FCPA Compliance and Ethics Blog

March 31, 2014

Life Cycle of Third Party Management – Step 1 Business Justification

Five stepsWith thanks to the Two Tough Cookies, I am back from a successful Spring Break college tour to universities in the state of Washington. My daughter and I had a great time, experienced some typical and untypical Seattle weather and met some very interesting folks on our trip. But I would have to say that one of my greatest joys as a father has been watching my daughter grow into a young woman as she navigated the college tour process with much aplomb.

This week I am going to present a series on my views of the life cycle of third party management under an anti-corruption (or anti-money laundering (AML) program for that matter) under the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. I have broken down the life cycle of third party management into five steps:

  1. Business Justification and Business Sponsor;
  2. Questionnaire to Third Party;
  3. Due Diligence on Third Party;
  4. Compliance Terms and Conditions, including payment terms; and
  5. Management and Oversight of Third Parties After Contract Signing.

Today I will begin with the business justification.

It really seems to me that it should be common sense that you should have a business justification to hire or use a third party. If that third party is in the sales chain of your international business it is important to understand why you need to have a particular third party represent your company. This concept is enshrined in the FCPA Guidance, which says, “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the ser­vices to be performed.”

The Internal Revenue Service (IRS) also considers a business justification to be an important part of any best practices anti-corruption compliance regime. Clarissa Balmaseda, a special agent in charge of IRS criminal investigation, speaking at the 2013 ACI Bootcamp in Houston, said that the lack of business justification could be a Red Flag, which could signify a possible indicia of corruption. With the Department of Justice (DOJ); Securities and Exchange Commission (SEC) and IRS all noting the importance of a business justification, it is clear that this is something you should incorporate into your compliance program.

But the business justification also provides your company the opportunity to help drive compliance into the fabric of your everyday operations. This is done by requiring the employee who prepares the business justification to be the Business Sponsor of that third party. The Business Sponsor can provide the most direct means of communication to the third party and can be the point of contact for compliance issues.

Tyco International takes this approach in its Seven Step Process for Third Party Qualification. Tyco breaks the first step into two parts, which include:

  1. Business Sponsor – Initially identify a business sponsor or primary contact for the third party within your company. This requires not only business unit buy-in but also business unit accountability for the business relationship or as Scott Moritz, a partner at Navigant and one of the architects of the Tyco Process, said “This puts the onus on each stakeholder.”
  2. Business Justification – The business unit must articulate a commercial reason to initiate or continue to work with the third party. You need to determine how this third party will fit into your company’s value chain and whether they will become a strategic partner or will they be involved in a one-off only transaction?

Further, at the same conference as IRS Agent Balmaseda spoke, another Chief Compliance Officer (CCO) of a major energy service company detailed his thoughts on his company’s 12 point evaluation process for reviewing, assessing, then contracting with and managing foreign business partners. Under Step 2, which he entitled, “Competence of foreign business partner”;he detailed a two-part analysis for his company. “It includes a review of the qualifications of the candidate for subject matter expertise and the resources to perform the services for which they are being considered. However, it also in includes an identification of the representative’s expected activities for your company.”  He also added, that under one of his company’s steps, which he monikered “Business justification for use of agent and reasonableness of compensation”, “you should begin the entire process by requiring the relevant business unit which desires to obtain the services of any foreign business partner to provide you with a business justification including current opportunities in territory, how the candidate was identified and why no currently existing foreign business relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.”

So what should go into your Business Justification? First and foremost is that you should craft a document, which works for both you as the compliance practitioner and the business folks in your company. There are some basic concepts that I think are important but you may want to modify my suggestions based on your own experiences.

You need the name and contact information for both the Business Sponsor and the proposed third party. You need to inquire into how the Business Sponsor came to know about the third party because it is a Red Flag if a customer or government representative points you towards a specific third party. You should inquire into what services the third party would perform for your company, the length of time and compensation rate for the third party. You will also need an explanation of why this particular third party should be used, as opposed to an existing or other third party, if such were considered. All of this information should be written down and then signed by the Business Sponsor.

Remember, the purpose of the Business Justification is to document the satisfactoriness of the business case to retain a third party. The Business Justification should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third party relationship is renewed. In the Tom Fox Mantra, this means Document, Document, and Document.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 28, 2014

Tales From the Crypt-Rule 6: Never Mix Business With Pleasure

Tales from the CryptEd. Note-this week on am on a Spring Break college tour with my daughter. The Two Tough Cookies whom are penning the Tales From the Crypt Series have graciously agreed to contribute a week’s worth of workplace Tales from their crypts so help illustrate some key compliance and ethics concepts. Today they look at why you should never mix business with pleasure…

This Tale from our Crypt highlights the treacherous abyss of dating in the workplace, especially when it involves senior management.  We have alluded in prior posts that management doesn’t always want to get involved in personal matters, and in this instance, that reservation was in full force. The rumor mill was in high gear pertaining to a certain US-based manager and an overseas executive.  If the rumors were right, the two of them were managing a global whirlwind romance, which seemed a bit of a stretch to those of us in HQ, so we really didn’t pay much attention when the rumors first surfaced.  After all, if it didn’t interfere with either individual’s work commitments, it was not “our place” to interfere.

Imagine my surprise when I received an anonymous email, written as if a committee had crafted the contents, pleading for help because the overseas executive appeared to be too distracted by his temptress’s charms to mind the shop, and critical business decisions either weren’t being made, or were being made without full consideration of the outcome.   “Business” meetings hours long in length were being held behind closed doors between the executive and the manager, notwithstanding the fact that the executive was married, and the manager was not one of his direct reports. Ultimately, the allegations  escalated to the level of accusing the executive of turning the keys of the kingdom over to his “princess” who was running the subsidiary as the de facto executive, making decisions on employee roles and responsibilities.

Our first reaction was to reply to the email, seeking some nuggets of information that would give us a bit more than simply lack of discretion and “suspected” unauthorized delegation of authority. It wouldn’t be the first time, and most certainly not the last, that an illicit workplace affair would surface – it happens sometimes.  Rumors start, regardless of the truth of the allegations, whenever two people of spend a lot of time together.  In fact, I have been suspected of having an affair with a junior colleague although the suspicions were baseless.  We simply got along incredibly well, and I would never think of jeopardizing my extremely happy marriage (not to mention my career) with even a moment of workplace indiscretion.

When we started to dig after receiving some more detail from the anonymous source, we also started to hear rumors that the pair were recently seen, holding hands while out in public, during one of those extended business trips the executive made to the States.  While there was no allegation of misconduct in violation of the Code of Conduct or any other policy in the organization, the tone of the concerns inferred a serious lack of management oversight by the executive, with work assignments, customers and special projects all being assigned favorably to the manager or her “friends.”  As we started to look a bit closer, we found she had convinced her Stateside manager that her skills were in “desperate need” at the foreign subsidiary, and she had been making frequent trips there with the costs charged back to the sub.  Her boss didn’t care as long as she got her work done, and the bills for her frequent trips were not on his P&L.

Once again, we started a forensic review of each party’s computer records to determine if there were any inappropriate communications between them.  While the executive’s email account was purged nightly based on his settings, the manager’s wasn’t, giving us some insight into the true nature of their relationship.  The smoking gun surfaced when I discovered an email just prior to the most recent ‘business trip’ with a demand for expensive lingerie and perfume as “presents” for their next “meeting.”  So I tagged that email, and started a mail server search of all related messages, and a treasure trove opened wide for me.  Jaw dropping material, revealing pet names and an intimate relationship that easily spanned upwards of a year.  A review of the subsidiary’s financial records revealed bills paid for a rent on house, a car, clothing allowances… the works, with all of these “perks” earmarked for the manager charged back to (and paid for by) the subsidiary, of course.

I decided to expand the scope of my search, and asked IT to patch me into the executive’s system when he would be away from the office, during off hours.   We sent out a memo to the location, advising the local management team that all computers had to be left on each night for the following week so that critical updates and software patches could be remotely made to their computers from HQ.  What I found when I finally got “in” shocked me to the core.  Not only were there intimate emails from the manager squirreled away on his hard drive, but oh, so much more…. A whole folder devoted entirely to hard core porn. What WAS that guy thinking!?!  Sometimes my job is actually distasteful – copying those images onto our servers to “preserve” the evidence, along with an image of the file hierarchy on his hard drive, made me squeamish.  When I shared my findings with the General Counsel, his face beet red in embarrassment at the images I called up, he told me he had seen enough.  We had to plan what to do, because removal of this executive entailed a lengthy process under local laws.

Putting our collective heads together, we determined the best course of action would be to offer the executive the opportunity to resign.  We prepared the papers, and consulted with a local board member who we trusted with our findings.  The shock that registered on his face when he learned our news told a tale of utter devastation.  The innocent lives of his family and loved ones were to be ruined with this man’s single act of selfish impropriety if we did not act with care. This was no time to make a public example of the executive – we needed to act with delicacy and tact.  The manager, on the other hand, was not our concern.  We had no issue taking prompt action with her for her lack of discretion.

It is only when I received a note of thanks from my anonymous source that I understood the true impact we Integrity and Compliance professionals have on others’ lives.  I was satisfied with the outcome against the executive.  He clearly breached his duty of trust to the organization, but more importantly, he lost the trust of the very people who looked up to him, day to day.  Another set of circumstances may have resulted differently, but these people cared about the company, cared that their “leader” was absent.  We owed it to them to care as well.

The anonymous note of thanks which I received warmed me to my very core:

The head is today held high in pride of working for a Company which has …. demonstrated unflinching commitment to ethics and values… the recent action taken has brought unprecedented respect and esteem in the minds of the entire working community. [We] want to personally thank you for …. restoring faith and confidence that any violation in ethics or values in this company, if reported to the [correct people], shall be dealt with immediately … professionally …  and transparently. Since complete confidentiality has been maintained, people now know that what has gone wrong is more important than who has reported the issue…. Thank you once again and forever indebted…….

No, my dear colleagues, the Company is in your debt for demonstrating unshakable courage during a time which must have provoked intense fear and uncertainty.

Who are the Two Tough Cookies? 

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies.  Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Our series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone… 

March 27, 2014

Tales From the Crypt- Rule 5: Red Eyes Can Definitely Affect Your Hearing

Filed under: Best Practices,compliance programs — tfoxlaw @ 12:01 am

Tales from the CryptEd. Note-this week on am on a Spring Break college tour with my daughter. The Two Tough Cookies whom are penning the Tales From the Crypt Series have graciously agreed to contribute a week’s worth of workplace Tales from their crypts so help illustrate some key compliance and ethics concepts. Today they look at red eyes and how they affect listening…

This Tale from our Crypt underscores the importance of a good night’s sleep before making financial decisions. International travel is tiring.  It’s “hurry up and wait” in airports.  It’s packed airline cabins with strangers falling asleep and practically drooling on your shoulder.  It’s 24 hours in the same clothes.  It’s sleep deprivation in the extreme.  Dealing with other cultures, languages, and heavily accented, local-flavored English adds to the challenge.  In spite of all of this, you are expected to “buck up” and operate like an Indy race car with your brain cells running on all cylinders upon your arrival after taking a “red eye” flight overseas.

That was my condition when I found myself in a meeting where I wasn’t sure if it was the travel or something else happening when the conversation appeared to have a double meaning that I couldn’t follow.  I surveyed the room.  I had been here before.  I knew the people.  I was comfortable with and always entertained by our cultural differences.  But something was different this time.  A few fellow Americans had made this trip as well.  I examined their faces and body language.  All seemed struggling with the time difference and exhibited a noticeable gap in attention to the discussion at hand.

The group was discussing a matter of accounting for a transaction that never materialized and whether a liability remained or even ever existed.  Management maintained that the liability existed.  The accountants, given that years had passed, maintained that perhaps there was no longer, if ever, a liability.  How unusual, I thought.  Usually the concern is for unrecorded liabilities, which tend to boost bottom lines.

Meeting privately with the accountant after the meeting, I asked whether there was something left unsaid in meeting earlier in the day.  As I delicately attempted to get to the truth, the local accountant quite openly stated that, “of course, it’s a bribe!”  She was not aware of the specifics other than management had no support for the liability and that it had remained on the books for several years with her same questions meeting the same response…”we have a liability” with no evidence provided.

In some cultures, bribery is common and accepted and open discussion among trusted associates occurs.  In other cultures, wild allegations without facts are common.  I was in one of those cultures (but still unsure which…).  Good news!  I was considered a trusted associate.  Bad news!  I had to take action and get to the truth.  I quickly set up meetings several members of the management team and staff.  I asked for old accounting records.  The staff provided the records but they had not been given support for the transactions.  Management explained that they had a business relationship with a commercial customer (not government – phew!) and a third party.  The customer bought our products; the third party provided “services.”

As I worked through a series of several managers, all very helpful, I pieced together a rather unique kickback scheme placing us as the middleman.  The scheme worked as follows:  The customer (a local Japanese subsidiary) seeks to buy your product but tells you that his company will need help in using your product, so the customer will be hiring a consultant (himself).  Two invoices will need to be created to make this work – The first  from your company for the goods AND consulting services to the customer, the second from the consultant (the customer) for the consulting services (again) back to you, creating an accounting “liability” that can only be reconciled once the invoice from the consultant is issued for payment.   But the “consultant” forgets to invoice your company and management is afraid that he will eventually expose the whole deal, so the liability keeps getting carried forward, since the moneys have been paid, but the “services” never rendered…

As I had suspected, when I returned to the States with the story and the facts, one hi-level fellow American colleague who had been in the room was amazed that I had picked up on it, while everyone else had missed the irregularity.  They were equally amazed that their local leadership did not see this as inappropriate business practice, notwithstanding full knowledge that it amounted to commercial bribery, and the repeated training and communications our foreign executives had received about our dedication to thwart corruption in our business dealings.

End result?  After internal discussions, it was decided to replace the local leadership who had perpetuated the fraud, and the accounting records were corrected to remove the liability.  Did the “consultant” ever ask payment for his services?  Not that I know. What I learned? Nothing can substitute for having a cultural “baseline” and a good flight’s sleep.

Who are the Two Tough Cookies? 

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies.  Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Our series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone… 

March 26, 2014

Tales From the Crypt-Rule 4: Cover Your Tracks

Tales from the CryptEd. Note-this week on am on a Spring Break college tour with my daughter. The Two Tough Cookies whom are penning the Tales From the Crypt Series have graciously agreed to contribute a week’s worth of workplace Tales from their crypts so help illustrate some key compliance and ethics concepts. Today they look at covering your tracks…

This week’s Tale from the Crypt is a Tale of Two Cities, and the importance of leaving no trace behind of your “extracurricular” activities…. If your office is like ours, there are always “orphaned” documents lying around the community printer…for days!  Sometimes they are even mine!!!  It’s easy to forget, so many interruptions.

That’s what spawned a call about an unusual find on a copier in one of our European offices.  We asked the caller to fax a copy to us and send the original to headquarters here in the States via interoffice mail.  What we received was an invoice from Company A (not a vendor of ours) to Company B (not a customer of ours).  The invoice was for engineering services, indicating the name of one of our engineering staff as the engineer for Company A.  It also appeared from the invoice that the engineering services provided were similar to our employee’s duties.  The customer was in the same industry that we serve, so immediately it became apparent we had a case of an engineering employee providing competitive services to potential customers, a true conflict of interest, in violation of our conflict of interest policy that requires annual disclosure of all non-employment-related commercial relationships.  We checked – the employee had not disclosed any conflicting employment or consulting services to us, and there were no waivers in his employment file.

His forgetfulness at the copier indicated a comfortable and casual nature with respect to doing his own business on company time. It raised our concerns enough to launch a stealth search of his computer, which revealed CAD drawings on his work computer.  In fact, thousands of our CAD drawings, much more than he needed to perform his duties, and enough to slow his work station down, explaining the IT repair ticket he had placed just recently for slow performance issues.  Our preventive and detective controls were not designed to identify these unusually large volumes of engineering drawings on an employee’s work station.  Combined with email, CD burner and memory sticks, unlimited possibilities existed for intellectual property leakage given the control weaknesses we had unearthed.

We also found drawings with his company’s name on them stored on his work computer’s hard drive, but it was unclear whether or not he was using his work-provided laptop and company-provided software to create them, and if he, or someone else, was the actual creator of the drawings. What could have been a long and involved forensic investigation with very technical comparisons of his drawings to our extensive catalog of reference drawings was made simple by another casual misstep he made -  as we started to probe deeper, we noticed that his company logo was an addition, pasted on the document, and that there was evidence that he (or someone else) had used our CAD software to make the drawing.  It was also possible to tell from the customized stamp that the CAD software used that the drawings were unique without reference to existing intellectual property. So while we had no direct evidence of theft of our own drawings, we could not state with certainty that he was the creator, or that the drawings, if created by someone else, were authorized for his use.   In either event, they were on our systems without our knowledge or authorization, so we considered them to be misappropriated IP.

While we believed that our possible exposure was limited given this was an unauthorized act by a rogue employee, this 30 year employee with unblemished service was suddenly at risk for personal use of company resources for his own commercial enterprise.  When confronted, he exposed a heart bitter with perceived injustices leading to an entitlement mentality and confessed to operating a small engineering business on the side for extra money.  Apparently he felt that he was not being compensated appropriately given increasing demands from work, so he felt entitled to help himself to company resources to make up the perceived shortfall in income.  What the employee did was clearly wrong.  But our process of eliminating the threat was painful indeed.  We learned first-hand the difficulties in terminating an employee in the European Union, even with clear evidence and an admission of wrongdoing.  In this case, his tenure worked to protect his pension as well as provide him with a de facto severance which amounted to nearly two years’ pay as “notice” of termination, a result we were not happy with, given that misappropriated IP was at issue.  Our stance had always been not to reward bad conduct with severance, and we pushed the issue with our European counsel, who was sympathetic, but not optimistic of an outcome in our favor. We were forced to plead before the court that his conduct amounted to criminality, which would sever his benefits and pension if he was found guilty (which he eventually was, but of a lesser charge, thus saving his pension, but permitting us to terminate for cause without notice).   For the sake of extra spending money, he lost his job and his reputation, and put his pension at risk.

Needless to say, this presented us with an opportunity to institute controls in our systems that would require employees to check drawings out of the reference files, and return them, with a size limitation of how many proprietary drawings they could have on their work stations at any given time. While not perfect, it helped with performance issues on workstations, as well as created an auditable log of access to proprietary materials. While it was a sad outcome for our European engineer, it did leave us  debating what role companies play in creating an environment for poor ethical choices when they  mandate 24-7 accessibility from their professional staff.

Let’s contrast this with the outcome of another case of misappropriated IP which occurred here in the US.  In this instance, we were called by the General Counsel of our biggest competitor, putting us on notice that there had been a company presentation at a trade conference the week prior, and in the presentation were some our competitor’s copyrighted materials.  We thanked our lucky stars that our competitor’s General Counsel (GC) opted to deal with this via a courtesy call, and promised we would give it our immediate attention.

We looked at travel records to determine who had attended the conference, and noted three engineers in particular who were former employees of the competitor. We had a fairly robust process when we hired from our competition, including an acknowledgment that the new employee would not bring onto our premises any proprietary materials from their former employer.   We checked their files, and all three had signed acknowledgements in their employment records.

Once again, a stealth investigation was undertaken, and we made a ghost copy of all the files on each of the implicated employee’s computers.  We instructed IT to make ghost copies nightly, so we could see if there was any unusual activity, given that we would be interviewing not one, but three potential suspects (talk travels fast).  We also realized early on that we would need IP counsel’s help in reviewing the files to determine what was proprietary to us, and what was sourced from outside the company.  A monumental task lay ahead of us, and we rolled up our sleeves. We started our interviews while the files were being reviewing, asking questions regarding the trade presentation (which had been sent to us by our competitor’s GC with pages circled indicating their proprietary materials), asking the engineers, one by one, who had been responsible for preparing the presentation, and where the materials were sourced from.  We also asked extensive questions as to each engineer’s understanding of Intellectual Property law, namely copyright.   To our surprise, we learned from Engineer X, that if it was published on the internet, it was public domain and free for anyone to use.  Okay, make a note, additional copyright training, and in particular, training on the use of materials sourced from the internet, is definitely a priority….. especially for marketing, sales and engineering staff!

While we did get an admission as to who had prepared the presentation (Engineer X, again), we were told he had “just found” the materials on the shared drive used by engineering.  We asked him to point out to us where he found them on our systems, to which he replied he’d look, but he couldn’t tell us off hand where he got them from.  We told him that we would like to know for certain in the next day or so. The following day our IP counsel informed us that he went to look at Engineer X’s files that had been ghosted, and sure enough, several large files that were on Monday’s ghost image were missing on Tuesday night’s ghost image, and even more were missing from Wednesday’s ghost image, and that all evidence of the presentation he had made had simply vanished during one of the “purges.”  He did verify that the other two engineers’ hard drives were only showing normal file changes from work activities. We advised IP counsel that he could stop examining the reference files for similarities to our competitor’s works, and thanked him for the report.

We called Engineer X back, and started interviewing in earnest.  While we never obtained an open admission of wrongdoing, we did take the opportunity to counsel him in earnest about IP rights, and his ongoing obligation to us to keep our systems clean of any competitor information.  We then verbally warned him against a repeat offense, and made a written note of the verbal warning in his employment file.  We also took that opportunity to issue a company-wide reminder about the use of third party information at work.  Fortunately for us, the GC at our competitor was happy with our actions, and chose not to pursue a more aggressive course of action against us. What surprised me, though, was the executive team’s response to our findings.  Because we could not “pin” this on Engineer X as an intentional act, they were inclined to be lenient with him.  It was only when I revealed that he had begun to systematically purge his work computer as soon as he was alerted to an  investigation that they agreed to the disciplinary action we eventually took.  Was that fair?  I suppose so.  But I think hardly appropriate.  Highly skilled professionals, such as engineers, should, in my opinion, be held to a higher standard of knowledge of intellectual property rights.  It comes with the territory, and companies should take steps to ensure that these professionals understand, from the start, what the expectations are. Maybe even go so far as a quasi “liquidated termination” clause in their employment arrangement should they ignore these rights, particularly in jurisdictions that make termination difficult, such as our friends in Europe. Simply too much is at risk for the employee as well as the company – I realize that European workers’ councils would probably balk at including such a clause in their co-determination agreements, but at least the dialogue should occur, and perhaps a compromise could be struck, that protected the interests of both parties, and gave employees a reason to behave appropriately.  Another opportunity to close a compliance gap pertaining to IP… wouldn’t you agree?

Who are the Two Tough Cookies? 

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies.  Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Our series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone… 

March 25, 2014

Tales from the Crypt: Rule 3-Appearances Matter and May We Have the Envelope, Please.….Part II

Filed under: Best Practices,compliance programs,Ethical Leadership,Ethics — tfoxlaw @ 12:01 am

Tales from the CryptEd. Note-this week on am on a Spring Break college tour with my daughter. The Two Tough Cookies whom are penning the Tales From the Crypt Series have graciously agreed to contribute a week’s worth of workplace Tales from their crypts so help illustrate some key compliance and ethics concepts. Today is Part II of a lesson that appearances do matter…

Trying to step around the delicacy of the situation, I asked Carl when he returned a few moments later if there were any other “irregular” activities that occurred at the meeting.  The blank look I got from him made me uneasy.  I couldn’t tell if he was waiting for me to ask more leading questions, or if he really had no clue what more I could possibly want from him.   Swallowing hard, I started to ask direct questions about entertainment that was brought in by the business partner as part of the evening’s activities.

“Nonsense” he exclaimed, explaining he never saw any women at the dinner, but then followed with an explanation that he left the dinner early, and went to bed by himself when Mark and the Chinese  business partner suggested they move the meeting into the Karaoke bar next to the restaurant. For those of you who are novices to Chinese culture, Karaoke bars in industrial/manufacturing regions of China are, simply put, an a la carte venue for prostitutes to display their talents.  While I still had no confirmation, nor clear rebuttal, to the allegation of prostitution against Mark, there really was only one inference that could be drawn from the evening’s activities.   I then counseled Carl on the receipt of “red envelopes,” and the negative inference of corruption that could be drawn from the act of accepting one in front of colleagues.  He explained that it would be insulting to refuse it when given, to which I replied that the obligation that it created, in Chinese culture, was one that would be difficult to ignore, and that there were diplomatic ways to handle the situation in the future, such as letting the benefactor know that you plan to give the proceeds to a charity in the joint name of the benefactor and the recipient.  If done at the time of the gift, with thanks for the gesture, but not accepting the gift personally but on behalf of others such as a charity, it creates a positive outcome for both, with no residual obligation on the recipient’s part.  He thanked me for the feedback, acknowledging that he never thought that such a gesture would result in a hotline call.

It’s such a fine line to cross between counsel, and confrontation.  When placed in a position of preserving the public trust of the company, I take my job seriously.  People tend to keep their distance from compliance professionals, perceiving us as the “corporate cop,” and you simply don’t get a second chance to make a first impression.  My “style” of active listening – drawing others out, asking probing questions – can sometimes come across as confrontational, especially if they are already pre-disposed to see those of us in the compliance function as a “cop.”  Yet once individuals have an opportunity to work with me a bit more, they realize I am simply probing for their thoughts and feelings to get a better understanding what is behind their assumptions and beliefs. When they realize my intentions are simply an attempt to gain a deeper understanding, they appreciate that I allow them the opportunity to find their own way, and make their own mistakes.

Knowing this about myself, I was acutely conscious of the delicacy of the situation before me – Mark had accepted a red envelope (as had Carl), and there was also an allegation of impropriety on a personal front, that, if true, would devastate Mark’s family if it were to become known.  While I didn’t want to ignore the inquiry for the sake of harmony in the hallowed executive suite, I knew that if I tempered back my probing ever so slightly while practicing a great deal of restraint (even though I may have already known the answer to my question), to allow others to naturally progress through their analysis, I will limit the opportunity for maladaptive behaviors such as avoidance or blatant denial. I had to carefully manage how strong I came across at the outset in dealing with him – both his and my career were on the line.  Even the best-intentioned compliance professionals can be the victim of “management override.”

It was clear that the matter of the red envelope was a simple matter to resolve through appropriate counseling.  The amount at issue had a US dollar value of less than $15 – it didn’t even meet the threshold for our gifts and entertainment policy.  But the inference of prostitution, combined with a red envelope, was a different matter.   There was an object lesson to be learned here.  Add to that the complexity of the rumor mill at corporate that Mark had “gone native” I now faced a counseling session of epic proportions.  Dare I delve into the loss of trust (at corporate) in Mark’s personal attributes as a leader for “going native,” weaving my concerns into the allegations of corruption and prostitution, or leave well enough alone, and simply stick to the facts?  Would I be doing Mark a service by somehow threading in to our conversation the lack of confidence percolating about the water cooler, using the hotline call as an example of leadership accountability?  Should I even engage in such a conversation? At another, more sophisticated company, I might have called upon the organizational effectiveness team to help tackle the thorny issue, but I had no such resource here.   What I faced was the President of one of the company’s largest operating divisions with a crumbling personal reputation, and the company reeling from the scandal of an FCPA violation on his watch, compounded by personal conduct that left little room for interpretation.  I was compelled to act, and I had the whole Board of Directors watching my every move.

“Mark, we have a problem” I said when he entered my office the next week, arriving from Shanghai for a mandatory business meeting with the CEO in advance of the announcement of the annual earnings.  “Please come see me when your meetings with Don are done today – there’s a hotline call in which you are implicated in some misconduct that we need to discuss. I’ve asked Pauline to carve out some time on your calendar for us to meet here in my office where we can have some privacy.”  Later that day, Mark decided that meeting with me didn’t warrant his attention, a fact I was clued into by Pauline when he asked her to make dinner plans for him and cancel his meeting with me.   That raised yet another red flag, clearly signaling that Mark believed he was insulated from my scrutiny.   In a rare move of executive arm wrestling (which I am loathe to employ except when given no other choice), I called the CEO, and told him I needed to clear the hotline call allegations against Mark, but Mark did not seem to believe our  meeting was important, and I would appreciate his “influence” with Mark so we could put this to rest.

Mark’s impatience with me when he arrived at my door later that day was bristling like a porcupine backed up against a tree.  “Did you have to call Don about this?” he asked – “You’ve made me late for a dinner meeting.” “Don already knows the nature of the call, as does the entire Board of Directors.  I would have thought you’d jump at the chance to clear your name as a trusted executive in this company.  Am I wrong?” I asked.  Mark’s ego deflated instantly, as he realized that my request to meet with him was not something he should have taken lightly.

I told Mark I realized he was busy, and if he was open and honest with me, we should be done in time for him to still make his dinner meeting with friends.  But I had some things that needed to be cleared up, things that couldn’t wait.   I asked him to recall any dinner meetings he had in a particular city during the first week of February.  At first, he did not remember any meetings, then recollected a meeting when I reminded him about a train ticket expense entry.  I asked him if there were any gifts exchanged at the meeting and he answered no.  I then asked him if there was any entertainment provided at the meeting, and he said that he and the business partner went into the Karaoke bar that was attached to the hotel after dinner to do some shots and continue their conversation.  I asked him to explain why there was no hotel charge reported for that trip. His first response was “there isn’t?” Then he replied that the charge had been direct billed to the company.  So now I had, from Mark, an admission that he had frequented the Karaoke bar (a brothel), a denial of receiving the red envelope, and a missing hotel charge.

Here’s where pushing too hard can backfire while using the appropriate amount of tact and diplomacy can save the day.   I reminded Mark of his responses to me, and then outlined the hotline call allegations. I told him that I had witness statements that he had received a red envelope from the business partner, and that the hotline call also claimed he had engaged the services of a prostitute.  I told him it was troubling that he had visited the Karaoke bar with the Chinese business partner, and that after reviewing all his expenses for that month, including direct billings, there didn’t appear to be a hotel charge for that evening, leading me to draw a conclusion of impropriety on his part.  I then pulled out the red envelope I had just received from the executive witness from under a pile of papers on my desk, and asked him if it looked familiar. The color drained from Mark’s face instantly.  Mark retracted his earlier statement and said “Oh yeah! I remember now – Carl and I got one, but the amount was so miniscule I didn’t think about it. In fact, I just handed it to some woman on the street that had a kid with her the next day.  But I never slept with a prostitute!”  “Did you, or did you not, go into the karaoke bar with the business partner, Mark?” I asked.  He nodded yes, but again, denied sleeping with a prostitute.

I explained to Mark that I wasn’t there to judge his personal conduct, but others were.  I explained to him that being a leader put him under a microscope, and every act he took would be weighed and judged by those he had a responsibility to lead.  I told him I understood his lack of concern over the red envelope, but witnesses to the event could not determine how much the envelope contained, and that the appearance of impropriety, given all the facts, led his team to lose trust in their leader. The hotline call was the result. I also told him that actions such as this would give corporate pause to think about whether or not he was losing touch with things that mattered to us here in the States.   I relayed to him the same advice I had given to Carl, concerning the receipt of gifts from business partners, but also told him drinking shots during business meetings is never a good idea under any circumstances.

No, the allegation of engaging a prostitute was never cleared.  The Board felt that the Shanghai team would benefit from a greater corporate presence, and my trips to Shanghai became a monthly occurrence starting the following month, while I slowly but surely restored our Shanghai staff’s confidence in the executive leadership team.   Within 6 months, Mark was asking to be placed in a position in the States, and instead, a shipping container was secured to ship his personal effects back home upon his termination.  Yes, appearances do matter….

Who are the Two Tough Cookies? 

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies.  Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Our series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone… 

March 24, 2014

Tales from the Crypt: Rule 3-Appearances Matter and May We Have the Envelope, Please.….Part I

Filed under: Best Practices,compliance programs,Ethical Leadership,Ethics — tfoxlaw @ 12:01 am

Tales from the CryptEd. Note-this week on am on a Spring Break college tour with my daughter. The Two Tough Cookies whom are penning the Tales From the Crypt Series have graciously agreed to contribute a week’s worth of workplace Tales from their crypts so help illustrate some key compliance and ethics concepts. Today is Part I of a lesson that appearances do matter…

A few weeks ago, many of us were glued to the television, eager to hear which one of our favorite producers, movie stars, designers and composers would get to rub elbows with Oscar, and go down in history as one of the greats from last year’s entertainment vaults.  It’s always a delicate decision – reward the “up and coming” star in his or her very first notable role on the big screen, or honor the veteran, for whom the invitation to get chummy with Oscar has always eluded them.

Aspiring stars look to the veteran greats as role models, often choosing roles to play based on career choices made by stars they have come to admire and love, some by being selective, as Matthew McConaughey did while waiting for “Dallas Buyers Club” to come along, or recognizing a rare opportunity to play a great role passed by another veteran, as Sandra Bullock did to the role Angelina Jolie was supposed to play in “Gravity.” Sandra could have let her pride be bruised as “second choice” to Ms. Jolie, but instead she broke the glass ceiling for women actors by giving the performance of a lifetime and earning record box office proceeds as a result.   Matthew should be remembered not only for his performance in Dallas Buyers Club as Ron Woodroof, where he took home the Best Actor award, but also for the personal sacrifices to himself and his family while he rejected more commercial, “plum” roles, spending “hungry” years patiently waiting for Dallas Buyers Club to go into production, not to mention losing 47 pounds in 6 months to authentically play the part

These actors personify “authentic” leadership  – they do what it takes, rolling up their sleeves, becoming the characters they personify.  Okay, maybe that’s a stretch, but when successful actors immerse themselves so deeply into the roles they portray, they pull the audience in to their world, blurring the lines between entertainment and reality.  Rephrased into the leadership context, a leader’s message of virtue is a message of hope which defies injustice, breaks down institutional barriers, and strikes a balance of trust vital to organizational effectiveness and integrity.  Subordinates necessarily look to their leaders for authenticity to trust their leaders.  Authentic leadership requires personal sacrifice, and a willingness to humble oneself to the lowest denominator to “connect” on several levels.

One of the toughest duties Compliance professionals are required to perform is “managing up” – advising a senior level professional that something they have said or done has eroded some level of trust in the organization.  The following tale from our crypt demonstrates Rule # 3: Appearances Matter.  No matter how inconsequential the leader might view his action, the message sent often erodes trust and can lead to epic failure.

In addition to the Academy Awards, this time of year, specifically early February, marks the Chinese New Year, where “guanxi”  favors are liberally, and publicly, distributed to signal positive working relationships.  Though the direct translation of “guanxi” is “relationships”, the concept as it is used and applied in Chinese culture is much richer and encompassing.  Guanxi expresses an obligation of one party to another, built over time by reciprocal social exchanges and favors, establishing almost a “familial” relationship between business partners.  If one has “guanxi” with another, one will be quick to do a favor or act on another’s behalf.  Depending on the depth of the relationship, the existing guanxi may compel one party to do just about anything necessary for the other party. By establishing this type of relationship with someone, the other party is implicitly agreeing also to be available to reciprocate when the need arises. In such a way “guanxi” can be considered as a type of currency that can be saved and spent between the two parties, the Chinese version of “Quid Pro Quo” in western culture, but with much more lasting consequences.

One typical expression of guanxi given around the Chinese New Year’s celebration is the distribution of “red envelopes.”  Contrary to what the name implies, the envelop itself isn’t necessarily red, but oftentimes is a standard business envelope with a plastic address  window.  However, peeking through that window is a gift wrapping replete with Chinese characters, printed in red, extolling your virtues  and general wishes of a prosperous year ahead.  Inside the wrapping, of course, is cold, hard, untraceable, cash – ranging anywhere from a few dollars, to thousands, depending on how generous the gift giver feels towards the recipient (or, how much favor the other wishes to curry with the recipient).  A glance is all you need to know that the envelope is a “red envelope” but you have to actually unwrap the contents to determine how much currency the envelope contains.  And once you accept the envelope, guanxi has passed hands…..

Mark was the president of Asian operations, and the talk back at corporate was that he had gone “native,” after having been stationed in Shanghai for two years, and not traveling home to visit his family still living in the States in over a year, opting instead to participate in executive management meetings by conference call.  So it came as no surprise when the hotline call came in the second week of February, alleging Mark had accepted a “red envelope” at a business meeting the prior week during Chinese New Year, and to further complicate things, was also alleged to have accepted the “favors” of a prostitute offered to him from a business partner in a region of China notorious for labor gangs and workplace violence.  Other executives at the Asian operations were also identified in the call as “witnesses” to Mark’s receipt of the red envelope, as well as the attentions of several prostitutes at the dinner meeting.

The investigation was a delicate one – if the allegations were true, we had a corrupt executive in our midst, and not just financially, but morally corrupt as well.  The line you walk when facing allegations of moral corruption, as a compliance executive, can be a fine one.  Many companies are loathe to discipline a high performer for straying in his or her personal life, claiming that personal matters are just that – personal – and are not for the business community to judge.  I have been told to walk away from cases  because my employer could not see their way to interfere in matters of a personal nature, unwilling to take the higher road of integrity, but relying instead on the good faith defense of inaction of “We have no policy prohibiting that particular conduct!”

It takes a significant erosion of trust for the personal transgressions to rise to questionable leadership skills, but it happens more often than you think. So it’s no happy day when the Ethics and Compliance function is asked to investigate the personal lives of others, secretly reviewing emails and files stored on company-issued devices to find evidence to convict.  But I submit that not once in my investigative career has an allegation of moral corruption been proven wrong –  there was always a nugget of truth giving rise to the allegations, even if the smoking gun wasn’t in hand.  When the evidence given isn’t damning, the role of the Integrity officer becomes dicey – your years of experience tell you that there is something to the claims, but you cannot prove the allegations.  It doesn’t mean they aren’t true, it just means that you can’t prove it which does nothing to restore trust in the organization.  It becomes even more difficult when the hotline call is anonymous, as you cannot perform follow-up investigative techniques that are the stock-in-trade to effective whistleblowing case management. While some organizations and leading subject matter experts discount anonymous calls as “lacking veracity,” these practitioners are overlooking the very real fear of retaliation by management (as discussed in our last tale).  If you insist on digging a little deeper, trusting your gut, you get labelled a “hysteric” or some other unflattering moniker, eroding the organization’s confidence in your own ability to act with integrity.

Fortunately for us, the hotline call named another executive, Carl, who was present when Mark allegedly engaged in misconduct.  I asked Carl to meet me in my office to discuss a matter of importance.  I advised him that the nature of our conversation had to stay confidential between us, and I proceeded to lay the groundwork, using my years of interviewing skills, asking benign questions at first to establish a level of trust and rapport between us.  Unbridled by the rules of evidence, I had no fear of using leading questions to get answers to my questions, and dove into the meat of the matter – may we have the (red) Envelope, please…

To my surprise, Carl said “yeah, I got one of those envelopes too.  All of us at dinner got one.  It wasn’t much, maybe $10 dollars or so in value.  I have it right in my office, should I go get it?” “Yes, please” was my response, after confirming who else was present at the dinner…

While Carl went to his office to retrieve the evidence, I started to formulate my thoughts on approaching the more delicate matter – the alleged prostitution charge.  Here, the line was more blurred. Clearly, a red envelope portended danger to the company – currently under scrutiny by federal regulators for foreign corrupt practices charges. Another lapse in integrity would not be suffered lightly, even if the act were “merely” commercial bribery.  But engaging in otherwise questionable personal conduct crossed that line of sensitivity that we all must cross at one point or another in our career as integrity officers.  Oftentimes, we’re viewed as the “conscience” of the company, our constant communications serving as a reminder as to how things should appear to the casual observer.  Our ethical decision-making toolkits include “would you want your mother to know what you did?” or “would you be comfortable with your actions being published on the front page of your local news?”  While I personally feel that decision-making tools such as these oftentimes simplify the matter to such a basic level as to be borderline insulting at times, it can be very effective when used with executives to remind them that appearances do matter.

To Be Continued Tomorrow….

Who are the Two Tough Cookies? 

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies.  Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Our series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone… 

March 21, 2014

The Destruction of Arthur Andersen and the Use of DPAs in FCPA Enforcement

Arthur AndersenThe debate over the efficiencies of Deferred Prosecution Agreements (DPAs) continued this week with additional criticism of their use. I have argued that DPAs are in a corporation’s interest because they can bring certainty to the conclusion of an enforcement action and allow it to make remedial changes and move forward. However yesterday I came across an article by Larry Katzen, a former partner at Arthur Andersen and author of “And You Thought Accountants were Boring – My Life Inside Arthur Andersen.” Katzen’s piece is entitled “A Business World Massacre – What Can Happen 
When Government Needs a Scapegoat” and it details the destruction of the firm after it’s guilty verdict surrounding the Enron scandal. Katzen articulates the human costs for the total wipeout of the firm and sets out clearly what can happen when a company goes to trial and sustains a guilty verdict. I received permission to reprint his article in full, which is below:

==============================================================================================================================================================================================================================

A Business World Massacre – What Can Happen 
When Government Needs a Scapegoat 

It remains one of the greatest travesties in the history of American business: In 2001, the 85,000 employees of one of the world’s largest accounting firms began losing their jobs in droves. Their employer had become tainted by its loose association with Enron Corp., a financial house of cards that was imploding and taking with it billions of dollars in employee pensions and shareholder investments.

In 2002, accounting firm Arthur Andersen was convicted of charges related to Enron’s fraudulent practices. The charges had nothing to do with the quality of their auditing – or any of Enron’s illicit practices. The conviction was appealed, and in 2005, the U.S. Supreme Court struck it down in a unanimous vote. But the damage had already been done.

To date, despite millions of records being subpoenaed, there is no evidence Arthur Andersen ever did anything wrong. Still, perceptions are everything: Most people are not aware that the accounting firm, which led the industry in establishing strict, high standards, became a government scapegoat.

When I speak to groups across the country, I ask the following questions. Below are the typical responses I receive – and the actual facts.

1.     What do you remember about Arthur Andersen? 

Typical Response: They were the ones that helped facilitate the Enron fraud. They deserved what they got.

Fact: Arthur Andersen was the largest and most prestigious firm in the country. It was considered the gold standard of the accounting profession by the business community.

2.     For what was Arthur Andersen indicted? 

Typical Response: They messed up the audit of Enron and signed off on false financial statements.

Fact: They were indicted for shredding documents. These documents were drafts and other items that do not support the final product. All accounting firms establish policies for routinely shredding such documents.

3.     How long was it between the Enron blowup and when Arthur Andersen went out of business? 

Typical Response: One to three years.

Fact: The largest accounting firm in the world was gone in 90 days.

4.     Was the indictment upheld? 

Typical Response: Yes, that is why they went out of business.

Fact: No. The Supreme Court overruled the lower court in a 9-0 decision, and came to the conclusion within weeks, making it one of their quickest decisions ever.

5.     How many people lost their jobs as a result of the false accusations? 

Typical Response: Have no idea, but the partners got what they deserved.

Fact: Eighty-five thousand people lost their jobs and only a few thousand were partners. Most were staff people and clericals who made modest sums of money.

6.     Who benefited from Arthur Andersen going out of business? 

Typical Response: Everyone – we finally got rid of those crooks and made a statement to the rest of business to operate ethically.

Facts: It was not the Arthur Andersen people; they lost their jobs. It was not the clients; they had to go through the stress and expense of finding a new auditing firm. It was not the business world in general: It now has fewer firms from which to choose and rates increased. It was their competitors who benefited – they got Andersen’s best people and clients and were able to increase their rates and profitability.

7.     What accounting firms now have ex Arthur Andersen partners playing leadership roles in their firms? 

Typical Response: None

Facts: The “big four,” all the large middle-tier firms and many small firms have former Arthur Andersen partners in leadership positions. Finally, many members of the new Public Accounting oversight Board (PCAOB), which oversees these firms, now have former Arthur Andersen people involved in reviewing the quality of these firms.

==============================================================================================================================================================================================================================

Was Arthur Andersen guilty of a crime? The jury said yes but the US Supreme Court said no. Were they a part of one of the biggest corporate frauds of all-time? Perhaps. Did Arthur Andersen make mistakes? Yes. Did the firm deserve to get wiped out as a result of document shredding? Are you kidding?

The destruction of Arthur Andersen is foremost on the mind of every General Counsel (GC), Chief Executive Officer (CEO) and Board of Director whose company is facing the decision of whether or not to fight in court any charges related to Foreign Corrupt Practices Act (FCPA) violations. Some have argued that DPAs pervert the course of justice but from where I sit, having seen Arthur Andersen destroyed before our collective eyes, the better practice is to enter into a DPA. Was it really in the interest of the Department of Justice (DOJ), or even the People of the United States, who after all the DOJ represent, to throw 85,000 people out of work for the document shredding engaged in by the firm’s Houston office?

Some commentators seem to argue that if a company violates the FCPA, they should get what they justly deserve. But does it serve any interest to wipeout an entire company? Finally, for those who want to tell company management to man up and go to trial, GCs, Chief Compliance Officer (CCO), Board members and others need to remember their legal obligations to their companies and shareholders and not be cowboys going to the last gunfight. Put another way, do you want to be the first GC, CCO, Board member or CEO who tells the DOJ that you are over-reaching and we are going to trial and lose everything like Arthur Andersen did?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 18, 2014

When to Bring in Investigative Counsel and Why

InvestigationsWhen should you bring in a true outsider to handle an internal investigation? What about specialized investigative counsel? Jim McGrath, who often writes about the need for specialized investigative counsel, has also pointed out on several occasions that having an independent eye on things is also a plus. However, rarely do we see both questions played out so publicly as is currently going on in the General Motors (G.M.) recall investigation. Indeed, Matthew Goldstein and Barry Meier discussed these  questions in Sunday New York Times (NYT) Business Section article by, entitled “G.M Calls the Lawyers”.

For those of you not familiar with G.M.’s problems, McGrath also wrote about them in his Internal Investigations Blog, in a post entitled “What Did GM Know and When Did They Know It?” McGrath describes the current issues as “the revelation that General Motors is the target of probes by Congress and by the National Highway Transportation Safety Administration over its handling of ignition switch defects in at least six of its popular automobiles. Failures in these switches may have resulted in as many as thirteen deaths and seemingly point to quality control failures at the automaker.” Others have estimated the death totals much higher for this defect. And, as McGrath notes, the key question is ‘what did GM know and when did they know it’?

Interestingly G.M. has hired two law firms to handle the investigation. One is King & Spalding, which handled much of the product liability litigation over the alleged defect and the second is Jenner & Block. In the NYT article, a prominent plaintiff’s lawyer, Lance Cooper, who fought GM and King & Spalding on this product liability litigation noted the obvious when he said, “They are part of the story.” By this he meant that “King & Spalding’s switch from a fierce defender of G.M. to a potential inquisitor into the company’s actions may also pose a conflict. For one, some of the firm’s lawyers may have to ask their own colleagues if they advised G.M. about whether to recall the vehicles at the time the Melton case was settled.”

More importantly for G.M., the retention of “outside counsel in these cases is part investigation, part public-relations gambit and part legal strategy. In most cases, the goal isn’t to publicly flog a company or its top executives, but rather to limit damage to an institution’s reputation or to contain the financial harm to shareholders of a publicly traded company. And it does so under the protection of the attorney-client privilege. From the point of view of the company, a well-done internal investigation can shape the accepted story of what happened — and produce findings that allow the company to negotiate for lower penalties from prosecutors or regulators down the road.” But, more importantly, to “achieve those ends, the law firms conducting the investigations must be viewed as forthright and uncompromised. In this respect, some critics have already questioned G.M.’s choices.”

The NYT quoted another lawyer, William McLucas, a partner at WilmerHale, who said, “If you are a firm that is generating substantial fees from a prospective corporate client, you may be able to come in and do a bang-up inquiry. But the perception is always going to be there; maybe you pulled your punches because there is a business relationship.” This is because if “companies want credibility with prosecutors and investors, it is generally not wise to use their regular law firms for internal inquiries.” Another expert, Charles Elson, a professor of finance at the University of Delaware who specializes in corporate governance, agreed, adding, “I would not have done it because of the optics. Public perception can be affected by using regular outside counsel.””

Adam G. Safwat, a former deputy chief of the fraud section in the Justice Department, said that the key is “Prosecutors expect an internal investigation to be an honest assessment of a company’s misdeeds or faults, “What you want to avoid is doing something that will make the prosecutor question the quality of integrity of the internal investigation.”” The aforementioned Jim McGrath was also interviewed for the article. He said, “A shrewd law firm that gets out in front of scandal can use that to its advantage in negotiating with authorities to lower penalties and sanctions. There is a great incentive to ferret out information so they can spin it.”

All of these concerns are equally valid in the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act investigation context. But they are layered upon the Fair Process Doctrine. This is because procedural fairness is one of the things that will bring credibility to your Compliance Program. This Doctrine generally recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. Considerable research has shown that people are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at through processes and procedures that are perceived as fair. Adhering to the Fair Process Doctrine in your Compliance Program is critical for you, as a compliance specialist or for your Compliance Department, to have credibility with the rest of the workforce.

In internal investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Further, those involved must have confidence that any internal investigation is treated seriously and objectively. I have recently written about several aspects of internal investigations, in order to emphasize how to handle internal whistleblower complaints in light of the Dodd-Frank implications. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

This fairness has several components. One would be the use of outside counsel, rather than in-house counsel to handle the investigation. Moreover, if a company uses a regular firm, it may be that other outside counsel should be brought in, particularly if the regular outside counsel has created or implemented key components that are being investigated. Further, if the company’s regular outside counsel has a large amount of business with the company, then that law firm may have a very vested interest in maintaining the status quo. Lastly, the investigation may require a level of specialization that in-house or regular outside counsel does not possess.

Living in Houston, this all played out in disastrous results during the Enron scandal. Near the end of Enron’s run, its regular outside counsel, Vinson & Elkins, investigated questionable accounting practices at Enron. As the NYT article noted, “The firm’s investigation is viewed as an utter failure or a corporate whitewash. The review essentially gave Enron a clean bill of health just months before it collapsed in one of the biggest accounting frauds of all time. In 2006, the law firm paid $30 million to Enron’s bankruptcy estate to resolve claims that its actions had contributed to the energy company’s demise.”

All of this means, your company needs to get it right in the hiring of outside counsel to handle an investigation. As McGrath wrote at the end of his blog, “the Jenner and King people will have to make like Howard Baker and ask what the president – or other ranking person with reporting authority to NHTSA – knew and when they knew it. Because the cover-up is usually worse than the underlying wrong and this one could cost GM $35 million and its reputation.” The NYT article ended with the following, “The best internal investigations are the ones that don’t receive much media attention. A company deals with a problem quickly, and if there’s something to report to authorities, the company tends to be treated leniently for its forthrightness.” Amen.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 17, 2014

Join Us For Hanson Wade’s Compliance Strategy Day

Strategy DayOne of the best annual compliance and ethics conferences returns to Houston next month when Hanson Wade presents its 4th Annual Oil & Gas Supply Chain Compliance Community Week from April 14-17. While one past participant labeled the conference as the “Best of the best compliance conferences I have attended in the past 3 years”, the company has expanded its offering to provide the compliance practitioner with a wide range of presentations tailored to a wide variety of needs.

As usual, the event features the best of Houston’s multi-talented compliance practitioners including Jay Martin, Chief Compliance Officer (CCO) from Baker Hughes Inc., Melissa Bohannon, Director of Logistics, Global Supply Chain – Weatherford International Inc., Kwesi Baiden, CCO at ENSCO Inc., Fred Ratliff, Senior Counsel, Anti-Bribery and Corruption – Shell Oil Company, Graham Vanhegan, Deputy General Counsel, Corporate and CCO from ConocoPhillips Co, Ron de los Santos, Regional Ethics and Compliance Manager – Americas at American Bureau of Shipping (ABS) and Kim Walker, Associate General Counsel & Deputy CCO – Transocean Inc.

In addition to the Houston talent, there will be a wealth of top compliance practitioners from outside the city of Houston; including, Arvind Sharma, Senior International Trade Counsel from Flowserve Corp, Mike Volkov of the Volkov Law Group, Bill Fischer, Vice President and Chief Legal and Compliance Officer from T.D. Williamson Inc., Bruce Thames, Senior Vice President and Chief Operating Officer from T.D. Williamson Inc. From the world of non-governmental organizations (NGO’s) working towards anti-corruption and anti-bribery there will be representation from the always popular and excellent speaker Alexandra Wrage and David Woodcock, Regional Director of the Securities and Exchange Commission’s (SEC) Fort Worth Regional Office. There are many other excellent and knowledgeable speakers who will be presenting the event.

Some of the topics over the two days of plenary sessions include the following: Ensure the ‘Tone from the Top’ meets the ‘Message in the Middle’ by hearing how ConocoPhillips, GE Oil & Gas, T.D. Williamson, Flowserve & Transocean embed a culture of compliance in their organizations. Understand how the compliance model has shifted and how you can develop more effective partnerships with your third parties with new collaborative insights from representatives from Weatherford. You will be shown how to overcome the inhibitors to effective risk management in a complex global supply chain by learning from Parker Drilling, Navex and Statoil. Learn how compliance can create added value that executives, middle management and employees can get behind by learning from in a very interesting, unique joint insight from T.D. Williamson’s COO and CCO. Discover what to do once you have opened Pandora’s box by looking at how National Oilwell Varco responded to issues when conducting a corporate acquisition. Discover how to get a better return on your compliance spend by learning how to deploy a risk-based due diligence program that is defensible and cost-effective with TRACE. Understand how to benchmark your compliance program with the best of the best by hearing industry-first insights from Fluor, Technip, Cameron and Shell compliance professionals.

There are two separate workshops that will provide specific insight into two keys areas. The first workshop is how to develop a blueprint to increase the effectiveness of your compliance training. It will be led by Arvind Sharma and Flora Francis, Senior Compliance Counsel, Global Compliance Leader at GE Oil & Gas. This workshop will address several different areas of concern such as: How you can continually manage compliance risk amongst your employees worldwide; understanding how often to refresh your programs and catching up with new employees; how you can more effectively identify and classify “at risk” positions and red flags. You will also obtain an understanding of how programs have been rolled out effectively across the supply chain; how to overcome the risk of training fatigue and increase the effectiveness of your training and finally how to develop your own blueprint to enhance the effectiveness of your compliance training.

In the second workshop you will hear about new approaches to ensure your trade compliance program does not leave your business exposed to charges of Foreign Corrupt Practices Act (FCPA) violations. It will be led by three noteworthy compliance practitioners: James Scott, Exports and Compliance Manager from Hydrasun Ltd., Ron de los Santos from ABS and Cindy Johnson, Global Trade Compliance Specialist from FMC Technologies Inc. In this session you will hear about keeping on top of evolving export control laws and managing programs across international borders; defining your export compliance for different departments, divisions and businesses with their implication for business growth; and installing the compliance ethos and training across cultures throughout an international organization. From these topics you will be able to identify your biggest risks and set in place an export control program to suit your business; develop an understanding of what you need to do to receive customs clearance more swiftly and effectively; and finally, you will discover the steps you need to take to ensure you are not leaving your business exposed in this critical area of compliance.

Hanson Wade has added a new feature this year, which I think takes this conference up to a notch above their usual excellent event. They have added a fourth day, entitled Compliance Strategy Day. Presentations on this day have been designed to give the attendee an interactive opportunity to explore the strategic considerations you need to be aware of when it comes to managing regulatory and enforcement risks over the next 12 months. On this day, attendees will have the opportunity hear directly from the SEC, as well as gain perspectives from those with experience at the Department of Justice (DOJ), and gain insights from both outside counsel and industry as to how to best manage these strategic risks.

I will be speaking on the Compliance Strategy Day, looking back, for some hindsight, at the compliance lessons we have learned over the past year and forward to how we can put those lessons to use. I will also provide an update of the current state of anti-corruption compliance in Latin America. So I hope that you can join us. 

You can find out more about this event, by clicking here. Readers of this blog are entitled to a discount to this event. To receive this discount, please enter the following code FOXLAW10.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 14, 2014

The Ides of March and Evaluation of Compliance Risk

Ides of MarchTomorrow, March 15 is enshrined as one of the most famous days of all-time, the “Ides of March”. On this day in 44 BC, the “Dictator for Life” Julius Caesar was assassinated by a group of Roman nobleman who did not want Caesar alone to hold power in the Roman Empire. It was however, this event, which sealed the doom of the Roman Republic as his adopted son Octavian first defeated the Republic’s supporters and then his rival Dictator Marc Anthony and became the first Emperor of the new Roman Empire, taking the name Augustus.

One of the more interesting questions in any anti-corruption compliance regime is to what extent your policies and procedures might apply in your dealings with customers. Clearly customers are third parties and in the sales chain but most compliance programs do not focus their efforts on customers. However, some businesses only want to engage with reputable and ethical counter-parties so some companies do put such an analysis into their compliance decision calculus.

However, companies in the US, UK and other countries who do not consider the corruption risk with a customer may need to rethink their position after the recent announcements made by Citigroup Inc. regarding its Mexico operations.

In an article in the New York Times (NYT), entitled “Fraud Exposes Challenges for Citi in Mexico”, reporters Michael Corkery and Jessica Silver-Greenberg wrote about the troubles which have befallen “the bank’s “crown jewel” – a sprawling retail lender called Banamex.” Citigroup recognized there was risk in Banamex, even having, what the reporters said was, a “little black book” which was stated by one un-named top executive to be the “book of redlined clients” and was also described as “an informal tally of Mexican companies” that could imperil the company’s Mexican operations. The bank has come to grief with its involvement in a $400MM fraud “that was discovered last month highlights the limitations of that kind of culling, and more broadly points to the challenges of finding solid lending clients in a country where the line between big business and political cronyism can become blurred.”

While Citigroup blamed this problem on “bad luck and bad actors” the article revealed a more complicated picture. The picture was one where “the bank had been placing large bets on a few risky corporate borrowers”. The $400MM loss involved an oil services company, Oceanografía SA de CV. But the bank also sustained other losses where loans were made to building contractors, which after a Mexican government a policy shift it “effectively killed the developers’ suburban projects” and they were not able to repay the loans.

Moreover, with regard to Oceanografía, the bank itself recognized the inherent danger of doing business with the entity. The article noted that Banamex has extended $585MM in short-term credit to a company that Citigroup itself had warned its own bond investors was “from time to time subject to various accusations, including accusations of corrupt practices.” Oceanografía is a company that provided construction, maintenance and vessel-chartering services to Pemex’s exploration and production subsidiary. However, as the article noted, “Oceanografía’s fortunes, however, changed sharply last month after it became the subject of a new government review that resulted in a suspension of government contracts to Oceanografía for the next 20 months. Banamex had advanced as much $585 million to Oceanografía through an accounts receivable program. The program was supposed to work like this: Banamex would advance money to Oceanografía to provide services to Pemex. The oil giant would then pay back Banamex, verifying invoices provided by Oceanografía to confirm that the work had been completed. In theory, Banamex was relying on Pemex’s ability to pay back the bank.”

Unfortunately for Banamex, much like the developers “which relied on government subsidies to finance their suburban developments, Oceanografía’s business relied on government contracts from Pemex. But when those ties were cut, the problems quickly surfaced. Shortly after the suspension of government contracts to the oil services company, Citigroup said it discovered the fraud at its Mexican unit, involving Oceanografía.”

These losses were coupled with the semi-autonomous relationship that Banamex had with its parent, Citigroup. The article stated, “the bank he [Mr. Medina-Mora] built has been considered something of a “black box” — a highly profitable but not especially transparent unit that was run with great autonomy by its leader, according to current and former bank executives. Sometimes, though, that autonomy rankled other executives in New York, the people said.” Citigroup denied that Banamex was semi-autonomous and in a statement in the article said, “We dispute assertions that the management team is autonomous,” Further, “While Banamex is a subsidiary of Citigroup, it is absolutely subject to the same risk, control, anti-money laundering and technology standards and oversight which are required throughout the company.”

For the compliance practitioner there are several lessons to be garnered from Citigroup’s reported problems and Julius Caesar’s demise on the Ides of March. In Caesar’s case, he wholly ignored the resentment that had been welling up in the Roman aristocracy for his high-handed action in becoming a Dictator. Even on the day in question, he dismissed his personal guard detail as he was going to the Roman Senate and finally, although he allegedly was handed a written communication warning him of his impending doom, he never took the time to read it. In other words, not only did he miss the red flags, he ignored specific warning signs and reduced his risk management capabilities by dismissing his security detail.

Similarly, as reported by the NYT, Citigroup would seem to have missed the warning signs about Oceanografía and if the NYT article is correct, might have actually internally ignored red flags while broadcasting them to bond holding investors. Lastly, whether the Banamex unit was semi-autonomous, as alleged in the article, or not as claimed by Citigroup’s statement, the point is that there must always be oversight. More than simply a ‘second set of eyes’ there should be internal controls which can be reviewed and vetted.

Finally, as noted in the article, the loans in question involved businesses that relied on government contracts, payments or some other form of support. While that may be of some comfort in developing countries, it can also be a source of risk. It also points to another analysis, which is not always considered, that being if a proposition is high reward, it is probably because it is also high risk in some area. While many companies can evaluate high financial risk and hope for attendant high financial reward, they also need to consider how a high corruption risk might factor into their analysis.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

« Previous PageNext Page »

Customized Rubric Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,199 other followers