Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Richard Bistrong: Embrace the best compliance resource of all

Two great recent posts on the FCPA Blog talked about the heavy demands on compliance professionals generated by the global regulatory patchwork.

Lindsay Columbo discussed the challenges of due diligence amid regulatory differences, among other variables, but said consistent standards and regulations “can be understood and addressed regardless of jurisdiction or any other factor.”

Martin Kenney pointed out in response that a one-size solution “may be impossible to achieve.” He’s also concerned that in looking for harmonization and automation, “we may be minimiz(ing) the human element in the equation.”

I agree with Martin’s premise that through too much standardization, we might lose the best compliance resource we have: our gut. He’s right to warn that a myopic focus on “running searches and ticking the boxes” can divert our attention from the atmospherics of transactions, where a hunch might lead to hitting the pause button, even if we’re not sure exactly why.

As a sales executive, I once handled a massive order for grenades for a small, peaceful Caribbean island. Somehow, the order didn’t raise anyone’s suspicions. But as Martin says, there is no substitute for experience. Those handling and supporting that grenade order might have included people in support functions — sales order processing, finance, and shipping/receiving, along with their supervisors. Were they thinking of themselves as small cogs in a big machine, or as integrity ambassadors? Did they encounter what Martin described as the conflict “between profitability and compliance” for that grenade order?

If the focus is on standards, harmonization, certifications, and a dashboard on our desktop, is there any room for the hunches that can keep everyone safe?

When I worked as a sales executive and was violating the FCPA, I left “crumbs of clues” along my ten-year path. Most of those clues wouldn’t have been found in a data dive or dashboard.

For example, I bribed a Dutch police official to win a pepper spray contract. Would the Dutch police have triggered any red-flags in an automated or standardized process? How about a New York-based UN intermediary who had a success fee of less than five percent? And yet, my colleagues may have had a hunch about my amazing sales successes.

When we focus resources on one-size solutions and neat data dashboards, does that leave room for the human element or are we blinding ourselves to risks that fall outside our laptops?


Richard Bistrong, pictured above, is a contributing editor of the FCPA Blog and CEO of Front-Line Anti-Bribery LLCIn 2010 he pleaded guilty to a conspiracy to violate the FCPA and served fourteen and a half months at a U.S. federal prison camp. He was named to Compliance Week’s list of Top Minds in 2017 and was one of Ethisphere’s 100 Most Influential in Business Ethics in 2015. He was named by Thomson Reuters in 2018 as a Top 50 Social Influencer in Risk, Compliance and RegTech.

His popular real-life compliance training video, Behind the Bribe, produced in cooperation with Mastercard, was released in 2017. To request a demo of the full eleven-minute video or a licensing fee schedule, please click here.

Share this post



  1. "crumbs of clues" — People invariably leave them, knowingly and not. CIA analysts call this 'leakage." I refer to "shadow data" and “psychological fingerprints.” To your point, dashboards and algorithms cannot detect crumbs unless pre-classified as anomalous; checklists and computational agents won’t discern context or significance, or comprehend intent. But as you also imply, while people are capable in principle of recognizing signs of potential wrong-doing, the crumbs might not register or they might not know how to understand and respond even if they have noticed.

    My takeaway from your post, with which I agree, is that pitting automation against human involvement is at best a false (and miserable) choice and, in practical terms, a radical error in judgment giving rise to massively adverse unintended consequences. In my view, the answer, consonant with @Martin Kenney’s and your positions, is to prepare E&C professionals differently. Not just to be experts in regulatory and jurisdictional issues, as ambassadors of integrity, or free to consider hunches and atmospherics. But actually trained to be more able to use themselves as sophisticated instruments in helping organizations, and all the crumb-dropping people who populate them, to function not just compliantly but also with integrity.

  2. I am sorry but I don’t agree that automation is subbing for human judgment. At least, not if used appropriately. New technologies offer us the possibility to analyze Big Data in ways that have never been possible before. This analysis may yield new insights, as when we can now see a pattern that was not open to us before, revealing red flags that were previously hidden, and relationships that we did not know existed. Richard’s “crumbs of clues” may actually come into focus as anomalies. We still have to ask whether the new patterns make sense, what a deviation from the pattern really means, and why people are behaving the way they do. Our gut sense is still very much needed, but it now has a larger playground.

  3. As someone whose 24/7 job entails guiding families of white-collar criminals through the nightmare of investigation, prosecution, incarceration, re-entry, asset seizure and forfeiture, divorce and willful blindness, I am endlessly perplexed (and often, sadly, amused) that the compliance world finds it so difficult to prevent white-collar crime. I see the field dancing around the solution all the time but the "field" chooses not to get too close to the cure for fear the problem may be solved and not by expensive, carefully crafted algorithms or lucrative global conferencing sessions that have become market places for sales of even more computer compliance programming. These conferences are prohibitively expensive and generate big money but are they deterring workplace crime? Probably not. I like Richard's line "…or are we blinding ourselves to risks that fall outside our laptops?" His keen thinking gets to the heart of the matter in that corporations are not taking seriously risk solutions that fall outside of expensive computer software. A computer program may be helpful in getting to the source of a problem but is really only helpful as a tool in shoring up lose entry points. The truth is, entry points are not deterrents in and of themselves as they simply inform rather than deter. Knowing the source of an occupational crime matters not a whit because deterrence begins in examining what happens after a perp is caught and prosecuted and not before. Need proof? How many perps signed ethics agreements or had twenty hours of expensive compliance training via a computer program and walked right through them? How many perps are high ranking employees who should have known better? The empirical data I've collected on occupational crimes from three continents over five years makes clear that perps don't think they'll be caught. Forget about their lack of ethics. Forget about entry points. They think themselves too crafty or the deed to easy. Truthfully, the easy part is figuring out why these crimes take place. The hard part is navigating the complex aftermath of workplace crimes. To be clear, deterrence does not begin with a signature after a paragraph on ethics or mother compliance's computer training. It begins at the end, after the deed is done.

Comments are closed for this article!