This article initially appeared on The FCPA Blog, here and is reposted with the permission from the editor and publisher.
It was 2003, and I received an urgent order for ballistic vests and helmets for United States Coalition Forces stationed in Kurdistan. The quartermaster for those forces was emailing and calling me (from a bunker, literally) that he needed the equipment in days or weeks, not months or quarters.
Delivering armored equipment to regions like Kurdistan had not yet aligned with State and Commerce Department export regulations. Complying with existing law would have resulted in at least a three to four-month delay.
I was living in the UK at the time, so I explored whether UK authorities would be any more responsive to an export request. They weren’t. Meanwhile, months were clicking away and the threat to coalition forces wasn’t, but I had a solution. I could manufacture the products in the UK and ship them to the United States. From the U.S., I could use an open license to export the products to the UAE, where a freight forwarder could receive them for overland transport to the coalition forces in need.
I knew I was circumventing U.S. and UK export laws. But after all, I reasoned, the coalition forces were U.S. and UK allies.
In a post for the FCPA Blog back in April, I reflected on “compliance pauses.” An excellent article with a similar theme appeared last month in the MIT Sloan Management Review. Authors N. Craig Smith and Piergiorgio Pepe discuss how “organizations in many fields must consider the extent to which compliance rules and procedures should be modified — albeit temporarily — during a crisis response.” Using a narrow focus on decisions about corporate charitable donations, they provide a series of “key recommendations for all companies wrestling with how to provide help to those affected by a crisis while keeping the business going and sustaining ethical standards.” Their recommendations are well worth reading.
But I would like to add a key recommendation of my own: Consider why those compliance rules exist to begin with.
I pleaded guilty to my 2003 trade offenses (and to FCPA-related offenses). From a U.S. Criminal Code perspective, violating the International Emergency Economic Powers Act and Export Administration Regulations carries a criminal offense level far greater than the FCPA, even if the end-user was “friend not foe.” But breaking the law was breaking the law, and I did it.
However, it wasn’t until a decade later that I came to appreciate the “why” of those export laws. I was speaking at a trade symposium, partially sponsored by the Department of Commerce’s U.S. Commercial Service, on “Complying with International Law.” During a coffee break (I miss in-person coffee breaks), I chatted with a representative from Commerce’s Bureau of Industry and Security. He said I might have thought in 2003 that I was being virtuous and selfless getting lifesaving products to coalition forces. But by circumventing export controls, I risked losing possession of the end-to-end shipment and delivery. In other words, he said, those ballistic vests and helmets could have easily been intercepted and diverted by bad actors seeking to harm coalition forces. That didn’t happen, thankfully, but it could have, with catastrophic consequences.
I was naive not to have considered the why behind those export procedures I circumvented. I didn’t try to see how those processes were meant to protect people, not to slow businesses down or inhibit success. Instead, I made a value judgment about “doing the right thing” that I was not entitled to make. And I realized later that there were workable alternatives; I could have shaken off my “crisis mentality” and unpacked those alternatives with my team. I could have hit the pause button, and worked with export desks at Defense, Commerce, and State to find an acceptable solution. That didn’t happen because I believed, wrongly, that I could (and should) resolve the dilemma on my own.
The authors of the MIT SMR article conclude that ethics and compliance in times of crisis require not just a “swift response but a careful one.” They’re right, as I learned from personal experience and personal failure. During times of uncertainty and crisis, the “why” behind our compliance practices can easily get lost, buried by what might be well-intentioned but short-sighted decisions.
My advice to today’s crisis-immersed compliance officers: Share the “why” behind your compliance practices whenever there’s a chance. Doing that will show active leadership in setting ethical expectations. It will help everyone keep priorities straight. And it will bring clarity to those who might be confused about what it means at this moment in time to “do the right thing.”