From Trick or Treat through Thanksgiving: Examining the Past to Prepare for the Future

Ed. Note- For those of you who do not know her, Mary Shaddock Jones is one of the compliance professions I regularly rely on for advice. I continually ask her to send over some guest posts as they are always topical, top notch and provide practical advice for the compliance practitioner. I will be out of pocket over the next two weeks and Mary has agreed to take over the lion’s share of posts for my blog. Today she begins her series with a topical post on chocolates and the pre-holiday season from Halloween to Thanksgiving. I know you will not only enjoy her series but get quite a bit out of them.

This summer, the Securities and Exchange commission charged Texas-based medical device company Orthofix International with violating the Foreign Corrupt Practices Act (“FCPA”) through improper payments of bribes (code named “chocolate”) to officials at Mexico’s government-owned health care and social services institution, Instituto Mexicana del Seguro Social (“ IMSS”), in order to obtain or retain business.  Sure, for those of you who regularly read Tom Fox’s blog, this is old news.  However, since he is off and today is Halloween, I thought I would start a series for the next two weeks re-examining some of the more recent, and perhaps not so recent cases with a fresh set of eyes.

The practical pointer for today’s blog is straightforward – it is imperative that companies which have FCPA exposure audit both their petty cash accounts, and all expenses coded to training and promotion. This is apparently where the improper expenditures were “hidden” by employees of Orthofix.  In my experience, companies need to be closely reviewing what little case law or factual allegations exist with regard to the FCPA so that they too know where to find any potential problems that may exist within their own company.  There are only so many ways to hide the dollar.  If you find yourself sitting in front of the DOJ and/or SEC in the future on allegations related to a violation of the FCPA…you will not gain any “chocolate points” if you haven’t implemented a robust compliance program.  But as FCPA practitioners have said over and over again – simply having a Code of Business Conduct, an Anti-Corruption Policy Manual and even person to person training is not enough.  You have to be proactive in trying to find what others don’t want to be found.  That is why the Orthofix employees didn’t book the improper payments as “bribes”.  They aren’t stupid.  They know this is one red flag that will stop the energizer bunny in its tracks.  So instead, they disguise the improper payments in a way that they think is clever.

According to the SEC, in order to obtain cash for the bribes, the Promeca executives wrote checks to themselves, which they justified as “cash advances”.  A smart person in the accounting department would ask – what was the cash advance for?  What was bought?  Are their valid receipts which state what was bought, when was it bought, who was taken to dinner or lunch, what was discussed, etc?  In order to continue the deception, the executives submitted false receipts for imaginary expenses including meals and new car tires.   Practical Pointer:  It may be a boring and tedious task, and one which hopefully never uncovers questionable payments – but companies must have someone in charge of reviewing expense reports – for everyone – from the top dog on down to the dog walker.  Do you have a process in place for reviewing expense accounts?  If not, put one in place.

Unfortunately for Orthofix, the improper payments became too large to hide in expense reports; therefore, a new hiding place had to be located.  The next best thing to expense reports is training and promotional expenses.   Remember that the FCPA includes three affirmative defenses under its anti-bribery provisions – the first of which is “reasonable and bona fide expenditures related to certain promotional activities”.  If the FCPA allows the payment for “promotional expenses”, what better place to hide improper payments than in plain sight?   Just because someone calls an expense a promotional expense, does not mean that the Company does not have to trust, but verify.

Specifically, the FCPA permits payments if the payment to a foreign official was a “reasonable and bona fide expenditure, such as travel or accommodation expense, that was directly related to the demonstration of a product or service, or performance of a contract with a governmental agency.”  Unfortunately, I was unable to determine from the public filings how the training or promotional payments were characterized so as to allow them to remain undetected by the accounting department at Orthofix until hundreds of thousands of dollars in improper payments had been made.  However, the practical pointer for you is this – do you have a process in place which places controls over when expenditures can be made for travel and lodging/training and/or promotional/marketing expenses?

Consider the following policy language:

The FCPA permits the payment of reasonable and bona fide expenditures on behalf of a Government Official and directly related to (1) the promotion, demonstration, or explanation of products or services; or (2) the execution or performance of a contract with a non-U.S. government or agency thereof.

Travel and Lodging: No travel or lodging may be offered or given to a Government Official without the prior written consent of the Company Compliance Officer or his or her designee and must meet the following guidelines: (1) it serves a legitimate Company business purpose; (2) invitations to a Government Official are transparent, in writing, and clearly state the business purpose of the trip; (3) no payment is made directly to a Government Official either through an advance or reimbursement for expenses (the Company should directly purchase travel or lodging from those who provide them, utilizing a travel agent or other third party if possible); (4) providing “per diem” fees or expenses is avoided, particularly where meals are already being provided; (5) no cash payments to a Government Official are made whatsoever; (6) travel and lodging expenses are only provided for the identified Government Official and not for spouses, family, or friends of the Government Official; (7) travel arrangements are directly between the place of residence or employment of the Government Official and the intended destination of the business travel, with no non-business side trips; (8) no reimbursements are paid without presentation of appropriate receipts; (9) providing the travel or lodging is permitted under local law and regulations and guidelines of the recipient’s governmental entity (note that some customers have strict policies against receiving gifts); and  (10) other than the travel or lodging identified above, the Government Official is not compensated for his or her participation in the planned trip.

Guidelines for Entertainment: Unless prior written approval from the Company Compliance Officer or his or her designee is obtained, entertainment provided to a Government Official must meet the following guidelines: (1) it serves a legitimate Company business purpose; (2) providing the entertainment is permitted under local law and regulations and guidelines of the recipient’s governmental entity (note that some customers have strict policies against receiving gifts); (3) it is of the type and value that is reasonable (not lavish, excessive, or frequent); (4) it is in line with the local customs of the country where provided; (5) it is of a type that is appropriate (e.g. no strip clubs); and (6) it is accurately recorded in the Company’s books and records.

Guidelines for Marketing Expenses: Unless prior written approval from the Company Compliance Officer or his or her designee is obtained, marketing materials (such as pens, caps, or mugs) provided to a Government Official must meet the following guidelines: (1) they serve a legitimate Company business purpose; (2) they are of nominal value; (3) they are of the type and value that are customary and appropriate for the occasion;(4) they are branded with the Company’s name and/or logo; (5) they are permitted under local law and regulations and guidelines of the recipient’s governmental entity (note that some customers have strict policies against receiving gifts); and (6) they are fully and accurately recorded in the Company’s books and records.

Remember, it is not enough to simply have a policy in place; you must also conduct trainings (have the training in both English and the predominant local language of your employees) and audits to ensure compliance.

No more chocolates for today… tomorrow is All Saints Day.  Stay tuned to see who didn’t perhaps make the list of saints.

—————————————————————————————————————————-

Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries.  She was of the first individuals in the United States to earn TRACE Anti-bribery Specialist Accreditation (TASA).  She can be reached at msjones@msjllc.com or 337-513-0335. Her associate, Miller M. Flynt, assisted in the preparation of this series.  He can be reached at mmflynt@msjllc.com.

—————————————————————————————————————————–

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.

How to Influence FPCA Compliance as a Minority JV Partner

How does a company work towards achieving compliance with the Foreign Corrupt Practices Act (FCPA) in a Joint Venture (JV) or other business relationship where it holds less that 50% of the control? That question is often faced by US companies when they enter into a JV in many countries which require a majority of local ownership or even a 50-50 split in ownership. Some tactics that the compliance practitioner might employ were discussed in an article in the June issue of the Harvard Business Review, entitled, “The Perils of Partnering in Developing Markets”, in which Johns Hopkins (Hopkins) Medicine International Chief Executive Officer (CEO) Steven J. Thompson wrote about his company’s experience in partnering with a charity in Turkey to build and operate a “state-of-the-art medical facility.”

While not directly discussed in the article it is certainly worth noting that in partnering to create hospitals overseas, Hopkins is always dealing with the FCPA as health care services generally and hospitals particularly are run by the foreign government in which the hospital is located. However, the problems Hopkins encountered and some of the solutions provide excellent insight into compliance challenges that a company might well face when it moves into a developing market. Thompson began by noting that as a non-profit Hopkins always takes a minority interest or none at all. This requires Hopkins to operate not as typical JV or other type of partner but “more like consultants with a broad range of responsibility and high level of authority.” The other thing that I found quite interesting was that as a non-profit, the most important thing to Hopkins is its good name; in other words it is far more concerned about reputational damage than financial loss. Some of the key lessons learned were as follows.

Filling the Local Talent Gap

Even if the country’s laws do not require that local persons be the entity’s managers, most local partners insist upon it. Thompson has learned that fighting this “rarely pays out.” Instead Hopkins seeks to team its advisors with the local executives, so that the advisors will have the ability to influence both “process and culture.” Overtime, Hopkins has found that the top local managers cannot push as hard or as strongly for innovation and culture change so that the Hopkins team can begin to take over the top management functions.

A key component for long term success is training. This includes local training in all aspects of hospital management and financial operations. Additionally, Hopkins establishes a strong recruiting pipeline for bringing back to Baltimore, the home of Hopkins, so that they can be trained at and see how the facilities are run in the US.

When Best Practices Collide with Culture

In most medical treatment outside the US, the culture is such that a Doctors judgment is never questioned. This is quite different from the Hopkins experience in the US, where other providers of health care are empowered to challenge the decisions of senior physicians where a patient’s health may be at risk. The Hopkins approach when “confronted with a culture clash is to determine whether we really need to challenge the culture.” With this approach, Hopkins found that it could accomplish its goals, “within the cultural constraints” in which it operated. When it could not do so, it “seeded the staff with professionals who could lead by example” so that in the case of the culture of deference to Doctors whose authority was not challenged, senior nurses were brought in from countries where such a tradition did not exist. Once others saw that patient outcomes were steadily improved, “they began to come around and the culture of deference receded.”

Mitigating Risk

In many ways, I found the Hopkins experience in mitigating risk to be the most interesting. Here Thompson said that the pre-agreement due diligence process, which he termed “choosing the right partner and learning to read the signs from up-front negotiations are critical”, were two of the most critical factors. He identified factors such as foreign institutions which only desired short-term profit or were trying to capitalize on the Hopkins name as “anathema to success.” He wrote that these factors can be ascertained through long conversations with potential partners about goals such as sustainable quality and commitment rather than on financial returns alone. Mimicking the requirements under the US Department of Justice’s (DOJ’s) minimum best practices compliance program, Hopkins requires strong contract language regarding the commitments made by any foreign partner. Lastly, if a relationship begins to sour or otherwise have problems, Hopkins is not afraid to rethink its position or even end the relationship after appropriate consideration. To help facilitate this from the legal perspective, Hopkins requires a “termination for convenience clause” in its contracts.

Project Checklist

Another interesting aspect of the Hopkins approach was in the implicit use of risk assessment. Thompson included the below chart to illustrate “How Johns Hopkins Sizes Up International Risk”. I found that these concepts speak to an on-going approach to risk assessment so that the process is continuous and therefore allows for continuous improvement.

Evaluating the Opportunity	Getting up to Speed	Operating Over Time
Assess the potential partner’s willingness to commit resources.	Engage experts to hire key personnel and to design processes.	Stabilize processes and create feedback loops.
Assess regional constraints.	Establish training and mentoring programs for local managers and professionals.	Transfer more responsibilities to local managers.
Work with your local partner on a project plan and a business plan.	Set up clinical, operations and financial performance metrics.	Establish local education and recruitment pipelines.
Ensure that your local partner has a clear understanding of, and realistic expectations for the project.	Establish quality, safety and efficiency processes.	Establish regional marketing programs.
	Set up a time for accreditation.	Consider new initiatives and expansion.

If Trouble Arises

Thompson concluded is article with a list of action items that you can perform if there are signs of trouble. So, following McNulty’s Maxim No. 3 of “What did you do to remedy it?”, I list the following actions steps your company can take at three different stages of a JV relationship.

1. In the Evaluation Phase

• If your concerns are modest, propose a smaller, several months-long pilot consulting project.
• If your concerns are serious, you would walk away from the deal.

2. In the Start-Up Phase

• Engage experts to hire the Key JV personnel and to design the appropriate processes.
• Increase the number of ex-pat professionals involved in the JV.
• Expand your support to local managers.
• If warranted, revise strategic plans and consider replacing the onsite management.
• If severe problems arise, consider scaling back or terminating the JV

3. As the Relationship Matures

• Strengthen your training and mentorship.
• Bring in subject matter experts (SMEs) to help solve defined problems.
• Retool processes that may be falling short.
• If required, reinstate key managers from your corporate headquarters or home office.
• Freeze or reduce the scope of the JV’s activities until problems are solved.
• Set up problems solving forums with partners in other countries.

Many US companies have struggled with how influence partners to comply with the FCPA in JV relationships. The Hopkins experience has some excellent steps that your company can take in the pre-formation stage, during contract negotiation, in post-execution contract management and then as the relationship matures. The process that Hopkins follows is one that clearly allows you to use influence, rather than the brute force of the majority right of control. It is a very good road map for you to consider and one that management should take a close look at when managing any overseas relationship.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Compliance Convergence: ICE Enforcement

Compliance convergence can take many forms. In an article entitled “Pass the ICE Test: Nine I-9 Record Keeping Tips” published in the February 6, 2012 edition of the Texas Lawyer, author Karen-Lee Pollak explores one of these important areas of compliance; that being immigration and employment. Federal law requires that all employers must verify new employee’s employment eligibility within three business days of hire. US employers are generally aware of the enforcement actions by US Immigration and Customs Enforcement (ICE) which has shifted its focus to employers, through increased worksite investigations, fines and penalties. Pollak provides nine points of guidance on what lessons employers “can learn to help their companies avoid punitive fines for faulty record keeping.

Lesson No. 1: Make people responsible. Pollak believes that the “key to maintaining an effective I-9 program” is to designate specific supervisors, managers and employees to be responsible” and then provide them with continued training.

Lesson No. 2: Pick sides. There needs to be a clear document retention policy; whatever method is implemented the key is that if the company keeps some documents for some employees, “it must do so for all employees.”

Lesson No. 3: Mark the calendar. There should be a calendaring or tickler system which notifies the relevant personnel when employment verification documentation will be expiring. Ideally, Pollak believes a four month notice should be provided before such documents expire.

Lesson No. 4: Protect the paperwork. Care should be taken in your company’s filing system to keep current employee documentation separate from terminated employees. Further counsel should ensure that the company keeps all I-9 documents “in document retention schedules.”

Lesson No. 5: Schedule an audit. Pollak believes that your system should be independently tested via an audit by an “external auditor or trained employee who is not involved in the day-to-day I-9 process.” This has two benefits; first it should turn up any deficiencies in your program and allow you to correct them. Second, it demonstrates your company’s commitment to a robust compliance regime.

Lesson No. 6: Get ready. Typically there is little or no notice of an ICE audit, subsequently your company needs to be ready for any such eventuality. Pollak advises a company to draft a policy which sets out how your company will respond if the ICE auditors arrive. Other keys are to have your company’s documentation readily accessible and to have employee’s prepared for a surprise audit through training.

Lesson No. 7: Be serious. Pollak believes that a common mistake made by companies when they receive advance notice of an ICE audit is to fail to take the audit seriously. She reiterates that such an audit is very serious business and that no matter how friendly the auditors might seem they are not friends of the company.

Lesson No. 8: Take action. Pollak advises companies to put a process in place to handle a “no match” letter from the Social Security Administration. These letters can be useful tools to put an employer on notice that there is a problem with an employee’s social security number and this is an important step not to be missed.

Lesson No. 9: Take action (II). Pollak advocates that a company should “establish self-reporting procedures for the company to report to ICE any violations or discovered deficiencies.” This will help in any enforcement action going forward.

Many in-house counsel have a wide variety of roles in their employment. For counsel in a smaller company, it may include ICE enforcement issues, as well as anti-corruption compliance and export control enforcement. Pollak has provided some solid, concrete tips for ICE compliance in her article. Many of the points she raised can be used in the broader compliance convergence context as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

10 Global Compliance Trends for 2012

Many commentators looked back at the events of 2011 in the compliance arena and have looked forward into 2012. However, most of the commentators in the United States focused on the US Foreign Corrupt Practices Act for both their retrospective and Great Carnac tea leaf readings. This lack of international focus is rectified in the January, 2012 issue of the Compliance Week Magazine, in an article entitled, “Ten Global Compliance Trends to Watch in 2012” by Neil Baker. The issues presented on the list are matters which any compliance professional from a US company, which has international operations should review and be prepared to face.

1. Britain loses its voice in Europe. The author believes that Britain’s veto of France and Germany’s plans to bring closer governance of EU members will reduce the UK influence in compliance matters. He believes that this may lead to more Euro-centric regulatory zeal against US-style capitalism.
2. Tougher corporate governance rules. The author believes that the European Commission will adopt more detailed regulations on how companies should constitute their Boards of Directors, make decisions and manage risk generally.
3. Big 4 challenged? Baker believes that 2012 may be the end of the Big Four accounting firms domination of the international audit market. He believes that some firms may be split up and all firms will no longer be able to offer audit and consulting services.
4. Stricter data protection. Companies will face new rules on how they “capture, store and use personal information.” Levels of encryption may well need to be increased but most ominously, companies will be required to “notify regulators and member of the public if they discover a data breach.”
5. Bribery Act gets tested. Baker quotes my This Week in FCPA colleague Howard Sklar for the following, “Compliance Officers now have to ensure that rules are adhered to” [regarding the Bribery Act]. Or as Howard might also say, “At 12 months, take the over.”
6. Fair competition enforcement up. Baker believes that businesses’ anti-competitive behaviors became more pronounced due to the global recession. Now regulators are catching up to these behaviors and he anticipates greater enforcement.
7. Executive pay scrutiny continues. Baker believes that the UK government will “introduce new regulations on [executive] remuneration in 2012.” This legislation could include requiring shareholder vote and approval of executive compensation.
8. Japan gets governance. Independent Directors come to Japan Inc. Baker believes so but I have to disagree with him on this prediction. (See Olympus)
9. IT security more complex. The increase in the use of personal computing devices and persons working from home, will lead to significant data security headaches. Baker quotes Andy Fisher that “unless it is managed it will create a compliance time bomb.”
10. Cloud computing becomes the norm. The increase in cloud computing can lead to questions regarding which countries laws control data security; the home country of the company or the country where the data is stored.

This list that Baker has put together clearly portends greater compliance convergence. A Compliance Officer well versed in anti-corruption legislation across the world will have a myriad of laws to navigate to keep his company on the right side of anti-corruption laws. However, the Compliance Officer may well have a broader remit in 2012. Baker ends his piece with this cheery note, “There’s never a good time for a company to suffer a compliance failure, but 2012 would be a particularly bad time.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Coalition for Excellence in Compliance Releases Restricted Party Screening and Other Export Compliance Best Practices

Ed. Note-I often talk about compliance convergence. Today we host a guest post from our colleague and fellow UT Longhorn, Doug Jacobson. This article originally appeared in Doug’s blog, International Trade Law News. In his blog Doug discusses news, analysis and information on export control, sanctions, customs law, FCPA, anti-dumping and other international trade issues. We reprint his article, with his permission, in its entirety.

The Coalition for Excellence in Export Compliance (CEEC) (pronounced “seek”), a voluntary group of experienced export compliance professionals from leading companies, law firms, research organizations and consulting firms, recently released a series of detailed and practical standards containing best practices on a wide range of important topics for export and sanctions compliance programs.

CEEC’s mission is to provide a uniform set of best practices that companies and trade compliance professionals could use to provide clarity over the existing patchwork of official and unofficial guidance regarding export and sanctions compliance requirements and programs. The best practices are not tied to any particular country’s laws or requirements and are intended to be applicable worldwide.

To date, CEEC has issued best practices covering a wide range of topics, including: screening, training, classification, personnel, management commitment, license determinations and use, and intangible exports. Additional compliance-related best practices topics will be issued by CEEC in the near future.

CEEC’s best practices on Restricted Party Screening  contains valuable guidance on restricted party screening programs and ways to implement screening programs. For example, CEEC’s restricted party screening best practices provides recommendations on the types of parties to be screened, how and when screening should be conducted, the structure of restricted party screening programs, the lists to check and how matches and potential matches to restricted party lists should be handled.

With respect to the types of parties to be screened, CEEC’s screening best practices note that both domestic and international transactions should be screened, since certain restrictions may apply to domestic transactions, domestic transactions may be part of an international transaction, and reputational concerns may exist. The screening best practices provide a detailed list of the types of parties that should be screened (to the extent applicable), including customers, suppliers, freight forwarders, banks, agents, ship to parties, etc.

CEEC’s screening best practices indicate that a “software tool should be used for screening” and that it should “employ a “fuzzy logic” algorithm to identify close as well as identical matches.” Of course, because restricted party list changes are often effective immediately, the “the automated screening tool must promptly update all applicable watch lists as these lists are changed and updated by issuing authorities.”

As for the structure of a restricted party screening program, CEEC’s screening best practices recommend that the screening process should be documented, and it could be “advantageous to centralize the screening program” in order to “minimize duplicative work and promote uniformity.”

Regarding the lists to check, CEEC advises that a “risk analysis should be done to determine which lists (by country, type, etc.) are needed for the organization to use for screening.” For example, it “may be appropriate to use different lists for different businesses, different categories of transactions, or different geographic locations.”

CEEC’s screening best practices provides specific information and guidance on the frequency of screening and at what point in the screening process screening should be done. For example, the best practices recommend that new business partners should be screened prior to the first transaction or other business dealing and that organizations “should consider implementing procedures to screen at the time the business partner is entered into the organization’s database, when background or credit checks are run, when quotes or proposals are requested, or at some other time, as appropriate.” The best practices indicate that “the intervals in between database screenings should be measured and limited in order to mitigate the risk of doing business with a restricted/prohibited/denied party.”

Finally, with respect to screening matches and potential matches, CEEC’s best practices state that an organizations’ restricted party screening process “must allow for a transaction to be halted unless and until any screening matches are cleared. To minimize business disruption, potential matches should be cleared as promptly as possible and the determination “should be documented.” When an actual match to a restricted party list occurs, the CEEC best practices advise that “depending upon the nature of the list, the legal applicability in the jurisdiction, and an evaluation of reputational concerns, the process must allow for determination by an authorized person whether the transaction may proceed . . . and this decision should be documented.”

CEEC members encourage comments and suggestions for improving the best practices and CEEC’s website contains a contact page for the submission of comments on their efforts to date.

============================================================================================

We wish a Happy Holidays to all and in spite of what Rick Perry may say, you can say Merry Christmas out loud.

Compliance Convergence: Deemed Exports

I write regularly about compliance convergence. One of the areas which converge with anti-corruption compliance is export control. Within the area of export control, a sub-area which is little discussed and less understood, is the area of deemed exports. I recently saw an article on this issue in the Oct/Nov issue of the SCCE Magazine, entitled “Understanding the compliance risk of deemed exports” by Anthony Hardenburgh. The author, Vice President of Global Trade Content for Amber Road (formerly Management Dynamics Inc,) laid out the regulations governing this issue and then delineates some controls to manage this export control risk of deemed exports.

What is a Deemed Export?

As a general rule, a deemed export occurs when US technology, which otherwise requires a license for export, is made available to a foreign national by verbal communication, visual inspection or practical use within or outside the United States. The deemed export rule is of great importance to both universities and in the business world. There are numerous ways in which a deemed export can occur. It can come through discussions by professional colleagues in academia, presenting a paper with licensed technology at a conference or by a plant tour of your company.

The consequences of a violation of the deemed export rule can be severe. An administrative penalty can be the greater of $250,000 or twice the value of the transaction involved for each administrative violation. Such a violation can also include the denial of export rights, which for a company with an international business can be devastating. There can also be a criminal penalty attached for serious violations, with a fine levied of up to $1MM and/or up to 20 years in prison. Indeed a University of Tennessee professor was criminally convicted and sentenced to 48 months in prison for “allowing foreign students access to export-controlled research”, in spite of warnings by the university compliance officer that such conduct was not allowed under the deemed export rule.

Risk Management

What steps can you, as a compliance officer, take to manage this risk? Hardenburgh notes that many compliance officers will not know or even understand everything happening in every university lab or company test facility. The management of this risk begins with preventative steps which Hardenburgh lists as follows:

• Written Export Control Policy, including Deemed Exports.
• Ongoing training on this Policy.
• Continuing communications to employees.
• Risk evaluation to determine if export licenses are required. If licenses are required make certain that such technology is not made available until the licenses are obtained.
• Monitoring the entire process to detect any deviations from the Compliance Program.
• Safeguard licensed technologies from viewing or release to foreign nationals.
• Document all steps taken.

Compliance Convergence

The steps that Hardenburgh has suggested will not sound new or radical to the compliance professional. Determining if a risk exists, evaluating that risk and then managing that risk is standard fair in the compliance world. The deemed export rule is just one additional risk that should fall under compliance through export control. Although the penalties can be severe, the solutions to manage the risk are relatively straight-forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

The Fight against Shell Corporations in the US

One of the critical areas in due diligence for foreign business partners is determining who are the true owners of an entity. Unfortunately this is not always possible to determine as many countries do not require the names, addresses and other identifying information of shell company owners or limited liability partners. Many people think of the Cayman Islands or other traditional tax havens when such issues arise.

However, a surprising number of allegedly low risk countries also have this problem. New Zealand is generally recognized as one of the lowest risk countries in the annual Transparency International Corruption Perceptions Index, nevertheless this rating may not be all it seems. In an article by Michael Field on the Stuff.co.nz website, entitled “NZ firms linked to money laundering”, Field reported that one individual was listed as a Director of over 300 New Zealand formed companies. Another person, listed as the Director of the New Zealand Company alleged to have been involved with the shipment of arms to North Korea, was “convicted of 75 breaches of the Companies Act for giving false addresses on registration forms”.

New Zealand is not be the only country with a low corruption perception which may not be completely accurate. In a Reuters article, entitled “Special Report: A little house of secrets on the Great Plains”, authors Kelly Carr and Brian Grow reported on one house in Cheyenne, Wyoming which the authors claim “serves as a little Cayman Island on the Great Plains” as it is home to the registration of over 2,000 entities. The article claims that Wyoming allows “the real owners of corporations to hide behind “nominee” officers and directors with no direct role in the business, often executives of the mass incorporator.” Carr and Grow also quote Jason Sharman, a professor at Griffith University in Nathan, Australia, who states that “Somalia has slightly higher standards [for business incorporation] than Wyoming and Nevada.”

One of the anomalies in the ongoing HP investigation, for alleged bribery and corruption violations in its German subsidiary, was the German authorities’ investigation of activities in and through the state of Wyoming. The article by Carr and Grow may help explain why the German authorities needed to investigate matters relating to Wyoming where the allegations were that bribes were paid by a HP German subsidiary for a sale into Russia.

However, perhaps there is legislation on the way to close this loophole in the US. In another Reuters article, entitled “House bill targets anonymous shell corporations”, Patrick Temple-West reports on US legislations, introduced in the House of Representatives, which would require stricter discloser laws. The author notes that “This is at least the third time lawmakers have considered proposals to crack down on shell company incorporation.” The legislation has bipartisan support, the bill was introduced by a Democrat in the House and jointly introduced by a Democrat and Republican in the Senate. It is reported to have “wide support by law enforcement” and support from the US Departments of Treasury and Justice.

So you ask who would be opposed to bringing the US standards for business incorporation up to that of at least Somalia. Temple-West reports that “Some state government group[s] remain opposed. In the past, resistance has also come from business groups and lawyers.” I am also somewhat chagrined to report that an organization that I belong to, the American Bar Association, has opposed prior legislation to provide greater discloser for shell companies. However, it is now reported to be “reviewing the latest bills.”

How does all of this relate due diligence as the US problem would not seem to impact a company covered by the Foreign Corrupt Practices Act (FCPA)? First of all, a company should know with whom they are doing business, and  more pointedly a US company which is subject to the UK Bribery Act needs to recognize that any agent, distributor or other type of representative here in the US, is a foreign entity under the Bribery Act and needs full due diligence. While the jurisdictional scope of the Bribery Act has yet to be fully fleshed out, such a US company needs to consider its due diligence here in the US and may need to strengthen its investigations and background checks on such parties to comply with the Bribery Act.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Transaction Monitoring: Fighting Corruption and Protecting National Security

In an article in the Tuesday Wall Street Journal (WSJ), entitled “More foreign banks probed for sanctions violations”, Brett Wolf reported that the New York County District Attorney’s Office will shortly announce additional enforcement actions against banks for sanctions violations regarding Iran and Syria. In a speech made on November 14, Manhattan District Attorney Cyrus Vance talked about payments made to persons associated with sanctioned countries as constituting a threat “to US national security.”

This reminded me of the ideas that my “This Week in FCPA” colleague Howard Sklar often speaks about; that being ‘compliance convergence.’ One of these areas where there is convergence with anti-corruption and anti-bribery compliance programs is anti-money laundering. While many persons discuss the techniques used in anti-money laundering as techniques which can or should be used in banking and other financial institutions’ compliance programs, there is one area which companies should adopt from anti-money laundering directly into their anti-corruption and anti-bribery compliance programs and that is transaction monitoring.

For some time now banks have been required to monitor transactions of Politically Exposed Persons (PEPs). Generally speaking this effort includes requiring banks to apply enhanced due diligence to bank accounts and transactions by PEPs; requiring financial institutions to assess and evaluate risk so that it can be more carefully managed; promoting transparency in all transactions and monitoring transactions which might be termed suspicious. This means more than single transaction monitoring and is a more sophisticated approach which allows cataloguing and cross-referencing transactions.

Banks begin with the need for enhanced due diligence that they can determine when dealing with a foreign governmental official. This due diligence must include procedures “reasonably designed to detect and report transactions that may involve the proceeds of foreign corruption.” Banks make some or all of the following list of inquiries: identify the stakeholder and any beneficial owners; from this identification, determine the PEP status; obtain employment information and evaluate for industry and sector risk of corruption; review the stakeholder’s country of residence and evaluate for level of corruption; check references; obtain information on immediate family members to determine PEP status; and make reasonable efforts to review public sources of information.

Although not couched in terms of the compliance lingo “Red Flag”, anti-money laundering requirements make clear that simply identifying a stakeholder as a PEP does not disqualify the candidate. It means that additional investigation must be performed. Therefore, if a PEP comes up in your Foreign Corrupt Practices Act (FCPA) compliance program due diligence investigation, as an owner of a Foreign Business Partner, additional investigation must be performed to determine the relationship of this governmental official; the transaction at issue;  and any potentials for conflicts-of-interest or self-dealing. The promotion of transparency requires actual knowledge of the parties who are involved in all transactions. In addition to identifying those owners and any beneficial parties as indicated above, care should be taken to identify any shell companies which a PEP might have ownership or interest in. This is a critical analysis which companies should take as part of their overall due diligence effort.

While many compliance programs do a good job of the above due diligence and attendant analysis; companies do not take the next step, that being transaction monitoring, and integrate it into their compliance function.

Generally the Treasury Department, or some other functional group in a company has a policy preventing payments to locations other than (1) where services are delivered or (2) the home country of the payee. However, this other functional department rarely works in concert with the Compliance or Legal Department, in terms of notifying other company groups of a suspicious payments or even providing documentation of such suspicious payments and storage of such information in a mutually accessible database. Contrasting this, situation most companies will have a policy regarding the retention and contracting with agents or other foreign business representatives or partners but how often are such policies found for vendors in the Supply Chain. The next step in this transaction monitoring process is monitor each transaction to determine if it is ‘suspicious’, that is the term generally recognized by banks in the anti-money laundering context. How many companies have systems in place to perform the same suspicious activity analysis in the normal course of transacting business? Further, there are software program and other tools which a company can utilize which will automate this monitoring process.

Wolf reported that Manhattan District Attorney Vance said that payments out of certain financial institutions had “stripped wire transfer payments of information that would have revealed that sanctioned parties were engaging in US dollar transactions.” How many companies could monitor that type of information for payments they may have made to vendors in the Supply Chain or agents in the Sales Chain for that matter? Near the end of his speech, Vance said that his office was “well positioned” to pursue such claims.

As banks and other financial institutions become more robust in their anti-money laundering programs, many nefarious individuals may move their activities to companies with less robust procedures and back-up systems to detect, record, store and share any such activity with the appropriate group within a company. This may well be the next US government target for inquiry.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Compliance Convergence: US Customs and Border Protection’s Importer Self-Assessment Program

Compliance convergence can have several variations. I have written about the convergence from export controls to anti-corruption controls. Last week I wrote about the Lacey Act, which regulates imports of certain types of wood, among other items. One of the valuable lessons of compliance convergence can be the cross-over of lessons learned from one area of compliance to another. I was reminded of this when reading an article in the September issue of the ACC Docket, entitled “Import Loopholes Avoiding the Customs Audit” by Tiffany Jones. Her article discusses the “Importer-Self Assessment” (ISA) program initiated by the US Customs and Border Protection (CPB). The ISA has a requirement for a company to perform a “self-assessment” which means auditing, reporting results and correcting mistakes and implementing process improvements. This ISA relates to imports but it can be very useful for the Foreign Corrupt Practices Act (FCPA) compliance practitioner.

The CPB looks at five criteria to evaluate whether a company is ISA-ready. These will be familiar to the compliance professional. The terminology is a bit different but the concepts are recognizable. These five criteria lay out a good way for a FCPA compliance practitioner to think through an assessment of a company’s FCPA, Bribery Act or other anti-corruption and anti-bribery program.

I.                   Control Environment

Under this criteria, a candidate must demonstrate its commitment to compliance at the highest levels of the organization. Can you say ‘Tone at the Top’? But more than simply the right words, a company must demonstrate this criteria by actually doing. Therefore, this will include written policies, training for key import personnel and company-wide cross training.

II.                Risk Assessment

At least annually, a company should perform a risk assessment to determine which areas of import compliance are the most subject to error or non-compliance. In addition to assessing traditional high risk areas, a company should consider risk which may “flow from changes in personnel or changes in internal controls.” Additionally both transactions and internal controls should be reviewed.

III.             Control Activity

This criteria is defined as the creation of procedures to ensure that the senior management directives as specified in Criteria I – Control Environment are carried out. While Criteria I speaks to overall policies, Criteria III focuses on the procedures to implement the policies.

IV.              Information and Communication

This criteria has two components. First, company personnel are charged with keeping themselves informed of changes to trade regulations and how any changes might effect a company’s operations. Second, this information must be communicated and disseminated throughout the company to all “departments touching on the trade function.” The author quotes from the ISA Handbook, “Pertinent information related to CPB activities is identified, captured and distributed to the right people in sufficient detail, in the right form and at the appropriate time to enable them to carry out their duties…”  I could not have said it better myself.

There are many aspects to compliance convergence. Many practitioners view it as requiring many different types of compliance. This is certainly a valid view. However it can also be used as an opportunity to bring in compliance expertise that may already exist in your company to assist in an anti-corruption compliance program. This Border and Customs Protection format for self-assessment is a guideline that the FCPA practitioner can use as a basis self-assess a company’s compliance program. If you are implementing an anti-corruption program or looking at an anti-bribery program required under the UK Bribery Act there may be resources which you can tap into which exist within your company.

————————————————————————————————–

They’re Back!!!!!! Howard Sklar and I discuss all things FCPA and compliance (well mostly all things) on the return of This Week in FCPA, Episode 16. See and hear Howard go on several rants as we discuss Haiti Teleco, denial of the ICE Mandamus Petition, Oracle’s announcement of a FCPA investigation and the post-trial filings in the Lindsey Mfg. case.

On Thursday, Sept. 15, my colleague Mary Jones and I will discuss how a Best Practices  compliance program can assist you in a FCPA compliance investigation, in a webinar hosted by World-Check and Ethisphere. Mary will discuss her experiences at Global Industries in a multi-year, world-wide FCPA investigation and how Global Industries came out with a Non-Prosecution Agreement. For registration and information, click here.

————————————————————————————————–

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

The Day the Music Died: the Lacey Act and Compliance Convergence

Most people will recognize the name of Gibson Guitar, one of the most widely known makers of guitars in the United States. Unfortunately the company was recently raided by the US Fish and Wildlife Service for a failure in the compliance arena. However, it was not for a violation of the Foreign Corrupt Practices Act (FCPA); UK Bribery Act; OFAC or other more widely recognized anti-corruption statutes. Gibson Guitar was raided through an investigation regarding alleged violations of the Lacey Act. As reported in the September 1 edition of the Wall Street Journal (WSJ), in an article entitled “Gibson Guitar Wails on Federal Raid” James Hagerty and Kris Maher reported about an August 24 raid by the US Fish and Wildlife Service. All of this reminded me of my ‘This Week in FCPA’ colleague Howard Sklar’s multiple discussions of compliance convergence.

The Lacey Act

The 111-year-old Lacey Act, originally passed to protect wildlife, was expanded in 2008 to cover wood products. This expansion of the Lacey Act requires companies to “make detailed disclosures about wood imports and bars the purchase of goods exported in violation of a foreign country’s laws.” In a subsequent WSJ article on September 2, entitled “Forestry Law Splits Wood Industry”, the same reporters stated that “that companies need to be more diligent about ensuring their entire supply chain is sourcing wood legally. The authors also quoted Leonard Krause, a Lacey Act consultant who is advising his clients to retain local counsel in the countries where the wood is purchased to make sure that the wood is not exported in violation of local law.

The Allegations

According to the American Shipper, in an article entitled “Lacey Act ensnares Gibson Guitar Corp.”, the Fish and Wildlife Service reportedly made two allegations in its affidavit, to obtain a search warrant for the raid. The first was that product in question “was exported from India by Atheena Exports under an incorrect tariff code (HS 9209), allegedly to avoid the Indian government’s prohibition on export of sawn wood products (HS 4407), and was declared upon import as finished veneer (HS 4408).”  The second was that Gibson Guitar was not identified as the end user. The importer of record, Luthier Mercantile International, listed itself as the end user. The Lacey Act provides strict liability to a company for those in its supply chain.

Compliance Convergence

So how does a company, or indeed an entire industry subject to the Lacey Act, manage all of these risks? I suppose the first thought would be to only buy American but that thought is probably as unrealistic as a US based energy company not doing business overseas because of the FCPA. No, I think the answer is that a company must first identify the risks it faces and then manage those risks. Here the primary risks would appear to be knowledge of local laws and liability for the acts of those in your supply chain. I would submit there are two keys to managing these risks. The first is Process, Process and Process. The second is Document, Document and Document.

Whatever business you are in, the requirement is for you to understand what laws are applicable to your business. If you have to hire local lawyers in the jurisdiction where you are doing business to ascertain if your exports violate local law, don’t whine about it, hire them. If your company has strict liability for those in your supply chain, engage in due diligence, train those vendors in the law and your requirements and manage those relations going forward. All of the above should be documented so that if your company is investigated it can produce those records in short order. Talking about unfair 111 year-old laws will not get you much sympathy, from the US Department of Justice, the US Fish and Wildlife Service or a Federal Judge.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011