Category Archives: Compliance

Five Misconceptions That Increase the Likelihood of FCPA Violations

Not too long ago, Supply & Demand Chain ran a great article on “10 misconceptions that increase the likelihood of FCPA violations” that every supply management organization involved in international business should review. The following five misconceptions in particular are dangerous to your average organization.

  • We are a private company so we don’t have to be concerned with the FCPA
    Government enforcement agencies will go after any company that they believe may have committed a FCPA violation. Given that a company can be criminally fined up to 2 Million per violation, it’s a safe bet that every whiff of a FCPA violation will be investigated.
  • Our employees know our position on ethics because our policies spell it out.
    Just because the organization has an employee manual, this doesn’t mean that the majority of the employees have read it. Or that they remember the policy. Or that they believe it has to be followed.
  • As long as employees and agents have certified that they have not paid bribes, we have done enough.
    A cursory certification will not hold up as a defensible position when a company needs to explain to regulators the actions taken to prevent bribery payments.
  • Our global whistleblower hotline is effective because no violations have been reported to date.
    Fewer than 3% of misconduct reports occur through a whistleblower hotline.
  • Since we don’t have a controlling interest in our overseas business partnership, we have no need or authority to extend our compliance program and policies.
    As the article notes, a company must protect themselves by ensuring that joint venture partners are conducting business in accordance with FCPA and local corruption laws, regardless of ongoing control.

Don’t get caught in violation of the “Foreign Corrupt Practices Act”. Make sure compliance and mitigation efforts are in place at all times.

Are You a Contract Hypocrite?

Tim Cummins penned a great article for the newly relaunched Negotiator Magazine site on how “Hypocrisy in Contracting Leads to Wasted Negotiation” since ridiculous demands just lead to repetitive, predictable negotiations that bring little or no value to either party. And this happens more often than not since most large companies would never sign their own contracts, which are diametrically different from those they demand when buying, which is just ridiculous.

Not only do we have to ask what happened to our ethics (that most professional associations insist upon), but we have to ask why we are risking failure for the sake of assigning blame should things go wrong instead of working together to insure that failure never happens. Especially when research is demonstrating that creativity and innovation are closely linked with greater mutuality in key terms which creates a joint responsibility to ensure success.

It’s not hard to harmonize buy-side and sell-side contracts, and it’s not hard to put together a contract you’d actually sign with fair, bi-lateral terms and conditions that share risks and rewards and protect both parties. (the doctor is just an engineer, his paper works that way, and he didn’t need an arrogant overpriced lawyer to create it — in fact, he didn’t need a lawyer at all!) So why can’t we move forward on this issue?

Compliance and Security are Top IT Concerns

A recent article over on Supply & Demand Chain Executive that summarized a survey by the Information Systems Audit and Control Association (ISACA) that found that the top three concerns of IT professionals were:

  1. regulatory compliance
  2. enterprise-based IT management and governance
  3. information security management

It’s kind of surprising that information security management is third and not first on the list given the headlines that come from breaches in security, such as the recent Sony PlayStation Network breach. Regulatory compliance is important, as it can result in fines for failures, but breaches are more costly, once the damage to the brand and the lawsuits are factored in.

I was a little surprised to see enterprise based IT management so high on the list. It’s an important topic, but given recent disasters, I would have expected diaster recovery and business continuity, #4, to take its spot, as IT management is a never ending issue and rarely overlooked by CIOs and CTOs, even though they might no always find the time to get it where they want it.

Supply Chain Disruptions Come Without Warning

Everyone is still talking about the recent Japan earthquake and the ramifications it will have on your supply chain for weeks, months, and years to come. No one is talking about the fact that, thanks to global warming, forest fire season is now upon as and that more than 30 wildfires raged through Oklahoma last weekend (Fark.com) and that it only takes one fire to destroy a plant or distribution centre.

But it doesn’t take a natural disaster or a political uprising (such as the recent ones in Egypt and Libya) to instantly shut down your supply chain. A simple regulatory decision can have ripple effects through your supply chain. On March 10, the US Transport Security Administration (TSA) issued an emergency amendment to security measures that would take effect immediately that required freight forwarders with air cargo operations at non US locations to request additional information for all shipments on each master airwaybill ( MAWB ). As a result, Air Canada had to embargo all cargo flown to the US until further notice until they could be sure they were in compliance. (Canadian Manufacturing) Now, this embargo only lasted a day, but it could have lasted a week had the regulatory change been more onerous. But like a natural disaster, this disruption came without warning to shippers who relied on Air Canada to deliver their goods to the US.

That’s why you need contingency plans drawn up and ready to go, because you never know when you will need them.

How Do You Improve Supply Chain Compliance in Developing Countries on a Budget?

As per this recent article in Industry Week on “improving supply chain compliance in developing countries”, many enterprises can improve environmental practices and worker safety very quickly, using the money, staff and local know-how they already have. All they have to do is the following:

  • Form a Sustainability Improvement Team
    from local talent. The local resources know the operations best and are in the best position to figure out what can be done.
  • Give them a deadline
    for a short term deliverable. The article suggests 100 days, which is not unreasonable if the team is allowed to set their own stretch goals.
  • Give them access to all the resources at their disposal.
    Any resource the company has should be made available to the team.

and, most importantly, and this is one point I would have liked to have seen made,

  • Don’t forget the engineers!
    Responsible for every technical advancement of the last century, they will be responsible for every technical advancement of the next one as well. And the application of technology to better the world for humanity is a goal of engineers worldwide. (For more information, see the IEEE Humanitarian Technology Challenge.)