On November 14, a week before the usual Black Friday shopping madness, the U.S. Department of Justice and the Securities and Exchange Commission gave companies a free gift by releasing long-awaited guidance on the U.S. Foreign Corrupt Practices Act. The guidance repackaged a number of the enforcement actions, opinion releases, and other source materials on the FCPA. The guidance also warned companies that compliance programs addressing the FCPA should focus resources on the areas that pose the greatest risk. The guidance states that “assessment of risk is fundamental to developing a strong compliance program” and explains that one-size-fits-all programs “no longer measure up to the DOJ’s standard.”
The concept is simple and intuitive. Execution, however, is difficult. A “risk-based” approach depends on using empirical data to address compliance risk. How to use this data to discern trends and risks has been a significant challenge for compliance lawyers. Nate Silver, in his recent book, The Signal and the Noise—Why So Many Predictions Fail But Some Don’t (Penguin Press HC, 2012), discusses sorting through empirical data and identifying signals that enable better decision making. And in his wildly successful book (and later movie) Moneyball , Michael Lewis chronicled how statistical modeling led to better decision making in baseball roster management.
