Narrator: ETHIC Intelligence was very pleased to welcome Robertson Park to its 10th annual breakfast on developments in anti-corruption compliance. Robertson is a shareholder with Murphy & McGonigle in Washington and a member of the ETHIC Intelligence Certification Committee. Robertson shared his thoughts on the FCPA pilot program and other emerging issues in the American enforcement community.
Robertson Park: Joke is compliance is a no, no job. Your job is to say no when others want to say yes. And I think the better answer is compliance doesn't want to say no. Compliance wants to work with business and hopefully get the business leaders to understand when it's appropriate to do something and when it might not be appropriate.
Narrator: How important is risk assessment for a company?
Robertson Park: I joke about this, but I think risk assessment is essentially the genesis of any compliance program. It's garbage in, garbage out, term we use. If you don't have a good risk assessment, it doesn't matter how much and how good the resources you receive are and how capable your employees are. If you haven't adequately assessed, where are the risks this company has, and where should we put our concentration you likely will fail.
Narrator: What are your thoughts on ISO 37001?
Robertson Park: I think ISO certification is going to be very difficult for enforcement authorities to ignore. That's a negative way of saying I think it's going be a distinct positive for a multinational company to say they are ISO certified under the new anti-bribery provisions. If I were as a private attorney, I would be shoving it down the throats of the government, saying this is a certification benchmark that has been developed in collaboration with all of these nations. You know, you had participation at the highest levels of your standards organization. You have bought off on this. You consider this best practice. This company went through the necessary steps, or this portion of the company went through these necessary steps and adopted these procedures. That means they meet this benchmark. What more can you, should you ask of an institution?
Narrator: And the FCPA pilot program?
Robertson Park: Sally Yates, the author of the "Yates Memo", spoke at a conference about a week ago in Washington, D.C. She made the comment that to get the benefits under the pilot program are generally the benefits of voluntary disclosure. It's not simply enough anymore to come in and voluntarily disclose. You must come in and voluntarily disclose and identify the evidence you possess in connection with senior individuals who may be responsible for the misconduct. So it's not just enough to come in and say we did bad things. This is it. It's you gotta come in and these are the bad things we did. And here are the people who did them.
Narrator: How should business leaders approach enforcement authorities?
Robertson Park: When enforcement authorities speak to senior business leaders in the course of an investigation, and they get the impression that the business leaders agree and understand with the compliance responsibilities, that is enormously beneficial even in the case where something went wrong. Because they recognize that the company is not just deployed compliance professionals, but they're getting the business leaders to buy in. That doesn't mean you don't have a bad business leader or you don't have somebody who goes and makes mistakes. But if you have business leaders who will say, "I've been trained. I've been trained multiple times. My bonus is in part contingent on how I perform my compliance oversight. My salary is in part contingent. My performance assessment is contingent on this, and I meet with my junior employees when they start work, and I explain how important these responsibilities are." That makes an enormous, enormous difference.
Narrator: How important is it that compliance resources be allocated appropriately?
Robertson Park: A company has a million dollars. They spend it on their compliance personnel. A company hires 12 people with that $1 million. But a company is in the extractive industries, and they keep seven people at home in headquarters in Sweden, and they have nobody in Africa. They have maybe one person in the Middle East. They have one person untrained, who's maybe not culturally aware in Asia. That's not adequate deployment. Maybe a million dollars and 12 people was adequate resources, but they've not been deployed intelligently. A lot of adequate resources is using what you have intelligently, not randomly, putting it where it's necessary.