Memorial Day – A Big Thank You

Today’s is a personal blog. Monday is Memorial Day. It is traditionally the day we celebrate the men and women who have served our country in our armed forces. One of the things that I have long rued was the manner in which returning veterans were treated when they came home from Vietnam, no parades, no congratulations, no thank you for serving. In my mind one of the best things to come out of the first Gulf War was the change in how our returning veterans were treated. When they first landed on American soil, at Bangor, Maine, cheering crowds were there to greet them. I find this to be right and proper. And while I disagree with 99.99999999999999999% of what Governor Goodhair says and stands for I do agree with his suggestion that there be a national parade for the veterans of the Iraq War.

But as I said today is personal. I want to especially honor the men and women who served our country in World War II. I certainly view them as “the greatest generation” for a whole host of reasons, not in the least their collective fight against the forces of evil in the world. Name any right you hold sacred as an American and the men and women of that era fought to defend it. Right to vote, freedom of expression, freedom of religion, are but a few. However, there are many other rights that might you might not think of that we owe to these men and women who fought and sacrificed for us during this conflict.

My father served in that conflict. He is still alive and kicking today at 85. For the past 40 years he has been a labor arbitrator. He believes that working people should have due process regarding their jobs and as an arbitrator he has put that belief into practice by requiring companies who terminate employees to follow the due process requirements of termination for just cause. Put another way, if an employer is going to deliver a death penalty sanction in the workplace, in the form of job termination, it must do so fairly and justly. This does not prevent management from exercising its rights or prevent management from running its business. At a bare minimum, it means that a company must have an agreed upon disciplinary process in place and that process must be followed if the company is going to terminate an employee. A company must investigate and it must allow an employee to tell his or her side of the story, the employee must have the right for union or other representation in the process and the final appeal of any termination must be made by someone other than the original decision maker. In other words, the fair process doctrine. It is one of the rights which the greatest generation defended in that conflict.

So on this Memorial Day, I honor my father and all of the other ever-dwindling number of World War II veterans for their part in making this country the greatest country in the world. I would ask each of you to honor our veterans on Memorial Day in your own way, even if it is just a moment to reflect on those who made the ultimate sacrifice in giving their lives or those who raised their right hands and swore to protect the rest of us.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

JP Morgan and Risk: Mission Creep, Mission Expansion, Mission Explosion

In an article in today’s Financial Times (FT), entitled “JP Morgan shows the futility of fighting complexity”, Sallie Frawcheck posited that the JP Morgan trading loss demonstrated that regulators are fighting the wrong battle regarding risk. She believes that the main reason for the problems engulfing JP Morgan was that the size and complexity of the company’s trading positions were so great that the company is still coming to terms with just how large the loss will be and how JP Morgan can unwind itself from those trading positions.

She believes that one of the solutions would be for regulators to “turn their attention to the issue of understanding how much risk the banks are taking in total, fixing measurements of risk that have fallen short and then making certain that banks have enough capital to support that risk.” However, she also warns that if a bank’s risk assessments are “unable to keep up with the complexity of certain types of trades [such as the ones at issue] or sub-businesses, then the activities should not be allowed in a regulated banking entity. Full stop.” [emphasis mine]

Her article brought up one of the ongoing battles that I continually fought as an in-house counsel, both in my transactional attorney role and compliance professional role and that battle was Mission Creep; leading to Mission Expansion; leading to Mission Explosion. In the transaction world, this would occur when parties contract for the provision of specific services or specific goods and then the contract is used as a basis for a completely different product or service. So if my client provides engineering services, there will be terms and conditions appropriate for a services contract. These terms could spread or assign risk to one party or the counter-party through such clauses as warranty, indemnity, limitation of liability, confidentiality and insurance. However, if the relevant business units of each party then decided to use the contract for the purchase of raw products the scope of the contract has changed or Mission Creep has begun. If the client then asks for the engineering services company to lead the fabrication of the raw materials we have sped up to Mission Expansion. If this Creep and Expansion continue for any length of time, we will move to Mission Explosion.

The risks which were agreed upon for services work are far different for the purchase and delivery of goods. The risks are even more divergent if fabrication of the products are required. These changes in risks can affect the risk management clauses detailed above. A services warranty is usually quite different from a product or even Original Equipment Manufacturers (OEM) warranty. If an indemnity is fault based, are products purchased under a contract which covers engineering services only? What about your limitation of liability – is it limited to the value of a contract, what if the contract for fabrication of the entire systems crashes burns, injures or kills someone? What about Intellectual Property (IP) indemnity for goods and products vs. services delivered? The list of questions is almost endless.

In the compliance world this Mission Creep, Mission Expansion, Mission Explosion trichotomy plays out when a company moves into a new geographic area or product line. Have the compliance risks been adequately evaluated? Have they been evaluated at all? Perhaps more importantly has the relevant business unit communicated to the Compliance Department these new initiatives so that the compliance risks can be assessed?

The failure by JP Morgan to properly assess its risk or use risk intelligence correctly may have indeed had its genesis in the complexity of the trading positions the company was taking. But Frawcheck’s article pointed out that it is not simply complexity which can lead to failure in the assessment and management of risk. In JP Morgan’s case, it may be that one step on the Mission Creep continuum led to more steps of Mission Explosion, which inevitably led to Mission Explosion. But, whatever the reason, I think one of the clear lessons from the JP Morgan debacle is if your risk assessment cannot determine what your risk is or your risk intelligence cannot evaluate your risk assessment in a meaningful way, you need to slow things down until you can do so. Or as Sallie Frawcheck said: Full Stop!

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Assessing Risk? ethiXbase is an Invaluable Tool

Most compliance practitioners have gotten the message that a risk assessment should inform the creation of, or enhancements to, your Foreign Corrupt Practices (FCPA) or Bribery Act anti-corruption compliance program. But just say that you are Compliance Officer and the Chief Compliance Officer (CCO) comes into your office and tells you that the company wants to look at going into China to either manufacture a key component of your company’s most valuable product or go into Russia to sell a new product line. The CCO would like you to do a risk assessment from the anti-corruption/anti-bribery perspective. You cannot go to outside counsel or an outside expert. Faced with this problem, what might be the best single resource for you to begin this research?

Put another way, what is the best one-stop database site for anti-corruption and anti-bribery on a worldwide basis? I think that the answer is will lead you to one resource that I would suggest you take a very hard look and that is ethiXbase.com. The reason – it simply has a breadth and scope that cannot be matched.

The database has five tabs which allow you to research in a wide variety of areas. In addition to the individual tabs, details of which are listed below, you can set notifications for email alerts. You should also note that the site is updated on a daily basis. The specific information includes the following:

Dashboard

This tab allows you to set any of the BRIC, Brazil, Russia, India and China, countries as a default country. From this setting you will receive information on the latest actions in the country; the latest FCPA enforcement actions related to the country you have selected; enforcement statistics and trends and summary of legislation relating to anti-corruption, translated into English. This tab also provides general statistics on the country such as population, capitol and elected federal officials.

FCPA Index

This tab provides a simply breath-taking scope of information for the compliance practitioner. Every FCPA enforcement action and publicly announced on-going investigation is available to you in a searchable database. The ease of use is outstanding. There is information on Federal register, federal agency, public laws, and Congress bills related to the FCPA and, finally, there are risk factors disclosed by companies around the world in all of the above. Amazingly, this database is updated on an hourly basis so you have the most up-to-date information available.

Global Index

This database is equally broad in scope to the FCPA Index but set up for the entire world. Pick any country and you will immediately have access to anti-corruption legislation and the applicability of the Organization for Economic Co-operation and Development (OECD) and United Nations Convention against Corruption (UNCAC). You will find OECD reports as well as other Non-Government Organizations (NGOs) such as the International Monetary Fund (IMF). There is also an index of ancillary laws such as privacy laws and anti-money laundering legislation in each country.

Law Firm Memos

For any compliance practitioner, this resource is simply fabulous; it houses the best legal Memos from the best law firms in the world. It is database of more than 1,000 client alerts and white papers from firms specializing in compliance issues. It is searchable by law firm name, topic and title. You can set up customized watches or bookmark specific memos.

News

Last, but certainly not least, is the News section. This features news in the following categories: Home, News Home, Featured, Africa, Middle East, Europe, North America, Central-South America, South East Asia, Australasia, South Asia and Central Asia. Why is this so important? It can keep you abreast of the most current anti-corruption and anti-bribery news across the globe. More importantly, if an issue or matter pops up in your industry or a geographic region in which your company does business, you will know about it and can be prepared to review it internally. It is a great way to understand how and where the Department of Justice (DOJ) is using its investigative resources.

So how does all of this relate to your assigned task? ethiXbase allows you to research the relevant laws of each jurisdiction that you wish to enter. You can also review all FCPA enforcement actions to determine if your sales model may be similar to any companies which have run afoul of the FCPA. The Law Firm Memo section will give you the underlying legal basis to support your findings. With the Dashboard you can set up the email notifications for any new legal enforcement actions, Memos or news for the country or countries that you need to follow closely. Lastly, the News section will allow you to keep abreast of the reported information for each country.

I have thoroughly reviewed ethiXbase and use it in my compliance legal practice. You should as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

I Can’t Drive 55: The Uselessness of a ‘Custom and Practice’ Defense under the FCPA

For anyone who learned to drive before 1975, the bane of our driving existence thereafter was the 55 mile per hour (mph) speed limit. About the only thing that I can say it did was increase the budgets of state highway patrols through all the tickets they gave out to persons who were driving closer above that hallowed highway speed limit. But as much as we did not like the new speed limit, it was the law and if you drove over it and were clocked by radar, you were eligible for a ticket and it did not matter how many other speeders there were buzzing by that day.

I thought about that old Sammy Hagar song while reading about the forlorn attempt by the remaining US v. Carson defendants, Paul Cosgrove and David Edmonds. As reported by the FCPA Blog, in a post entitled “Feds: Widespread Corruption Is No Defense”, these defendants have sought a jury instruction that mimics that old Sammy Hagar classic. According to the FCPA Blog, the defendants “want an [jury] instruction about ‘industry practices’ in some of the countries where CCI did business. And they want to introduce evidence about corruption in those countries, including China.” The FCPA Blog goes on to site the Department of Justice (DOJ)  response which properly recites a nearly 50 year old legal standard that “Neither custom nor the widespread nature of an illegal act is a defense to a criminal charge. “Custom, involving criminality, cannot justify a criminal act.” Smith v. United States, 188 F.2d 969, 970 (9th Cir. 1951).”

Perhaps the defendants became confused about the inclusion of a local law defense in the Foreign Corrupt Practices Act (FCPA) under which payments to foreign governmental officials that are otherwise prohibited are permitted if the “payment, gift, offer, or promise of anything of value that was made, was lawful under the written laws and regulations of the foreign official’s…country.” The local law defense is an affirmative defense which was added to the FCPA in 1988 as part of a series of amendments designed to address criticisms of the statute.  As noted by Kyle Sheehan, in his article “I’m Not Going to Disneyland”, one such criticism of the FCPA was that through it the United States was more interested in exporting its cultural biases than its products”; may have placed “unreasonable restrictions on American corporations operating in foreign countries”; and that payments to foreign government officials rendered unlawful by the FCPA may have been legal in many countries. The Fifth Circuit Court of Appeals spoke to this issue in its decision in United States v. Castle, where it noted that “the [FCPA] drafters acknowledged, and the final law reflects this, that some payments that would be unethical or even illegal within the United States might not be perceived similarly in foreign countries, and those payments should not be criminalized.”

However, Sheehan also noted that Congress made it clear that in order for the local law defense to apply, the alleged corrupt payment must be legal under the written laws of the foreign country. The conference report on the 1988 amendments states “that the absence of written laws in a foreign official’s country would not by itself be sufficient to satisfy this defense.” Consequently, FCPA defendants planning to invoke the defense must know that the written law of the foreign official’s country expressly permits the payment. It cannot simply be that the “payments rendered illegal by the FCPA are part of the unwritten custom and practice of doing business in foreign countries.”

So how about Sammy Hagar and his iconic song? Just as the remaining Carson defendants have no hope of claiming some sort of ‘custom and practice’ defense to the FCPA because, after all, everyone else is doing it, the recent spate of new commentators to the FCPA who have made the same argument that the US has no business enforcing the FCPA because others are breaking the law are similarly forlorn. Simply reflect upon that defense to your speeding ticket for driving 70 mph in a 55 mph zone. It will not work in Traffic Court, it will not work in a federal District Court and it will not work in arguing that the DOJ should not enforce the FCPA.

———————————————————————————————————————————————————————-

To listen to the music video version of Sammy Hagar belting out the classic, “I Can’t Drive 55” click here.

———————————————————————————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The Homestead Act and Doing Compliance

What was the single greatest transfer of property from the US government to its citizens? It was public lands that were given to persons willing to farm the land. Today we celebrate the 150^th anniversary of the Homestead, passed on May 20, 1862, which facilitated this donation. Under this law, any person, over 21, could stake a claim of up to 160 (later increased to 640) acres if they were a citizen or declared the intention to become a US citizen and agreed to farm the land for five years. In an article in the Saturday Wall Street Journal (WSJ), entitled “How the West Was Really Won”, author Fergus Borderwich quoted President John F. Kennedy who stated in celebrating the Centenary of the Homestead Act, “more than 1.1 billion acres of the original public [domain] have been transferred to private and non-federal public ownership.”

Borderwich goes on to write that it was farming that tamed and then settled the West. But more than simply planting, it led to technical innovations in agriculture, animal-feeding and water management. Land-grant colleges followed to provide educations to children of these homesteaders, which led to further growth and innovation. Borderwich quotes Bonnie-Lynn Sherow, “If you measure the achievement of homesteading by the value of today’s GDP alone, it was an enormous success.” From the article I gleaned that it was the day-to-day work of farmers, innovators, educators and a host of others that created the great breadbasket that is the United States.

This drove home to me that what a company really needs to accomplish regarding compliance is to do the day-to-day work in its company to help create and foster a culture of compliance. Recently May 7-11 was designated as “Compliance and Ethics Week”. One of the panelists I saw last week at the IQPC Upstream Contract Risk Management conference spoke about how his company celebrated this event and used it as a springboard to internally publicize its compliance program. Their efforts included three separate prongs: they were hosting inter-company events to highlight the company’s compliance program; providing employees with a Brochure highlighting the company’s compliance philosophy and circulating a Booklet which provided information on the company’s compliance hotline and Compliance Department personnel.

Inter-Company Events

These were ‘Lunch-N-Learn’ events hosted throughout the week. Topics included

• Monday: Navigate and Learn the Corporate Compliance Website;
• Tuesday: How to Determine if You Have a Conflict of Interest;
• Wednesday: Review of the company’s pre-approval procedures for gifts, travel and entertainment of non-US officials and employees of State Owned Enterprises;
• Thursday: Understanding the purpose and importance of the Company’s Alertline; and
• Friday: Ethical Behavior that Wins Business and Attracts Top Talent.

Participation in these events allowed the Compliance Department to meet informally with the business unit folks. Even in a corporate headquarters, most conferences are more formalized training but the ‘Lunch-N-Learn’ concept provides a more casual atmosphere and, therefore, better opportunities for interaction.

Cost: Sandwiches for lunch

Brochure

The Company regularly distributes a short Compliance Brochure. In the Brochure, which announced the company’s celebration of Compliance Week, it included the following phraseology that I quote in its entirety as I thought it was so eye-catching. The Brochure had spelled out ‘Compliance’ vertically and assigned phrases to each letter so that it reads as follows:

Commit to ‘Doing the Right Thing’

Observe the policies that apply to your job

Make compliance awareness a part of your job

Put Code of Conduct in assessable place

Lead by example

If in doubt, check it out

Attend educational and mandatory training sessions

Notify your supervisor of possible wrongdoings

Communicate openly and honestly

Ethics is a part of all activities

In addition to the above phrasing the Brochure included information on the Company hotline; contact information for the Compliance Department and a listing of some of the information available on the Company’s internal intranet site.

Cost: Regular printer paper

Compliance Booklet

The final piece of information provided during the company’s Compliance Week celebration was a four-page Booklet provided to each employee, specifically tailored to the Compliance Week celebration. It listed out several elements from the company’s compliance program and  the company’s Vision and Core Values. It also provided the contact information on the company hotline and contact information on the Compliance Department personnel. One of the most interesting things it listed was the company’s Compliance Department philosophy about what it believed it owed the company’s employees. This included the following:

• Guidance on the policies and procedures that apply to your duties
• Training to enable your compliance with all applicable policies and procedures
• Monitoring to ensure compliance with policies, procedures and laws
• An environment that will not tolerate retaliation against those who report compliance concerns in good faith

Cost: Thick printer paper

I have set out all of the above in some detail to demonstrate some of the lessons learned from the Morgan Stanley declination/Garth Peterson enforcement action. You can take steps right now, as in this minute, to help foster a culture of compliance in your organization. The Department of Justice (DOJ), in its Press Release regarding the declination, listed persuasive events such as training and as simply as email notices sent to Peterson. What is the cost of sending out an email notice? Not too high.

The Compliance Week celebration demonstrates, once again, that it is doing compliance which drives home not only the message of compliance within a company but also demonstrates to any regulatory body reviewing a company, that compliance is living part of the organization. So just as the Homestead Act created the opportunity for the taming and settling of the American West, it was the homesteaders, doing the work of farming which the Homestead Act was designed to foster, who made it a reality.

============================================================================================

We send out a big congratulations to Chelsea and all their fans for winning the UEFA Cup on Saturday evening.

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The End is Nigh? MLB and Fairness in Administration of a FCPA Compliance Program

Less than three months after he ruled against Major League Baseball (MLB) in the Ryan Braun suspension, Arbitrator Shyman Das was fired by MLB. He had been an approved arbitrator under the MLB Collective Bargaining Agreement for almost 13 years before he was abruptly terminated by MLB. In an article in the New York Times (NYT), entitled “Arbitrator Who Overturned Braun’s 50-Game Suspension Is Fired”, an un-named “person with knowledge of the decision said that the Braun decision was only one of several factors that led to Das’ dismissal.” Apparently MLB thought it was the National Football League (NFL) in that if you don’t play my way, you can take the highway. Or maybe MLB will just fire every arbitrator who rules against it until there are no arbitrators left.

This firing of an arbitrator, whose job it is to follow the collective bargaining agreement in making his rulings, reminded me of the issue of fairness as a key component of a compliance program. I have written about the Fair Process Doctrine, which generally recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. Considerable research has shown that people are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at by processes and procedures that are perceived as fair.

However, there is another way to look at fairness in the compliance context. In the recent IQPC, Contract Risk Management conference, held in Houston, I led a panel discussion on Foreign Corrupt Practices Act (FCPA) compliance issues. One of the panelists talked about fairness in the context of administration of your compliance program. Another way to view it might be termed consistency, but I was intrigued that he chose to use the word ‘fairness’. He said that if you are going to discipline an employee for violation of your Company’s Code of Conduct or Code of Business Ethics, you must do so consistently across the board. Discipline must not only be administered fairly but it must be administered uniformly across the company for the violation of any compliance policy. Simply put, if you are going to fire employees in South America for lying on their expense reports, you have to fire them in North America for the same offense. It cannot matter that the North American employee is a friend of yours or worse yet a ‘high producer’. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

In addition to the area of discipline, which may be administered after the completion of any compliance investigation, you must also place compliance firmly as a part of ongoing employee evaluations and promotions. If your company is seen to advance and only reward employees who achieve their numbers by “whatever means necessary”, other employees will certainly take note and it will be understood what management evaluates and rewards employees upon.

I believe that in many ways, Andre Agassi was right that “perception is reality”. If your employees perceive that your compliance program is administered fairly, there is a much better chance that they will buy into the compliance program and have faith in it. However, if you fire employees in Brazil for falsifying expense reports and do not do so when US employees engage in the same behavior, this may well destroy the credibility that you have worked hard to build up.

Fortunately MLB cannot always act in such a unilateral manner, as MLB players have a collective bargaining agreement which protects them, somewhat, from arbitrary and capricious actions by MLB. However, not all employees have such protections and, subsequently, this means that compliance practitioners must make fairness a part of any compliance program going forward.

We end by noting that the Mayan calendar predicts the end of the world in 2012. This past week saw two potential indicia of this phenomenon. First Manchester City won the English Premier League title with two goals scored during extra time in the final game of the season AND the Baltimore Orioles not only lead the American League East for the first time in 20 years but have the best record in baseball. Happy weekend to all….

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The Value in Conducting Thorough Background Checks on Executives

Ed. Note-today we have a guest post by Scott Lane, President of the Red Flag Group.

Internet giant Yahoo! has now been forced to undertake another extensive search for a Chief Executive Officer to help salvage its underperforming business. Today it was announced that Scott Thompson would be stepping down from his recently appointed position at the company in the wake of allegations surrounding the accuracy of his education record. The scenario that Yahoo! is now in serves as a reminder to organisations of the importance of conducting thorough background checks on new senior executive appointments as a means of avoiding potential shareholder disputes and detrimental publicity.

Not long after Scott Thompson was appointed CEO of Yahoo! in January 2012, rumours began circulating about the authenticity his academic credentials as detailed on his CV. Mr Thompson’s CV listed an accounting and computer science degree from Stonehill College in the United States. Daniel Loeb, the boss of the hedge fund Third Point who own 5.8% of Yahoo!, claimed that Mr Thompson had not in fact graduated with a degree in computer science. The discrepancy in Mr Thompson’s record was deemed to be the result of an “inadvertent error” by Yahoo!. Mr Loeb initiated a number of inquiries on behalf of other shareholders as to how Yahoo!’s vetting process had not picked up that Mr Thompson never graduated with a degree in computer science.

This case divided opinion as to the seriousness of Mr Thompson’s misrepresentation, particularly as his performances in previous roles had earned him considerable acclaim. However, Yahoo! had exposed themselves to potential litigation by using Mr Thompson’s degree information on regulatory filings, and the ongoing discussions about his background continued to be a distraction from becoming established in his new role. So much so that the decision has been made that Mr Thompson is to step down as CEO. Not only will Yahoo! now have to undertake another expensive and time consuming search for his replacement, his departure also comes at the expense of other existing directors who were responsible for his employment. More so, over the past number of weeks Yahoo! has been the focus of considerable media attention for all the wrong reasons, and its board’s reputation to make decisions in the best interests of all stakeholders tarnished.

This is certainly not the first time a company has suffered the indignity of having to replace senior executives. Last year the chief executive of InterContinental Hotels Group’s Asia-Pacific operations, Patrick Imardelli, resigned after it was discovered that he had misrepresented his academic record on his CV.

This issue could have been addressed if companies:

• Conducting a detailed background check to ascertain the overall accuracy of an individual’s CV including all previous work and study credentials
• Detailed research into the person’s profile in International media in each of the markets where they have lived, carried on business or managed people
• Interviews with other colleagues, business associates, and previous employers to address the overall integrity of the person in all markets in which they have worked
• Interviews with the person to assess their understanding of compliance and legal risks, their approach to ethical and integrity issues and their answers to a series of hypothetical corporate situations posing ethical challenges and testing their responses along the way
• The conducting of psychometric testing based on integrity issues to assess independently the responses to certain situations

Background screening and integrity assessments should be an essential part of the hiring and promoting process. This is important with all new employees, but even more so with those moving into senior positions. The incident involving Mr Thompson will for some time remain a blight against Yahoo! in the eyes of some of its shareholders, but they will no doubt adopt screening measures to heavily scrutinise all candidates in the future. Whilst undertaking extensive screening operations can be time consuming and costly, it is not as damaging to an organisation as disharmony amongst shareholders when it is discovered that a recently appointed individual’s credentials are false.

============================================================================================

For more information on the Red Flag Group, click here.

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. 

JPMorgan Chase and Compliance Risk

Most of the business news over the past few days has been dominated by JPMorgan Chase & Co (JPM) and its announced $2.3 billion trading loss. Early on there was focus on  JPM’s trading operations in London as the cause of this massive loss and even one trader, nicknamed the “London Whale”, has fuelled the debate about banks taking such large positions which caused or may have helped to cause these massive losses. The news stories intimated that these losses may have been the work of this ‘rogue trader’ who worked for the company in its London operation. However, an article in the Saturday Wall Street Journal (WSJ), entitled “Bank Order Led to Losing Trades”, reporters Dan Fitzpatrick, Robin Sidel and David Enrich wrote that the company told the traders to “make the bets aimed at shielding the bank from the market fallout of Europe’s deepening mess. But instead of shrinking the risk, their complicated bets may have backfired into losses as much as $200MM a day”.

One of area that is an important part of a minimum best practices compliance program under the Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act is risk assessment. Indeed in a recent video podcast on the site MainJustice.com, Kimberly Parker, a partner at WilmerHale, said that both the Department of Justice (DOJ) and the UK Serious Fraud Office (SFO) have made clear that a risk assessment is now the key initial step in crafting a compliance program under either the FCPA or Bribery Act. However, from information available to-date, it is not clear how JPM may have assessed its risk which led to it instructing its traders to make such risky bets. Yet the Bank must have thought its risk was quite high to bet up to $200MM per day the other way in an attempt to manage said risk.

So it would appear that not only does a company need to assess its risk but it must also judge that risk. This is termed ‘risk intelligence’ and it appears that such intelligence was sorely lacking in the case of JPM. In an article, coincidentally also appearing in the Saturday WSJ, entitled “How to Beat the Odds at Judging Risk”, author Dylan Evans reviewed how two different groups, weathermen and gamblers, gauge probabilities. He believes that these two groups “have managed to overcome these biases and are thus able to estimate probabilities more accurately than the rest of us.” He termed this phenomenon as “high intelligence with respect to risk.” He cited to Sarah Lichtenstein for three characteristics of groups with high intelligence with respect to risk. First, these groups “tend to be comfortable with assigning numerical probabilities to possible outcomes.” Second, such groups “make predictions only on a narrow range of topics.” Third, these groups “tend to get prompt and well-defined feedback, which increases the chance that they will incorporate new information into their understanding.”

Evans wrote that both weathermen and gamblers received “prompt and well-defined feedback” for their predictions. Weathermen usually know the next day if their forecast is correct and gamblers received almost instantaneous results with the next roll of the dice, turn of a card or drop of a roulette ball. The key for gamblers seems to be in the quantification of wins and losses; they can review these strategies in order to learn from their mistakes.

Most compliance practitioners use a risk assessment to manage risk going forward. However, I believe that one of the lessons which can be learned from the JPM debacle is that a compliance program requires more than a risk assessment and management of the quantified risk. You need to use risk intelligence to learn from the risk and help your company anticipate FCPA or Bribery Act compliance issues that may arise from your business model, geographic sales locations or interactions with foreign government officials. Evans concludes his article by stating that given the right conditions and right self-reflection and practice, we can make substantial improvement to our risk intelligence.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Letter to Cicero – Lesson for the Compliance Practitioner from the Roman Republic

Most people will recognize the name Cicero as that of one of the greatest orators of the Roman Republic. In 64 BC he ran for Consul and was elected, beginning his term in March, 63 BC. In this month’s issue of Foreign Affairs, the political strategist James Carville writes a commentary based upon a letter that Quintus Tullius Cicero (the younger brother) wrote to Marcus Tullius Cicero (the older brother and the one we remember as ‘Cicero’) about how to run a political campaign. Although James Carville uses the letter to discuss political campaigns, I found some interesting prescriptions for the (modern day) compliance practitioner.

Use Your Supporters

Cicero the Younger advised his older brother that “Few outsiders have the number and variety of supporters that you do.” I believe that the vast majority of employees want to do business in an ethical manner, compliant with whatever anti-corruption or anti-bribery law that they might operate under, whether it is the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. This translates into not only employees who will follow the requirements of your company’s Code of Conduct and compliance program; but also means that these people can help to not only sustain but grow your compliance program.

Work to Maintain the Goodwill of Your Supporters

Cicero the Younger also advised that his older brother provide helpful advice to his supporters and to also reach out to them by asking for their counsel in return. In the US Department of Justice’s (DOJ) 13 points of a minimum best practices compliance program, providing day-to-day compliance advice is a key component. Item No. 9 Ongoing Advice and Guidance reads in part:

The Company should establish or maintain an effective system for: a. Providing guidance and advice to directors, officers, employees, and, where necessary and appropriate, agents and business partners, on complying with the Company’s anti-corruption compliance policies, standards, and procedures, including when they need advice on an urgent basis or in any foreign jurisdiction in which the Company operates;

The DOJ clearly wants a designated person or persons available to provide compliance advice to company employees on a regular, as needed basis. But Cicero the Younger goes further by saying that providing such advice can cultivate and maintain goodwill. This is certainly true for the compliance practitioner.

Cultivate Relationships

The third point that Cicero the Younger advised his brother to engage upon was to “cultivate relationships” with key decision makers. These relationships will not only assist in winning the election but when the time comes for you to govern, these same relationships will assist you in educating people on your programs.

These three steps, as advised by Cicero the Younger, reminded me of a technique used by Leonard Shen, the Chief Compliance Officer (CCO) at PayPal. Shen said that in a company which is initiating its compliance program, it can be perceived as a change of culture. To alleviate some employee fears, he used an approached which worked to alleviate those types of concerns but had the additional benefit of providing enough information to perform a robust assessment which could be used to form the basis of an effective compliance program. He termed this type of approach as one to “engage and educate.” While the approach had a two word name, it actually had three purposes; (1) to engage the employees in what would form the basis for an enhanced compliance program; (2) to educate the employees generally in compliance and ethical behavior; and (3) through the engagement of employees, to gather information which could be used to form the basis of a risk assessment.

A.    Engagement

Shen and his compliance team traveled to multiple company locations, across the globe, to meet with as many employees as possible. A large number these meetings were town hall settings, and key employee leaders, key stakeholders and employees identified as high risk, due to interaction with foreign governmental official touch-points, were met with individually or in smaller groups. Shen and his team listened to their compliance concerns and more importantly took their compliance ideas back to the home office.

From this engagement, the team received several thousand employee suggestions regarding enhancements to the company’s compliance program. After returning to the US, Shen and his team winnowed down this large number to a more manageable number, somewhere in the range of a couple of hundred. These formed the basis of a large core of the enhancements to the existing company compliance program.

After the enhanced compliance program was rolled out formal training began. During the training, the team was able to give specific examples of how employee input led to the changes in the enhanced program. This engaged the employees and made them feel like they were a part of, and had a vested interest in, the company’s compliance program. This employee engagement led to employee buy-in.

B.    Education

During the town hall meetings, and the smaller more informal group meetings, Shen and his team were doing more than simply listening, they were also training. However, the training was not on specific compliance provisions; it was more generally on overall ethics and how the employees could use compliance as a business tool.

As pointed out by another speaker at Compliance Week 2011, most ethical standards of a company are not found in an existing compliance program, they are found in the general anti-discrimination guidelines and ethical business practices, such anti-competitiveness and use of customer confidential information prohibitions. Often these general concepts can be found in a company’s overall Code of Conduct or similar statement of business ethics; workplace anti-discrimination and anti-harassment guidelines can be found in Human Resource policies and procedures. Concepts such as anti-competitiveness and use of customer and competitor’s illegally obtained confidential information may be found in anti-trust or other business practice focused guidelines.

Shen and his team’s aim for the education component of “Engage and Education” was to have the company employee’s start thinking about doing business the ethical way. It was ethical concept based training designed to be in contrast to a rules based approach, where employees believe they are taught the rules, and then try to see how close they can get to the line of violating the compliance rule without actually stepping over the line. Moreover, by having this general ethical business training, it laid the groundwork for the enhancement of the company’s compliance program and the training that would occur when the enhancement was rolled out.

It is often said in the legal profession that there are no new ideas. This may also be true in the compliance profession. However, there are innumerable resources from which the compliance practitioner can draw inspiration and the Letter to Cicero is certainly one.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The Shelby Mustang and Continued Development of a FCPA Compliance Program

Carroll Shelby died last week. For anyone who following racing or loved the Muscle Car Era, no light shone brighter that Shelby’s. In 1959 (a little before I started to follow racing) Shelby was the first Texan to win the 24 Hours of Le Mans. Forced to retire from racing due to a medical condition, Shelby became one of the top race car designers in the 1960’s with his Shelby-American teams winning the 24 Hours of Le Mans, driving Fords designed by Shelby, to victories in 1966 and 1967. But I remember Carroll Shelby for those souped-up, mean as heck Shelby Mustangs, which debuted in 1965 and lasted until the end of the Muscle Car Era in 1971.

So what’s the compliance angle here? Well, believe it or not, it involves Wal-Mart. In its obituary for Shelby, the New York Times (NYT) reported that “Early prototypes broke apart because of stress on the fragile frames. “When you try to put 300 horsepower in a car designed for 100, you learn what development means,” Shelby recalled in a 2002 interview with Sports Illustrated.” From this I took away that any program, whether it is designing a race car or an atin-corruption compliance program requires development until you get it right.

I thought about this idea in the context of franchising and the Foreign Corrupt Practices Act (FCPA). Many franchisors do business overseas themselves and therefore should have a robust FCPA program based upon directly doing business internationally. However, if they franchise their operations internationally, they may have as much FCPA-based risk exposure through their franchisees operations. What are some of the FCPA risks for a franchised business internationally? In his book entitled “Foreign Corrupt Practices Act – A Practical Resource for Managers and Executives” Aaron Murphy, a partner at the firm of Latham and Watkins, explored the question of what are “the most common problems areas where managers get themselves into FCPA trouble.” In a chapter entitled “You Do More With the Government Than You Think” Murphy gives several examples of how any US company doing business overseas will come into contact with a foreign governmental official and, thereby, create a risk for possible FCPA liability. The following interactions would certainly apply to a retailer:

Interactions with Customs Officials. Every time your company sends raw materials into, or brings them out of, a country there is an interaction with a foreign governmental official in the form of a Customs Official. Every customs transaction involves a payment to a foreign government and every transaction involves some form of a foreign governmental regulatory process. While the individual payment per transaction can be small, the amount of total transactions can be quite high if a large volume of goods are being imported into a foreign country.

Interaction with Tax Officials. While noting that interacting with international tax authorities can present problems similar to those with customs officials, Murphy observes that the stakes can often be much higher since tax transactions may be less in frequency but higher in financial risk. These types of risks include the valuation of raw materials for Value Added Tax (VAT) purposes before such materials are incorporated into a final product, or the lack of segregation between goods to be sold on the foreign country’s domestic market as opposed to those which may be shipped through a free trade zone for sale outside that country’s domestic market.

Licensing and Permits. If your company is a retail seller of clothes, cosmetics etc., every physical location that you sell your goods in will require some type of license to operate your business. It could require multiple licenses such as a national license, state license and local municipal license, additionally you will need a building permit if you intend to build out or modify your retail stores.

Work Permits and Visas. If your company does any business overseas it will have to send someone from the home office to operate in-country at some point. In the post-9/11 world this probably means that, at a minimum, your company will have to obtain a visa for each employee who enters the foreign country and perhaps a work permit as well. The visa process can start in the United States with a trip to foreign government consulate or even the embassy and at that point you are dealing with a foreign governmental official. The work permit process can also begin in the United States but often may continue in the foreign country.

Inspections and Certifications. Consider the Tex-Mex restaurant chain which desires to take its cuisine across the world. In any city in the world there will be some type of certification process to enable to the business to set up and start operating and then there will be the need for ongoing inspections for sanitary conditions. Such inspections may be rare but if there is “slime in the ice machine” it may be grounds to close the restaurant.

As Murphy points out, it is clear there are many different types of FCPA risk out there which your compliance program needs to assess and address. Most companies are aware of risks of third parties in commercials operations, such as sales agents, resellers or distributors. However, the recent Wal-Mart matter has raised the awareness of risks from non-commercial third parties, particularly those which interact with a foreign government on the behalf of a company. There are many lessons which can be drawn from the Wal-Mart case but I think that  two, (1) that you do more with the government than you think and (2) the risks in using non-commercial third party agents, are very large areas that you may need to factor into the development of your compliance program going forward.

Lastly, do not forget the example of Carroll Shelby, Not only did he move from race winning driver to race winning car developer but over 30 years after the last Shelby Mustang from the Muscle Car Era rolled off the Ford assembly, he teamed with Ford to design a new Shelby Mustang for the company’s centenary in 2003. Keep on truckin’ Carroll Shelby!

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012