FCPA Compliance and Ethics Blog

January 28, 2014

Silver Blaze and Leadership-Find It, Fix It and Prevent It

Silver BlazeToday, we continue our Sherlock Holmes week by drawing inspiration for lessons for the compliance practitioner from the story of Silver Blaze. In this story, a star racehorse disappears, Holmes pulls out his usual deductions to determine where the horse can be found but turns to the lack of an action to deduce why the horse was stolen. The lack of a dog bark in the horse’s stable tells Holmes that the thief was known to both the dog and to Silver Blaze.

I thought about the story of Silver Blaze when reading this week’s Corner Office column in the New York Times (NYT), entitled “Want to Succeed? Be Accountable”, by Adam Bryant, where he interviewed Noreen Beaman, the Chief Executive Officer (CEO) of Brinker Capital. Beaman was the oldest of four sisters and this gave her an interesting perspective growing up. She said, “Part of it was having a feedback loop of younger sisters. We were close in age, so they were some of my best informants in high school. They would say: “Really? That wasn’t a great idea. Maybe if you stopped and listened, you would’ve heard what someone was saying.” Clearly she received feedback but it was from a source that she listened to when it provided to her.

After a flush of early success in her career as a company Chief Financial Officer (CFO) she moved into sales. She made a major mistake on a transaction that went sideways. As Beaman put it “I was in the penalty box.” But through hard work and determination, she overcame this error and learned from it. She said that the entire experience made her both more accessible and “it made me have more humility”.

One of the most interesting things that Beaman said was that one of her company’s mantras is “Find it, fix it and prevent it.” That seems to me to be a pretty good way for a compliance practitioner to look at things, particularly if you consider the FCPA Guidance formula of “prevention, detection and remediation” for a best practices anti-corruption compliance program. To facilitate this culture, Beaman said that one of the skills valued at Brinker Capital is accountability. She said, “We make sure everyone’s in a position to be successful. Then, when you’re not successful, we have to have a conversation. You need to hold up your end of the bargain. Sometimes you’re not a good culture fit because you don’t want to be held accountable, and sometimes you’re a great culture fit and we just didn’t give you the right training, so we’ll do that. Sometimes you’ll make a mistake. Life happens. But let’s not do it again.”

For the compliance practitioner, I think that Beaman’s example demonstrates the need for a Chief Compliance Officer (CCO) to take the initiative in showing how the role they play inside the organization is far more than just a legal minimum or people-based risk management. A CCO, and indeed the entire compliance function, should be seen as a partner to the business folks. This will help to create the deeper relationships that will not only make it easier for the group to do its job, but also help it to be seen as a vital part of the organization’s long-term strategy. It will also help when there is something askance in the compliance function. As noted by Mike Volkov, in his blog post entitled “Chief Compliance Officers: Under a Microscope, CCOs have to educate the Board and the C-Suite on what exactly is reasonable to expect and how the compliance program is designed to achieve these results.  Along the way, CCOs have to make sure they can show that compliance is a valuable contributor to the company’s bottom line.

Beaman also said one thing that I have heard numerous CEOs say over the years, which is that one of the most important skills they have learned is listening. Beaman related “You have to be a little more indulgent with people sharing ideas around the table, even if 25 percent of them are distractions. C.E.O.’s are usually Type A’s to begin with, and I’m a little chatty. And now I’m in this room full of smart, dynamic people who all want to be heard. So what I had to learn is to be quiet, to listen, to keep everyone committed and at the table.”

As a hard charger, she does want to make decisions and move on. So she has to consciously slow herself down, “to really slow down and be present in the moment.” Part of this turns on setting “realistic expectations and goals, and be sensitive to the tempo around you. It’s about meeting people where they are as opposed to expecting people to meet you where you are. Everyone comes from a different point of view. I have a big personality and I know that I can come on a little strong, so a lot of times I’ll slow it down.”

Beaman also had some interesting thoughts on interviewing. She is clearly engaged by potential hires that are intellectually curious. One of the things that she considers is whether the interviewee has any questions for her. She said that “One, it tells me if you’ve prepped. Two, it tells me how interested you are.” A second thing that she inquires about what books they read. If they are not a book reader, she asks about magazines and newspapers. She related that “I’m interested to know how intellectually curious you are. In our world today, if you’re not actively learning every day, you really are not competitive. There’s too much going on. I can never know everything going on around me, so I need to know that there are people around me who are learning other things, so we create a more cohesive view.”

For the compliance professional out there interviewing, I found these last couple of points quite instructive. Many times it seems that there is so much information in the compliance field that it is difficult to keep up in our profession. But here, the CEO of a major corporation wants to see intellectual curiosity in candidates because she believes this will make a better employee.

Beaman’s journey certainly has been wide-ranging. I believe that her experience can assist the compliance practitioner with ways to think about his or her position within a company and how it can be executed. And just like in Silver Blaze, sometimes when nothing is said, it speaks louder than mere words…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

January 24, 2014

Getting Your Company Ready for M&A Compliance Due Diligence

John Bell HoodWho was the absolute worst general during the Civil War? While there are many worthy candidates for this dubious honor, on the Southern side my vote goes to General John Bell Hood. One of the prime proponents of the Southern attack and die strategy, Hood’s leadership led to the destruction of 90% of his Texas Brigade at Antietam. But Hood is most famous for his utter destruction of the Army of Tennessee. In five months, from July to November of 1864 Hood unsuccessfully attacked Union General William T. Sherman’s army three times near Atlanta, relinquished the city after a month-long siege, then took his army back to Tennessee in the fall to draw Sherman away from the Deep South. Sherman dispatched part of his army to Tennessee, and Hood lost two battles at Franklin and Nashville in November and December 1864. There were about 65,000 soldiers in the Army of Tennessee when Hood assumed command in July. By January 1, there were only 18,000 men in the army. To top it off, it was not Sherman who burned Atlanta but Hood.

My thoughts turned to General Hood when I listened to a very interesting panel on Day 2 of the ACI FCPA Boot Camp about getting your target company ready to be scrutinized from the compliance context in mergers and acquisition (M&A) due diligence. On the panel were Alberto Orozco from PricewaterhouseCoopers (PwC), Joseph Burke, from Dell Inc., and Christina Lunders from the law firm of Norton Rose Fulbright.

Building on a fundamental theme from day one of the conference, Burke said that relationship building is also important in the M&A context, from the perspective as a buyer. Representing an acquirer, the key questions from his perspective were two-fold: whether or not we trust the company we are looking at and how will they integrate into our company? He believed that trust is what gets the deal done or does not. He begins by sitting down with his counter-part, senior management and key legal department personnel in the target company and talking to them. If they can talk with authority about their compliance function he can determine how much he will dig into the documents and records.

Orozco agreed with this perception but came at it from his accounting angle. He said that if your books and records are in order, you really do not need to do anything more. The next step he looks at is if you have a compliance program and do the targets employees know about it. This is critical so that the buyer will have an understanding of what is needed from the compliance perspective from day one of the acquisition closing.

They then turned to the perspective of a target and what you should have in place for such an analysis. It all begins with a compliance focused risk assessment and this should be done first as this is a key starting point to determine not only if the target has an effective compliance program but also if the target is actually ‘doing compliance’. Of course it is important for a target to know about its relationships with foreign governments, whether as customers or representatives on the sales side or in the supply chain.

They posited that a target should make sure that it has a compliance program, which is consistent with an international standard for an anti-bribery or anti-corruption program, whether it is the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or some other recognized international standard. The target should gather and verify the completeness of the following anti-corruption policies and procedures:

  • Anti-corruption/anti-bribery;
  • Petty cash;
  • Travel, meals, and entertainment;
  • Gifts, donations, sponsorships, political contributions, lobbying;
  • Retention, use and compensation of intermediaries/third parties;
  • Disbursements;
  • Recording of intercompany transactions; and
  • Authorization for expenditure/levels of authority.

They believe that it is important for a target to gather and verify the completeness of relevant books and records. They specifically listed the following:

  • Monthly trial balances;
  • Customer lists;
  • Vendor lists;
  • General ledger accounts for the following:
  • Gifts, entertainment and hospitality;
  • Travel;
  • Donations, sponsorships, and political contributions;
  • Marketing and commissions expenses;
  • Consulting fees;
  • Petty cash; and
  • Miscellaneous expenses.

They next suggested the documents and records be readied for review from the compliance perspective, on the following topics:

  • Facilitation payments;
  • Advertising and marketing;
  • Government tenders and bidding packages;
  • Employee expense reports;
  • Procurement;
  • Licenses and permits;
  • Records management;
  • Transfer pricing; and
  • Information on how policies/procedures are distributed and compliance acknowledged within the target organization.

Lastly, they provided a list of topics for which documents should be gathered and the target should be prepared to discuss early on with the compliance representative of the acquirer on the subject of any past corruption issues which may have arisen or been identified, together with their resolution. The target should be prepared to deliver factual details, relevant documents, and information on findings and how the matters were resolved. This group of documents should include internal or external reviews, audits or investigations over the past ten years, including any outstanding compliance issues, such as whistleblower and hotline complaints.

In the area of corporate governance they suggested that the target gather Board of Directors and any management meeting minutes from the past five years and have them available for review. A target should also be prepared to make available for interview key personnel including the General Counsel (GC), Chief Financial Officer (CFO), Chief Executive Officer (CEO) and the heads of Internal Audit, International Sales and Compliance.

From the perspective of the acquiring entity, they suggested that you take a close look at the files of as many of the target’s third parties as is reasonable for the size of the acquisition and the time frame you have. These include gathering and verifying the completeness of the following third party files: due diligence; contracts/agreements; records of compensation payment for past 5 years to determine whether compensation is reasonable, especially if in a high-risk area or for business involving foreign officials and, finally, make a determination of how to address any potential red flags.

They also discussed some of the potential red flags, which might be present in these documents. Some of these red flags could include a history of corruption in country where business occurs; numerous or frequent interactions with foreign officials; unusual payment patterns or arrangements with third parties or third parties which refuse to certify compliance, demand payment in cash, provide incomplete or inaccurate information, request payment made to someone else; a bank outside of country of domicile or is close with foreign government officials.

I thought Burke’s perspective was akin to trust but verify. He reiterated several times that it is reasonably straightforward to determine if a target company takes ‘doing compliance’ seriously. From there, you can use analytics to review the numbers and try and make a determination about obvious red flags and high-risk areas. This allows him to help to make a more accurate remediation plan to begin at closing. It also allows him to advise the business unit involved on what the cost for such integration would be, how long the business would be disrupted by such integration and the complexities of acquiring company’s compliance program implementation.

As to the cost for failing to do so, just think of the loss of the Army of Tennessee from the leadership of John Bell Hood.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

January 22, 2014

Queen Victoria and Preparing for Your Risk Assessment

Queen VictoriaOn this day in 1901, Queen Victoria died, ending an era in which most of her British subjects know of no other monarch. She was born in 1819 and came to the throne after the death of her uncle, King William IV, in 1837. Her 63-year reign was the longest in British history. She oversaw the growth of the British Empire on which the sun never set. Queen Victoria restored dignity to the English monarchy and ensured its survival as a ceremonial political institution. She also brought a stability to the monarchy that has stayed with the country as well.

How can you bring stability to your compliance program? One of the most important steps that you can take is to regularly assess your risks through a risk assessment. I often hear some of the following questions posed by compliance practitioners regarding risk assessments: What should you put into your risk assessment? How should you plan it? What should be the scope of your risk assessment? These, and other, questions were explored in a recent article in the ACC Docket, entitled “Does the Hand Fit the Glove? Assessing Your Company’s Anti-Corruption Compliance Program” by a quartet of authors: Jonathan Drimmer, Vice President and Assistant General Counsel at Barrick Gold Corp.; Lauren Camilli, Director, Global Compliance Programs at CSC; Mauricio Almar, Latin American Regional Counsel at Halliburton; and Mara V.J. Senn, a partner at Arnold & Porter LLP.

The authors note that with all compliance programs, there is no ‘one-size-fits-all’ so your risk assessment should be tailored for your organization. In this article I will focus on the steps that you need to take leading up to the initiation of a risk assessment. The authors believe that the planning and layout of your risk assessment is a critical element for success by stating the importance of this issue cannot be over-estimated or over-emphasized.

To begin, the design of your risk assessment should be “guided by its scope and purpose.” So if this is your initial risk assessment to begin the implementation phase of a compliance program, one type of risk assessment may be needed. Conversely, if you have a mature compliance program, another type of risk assessment may be called for. If your company has moved into new or different geographic areas or has new product lines, it may require a different inquiry. The authors note, “knowing why you are conducting the assessment and what your goals are up front will make for a more efficient process and allow you to decide how in-depth your review should be.”

The authors next explore the gathering of information and developing a methodology for analyzing the results because “how you choose to gather information and what questions to ask will determine how useful your risk assessment will be for understanding your company’s risks and appropriately responding to them.” You will need to determine the number of employees to interview and who these interviewees should be for the risk assessment. While a questionnaire can be useful, you will need to consider in-person interviews as well. If it is difficult to make an initial identification of who should be interviewed, you can perform a preliminary assessment from a wider audience and then “streamline and tailor the in-person interviews.”

It is important to speak with employees who are generally considered to be ‘high-risk’ for Foreign Corrupt Practices Act (FCPA) purposes. This would include “people who interact with the government, either as customers or as regulators; those responsible for internal financial controls, such as accounting and finance functions; and senior management with the authority to make significant and impacting decisions, such as a primary executive in a local market.” It is also important to include those employees who are the prime interactors with third parties, both on the sales and supply side. This should include employees who have a role in the selection of such third parties for business relations and those employees involved in managing those relationships.

You will need to garner a sense of the company’s structure and goals. Additionally in FCPA enforcement actions and in the FCPA Guidance, the Department of Justice (DOJ) laid out several factors to take into account, such as “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation, and oversight and exposure to customs and immigration in conducting business affairs.”

The authors end their section on risk assessment preparation by dividing the areas that they believe are most often visited into three categories: general corruption risks, specific commercial activity and existing corruption controls.

  • General corruption risks – this category includes the corruption perception risk in the geographic areas where the company does business, directly or indirectly, through third parties. It also includes government touch points whether as a customer or regulator. Finally, it should include the corruption and bribery-related concerns of your business personnel.
  • Specific commercial activities – this generally relates to third parties; how they are vetted, contracted with and managed. It also includes a review of travel, gifts, entertainment business courtesies, charitable donation and political contributions, mergers and acquisitions.
  • Existing corruption controls – this area looks at not only financial controls such as monitoring and auditing but also training, employee incentives and hotline.

By laying out this risk assessment plan, you will have a good road map to think through not only how to work across a risk assessment but to begin to think how you can use it going forward. You will need to review and assess your highest risks first and then use that information to remediate any deficiencies going forward. I think what the DOJ wants to see is a well thought out plan for moving forward and forward movement toward the plan’s goal. These steps should help you in this journey.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

January 21, 2014

The Culinary Aspects of Homer’s Odyssey and Compliance Training

Culinary in the Odyessy

I recently came across a fascinating book entitled “The Meaning of Meat and the Structure of the Odyssey” by Egbert Bakker. In this work, Bakker looks at the culinary aspects of Odysseus’ journey home from the Trojan War. Peter Thonemann, writing in the TLS, said that “Bakker’s book is a powerful illustration of the importance of food and culinary practices to past society.” In other words, the eating habits could be used to not only understand the past but also perhaps train those in the present about the “wider moral culpability” found in Homer’s work.

I thought about this different way of learning as I was reading a recent article by the Open Compliance and Ethics Group (OCEG) President Carol Switzer in the Compliance Week magazine, entitled “Playing the Game of Risk in Workplace Education”. Her article was coupled with a roundtable discussion of the subject and another in the OCEG, GRC Illustrated Series entitled “Risk-Based Education and Training”.

In the article, Switzer reminds us “one size does not fit all in deciding the content and intensity of training needs for each role or individual”. Recognizing that it all starts with a risk-based analysis of who needs the training is just the start. Switzer believes that by engaging employees in the training, it can become more effective. She looks to the world of gaming when stating that, “Well-designed games encourage engagement, and more engagement means more reinforcement, and that leads to better recollection and application of the information. Situational decision making drives the player to think, not just act. Making wrong choices and seeing the consequences leads to desire to act the right way and gain rewards, be it advancing to the next level of the game, earning a prize for success, or understanding that in the real workplace world the reward may be achievement of personal and organizational objectives.”

In her roundtable, she posed the question, “How do you suggest companies decide on the appropriate amount of training? Earl Jones, Shareholder at Littler Mendelson PC, responded that a company needs to evaluate where its risks are, “If the company is betting on international expansion, then intensive anti-bribery and corruption intensive training is a necessity for key employees. Also design training to build and protect sources of value. If an intangible asset, like a brand, is an important source of value, thoroughly train employees to identify, understand, and react to events or behavior that could impair the brand.”

When it comes to the scope and style of training, Steve Perreault, Global Head of eLearning GRC for Thomson Reuter, suggested you should assess your training by employee groups. You should “Understand things like: How likely is a group of employees to participate in activity that is related to a particular regulatory area? How complex is that regulation? What controls are in place already? Is this employee group responsible for making sure others comply with policies and regulations? You also have to consider what you will need to provide to evidence to regulators and courts that the program exists and is effective. Once you get that figured out, you must ensure that you stay on top of changes in legislation and enforcement, and revise policy, procedures, and training accordingly.”

Switzer next turned to measuring the effectiveness of training and how a company might determine this. Alisha Lynch, Global Ethics and Compliance Education Leader at Dell Inc., said, “Determining the scope and style of training should have several input sources.  Most organizations have three- to five-year strategic plans, and training programs should be designed to support those plans and initiatives. One good analogy is that a training initiative should be like a physical fitness regime. You cannot exercise the same muscle every time to make significant improvements, and you cannot ignore the diet. A culture is like a diet. If the organization designs and delivers great training but the culture is toxic, probably no improvement will be made.”

In the GRC Illustrated Series, it suggests that companies take a risk-based approach to provide appropriate levels and types of training and education to different individuals across the organization. Some of the factors they suggest you review are the role of the individuals, geography, and their level of exposure to particular risk areas. Such an approach moves away from the ‘tick-the-box’ approach that generally renders such compliance useless. It also helps to ensure that there is a more effective use of budgetary resources by focusing training efforts to maximize the return on the investment. The piece advocates a three-pronged approach.


The first step is to define what you are trying to achieve. The piece recognizes that “while some organizations limit their training programs to what is legally required, more successful ones know that there are many reasons for developing a thoughtful, well-designed approach to employee education.” It puts forward that if training is done right, it will help the organization to achieve several goals. These include: the business Objectives; managing threats and business opportunities; it will address change in positive manner; it can help to ensure integrity and the company’s reputation; it can strengthen the business’s culture and ethical conduct; and, lastly, it can provide evidence that the company has complied with legal requirements such as the US Sentencing Guidelines and the Ten Hallmark’s of an Effective Compliance Program.


The next step is to design the training program, which is further broken down into three steps, which drill down into the specifics of training. By using these three steps, you can help to assure that the training will be effective for the individual but also for the nature of the risk involved.

The first is to design the training program. Steps include the development of curriculum using a risk-based model. You should set uniform methods for acquiring content, maintaining records, and reporting. This should be followed by the establishment of standards for selecting appropriate content, delivery methods, frequency, and assurance based on risk exposure. You can review any technological solutions for both e-learning delivery and documentation. Finally, you will need to consider training content revision when requirements or risk analyses change.

After the design of the training program, the next level is to design the specific training courses. Here you should establish your learning objectives and map the training to legal and competency requirements. You must always remember who is your audience and what their characteristics might be. You need to ensure that the content is timely and the instructors are effective. Finally, you will need to determine not only the most appropriate mechanism to deliver the content but also define the key performance indicators and determine methods to audit them.

The final design level is the individual’s training plan. Here you need to analyze what the person’s role is within the organization and use this to determine mandatory and risk-based training needs. You will need to consider modifying the risk profile based upon assessments given before and after the training is delivered and then adapt the training as an employee’s role and risk profile changes within an organization


For the delivery of the training materials, they also have a tripartite scheme. They break it down into high risk exposure roles; medium risk exposure roles and low-risk exposure roles.

  • High Risk Exposure Roles – are defined as those employees whose roles in an organization can significantly impact the company. Here expert subject proficiency is demanded and individuals should be able to act with confidence in a wide range of scenarios and conditions based on a strong understanding of the risks, requirements, and penalties. Training may be repeated frequently using several methods of delivery, have greater assurance through testing and certification of course completion, and include ongoing risk profiling of individuals through assessment of behavior choices in online courses or live simulation exercises.
  • Medium Risk Exposure Roles – are defined as those employees who face risk on regular basis or present a moderate level of negative impact to a company if they mishandle the risk. These individuals should know the risks, requirements, and penalties and should be able to apply their knowledge to common scenarios using standards and tools given to them. Training should have content to make them proficient in the subject, be refreshed periodically, use a mix of modes of delivery, and have methods to prove evidence of understanding.
  • Low Risk Exposure Roles – are defined as those employees with a low likelihood of facing the attendant risk. Persons in this category should be made aware of the risks, requirements, and penalties, as well as the organization’s expectations about how to address it. They should know relevant policies and procedures and where to get assistance in addressing a risk or making a behavior decision.

As with all areas in an anti-corruption compliance program, Switzer and the OCEG suggest that you monitor and audit your program so that you can review it and improve as circumstances warrant. I would add that you should also Document, Document and Document what you are doing for the same reasons. Just as Bakker’s new look at the culinary aspects of the classics can provide new insights into interpretation, it also shows the training that was written into Homer’s Odyssey.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

January 20, 2014

Lessons from a Soccer Manager for the Compliance Practitioner

Soccer BallCompliance leadership can take many forms and inspiration can come from many different sources. I was reminded of this when I read an article in this past weekend’s Financial Times (FT), entitled “How I coach Ronaldo and other secrets”, by Simon Kuper who wrote the piece based upon his interview of Real Madrid manager, Carlo Ancelotti.

Ancelotti grew up professionally playing in Italy’s Seria A, the top league in that soccer-crazed country. So he brings a player perspective to his job. He also rose in the soccer coaching ranks, with stops at Juventus and AC Milan in Italy; then Chelsea in England; followed by Paris Saint-Germain in France before taking over the reins at Real Madrid in Spain. So he has been both a practitioner and an executive. I found some of his thoughts on coaching very insightful for the compliance practitioner.

Coaching a Multi-National Team – Translating Your Compliance Program into Native Languages

While at AC Milan, Ancelotti coached a wide number of different nationalities so being able to communicate with them was critical. This was important when coaching in Italy but Ancelotti found it much more difficult when he moved to England to take over as the manager for Chelsea. He said the hardest part of the communication piece was how “to show emotion”. As any compliance practitioner for an international business concern recognizes, communicating in a multiplicity of languages is a paramount skill.

This is an area that is receiving increasing attention from the Department of Justice (DOJ) as a component of a best practices compliance program. In the FCPA Guidance, under the Ten Hallmarks of an Effective Compliance Program, it intones that a company’s Code of Conduct and it’s compliance policies need to be clear and concise. However, equally noted is that the Guidance makes clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees.

Trusting Your Players – Getting Buy-In For Your Compliance Program

While managing Chelsea, before the 2010 FC Cup final against Portsmouth, “Ancelotti did something unusual: after naming the starting 11, he asked them to decide the match strategy themselves.” He recalls: “Everyone said one thing. For example, [goalkeeper Petr] Cech said, ‘You have to control the space behind, to avoid the counter-attack.’ That season we played 60 games, and 60 times I made the strategy. So I think the players understood very well what they had to do.” When asked why he would try something so risky before such an important match, Ancelotti responded, “I was sure the players followed the strategy, because they made the strategy. Sometimes I make the strategy, but you don’t know if the players really understand.” His tactic worked and Chelsea beat Portsmouth 1-0 to complete the rare double of winning the English Premier League and the FA Cup.

What Ancelotti had hit upon was engaging his players. You should view every interaction as an opportunity to tap into the expertise of your workforce. This requires you to let employees say what they think. One of the first (and most insistent) questions you will face as a compliance practitioner is explaining how and why the Foreign Corrupt Practices Act (FCPA) applies to a country and culture far from the United States. Another related question is often along the lines of the endemic corruption in a country and how the business unit personnel cannot do business any other way. Let your co-workers express these thought and sentiments and then explain why the law(s) applies and how they can do business going forward. The business unit will usually have a solution to these problems and if you can get them to engage with you, it may well be a solution for you and the company. My experience is that they will generally have the correct response for you, even if they do not understand the nuances of the FCPA, UK Bribery Act or other anti-corruption law. But if you can have the employees understand that it is there program, you will have greater buy-in and greater participation in your compliance regime.

Managing from the Ground Up – Thoughts on Building a Compliance Program

After his stint at Chelsea, Ancelotti moved on to Paris Saint-Germain in France. Here he found a different set of challenges. The first was dedication to the program and lack of professionalism. As Ancelotti explained, “The problem of the English player – sometimes it’s difficult for them to understand that they don’t have to work 100 per cent in training. There are some training sessions where it’s important not to work 100 per cent. The French don’t understand why they have to work 100 per cent every day.” This attitude was acerbated by factionalism; the team was made up of ethnic factions. Ancelotti said, “We had the South Americans, the French, the Italians,” and “The relationship is not easy. The South Americans like to play with each other. The Italians the same. The players were not used to having a winning mentality.” Simply put, he had to change the attitude of the players.

How can you begin this process in a compliance regime? Writing in the Harvard Business Review (HBR) authors Linda Hill and Kent Linebeck, in an article entitled “Are You A Good Boss or a Great One”, said that leadership had three imperatives, which are to (1) Manage Yourself; (2) Manage Your Network; and (3) Manage Your Team. These three imperatives provide a good framework for the compliance practitioner.

Most employees ask the question “Can I trust this person?” Leadership results, in large part, by the answer to this question. Trust has two components; the first is that the leader has confidence in his or her own competence; and the second is that employees have trust in the manager’s character. This means that your motives are good and that you want people to do well. If these characteristics are present a manager should be able to influence others.

Next building key relationships throughout an organization leads to the road for success. This means nurturing a broad network of company employees who can influence specific areas and the departments within a company. As scarce resources must be reckoned with on any project, the person who can show the interdependence of seemingly disparate groups, which may have conflicting goals and priorities, is the manager who achieves the most. This relationship building can be a key way to influence others within an organization over which a manager does not have direct control.

Lastly, managing a team is a different dynamic than managing one-on-one. If a manager can influence a team, they have a greater chance of success as employees tend to be more creative and productive when working in groups. Accountability to other team members and a genuine conviction that they are all in it together can lead to a group coalescing into a team. The culture of any team is important: values, standards and norms guide employees in what is expected of them. Attention must be paid to all team members and recognition for individual efforts within the team can bring greater effectiveness as well.

To be a great compliance leader, the compliance professional must use all of these techniques. To achieve many compliance goals within a company requires a manager to exert a great amount of influence. The techniques set out by the authors provide direct tools for the compliance professional to utilize in this task. Managing employees within any compliance department is the first step. A compliance professional must reach out across an organization to all groups and departments to develop relationships, which can be used in furthering a company’s compliance goals. A compelling team creates the foundation of this strong network and a strong network will allow your compliance team a path to achieve its goals within the company. But knowing where you are going is only half of the journey. The authors end with the admonition that “you need to know at all times where you are on the journey and what you must do to make progress.”

Obviously Ancelotti has been successful at many different stops in his career. Some of the tips that Kuper wrote about in this article can be useful for the compliance practitioner dealing with a diverse multi-national employee base.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

January 17, 2014

Naval Theorists and the Measurement of Compliance

7K0A0129If are interested in naval history, strategy and tactics, I have a question for you: Are you a disciple of Alfred Mahan or Julian Corbett? If you are a Mahanian, you probably focus on large naval engagements or the great battle concept. If you are Corbettian, you probably think about a series of smaller engagements, with an offensive-defensive mentality. I pose this as I am currently studying great military strategic thinkers. One thing they both advocate is information collection and analysis as a tool to not only predict potential future outcomes but to remediate defects as they might appear. In other words, measurement.

Why should an organization measure its compliance program? One quick answer is that it is one way to demonstrate that your compliance program is ‘effective’ under the US Sentencing Guidelines for Organizations. But more holistically, such measurements allow a company to know if it is operating within the parameters it has set and in compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act. Further, such metrics can provide more and better information for strategic decision making, help employee engagement with compliance and can aid to produce a clearer picture of compliance risks and requirements.

An article in Compliance Week, entitled “Measuring the Integrity of an Organization”, author Michael Rasmussen explored this issue and then facilitated a roundtable discussion on the topic. Rasmussen’s article was paired with another in the series of Open Compliance and Ethics Group (OCEG) GRC Illustrated pieces entitled, “Integrated Compliance & Ethics Metrics”.

In the roundtable, Patrick Quinlan, Chief Executive Officer (CEO) of Convercent, said, “compliance should be looking at objectively measuring how a location, a department, or employee behavior stacks up against the organization’s values and policies. You should measure to compare, monitor, and pursue participation, engagement, and improvements where needed. Regulators may want to see checked boxes of compliance (percentage of policy attestations and training courses completed; controls in place; responses to incidents). Culture and engagement metrics can serve as valuable indicators of issues that may rise to the surface later. Employees respond to how they are evaluated; making ethical behavior a part of performance evaluations is an important part of instilling compliance at every level.”

Jose Tabuena, Global Compliance & Regulatory Counsel for Orion Health, believes that it is important for a compliance practitioner to “Develop a scorecard to give stakeholders information about the compliance program and where there is risk. Metrics should be gathered from both inside (e.g., investigations, compliance committee meetings, subject matter audits, etc.) and outside (e.g., government agency audits and observations, including fines and penalties). These metrics monitor the program over time and identify legal and other minefields that are ripe for corrective action.” Anita Helpert, Director of Internal Audit at Raytheon, specified four areas that organizations should compare. First, “awareness training completions that answer: Have we equipped attendees to understand expected conduct, to recognize issues, and to feel confident in reporting issues?” Second, you should look at tone-at-the-top: “What evidence supports leaders setting examples and nurturing an environment of ethical behavior?” The third is hotline reporting: “Do reports confirm or deny our “ethics checks” and provide insight on how people ask for guidance or report potential issues?” Fourth, and finally, is ethics metrics: “When we respond to a report or question, what do we find? How does this trend over time, by organizational structure, by leader, by location?”

In the GRC Illustrated compendium, it detailed success factors. These included:

  • Top level support – you can gain the endorsement of management and obtain a larger allocation of resources by “demonstrating how strategic decisions making depends on analysis and timely delivery of information.
  • Employee engagement – by engaging employees you not only make them more comfortable with compliance but also more meaningful and beneficial.
  • Knowing your needs – you need to determine what information is required to assist in “strategic decision making, support established values, improve compliance efforts and better manage resources.”
  • Single source of information – there should be one centralized system to consolidate metrics and ensure increased accuracy for better analysis and decisions.
  • Ease of use – the compliance practitioner needs to “enable quick, simple and meaningful management of data and dashboards for viewing and analysis of metrics.”

An interesting glossary in the GRC Illustrated compendium defined the types of metrics and examples that might be used. They were:

  • Number – you should count the number of incidents, policies, surveys, reports, automated controls, and employee conduct – whether good or bad.
  • Frequency – you should determine how often training and surveys take place, incidents occur, issues are reported and the workforce is surveyed.
  • Flagged – you should identify policies requiring review or individuals, locations, and operations with multiple problems, high-level risks or strength in desired conduct.
  • Ranking – here you should assess the severity of incidents, benchmarking outcomes, employee leadership qualities and the risk ranking of third parties.
  • Trends – you should evaluate metrics for specific areas such as training completion or level of employee engagement over time and relate them to program changes.
  • Relationships – you should consider the controls per risk, incident trends to training frequency or survey completion rates to the number of reminders.

Rasmussen ends his article by noting that these types of approaches to ethics and compliance allow not only the demonstrable proof that regulators such are the Department of Justice (DOJ) or Serious Fraud Office (SFO) are looking for but also “shifts the focus of efforts from being reactive and “checking the box” to proactive and forward-looking. This shift enables compliance to monitor integrity by processing and managing metrics across the organization in the context of rapidly changing business, regulatory, legal, and reputational risks to ensure compliance is operationally effective.”

With this integrated compliance architecture a company can create “an optimized infrastructure to report on metrics, benchmark integrity, and understand compliance in the context of business strategy and execution. Measuring integrity requires that the organization have clear insight into metrics supporting the development and communication of clear policies, continual feedback from employees, effectiveness of training programs, incident reporting, and the engagement of employees with these systems. All of these lead to an efficient and effective compliance program responsible for being the champion of organizational integrity.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 30, 2013

New Book Available on Anti-Bribery Leadership

I am pleased to announce the release of a new book entitled, “Anti-Bribery Leadership” which I have authored with Jon Rydberg, the CEO of Orchid Advisors. In this book, Jon and I provide practical lessons pertaining to the FCPA, U.K. Bribery Act and broader Anti-Corruption / Anti-Bribery standards for Board Members, Chief Executive Officers, General Counsel and other corporate executives who seek to lower their enterprise risk profile by learning simple strategies from tested compliance veterans.

I am certain that you will find it useful to reinforce the our belief that compliance – both in general and as it pertains to the anti-corruption/anti-compliance – should be viewed, like quality and safety, as an equal business metric. Although compliance should not be designed to impede efficient business operations, it should be part of the decision-making process. In fact, best-in-class compliance programs are enablers of planned and measured risk-taking. This book is a handy guide on how to make such compliance programs work for you and your company.

You can order a hard bound copy through Amazon.com by clicking here or an eBook version for Kindle by clicking here.

December 27, 2013

My Favorite Blog Posts from 2013

One of the best things about the Foreign Corrupt Practices Act (FCPA), UK Bribery Act and other anti-corruption practice areas is the top notch quality of commentators. While Mike Volkov regularly derides the FCPA paparazzi for being scare mongers and the FCPA Professor chastises FCPA Inc. for attempts to paint FCPA enforcement in the worst possible light so as to draw clients to their collective resources; there is also a great set of bloggers, writers and pundits who put out solid, useful and well-reasoned pieces on FCPA and Bribery Act issues. In this blog post, I would like to highlight some of my favorite posts from some of my favorite commentators over the past year.

From the Dean

If you do not know who the Dean of FCPA bloggers is you have not been looking too long or too hard. It’s Dick Cassin, who is the Founder, Editor and Publisher of the FCPA Blog, which consistently reports on all things compliance around the globe. But for me, it is when Dick writes from the heart, he is able to articulate what many of us are feeling but cannot seem to put into words. My favorite post from Dick this year was his tribute to President Kennedy on the occasion of the 50th anniversary of the President’s assassination, entitled “And So The Legend of Camelot Was Born”. Dick ended his post with the following quote from Teddy White, “He advanced the cause of America at home and abroad. But he also posed for the first time the great question of the sixties and seventies: What kind of people are we Americans? What do we want to become?” The question still stands.

From the FCPA Professor

If you have never debated the FCPA Professor, live or via email, you should. But be prepared to bring your A-Game and your authority. He posts daily and has become a great resource for guest posts over the years which challenge the status quo on a variety of legal and compliance issues. Each morning I cannot wait to see what the Professor has to say that day. However, what I have really come to appreciate is his Friday Round-Ups. Each Friday, the Professor gives us a round-up of recent FCPA and related news, articles and developments not otherwise covered by him in his Monday – Thursday posts. I should also say he saves some of his best witticism for these posts. My favorite post from the Professor this year was the milestone of his 100th Friday Round Up, appropriately entitled “The 100th Edition of the Friday Round-Up”. Tune in each Friday for another edition of this great resource.

From Jim McGrath

I continually bemoan to Jim McGrath that he needs to post blogs more often than his twice or thrice weekly output. The reason being they are so good and I want to see more of his stuff. As you might guess from the title of his blog, Internal Investigations Blog, he tends to focus on investigations; some criminal, some civil, some internal and some external. McGrath is an ex-prosecutor and tends to view things through that prism and give us a different perspective of law enforcement. He writes about investigations inside and outside the realm of anti-corruption but his insights are certainly applicable to any FCPA or Bribery Act investigation.

My favorite post from McGrath this year was his piece on 7-Eleven, entitled “Human Trafficking Concerns for 7-Eleven in Wake of Payroll Scam”. In this article he detailed the federal investigation into allegations that 7-Eleven franchisees in New York and Virginia had engaged in human trafficking and possible involvement by the franchisor through its payroll system. His piece was a cautionary tale for the compliance practitioner about the need for internal controls, internal monitoring and internal investigations. McGrath ended his post with the following, “Further, its future due diligence efforts as regards suppliers and franchisees should include a review for human rights abuses such as those suggested here. Otherwise, it will have to sell a helluva lot of Slurpees to pay the fines, costs, and disgorgements that a failure to do so will no doubt entail.” In other words, trust but verify.

From Mike Volkov

Mike Volkov has worked at the Department of Justice (DOJ) on Capitol Hill and for Big Law. He now has founded his own firm, the Volkov Law Group and writes the Corruption, Crime & Compliance blog. Mike primarily writes about anti-corruption but he also writes about health care fraud, anti-trust compliance and enforcement and many other topics. While I cannot determine if he set out to have a theme this year, Volkov has written many articles this year which focus on the role and position of the Chief Compliance Officer (CCO), the need for independence and resources required for the position.

My favorite post from Volkov was entitled “The Only Thing [In-House Counsel and CCOs] Have to Fear, Is Fear Itself”. His title is a play-off of what I believe to be the most inspiring FDR speech so that alone is worth the price of admission. He also tells one of the great stories about his days from Big Law. Volkov related that he wrote his views on the UK Bribery Act and the length of time it would take for any meaningful enforcement to take place, “I received a call from the firm’s London partners and was chastised for undermining their entire “marketing” program. (In stark contrast, many clients wrote me and thanked me for my “honesty.)” As my 16 year old daughter might say, ‘Sometimes you just have to keep it real’.

From Across the Pond

If you do not subscribe to thebriberyact.com, you are missing out on the best site for all things UK Bribery. thebriberyact.com guys, Barry Vitou and Richard Kovalevsky QC, consistently give their readers both practical insight and in-depth analysis. Their interviews of the relevant players allow all compliance practitioners to develop insight into what the top UK regulatory officials are thinking about on the Bribery Act. They also write from the very British perspective of understatement and skewering satire, which is more than a ton of fun for us Americans to read.

My favorite post which illustrated all of the above traits was from March and is entitled “Parliament report calls for Bribery Act review: Our opinion – Junk in. Junk Out.” In this post, they took on the call for the urgent scrutiny of the UK Bribery Act by a parliamentary select committee claiming that the Act has met with “confusion and uncertainty.” To this rather inane claim, the guys responded “We cannot think of a piece of legislation which has sparked much more commentary, advisory, much of it on line and completely free, including our own eponymous website.” But my favorite line was their dénouement to the British MP who brought up the need for clarification of the UK Bribery Act, “And, Tony from Alderly PLC, if you’re reading feel free to give us a call.  We can help you.”

My Favorite from 2013 (Think Big)

My favorite blog post of the year was actually posted on December 28, 2012 by Matt Ellis, Founder and Editor of the FCPAméricas blog, which was entitled “Wal-Mart, Go Big on FCPA Compliance”. The reason that it is my favorite of 2013 is because it is the one post that I have thought the most about, talked the most about, read the most about and it even inspired me to write on the issue myself. In his post Ellis challenged Wal-Mart to “go big” on compliance in the wake of its world-wide FCPA investigation and policy implementation. He wrote, “Wal-Mart should instead use the FCPA investigation, and the attention it has generated, as an opportunity. It is an opportunity to go big on compliance.” Ellis went on to detail some specific suggestions that Wal-Mart could implement to help the fight against bribery and corruption that, due to its size and market share, would be in a unique opportunity to put in place.

Within the anti-corruption compliance community there was a noted buzz about Ellis’ piece and his suggestions. I was inspired to write a blog post, entitled “Wal-Mart-Be a Leader in Compliance”, due to the ideas articulated by Ellis. Seemingly inspired by Ellis’ example, Michael Scher, writing in the FCPA Blog, in a piece entitled “Michael Scher talks to the feds”, used the Wal-Mart investigation as a jumping off point to ask the DOJ to resolve several open issues on compliance as he saw them. In others words, Ellis piece (hopefully) got not only Wal-Mart to thinking but several others of us. That is why it is my favorite blog post of 2013.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

December 17, 2013

Good Bye To Peter O’Toole and the SFO Prosecution of Victor Dahdahleh

This past weekend Peter O’Toole died. He was one of the foremost actors of his generation, garnering eight Oscar nominations. He also starred in one of my favorite movies of all-time-Lawrence of Arabia. Last week, before O’Toole passed away, the UK Serious Fraud Office’s prosecution of Victor Dahdahleh also died when the SFO notified the Court that it did not believe a guilty verdict was possible due to some very odd in trial machinations. As you might expect, thebriberyact.com guys, Barry Vitou and Richard Kovalevsky QC, wrote about it in their blog, thebriberyact.com. Rather than summarize their thoughts, I asked them if I could re-post their original piece, which they graciously allowed me to do.


Key question for SFO after Dahdaleh collapse

The collapse of the SFO case against Dahdahleh represents a low point in a bad year for the SFO.

The continuing fall out from the botched Tchenguiz investigation (where the SFO is being sued), finding lost SFO documents relating to the BAE Systems investigation in a Cannabis warehouse in East London and now this all put the SFO in the headlines on the front page, again, for all the wrong reasons.

The new Director is doing his best to fix the SFO.  The question some in Whitehall will be asking now is: can it ever be fixed?

The Dahdahleh case was a high profile prosecution and there will be a post mortem.

Two key pieces to the puzzle

The SFO in its Press Release identified two key points.

First, a key witness, who had already pleaded guilty, changed his tune.

In the words of the SFO: “Bruce Hall pleaded guilty and gave evidence for the prosecution. The account he gave in court differed markedly from the witness statement he had provided to the SFO.”

If you bring cases to trial there is always a risk that witnesses can change their story or crumble under cross examination.

You win some.  You lose some.

David Green has repeatedly made the point that because of the very nature of its work there will always be the risk of losing cases.

That is all part and parcel of the rough and tumble of litigation.

Though the SFO badly needs some more of the ‘You win some’ and less of ‘You lose some’.

Reliance on information obtained from third parties

Second, press reports say that reliance was placed on information received from Akin Gump a law firm representing Alba which in turn is involved in a ‘hotly contested’ civil law suit against Mr. Dahdahleh.

The SFO said in its Press Release yesterday that Two key witnesses from the USA were unwilling to attend trial in the UK and face cross-examination. That impacts on the fairness of the trial as well as the prospects of conviction.”

In its more detailed statement to the Court the SFO said:

“Secondly, we have the unwillingness of two witnesses to face cross-examination. That impacts both on the fairness of the trial as well as the prospects of conviction.

Since last Thursday, yet further contact has taken place with Akin Gump, the lawyers for Aluminium Bahrain, or “Alba”, to secure the attendance of these two American witnesses, Mark MacDougall and Randy Teslik who are both partners in that firm. As you will see from the correspondence, they have attempted to place limits on the extent to which they can be cross-examined.  The Serious Fraud Office does not believe it would be appropriate to attempt to persuade the court to agree to such limits nor, given your comments last week, that they should appear via video-link.

The Defence have raised issues questioning Akins Gump’s role in the provision of assistance to the Serious Fraud Office both as to what their motives may have been in the dissemination of material and assistance as to witnesses who could provide relevant information, this in the context, as accepted by the defence, of the Serious Fraud Office acting in good faith. The attendance of the two American witnesses would have allowed this aspect of the case to be ventilated before the jury. Their refusal to attend creates a situation where it is clear that the trial process cannot remedy the position and we accept unfairness now exists for the Defence.

In seeking to secure the attendance of these two witnesses – who have previously attended court on every other occasion when their attendance has been required – the Serious Fraud Office has taken every available step, including a direct telephone conversation between the Director of the Serious Fraud Office and the chair of Akin Gump.

Not every unfairness necessarily leads to trials being discontinued, particularly where there is other evidence and taking into account the public interest in pursuing serious crime. After careful consideration of all of the circumstances of the case the Serious Fraud Office has concluded that there is no longer a realistic prospect of conviction in this case and accordingly we offer no evidence.”

The SFO will always need to rely on evidence from others in order to bring cases and those parties may have a variety of motives for supplying it to them.  The fact here is that questions over those motives led to the collapse of the case.

The question for the SFO is did it take reasonable steps to prevent the possibility of the collapse happening in this case.


While I do not pretend to understand the nuances of British criminal trial procedure, I have some experience trying cases and you always have to expect the unexpected. Even if that means a key witness becomes adverse to your position or indeed his or her prior position in negotiating a plea agreement. That is the reason you have the prior statements memorialized so that they can be used against the interest of the witness, if required. The actions of the law firm Akin, Gump would seem to be more problematic. In the UK, there appears to much criticism of the SFO for using materials developed by Akin, Gump. While, I do not find that conduct troubling, if you are going to rely on a third party for any evidence, you had better be assured that they will show up at trial to prove up such evidence. If it turns out that Akin, Gump went back on its word and did not provide the testimony that it agreed to, that is another story. Lastly, for all those who criticize prosecutors who lose cases, I only have one thing to say, “If you have never lost a case, you have never been to the courthouse.”

So good-bye to Peter O’Toole, good-bye to the SFO prosecution of Victor Dahdahleh but as Barry Vitou reminded me, assured it is not good-bye to the SFO, although I bet it is looking forward to the new year a bit more than most of us.

December 13, 2013

More Compliance Lessons from the Asiana/SFO Crash Investigation

I have long been interested in the intersection in the changes in attitude regarding safety in the workplace by corporations and the changing attitudes on doing business through bribery and corruption. As a trial lawyer defending corporations in catastrophic accident lawsuits, I saw a sea change in the corporate attitude regarding safety, beginning in the 1980s through the 1990s. Many of the arguments used against safety during that era are used now. Some of my favorites are: (the financial excuse) it costs too much and doesn’t contribute to the bottom line; (the traditional excuse) we’ve always done it that way; and (my personal favorite) you can’t stop humans from screwing up and trying to injure themselves. But the reality is that safety at the work place did improve and now most companies not only say that safety is job No. 1 but they live and breathe that motto. Does this sea change mean that serious accidents do not happen at the workplace? Of course not, but it does not mean that companies have or even should give up the quest for zero accidents at work.

Part of the ongoing debate about compliance is whether the Department of Justice (DOJ) approach of corporate enforcement actions and the use of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) help or hurt compliance with the Foreign Corrupt Practices Act (FCPA). Some commentators remark that the simple fact that there are enforcement actions is indicia itself that the DOJ approach is not working. Mike Volkov took on this topic in his post, entitled “The Sky is the Limit: Escalating Fines, DPA/NPAs and Deterrence”, by asking if “it is important to ask the question whether the current enforcement scheme adequately punishes and deters corporations”? In his discussion he points to some who want more prosecution of individuals as a greater deterrent and others, notably the FCPA Professor, who want greater corporate protections against prosecution through the addition of a compliance defense as a mechanism to give corporations more incentive to do business in compliance with the law. Volkov ends by observing the DOJ’s current enforcement focus “will not change unless and until there is a good reason to do so – so far no one has pointed to any significant reason for the Department of Justice to change its practices.”

I thought about all of the above in the context of the hearings in Washington in front of the National Transportation Safety Board (NTSB) surrounding the crash of the Asiana jet at San Francisco’s airport last summer. Earlier this week I wrote about one of the lessons from the hearings which was the need for enhanced training by Asiana pilots on not only the specific planes they pilot but also training that they can speak up when they see something that they believe is not right.

This need for training was made even more acute when the story about the testimony given by the Captain on board the flight in question in a New York Times (NYT) article, entitled “Pilots in Crash Were Confused About Control Systems, Experts Say”, where Captain Lee said that he told investigators that any of the three pilots on the plane could have decided to break off the approach, but he said it was “very hard” for him to do so because he was a “low-level” person being supervised by an instructor pilot. But more than even the failure to raise his hand and speak up, Lee did not heed the warning of a junior officer. As reported in an article by the Associated Press, entitled “Pilot who crashed at SFO was worried about landing”, after the accident, Lee told NTSB investigators that neither he nor the instructor pilot onboard the flight said anything when the first officer raised concerns four times about the plane’s rapid descent. Further, he was very concerned about his ability to make a visual landing. So not only was Lee afraid to speak the truth to a superior, he didn’t listen when questioned by a junior. In the world of workplace or airline safety, this is a recipe for disaster.

I think the key to overcoming these problems is training, which has long been recognized as a cornerstone of any best practices ethics and compliance program. I thought it might be an appropriate time to review the training statements made regarding the FCPA. The US Sentencing Guidelines list “Conducting effective training programs” as one of the factors the DOJ will take into account when a company accused of a FCPA violation is being evaluated for a sentence reduction. The Sentencing Guidelines mandate:

(4) (A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities. 

After the promulgation of the Sentencing Guidelines, the DOJ and Securities and Exchange Commission (SEC) gave their views on training in the 2012 FCPA Guidance. Their Ten Hallmarks of an Effective Compliance Program listed Training and Communication as one of the key elements. In this section they said that anti-corruption and anti-bribery compliance policies cannot work unless effectively communicated throughout a company. They advised that “a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” But more than a simple dyadic promulgation of a rule, a company should tailor its training to its needs and its risks. This means that any “information should be presented in a manner appropriate for the targeted audience, including providing training and training materials in the local language.

In addition to the FCPA Guidance, the UK Ministry of Justice (MOJ) has stated that training is one of the Six Principles of an effective compliance program. Under Principle V, it states that “The business seeks to ensure that its bribery prevention policies and procedures are embedded and understood throughout the company through internal and external communication, including training, that is proportionate to the risks it faces.” The Guidance recognizes that communication and training deters bribery by companies, their employees and those persons associated with it, by enhancing awareness and understanding anti-corruption policies and procedures and the company’s commitment to their proper application. It therefore follows that making information available on legal requirements, obligations and policies and procedures for implementation of the same assists in more effective monitoring, evaluation and review of bribery prevention procedures. Anti-bribery training should provide, to company employees and those persons and entities associated with the company, the knowledge and skills needed to implement and utilize the anti-bribery procedures and handle in a satisfactory manner any bribery related problems or issues that may arise.

Fortunately violations of the FCPA rarely result in loss of life or limb. But that does not diminish the responsibility of companies to comply with the law. And just as corporate attitudes around safety changed dramatically, corporate attitudes about following the FCPA can change as well. Indeed they could even take the basic approach suggested by (the then) DOJ representative Greg Anders in testimony about attempts to amend the FCPA before the House Judiciary Committee, don’t pay bribes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

« Previous PageNext Page »

Customized Rubric Theme Blog at WordPress.com.


Get every new post delivered to your Inbox.

Join 4,200 other followers