FCPA Compliance and Ethics Blog

July 14, 2014

Mergers and Acquisitions Under the FCPA, Part I

M&AToday, I begin a three-part series on mergers and acquisitions under the Foreign Corrupt Practices Act. Today I will review the pre-acquisition phase, focusing the information and issues you should review, tomorrow in Part II, I will look at how you should use that information in the evaluation process and in Part III, I will consider steps you should take in the post-acquisition phase.

The Foreign Corrupt Practices Act (FCPA) Guidance, issued in 2012, makes clear that one of the ten hallmarks of an effective compliance program is around mergers and acquisitions (M&A), in both the pre and post-acquisition context. A company that does not perform adequate FCPA due diligence prior to a merger or acquisition may face both legal and business risks. Perhaps, most commonly, inadequate due diligence can allow a course of bribery to continue – with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability. In contrast, companies that conduct effective FCPA due diligence on their acquisition targets are able to evaluate more accurately each target’s value and negotiate for the costs of the bribery to be borne by the target. But, equally important is that if a company engages in the suggested actions, they will go a long way towards insulating, or at least lessening, the risk of FCPA liability going forward.

Nat Edmonds, in an interview in the Wall Street Journal (WSJ) entitled, “Former Justice Official: How to Buy Corrupt Companies” said “I think most companies and their outside counsel believe any potential corruption problem should stop a deal from occurring. Companies would be surprised to learn that neither the Securities and Exchanges Commission nor the DOJ takes that position. In many ways the SEC and DOJ encourage good companies with strong compliance programs to buy the companies engaged in improper conduct in order to help implement strong compliance in companies that have engaged in wrongful conduct. What companies must do and what outside counsel should advise them to do is to have a realistic perspective of what effect that corruption or potential improper payment has on the value of the deal itself. Because of the concern that any corruption would stop the deal or implicate the buyers, many times companies don’t look as thoroughly as they should at potential corruption. There is often concern that if you start to look for something you may find a problem and it could slow down or stop the whole deal.”

The FCPA Guidance was the first time that many compliance practitioners focused on the pre-acquisition phase of a transaction as part of a compliance regime. However, the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) made clear the importance of this step. In addition to the above language, they cited to another example in the section on Declinations where the “DOJ and SEC declined to take enforcement action against a U.S. publicly held consumer products company in connection with its acquisition of a foreign company.” The steps taken by the company led the Guidance to state the following, “The company identified the potential improper payments to local government officials as part of its pre-acquisition due diligence and the company promptly developed a comprehensive plan to investigate, correct, and remediate any FCPA issues after acquisition.”

In a hypothetical, the FCPA Guidance provided some specific steps a company had taken in the pre-acquisition phase. These steps included, “(1) having its legal, accounting, and compliance departments review Foreign Company’s sales and financial data, its customer contracts, and its third-party and distributor agreements; (2) performing a risk-based analysis of Foreign Company’s customer base; (3) performing an audit of selected transactions engaged in by Foreign Company; and (4) engaging in discussions with Foreign Company’s general counsel, vice president of sales, and head of internal audit regarding all corruption risks, compliance efforts, and any other corruption-related issues that have surfaced at Foreign Company over the past ten years.”

Pre-Acquisition Risk Assessment

It should all begin with a preliminary pre-acquisition assessment of risk. Such an early assessment will inform the transaction research and evaluation phases. This could include an objective view of the risks faced and the level of risk exposure, such as best/worst case scenarios. A pre-acquisition risk assessment could also be used as a “lens through which to view the feasibility of the business strategy” and help to value the potential target.

The next step is to develop the risk assessment as a base document. From this document, you should be able to prepare a focused series of queries and requests to be obtained from the target company. Thereafter, company management can use this pre-acquisition risk assessment to attain what might be required in the way of integration, post-acquisition. It would also help to inform how the corporate and business functions may be affected. It should also assist in planning for timing and anticipation of the overall expenses involved in post-acquisition integration. These costs are not insignificant and they should be thoroughly evaluated in the decision-making calculus.

Next is a five step process on how to plan and execute a strategy to perform pre-acquisition due diligence in the M&A context.

  1. Establish a point of contact. Here you need to determine one point of contact that you can liaise with throughout the process. Typically this would be the target’s Chief Compliance Officer (CCO) if the company is large enough to have full time position.
  2. Collect relevant documents. Obtain a detailed list of sales going back 3-5 years, broken out by country and, if possible, obtain a further breakdown by product and/or services; all Joint Venture (JV) contracts, due diligence on JVs and other third party business partners; the travel and entertainment records of the acquisition target company’s top sales personnel in high risk countries; internal audit reports and other relevant documents. You do not need to investigate de minimis sales amounts but focus your compliance due diligence inquiry on high sales volumes in high-risk countries. If the acquisition target company uses a sales model of third parties, obtain a complete list, including JVs. It should be broken out by country and amount of commission paid. Review all underlying due diligence on these foreign business representatives, their contracts and how they were managed after the contract was executed; your focus should be on large commissions in high risk countries.
  3. Review the compliance and ethics mission and goals. Here you need to review the Code of Conduct or other foundational documents that a company might have to gain some insight into what they publicly espouse.
  4. Review the seven elements of an effective compliance program as listed below:

a. Oversight and operational structure of the compliance program. Here you should assess the role of board, CCO and if there is one, the compliance committee. Regarding the CCO, you need to look at their reporting and access – is it independent within the overall structure of the company? Also, what are the resources dedicated to the compliance program including a review of personnel, the budget and overall resources? Review high-risk geographic areas where your company and the acquisition target company do business. If there is overlap, seek out your own sales and operational people and ask them what compliance issues are prevalent in those geographic areas. If there are compliance issues that your company faces, then the target probably faces them as well.

b. Policies/Procedures, Code of Conduct. In this analysis you should identify industry practices and legal standards that may exist for the target company. You need to review how the compliance policies and procedures were developed and determine the review cycles, if any. Lastly, you need to know how everything is distributed and what the enforcement mechanisms for compliance policies are. Additionally you need to validate, with Human Resources (HR), if there have been terminations or disciplines relating to compliance.cEducation, training and communication. Here you need to review the compliance training process, as it exists in the company, both the formal and the informal. You should ask questions, such as “What are the plans and schedules for compliance training?” Next determine if the training material itself is fit for its intended purpose, including both internal and external training for third parties. You should also evaluate the training delivery channels, for example is the compliance training delivered live, online, or through video? Finally, assess whether the company has updated their training based on changing of laws. You will need to interview the acquisition target company personnel responsible for its compliance program to garner a full understanding of how they view their program. Some of the discussions that you may wish to engage in include visiting with the target company’s General Counsel (GC), its Vice President (VP) of sales and head of internal audit regarding all corruption risks. You should also delve into the target’s compliance efforts, and any other corruption-related issues that may have surfaced.

c. Monitoring and auditing. Under this section you need to review both the internal audit plan and methodology used regarding any compliance audits. A couple of key points are (1) is it consistent over a period of time and (2) what is the audit frequency? You should also try and judge whether the audit is truly independent or if there was manipulation by the business unit(s). You will need to review the travel and entertainment records of the acquisition target company’s top sales personnel in high-risk countries. You should retain a forensic auditing firm to assist you with this effort. Use the resources of your own company personnel to find out what is reasonable for travel and entertainment in the same high-risk countries which your company does business.

d. Reporting. What is the company’s system for reporting violations or allegations of violations? Is the reporting system anonymous? From there you need to turn to who does the investigations to determine how are they conducted? A key here, as well as something to keep in mind throughout the process, is the adequacy of record keeping by the target.

e. Response to detected violations. This review is to determine management’s response to detected violations. What is the remediation that has occurred and what corrective action has been taken to prevent future, similar violations? Has there been any internal enforcement and discipline of compliance policies if there were violations? Lastly, what are the disclosure procedures to let the relevant regulatory or other authorities know about any violations and the responses thereto? Further, you may be required to self-disclose any FCPA violations that you discover. There may be other reporting issues in the M&A context such as any statutory obligations to disclose violations of any anti-bribery or anti-corruption laws in the jurisdiction(s) in question; what effect will disclosure have on the target’s value or the purchase price that your company is willing to offer?

f. Enforcement Practices/Disciplinary Actions. Under this analysis, you need to see if there was any discipline delivered up to and including termination. If remedial measures were put in place, how were they distributed throughout the company and were they understood by employees?

  1. Periodically evaluate the M&A review procedures’ effectiveness benchmarked against any legal proceedings, FCPA enforcement actions, Opinion Releases or other relevant information.

Tomorrow, I will review how you use the information that you are able to obtain in the pre-acquisition process.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 10, 2014

Mid-Year FCPA Report, Part II

Mid Year ReportToday, I continue my look at what I think were some of the most significant highlights from the first half of 2014 relating to the Foreign Corrupt Practices Act (FCPA). Yesterday, the focus was on corporate and individual enforcement. Today we review a very rare court of appeals decision on whether a state-owned enterprise is covered by the FCPA; yet another surprising result in an opinion release and finally take a look at some real world examples of why the FCPA is such a powerful and positive law for US companies doing business overseas.

Esquenazi Decision on State Owned Enterprises Covered by the FCPA

In what can only be called a judicial decision based on common sense the 11th Circuit Court of Appeals, in an opinion released on May 16, upheld the convictions of Joel Esquenazi and Carlos Rodriguez for violations of the FCPA and certain US anti-money laundering (AML) laws. The two had engaged in a long running bribery scheme with the Haitian telephone company, Telecommunications d’Haiti, S.A.M (Teleco). The pair were convicted and sentenced to lengthy jail terms, Esquenazi receiving 15 years and Rodriguez receiving 7 years. One of their myriad defenses was that a state owned enterprise, such as Telco, was not an instrumentality and thereby not covered under the FCPA.

This opinion was the first time that a Court of Appeals had reviewed the FCPA question of what is an ‘instrumentality’ under the Act. Both defendants had argued that instrumentality could only mean (1) “that only an actual part of the government would qualify as an instrumentality” or (2) the FCPA should be construed to encompass only foreign entities performing ‘core’ governmental functions similar to departments or agencies. The Court rejected both arguments.

The Court constructed a two-prong test to determine if a state owned enterprise is an instrumentality under the FCPA. The first prong is the ‘Control Test’ and the second prong is the ‘Function Test’. Under the Control Test, a compliance practitioner should analyze how much control a foreign government has over a state owned enterprise. The Court suggested questions like: (1) The foreign government’s formal designation of the entity; (2) Whether the government has an interest in the entity; (3) The government’s ability to hire and fire the entity’s principals; (4) The extent to which the entity’s profits, if any, go directly into the governmental fisc; (5) The extent to which the government funds the entity if it fails to break even; and (6) The length of time these indicia have existed. The Court suggested the following for the Function Test: (1) Does the entity have a monopoly over the function it exists to carry out; (2) Does the foreign government subsidize the costs associated with the entity providing the services; (3) Does the entity provide services to the public at large in the foreign Country; and (4) Does the foreign government generally perceive the entity to be performing a governmental function?

I can only say that common sense won out in this decision. The word ‘instrumentality’ must mean something under the FCPA and I believe the Court correctly found that state owned enterprises falls under the rubric of instrumentality under the FCPA.

Opinion Release 14-01

Continuing its run of publishing Opinion Releases where it comes down on the side I had not expected, the DOJ released Opinion Release 14-01. In 14-01, a company wanted to buy-out a now government official from a company he had been a part of before he went into government service. The problem was that his buy-out provision was entered into during the past economic downturn and the value of his buy-out was under water. He wanted to get something for his prior investment. The Relator proposed another formula for his exit compensation and the DOJ agreed it would not be a FCPA violation to do so.

For the compliance practitioner, there are several key points to consider. The first point is found in a footnote detailing the length of time it took to secure the DOJ opinion. This is the first time that I recall seeing a time line laid out in an Opinion Release. This gives a compliance practitioner some idea of the time frames involved in the process. The second is the use of representations and warranties by the parties. In 14-01, the DOJ accepted representations that the foreign official in question would not pass on business in which he either had an interest or help the Relator to ‘obtain or retain’ business with the agency at which the foreign official now worked. This type of evidence is something that a company should now consider when designing protocols to satisfy issues similar to those presented in 14-01. Finally was the quality and quantity of payment(s) to be made to the now foreign official to cash him out and purchase his interest. Here the parties agreed to an independent valuation by an internationally recognized accounting firm. This provides some type of arms-length analysis. It also provides a market based approach to the payment issue so that there is evidence of true (or perhaps truer) market value, not some arbitrary number agreed to by the parties.

The message from 14-01 and last year’s Opinion Release, seems to me, that the DOJ is open to creative arguments about ways to comply with the FCPA. 14-01 also shows that the process can move quickly when the situation warrants it.

The International Effect of the FCPA

In certainly one of the most interesting revelations of the first half of 2014, former US Secretary of Defense, Robert Gates wrote the following in his recently released memoirs, entitled “Duty: A Memoir of a Secretary at War”, in which he said the following, ““In a private meeting, the king [King Abdullah of Saudi Arabia] committed to a $60 billion weapons deal including the purchase of eighty-four F-15’s, the upgrade of seventy-15s already in the Saudi air force, twenty-four Apache helicopters, and seventy-two Blackhawk helicopters. His ministers and generals had pressed him hard to buy either Russian or French fighters, but I think he suspected that was because some of the money would end up in their pockets. He wanted all the Saudi money to go toward military equipment, not into Swiss bank accounts, and thus he wanted to buy from us. The king explicitly told me saw the huge purchase as an investment in a long-term strategic relationship with the United States, linking our militaries for decades to come.”

I would ask you to consider, just how many US interests can be identified in the above quote. I can identify at least five: (1) US security interests; (2) US foreign policy interests; (3) US military interests; (4) US economic interests; and (5) US legal interests as reflected in compliance with the FCPA. For any person or business interest that does not think that the FCPA has a positive aspect, I would commend you to the above Gates quote. His quote, buried at page 395 of a 618-page book, did not even merit an entry in the Index. Yet, I find it to one of the finest, clearest and most concise affirmations of the positive power of the FCPA. Anytime you face criticism of your FCPA compliance program, a senior executive wants to know why you need resources to comply with the FCPA or you hear a business colleague whining about how ‘those people’ do business corruptly, I would suggest that you read to them this quote to show the power of the FCPA in international business.

Tangentially related to this revelation was the work by Scott Killingsworth to lay the legal and theoretical foundations for my real world observation about a business solution to FCPA compliance in his latest article entitled “The Privatization of Compliance”, which he calls this “private-to-private or P2P compliance.” In his introduction he stated, “Embodied in contract clauses and codes of conduct for business partners, these obligations often go beyond mere compliance with law and address the methods by which compliance is assured. They create new compliance obligations and enforcement mechanisms and touch upon the structure, design, priorities, functions and administration of corporate ethics and compliance programs. And these obligations are contagious: increasingly accountable not only for their own compliance but also that of their supply chains, companies must seek corresponding contractual assurances upstream. Compliance is becoming privatized, and privatization is going viral.”

With the long-expected Avon settlement on the horizon and the collapse of the SEC case against the Noble executives, it will be most interesting to see what the second half of the year will bring.

=================================================================================================================================================================================================================================================

On another note, I saw Queen play last night and while I will write about them and their show next week, I can only say that if they are coming to a town near you, run don’t walk to see them. The show was fabulous.

And on a final note, if you are in the mid-west or so inclined to travel their and are interested in the FCPA, I urge you to attend the FCPA Professor‘s initial FCPA Institute, which he is holding in Milwaukee next week. For more information, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 8, 2014

How A Failure to Set Tone-at-the-Top Led to a Fractured Vertebra

World Cup 2014What does ‘Tone-at-the-Top’ mean to any anti-bribery or anti-corruption program? Conversely, what if management says to do the right thing but only judges employees on their sales; what is the message that only ‘Talking The Talk’ sends; if a company fails to ‘Walk-the-Walk’ of doing business in compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA)? Finally, how long does it take for the dissonance of telling people do to the right thing without training, communicating and then following up with them? Unfortunately these questions were answered in a very real and very ugly way in last week’s World Cup quarterfinal match between Brazil and Colombia.

For those of you who did not watch the match, Brazil lost its top player, Neymar, to a fractured vertebra, after Colombian player Juan Camilo Zúñiga kneed him in the back. As reported in the New York Times (NYT), in an article entitled “Brazil Takes a Painful Step Forward”, Andrew Keh wrote “With about five minutes left to play, the Colombian defender Juan Camilo Zúñiga went airborne on a loose ball and ended up driving his knee into the lower back of Neymar, who immediately crumpled to the turf in pain. Neymar’s teammates could be seen signaling to the bench for a substitution as a stretcher was brought onto to the field. He was taken to a nearby hospital, where a crowd of fans soon formed.” After the match was completed, “the team doctor Rodrigo Lasmar said that Neymar had sustained a fractured vertebra in his lower back. Lasmar said the injury would not require surgery, but would take three to four weeks to heal. It was a huge blow to the team, the country and the tournament. Neymar, 22, who plays for Barcelona, has had his face plastered on billboards and shown in television commercials since well before the tournament. For such a young player, he was shouldering a huge amount of responsibility.”

But this hard foul did not come out of nowhere nor did it appear that the Colombian team had targeted Brazil’s star player. This hard foul was a direct result of the failure of referee to set the proper tone against hard fouls throughout the match. Keh wrote, “There were 54 fouls called in the game, the highest total of any match in the tournament. Scolari [the Brazilian coach] acknowledged that both teams probably played with too much physicality, but he said the referee, Velasco Carballo, did not do enough to control the tenor of the game.” The Colombian coach was also critical of the referee and was quoted as saying, “We lost fluidity to the game because of that friction and intensity.”

Sam Borden, in another NYT article entitled “For Bellicose Brazil, Payback Carries Heavy Price: Loss of Neymar”, seemed to believe that it was Brazil and its tactics which may have reaped what they had sown with hard fouls against Colombian players. Nevertheless, “Soccer referees will often show yellow cards to players for “persistent infringement” of the rules, a phrase tha t generally means committing three or four serious fouls. Fernandinho [Brazilian midfielder] was called for four fouls in just the first half of the game, three of them significant hacks at Rodríguez. But Velasco Carballo gave him no penalty.”

After halftime, the referee still did not take control of the game. Borden wrote, “It was in the 57th minute, though, when the match began to boil over. The Colombians had continued to mostly sit back and take the punishment, but they were clearly infuriated when Silva crushed Ramos from behind as he went toward a ball. Velasco Carballo, again, declined to whistle a foul. The Colombians’ ire was raised even more 10 minutes later when the referee showed a yellow card to Rodríguez — who was apoplectic at the decision — for an innocuous trip that was, as Rodríguez vociferously pointed out with multiple hand gestures, a first offense compared with Fernandinho’s harrying.”

Borden leveled his most direct criticism at Carballo when he wrote the following “Velasco Carballo’s role in the ugliness cannot be minimized. A Spaniard, he is known as a high-level official, but it seemed clear that he was determined to avoid using cards to control the players. That decision backfired, particularly as it related to Fernandinho; instead of giving the players a comfort level to play more freely early on, his lenience served as an elastic band on the game, encouraging the players, especially the Brazilians, to try to see just how much contact they could get away with on Rodríguez without being punished. It was a poor miscalculation from Velasco Carballo, and one he compounded by neglecting to adjust as the game progressed. His culpability is impossible to ignore.”

Rarely do you see such a course of action or perhaps more aptly put, failure to engage in a course of action, as leading to such a catastrophic result. In any competitive match, for almost any sport, it is up to the referee to keep things from getting out of control. If they start to get to physical and play outside the rules, then it is the job of the referee to enforce penalties against the offending party or parties. Of the 54 fouls called against Brazil in its match with Colombia, 31 were against the host nation. It was only a matter of time before things got out of hand. If players are told by a referee’s action that there will be no sanctions for hard fouls that cross over the line, they will certainly get that message.

For the compliance practitioner, I do not think the lesson learned could be any clearer. Companies which continue to reward, through promotion and compensation, high producing sales people, while turning a blind eye towards their sales techniques which may be in violation of company policy or even the FCPA; will communicate that playing by the rules is not in your interest if you want to get ahead in this company. Correspondingly, if a company’s first action when an anonymous whistleblower raises an allegation is to try and find out the identity of the whistleblower, that also sends a strong message that the company will get you, one way or another.

For Brazil, the loss of its star player can certainly not help its chances going forward. For the rest of us, we will lose the sight of seeing one of the world’s greatest footballers on its greatest stage. And let’s not forget Neymar, who is the one with the fractured back.

===============================================================================================================================================================================================================================================

The FCPA Compliance and Ethics Report, Episode 73-World Cup Report Part V, is now up. In this episode Mike Brown and I continue our discussion of the World Cup, FIFA, compliance and ethics, including a review of the topic of this blog. To view the episode, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 7, 2014

No Sex Please, We’re British: More from GSK in China

No Sex PleaseThe above is the title of a British television show/play/movie which is a farcical romp about a newlywed couple who mistakenly receive an initial shipment of pornographic pictures, then movies and women, all sent from Sweden to England. The plot turns on their attempts to dispose of the ‘offending materials’ while under the noses of their parents/in-laws, employers and friends. In his review of the show, Christopher Heath said, “No Sex Please, We’re British shows how we stuffy Brits tie ourselves in knots when it comes to this subject. The funny thing is how the cast, led by Ronnie Corbett, handle their predicament and it has to be said, they cope with aplomb. As you might expect, the plot is all about mix-ups, keeping a stiff upper lip, maintaining a veneer of social respectability, not getting found out about something someone hasn’t done and failing miserably.”

I thought about that ubiquitous work of British visual and audio entertainment when the revelations from late June that the GlaxoSmithKline (GSK) PLC corruption scandal all started with a sex tape. In an article in the MailOnline, entitled “How a secret sex tape plunged British drugs giant Glaxo in a £90million bribery probe”, Rebecca Evans reported “A covert sex tape involving a senior executive and his Chinese lover was the trigger for a major investigation into corruption at British drugs giant GlaxoSmith-Kline, it was revealed yesterday. The video of married Mark Reilly and his girlfriend was filmed by secret camera and emailed anonymously to board members of the pharmaceutical firm. It led to an investigation that has rocked the £76billion company – which stands accused of bribing doctors and other health officials in China with £320million of gifts, including sexual favours from prostitutes, to persuade them to prescribe its drugs.”

This sex tape, along with allegations of bribery and corruption, were sent to GSK Board members, including Chief Executive Officer (CEO), Andrew Witty in March 2013 by someone with the email address “GSK Whistleblower”. Evans reported that two additional emails “making serious fraud allegations” were sent as well, one in January and one in May. In an article in the Wall Street Journal (WSJ), entitled “Sex Video Sheds Light in Glaxo China Case”, Laurie Burkitt reported that “The British drug maker regarded the video—apparently shot without the executive’s knowledge—as a breach of security, the person said.” Evans reported that in addition to this security breach, GSK believed the sex tape to be a “threat or blackmail attempt”. One of GSK’s responses was to hire the firm ChinaWhys Co., to investigate the matter. The firm’s principals, former journalist Peter Humphrey and Yu Yingzeng, a naturalized US citizen, were not able to determine who placed the video camera in Reilly’s Shanghai apartment, who shot the video or who sent it to GSK executives. However Evans reported “But a few months after starting to investigate Miss Shi, Mr Humphrey was arrested along with his wife Yu Yingzeng, a US citizen and daughter of one of China’s most eminent atomic weapons scientists. According to the Sunday Times, Mr Humphrey’s arrest and detention in July was at around the same time that China began a police probe into GSK’s alleged bribery.” And, unfortunately for Humphrey and his wife, they were arrested last August for allegedly breaking of Chinese laws relating to information privacy.

In addition to the investigation into the provenance of the sex tape and its sender, GSK had also engaged in an internal investigation into the substantive allegations of bribery brought forward by the “GSK Whistleblower” in emails to the GSK Board in January and May, 2013. As reported by Evans, “The emails laid out a series of sales and marketing practices described as ‘pervasive corruption’.” Unfortunately for the company, GSK “found ‘no specific evidence’ to substantiate the claims. However, the accusations are virtually identical to the charges laid by police against Mr Reilly and 45 other suspects. Last month, Britain’s Serious Fraud Office announced it is to investigate the company’s ‘commercial practices’.”

‘Honey-pots’ and ‘Sparrow-nests’ are well known terms for anyone who has read cold war tales of espionage between the former Soviet Union and the US. However, the Reilly sex-tape and the GSK bribery scandal would seem to be an entirely different can of worms. In an article in Time, entitled “What the GSK Sex Tape Says About Surveillance in China, Hannah Beech wrote that in China, “Surveillance – or the threat of surveillance — is a constant in China. As a journalist, I may be more interesting to the powers that be than some other foreigners here. But other expat friends who’ve been followed, hacked or otherwise tracked in China include diplomats, NGO staff and businesspeople. Also, artists and academics.” Such surveillance includes having “email auto-forwarding mysteriously activated or to be tailed by a black Audi while on assignment in the Chinese countryside.”

For the compliance practitioner the lessons of GSK in China continue to resonate, unfortunately for the negative consequences to GSK and its employees. All of the above articles note that the allegations of bribery and corruption presented to GSK by the “GSK Whistleblower” were also made to Chinese officials, who then began to investigate the company. Andrew Ward, reporting in a Financial Times (FT) entitled “Sex tape adds to murk of GSK China scandal”, said “A separate internal investigation was already under way into the bribery allegations that had first been made by a whistleblower in January.” Unfortunately for GSK, its internal investigation failed to turn up any evidence of bribery and corruption. More unfortunately for the company, “Mr. Reilly, a Briton and long-time GSK executive, was among 46 company employees identified by Chinese police in May as suspects when they handed evidence of “massive and systematic bribery” to prosecutors after a 10-month investigation.”

It does seem incredible at this point that any serious internal investigation could fail to turn up any of the evidence that the Chinese government has been able to develop against GSK. This points to the absolute importance of your internal investigations. Although the GSK investigation was focused in China, the same is true in the US, particularly for a US listed company subject to Dodd-Frank. Further, we must invoke that well-known British author George Orwell for reminding you that in some countries Big Brother really is watching you. And finally, you may not be paranoid as people really may be watching you and filming your most intimate acts.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 3, 2014

Gettysburg Day 3 – Failure of QA/QC and the Evolution of Your Compliance Program

Rebel ArtilleryToday is the 151st anniversary of Day 3 of the Battle of Gettysburg. Last year I focused on Pickett’s Charge and lessons that a compliance practitioner might draw from it. This year I want to look at the Confederate artillery bombardment, which preceded Pickett’s doomed attack. It was the largest of the Civil War with up to 170 Confederate guns opening fire on the Union center and approximately 80 Federal guns opening up to return fire. If you have seen the movie Gettysburg, you will remember the awesome cannonades and the young Confederate Artillery General Porter Alexander reporting to General Lee. At the time, it was reported that the barrage was so loud it could be heard as far away as Philadelphia and Baltimore.

The artillery barrage lasted just over one hour. The Confederate guns inflicted some damage on the Union batteries, but they largely overshot their targets. It was believed at the time that the reason the Confederate bombardment was ineffective was that Confederate artillerymen tended to aim high and missed their marks due to poor visibility from all the smoke on the battlefield.

However, a commentator named Captain Thorton, posting online in the American Civil War message board, had the following comments, “A week after the battle, Lt James Dinwiddie working for the Ordnance Dept. conducted tests on the various fuses supplied from around the Confederacy at the Richmond Laboratories. His findings showed that while those fuses manufactured in Charleston and Selma were made of exceptional quality, the rate of burn for those fuses was markedly less. In his findings compared with those fuses as previously supplied to the ANV from the Richmond arsenals it was found the fuses from Charleston and Selma burned at a rate of one second longer for the same length of fuse. The result of course was that those fuses in shells intended to explode over the Federal position at Gettysburg ranged anywhere from 150 to 200 yrds further to the rear before exploding. A 4 inch fuse would burn at the rate as one cut to 5 inches”. In other words, it was the quality in the supply chain, aka QA/QC.

I thought about this problem of quality and how it might relate to the compliance practitioner when I read a recent  article in the MIT Sloan Review of Management, entitled “What to Expect from a Corporate Lean Program”, by Torbjørn Netland and Karsa Ferdows. The focus of their articles was around ‘lean’ programs in the manufacturing sector and how “misplaced expectations of how quickly these programs can improve performance can make their implementation more difficult.” The key findings the authors made were threefold: (1) Management should set appropriate targets to move the process along; (2) There is a positive relationship between company or plant maturity in system implementation and its performance; and (3) Plants need to engage in continual assessment in where they are in the process.

Using the article as a basis for a Chief Compliance Officer (CCO) or compliance practitioner, the effectiveness of a compliance system depends on two variables: (1) how widely the compliance system has been implemented in a company, and (2) how thoroughly the company follows its prescriptions. A typical production system has many modules. Typically, at the beginning of an implementation, only a few modules are launched, throughout the company. However as compliance implementation is expanded to other the areas the initial implementation continues to receive upgrades and enhancements. The combination of these two variables — how widely and how thoroughly the compliance system is implemented — reflects a company’s “maturity” in the implementation.

The authors believe this leads to competing arguments for how “maturity in an implementation should affect its performance. On the one hand, if a lean program is a journey of incremental but continuous improvement, we should expect to see a linear relationship between implementation and effect on performance. On the other hand, the “low-hanging fruits” argument suggests that as a plant becomes more mature in an implementation, there would be fewer simple and quick improvements. Therefore, the rate of performance improvement would slow down.”

From this the authors derive four stages of performance improvement, which I believe adapt directly for the CCO or compliance practitioner and in demonstrating how the roles evolve during the life-cycle of a compliance program implementation. 

Stage I – Beginner Compliance Programs

Step One can always be the most difficult but can lead to the greatest results. The difficulty is in bringing in something that people consider new. If you are initially implementing a compliance program there may be some initial resistance to new programs or requirements. But it also provides the greatest opportunity for growth in your compliance regime. So you should expect a low but gradual rate of improvement in the implementation of your compliance regime. As CCO or compliance practitioner you should expect to hold extensive meetings with both the key stakeholders in the business units, senior management and those employees deemed high risk under any anti-corruption regime such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. There should be a dedicated compliance team to drive and coach the program implementation going forward. The budget should set small, measurable targets for improvement and the metrics should be closely followed.

Stage II – In Transition Compliance Programs

When you start to look for ways to improve compliance you inevitably find many low-hanging fruits and simple projects with quick returns. They not only improve the performance of the unit but also convince those directly involved of the value of a production system. Here you can expect to seen improvements in your compliance regime at a high and increasing growth rate. Your role as the compliance practitioner should be threefold. First to set stretch targets and have an expected accelerated rate of improvement. Second, to publicize your compliance program successes throughout the organization. Finally, the authors suggest the need to be ever vigilant for complacency.

Stage III – Advanced Compliance Programs

Companies with advanced compliance programs generally have accumulated both knowledge or and experience with the compliance program. In such companies, the authors predict that there will still be a high rate of improvement but it will be a decreasing rate of growth. However, the low hanging fruit of easy compliance implementation and successes will have been achieved and as the CCO or compliance practitioner in charge you will need to continue to set stretch targets but you may well be faced with a decelerating rate of improvement throughout your organization. You may well need to move your budget to areas for continuous improvement projects such as transaction, third party or relationship monitoring. However, this may be tempered by the fact that you can move more of the ‘doing’ of compliance down into the business units as your program matures.

Stage IV – Gold Standard Compliance Programs

When your compliance program moves to one of the top in your industry it will be time to “move beyond the frontiers of your industry.” As the CCO or compliance practitioner, you can expect to see low rates of improvement and decreasing rates of growth in your overall compliance program improvement. However this does mean you can simply sit around on your hands, as staying at this level is not easy. One thing that will assist you is that there will be a larger pool of compliance talent for you to draw from throughout your organization to help you move to a continuous monitoring model of compliance. By this stage you should have good working relationships with most of the other support functions in your organization which will allow you to leverage upon their specific disciplines for your compliance initiatives going forward.

The authors end their article with something that is often said but bears repeating, that senior management must be committed to the implementation and you must establish a reliable process for measuring the gains you make and the maturity you have achieved. Moreover, the assessment process can be an effective mechanism to transfer best compliance practices and expertise across your organization.

In the aftermath of the Confederate failure at Gettysburg, testing was done on the fuses for Southern artillery shells. This testing showed the reason why the Confederate caissons had been largely ineffective on Day 3 of the battle. However, as your compliance program evolves, your role may well need to change in reference to it. Certainly the roles compliance teams and those in the company business units who assist in the compliance effort will need to be assessed and reviewed as your compliance program matures.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 27, 2014

The Berlin Airlift and Different Approaches to Compliance Issues

Berlin AirliftAs the USA played Germany in the World Cup yesterday, it is perhaps appropriate that we look back at another June 26th event that involved the US as we celebrate one of the great relief efforts in post-war Europe and the Cold War, the Berlin Airlift. On June 26, 1948, US and British pilots begin delivering food and supplies by airplane to Berlin after the city is isolated by a Soviet Union blockade. Though some in President Truman’s administration called for a direct military response to this aggressive Soviet move, the President was concerned that such a response would trigger another world war. As an alternative, he coordinated a massive airlift operation under the control of General Lucius D. Clay, the American-appointed military governor of Germany. The first planes took off from England and western Germany on June 26, loaded with food, clothing, water, medicine and fuel. By July 15, an average of 2,500 tons of supplies was being flown into the city every day. The massive scale of the airlift made it a huge logistical challenge and at times a great risk, with planes landing at Tempelhof Airport every four minutes, round the clock for the next 15 months. This broke the Soviet blockade.

I thought about this alternative approach that Truman employed, a supply line rather than a military response, when I read MIT Sloan Management Review article, entitled “What Businesses Can Learn From Sports Analytics”, by Thomas H. Davenport. In his article, Davenport explored how “the use of analytics in the sports world has much to teach managers about alignment, performance improvement and business ecosystems.”

For his article, Davenport “interviewed more than 30 representatives of teams, sports analytics vendors and consultants for a report on the state of the art in sports analytics,” in which he “focused on three different areas of activity, each of which is growing rapidly. In order of decreasing prevalence, they are: team and player performance analytics, sports business analytics, and health and injury prevention analytics.” From this research, he developed five key lessons that almost any business could adopt. However I thought about his points in the context of compliance ecosystems rather than business ecosystems so I will use his article as a starting point to consider what compliance can learn from sports analytics.

  1. Align leadership at multiple levels 

Davenport believes “In sports, key decisions — which players to acquire, how much to pay them, and which strategies to adopt for better athletic and business performance — must be made and overseen at multiple levels. As a result, alignment along different management levels is crucial.” Based on his research I believe the message for Chief Compliance Officers (CCOs), compliance practitioners and analytical practitioners is to work together closely and consult frequently.

  1. Focus on the human dimension 

Davenport’s key finding about sports teams is that they realize that their players are both their most important and expensive resources and that sports teams focus on the human dimension of performance in a variety of ways. “First, they address individual-level game performance by monitoring points scored, rebounds gathered, batting averages and other increasingly sophisticated measures of both offensive and defensive performance… Second, teams are beginning to assess not just individual performance, but performance in context.” They will also assess a team’s performance “with and without a combination of players.”

However, if companies say they focus on their employees as their most valuable resource, they typically only focus their analytics on “operational or marketing issues and not on the human dimension of performance.” The key insight here is for compliance to focus on more of a team aspect by investigating a group’s compliance performance “with or without a particular person’s presence could be a valuable insight.” This could be expanded to reviewing wider sales teams in a region, country or product/service line.

  1. Exploit video and locational data 

In Major League Soccer (MLS), players wear a GPS-based locational device that captures all movements around the field. In the NBA, six cameras in the ceiling of each arena capture all movements of the players and ball. All Major League Baseball (MLB) stadiums have cameras that track every pitch, and many teams also track every hit and fielding play with video cameras. This allows a more complete view of the raw numbers that metrics generates.

While it may not seem readily apparent, this type of approach can also benefit the compliance function. The key is that it looks at raw numbers in a different way. So transaction monitoring could be pared with relationship monitoring or other indicia. Also travel and communications could be considered to show what might be happening in locations that are not readily apparent. The key takeaway is that there is more information available by obtaining more types of data.

  1. Work within a broader ecosystem

Davenport found that “Professional sports teams are relatively small businesses, with much of their revenue going toward player salaries, leaving just nominal funds for any data and analytics projects. As a result, teams often need to work within a broader ecosystem of data, software and services providers.” Based on this he believes that a “key in these partnerships is to draw as much as possible from the partner while maintaining key internal capabilities.”

For the compliance professional, you should try to develop relations with key vendors because there are just too many different techniques, types of data and other aspects of analytics to exploit, and even the largest corporation can’t excel on its own. The GRC Pundit, Michael Rasmussen has observed that in GRC there is more than one technology. The same holds true in the compliance space. Jon Rydberg, founder of the Orchid Advisors, has called this the “Compliance Ecosystem Transformation” which he defines as “The coordinated development of compliance activities that transcend your entire supply chain, from suppliers – to manufacturers – to distributors – to retailers.”

  1. Support “analytical amateurs”

Finally, Davenport found that “Some professional athletes have begun to analyze their own performance in depth using public or team data and reports. Specifically, a number of soccer and football players have become assiduous reviewers of their video and GPS data, although the most frequent users have been professional baseball players, particularly pitchers.”

For the compliance professional, this translates that they could also benefit from becoming such ‘analytical amateurs”. Moreover, they could work with business unit personnel to could keep track of their own scores on compliance measures and use that information to improve their performance. Analytics-minded salespeople and managers could, for example, use the extensive data from compliance management management systems to assess and improve their performance.

I found Davenport’s article to be quite thought provoking. For just as President Truman was able to come up with a different approach for a situation that could have led to World War III or at the very least a completely communist dominated unified Berlin, there are different ways to look at problems and find solutions. Using the analytical approach that has become so prevalent in the sports world may lead you to new and different thinking in the compliance arena.This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 26, 2014

Coolness in Being the Bad Guy? Eli Wallach and GSK

Eli WallachEli Wallach died Tuesday. For my money, he was about the coolest bad guy out there. Not tough like Lee Marvin, just cool. My favorite Wallach roles were as Calvera in The Magnificent Seven and as Tuco in The Good, The Bad and The Ugly. An early proponent of method acting, Wallach performed on the stage and in films for over 60 years. Although originally from Brooklyn, Wallach was also a fellow Texas Longhorn, having attended the University of Texas. He served in France as a Second Lieutenant in France during World War II.

I thought about Wallach’s über coolness when considering the most decided uncool position of the UK pharmaceutical giant GlaxoSmithKline PLC (GSK) recently. Last month the Chinese government issued a most very stern warning to GSK when it accused the former head of GSK’s China business of direct involvement in bribery and corruption. But more than this direct accusation, the move was a clear warning shot across the bow of not only western pharmaceutical companies doing business in China but also all western companies. In an article in the Wall Street Journal (WSJ), entitled “Beijing Warns Sernly on Glaxo”, Laurie Birkett quoted Helen Chen, a director and partner at consultancy L.E.K., as saying “Focusing much of the blame on a foreigner sends a strong message to all. Companies will see that if authorities are willing to accuse even a foreigner, who is in senior management, the issue is being taken seriously, it’s a clear message that bribery is unacceptable in the market.” Burkitt went on to say, “Experts say China’s medical system is deeply underfunded, giving doctors, hospitals and administrators an incentive to overcharge and overprescribe. Glaxo, in the past, organized trips for doctors around China and to places such as Budapest and Greece as part of a broader effort involving perks and cash to get doctors to boost drug prescriptions, according to documents previously reviewed by The Wall Street Journal.”

Such reports of endemic corruption are not new. An article, entitled “GSK China probe flags up wider worries”, in the Wednesday edition of the Financial Times (FT) reporters Andrew Jack and Patti Waldmeir discussed not only the endemic nature of corruption in China but how, in many ways, the Chinese health care system is based on such corruption. The piece quoted George Baeder, an independent drug industry advisor, for the following, “Financial flows – both legal and illegal – tied to drug and device sales are funding perhaps 60-80 per cent of total hospital costs. Without this funding, the current system would collapse.” Further, “central and provincial Chinese governments cannot afford to pay doctors a living wage, and may patients cannot afford to pay the true cost of care.” And finally, “Up to now, Beijing has turned a blind eye as pharma companies find ways to subsidise doctor salaries and underwrite their medical education.” How about that for structural corruption?

Intertwined with this structural issue is the problem of the quantity and quality of the drug supply. Many Chinese doctors do not feel that there is an acceptable alternative to foreign pharmaceutical products. This drives up the cost of prescribed medicines, as this quantity is therefore limited. But even where indigenous Chinese generic drugs are available as alternatives, many patients do not trust these medicines. This restricts the quality of drugs available.

But with this recent round of accusations against GSK it appears that the Chinese government has opened a new front. In an article in The Telegraph, entitled “GSK bribery scan could cause ‘irreparable damage’, says China”, Denise Roland reported that “Beijing has apparently issued a warning to all foreign firms, cautioning that the corruption charges against GlaxoSmithKline executives could cause “irreparable damage” to the drug maker’s Chinese operations.” She quoted from the state news agency Xinhua for the following, “GSK’s practices eroded its corporate integrity and could cause irreparable damage to the company in China and elsewhere. The case is a warning to other multinationals in China that ethics matter.”

In addition to these charges against a senior GSK executive, which could lead liability up to the GSK boardroom, Jonathan Russell, also writing in The Telegraph, in an article entitled “GlaxoSmithKline is facing more than double jeopardy”, said that “GlaxoSmithKline’s problems are multiplying fast. In China authorities have identified 46 individuals connected to the company they claim were involved in “massive and systemic bribery”. In the UK the Serious Fraud Office (SFO) marked out its pitch this week, revealing it has opened an official investigation into allegations of bribery; and an internal GSK probe is looking at potential wrongdoing in Jordan and Lebanon.” More ominously, he also noted that “Given the slew of allegations so far it seems a fair assumption that other international law enforcement agencies, notably the US Department of Justice, will be taking a long, close look at the allegations.”

While Russell points to the general UK prohibition against prosecutions, which might invoke double jeopardy, he says “As ever with the law there are exceptions to the principle. However they are limited in scope and rare in number. It may also be the case that the principle of double jeopardy may not be invoked in this case if the alleged offences the SFO is investigating are separate to those under investigation in China. They could relate to matters that took place in Jordan or Lebanon.” Russell also pointed out that “international prosecutors carving up parts of prosecutions so they can all have their pound of flesh. A very painful prospect for GSK.” It will also be interesting to see if GSK is charged under the UK Bribery Act, under the prior law or both. If charges are brought under the Bribery Act, which became effective on July 1, 2011, do you think GSK would try and raise a compliance defense based on the Six Principals of Adequate Procedures? I guess having a compliance defense is pretty useless if your company engages in bribery and corruption.

While Russell talks about the aggressiveness of US prosecutors under the Foreign Corrupt Practices Act (FCPA), he does not discuss what may be GSK’s greatest exposure in the US. GSK was under the equivalent of a Deferred Prosecution Agreement (DPA) called a Corporate Integrity Agreement (CIA) for its prior sins related to off-label marketing. This CIA not only applied to the specific pharmaceutical regulations that GSK violated but all of the GSK compliance obligations, including the FCPA. In addition to requiring a full and complete compliance program, the CIA specified that the company would have a Compliance Committee, inclusive of the Compliance Officer (CO) and other members of senior management necessary to meet the requirements of this CIA, whose job was to oversee full implementation of the CIA and all compliance functions at the company. These additional functions required Deputy Compliance Officers for each commercial business unit, Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified. Further, there was detail down to specifically state that all compliance obligations applied to “contractors, subcontractors, agents and other persons (including, but not limited to, third party vendors)”.

For the compliance practitioner, one clear message from the GSK matter is to monitor, audit and continuously review your Chinese operations. I will have more to say about the China corruption crackdown in an upcoming blog post but just like Eli Wallach as Calvera in The Magnificent Seven told the gunmen hired to protect the Mexican village, you have been warned.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 23, 2014

An Event That Changed the World and Fostering Compliance Leadership – Part II


IMG_1196Yesterday, I used the assassination of Archduke Ferdinand and its continuing legacy even up until today to introduce a two-part series about ‘Blue Ocean Leadership’. The assassination and some of its legacies were detailed in an article in the March 22 edition of the Financial Times (FT) in a piece by Simon Kuper entitled, ‘The crossroads of history”. In this article, Kuper wrote about his return to modern day Sarajevo “to try and understand his act in its local context – the context both of 1914 and 2104.” I think that Kuper did come to some understanding through his reporting, which I found to be first rate.

Yesterday I reviewed the Harvard Business Review (HBR) article entitled “Blue Ocean Leadership”, which I found to be one of the most interesting and perhaps even game-changing discussions on how to be a more effective leader that I have ever read or heard about. In Part I I wrote about what ‘Blue Ocean Leadership’ is and how it differs from conventional leadership. Today, I will review the strategies of how to execute this type of leadership and explore its implications for the Chief Compliance Officer (CCO) or compliance practitioner.

I was extraordinarily gratified to see that the authors believe that something akin to the Fair Process Doctrine should be used to address over-coming resistance to changing over to ‘Blue Ocean Leadership’. The Fair Process Doctrine recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. People are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at by processes and procedures that are perceived as fair by employees. This means that that employees will commit to a manager’s decision—even one they disagree with—if they believe that the process the manager used to make the decision was fair.

 The authors write “the gift that fair process confers is trust and, hence, voluntary cooperation, a quality vital to the leader-follower relationship. Anyone who has ever worked in an organization understands how important trust is. If you trust the process and the people you work for, you’re willing to go the extra mile and give your best. If you don’t trust them, you’ll stick to the letter of the law that binds your contract with the organization and devote your energy to protecting your position and fighting over turf rather than to winning customers and creating value. Not only will your abilities be wasted, but they will often work against your organization’s performance.”

 The authors have a somewhat different formulation for fair process when they say that it includes “engagement, explanation and expectation clarity.” Further, the authors say “the leadership development context, the application of fair process achieves buy-in and ownership of the to-be Leadership Profiles and builds trust, preparing the ground for implementation.” The authors suggest four steps for implementing ‘Blue Ocean Leadership’.

Step 1 - Respected senior managers should spearhead the effort. Nothing speaks to company employees more than who is leading an initiative. The authors state, “strongly signals the importance of the initiative, which makes people at all levels feel respected and gives senior managers a visceral sense of what actions are needed to create a step change in leadership performance.”

Step 2 - Engaging the company’s rank and file in defining what leaders should do. This is the engagement prong of the fair process doctrine. If there is engagement, employees will “feel more deeply engaged with their leaders, because they have greater ownership of what their leaders are doing.”

Step 3 - Giving employees a say in the final decision. This allows a vertical slice of the organization, from the top to bottom to have a say in what the leadership profiles will be going forward. This comes though give and take and if senior management does not accept a proffered leadership profile, it must be prepared to defend its decision, through a “clear, sound explanation of their decision.”

Step 4 – Ease in assessment of whether expectations are being met and in monitoring progress. The authors suggest no less than monthly feedback “between leaders and their direct reports help the organization check whether it’s making headway.” The authors write that such a timeframe, will “keep leaders honest, motivate them to continue with change, and build confidence in both the process and the sincerity of the leaders. By collecting feedback from those meetings, top management can assess how rapidly leaders are making the shift from their as-is to their to-be Leadership Profiles, which becomes a key input in annual performance evaluations.”

There are many tangible benefits that the authors article discuss and those discussions can lead directly to the elimination of actions that senior management invest their time in. Even if some actions and activities cannot be entirely eliminated, they can be reduced. Conversely, these types of discussions can show senior management what acts and activities should be raised above their current level. Finally, this type of leadership protocol can show leaders the types of activities they should be engaging in that they are not currently undertaking.

For the compliance practitioner I think there are several important lessons and implications, which can be drawn from this article. Rather than start with the CCO, I want to take the opposite approach and begin with the compliance practitioner who is on the frontline. The clearest lesson from this scholarship is to “serve your customers, not the boss.” This means should try to eliminate your queries up the chain and try to handle direct issues yourself and reduce seeking approval for decisions. Frontline compliance practitioners need to raise more relevant compliance training and information to the business units or geographic areas they support. Finally, the frontline compliance practitioners should celebrate compliance successes locally.

For the mid-level compliance manager, they strive for ‘more coaching and less control’ from senior management. This means elimination of frequent requests for detailed progress reports on initiatives and programs. Further, there should be a reduction of requirements and review of justifications for decisions from the frontline compliance practitioners. Mid-level compliance practitioners should strive to not only understand but also explain compliance strategy clearly and empower frontline compliance practitioners to stretch themselves through more effective coaching. Finally, mid-level compliance managers should work to set performance goals together, share best practices across teams, business units and geographic regions and align rewards with performance.

The key for senior level compliance practitioners is to move from the day-to-day work to the bigger picture of compliance. As much as possible, senior compliance managers need to stop operational problem solving and putting out fires. If senior compliance managers cannot fully eliminate such actions, they should try and reduce the number of meetings dealing with operations improvement but also try and reduce the monitoring and coordination of middle management. Issues that senior compliance managers should try and raise up in activities awareness include dealing with poor performance, coaching and motivating their direct reports, creating a compelling strategy and then clearly communicating that strategy. Finally, senior compliance managers should develop a compliance agenda for the future (think Stephen Martin’s 1-3-5 year strategy) and advance a process for implementation of continual assessment and improvement of that strategy.

The authors write, “We never cease to be amazed by the talent and energy we see in the organizations we study. Sadly, we are equally amazed by how much of it is squandered by poor leadership. Blue ocean leadership can help put an end to that.” They put forward “a concrete, visual framework in which they can surface and discuss the improvements leaders need to make. The fairness of the process makes the implementation and monitoring of those changes far easier than in traditional top-down approaches. Moreover, blue ocean leadership achieves a transformation with less time and effort, because leaders are not trying to alter who they are and break the habits of a lifetime. They are simply changing the tasks they carry out. Better yet, one of the strengths of blue ocean leadership is its scalability. You don’t have to wait for your company’s top leadership to launch this process. Whatever management level you belong to, you can awaken the sleeping potential of your people by taking them through the four steps.”

I found their article to be quite compelling. I hope that you will consider some or all of these suggestions as a way to set up you and your compliance team to become Blue Ocean Leaders and un-tap the potential of your entire compliance team.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

An Event That Changed the World and Fostering Compliance Leadership – Part I

Archduke Ferdinand AssassinationThis coming Saturday, June 28th, is the 100th anniversary of most probably the single most momentous event of the 20th century; the assassination of Archduke Ferdinand and his wife Sophie in Sarajevo, then located in the Austro-Hungarian Empire. I view it as the singular event of the prior century because it led directly to the following events: the First World War, the Second World War, the Russian Revolution, the fall of the Hapsburg, Romanov and Prussian monarchies, the Cold War and a host of other events. One can point to 1963 in Dallas and 9/11 as direct descendants of the actions of the Sarajevo assassins.

One of the best articles I have ever read on the assassination was in the March 22nd edition of the Financial Times (FT) in a piece by Simon Kuper, entitled ‘The crossroads of history”. Kuper returned to modern day Sarajevo “to try and understand his act in its local context – the context both of 1914 and 2104.” I think that Kuper did come to some understanding through his reporting, which I found to be first rate. The attack on the Archduke itself came about through a plethora of mis-steps, foolish decisions and idiotic mistakes that rival any modern day industrial catastrophe. Kuper quoted the author Rebecca West for the following, “Nobody worked to ensure the murder on either side as the people who were murdered.” As this assassination started Europe down a road that led to well over 20 million deaths, it is an appropriate start to many more posts I will have during the centenary of 1914.

Just as Gavrilo Princip changed the course of history, I recently read an article in the May edition of the Harvard Business Review (HBR) which I think could significantly modify how you, as a Chief Compliance Officer (CCO) or compliance practitioner, will think about getting employees to “apply their talent and energy to move organizations forward” in compliance and ethics. The article is entitled “Blue Ocean Leadership”. In this two-part series I will explain the authors view of the problem that “According to Gallup’s 2013 State of the American Workplace report, 50% of employees merely put their time in, while the remaining 20% act out their discontent in counterproductive ways, negatively influencing their coworkers, missing days on the job, and driving customers away through poor service. Gallup estimates that the 20% group alone costs the U.S. economy around half a trillion dollars each year.” The authors believe that “poor leadership is a key cause” of this problem. The authors posit that leadership is a “service that people in an organization “buy” or “don’t buy” and when employees come to value you as a leader, they “in effect buy your leadership.”

Today I will focus on how ‘Blue Ocean Leadership’ differs from conventional leadership and tomorrow I will review strategies of how to execute this type of leadership and explore its implications for the CCO or compliance practitioner.

Key Differences from Conventional Leadership Approaches

The authors point to three key differences between ‘Blue Ocean Leadership’ and traditional leadership approaches.

The first key difference is that ‘Blue Ocean Leadership’ “focuses on what acts and activities leaders need to undertake to boost their teams’ motivation and business results, not on who leaders need to be. This difference in emphasis is important. It is markedly easier to change people’s acts and activities than their values, qualities, and behavioral traits. Of course, altering a leader’s activities is not a complete solution, and having the right values, qualities, and behavioral traits matters. But activities are something that any individual can change, given the right feedback and guidance.”

The second under ‘Blue Ocean Leadership’ is to “connect closely to market realities”. This is accomplished by having “the people who face market realities are asked for their direct input on how their leaders hold them back and what those leaders could do to help them best serve customers and other key stakeholders. And when people are engaged in defining the leadership practices that will enable them to thrive, and those practices are connected to the market realities against which they need to perform, they’re highly motivated to create the best possible profile for leaders and to make the new solutions work.” This allows not only employee buy-in both also quicker and more efficient engagement of the implementation of a leaders program.

The third key difference is that ‘Blue Ocean Leadership’ distributes leadership across all levels of management. The authors quoted one senior executive who said, “The truth is that we, the top management, are not in the field to fully appreciate the middle and frontline actions. We need effective leaders at every level to maximize corporate performance.” However ‘Blue Ocean Leadership’ is more robustly “designed to be applied across the three distinct management levels: top, middle, and frontline. It calls for profiles for leaders that are tailored to the very different tasks, degrees of power, and environments you find at each level. Extending leadership capabilities deep into the front line unleashes the latent talent and drive of a critical mass of employees, and creating strong distributed leadership significantly enhances performance across the organization.”

The Four Steps of Blue Ocean Leadership

Most importantly the authors believe that you have to see your leadership for what it is and not what you wish it to be. If you do not have a “common understanding of where leadership stands and is falling short, a forceful case for change cannot be made.” The authors created a template that they called “Leadership Canvases” which are visual representations to show what leaders actually do, rather than what they think they do. The authors’ research showed that 20% to 40% of all actions taken by managers are of little value to the organization. This led to the “biggest “aha” for the subteams was that senior managers appeared to have scarcely any time to do the real job of top management—thinking, probing, identifying opportunities on the horizon, and gearing up the organization to capitalize on them.”

Based upon this initial finding, the authors began to explore alternative leadership profiles. Here you are required “to think beyond the bounds of the company and focus on effective leadership acts they’ve observed outside the organization, in particular those that could have a strong impact if adopted by internal leaders at their level. Here fresh ideas emerge about what leaders could be doing but aren’t. This is not, however, about benchmarking against corporate icons; employees’ personal experiences are more likely to produce insights. Most of us have come across people in our lives who have had a disproportionately positive influence on us. It might be a sports coach, a schoolteacher, a scoutmaster, a grandparent, or a former boss. Whoever those role models are, it’s important to get interviewees to detail which acts and activities they believe would add real value for them if undertaken by their current leaders.”

The next step begins to take what I call some real corporate courage. It requires that middle and frontline managers critique what senior management has come up with in step 2, developing alternative leadership profiles. Some of the more interesting changes were ‘Cut through the Crap’ in which “frontline leaders did not defer the vast majority of customer queries to middle management and spent less time jumping through procedural hoops. Their time was directed to training frontline personnel to deliver on company promises on the spot” and to resolve problems. Another was ‘Liberate, Coach and Empower’ where leaders “time and attention shifted from controlling to supporting employees.” Finally, there was ‘Delegate and Chart the Company’s Future’ where the front and middle line managers had more responsibility so “senior managers would be freed up to devote a significant portion of their time to thinking about the big picture—the changes in the industry and their implications for strategy and the organization. They would spend less time putting out fires.”

Blue Ocean Leadership’ challenges companies to allow its employees to “think about which acts and activities leaders should do less of because they hold people back, and which activities they should do more of because they inspire people to give their all.” Just as you begin to think through the changes wrought by one action in a small town, very long ago, which changed the 20th Century forever, you may wish to use these concepts to think about how your leadership can be made more effective.

In tomorrow’s post I will look at how the authors believe you can execute a ‘Blue Ocean Leadership’ change in your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 20, 2014

The Oath of the Tennis Court and How to Document, Document, and Document

Filed under: Best Practices,Document Document Document,FCPA — tfoxlaw @ 12:01 am

Oath of the Tennis CourtI have an undergraduate degree in European History, French Revolution to the Present, which was then 1978. Perhaps not the most marketable of college degrees but for a lover of history it was a ton of fun. One of my favorite study subjects was the French Revolution, particularly the phase from 1789-1792; the period of almost Constitutional Monarchy, before the King was executed and the Terror set in. While this part of the Revolution failed, it does not mean that was not a noble effort by the French people, who had been inspired in large part by the success of our American Revolution.

In the spring of 1789, King Louis XVI, called the Estates-General into session. It was a national assembly that represented the three “estates” of the French people – the nobles, the clergy, and the commons. The Estates-General had not been assembled since 1614, and its deputies drew up long lists of grievances and called for sweeping political and social reforms.

The Third Estate, which had the most representatives, declared itself the National Assembly and took an oath to force a new constitution on the king. Initially seeming to yield, Louis legalized the National Assembly under the Third Estate but then surrounded Versailles with troops and dismissed Jacques Necker, a popular minister of state who had supported reforms. In response, Parisians mobilized and on July 14 stormed the Bastille, a state prison where they believed ammunition was stored, and the French Revolution began. On this date in 1789, one of the most dramatic events occurred; The Oath of the Tennis Court, where the deputies of the Third Estate, which represent commoners and the lower clergy, met on the Jeu de Paume, an indoor tennis court, in defiance of King Louis XVI’s order to disperse. In these modest surroundings, they took a historic oath not to disband until a new French constitution had been adopted.

The Oath of the Tennis Court was recorded for each member who took part. In other words, there was full documentation of who took the oath and the substance of the oath taken. It was a very good example of what I continue to hammer as the three most important things in Foreign Corrupt Practices Act (FCPA) compliance, that being Document, Document, and Document. However, many people ask what that means more than simply writing something down.

I am currently attending the UL EduNeering Leadership Forum and there are several compliance representatives from the pharmaceutical industry in attendance. One thing I have learned is that the pharmaceutical industry has a definition of Good Documentation Practice (GDP), which describes standards by which documentation is created and maintained in the industry. Although the US Food and Drug Administration (FDA) sets some GDP standards, others fall under the Current Good Manufacturing Practice (cGMP). Finally, all pharmaceutical, bioscience and healthcare companies, as well as their vendor partners, must observe GDP or face warnings or penalties levied by the FDA.

In an article by Barry Peters and Heather D. Ferrence, entitled “Importance of Implementing Good Documentation Practices”, they note that the World Health Organization (WHO) says the some of the purposes of GDP include:

  • To define the specifications and procedures for all materials and methods of manufacture and control.
  • To ensure that all personnel concerned with manufacturing know what to do and when to do it.
  • To ensure that authorized persons have all the information necessary to decide whether or not to release a batch of a drug for sale.
  • To ensure the existence of documented evidence, traceability and to provide records and an audit trail that will permit investigation.
  • To ensure the availability of the data needed for validation, review and statistical analysis.

Moreover, “an essential part of all aspects related to Good Manufacturing Practices (GMP), adhering to GDP helps prevent errors within various processes, such as product quality and safety, state of manufacturing facilities and other related activities, and ensures that each company is following strict standard operating procedures (SOPs). In a regulated industry, such as pharmaceuticals, quality cannot be assured without accurate documents and GDP.” Finally, it is to be noted that “it is imperative that all documentation is concise, legible, accurate and traceable.”

Adapting the authors’ suggestions specific to the pharmaceutical industry, I submit the following for your consideration in your Document, Document, and Document practices in FCPA compliance:

  • Lack of proper record keeping when documents are transferred from one department to another.
  • Critical oversight regarding document issue, data collection and document review.
  • Consistent labeling that includes identification codes and any document revision codes.
  • Ensuring proper security and storage of documents during review process.
  • Proper and consistent identification of all documents through all processes.
  • Ensuring that all those whose signatures appear on the documents understand why they signed the documents as well as any and all responsibilities associated with the signing of the documents.

To the above list I would add some additional suggestions:

Document maintenance

  • Regularly reviewed and kept current
  • Retained and available for appropriate duration
  • Electronic document management systems are validated
  • Electronic records are backed up

Document modification

  • Handwritten modifications are signed and dated
  • Altered text is not obscured (e.g., no correction fluid)
  • Where appropriate, the reason for alteration must be noted
  • Controls exist to prevent the inadvertent use of superseded documents
  • Electronic versions can only be modified by authorized personnel
  • Access to electronic versions must be controlled by password or other means
  • A history (audit trail) must be maintained of changes and deletions to electronic versions
  • Supporting documents can be added to the original document as an attachment for clarification or recording data. Attachments should be referenced at least once within the original document. Ideally, each page of the attachment is clearly identified (i.e. labeled as “Attachment X”, “Page X of X”, signed and dated by person who attached it, etc.)

Setting and following good document practices is an essential aspect of compliance with federal regulations, such as the FDA, who governs large aspects of the pharmaceutical industry, and other federal laws such as the FCPA. So in addition to documenting your actions, you should also follow a written protocol for document maintenance and subsequent modifications.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

« Previous PageNext Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,538 other followers