Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

The Compliance Paradox

There are signs everywhere that the FCPA is a growth industry. Enforcement activity is up, law firms, auditors, and consultants now specialize in the practice. Even the mainstream press is getting into the act — this week with Forbes’ mindless clubbing of the DOJ – Biglaw revolving door.

So let’s ask: How will all this attention impact the FCPA and those who deal with it? Will compliance become second nature, part of the corporate fabric, so that FCPA violations become rare? Will the growth and success of the compliance industry result in its own demise? Where are we on the growth curve — at the beginning, somewhere near the middle, or already close to the end?

As we often say in this space, compliance isn’t about math but human beings and how they behave. That’s why we think the FCPA will grow, as it has for the past five years, then ebb somewhat, then grow again, and so on.

Here’s the reason for the cycle. Effective FCPA compliance prevents most violations from happening. Illegal payments aren’t made; books aren’t cooked; corporate crack-ups are averted. That’s all good news but it can produce unexpected results.

When allegations of overseas bribery hit the fan, people often appear from outside the company to control the damage and clean up the mess, and they get the credit. But when a company stays out of trouble, those responsible for compliance aren’t in the news. And as more time passes without a compliance problem, they fall further from the corporate center. When enough time has passed with no FCPA blow up, others start asking what compliance people do all day, since there don’t seem to be any FCPA problems around here that need fixing.

People seldom receive much credit for things that don’t happen. We spend little time pondering non-events. Instead our attention falls on things that do happen, and the bigger the disaster, the more of our attention it gets. So rather than pinning medals on the heroes who have kept the company out of trouble, campaigns to undermine them spring up, usually through budget shrinkage. Companies can end up with no one watching for trouble. That in turn increases the chances of a compliance meltdown.

Taking a broader look, the pattern is similar. Today, compliance officers and related professionals are visible and valued. That’s largely because the DOJ (backed by presidents, congress, and NGOs) threw enforcement into hyper-drive a few years ago. The feds grabbed the action and set the agenda. Companies everywhere, with help from the compliance community, have been scrambling since then to catch up. Eventually there’ll be more equilibrium between enforcement and compliance, and that’s when enforcement should begin to decline.

When it does, companies will start wondering what their compliance people do all day. And so once again the DOJ will find plenty of low-hanging enforcement fruit . . . .

Share this post


1 Comment

  1. Greetings:

    At the conclusion of his term in office, U.S. President Dwight David Eisenhower warned of the "military-industrial" complex. In the States, this "complex" has its counterparts in the compliance areas in numerous areas of government regulated activity: (i) the Sarbanes-Oxley Act (SOX), (ii) the Bank Secrecy Act, (iii) the Foreign Corrupt Practices Act, etc. This situation exists not merely in the U.S., but throughout the world.

    Corruption may exist in the shadows, but if one reads the research of Transparency International ( and Raymond Baker’s Global Financial Integrity ( one cannot help but be alarmed. Corruption exists in all countries – the only difference is the form it takes and its consequences.

    SOX may have given rise to a lot of work for consulting firms and lawyers, but has it truly resulted in improved corporate governance and board of director oversight — the shareholders of Goldman Sachs and scores of other companies might contend otherwise. In the U.S., CEOs can still be Board Chairman — something that any informed individual would recognize as a conflict of interest.

    SBA — a lot of of paper is generated by financial institutions (which have established expensive compliance systems of uneven quality), some of which has been helpful after the fact in building criminal cases, but FINCEN (the U.S.’s financial intelligence unit) is drowned in paper. One should read its annual report. As John Cassara (author of Hide and Seek) has pointed out, were are the real accomplishments of FINCEN’s activity — particularly in terrorist financing. Of course, FINCEN has well-paid personnel and expensive technology — this is not the case in most countries.

    FCPA (and their foreign equivalents) — bribery represents a very small share of corruption. The FCPA cases brought are incredibly small compared to the level of international (and domestic) bribery. The resolution of cases through negotiating away criminal penalties in exchange for admitting violations of the "books and records" agreement and the U.S. government’s eagerness to enter into deferred prosecution agreements (DPAs) and non-prosecution agreements (NPAs) means that usually corporations are not barred from doing business with the U.S. (as well as other governments and international lending institutions). The fines paid are paid with SHAREHOLDER’s funds. The corporation may have created a subsidiary to plead "guilty" while the parent will not admit wrongdoing.

    Even if corporations are criminally prosecuted, how does one put BAE in jail. People commit crimes, tolerate a culture of non-compliance, are negligent in their operation of compliance systems. In some countries, an individual can be found to be criminally negligent or criminally reckless — perhaps the U.S. has a lot to learn in this area.

    Governments don’t like to prosecute their own corporations. In some cases, unfortunately government employees are unlikely to want to prosecute their potential future employers or clients. The public suffers. DoJ should risk losing a case rather than to countenance widespread unlawful conduct or slapping persons on the wrist and declaring "victor."

    Corporations do not commit crimes, people do. Yes, proving criminal cases may sometimes be hard — that’s why we need whistle-blower protections. Officers, directors, compliance officers that fail to follow legal requirements should be prohibited from working for public companies or do business with them in any way. While collar criminals should be punished in proportion to the harm they have caused society. Fines against both individuals and corporations should automatically increase pursuant to the use of indices — otherwise the penalties can be ridiculously small. A risk worth running or the cost of doing business.

    We have developed a culture of cynicism that must be counteracted. We should fight "agency" capture. Lobbying would be a crime in most countries. Some political appointees and civil servants lean on the tax-payers’ nickel and then cash-in — just look at many former personnel of the Department of Homeland Security.

    In many cases, special interests engage in rent-seeking behavior at the public’s expense — which has difficulty organizing and cannot buy access to politicians and their staffs. So where is the outrage?

Comments are closed for this article!