FCPA Compliance and Ethics Blog

April 29, 2010

Oversight Committee and Management of Foreign Business Partners

Filed under: compliance programs,FCPA,Foeign Business Partner — tfoxlaw @ 6:18 am

We have previously blogged on the various stages of the relationship that a US company would travel through with a Foreign Business Partner, from the pre-relationship due diligence to the post-contract execution management. (See Here, Here and Here) One of the key elements in all of these stages is a high level oversight of the process at all of these stages. This article will discuss the concept of a Foreign Business Partner Review and Oversight Committee.

This concept appears to have found favor with the Department of Justice (DOJ), through its use in a Deferred Prosecution Agreement (DPA) with the Monsanto Corporation. The DOJ provided some guidance on the continuing obligation to monitor Foreign Business Partners. In the Monsanto DPA, the DOJ agreed, after the initial due diligence and appropriate review were completed on Foreign Business Partners, for Monsanto to implement certain post contract execution procedures. These requirements, placed upon Monsanto, can be used as guidelines as to what the DOJ will look for from other US companies who have entered into relationships with Foreign Business Partners; especially in the area of ongoing monitoring of the Foreign Business Partner.

The Monsanto DPA

In January, 2005, the Monsanto Company entered into a DPA for violating the Foreign Corrupt Practices Act (FCPA) in connection with an illegal payment of $50,000 to a senior Indonesian Ministry of Environment official, and the false certification of the bribe as “consultant fees” in the company’s books and records. In Appendix B to the DPA, Monsanto agreed to, among other things, “the establishment and maintenance of a committee to supervise the review of (I) the retention of any agent, consultant, or other representative for purposes of business development or lobbying in a foreign jurisdiction”, or an Oversight Committee. It should be noted that Monsanto successfully completed the terms of its DPA and was discharged from further obligations under it in 2008.

The scope of this Oversight Committee is not fleshed out in the DPA. However, it is suggested that a company should incorporate both a pre-execution function and a post-execution management function in overseeing the full relationship with the Foreign Business Partner. While this oversight would most necessarily focus on FCPA compliance, there should also be a commercial component to this function.

Who Should be on the Oversight Committee?

The Monsanto DPA provides guidance on this point by stating “The majority of the committee shall be comprised of persons who are not subordinate to the most senior officer of the department or unit responsible for the relevant transaction;” this would indicate that senior management should be involved in the Oversight Committee. It would also indicate that more than one department should be represented on the Oversight Committee. This would include senior representatives from the Accounting (or Finance) Department, Compliance & Legal Departments and Business Unit Operations.

What Should the Oversight Committee Review?

The Oversight Committee should review all documents relating the full panoply of a Foreign Business Partner’s relationship with a US company. This would begin with a review of any initial requests to engage a new Foreign Business Partner. The information presented to the Oversight Committee would include the Business Unit’s request to engage the Foreign Business Partner, the costs and benefits. The next step would be to review the due diligence and all background investigative materials on the prospective Foreign Business Partner.
The Oversight Committee should receive copies of, and approve, all due diligence and background investigative materials before a contract is executed with a Foreign Business Partner. Particular attention should be paid to the form of the contract. If there are deviations from the company’s standard form of agreement, with regard to the FCPA compliance issues, there should be a full explanation by the Foreign Business Partner or Business Unit. The Oversight Committee should determine if the company is taking on any unwarranted FCPA compliance risk if non-standard FCPA compliance terms and conditions are used.
After the commercial relationship has begun the Oversight Committee should monitor this relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations on the Foreign Business Partner and evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the Foreign Business Partners. The Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance.
In addition to the above remedial review, the Oversight Committee should review all payments requested by the Foreign Business Partner to assure such payment is within the company guidelines and is warranted by the contractual relationship with the Foreign Business Partner. Lastly, the Oversight Committee should review any request to provide the Foreign Business Partner any type of non-monetary compensation and, as appropriate, approve such requests.
The oversight of Foreign Business Partners is one of the key tools that a company can use to prevent and detect any violation of its own Code of Ethics and Compliance and the FCPA. The proper structure of the Oversight Committee and its full engagement with all aspects of a company’s relationship with a Foreign Business Partner is one of the areas that the DOJ will look for in a successful FCPA compliance program.

Conclusion

An Oversight Committee is a key tool which can be utilized by a company to manage its relationships with its Foreign Business Partners. Its use has been commented upon favorably by the DOJ through its citation in the Monsanto DPA. An Oversight Committee does not replace any of the other key components of an effective FCPA compliance program but it does provide an additional level of protection, back-up and transparency for all dealingss with a Foreign Business Partner. It should be a employed by US companies as an additional protection against any type of FCPA compliance and ethics violation slipping through the cracks to become a much larger problem down the road.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

April 26, 2010

The Bribery Act-A Change in the Name Affects the Game

Filed under: FCPA,UK Bribery Bill — tfoxlaw @ 6:11 am
Tags: , , ,

The UK Bribery Bill is just over one week old and there has been a plethora of commentary on it. Indeed this commentator has received, and read, several helpful comments from his UK counterparts over the past week. This blog has had several posting on the legislation, both pre and post law. See here, here and here. This posting will list some of the highlights and insights into what has been posted over the past couple of weeks.

What’s in a Name?

TFoxlaw does not yet have a full appreciation of some of the subtleties of the British legislative process so the first thing that must be reported is that as the Bribery Bill was passed by Parliament and received the Royal Assent it is now law therefore it must be referred to as the Bribery Act. In other words, to continue to refer to it as the Bribery Bill is no longer correct. So, for those of you keeping score at home, please edit your score cards.

Is it a Game Changer?

This is not only a significant question for UK companies but also US companies with UK subsidiaries or a UK presence. So for both UK and US companies the answer is yes, the Bribery Act is a significant game changer. White and Case, in a client memorandum in April, 2010, notes that the Act changes the law for UK companies in the following areas:

• The extra territorial scope of the Act;
• The liability of senior officers;
• The corporate liability offence;
• The illegality of facilitation payments;
• The illegitimacy of payments to both foreign public officials and non-public officials; and
• The potential of debarment from public procurement contracts.

However, these changes can be just as dramatic for US companies with a UK presence so almost every US company with international operations has either a UK presence or a UK subsidiary therefore the answer is most probably yes, the Bribery Act is a game changer for US companies as well.

A new PM could ring in change?

For those of you who are not following the international section in your newspaper, there is an upcoming election in the UK. All Parliament seats are up for grabs and the party garnering the most seats will come to power, subsequently selecting the next Prime Minister. How does this impact the Bribery Act? It will affect the Bribery Act through the only affirmative defense set forth in the Act, which is the ‘adequate procedures’ defense. The Explanatory Notes to the Bribery Act indicate that this narrow defense would allow a corporation to put forward credible evidence that it had adequate procedures in place to prevent persons associated from committing bribery offences.

The legislation requires the Minister of State for Justice to publish guidance on procedures which relevant commercial organizations can implement to prevent bribery by persons associated with their entity. It was not originally anticipated that the Minster of Justice’s guidance on the Bribery Act, or the affirmative defense of ‘adequate procedures’, would not be published until the fall, most likely October as reported to this commentator.

Initially this means that it is likely that there will be a lengthy period where prosecutions are unlikely. Additionally, with the upcoming elections, there may be a change in government from Labour to the Tories or even to the Lib Dems. If the pro-business Tory party returns to power this could have implications for the guidance, as could a hung parliament. However, a coalition government of Labour/Lib Dems (or even a Lib Dem lead coalition) could well result in more restrictive language around the ‘adequate procedures’ defense.

So there may be more questions than answers at this point and the best guidance we can offer is “Watch this Space”.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

April 21, 2010

Changes Coming:US Sentencing Guidelines, UK Bribery Act and the OECD on Facilitation Payments-Part III

Filed under: OECD,UK Bribery Bill — tfoxlaw @ 7:59 am
Tags: , , ,

At its April 7, 2010 meeting the United States Sentencing Commission approved amendments to its Sentencing Guidelines. The next day on April 8, 2010, the UK Bribery Bill received Royal Assent and became the Bribery Act. These two events follow the December 9, 2009 release by the Organization for Economic Co-Operation and Development’s (OECD) Recommendation for Further Combating Bribery of Foreign Public Officials, when the OECD marked the tenth anniversary of the entry into force of the OECD Anti-Bribery Convention.

These three releases, which comprise of two changes in the legal schemes by two of the world’s largest economic players and the proposal of one of the largest Non-Governmental Organizations (NGO) dedicated to ending corruption across the globe portend significant changes in how companies will be structured and transact business going forward in the new decade. This is the third and final of three postings which have discussed the changes that companies, with any US or UK presence, will be required to implement. In the initial post we considered the changes to the US Sentencing Guidelines; we then discussed the changes required by the UK Bribery Act and in this third and final post in this series, we will end with the recommendations regarding facilitation payments as found in the OECD’s Recommendation for Further Combating Bribery of Foreign Public Officials.

The OECD and Facilitation Payments

In late 2009, to celebrate “International Anti-Corruption Day” recognizing the Tenth Anniversary of the OECD Anti-Bribery Convention, the OECD released “The Recommendation for Further Combating Bribery of Foreign Public Officials”. In this report the OECD recommended changes relating to facilitation payments (aka “grease payments”) such as those which are legal under the FCPA. OECD Secretary-General Angel Gurría described these low-level payments, designed to expedite performance of a “routine government action” such as obtaining mail delivery, phone or power service, as “corrosive . . . particularly on sustainable economic development and the rule of law”.

Facilitation payments, also known as “expediting payments” or “grease payments,” are bribes paid to induce foreign officials to perform routine functions they are otherwise obligated to perform. Examples of such routine functions include issuing licenses or permits and installing telephone lines and other basic services. The only countries that permit facilitation payments are the United States, Canada, Australia, New Zealand and South Korea. Facilitation payments, however, are illegal in every country in which they are paid. They have come under increasing fire under the FCPA as inconsistent with the totality of US policy on anticorruption.

This change by the OECD brings the considerable problems associated with facilitation in the international business arena into sharper focus. Just like large commercial bribes, grease payments abuse the public trust and corrode corporate governance. Treating them as anything other than outright bribery muddies the compliance waters and adds confusion where there should be clarity. This new stance by the OECD, coupled with the increased enforcement under the FCPA, may well bode the end of facilitation payments. There is no monetary threshold for determining when a payment crosses the line between a facilitation payment and a bribe. The accounting provisions of the FCPA require that facilitation payments must be accurately reflected in an issuer’s books and records, even if the payment itself is permissible under the anti-bribery provisions of the law.

Facilitation payments carry legal risks even if they are permitted under the anti-bribery laws of a particular country. In the US enforcement agencies have taken a narrow view of the exception and have successfully prosecuted FCPA violations stemming from payments that could arguably be considered permissible facilitation payments. Violations of the accounting and recordkeeping provisions of the FCPA are also more likely when a company makes facilitation payments. Abroad, countries are increasingly enforcing domestic bribery laws that prohibit such payments. Companies that allow facilitation payments face a slippery slope to educate their employees on the nuances of permissible payments in order to avoid prosecution for prohibited bribes.

The global business environment has changed even as the FCPA has remained static. In the absence of any legislative action to roll back the facilitation payment exception, the DOJ and Securities and Exchange Commission (SEC) plainly have set out to repeal the facilitation payment exception on a case-by-case basis. US companies should recognize the weakening of the argument supporting a facilitation payment exception and should develop compliance policies that do not permit any kind of grease payments. A policy that prohibits all payments (unless there is high level of legal and compliance approval) will relieve businesses of the compliance burden of differentiating between lawful and unlawful payments. From the point of view of the modern global corporation, a compliance regime that attempts to differentiate between “good” corrupt payments and “bad” corrupt payments will do more harm than good.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

April 18, 2010

Who Will Have the Better Season?

The baseball season is upon us and the Houston Astros have opened with their worst start since 1983. At 3-9, things may be looking a bit bleak for the hometown heroes. However several sportswriters have pointed out that the 1983 team ended up with a winning record, at 85-77. Things may be looking equally as bleak for Hewlett-Packard (HP) right about now. Will HP, or the Astros for that matter, come out of this with a winning record? At this point, it is too early to tell but this posting will review some of the issues that have been reported on the HP/Russia bribery and corruption scandal in the past week.

Several of this commentator’s colleagues have noted something along of the lines of “even the WSJ has reported on this scandal, so it must be bad”. The April 15, 2010 edition of the WSJ reported that German and Russian authorities are investigating whether HP executives paid millions of dollars in bribes to win a contract in Russia. German prosecutors are looking into the possibility that HP executives paid about $10.9 million in bribes to win a $47.3 million contract. Under this scheme, company sold computer equipment, through a German subsidiary, to the office of the prosecutor general of the Russian Federation. The April 16, 2010, edition of the WSJ reported that the US Securities and Exchange Commission (SEC) has joined the Russian and German investigations.

The WSJ reported that German prosecutors were investigating into whether HP executives funneled the suspected bribes through a network of shell companies and accounts in places including Britain, Austria, Switzerland, the British Virgin Islands, Belize, New Zealand, Latvia and Lithuania, and the states of Delaware and Wyoming (yes, you read that right-the great state of Wyoming). The bribery was said to be lead by a German HP subsidiary called Hewlett-Packard International Sales Europe GmbH which, after receiving the payment for the Russian contract, sent about $10.9 million in suspected bribes back to unidentified officials in Russia. The bribes were paid through three German agents, who submitted fake invoices for non-existent sales and then paid the money on as bribes to un-named Russian governmental officials. The contract, which was for hardware; including notebook computers, workstations and servers, were to be used by the office of the prosecutor general of the Russian Federation. It would seem that attempting to bribe prosecutors is generally not a good practice.

Both the Astros and HP would seem to have several unanswered questions about themselves right about now. We shall present some of these questions and hope they may lead to greater discussion of where the two may be going over the rest of the 2010 season. 

Why didn’t HP self report? 

The April 15, 2010 WSJ article reported that by December 2009, German authorities traced funds to accounts in Delaware and Britain. In early 2010, German prosecutors filed a round of legal-assistance requests in Wyoming, New Zealand and the British Virgin Islands, hoping to trace the flow of funds to new sets of accounts. Further, HP knew of the German investigation by at least December 2009, when police in Germany and Switzerland presented search warrants detailing allegations against 10 suspects. The New York Times, in an article dated April 16, 2010, reported that three former HP employees were arrested back in December 2009 by German prosecutors. Although it was unclear from the WSJ article as to the time frame, HP had retained counsel to work with prosecutors in their investigation. Apparently, since the SEC only announced it had joined the German and Russian investigation last week, HP had not self-disclosed the investigation or its allegations to the US Department of Justice (DOJ) or SEC. All of this leads to the second question; which is… 

Where were the SEC and DOJ? 

On April 16, 2010, the FCPA Professor wondered in his blog if it was merely coincidence that a few weeks ago the US concluded a Foreign Corrupt Practices Act (FCPA) enforcement action against the Daimler Corporation, an unrelated German company, for bribery and corruption in Russia and now it is German and Russian authorities investigating a US company for such improper conduct in Russia. The Professor put forward the following query: is such an investigation “Tit for tat or merely a coincidence?” And much like Socrates, he answered his own question with the musing “likely the later”. The WSJ LawBlog noted in its entry of April 16, 2010, that it would be somewhat unusual for the DOJ or SEC to stand by and watch European regulators conduct a sizable bribery investigation of a high-profile US company; phrasing it as “It’s like asking a child to stand still after a piñata’s been smashed open”. With all these investigations going on we next wondered about… 

HP’s Response 

HP has not taken all of this bad publicity lying down. Although the WSJ reported that HP learned of the investigation back in December, 2009, the only public mention of this “investigation” was in its March 2010 SEC filing. This filing did not disclose any potential FCPA violation but it did mention that “in many foreign countries” illegal business practices are “common”. Such actions, undertaken “in violation of our policies…could have a material adverse effect on our business and reputation”. Finally, as also reported in the WSJ, a HP spokesperson said, “This is an investigation of alleged conduct that occurred almost seven years ago, largely by employees no longer with HP. We are cooperating fully with the German and Russian authorities and will continue to conduct our own internal investigation”. Well, at least largely, the (alleged) HP employees who engaged in alleged bribery and corruption are no longer employees. Since HP had deemed fit to keep at least some of the alleged bribers and corrupters on its payroll; what is the “Tone at the Top?”… 

Where was  Carly?  

The Buzz, reported on April 18, 2010, that former HP CEO, Carly Fiorina who is one of three candidates seeking the GOP Senate nomination for the state of California, has sought to distance herself from the scandal, saying that she was unaware of the alleged crimes and that she has not been contacted as part of the probe. However, one of the other candidates, Assemblyman Chuck DeVore, noted the obvious, by stating that the alleged crimes took place during Fiorina’s tenure as CEO of HP. This commentator, who does not live (or vote) in California, has wondered about the effect of the investigation on her candidacy. If pressed further, she might well admit to being shocked to find out that bribery and corruption had occurred under her watch.

 As many of you may recall, it was HP who reportedly ordered its 155,000 channel operation partners to take an FCPA compliance training course last October. Interesting, HP required these channel operations partners to also pay for this training. Such training was required in a very short time frame or the channel operations partners risked loosing their status with HP. Is it possible this effort by HP was because they knew that an investigation was ongoing regarding its FCPA compliance efforts? We anxiously await further clarification on that issue. 

So who do you think will have the better season, the 3-9 Astros or HP?

April 16, 2010

Changes Coming: US Sentencing Guidelines, UK Bribery Billand the OECD on Facilitation Payment-Part II

At its April 7, 2010 meeting the United States Sentencing Commission approved amendments to its Sentencing Guidelines. The next day on April 8, 2010, the UK Bribery Bill received Royal Assent. These two events follow the December 9, 2009 release by the Organization for Economic Co-Operation and Development’s (OECD) Recommendation for Further Combating Bribery of Foreign Public Officials, when the OECD marked the tenth anniversary of the entry into force of the OECD Anti-Bribery Convention.

These three releases, which comprise of two changes in the legal schemes by two of the world’s largest economic players and the proposal of one of the largest Non-Governmental Organizations (NGO) dedicated to ending corruption across the globe portend significant changes in how companies will be structured and transact business going forward in the new decade. This is the second of three postings in which will discuss the changes that companies, with any US or UK presence, will be required to implement. The initial post will was on the changes to the US Sentencing Guidelines; in this post, we will consider the changes required by the UK Bribery Bill; and in the third and final post we will consider the recommendations as found in the OECD’s Recommendation for Further Combating Bribery of Foreign Public Officials regarding ending of facilitation payments.

 

There are several differences between the Foreign Corrupt Practices Act (FPCA) and the UK Bribery Bill which all companies should understand. These include:

  • The Bribery Bill
    • has no exception for facilitation payments.
    • creates strict liability of corporate offense for the failure of a corporate official to prevent bribery.
    • specifically prohibits the bribery or attempted bribery of private citizens, not just governmental officials.
    • not only bans the actual or attempted bribery of private citizens and public officials but all the receipt of such bribes.
    • has criminal penalties of up to 10 years per offense not 5 years as under the FCPA.

 

There is one affirmative defense listed in the Bribery Bill and it is listed as the “adequate procedures” defense. The Explanatory Notes to the Bribery Bill indicate that this narrow defense would allow a corporation to put forward credible evidence that it had adequate procedures in place to prevent persons associated from committing bribery offences. The legislation requires the Secretary of State for Justice to publish guidance on procedures that relevant commercial organizations can put in place to prevent bribery by persons associated with their entity.

Other than this commentary, the Bill provides no further information on what might constitute “adequate procedures” as a defense but the Government has signaled that it will work with the UK business community to provide appropriate guidance to this critical component of the Bribery Bill. The UK law firm KattenMuchin has indicated that they expect the Government will apply a test regarding the “adequate procedures” defense “with regard to the size of the company, its business sector and the degree to which it operates in high risk markets”. The law firm of Covington and Burling, in a client advisory dated March 31, 2010, has opined that the Bribery Bill will not come into force until late 2010 because it will take the UK government until then to issue guidance on what may constitute ”adequate procedures”.

The Bribery Bill is a significant departure for the UK in the area of foreign anti-corruption. It cannot be emphasized too strongly that the Bribery Bill is significantly stronger than the US FCPA. The Bribery Bill provides for two general types of offence: bribing and being bribed, and for two further specific offences of bribing a foreign public official and corporate failure to prevent bribery. All the offences apply to behavior taking place either inside the UK, or outside it provided the person has a “close connection” with the UK. A person has a “close connection” if they were at the relevant time, among other things, a British citizen, an individual ordinarily resident in the UK, or a body incorporated under the law of any part of the UK. Many internationally focused US companies have offices in the UK or employ UK citizens in their world-wide operations. This legislation could open them to prosecution in the UK under a law similar to, but stronger than, the relevant US legislation.

These changes include the outright banning of facilitation payments and the outright banning of all bribery and corrupt payments by US companies to not only foreign governmental officials but all private citizens. The Bribery Bill certainly does away with any legal question of “who is a foreign governmental official” under the FCPA and the use of other legislation, such as the Travel Act, which bans bribery generally, to back corrupt actions made to a foreign person who is not a governmental official, into an FCPA violation. All US companies with UK subsidiaries or UK citizens as employees, should ban such acts as part of their overall compliance and ethics policies sooner rather than later.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2010

April 14, 2010

Changes Coming: US Sentencing Guidelines, UK Bribery Bill & OECD on Facilitation Payments-Part I

At its April 7, 2010 meeting the United States Sentencing Commission approved amendments to its Sentencing Guidelines. The next day on April 8, 2010, the UK Bribery Bill received Royal Assent. These two events follow the December 9, 2009 release by the Organization for Economic Co-Operation and Development’s (OECD) Recommendation for Further Combating Bribery of Foreign Public Officials, when the OECD marked the tenth anniversary of the entry into force of the OECD Anti-Bribery Convention.

These three releases, which comprise of two changes in the legal schemes by two of the world’s largest economic players and the proposal of one of the largest Non-Governmental Organizations dedicated to ending corruption across the globe portend significant changes in how companies will be structured and transact business going forward in the new decade. This will be the first of three postings in which will discuss the changes that companies, with any US or UK presence, will be required to implement. The initial post will be on the changes to the US Sentencing Guidelines; in our second post, we will then consider the changes required by the UK Bribery Bill; and in our third and final post, we will end with the recommendation as found in the OECD’s Recommendation for Further Combating Bribery of Foreign Public Officials regarding the ending of facilitation payments.

The US Sentencing Guidelines are used in the sentencing of organizations and serve as the de facto blueprint for corporate ethics and compliance programs. The changes, which were approved at an April meeting, must be formally submitted to Congress by May 1, and will take effect November 1, 2010, unless Congress passes legislation to reject or modify them. These proposed changes follow public hearings and public comment period which ended in March. The most significant changes in the Sentencing Guidelines are as follows.

1. Direct Report. The amendment would change the reporting structure in corporations where the Chief Compliance Officer (CCO) reports to the General Counsel (GC) rather than a committee on the Board of Directors. The proposed change reads “the individual…with operational responsibility for the compliance and ethics program…have direct reporting obligations to the governing authority or any appropriate subgroup… (e.g. an audit committee or the board of directors)”. If a company has the CCO reporting to the GC, who then reports to the Board, such structure may not qualify as an effective compliance and ethics program under the Sentencing Guidelines. The better practice would now appear to be that the CCO should be a direct report to the Board or appropriate subcommittee of the Board such as compliance or audit.

2. Discovery of Problem Inside the Organization Rather Than Outside. This amendment encourages a company to have a hotline and other mechanisms to detect any compliance and ethics violations internally. While most companies have a Code of Conduct, with attendant implementation policies and procedures in place, training thereon and a hotline; many companies have yet to implement any type of self-audit program to measure Foreign Corrupt Practices Act (FCPA) compliance program performance. This encourages companies to not only monitor its internal self reporting to actively test the information available to it through a system such as continuous controls monitoring. For post on CCM, see here.

3. Promptly Report. This amendment inserts specific language regarding the “prompt” reporting of any violation of a compliance and ethics program. While no definition of the word “prompt” is provided, the revisions to the Commentary note that an organization will be “allowed a reasonable time to conduct and internal investigation” and that no reporting is required if “… the organization reasonably concluded…that no offense has been committed”. Nevertheless this language reiterates what many former Department of Justice employees tell industry representative at conferences and events regarding the FCPA. It is always preferable to report a violation to the US government rather than the US government finding out and coming to you.

4. No Person With Operational Responsibility Condoned or Was Willfully Ignorant. This proposed amendment is aimed at those personnel within a company’s compliance and ethics organization. While operational responsibility could be defined to mean only those who might report to the Board, this commentator would suggest the better approach is to include all company personnel with direct reporting responsibility in the compliance and ethics group. The definition of “willfully ignorant” has not changed from the current version of the Sentencing Guidelines, which is provided in Application Note 3 of Commentary to §8A1.2 (Application Instructions-Organizations). The definition reads in full “An individual was “willfully ignorant of the offense” if the individual did not investigate the possible occurrence of unlawful conduct despite knowledge of circumstances that would lead a reasonable person to investigate whether unlawful conduct had occurred”.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

April 10, 2010

FCPA Compliance and Continuous Controls Monitoring

Filed under: Uncategorized — tfoxlaw @ 7:30 am

In a 2008 speech to the Texas General Counsel Forum, former United States Deputy Attorney General Paul McNulty provided his perspective on Foreign Corrupt Practices Act (FCPA) compliance investigations and the Department of Justice (DOJ) enforcement actions. From his experience as the former second highest-ranking official in the DOJ and the chairman of the President’s Corporate Fraud Task Force, Mr. McNulty opined that there were three general areas of inquiry the DOJ would assess regarding an enforcement action. First: “What did you do to stay out of trouble?” second: “What did you do when you found out?” and third: “What remedial action did you take?”

Mr. McNulty went on to further define that in the first area of inquiry “What did you do to stay out of trouble?” the DOJ would look into what systems a company had in place, for example: a Code of Conduct; policies and procedures to implement any Code of Conduct; and a company wide (and anonymous) hotline. However, more than just having the policies, procedures and processes in place, did the Company provide training on these and were they actively used in business going forward, such as in the area of due diligence on foreign business partners, including agents, resellers, distributors and vendors? Lastly, Mr. McNulty stated that the DOJ would look to see if a company had tested its FCPA compliance systems, for instance, was a test case sent up through the hotline; was training in FCPA compliance confirmed or at least tested; were FCPA compliance audits conducted of both employees and foreign business partners; and were the results of the monitoring catalogued and maintained?

This posting will focus on the use of continuous controls monitoring of a FCPA compliance program. While most companies have a Code of Conduct, with attendant implementation policies and procedures in place, training thereon and a hotline; many companies have yet to implement any type of self-audit program to measure FCPA compliance program performance. One of the concepts to emerge out of Sarbanes-Oxley (SOX) is that of continuous controls monitoring for SOX compliance. This author believes that the experiences beginning to come out of continuous controls monitoring programs could portend a powerful tool to assist companies in their ongoing FCPA compliance program.

A recent survey by KPMG, published in its white paper on “What is Driving Continuous Auditing and Monitoring Today?” indicated that a large number of US companies were successfully using continuous controls monitoring in the following areas: 

  • Regulatory Compliance
  • SOX 404 Compliance
  • Fraud Prevention and Detection

 

These findings highlight the transportability of the continuous controls monitoring concept for use as a tool in the area of FCPA compliance. 

One of the leading proponents of continuous controls monitoring is Norman Marks, who writes his own blog on the subject, entitled Norman Marks on Governance, Risk Management, and Internal Audit. Mr. Marks describes continuous controls monitoring as more than simply an application of a monitoring program. It is a top-down model that begins with “understanding enterprise goals and objectives” and then moves to “determine the potential risks to those objectives” and finally goes on to “the assessment and testing of the controls required to manage the risks.” Marks, “A Look into the Future: The Next Evolution of Internal Audit.

In a recent article, entitled, “Magic Quadrant for Continuous Controls Monitoring” French Caldwell and Paul Proctor of Gartner described three ways in which continuous controls monitoring contributes to overall risk management and compliance initiatives. First, continuous controls monitoring can lower audit costs by eliminating manual sampling. Second, continuous controls monitoring can improve financial governance by increasing the reliability of transactional controls and the effectiveness of anti-corruption controls. Third, continuous controls monitoring can improve actual operational performance by monitoring key financial processes.

There are many examples available on the use of continuous controls monitoring. One company, Visual Risk IQ, which produces a software product which performs continuous controls monitoring, has published anonymous case studies on its website. These studies presented were not performed in connection with any FCPA compliance audits. However, the case studies are useful examples of how tools such as continuous controls monitoring can be utilized by corporations in an overall FCPA compliance program and will assist a company in answering the first question McNutly posed above, “What did you do to stay out of trouble?”

The Visual Risk IQ studies include a case study of both accounts payable and of purchase card spend to determine if there was fraud and misuse of the cards. The key in both of these reviews, involving continuous controls monitoring situations was that of data review. This same type of testing can be utilized in reviewing foreign business partners, including agents, resellers, distributors and joint venture partners. All foreign business partner financial information can be recorded and analyzed. The analysis can be compared against an established norm which is derived from either against a businesses’ own standard or an accepted industry standard. If a payment, distribution or other financial payment out or remuneration into a foreign business partner is outside an established norm, thus creating a Red Flag, such information can be tagged for further investigation.

Many companies have yet to embrace post FCPA compliance policy implementation as a standard part of their compliance program. They have found that it is difficult to test behavioral aspects of a FCPA compliance policy, such as whether an employee will follow a company’s FCPA-based Code of Conduct, other testing can be used to form the basis of a thorough review. For instance, it can be difficult to determine if an employee will adhere to the requirements of the FCPA. However continuous controls monitoring can be used to verify the pre-employment background check performed on an employee; the quality of the FCPA compliance training an employee receives after hire and then to review and record an employee’s annual acknowledgement of FCPA compliance. For a multi-national US company with thousands of employees across the world, the retention and availability of such records is an important component not only of the FCPA compliance program but it will also go a long way to a very positive response to McNulty’s inquiry of “What did you do to stay out of trouble?”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2010

April 7, 2010

UK Bribery Bill Update

Filed under: FCPA,UK Bribery Bill — tfoxlaw @ 2:06 pm
Tags: , ,

It appears that the UK Bribery Bill, introduced in March 2009, made it out of Parliament before the upcoming general election. The Bribery Bill is a significant departure for the UK in the area of foreign anti-corruption. It is significantly stronger than the FCPA. Many internationally focused US companies have offices in the UK or employ UK citizens in their world-wide operations. This legislation could open them to prosecution in the UK under a law similar to, but stronger than, the relevant US legislation.

Some proposed amendments were recently introduced by the Tory Party which would have allowed allow facilitation payments that were ‘reasonable in amount’, ‘customary in the situation’ or the ‘only reasonable alternative in the situation’. Writing in the blog doingggoodbiz.wordpress.com, Alan Holroyd reported that Clair Ward, the Parliamentary Under-Secretary of State for Justice, stated that such exceptions would have ‘driven a coach and horses through the policy objectives of the bill’.

This debated brings up one of several differences between the FPCA and the Bribery Bill. These include:

• The Bribery Bill has no exception for facilitation payments.
• The Bribery Bill creates strict liability of corporate offense for the failure of a corporate official to prevent bribery.
• The Bribery Bill specifically prohibits bribery of private citizens, not just governmental officials.
• The Bribery Bill has criminal penalties of up to 10 years per offense not 5 years as under the FCPA.

There is one affirmative defense listed in the Bribery Bill and it is listed as the ‘adequate procedures’ defense. The Explanatory Notes to the Bribery Bill indicate that this narrow defense would allow a corporation to put forward credible evidence that it had adequate procedures in place to prevent persons associated from committing bribery offences. The legislation requires Secretary of State for Justice to publish guidance on procedures that relevant commercial organizations can put in place to prevent bribery by persons associated with their entity.

Other than this commentary, the Bill provides no further information on what might constitute ‘adequate procedures’ as a defense but the Government has signaled that it will work with the UK business community to provide appropriate guidance to this critical component of the Bribery Bill. The UK law firm KattenMuchin has indicated that they expect the Government will apply a test regarding the ‘adequate procedures’ defense “with regard to the size of the company, its business sector and the degree to which it operates in high risk markets.” The law firm of Covington and Burling, in a client advisory dated March 31, 2010, has opined that the Bribery Bill will not come into force until late 2010 because it will take the UK government until then to issue guidance on what may constitute ‘adequate procedures’.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,880 other followers