I wrote recently about the multiple meanings of “de-risking” and how compliance professionals need to know all those meanings. That post triggered a comment that took me by surprise. An old friend, whose job is to teach law school students about compliance, told me there’s a similar problem with another familiar compliance-related phrase. That phrase is “red flags.”
My friend explained that those of us already in the compliance industry have an agreed definition. We think of red flags as “a sign of heightened risk.” That’s a good definition and how I’ve always understood and used “red flags.” But then came the surprise.
My friend said he realized last year that, for his students, red flags are evidence of misconduct. “So to them, witnessing an individual offer a government official a bribe is a red flag.”
He had an uphill climb, he said, convincing those students that a pattern of suspicious payments is a red flag — a sign of heightened risk — but not necessarily evidence of misconduct.
There’s a huge difference between the two meanings. A sign of heightened risk means taking extra care navigating what’s ahead, but moving ahead all the same until you can’t.
Whereas the students’ red flags are evidence of wrongdoing and therefore trigger terminal consequences. Those red flags are the end of something, not a continuation with conditions attached.
“The compliance industry may not be moving in that direction yet,” my friend concluded, “but when the 20-somethings take over, it just might.”
It had never occurred to me that there might be a definitional divide over “red flags.” Maybe that’s because I never thought about the phrase until I finished law school and started doing compliance-related work. The only definition I knew came from our industry.
I think that’s true for many of us today. We didn’t learn compliance or its lexicon in school but on the job. Words took on meaning through use and repetition and the meanings became fixed.
Even the DOJ and SEC talk about “red flags” as though we all know what that means. In their FCPA Resource Guide, they use “red flags” eleven times without providing a definition, only examples — excessive commissions to third-party agents or consultants, unreasonably large discounts to third-party distributors, sketchy third-party “consulting agreements,” and so on. They go on to describe what needs to happen if any of those red flags are present — more due diligence.
So perhaps the context provides the meaning for us so clearly that a formal, technical definition is unnecessary. But that’s not true for many or even most of tomorrow’s compliance professionals. Instead of learning about compliance on the job, as most of us did, they’re learning about it in school. And they’re coming to school with preconceived notions of red flags — not as warning signs but as evidence of misconduct.
Where might they get that idea? From daily life.
A red flag at the beach doesn’t mean to swim with caution; it means no swimming — the water is off-limits.
A red flag in motorsports doesn’t warn drivers to slow down and be careful; it orders them to stop racing and come to a complete halt.
According to the Urban Dictionary, a red flag means “[s]topping what you’re doing because something has made the environment unsafe.”
There are also close cousins to red flags, such as red cards in soccer, flashed when a player breaks the rules more than once and is then ordered to take an early shower.
Red lights at intersections don’t warn us of danger or advise us to proceed with caution. They order us to stop.
No wonder some of today’s students (and tomorrow’s compliance professionals) understand red flags differently.
Perhaps the compliance profession made an error early on. Maybe yellow would have been a better way to talk about heightened risk. We all know that yellow traffic lights mean to proceed with caution because you’re between the green and the red.
A yellow card in soccer is a warning but allows you to continue playing. In car racing, a yellow flag is called a “caution.” It means slow down and be more careful than usual because there are hazards in front of you.
Those of us who came to the compliance profession before compliance became a subject taught in school can learn from my friend’s students. They’re right that some of the vocabulary of our profession is imprecise and confusing to those outside compliance or just joining us.
Not long ago, the compliance profession was a small group still trying to find the way forward. The words we used to describe our work took on meanings by consensus.
But today, in this era of expanding compliance, we shouldn’t assume everyone knows what common but undefined compliance-related words and phrases mean. That’s true whether we’re talking to students in a classroom, co-workers in a compliance training session, or members of the board of directors.