FCPA Compliance and Ethics Blog

June 26, 2014

Coolness in Being the Bad Guy? Eli Wallach and GSK

Eli WallachEli Wallach died Tuesday. For my money, he was about the coolest bad guy out there. Not tough like Lee Marvin, just cool. My favorite Wallach roles were as Calvera in The Magnificent Seven and as Tuco in The Good, The Bad and The Ugly. An early proponent of method acting, Wallach performed on the stage and in films for over 60 years. Although originally from Brooklyn, Wallach was also a fellow Texas Longhorn, having attended the University of Texas. He served in France as a Second Lieutenant in France during World War II.

I thought about Wallach’s über coolness when considering the most decided uncool position of the UK pharmaceutical giant GlaxoSmithKline PLC (GSK) recently. Last month the Chinese government issued a most very stern warning to GSK when it accused the former head of GSK’s China business of direct involvement in bribery and corruption. But more than this direct accusation, the move was a clear warning shot across the bow of not only western pharmaceutical companies doing business in China but also all western companies. In an article in the Wall Street Journal (WSJ), entitled “Beijing Warns Sernly on Glaxo”, Laurie Birkett quoted Helen Chen, a director and partner at consultancy L.E.K., as saying “Focusing much of the blame on a foreigner sends a strong message to all. Companies will see that if authorities are willing to accuse even a foreigner, who is in senior management, the issue is being taken seriously, it’s a clear message that bribery is unacceptable in the market.” Burkitt went on to say, “Experts say China’s medical system is deeply underfunded, giving doctors, hospitals and administrators an incentive to overcharge and overprescribe. Glaxo, in the past, organized trips for doctors around China and to places such as Budapest and Greece as part of a broader effort involving perks and cash to get doctors to boost drug prescriptions, according to documents previously reviewed by The Wall Street Journal.”

Such reports of endemic corruption are not new. An article, entitled “GSK China probe flags up wider worries”, in the Wednesday edition of the Financial Times (FT) reporters Andrew Jack and Patti Waldmeir discussed not only the endemic nature of corruption in China but how, in many ways, the Chinese health care system is based on such corruption. The piece quoted George Baeder, an independent drug industry advisor, for the following, “Financial flows – both legal and illegal – tied to drug and device sales are funding perhaps 60-80 per cent of total hospital costs. Without this funding, the current system would collapse.” Further, “central and provincial Chinese governments cannot afford to pay doctors a living wage, and may patients cannot afford to pay the true cost of care.” And finally, “Up to now, Beijing has turned a blind eye as pharma companies find ways to subsidise doctor salaries and underwrite their medical education.” How about that for structural corruption?

Intertwined with this structural issue is the problem of the quantity and quality of the drug supply. Many Chinese doctors do not feel that there is an acceptable alternative to foreign pharmaceutical products. This drives up the cost of prescribed medicines, as this quantity is therefore limited. But even where indigenous Chinese generic drugs are available as alternatives, many patients do not trust these medicines. This restricts the quality of drugs available.

But with this recent round of accusations against GSK it appears that the Chinese government has opened a new front. In an article in The Telegraph, entitled “GSK bribery scan could cause ‘irreparable damage’, says China”, Denise Roland reported that “Beijing has apparently issued a warning to all foreign firms, cautioning that the corruption charges against GlaxoSmithKline executives could cause “irreparable damage” to the drug maker’s Chinese operations.” She quoted from the state news agency Xinhua for the following, “GSK’s practices eroded its corporate integrity and could cause irreparable damage to the company in China and elsewhere. The case is a warning to other multinationals in China that ethics matter.”

In addition to these charges against a senior GSK executive, which could lead liability up to the GSK boardroom, Jonathan Russell, also writing in The Telegraph, in an article entitled “GlaxoSmithKline is facing more than double jeopardy”, said that “GlaxoSmithKline’s problems are multiplying fast. In China authorities have identified 46 individuals connected to the company they claim were involved in “massive and systemic bribery”. In the UK the Serious Fraud Office (SFO) marked out its pitch this week, revealing it has opened an official investigation into allegations of bribery; and an internal GSK probe is looking at potential wrongdoing in Jordan and Lebanon.” More ominously, he also noted that “Given the slew of allegations so far it seems a fair assumption that other international law enforcement agencies, notably the US Department of Justice, will be taking a long, close look at the allegations.”

While Russell points to the general UK prohibition against prosecutions, which might invoke double jeopardy, he says “As ever with the law there are exceptions to the principle. However they are limited in scope and rare in number. It may also be the case that the principle of double jeopardy may not be invoked in this case if the alleged offences the SFO is investigating are separate to those under investigation in China. They could relate to matters that took place in Jordan or Lebanon.” Russell also pointed out that “international prosecutors carving up parts of prosecutions so they can all have their pound of flesh. A very painful prospect for GSK.” It will also be interesting to see if GSK is charged under the UK Bribery Act, under the prior law or both. If charges are brought under the Bribery Act, which became effective on July 1, 2011, do you think GSK would try and raise a compliance defense based on the Six Principals of Adequate Procedures? I guess having a compliance defense is pretty useless if your company engages in bribery and corruption.

While Russell talks about the aggressiveness of US prosecutors under the Foreign Corrupt Practices Act (FCPA), he does not discuss what may be GSK’s greatest exposure in the US. GSK was under the equivalent of a Deferred Prosecution Agreement (DPA) called a Corporate Integrity Agreement (CIA) for its prior sins related to off-label marketing. This CIA not only applied to the specific pharmaceutical regulations that GSK violated but all of the GSK compliance obligations, including the FCPA. In addition to requiring a full and complete compliance program, the CIA specified that the company would have a Compliance Committee, inclusive of the Compliance Officer (CO) and other members of senior management necessary to meet the requirements of this CIA, whose job was to oversee full implementation of the CIA and all compliance functions at the company. These additional functions required Deputy Compliance Officers for each commercial business unit, Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified. Further, there was detail down to specifically state that all compliance obligations applied to “contractors, subcontractors, agents and other persons (including, but not limited to, third party vendors)”.

For the compliance practitioner, one clear message from the GSK matter is to monitor, audit and continuously review your Chinese operations. I will have more to say about the China corruption crackdown in an upcoming blog post but just like Eli Wallach as Calvera in The Magnificent Seven told the gunmen hired to protect the Mexican village, you have been warned.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 23, 2014

An Event That Changed the World and Fostering Compliance Leadership – Part II


IMG_1196Yesterday, I used the assassination of Archduke Ferdinand and its continuing legacy even up until today to introduce a two-part series about ‘Blue Ocean Leadership’. The assassination and some of its legacies were detailed in an article in the March 22 edition of the Financial Times (FT) in a piece by Simon Kuper entitled, ‘The crossroads of history”. In this article, Kuper wrote about his return to modern day Sarajevo “to try and understand his act in its local context – the context both of 1914 and 2104.” I think that Kuper did come to some understanding through his reporting, which I found to be first rate.

Yesterday I reviewed the Harvard Business Review (HBR) article entitled “Blue Ocean Leadership”, which I found to be one of the most interesting and perhaps even game-changing discussions on how to be a more effective leader that I have ever read or heard about. In Part I I wrote about what ‘Blue Ocean Leadership’ is and how it differs from conventional leadership. Today, I will review the strategies of how to execute this type of leadership and explore its implications for the Chief Compliance Officer (CCO) or compliance practitioner.

I was extraordinarily gratified to see that the authors believe that something akin to the Fair Process Doctrine should be used to address over-coming resistance to changing over to ‘Blue Ocean Leadership’. The Fair Process Doctrine recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. People are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at by processes and procedures that are perceived as fair by employees. This means that that employees will commit to a manager’s decision—even one they disagree with—if they believe that the process the manager used to make the decision was fair.

 The authors write “the gift that fair process confers is trust and, hence, voluntary cooperation, a quality vital to the leader-follower relationship. Anyone who has ever worked in an organization understands how important trust is. If you trust the process and the people you work for, you’re willing to go the extra mile and give your best. If you don’t trust them, you’ll stick to the letter of the law that binds your contract with the organization and devote your energy to protecting your position and fighting over turf rather than to winning customers and creating value. Not only will your abilities be wasted, but they will often work against your organization’s performance.”

 The authors have a somewhat different formulation for fair process when they say that it includes “engagement, explanation and expectation clarity.” Further, the authors say “the leadership development context, the application of fair process achieves buy-in and ownership of the to-be Leadership Profiles and builds trust, preparing the ground for implementation.” The authors suggest four steps for implementing ‘Blue Ocean Leadership’.

Step 1 - Respected senior managers should spearhead the effort. Nothing speaks to company employees more than who is leading an initiative. The authors state, “strongly signals the importance of the initiative, which makes people at all levels feel respected and gives senior managers a visceral sense of what actions are needed to create a step change in leadership performance.”

Step 2 - Engaging the company’s rank and file in defining what leaders should do. This is the engagement prong of the fair process doctrine. If there is engagement, employees will “feel more deeply engaged with their leaders, because they have greater ownership of what their leaders are doing.”

Step 3 - Giving employees a say in the final decision. This allows a vertical slice of the organization, from the top to bottom to have a say in what the leadership profiles will be going forward. This comes though give and take and if senior management does not accept a proffered leadership profile, it must be prepared to defend its decision, through a “clear, sound explanation of their decision.”

Step 4 – Ease in assessment of whether expectations are being met and in monitoring progress. The authors suggest no less than monthly feedback “between leaders and their direct reports help the organization check whether it’s making headway.” The authors write that such a timeframe, will “keep leaders honest, motivate them to continue with change, and build confidence in both the process and the sincerity of the leaders. By collecting feedback from those meetings, top management can assess how rapidly leaders are making the shift from their as-is to their to-be Leadership Profiles, which becomes a key input in annual performance evaluations.”

There are many tangible benefits that the authors article discuss and those discussions can lead directly to the elimination of actions that senior management invest their time in. Even if some actions and activities cannot be entirely eliminated, they can be reduced. Conversely, these types of discussions can show senior management what acts and activities should be raised above their current level. Finally, this type of leadership protocol can show leaders the types of activities they should be engaging in that they are not currently undertaking.

For the compliance practitioner I think there are several important lessons and implications, which can be drawn from this article. Rather than start with the CCO, I want to take the opposite approach and begin with the compliance practitioner who is on the frontline. The clearest lesson from this scholarship is to “serve your customers, not the boss.” This means should try to eliminate your queries up the chain and try to handle direct issues yourself and reduce seeking approval for decisions. Frontline compliance practitioners need to raise more relevant compliance training and information to the business units or geographic areas they support. Finally, the frontline compliance practitioners should celebrate compliance successes locally.

For the mid-level compliance manager, they strive for ‘more coaching and less control’ from senior management. This means elimination of frequent requests for detailed progress reports on initiatives and programs. Further, there should be a reduction of requirements and review of justifications for decisions from the frontline compliance practitioners. Mid-level compliance practitioners should strive to not only understand but also explain compliance strategy clearly and empower frontline compliance practitioners to stretch themselves through more effective coaching. Finally, mid-level compliance managers should work to set performance goals together, share best practices across teams, business units and geographic regions and align rewards with performance.

The key for senior level compliance practitioners is to move from the day-to-day work to the bigger picture of compliance. As much as possible, senior compliance managers need to stop operational problem solving and putting out fires. If senior compliance managers cannot fully eliminate such actions, they should try and reduce the number of meetings dealing with operations improvement but also try and reduce the monitoring and coordination of middle management. Issues that senior compliance managers should try and raise up in activities awareness include dealing with poor performance, coaching and motivating their direct reports, creating a compelling strategy and then clearly communicating that strategy. Finally, senior compliance managers should develop a compliance agenda for the future (think Stephen Martin’s 1-3-5 year strategy) and advance a process for implementation of continual assessment and improvement of that strategy.

The authors write, “We never cease to be amazed by the talent and energy we see in the organizations we study. Sadly, we are equally amazed by how much of it is squandered by poor leadership. Blue ocean leadership can help put an end to that.” They put forward “a concrete, visual framework in which they can surface and discuss the improvements leaders need to make. The fairness of the process makes the implementation and monitoring of those changes far easier than in traditional top-down approaches. Moreover, blue ocean leadership achieves a transformation with less time and effort, because leaders are not trying to alter who they are and break the habits of a lifetime. They are simply changing the tasks they carry out. Better yet, one of the strengths of blue ocean leadership is its scalability. You don’t have to wait for your company’s top leadership to launch this process. Whatever management level you belong to, you can awaken the sleeping potential of your people by taking them through the four steps.”

I found their article to be quite compelling. I hope that you will consider some or all of these suggestions as a way to set up you and your compliance team to become Blue Ocean Leaders and un-tap the potential of your entire compliance team.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

An Event That Changed the World and Fostering Compliance Leadership – Part I

Archduke Ferdinand AssassinationThis coming Saturday, June 28th, is the 100th anniversary of most probably the single most momentous event of the 20th century; the assassination of Archduke Ferdinand and his wife Sophie in Sarajevo, then located in the Austro-Hungarian Empire. I view it as the singular event of the prior century because it led directly to the following events: the First World War, the Second World War, the Russian Revolution, the fall of the Hapsburg, Romanov and Prussian monarchies, the Cold War and a host of other events. One can point to 1963 in Dallas and 9/11 as direct descendants of the actions of the Sarajevo assassins.

One of the best articles I have ever read on the assassination was in the March 22nd edition of the Financial Times (FT) in a piece by Simon Kuper, entitled ‘The crossroads of history”. Kuper returned to modern day Sarajevo “to try and understand his act in its local context – the context both of 1914 and 2104.” I think that Kuper did come to some understanding through his reporting, which I found to be first rate. The attack on the Archduke itself came about through a plethora of mis-steps, foolish decisions and idiotic mistakes that rival any modern day industrial catastrophe. Kuper quoted the author Rebecca West for the following, “Nobody worked to ensure the murder on either side as the people who were murdered.” As this assassination started Europe down a road that led to well over 20 million deaths, it is an appropriate start to many more posts I will have during the centenary of 1914.

Just as Gavrilo Princip changed the course of history, I recently read an article in the May edition of the Harvard Business Review (HBR) which I think could significantly modify how you, as a Chief Compliance Officer (CCO) or compliance practitioner, will think about getting employees to “apply their talent and energy to move organizations forward” in compliance and ethics. The article is entitled “Blue Ocean Leadership”. In this two-part series I will explain the authors view of the problem that “According to Gallup’s 2013 State of the American Workplace report, 50% of employees merely put their time in, while the remaining 20% act out their discontent in counterproductive ways, negatively influencing their coworkers, missing days on the job, and driving customers away through poor service. Gallup estimates that the 20% group alone costs the U.S. economy around half a trillion dollars each year.” The authors believe that “poor leadership is a key cause” of this problem. The authors posit that leadership is a “service that people in an organization “buy” or “don’t buy” and when employees come to value you as a leader, they “in effect buy your leadership.”

Today I will focus on how ‘Blue Ocean Leadership’ differs from conventional leadership and tomorrow I will review strategies of how to execute this type of leadership and explore its implications for the CCO or compliance practitioner.

Key Differences from Conventional Leadership Approaches

The authors point to three key differences between ‘Blue Ocean Leadership’ and traditional leadership approaches.

The first key difference is that ‘Blue Ocean Leadership’ “focuses on what acts and activities leaders need to undertake to boost their teams’ motivation and business results, not on who leaders need to be. This difference in emphasis is important. It is markedly easier to change people’s acts and activities than their values, qualities, and behavioral traits. Of course, altering a leader’s activities is not a complete solution, and having the right values, qualities, and behavioral traits matters. But activities are something that any individual can change, given the right feedback and guidance.”

The second under ‘Blue Ocean Leadership’ is to “connect closely to market realities”. This is accomplished by having “the people who face market realities are asked for their direct input on how their leaders hold them back and what those leaders could do to help them best serve customers and other key stakeholders. And when people are engaged in defining the leadership practices that will enable them to thrive, and those practices are connected to the market realities against which they need to perform, they’re highly motivated to create the best possible profile for leaders and to make the new solutions work.” This allows not only employee buy-in both also quicker and more efficient engagement of the implementation of a leaders program.

The third key difference is that ‘Blue Ocean Leadership’ distributes leadership across all levels of management. The authors quoted one senior executive who said, “The truth is that we, the top management, are not in the field to fully appreciate the middle and frontline actions. We need effective leaders at every level to maximize corporate performance.” However ‘Blue Ocean Leadership’ is more robustly “designed to be applied across the three distinct management levels: top, middle, and frontline. It calls for profiles for leaders that are tailored to the very different tasks, degrees of power, and environments you find at each level. Extending leadership capabilities deep into the front line unleashes the latent talent and drive of a critical mass of employees, and creating strong distributed leadership significantly enhances performance across the organization.”

The Four Steps of Blue Ocean Leadership

Most importantly the authors believe that you have to see your leadership for what it is and not what you wish it to be. If you do not have a “common understanding of where leadership stands and is falling short, a forceful case for change cannot be made.” The authors created a template that they called “Leadership Canvases” which are visual representations to show what leaders actually do, rather than what they think they do. The authors’ research showed that 20% to 40% of all actions taken by managers are of little value to the organization. This led to the “biggest “aha” for the subteams was that senior managers appeared to have scarcely any time to do the real job of top management—thinking, probing, identifying opportunities on the horizon, and gearing up the organization to capitalize on them.”

Based upon this initial finding, the authors began to explore alternative leadership profiles. Here you are required “to think beyond the bounds of the company and focus on effective leadership acts they’ve observed outside the organization, in particular those that could have a strong impact if adopted by internal leaders at their level. Here fresh ideas emerge about what leaders could be doing but aren’t. This is not, however, about benchmarking against corporate icons; employees’ personal experiences are more likely to produce insights. Most of us have come across people in our lives who have had a disproportionately positive influence on us. It might be a sports coach, a schoolteacher, a scoutmaster, a grandparent, or a former boss. Whoever those role models are, it’s important to get interviewees to detail which acts and activities they believe would add real value for them if undertaken by their current leaders.”

The next step begins to take what I call some real corporate courage. It requires that middle and frontline managers critique what senior management has come up with in step 2, developing alternative leadership profiles. Some of the more interesting changes were ‘Cut through the Crap’ in which “frontline leaders did not defer the vast majority of customer queries to middle management and spent less time jumping through procedural hoops. Their time was directed to training frontline personnel to deliver on company promises on the spot” and to resolve problems. Another was ‘Liberate, Coach and Empower’ where leaders “time and attention shifted from controlling to supporting employees.” Finally, there was ‘Delegate and Chart the Company’s Future’ where the front and middle line managers had more responsibility so “senior managers would be freed up to devote a significant portion of their time to thinking about the big picture—the changes in the industry and their implications for strategy and the organization. They would spend less time putting out fires.”

Blue Ocean Leadership’ challenges companies to allow its employees to “think about which acts and activities leaders should do less of because they hold people back, and which activities they should do more of because they inspire people to give their all.” Just as you begin to think through the changes wrought by one action in a small town, very long ago, which changed the 20th Century forever, you may wish to use these concepts to think about how your leadership can be made more effective.

In tomorrow’s post I will look at how the authors believe you can execute a ‘Blue Ocean Leadership’ change in your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 20, 2014

The Oath of the Tennis Court and How to Document, Document, and Document

Filed under: Best Practices,Document Document Document,FCPA — tfoxlaw @ 12:01 am

Oath of the Tennis CourtI have an undergraduate degree in European History, French Revolution to the Present, which was then 1978. Perhaps not the most marketable of college degrees but for a lover of history it was a ton of fun. One of my favorite study subjects was the French Revolution, particularly the phase from 1789-1792; the period of almost Constitutional Monarchy, before the King was executed and the Terror set in. While this part of the Revolution failed, it does not mean that was not a noble effort by the French people, who had been inspired in large part by the success of our American Revolution.

In the spring of 1789, King Louis XVI, called the Estates-General into session. It was a national assembly that represented the three “estates” of the French people – the nobles, the clergy, and the commons. The Estates-General had not been assembled since 1614, and its deputies drew up long lists of grievances and called for sweeping political and social reforms.

The Third Estate, which had the most representatives, declared itself the National Assembly and took an oath to force a new constitution on the king. Initially seeming to yield, Louis legalized the National Assembly under the Third Estate but then surrounded Versailles with troops and dismissed Jacques Necker, a popular minister of state who had supported reforms. In response, Parisians mobilized and on July 14 stormed the Bastille, a state prison where they believed ammunition was stored, and the French Revolution began. On this date in 1789, one of the most dramatic events occurred; The Oath of the Tennis Court, where the deputies of the Third Estate, which represent commoners and the lower clergy, met on the Jeu de Paume, an indoor tennis court, in defiance of King Louis XVI’s order to disperse. In these modest surroundings, they took a historic oath not to disband until a new French constitution had been adopted.

The Oath of the Tennis Court was recorded for each member who took part. In other words, there was full documentation of who took the oath and the substance of the oath taken. It was a very good example of what I continue to hammer as the three most important things in Foreign Corrupt Practices Act (FCPA) compliance, that being Document, Document, and Document. However, many people ask what that means more than simply writing something down.

I am currently attending the UL EduNeering Leadership Forum and there are several compliance representatives from the pharmaceutical industry in attendance. One thing I have learned is that the pharmaceutical industry has a definition of Good Documentation Practice (GDP), which describes standards by which documentation is created and maintained in the industry. Although the US Food and Drug Administration (FDA) sets some GDP standards, others fall under the Current Good Manufacturing Practice (cGMP). Finally, all pharmaceutical, bioscience and healthcare companies, as well as their vendor partners, must observe GDP or face warnings or penalties levied by the FDA.

In an article by Barry Peters and Heather D. Ferrence, entitled “Importance of Implementing Good Documentation Practices”, they note that the World Health Organization (WHO) says the some of the purposes of GDP include:

  • To define the specifications and procedures for all materials and methods of manufacture and control.
  • To ensure that all personnel concerned with manufacturing know what to do and when to do it.
  • To ensure that authorized persons have all the information necessary to decide whether or not to release a batch of a drug for sale.
  • To ensure the existence of documented evidence, traceability and to provide records and an audit trail that will permit investigation.
  • To ensure the availability of the data needed for validation, review and statistical analysis.

Moreover, “an essential part of all aspects related to Good Manufacturing Practices (GMP), adhering to GDP helps prevent errors within various processes, such as product quality and safety, state of manufacturing facilities and other related activities, and ensures that each company is following strict standard operating procedures (SOPs). In a regulated industry, such as pharmaceuticals, quality cannot be assured without accurate documents and GDP.” Finally, it is to be noted that “it is imperative that all documentation is concise, legible, accurate and traceable.”

Adapting the authors’ suggestions specific to the pharmaceutical industry, I submit the following for your consideration in your Document, Document, and Document practices in FCPA compliance:

  • Lack of proper record keeping when documents are transferred from one department to another.
  • Critical oversight regarding document issue, data collection and document review.
  • Consistent labeling that includes identification codes and any document revision codes.
  • Ensuring proper security and storage of documents during review process.
  • Proper and consistent identification of all documents through all processes.
  • Ensuring that all those whose signatures appear on the documents understand why they signed the documents as well as any and all responsibilities associated with the signing of the documents.

To the above list I would add some additional suggestions:

Document maintenance

  • Regularly reviewed and kept current
  • Retained and available for appropriate duration
  • Electronic document management systems are validated
  • Electronic records are backed up

Document modification

  • Handwritten modifications are signed and dated
  • Altered text is not obscured (e.g., no correction fluid)
  • Where appropriate, the reason for alteration must be noted
  • Controls exist to prevent the inadvertent use of superseded documents
  • Electronic versions can only be modified by authorized personnel
  • Access to electronic versions must be controlled by password or other means
  • A history (audit trail) must be maintained of changes and deletions to electronic versions
  • Supporting documents can be added to the original document as an attachment for clarification or recording data. Attachments should be referenced at least once within the original document. Ideally, each page of the attachment is clearly identified (i.e. labeled as “Attachment X”, “Page X of X”, signed and dated by person who attached it, etc.)

Setting and following good document practices is an essential aspect of compliance with federal regulations, such as the FDA, who governs large aspects of the pharmaceutical industry, and other federal laws such as the FCPA. So in addition to documenting your actions, you should also follow a written protocol for document maintenance and subsequent modifications.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 16, 2014

Watergate is Not Just a Hotel – Corporate Suitors for Alstom

Watergate ComplexToday is the anniversary of an event that can truly be said to have changed the world; although certainly not in the manner intended by its planners, sponsors or participants. Today is the anniversary of the 1972 Watergate Break-In. How much of the world has changed because of this event? We certainly would not have had Jimmy Carter as the US President and most probably would not have had the Foreign Corrupt Practices Act (FCPA) passed into law during his administration. Would Ronald Reagan have become President four years earlier in 1976 rather than 1980? Who knows, but, if yes, would the Soviet Union have collapsed sooner under the weight of his military buildup? What about the fall of the Shah and the taking of the US hostages, think Reagan would have had a more ‘robust’ response than Carter? All tantalizing questions for those interested in the great What Ifs of history.

Over the weekend, I read that the long shuttered Watergate complex is scheduled to be torn down to make way for a more modern office edifice in its most desirable of Washington DC locations. This reminded me of one of my favorite Watergate era slogans “And Watergate was not just a hotel!” Indeed it was not just a building, rather an entire mindset of a presidency that went seriously off the rails.

Interestingly I found a parallel to this slogan when reading about the overtures by General Electric (GE), then Siemens and also Mitsubishi Heavy Industries to purchase some or all of the French company Alstom. These offers are in spite of Alstom’s very public current anti-corruption issues, in several countries. Mike Volkov, in a blog post entitled “Alstom: The Next Poster Child for Anti-Corruption Enforcement”, said “In our FCPA world, we have a new poster child for blundering – Alstom. The handwriting is on the wall – as time goes on, the Justice Department is building a bigger and bigger FCPA case against Alstom. One of my favorite Dylan lyrics applies with full force – “You don’t need a weatherman to know which way the wind blows.” Further, “Clearly we have a case where the client company just does not understand what is going on, nor does senior leadership have the ability or desire to respond and fix the problems. Instead, Alstom’s failure to act and respond reflects the lack of any ethical culture. That in a nutshell is probably 90 percent of the reason that a culture of bribery took over the company.” Pretty strong stuff.

Four senior executives have been charged for FCPA violations around one project. The FCPA Professor reported, “The conduct at issue concerned the Tarahan coal-fired steam power plant project in Indonesia.” All were charged around the same set of facts. They are alleged to have paid bribes to officials in Indonesia, including a member of Indonesian Parliament and high-ranking members of Perusahaan Listrik Negara (PLN), the state-owned and state-controlled electricity company, in exchange for those officials’ assistance in securing a contract for the company to provide power-related services for the citizens of Indonesia, known as the Tarahan project.” Two of the four Alstom executives have pled guilty to FCPA violations.

Over the weekend, the Financial Times (FT) reported, in an article by Caroline Binham, entitled “UK prosecutors press on with Alstom probe”, that the Serious Fraud Office (SFO) has been given permission by the UK attorney-general to prosecute both the company and former employees for allegations of overseas bribery. The SFO “has also notified seven individuals but is considering whether to prosecute them after they were interviewed with the assistance of French authorities, people familiar with the investigation told the Financial Times…Among those who received letters from the SFO are the company’s former senior vice-president of ethics and compliance, Jean-Daniel Lainé, and three Britons who formerly held senior management positions: Graham Hall, Robert Hallett and Nicholas Reynolds.” All of the individuals identified in the FT article do not appear to have been a part of the Indonesia power project, which appears to form the basis of the FCPA charges here in the US.

So why such high level suitors for a company of which Volkov has opined, “It is an important reminder of how bad a company’s culture can become and the consequences of embracing a culture of lawlessness versus a culture of ethics and integrity.” What about all that ‘Springing Liability’ for which both Siemens and GE might be liable for if they are successful in purchasing some or all of Alstom that the US Chamber of Commerce and others rail about? I think that the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) answered these questions in the FCPA Guidance when they stated, “companies that conduct effective FCPA due diligence on their acquisition targets are able to evaluate more accurately each target’s value and negotiate for the costs of the bribery to be borne by the target. In addition, such actions demonstrate to DOJ and SEC a company’s commitment to compliance and are taken into account when evaluating any potential enforcement action.” But pre-acquisition work is only one part of the equation, as the FCPA Guidance goes on to state, “FCPA due diligence, however, is normally only a portion of the compliance process for mergers and acquisitions. DOJ and SEC evaluate whether the acquiring company promptly incorporated the acquired company into all of its internal controls, including its compliance program.Companies should consider training new employees, reevaluating third parties under company standards, and, where appropriate, conducting audits on new business units.”

One thing that GE and Siemens have in common are world-class compliance programs. Siemens was the subject of the highest FCPA fine ever at $800MM back in 2008. Since that time, it has successfully concluded a robust monitorship under the terms of its Deferred Prosecution Agreement (DPA). Siemens compliance representatives regularly speak at compliance related events and discuss not only the company’s commitment to anti-corruption compliance but they also detail how compliance is done at Siemens. GE is well known for having its compliance folks regularly speak at conferences about the details of its compliance regime. In other words, both companies’ have very public robust compliance regimes in place and most probably follow, at a minimum, the parameters set out in the FCPA Guidance.

Just as “And Watergate is not just a hotel!”; Springing Liability is not a warranted fear under the FCPA. The FCPA Guidance makes clear the steps a company should engage in under the FCPA to avoid liability in a mergers and acquisition (M&A) context. The steps are not only relatively straightforward; they are good business steps to take. If you do not know what you are looking to acquire, it is certainly hard to evaluate it properly and then to integrate it efficiently.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. 

© Thomas R. Fox, 2014

The Magna Carta and Scrutiny of Your Compliance Program

Magna CartaYesterday, June 15 was Father’s Day so for all us fathers out there, it was our day and I hope that you enjoyed and cherished it. It was also the anniversary of what I believe was one of the greatest achievements in Anglo jurisprudence, the signing of the Magna Carta, by King John and the Barons who opposed his tyranny. In 1215, the barons rose up in rebellion against the King’s abuse of feudal law and custom. The legal document drafted up for King John, required him to make specific guarantees of the rights and privileges of his barons and the freedom of the church.

On June 15, 1215, King John met the Barons at Runnymede on the Thames and set his seal to the Articles of the Barons, which after minor revision was formally issued as the Magna Carta. I have visited the field at Runnymeade where the Magna Carta was signed. Next year will be the 1100th anniversary of the signing of this document. For me, the Magna Carta is symbol of the sovereignty of the rule of law over the King. Its grant was of fundamental importance to the constitutional development of England and to the rest of the common law world such as the United States.

I thought about how King John was forced to sign the Magna Carta, clearly against his will, when I read an article in the May issue of the Harvard Business Review (HBR), entitled “How to Outsmart Activist Investors”, by Bill George and Jay W. Lorsch. While the article focuses on steps a company can take before an activist shareholder buys into a company and demands changes, I thought the process of preparation that the authors listed as something that a Chief Compliance Officer (CCO) should consider in his or her company’s compliance program.

The authors lay out the problem faced by company’s as follows, “Their game is simple: They buy stocks they view as undervalued and pressure management to do things they believe will raise the value, such as giving more cash back to shareholders or shedding divisions that they think are driving down the stock price. With increasing frequency they get deeply involved in governance—demanding board seats, replacing CEOs, and advocating specific business strategies.” They proposed a six-step process that allows a company to be ready for such an attack. However, I saw these six-steps as delineations a CCO could institute which would prepare a compliance program for a wide range of reviews, including audits, reviews by government regulators, queries by Board members or other high ranking company officials who may want to know more about a compliance program on a quick basis. So I have adapted the authors’ six steps to advise the CCO on how to be ready for such an event or perhaps a myriad of others.

Have a Clear Strategic Focus and Stick to It

In their article, the authors pointed to PepsiCo’s move to it’s “Performance with Purpose, a strategy targeting three growth areas: (1) “good for you” products, including Quaker Oats and Gatorade; (2) product innovations; and (3) emerging markets. Part of the idea was to fund the substantial investments—including acquisitions—required to build these categories with the cash flow from PepsiCo’s core business. PepsiCo did precisely that, acquiring a number of food and beverage companies in emerging economies such as Brazil, India, Russia, and Ukraine.” For the compliance practitioner, I think it means you need to stick to your guns and move your program forward. It does not mean that you will not hit road bumps along the way but if you have something like Stephen Martin’s suggestion for a 1 – 3 – 5 year program in writing and are following it, you can reject calls for major mid-course changes. 

Analyze Your Business as an Activist Would

In their article, the authors said, “CEOs need to ensure that their boards understand the tactics of activist investors and have a game plan for responding. That means analyzing both how the activists might try to increase short-term shareholder value—through spin-offs and divestitures or financial engineering such as stock buybacks and increased debt—and the company’s possible vulnerabilities in strategy and capital structure. Specific examples from other companies can help.” For the compliance practitioner, I believe this means you need to keep abreast of the most current information available on the Foreign Corrupt Practices Act (FCPA) or other types of anti-corruption compliance. While the 2012 FCPA Guidance still provides some of the best articulation of what the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) believe constitute an effective compliance program, you should still monitor enforcement actions and other information. So if your company is in the tech space, the March HP enforcement action is something you should review to determine if any of HP’s compliance failures might have implications for your company.

Have Your External Advisers Lined Up in Advance and Familiar with Your Company

The authors believe that to fight such proxy challenges “both management and the board must have external advisers whose guidance they can rely on.” However, for the compliance practitioner, it means that you have taken steps to assess and verify the efficacy of your compliance program. Certainly you can benchmark your program against others in your industry but also having third parties assess, benchmark and verify your compliance program can be an excellent way to show where your program stands if someone comes looking at it.

Build Board Chemistry

Obviously when fighting an activist investor, Board cohesion is paramount. The authors note, “Activist investors are often out to divide a target company’s board. To address the issues they raise in an objective and constructive manner, directors need the unity that comes from years of building board chemistry. That chemistry is enhanced through repeated engagement on important issues, weathering crises together, and candid dialogue with the CEO. The latter requires a high degree of transparency from the CEO and a willingness to share even the most sensitive information involved in decision making. To cope with an activist’s challenges, directors must be fully committed to the company and its long-term objectives.” But the same is true for a CCO. Having Board support is imperative to any long-term success for a compliance program. It is up to you to develop the relationships and provide timely information so that there are no surprises, or as few surprises as possible, in the area of compliance.

Perform in the Short Run Against Declared Goals

Just as “the best defense against an activist investor is consistent performance that realizes the company’s stated goals; anything else makes the company vulnerable”, I believe that a compliance program should also measure itself against stated goals. The FCPA Guidance makes clear that a compliance program begins with a risk assessment. The reason is not only to use the risk assessment to determine where your compliance program might stand but also to create a road map for future enhancements. It is also important to set realistic expectations. Overly ambitious compliance goals, which ultimately fall short can trip up a CCO and make a program vulnerable to criticisms.

Don’t Dismiss Activist Ideas Out of Hand

The authors note “Most activist investors are smart, motivated people who often notice things that boards and managers overlook. It is generally worth listening to their recommendations and implementing the ones that make sense.” For the CCO or compliance practitioner, I have long advocated listening to the business units to help see what works and what does not work. This does not mean a compliance program can only be followed when feasible, but it may require compliance program flexibility to allow it to not only measure and assess risk but to adequately manage compliance risk.

Doing What’s Best for All Your Shareholders

The authors believe “One of a board’s most important roles is to ensure that the company stays true to the mission and values that have made it successful. In recent years several activist fund managers with no industry experience have come to corporations with proposals for radical, unproven course changes. Sometimes major changes are needed, but companies that allow outside activists to implement them without full and careful consideration risk losing the commitment and engagement of their employees and customers.” Similarly, a CCO or compliance professional needs “to work to ensure the long-term viability of the company’s [compliance] mission and strategy.”

Whether you are a lawyer or not, I believe that the Magna Carta is one of the most significant legal documents in the history of Anglo jurisprudence. Even if King John signed it at the point of a knife to his throat, or not, it became one of the foundation documents for English and, later, American law. But another lesson one may draw from it was that King John was not prepared when his Barons revolted against him. The HBR article provides a clear path for the compliance practitioner to follow to prepare for excess, outside, unwanted or other scrutiny.

===============================================================================================================================================================================================================================================

M&AM&A UNDER THE FCPA

If you are interested in learning about mergers and acquisitions under the FCPA I am involved in to upcoming events designed to give you the most up-to-date advice on this area of compliance. Both events are sponsored by The Network. The first event is a webinar entitled appropriately enough, “Mergers and Acquisitions Under the FCPA” and is scheduled for  Tuesday, June 17th, 2014 TIME: 2:00 pm EDT. For registration and additional information click here. On Tuesday, June 24th the always popular Tom Fox/Stephen Martin roadshow travels to Denver where I will speak live on Merger and Acquisitions Under the FCPA and Stephen will talk about risk assessments under the FCPA. For information on the Denver event, click here

WORLD CUP REVIEW

World Cup 2014I am putting on a four part podcast series on the World Cup, detailing issues of bribery and corruption, together with an ongoing discussion of Team USA and this year’s tournament. I am joined by Mike Brown, the Managing Director of Infortal. You can check out Part I by clicking here of the series where we discuss bribery of referees in the lead up to the 2010 World Cup held in South Africa and FIFA’s response. Mike and I then review Team USA and it’s draw in Group G-the Group of Death. I hope that you will check out this series and enjoy it as much as Mike and I enjoy recording the episodes. Also remember, my podcast, the FCPA Compliance and Ethics Report is available for download at no charge on iTunes so you can listen to Part I on your commute to work. So sign up for the podcast from WordPress or iTunes and enjoy our series.

==============================================================================================================================================================================================================================================

 

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2014

June 11, 2014

Semper Fi and Compliance-Leadership Lessons from the Marines

Marines as Devil DogsEver wonder where the US Marine Corp got its nickname of ‘hellhounds’? It came courtesy of the Imperial Germany Army from a battle that took place in the month of June 1918, the Battle of Belleau Wood. According to the Battle’s entry in Wikipedia, the Marines forces marched 10K to reach a site where the German Army had broken through against the French Army. After arriving on the site and turning back the German advance, the Marines were repeatedly urged to turn back by retreating French forces, Marine Captain Lloyd W. Williams of the 2nd Battalion, 5th Marines, uttered the now-famous retort Retreat? Hell, we just got here.” 

After the battle, the French renamed the wood “Bois de la Brigade de Marine” (“Wood of the Marine Brigade”) in honor of the Marines’ tenacity. The French government also later awarded the 4th Brigade the Croix de guerre. An official German report classified the Marines as “vigorous, self-confident, and remarkable marksmen…” General Pershing – Commander of the American Expeditionary Force – even said, “The deadliest weapon in the world is a Marine and his rifle!” Pershing also said “the Battle of Belleau Wood was for the U.S. the biggest battle since Appomattox and the most considerable engagement American troops had ever had with a foreign enemy.” But it was the Germans who gave the Marine Corp its most lasting moniker, when the called them ‘the dogs from hell.’ Tribute indeed.

I thought about this tribute to the Marine Corp when I recently read an article in the Corner Office section of the New York Times (NYT), entitled “Leading By Putting Your Followers First”, by Adam Bryant. In this article, he profiled Don Knauss, the Chief Executive Officer (CEO) of Clorox Company. Knauss joined the Marine Corp after college and this experience gave him some valuable leadership lessons that Bryant detailed in his article. One of the things that influenced Knauss’ philosophy on leadership was the Marine Corp process of thinking through an issue. Bryant wrote, “I learned in the Marine Corps that I really liked strategy. Every operation in the military is based on a five-paragraph order, and the acronym is Smeac — situation, mission, execution, administration and communication. It’s a very logical flow.”

Another key leadership lesson is defined by the age-old acronym KISS or Keep it simple, sir. Bryant wrote that Knauss said, “how are you going to focus the organization? And it had better be simple, and it probably should not be more than three things. You’ve got to communicate it about 100 times and align your incentive structure to it. It’s about distilling the complex to the simple, and I’ve seen leaders fail because they do the reverse, by trying to make things into some intellectual exercise. Whatever business you’re in, there are fundamentals, just like blocking and tackling in football. It always comes back to the fundamentals. You cannot let yourself get bored with the fundamentals.”

But more than simply communicating something about 100 times to get your message across, Knauss believes that you have to make sure that people believe that you care about them. That is certainly something a compliance practitioner needs to take to heart. Knauss reflected, “it’s all about your people. If you’re going to engage the best and the brightest and retain them, they’d better think that you care more about them than you care about yourself. They’re not about making you look good. You’re about making them successful. If you really believe that and act on that, it gains you credibility and trust. You can run an organization based on fear for a short time. But trust is a much more powerful, long-term and sustainable way to drive an organization.”

Knauss had some interesting insights relating to how he evaluates potential hires that I think makes a lot of sense for the compliance professional to consider.

  1. Passion – Knauss looks for energy and considers whether the person will have an impact on the business.
  2. Smarts – Can the candidate think analytically, creatively and strategically?
  3. Develop others – Is there any pattern in the person’s career that shows they can develop people or put inversely, did people move up through an organization because they were mentored by this person?
  4. Communication skills – Knauss considers if he can imagine this person on a stage, inspiring a large group? He also assesses whether the candidate has an easy, informal manner to conversely test if they are too formal and too focused on hierarchy, as Knauss believes formality and rigidity do not work.
  5. Use of power v. use of authority – Here Knauss believes “it is much more powerful to use authority than power. One of the things I’ve learned is that as you move up in an organization, you’re given more power. The less you use the power you’ve been given, the more authority people give you, because they think: “You know what? This guy’s O.K.” Persuading people to do things – come along with me because we’re going in the right direction – is much more powerful over time.”
  6. Values – Knauss said that the final thing he tries to evaluate is the values of a candidate. He considers that it is important that they are honest and will tell the truth. Moreover, “do they also stand up for what they think is right in the company? It starts with integrity, which is really the grease of commerce. You get things done much more quickly when people trust you.”

However, I found one of the most important lessons that Knauss intoned was about how a leader should treat people. He told the story about how he joined a group of Marines who had been in the field for several weeks and had been eating C-rations. When Knauss met them, they were having their first hot meal since going into the field. Knauss related, “I had been up since 5 in the morning, and I was pretty hungry. I started walking over to get in front of the line, and this gunnery sergeant grabbed my shoulder and turned me around. He said: “Lieutenant, in the field the men always eat first. You can have some if there’s any left.” I said, “O.K., I get it.” That was the whole Marine Corps approach – it’s all about your people; it’s not about you. And if you’re going to lead these people, you’d better demonstrate that you care more about them than you care about yourself. I’ve never forgotten that, and that shaped my whole approach to leadership from then on.”

That final lesson is the most important one for any compliance practitioner. Your gold-plated written compliance program is only as strong as the people you have in your company. If you can demonstrate, and lead in compliance, by showing your fellow company employees that you are there to assist them but you will also go the extra mile to make them understand you care about them, you will get much more out of them at the end of the day.

===============================================================================================================================================================================================================================================


M&AIf you are interested in learning about mergers and acquisitions under the FCPA I am involved in to upcoming events designed to give you the most up-to-date advice on this area of compliance. Both events are sponsored by The Network. The first event is a webinar entitled appropriately enough, “Mergers and Acquisitions Under the FCPA” and is scheduled for  Tuesday, June 17th, 2014 TIME: 2:00 pm EDT. For registration and additional information click here. On Tuesday, June 24th the always popular Tom Fox/Stephen Martin roadshow returns to Denver where I will speak live on Merger and Acquisitions Under the FCPA and Stephen will talk about risk assessments under the FCPA. For information on the Denver event, click here

 

 

 

World Cup 2014

I am putting on a four part podcast series on the World Cup, detailing issues of bribery and corruption, together with an ongoing discussion of Team USA and this year’s tournament. I am joined by Mike Brown, the Managing Director of Infortal. You can check out Part I by clicking here of the series where we discuss bribery of referees in the lead up to the 2010 World Cup held in South Africa and FIFA’s response. Mike and I then review Team USA and it’s draw in Group g-the Group of Death. I hope that you will check out this series and enjoy it as much as Mike and I enjoy recording the episodes. Also remember, my podcast, the FCPA Compliance and Ethics Report is available for download at no charge on iTunes so you can listen to Part I on your commute to work. So sign up for the podcast from WordPress or iTunes and enjoy our series.

===============================================================================================================================================================================================================================================

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. 

© Thomas R. Fox, 2014

 

 

 

 

Private-to-Private – How Business is Driving FCPA Compliance

Ben HoganToday we celebrate greatness. On this day in 1950, Texan Ben Hogan fully returned to the world of professional golf by winning the US Open, just 16 months after sustaining near fatal injuries in a car crash. His injuries were indeed horrific. Hogan suffered a broken collarbone, ankle, ribs and a double fracture to his pelvis. While in the hospital, a blood clot appeared in his leg, forcing doctors to tie off the surrounding veins to keep the clot from reaching his heart. Hogan’s legs atrophied, and doctors worried he would never walk again, let alone play golf at a professional level. Yet Hogan was able to walk 36 holes on the final day of regulation play and win the tournament the next day in an 18-hole playoff. Hogan is one of two golfers to win three of golf’s major championships in one year, won after his 1949 automobile accident.

A few weeks ago I wrote and put out a podcast about how the Houston energy community had developed a business solution to Foreign Corrupt Practices Act (FCPA) compliance. In the energy industry, the exploration and production companies (E&P) are usually thought of as existing at the top of the food chain (i.e. Mega-Big). Below them are the service companies, which actually do the work of exploration (i.e. Very-Big). The next level down are companies who work with the service companies, from the multi-billion chemical production firm down to the $15MM company which has a piece of software which does something useful. All of these companies down the chain are required to have a compliance program.

In practice it works something like this. A service company needs a product or service. As part of the regular contracting process, the service company will inquire into the contractor’s compliance function and policy. If the contractor provides a service which deals with a foreign government in any way or has foreign government touch points, the service company may well come and audit the contractor’s compliance program prior to executing the contract. Thereafter the contractor is subject to being audited for not only the execution of the contract but also the continued maintenance of its compliance program. All of this is done for business reasons. It is a business response to a legal issue, that being compliance with the FCPA.

Last week I received a copy of a paper by Scott Killingsworth, one of the true great practitioners in the field of compliance. Last year, he was listed by Ethisphere as one of its “Attorneys Who Matter” in ethics and compliance. His 2013 paper, “article, “Modeling the Message: Communicating Compliance through Organizational Values and Culture”” received a 2013 Burton Award for Distinguished Legal Writing. Killingsworth’s latest article is entitled “The Privatization of Compliance” and in it he sets out the legal and theoretical underpinnings for what I call the business solution to FCPA compliance. In his introduction he stated, “Embodied in contract clauses and codes of conduct for business partners, these obligations often go beyond mere compliance with law and address the methods by which compliance is assured. They create new compliance obligations and enforcement mechanisms and touch upon the structure, design, priorities, functions and administration of corporate ethics and compliance programs. And these obligations are contagious: increasingly accountable not only for their own compliance but also that of their supply chains, companies must seek corresponding contractual assurances upstream. Compliance is becoming privatized, and privatization is going viral.” And he calls this “private-to-private or P2P compliance.”

Killingsworth says this is a change from a “vertical, state-imposed” mandate to “an integral adoption of best practices both as a cultural norm and critically, as a path to profit”. [Italics mine] He notes that when such obligations come from a business partner, “This message has the potential to re-orient some attitudes and remove some ethical blinders. As more businesses are forced by their counterparties to examine their compliance processes and routinely accept business and legal consequences for them, we can expect increases in overall investment in compliance, in the scope and robustness of the average compliance program, and in ambient awareness of compliance issues outside the compliance, audit, and legal staffs. The viral nature of the process, in which each participant can exert pressure on a large number of direct and indirect upstream or downstream parties, while simultaneously fielding demands from other members of its value chain, suggests that the trend will continue and its influence will grow.”

Specifically in the area of anti-bribery/anti-corruption compliance programs, he writes “The debates about best practices are settled, save for skirmishes over when they can be practically applied.” Such best practices can be seen in the area of third-party due diligence and anti-bribery provisions, which are written into contracts with “domino-style flow-down requirements.” These obligations can arise through directly incorporating anti-corruption compliance obligations or by reference to one party’s compliance regime, or both. Such contractual provisions can cover a variety of issues, such as “ethical rules governing relationship issues such as conflicts of interest and gifts and entertainment; requirements to obey specific laws of concern and laws generally; and procedural rules such as the right to audit the partner’s records or train its personnel. Process and structural rules may be imposed on the partner’s compliance activities, such as requirements to establish management accountability, develop appropriate policies and procedures, maintain an anonymous reporting system and an anti-retaliation policy, train employees, conduct periodic audits, risk assessments and remediation, and of course, sometimes to cascade these program elements to downstream associates.”

Killingsworth details several areas that compliance professionals and contract lawyers should look for when confronted with P2P clauses and he does warn that some negotiators “will always be zero-sum business partners whose prime goal is risk transfer and who will do everything within their power to achieve it through contracts and P2P Codes.” However, he ends his paper with an upbeat note that he believes P2P codes and contract clauses can further the goals of greater compliance with anti-corruption laws.

I found his paper to be a ‘must read’ for anyone in the compliance field. He lays out a theoretical framework, coupled with some of the practical issues which need to be addressed moving forward for what I believe is a business solution to a legal problem. Kudos to Killingsworth for his continued contributions to the field of compliance and ethics where he is truly one of the greats.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2014

June 9, 2014

GSK Faces a Bad Day at Black Rock

Bad Day at Black RockOne of my favorite movies is Bad Day at Black Rock. It is one of the few movies to combine elements of film noir into something approaching a traditional Western. It also attacks directly the prejudice and hate against Japanese-Americans in the immediate aftermath of Pearl Harbor. I thought about that eponymous title when I read a recent article in the Financial Times (FT), entitled “GSK salesmen want ‘bribes’ reimbursed”, by reporters Patti Waldmeir and Andrew Ward.

You know it is going to be a bad day when your employees line up to testify against your company in an ongoing investigation for bribery and corruption. But those rainy day sighs can go up to the Bad Day at Black Rock level when these same employees publicly announce that the company they work for owes them for the creation of fraudulent invoices used by a business unit to fund bribery and corruption which violates not only the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act but also domestic Chinese anti-corruption laws. This happened to the UK pharmaceutical giant GlaxoSmithKline PLC (GSK) last month when it was announced that certain current employees in its China operation were petitioning the company to reimburse them for bribes they were ordered to pay by their superiors.

In their article, Waldmeir and Ward wrote “the UK pharmaceutical company at the centre of a Chinese corruption scandal, is facing protests from junior employees who say the company is refusing to reimburse them for bribes they were ordered to pay by their superiors.” While my initial thought was that these Chinese employees had quite a bit of ‘cheek’ in raising this claim, the more I read into the story, the more I think it may portend serious problems for GSK in any attempt to defend the company going forward. Waldmeir and Ward reported “some Chinese sales staff are complaining that GSK has denied bonuses, threatened dismissal or refused to reimburse them for bribes they say were sanctioned by their superiors to boost the company’s drug sales. In some cases, managers instructed them to purchase fake receipts that were used to cover up bribes paid in cash or gifts to doctors and hospitals, according to salesmen interviewed by the Financial Times.”

The article went on to highlight just how some of these fake invoices, used to gain funds from the corporate headquarters to facilitate bribery and corruption, were generated. “In some instances, managers disguised their involvement by using their personal email address to instruct staff to pay bribes and by ordering junior staff to claim on their personal expense accounts – even if the bribe was actually paid out by the manager – according to these people.” Last March, a group of current GSK employees sent a letter to the company that said, in part, ““All the expenses were approved by the company,” the group wrote in a letter to management. “The expenses were paid with our own money, and although the receipts were not compliant, it was our managers who told us to buy the fake receipts,” said one former GSK salesman.”

The article quoted that GSK said, “We have zero tolerance for unethical or illegal behaviour and anyone who conducts such behaviour has no place in our company. We believe the vast majority of our employees uphold our values and we welcome employees speaking up if they have concerns.” Talk about a ‘Speak Up’ culture at your company. Probably not exactly what the company had in mind when it invited employees to raise their concerns.

However, as damning as this is, and it would certainly appear to be quite damning, was the following revelation, which was also reported by Waldmeir and Ward, regarding witness prep during GSK’s internal investigation. They wrote, “Some staff were warned not to implicate their supervisors, according to a former salesman: “Our manager approached each person before they were questioned and asked them not to mention his name. He even prepared a story for them to tell the investigator.””

Dissecting all of the above, it would appear that GSK has several real problems on several fronts from this article. The first is that there appears to have been clear China business unit management participation in the bribery and corruption scheme. While it is still not clear whether the corporate home office was involved in the scheme, simply knew of it or choose to bury its collective head in the sand as to what was going on in China, if your in-country business unit management is involved, it is not too many steps to the corporate home office. Conversely, the question might be that if this fraud against the corporate home office was so open and obvious, why did the corporate office not detect it going forward?

Yet the real issue for the corporate office may be the information about employees being coached to hide evidence during the investigation. If such activity was limited to the ‘managers’ in the Chinese business units only, what does it say about a corporate office, which allows such witness intimidation? Think that is an investigation best practice? However, if the corporate office was involved in any way in such witness intimidation, it will bode extremely poorly in the eyes of the Chinese regulators, the UK Serious Fraud Office (SFO), which has opened an investigation into the GSK matter and probably the US Department of Justice (DOJ) as well, since GSK is still subject to the Corporate Integrity Agreement (CIA) it signed back in July of 2012; when it pled guilty and paid $3 billion to resolve fraud allegations and failure to report safety data in what the DOJ called the “largest health care fraud settlement in U.S. history” according to its press release. Think witness tampering or hiding of evidence might garner the attention of the DOJ for a company already under the equivalent of a Deferred Prosecution Agreement (DPA)?

In addition to all of the above conduct, it will be interesting to see the effect of this ongoing investigation on the stock value of GSK. In a Wall Street Journal (WSJ) article, entitled “FCPA Hits Companies Harder if they Committed Fraud”, Sam Rubenfeld reported “A study of U.S. Foreign Corrupt Practices Act enforcement issued by the Searle Civil Justice Institute, a research division of The Law & Economics Center at George Mason University School of Law found that public companies lost an average of 2.9% of market capitalization as a result of an investigation. But, the study found, the number masks an important distinction: Companies charged with bribery only suffered an initial 1.5% loss, while those charged with bribery and financial fraud saw a initial drop of 16.3% in market cap.” It will be interesting to see the effect the apparent fraudulent activities of GSK’s China employees will have on not only the overall penalty assessed against GSK but if there is any attendant drop in shareholder value.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2014

Why the Compliance Function is Different Than the Legal Function

Joseph WelchI have long been proud of my profession. I would often tell students that they ware about to join a profession which extended as far back as Demosthenes, who practiced his closing orations against crashing sea waves so that the full Greek demos might hear him when he closed a trial. Further, while thoughts of Atticus Finch are never far from a Southern lawyer’s mind, if not aspirations to emulate him, today we celebrate a real life lawyer who did the profession proud. It was on this day, 60 years ago in 1954 that Joseph Welch, then Special Counsel to the US Army, unmasked Senator Joseph McCarthy for what he and his hearings into communism were. In response to McCarthy’s charge, that Frederick G. Fisher a young associate in Welch’s law firm had been a long-time member of an organization that was a “legal arm of the Communist Party,” Welch responded, “Until this moment, Senator, I think I never really gauged your cruelty or your recklessness.” Welch then uttered these immortal lines, “Have you no sense of decency, sir, at long last?” The audience applauded Welch’s stinging comeback. The hearings closed one week later. The US Senate officially condemned McCarthy for contempt against his colleagues later that year.

Unfortunately the legal profession took one in the eye last week when General Motors (GM) released its internal investigation into the company’s failure to recall millions of defective small cars, and found no evidence of a cover-up. As reported by Bill Vlasic in a New York Times (NYT) article, entitled “G.M. Lawyers Hid Fatal Flaw, From Critics and One Another”, stated the GM law department did not come out of this matter looking too well. Vlasic said that “interviews with victims, their lawyers and current and former G.M. employees, as well as evidence in the report itself, paint a more complete picture: The automaker’s legal department took actions that obscured the deadly flaw, both inside and outside the company.”

While GM’s General Counsel (GC), Michael Millikin, survived dismissal in the aftermath of the internal investigation, he certainly did not come out as a GC who was particularly engaged with what was going on in his own department. Vlasic reported, “At least three senior lawyers are among the employees who lost their jobs as a result of the investigation conducted by the former United States attorney Anton R. Valukas… One of the lawyers dismissed this week was William Kemp, who had been orchestrating G.M.’s legal strategy and in-house investigations of the defective ignition switch for more than two years before the recall. Yet it was not until early February, days after a high-level committee finally ordered the switch recall, that Mr. Kemp informed Mr. Millikin of the deadly consequences of the flawed part. G.M. has linked 13 deaths and 54 crashes to the defect.” Two other lawyers reported to have been dismissed, as a result of the internal investigation, were Lawrence Buonomo, head of product litigation, and Jennifer Sevigny.

Equally damning were the internal investigations report that during safety meetings relating to the ignition switch failure, “Mr. Valukas said employees he interviewed told him they had refrained from taking notes in safety meetings “because they believed G.M. lawyers did not want notes taken.”” Beyond this ban on note taking, Vlasic said “The secrecy factor extended to how some employees kept or discarded old emails. According to two former G.M. officials, company lawyers conducted annual audits of some employees’ emails that could be used as evidence in lawsuits against the company.” While GM euphemistically called this email deleting program “information life-cycle management,” when the purpose is to remove evidence that could be used against the company in lawsuits, it once again shines a very bad light on my legal profession brethren.

This sordid tale of the complicity of the GM legal department is all part of what GM Chief Executive Officer (CEO) Mary Barra “denounced as a “pattern of incompetence and neglect” at the company that allowed a defective part to exist in its vehicles for more than 10 years.” But more than simply causing the corpse of Atticus Finch to spin over in his fictional grave, the GM legal department’s role in the company’s debacle points to something that Donna Boehme and Mike Volkov have been articulating and writing about for some time. It is not simply that the Chief Compliance Officer (CCO) needs to be out from under the roof of the GC’s office; it is that the compliance function is different than the legal function.

When I initially went in-house, it was made clear to me that the role of the in-house department in the company I worked for was to protect the company. When I became a GC, I took that role to heart and felt like I was the company’s lawyer (even if the CEO felt like I was his lawyer). But as Boehme points out in her article in the June 2014 issue of the SCCE Magazine, entitled “Toldya. (Reason #119 why Compliance is not a subset of Legal),” there are distinct differences in approaches to doing compliance from practicing law. She said, “one thing is clear – the two functions have very different mindsets, mandates and priorities.” She notes that the legal department mandate is to “advise and protect the company.” However, Boehme believes that the compliance mandate is much broader. She writes, “Compliance, on the other hand, is tasked with detecting and preventing misconduct.” The compliance mandate includes constant vigilance on the integrity of the compliance program, protecting internal whistleblowers (in part to demonstrate to others that it is safe to come forward), and supporting a culture of accountability, especially at levels of management.

I might say that a corporate legal department’s role has traditionally been seen to protect the company from problems, while the role of the compliance function is to remedy problems. Here you can think of McNulty’s Maxim No. 3 – What did you do to fix it when you found out about it? But Boehme takes it a step further by noting, “A well-run compliance program requires hundreds of judgments, big and small, to be made on a weekly basis. The company with the political will to elevate their chief compliance officer to a “separate but equal” status in the C-suite will benefit from those judgments being made with an independent compliance mindset, and not “Always Legal but Occasionally Compliance” prism.”

I often repeat the legal truism that bad facts make bad law. Make no mistake about it; the GM ignition switch imbroglio is very bad. But the GM legal department’s role in the company’s ongoing scandal, clearly points out the difference between the roles of legal and compliance. I am sure that the GM lawyers involved, and those who were terminated, thought their job was to defend the company at all costs. But I have never met a CCO who felt that way. They believe that their job is to prevent, detect and remedy any compliance issues that arise. You cannot do that if you are instructing others not to take notes in relevant meetings, deleting potentially incriminating emails and hiding from your boss that there is a real problem out that that must be dealt with.

For the rest of you out there who are lawyers and reading this, remember Joseph Welch today as a far better example of our historical brethren.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

« Previous PageNext Page »

Customized Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,504 other followers