitely something that you want to have more conversations about sooner. An accountability partner is a fantastic idea because you get to really know them and you talk to them hopefully on a consistent enough basis that it becomes easier to have challenging conversations. But I think all the time of investigations I've worked on, or matters where I've worked on, and you go into a very high-risk jurisdiction or an industry, and you know for sure the person you're talking to has faced challenges. And typically, nine times out of ten, at the beginning of that discussion when you start talking to someone, the instant reaction you get from them when you say, "Have you faced any challenges? I know it can be a tough environment here. What's that like look like for you?" is, "No, it's okay. It's hard for competitors. But here, I have a strong policy and program, and I fall back on that." People don't feel comfortable enough to raise the issue that they are having a tough time or a challenging time, and it isn’t something that you can openly talk about and it isn't something that you have to deal with all by yourself but can deal with together, which is obviously the safest way to try to tackle that. I think it's a challenge to really think about how you get people to know that that is the culture of an organization and that it's safe to actually have those honest discussions, because I think the instinct actually is to assume that that would be either a sign of weakness or something that wouldn't be supported within an organization. A sign of weakness in that you can't control the situation yourself and you can't follow what is a very clear policy and procedure and you need to ask a question about how to navigate a tough situation.

Richard Bistrong: The behavioral research demonstrates that we need to be having those conversations when there's not a problem at hand and that we're just positively reaffirming, “We know that there's tension between the pressure to succeed and the pressure to comply, and we understand that in our pursuit of business growth your values are going to get challenged. There's nothing wrong with that. Just always remember, you have a team here that wants to help you unpack those challenges, and the only issues we can't help you with are the ones that you keep to yourself." So the more I think we're having those conversations when there's not a problem at hand, I think at some point it starts to set in for those who face risk in their work might think, "You know what? I can pick up the phone at any time, I can hit the pause button, and I've got a team that's going to embrace my uncertainty instead of maybe making me feel embarrassed about it."

Jules Colborne-Baber: And, Richard, what you've articulated there very clearly is the culture, isn't it? The right culture, the openness, the transparency to be able to have those conversations. Also, the point that you both made around the timing of it, you get to a point where it's just too late. It needs to be done up front. Those conversations need to start right at the beginning, as you say, well before any issues or well before people are parachuted into those difficult environments, so they feel supported before and during their experience.

Richard Bistrong: My question to the both of you is: Whose voice is best to have those conversations? From your perspective and your experiences, does that sound loudest when it's coming from the legal and compliance function? Or should that be coming from business leadership? Or maybe both?

Amanda Raad: From my experience, I think you really need to have it come probably from both, but most importantly to come very clearly and strongly from the business leadership and throughout the business organization. Because where I started with this, where I think some of the biggest challenges are for compliance programs generally speaking, is compliance can help shape obviously the culture and is a big part in shaping the culture and in developing and implementing the compliance program, but day in and day out, it has to actually be implemented by the business. And having those that also have the same metrics, have the same challenges and are really working within the same infrastructure of the business organization, having them reinforce how they navigate challenging situations and reinforce that, in fact there is a safe way to do this, and that is the only way that's going to be accepted, is I think different than what can be perceived as rules-based, imposed by an outside function, that may or may not understand the actual everyday challenges that the business is facing.

Jules Colborne-Baber: I think that's key, because my answer would be ideally both – led by the business. But what's key, as you say, I think is from a compliance perspective that the skill sets and the understanding are really there within the compliance capability of the actual scenarios and the situations that the front line will face so they can be genuinely supported and have that understanding of the challenges that they will face.

Amanda Raad: I think the only way for that to actually play out is for compliance to be at the table with the business leadership so that they are involved in those discussions on a regular basis, because, otherwise, I don't think they ever really are truly informed.

Tina Yu: Thank you, Richard, Jules and Amanda for these great insights. Our time is up on this episode of our Culture & Compliance Chronicles podcast series. We will continue our discussion in part two, which will focus on the importance of behavioral science in compliance monitoring, so stay tuned. For more information, please visit our website at www.ropesgray.com. And of course, if we can help you navigate any of the topics we discussed, please don't hesitate to get in touch with us. You can also subscribe to this series wherever you regularly listen to podcasts, including on Apple, Google and Spotify. Thanks again for listening.

For more information or to contact Richard Bistrong, please visit his website at www.richardbistrong.com, his Twitter page at https://twitter.com/richardbistrong or email him directly at richardTbistrong@gmail.com. For additional information or to contact Jules Colborne-Baber, please visit https://www2.deloitte.com/uk or email him directly at jcolbornebaber@deloitte.co.uk.

Deloitte   Front-Line Anti-Bribery   Ropes & Gray

© 2020, Deloitte LLP, Front-Line Anti-Bribery LLC, Ropes & Gray LLP – all content in this podcast is copyright and not to be redistributed without consent and permission. All rights reserved.