Monthly Archives: December 2014

Compliance and Contemplation

Compliance and Contemplation

In December 2013 I returned to my computer, having been “off-line” for a little over fourteen months, and I couldn’t help but noticing the dramatic growth in the fields of legal, regulatory, audit and investigatory practices, all offering well-experienced and professional expertise with respect to anti-bribery compliance. It was obviously clear that each practice presented essential elements as part of an anti-bribery compliance program with impressive proficiency and credentials. All I saw missing was a “drill down” into how bribery actually operates at front lines of international business, outside the discussions and press-releases related to enforcement actions.

I found that the quality and frequency of opinion was notable, but again, I saw a gap from the “field” level. As Matteson Ellis sates, “corruption is a crime of opportunity,” (Wrage, 2014, How to Pay a Bribe) and it is a crime where at some level, those who give the bribes and those who receive them have calculated that the benefits gained in the transaction outweigh the consequences and probability of getting caught. While the transactions might be complicated, through front-companies, third parties and other financial vehicles, the behaviors are not; this is a crime of decision-making gone bad. Furthermore, looking at the enforcement history, we see people, myself included, who are well educated, compensated and respected (at the time), and who engaged in corruption. They risked everything, including liberty, sometimes for petty amounts. Why?

Accordingly, I reached out to some of the leading authors in the field whose writing I respect a great deal, including a few who even wrote about my own case, and posed to them the question, “do you want to engage about a first hand experience?” The silence was initially deafening. However, there were those like Mike Koehler, whose own perspective with respect to the FCPA, while different than my own, welcomed me to a Q and A  (link here). Thank you, Mike. Nonetheless, as Justin Paperny said in an interview about his own experience, “I was released to a world that doesn’t totally embrace a convicted felon.” Agreed and deserved. I had to accept and embrace the fact that because of my own behaviors and prior conduct, that my perspectives might be discounted or even discarded by others.

But I never shy way from that conduct, even in my post of a few weeks ago where I talked about being deservedly debarred. Once I got over the “silence,” I decided to speak openly of my experiences and the consequences of my behavior, with no conditions, except to be mindful and respectful of the privacy of others, where appropriate. I thought that as someone who spent a career in the field of international business, knowing that others are facing the same temptations, rationalizations and emotions, that I would try to elevate the front-line perspective. I would engage with others where they found this viewpoint as adding value to the existing field of compliance. Where practitioners said “no thanks,” to exchanging views, in writing or in person, I expressed appreciation for their time and continued to follow their work. But here comes the thank you, combined with gratitude and humility.

What I did find was a large group of professionals, including C-Suite, legal, academic, enforcement, and compliance personnel who said, “we never get to hear this.” Why? Because when people who did what I did are “caught” by their companies and enforcement authorities, we don’t stop by the compliance office on our way out the door and say “hey, do you want a de-brief?” It is a straight line for a Defense Attorney. This group of early supporters, including the likes of Jim McGrath, may he rest in peace, gave me the courage and strength to continue to write and speak about my experience. The feedback that I  continue to receive is that the behavioral, or front-line, perspective is too often ignored, perhaps deliberately, in the compliance debate. I am not listing this group by name as surely I will leave someone out, and will then feel that I was not being mindful of everyone. So as group, including my readers of today, I  thank you for being a part of my community. I also want to express my gratitude  to those whose who have invited me to guest write and speak as to address their communities.  Once more, a collective thanks.

As Alison Taylor has stated in her recent white paper (link here), Risk an Organizational Perspective, compliance has to be more than a bolt-on set of rules and procedures for it to take hold in an organization, and that “processes will not solve the problem.” I totally agree with her that the current risk-mitigation model, while essential, is proving inadequate “in the face of regulatory complexity, volatility and an enforcement environment of constant change.”  If you think that the current compliance paradigm is ‘doing just fine,’ just look at the FCPA ‘December to Remember’ on the DOJ web site. Even with all of the current enforcement publicity, well-educated and highly compensated professionals, are still weighing the pros-and-cons of corruption, and bribing. Look at the OECD Bribery Report; this is not behavior that always emanates from the bottom of the org chart.

Thus, as I contemplate this year of compliance, I express my sincere and humble gratitude to those who said, “speak up.” The Ivory Towers of Board Rooms and C-Suites are a long way from the front lines of international business, where the confrontations with corruption take place. I am happy to accept the role of the “little guy” at the field level, who will continue with your encouragement, to elevate the front-line perspective. While talking about my past is not always comfortable, I will never hesitate to pull back the curtain on the emotions, temptations and rationalizations that occur at the field level. If you want hear more, I will continue to blog once a week, and you can always e-mail me at [email protected]. But be prepared, you might not like what you hear. As I continue to share, while hearing what happens at the front lines of international business might be upsetting, that is a good thing, as you can always fix what you know.

Have A Happy New Year, Richard

Bribery and Business Attitudes

Bribery and Business Attitudes

Alison Taylor, Senior Managing Director, Control Risks, in a white paper, “Risk, An Organizational Perspective,” states “the traditional preventative approach to risk management is proving inadequate in the face of regulatory complexity, volatility and an environment of constant change. What should replace it is not yet clear.” Indeed, lately there has been a great deal of writing relating on the subject of risk, specifically corruption risk, including the recent OECD Foreign Bribery Report. The reports include a number of comprehensive surveys, such as the one I commented upon from E&Y. When I read these pieces I always try to remain focused as to what practical use they might have to practitioners and professionals who confront corruption risk on the front lines of business, as well as to those who are tasked with helping them to manage that risk.

Accordingly, with that viewpoint in mind, I strongly recommend a ‘deep read’ of a recently released Control Risks survey “International Business Attitudes To Corruption,” which articulates a key-finding right up front: “Paper compliance is not enough.” As the authors continue, when it comes to compliance, companies fall into two categories “those who mean it, and those who don’t.” So, with respect anti-bribery compliance “what do companies need, and what do they lack?” According to the authors, whose data set includes 638 respondents among legal, audit and compliance executives, those elements include:

  • Board level leadership and responsibility.
  • A strong and consistent message communicated to staff.
  • Penalties for breaches.
  • An appreciation that the benefits of a robust and meaningful anti-corruption program go beyond simple compliance (emphasis added).

What about the “those who don’t mean it?” Where and why do they fall afar? One dynamic which the authors elevate, and which I echo from my own perspective, is the ‘remote office’ problem, where there is a “disconnect between what the head offices believe about the adequacy and effectiveness of their anti-corruption program and what actually happens in high-risk markets.” In these cases, compliance runs afoul, sometimes due to “general ignorance; sometimes it is a form of willful blindness,” but as the authors remind us “neither is a credible explanation in the eyes of the regulators.” As the survey addresses in a section called “Failure to follow through,” “these days many companies are good at talking about principles. Not all of them are able to demonstrate that they put them into practice.”

As Alison states in her paper, “numerous research studies have determined that rules and processes do not exist in a vacuum and that organizational culture is a critical explanatory factor of employee behavior.” The survey, in my opinion, provides significant value to the compliance community by going beyond the data to drill into what a more robust compliance program necessitates. In other words, what are the “lessons learned” from failed programs in order to embrace compliance as going beyond a set of rules and procedures that might be viewed as a ‘work around’ at the front lines of international business.

Accordingly, here are the “three key qualities” relative to a “robust and meaningful” compliance program that the survey addresses:

Invest in leadership

The work speaks to the fact that less than half of their respondents had an anti-corruption program at the Board level. Not surprising given the OECD finding that “in 41% of the cases management level employees paid or authorized the bribe, whereas the company CEO was involved in 12% of the cases.” As the survey addresses, when there is a Board level commitment, it cascades down throughout the organization by “providing compliance teams with the support they need.” Indeed, having employees sign anti-bribery representations and watch on-line corruption videos does not exactly demonstrate a firm leadership commitment to anti-bribery compliance. Nor do executive proclamations of “we don’t break the law” when combined with aggressive financial forecasts and lucrative short-term incentive plans in high-risk (low integrity regions). As Alison states in her white paper “if employees do not believe that risk management is an essential component of organizational success, processes will not solve the problem.”

Consistency, Consistency, Consistency

“Having an anti-corruption program is not sufficient in itself,” Accordingly, as the authors state “effective two way communication is essential.” Furthermore, when it comes to third parties, “well-drafted contracts are essential but not sufficient,” as companies need “to be able to demonstrate that they have assessed the potential integrity risks thoroughly and consistently.” Indeed, as I have often shared, companies need to start bringing in their business teams to listen to the risks which they are facing in the field, and the more upset they are by what they hear, the better those conversations are going. You can fix what you know, and corruption risk in the Middle East is very different from corruption risk in Asia.

As Alison states in her white paper “all risks are not created equal, and different risks require fundamentally different responses.” Hearing the specifics of how risk is confronted on a regional or country-by-country basis is an important step in establishing that response. Listening to those who confront risk on the front lines of international business will help organizations to develop practical tools calibrated to the industry and region. In addition, attending to the concerns of field personnel will go a long way in getting front-line buy in as the participants in such discussions will likely takeaway a vision that “management is serious” about supporting risk management. I call that front-line “buy-in.”

As Harvard Business School Professor Paul Healy states in an article Corrupting Silence: Companies Must Speak Up Against Bribes, “It’s harder to rationalize corruption if you are receiving a consistent message that we don’t do this.”

Get ready to resist

Here is where it can get challenging, as “the third requirement is a willingness to resist bribery, even in, or especially in, high risk environments.” According to the authors, “resistance to demands is tough but entirely feasible,” requiring “skill, determination-and vision.” The ‘how to,’ is best elevated by Alison when she states that “companies must therefore make strategic decisions as to whether to enter some markets, accepting a certain level of inherent corruption risk, or stay out of them so they can maintain stated ethical commitments.” But where those markets are entered, if delays, sales targets and growth plans to do reflect the inherent market risks, then those at the front line will at some point take compliance decisions into their own hands as they ponder “what does management really want, compliance or sales?”

As the survey states “often the most realistic approach is to accept a short-term failure to win business, while preparing the ground for greater success in the future.” Indeed, when field personnel see that management understands that to be successful and compliant, short-term sacrifices will be necessary, then an important step will have been reached to embrace a more “robust and meaningful anti-corruption program” as going “beyond simple compliance.”

From my perspective, when those who confront risk in the field see that management has embraced anti-bribery corruption as reflected in business strategy and growth forecasts through making “clear-eyed” strategic decisions, especially in low integrity regions, then the “what we say” will be well balanced and aligned with the “way we do things around here.” This commitment, as Alison states, will then go beyond the traditional “bolt on” compliance model as to “tackle the full scale of the corruption challenge, which cuts across every aspect of a multinationals company’s business.”

The OECD Foreign Bribery Report: ‘Too Big to Debar’

The OECD Foreign Bribery Report: ‘Too Big to Debar’

“Your criminal actions raise serious questions as to whether you have the requisite personal integrity and business ethics to be a responsible Government contractor.”

That’s me. I was debarred from being a government contractor, and based on my conduct and offense it was an appropriate and fair decision. The process by which I was suspended and ultimately debarred was also fair and appropriate. Furthermore, the protocol the government afforded me in terms of providing an opportunity to address the length of the debarment (it was reduced by one year) was also quite reasonable and objective. So what does that have to do with the OECD Foreign Bribery Report? (link here)  Well, according to the report, of the 427 cases used by the OECD for its data set, two resulted in debarment. The OECD defines debarment as relating “to the additional non-automatic sanction of provisional exclusion from participation in national public procurement processes for a set period.”

Thus, as representing fifty percent of the data set (I am assuming that I am one of the two counted, but I have not asked the OECD for verification), I would like to share a few observations. First, as the OECD has shared, these numbers are surprisingly low “despite the 2009 OECD Recommendation for Further Combating Bribery of Foreign Officials in International Business Transactions” where in fact the OECD recommended the suspension “from competition for public contracts, or other public advantages, enterprises determined to have bribed foreign public officials in contravention of national laws.’”

In my case, debarment, as an extension of my original suspension, will run for two years as a “probationary” period, where the US government will give me the opportunity to “demonstrate that (I) meet that standard of responsibility required of a Government contractor.” Fair? Yes. Appropriate? Yes. So, given that such sanctions are in the toolkit of government penalties and there is a fair process by which the Government will allow an entity to make a case for a reduced period of debarment, why isn’t it being used more often?

As University of Virginia (disclosure, my Masters in Foreign Policy is from UVA and I consider myself a dedicated Wahoo) Professor Brandon Garrett states in Too Big to Jail, (Amazon link here) suspension and debarment “may result in what is a effectively a death penalty for a company, and in many cases prosecutors and regulators are right to want to avoid such severe consequences for the entire company.” Agreed. For example, in my own case, would it have been responsible to have my former employer debarred, with potentially catastrophic economic consequences, for conduct attributable to me? Clearly not, and as Professor Garrett states, “prosecutors are absolutely right to try to avoid collateral consequences of a corporate conviction.”

So, if debarment represents one of the most “powerful tools” that the government has in its enforcement arsenal, is there a way to have it utilized in a way which is painfully incremental, but which can also present a clear and powerful deterrent? Given the current tide of FCPA Enforcement actions (FCPA was number two in Professor Garrett’s analysis of category of crime for which there were DPAs), which does not seem to be receding, perhaps debarment needs to be considered as a potential penalty, but structured in a way which while economically significant, limits the consequences upon both innocent employees as well as governmental entities which may need these services and products.

As Professor Garrett states “if one justification for prosecuting a company in the first place is egregiously bad compliance, then one wonders why so little is typically done to deter or correct it.” So, is debarment the next possible incremental step in increasing corporate and individual deterrence, especially in FCPA cases where “corporate complexity may not only enable crime on a vast scale but also make such crimes difficult to detect, prevent, and prosecute.” If those who participate, condone or intentionally  ignore foreign bribery do not see debarment in their calculus of consequences, then perhaps its use is now warranted as part of the continuum of sanctions and penalties that the government has at its disposal.

Corporate Supervised Release

Professor Garrett, in an interview (link here) with Joel Schectman, Wall Street Journal, Risk and Compliance Journal, Professor Says Corporate Penalties Aren’t Working, states “Parole and other conditions of release are stringent for individuals but the conditions for supervision for corporations are incredibly lax.” Thus, perhaps debarment can be considered as a “condition of supervision,” much like the Federal Government has for individuals, whereby once a corporation has demonstrated corrective measures and a track record of ‘sticking to it,’ that they can once again commence government contracting.

In the Risk and Compliance interview, Professor Garrett shares that when it comes to corporate enforcement “there is much more focus on rehabilitation compared with other areas of the criminal justice system.” So why not make debarment part of rehabilitation?  If debarment can be wielded as a penalty in a personal enforcement, why not apply it to corporations? I agree with Professor Garrett in that “people would be really troubled if the most serious individual offenders were let out and told just behave for a couple of years without supervision,” and as he adds, “that is what’s happening with companies.” 

Alternatives to a Corporate Death Sentence: The Federal Supply Schedule

For those who are familiar with Government contracting, you know that such a solution is administratively challenging. Debarment might be viewed as an all or nothing scenario, where the economic “death penalty” would be unavoidable for certain firms. However, digging into the details of government contracting, there are incremental options, short of all out termination of contracting. For example, many corporations hold “GSA contracts,” whereby all US Government entities can order from a pre-arranged pricing schedule that reflects “best and preferential pricing” (under the Federal Supply Schedule) to the US Government. It is essentially a commercial price list with a discount schedule.

Orders from a GSA contact are frequent, and the order volumes vary greatly from the very small to very large. Perhaps temporary suspension from the Federal Supply Schedule might be appropriate, as that would leave in effect large negotiated non-GSA contracts. The result here might be consequential but not catastrophic. In other words, it does not have to be “all or nothing” as such a suspension could be a part of a negotiated DPA, as a “condition of supervision,” so to speak.

Export Control Restrictions

Given that the FCPA applies to the bribery of foreign entities, what about being debarred from exporting to public or state controlled entities for a limited period? Many of the companies that were referenced in both the OECD and Professor Garrett’s work were subject to export licensing controls under the jurisdiction of the US State Department (DDTC), and the US Department of Commerce (BIS). Would anyone think it unusual for an entity that bribed foreign officials to be subject to debarment from obtaining export licenses, perhaps to the same countries where the bribe was paid, for a limited time period? Again, all of this as part of “corporate supervision.”

Debarment “in Country”

Given the increased level of international law enforcement and prosecutorial cooperation on foreign bribery cases, what are the ramifications of debarment  from the country “of origin?” Of course this would involve some local political willpower from leaders who want to show that corruption is not acceptable, and who look to punish those corporations that use their institutions of state as a vehicle for foreign bribery. It also allows the overseas government  to send a message to both state owned employees and corporate front-line teams that bribery will not be tolerated, and will in fact be prosecuted. We see this type of movement in China right now with the prosecution of both state employees and the pursuit of corporate violators.

As the OECD report states, “countries need to ensure that entities and individuals found to have bribed foreign public officials in international business can be and are disbarred from participation in national procurement contracting.” But, as Professor Garrett well states “suspension and disbarment are highly uncommon.” Why? Because there is, in my opinion, a misperception that debarment equates to a corporate death sentence. I hope that by elevating some of the incremental enforcement and policy options which might be available in the context of debarment, that perhaps the “all or nothing” perception might be reassessed.

In his concluding chapter, Professor Garrett argues, “for corporate prosecutions to have real teeth, debarment and suspension should be exercised more clearly and forcefully, particularly for recidivists, to ensure that they implement meaningful compliance” and he reminds us that prosecutors “can wield the most powerful tools.” Thus, if the current FCPA enforcement regime can be strengthened, in terms of deterring foreign bribery and punishing violators, perhaps the “debarment” tool needs to be taken out of the shed, and utilized in a way which while economically painful, is not catastrophic to the hard-working employees and end-users who play a legitimate and lawful role in the economic value chain.

Corruption and the Security Sector

Corruption and the Security Sector

Recently, there has been a great deal of writing about the impact of corruption on security forces. The Carnegie Endowment for International Peace published a work titled Corruption: The Unrecognized Threat to International Security (link here).  On November 23, 2014, The New York Times published an article  Graft Hobbles Iraq’s Military in Fighting ISIS By David D. Kirkpatrick. As article states:

“The Iraqi military and police forces had been so thoroughly pillaged by their own corrupt leadership that they all but collapsed this spring in the face of the advancing militants of the Islamic State — despite roughly $25 billion worth of American training and equipment over the past 10 years and far more from the Iraqi treasury.” Accordingly, in an effort to elevate yet another “victim” of corruption, often fed by US military and economic assistance, I invited James Cohen, who recently guest blogged here on Mapping Corruption to share his thoughts.  As a reminder, James is an independent international development consultant based in Ottawa, Canada. He focuses on corruption, human security, and corporate social responsibility. He has experience with organizations such Transparency International UK and the Geneva Centre for the Democratic Control of Armed Forces. He can be followed on Twitter at @JamesCohen82 or contacted through LinkedIn. His comments first appeared on on the DCAF-ISSAT Community of Practice’ web-site.

I will  preface that in my experience in the defense/security field I witnessed multiple examples of security forces purchasing products which were not needed for theater operations, on order to facilitate corruption. I also saw numerous cases of security services purchasing products at inflated prices, also in the context of using procurement  spending as a vehicle for corruption. As the NYT article reported  “Iraqi soldiers often charge that they have been furnished with partial supplies and cheaply made weapons because their commanders took kickbacks or skimmed off the savings.” As Transparency International states on its web-site  “we estimate at least US$ 20 billion is lost to corruption in the (Defense) sector every year. And that is only a modest estimation of the costs incurred when national security concerns become a veil to hide corrupt activity. Single source contracts, unaccountable and overpaid agents, obscure defence budgets, unfair appointments and promotions, and many more forms of corruption in this secretive sector waste taxpayer funds and put citizens’ and soldiers’ lives at risk.”

 I thank James again for today’s guest blog, so now to his work:

The Impact of Corruption on Security Sector Effectiveness

A string of recent global security failures has focused media and political attention on the impact of corruption on security sector operational effectiveness. Whereas corruption is often viewed by international actors as a costly annoyance with mostly local effects, there is increasing recognition of the significant risks it poses for both national and international security. In this post I highlight a couple of examples of how key international actors are beginning to take these risks more seriously and offer a few recommendations for effective anti-corruption programming within the context of security sector reform (SSR).

The Problem

In 2012, poorly equipped Malian soldiers rapidly lost territory and morale to a wave of well-armed rebels and foreign fighters descending from the north. In 2013, Kenyan security forces failed to detect and prevent a major terrorist attack on the busy Westgate Shopping Center in Nairobi. In 2014, Nigerian security forces were unable to prevent the kidnapping of 300 schoolgirls, to track their abductors or to locate where they were being held captive. At the same time, the Iraqi army, trained and equipped at vast expense, was quickly overrun by the advance of the Islamic State of Iraq and Syria (ISIS). In all of these cases, serious concerns have been raised about the role of corruption in ignoring or aiding the activities of extremists, in covering up their identities and whereabouts, and in diverting the resources that were intended to be used to fight them.

The Response

In response to these types of security failures, and the risks they pose to its citizens and allies, the US recently announced its new Security Governance Initiative (SGI), aimed at supporting security sector reform in Ghana, Kenya, Mali, Niger, Nigeria, and Tunisia. While much of the language to describe SGI focuses on strategic security threats, in particular to the US, emphasis is also placed on building accountable institutions and meeting citizen security needs, such as access to justice. While it is too early to tell whether this emphasis will prevail over more traditional ‘train and equip’ approaches, the recognition of the importance of governance and citizen-centered approaches is a step in the right direction in tackling the endemic corruption that is undermining the operational effectiveness of security services.

For its part, NATO specifically identified anti-corruption as a crucial aspect of its long-term SSR support to the Ukraine, where many believe corruption has played a significant role in undermining the Ukrainian army’s ability to deal with the separatist movement in the east. For instance, the Joint Statement of the NATO-Ukraine Commission states, “With Allied support, including through the Annual National Programme, Ukraine remains committed to the implementation of wide-ranging reforms, to combat corruption and to promote an inclusive political process, based on democratic values, respect for human rights, minorities and the rule of law.”


I recommend that security sector reform programs take into consideration the following areas to address corruption risk:

Holistic and politically sensitive engagement:

Addressing corruption cannot be a siloed and purely technical exercise. While support is necessary for building up institutions and training individuals to combat and mitigate corruption, political management is required. Combating corruption will create losers who previously benefited from nepotism, embezzlement, and payoffs. Programs need competent staff with diplomatic and mediation skills, well thought through risk maps and mitigation plans, and strong analysis as to how corruption networks operate in a local context. Security sector anti-corruption programs also need to take into account and complement national anti-corruption programs.

Corruption assessments:

Corruption plays itself out differently in each context. Tools to help analyse corruption should include stakeholder, political-economy, and institutional integrity analyses. In addition, following the money is important. For instance, Bernard Harborne highlights case study assessments in Côte d’Ivoire and Somaliland where following security sector revenues uncovered significant corruption and threats to the sustainability of security sector financing.

Institution and procedure building

Procedures and standards that promote integrity and punish corruption need to be built up within security institutions. Achieving this includes security personnel identifying and prioritising their corruption risks, along with developing context specific plans that account for political challenges. Codes of conduct, procurement and career advancement processes, and legislation for whistleblowers need to be backed up with training, particularly amongst senior leadership, and oversight on their implementation.

Improving oversight:

Accountability for the use of state resources is crucial for combating corruption. The defence and security sectors pose two critical hurdles for accountability: 1) sensitive information; and 2) technical complexity. There will always be a need for some level of secrecy within the security sector, but tactics such as labeling budgets as ‘state secrets’ demonstrate how this need can be easily abused. A healthy balance between secrecy and disclosure needs to be struck with civilians weighing in on the decision. Those responsible for oversight also need to understand what they are examining, which may call for expert advice. Finally, effective oversight institutions need to be established and maintained such as anti-corruption bodies, which without support get targeted for budget cuts.

Civil society and citizen voices:

Speaking out against the security sector can often be regarded as taboo in post-conflict or authoritarian countries, notably due to the personal risks of doing so. When the public does speak out, the tendency leans to criticism without an articulation of the kind of the security sector the public wants. Support to combat corruption needs to help facilitate a dialogue between the public and the security sector to the point that this is the norm. This does not just mean ‘awareness raising’ about corruption. Most citizens are well aware of corruption problems. Rather it means helping the public and civil society to examine how corruption works, and what are ways of calling for accountability. Additionally, the free press needs to be empowered as an important part of civil society oversight.

Placing more emphasis in these prevention programs can do far more for local, regional, and global security in the long run than continuing to rely on train and equip programs.

Postscript: With the release of Transparency International’s Corruption Perception Index on December 4th, the rankings of the countries listed provides an indicator of the problems unrestricted arming programs can lead to. It wasn’t long before US arms shipments for Iraq – ranked 6th most corrupt country – found their way into ISIS hands.