NEW YORK – Richard Bistrong spent much of his career as an international sales executive. He currently speaks on foreign bribery and compliance issues from that front-line perspective, writing about them on his blog. Bistrong was vice president of international sales for a large, publicly traded manufacturer of police and military equipment, which also entailed residing and working in the UK. In 2007, as part of a cooperation agreement with the US Department of Justice and a subsequent immunity from prosecution in the UK, Bistrong assisted the United States, UK, and other governments in understanding how FCPA violations, bribery and other misdeeds were occurring in international export sales. His covert cooperation was one of the longest in any white-collar criminal investigation. In 2012, Bistrong was sentenced as part of his agreement and then served fourteen-and-a-half months at a federal prison camp in the US.
Last month, his views on corruption risks were featured in a new white paper on organizational risk management, published by Control Risks. The author of that report, Alison Taylor, sat down with Bistrong to discuss the current state of corruption risk management at the corporate level.
Taylor: Risk is the flip side of opportunity, as the saying goes. I’ve argued that risk management has become the most important source of commercial advantage for companies. What are your thoughts on that?
Bistrong: I would agree that risk management is a critical part of securing and sustaining commercial advantage. However, as you point out in your paper, we should break that down into a few components. There is the legal and enforcement side of risk, which is a clear and essential line in the sand as to what employees can and cannot do. Risk management doesn’t begin giving organizations a leg up until it becomes a function of business and commercial strategy, which goes well beyond the “bolt-on” compliance component.
Taylor: What do you see as the most important steps corporate leaders can take to improve corruption-risk management within their organizations?
There needs to be a strategic analysis of risk. From my perspective, that analysis must be conducted before financial forecasts are rolled up and consolidated to boards, executives and shareholders. Those strategic and financial forecasts are the drivers for business investment. Any failure to reflect risk at the start creates organizational confusion, misappropriation of resources and potential peril for those at the frontlines of international business.
In other words, when a business’s growth strategy and corruption risk are not aligned – especially in low-integrity regions – “the way we do things around here” wins out over legal risk management. In such cases, the culture of “win above all else” sets the tone for strategy. You referenced Edgar Schein’s work in your report and I think he’s right: the unspoken rules within an organization are a powerful driver of culture and set the tone for how a company views corruption risk.
When risk management becomes entirely divorced from business strategy, the two coexist in a very uncomfortable détente. Those on the frontlines of international business know just how important organizational culture is in determining which side wins that standoff.
What can be done to resolve this productively? A two-step approach should start at the planning stage. First, invite frontline business teams into the process so as to have strategic planning as a “buy-in,” both horizontally and vertically among members of the organizational structure. Next, make sure HR is participating. Consider how HR is tasked with training, documenting, programming and so forth and is then removed from the incentive-planning and -design process. It is critical to have an HR view on how incentives are structured and indexed (personal, group or corporate performance), especially in high-risk areas. HR is in a unique and unfettered position to intercede objectively when a compensation package is out of alignment with a compliance program. In other words, I think HR can raise a relevant voice when the ends of success, as promoted through bonus plans, do not complement the means of risk management.
As I have discussed, when frontline personnel are telling senior management about corruption issues they face in the field, it’s an encouraging sign when those conversations are upsetting. After all, you can fix what you know. Shouldn’t management hear and see the view from the frontline right at the start of the strategic planning process?
The second step is where the rubber meets the road: the moment when the C-suite has to decide whether the opportunities presented by new markets are worth the corruption risk they bring with them. In other words, are top executives prepared to share with their employees, boards and shareholders that they are going to walk business back in order to walk compliance and ethics forward?
The good news is that I have recently been hearing tremendous success stories from some major multinational companies. Confident of the value they bring to local economies in employment and investment, they are simply embracing “just say no” to bribe requests, large and small. These companies report that this drives a message of zero tolerance to all players in the corruption ecosystem, who might otherwise think they are just “moving things along” via petty bribes. In other words, risk, strategy and compliance can be complementary goals.
Taylor: Your personal story highlights the pitfalls of excessive risk-taking in terms of bribery and corruption. Yet, in certain environments, it seems almost impossible to eliminate those risks entirely. Do you think these are truly preventable risks?
Bistrong: On a personal level, the pitfalls are many and the consequences dire. The rationalizations and illusions that surround corrupt behavior, as I have described in recounting my own perfect storm, are legion. Having been subject to near-carbon copy prosecutions in the UK and the US, I can attest that those on the front lines who think they are serving their own success and bolstering their corporate reputations by engaging in corrupt behavior – even if they regard it as petty – are putting themselves and their colleagues at great risk. In my own journey, I never seek to justify my conduct; I knew what I did was unethical and illegal at the time I did it. If companies want to embrace the “holistic” approach to risk and compliance that you suggest in your paper, they need to ensure that those who work far from the C-suite and board rooms that generate those business strategies don’t feel they need to “grease a few wheels” to succeed. Alison, that is the risk that is preventable.
A multinational company cannot control the lack of overseas integrity that might exist where institutions of state are weak, procurement personnel are poorly trained and compensated and regulations are confusing and vague. What can be addressed is a business strategy that incorporates that risk and hence produces a sales forecast and investment approach reflecting longer-term sustainable growth and value without creating a zero-sum game between anti-bribery compliance and success.
Taylor: It seems that compliance with anti-corruption laws is not necessarily the same as good risk management. What are some areas in which you think companies could go beyond the letter of the law to better manage their risks?
Bistrong: Corruption is not some esoteric or imaginary crime involving complex behavior. It involves people who, at some level, have calculated that the gains of paying or receiving a bribe outweigh the risks and consequences of getting caught. Changing those people’s calculations means aligning business strategy to the rules and procedures of compliance while educating and training those on business frontlines as to how bribery can result in tragic consequences. I once heard a compliance professional say at a symposium that when the reaction to a corrupt proposal is “No – not because compliance says I can’t do it, but because I don’t do it,” we then have compliance beyond the letter of the law. When a frontline manager knows it is acceptable to walk away from a transaction without personal or professional consequences, even at the cost of a forecast revision, we have a perfect alignment of strategy, risk, and compliance.
A word of advice for those in the field who might be reading this interview: When you feel you are in a highly sensitive situation with little or no compliance support, and your compliance team is sitting in a head office with little visibility of the risks you face, call home. I don’t mean call your compliance hot line. I mean CALL HOME. Listen to your family, your friends and your loved ones. No amount of personal, professional or reputational gain is worth the loss of liberty you face if you are caught under sanctions that now cut across multiple jurisdictions.
