FCPA Compliance and Ethics Blog

November 26, 2014

Doing Business in India – Corruption Risks and Responses

IndiaRecently the US law firm of Foley and Lardner LLP and MZM Legal, Advocates & Legal Consultants in India jointly released a white paper, entitled “Anti-Bribery and Foreign Corrupt Practices Act Compliance Guide for U.S. Companies Doing Business in India”. For any compliance practitioner it is a welcome addition to country specific literature on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act and other anti-corruption legislation and includes a section on India’s anti-corruption laws and regulations.

FCPA Enforcement Actions for Conduct Centered in India

Under the FCPA, several notable US companies have been through enforcement actions related to conduct in India. Although not monikered as a ‘Box Score’ the authors do provide a handy chart which lists the companies involved, a description of the conduct and fine/penalty involved.

Company Description Disposition (in USD)
Pride International Payment made for favorable administrative judicial decision regarding customs issues $56.1 million
Tyco International German subsidiary paid third parties to secure contracts; payments recorded as commissions $26 million
Diageo Subsidiary made payments to government official responsible for purchase/authorization of Diageo’s products in India $16.4 million
Textron Subsidiaries paid foreign officials to secure contracts; characterized as commission and consulting fees $5.05 million
Oracle Corporation Oracle distributor allegedly created “slush” fund to pay third parties $2 million
Dow Chemical Company Payments made to India Central Insecticides Board to expedite registration of products $325,000

India Anti-Bribery/Anti-Corruption Laws 

The authors identify the principal anti-corruption legislation in India as the Prevention of Corruption Act, 1988 (PCA), which focuses on bribery of public servants. They go on to state, “Bribery under the PCA includes any “gratification” that a public servant receives other than his/her legal remuneration. Gratification constituting a bribe would include anything intended to motivate, influence, or reward a public servant for performing (or forbearing performance of) an official act, or for showing “favour or disfavour” to any person, or for rendering any service or disservice to a public servant.” However, there are other laws, in addition to the PCA, which govern such issues. These include “specific public servants’ Conduct Rules, which set specific guidelines on the value of gifts that may be accepted in furtherance of local or religious customs (where no reciprocal action is expected and where the public servant has no current or expected future official dealings with the gift giver). The guidelines for permissible gifts are based on the public servant’s rank and service classification and broadly range between 500 – 7,500 Rupees (approximately $8 – $120 U.S. dollars).”

Corruption Risks in India

Corruption risks in India are generally perceived to be high due to its “complex administrative and bureaucratic environment”. Similarly the FCPA Professor would say there are a high number of barriers to trade. Coming at it from a different direction, the Department of Justice (DOJ) would say the risk is high because of the number of licenses and permits required. More pruriently, I would say this leads to more folks having their collective hand out looking to speed things up. Indeed, in the recently released TRACE Matrix India comes in at 185th out of 197 countries listed, with a corruption score of 80, based largely on its score of 92 in the highest weighted category of “Interactions with Governments”.

a. Licenses and Permits

The authors identify that “a host of regulatory hurdles exists in India, including the need to obtain permits, licenses, and other regulatory approvals and to pay various application and registration fees. These types of low-level transactions provide opportunities for bribery. Payments made in such transactions — whether in cash or gifts — may appear minimal (by U.S. standards) and may seem harmless, but they can nonetheless result in violations of U.S. and/or India law.” They go on to list some “Examples of Problematic Conduct” around this issue they identify the following:

  • Paying (or providing some other benefit to) a customs official to bypass inspection or overlook incorrect or incomplete paperwork;
  • Paying a local tax regulator to overlook errors or inconsistencies in filings;
  • Paying an official to expedite the processing of a permit or license;
  • Paying a utilities provider to reduce billings; and
  • Paying a local health and safety regulator to overlook code violations.

b. Gifts, Travel and Entertainment

In the area of gifts, travel and entertainment, the authors state that “companies run the risk of triggering the FCPA and other anti-corruption laws if their marketing and entertainment expenditures cross a line into conduct that could be characterized as bribery or lends to the appearance of attempting to induce a breach of trust or impartiality on the part of the recipient…the various conduct rules for public servants in India establish specific guidelines for accepting gifts and hospitality, and, for some public servants, the maximum permissible gift value may be as low as 500 rupees ($8 U.S. dollars). Companies operating in India should thus familiarize themselves with these guidelines before providing even what may seem to be a modest gift or hospitality.” Some examples of problematic conduct identified is these areas are as follows:

  • Paying for extravagant meals, drinks, and entertainment in connection with a visit by a foreign official;
  • Paying for “side trips” so that foreign officials can visit tourist attractions (e.g., Walt Disney World, Las Vegas) while in the United States;
  • Providing per-diems or “pocket money” for foreign officials to use during a visit;
  • Paying for a foreign official’s spouse or family to accompany the foreign official on a trip; and
  • Providing foreign officials with excessive gifts for birthdays, weddings, holidays, or other events.

c. Third Parties

This is always recognized as the highest FCPA risk and in India it is no different. More importantly, it may be even greater in this country because “Navigating India’s extensive regulations and bureaucracy often requires U.S. companies to rely on third parties, such as agents, brokers, consultants, sales representatives, distributors, and other business partners…The PCA similarly criminalizes bribery through third parties as a direct violation by the third party and as an abetment violation by the company on whose behalf the bribe is being made.” The key is subject any third party to rigorous due diligence and closely manage the relationship after the contract is signed. If a Red Flag appears at any point in the third party lifecycle it should be evaluated and cleared. The authors provide a handy list of some examples of Red Flags regarding third parties when doing business in India. They include:

  • A third party is listed in databases reporting known corruption risks (e.g., World Bank List of Debarred Firms) or has been previously investigated for, charged with, or convicted of corruption or other ethics violations;
  • A foreign official has specifically requested that a certain third party be involved in the company’s transaction or business;
  • An agent or consultant holds himself out as someone with close connections to an important minister or minister’s aide;
  • A third party does not appear to have sufficient resources, real estate/infrastructure, or experience to perform the requested tasks;
  • A third party asks the company to provide it with unreasonably large discounts, excessive commissions, reimbursements, or contingency fees; and
  • A third party requests payment in an irregular or convoluted manner (e.g., cash, offshore bank account, payments to another company, over/under invoicing).

Managing Corruption Risk in India

In their concluding section, the authors relate solid risk management tools tailored to the Indian market. It all starts with robust standards and procedures. From there you should train not only your employees on what may be illegal conduct and how to resist requests for bribes but also your third parties. Annual certifications are an important tool for not only risk management but also communication about anti-corruption expectations. Your compliance program should devote the appropriate level of personnel and resources for your operations in India. Finally, a robust reporting mechanism is key but equally critical is your response after any information comes to light. It must be thoroughly investigated, quickly remedied and reported as appropriate.

The Foley & Lardner/MZM Legal white paper is a welcome addition to literature about country specific risks, remedies and responses. A copy of the full white paper can be obtained by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 25, 2014

How to Avoid a Mousetrap – Resource Reductions in Your Compliance Function

The MousetrapOn this day, 62 years ago, “The Mousetrap”, a murder-mystery written by Agatha Christie, opened at the Ambassadors Theatre in London. The crowd-pleasing whodunit has become the longest continuously running play in history, with more than 10 million people attending its more than 20,000 performances. The play opened with Sir Richard Attenborough and his wife, Sheila Sim, in the cast. To date, more than 300 actors and actresses have appeared in the roles of the eight characters. David Raven, who played “Major Metcalf” for 4,575 performances, is in the “Guinness Book of World Records” as the world’s most durable actor, while Nancy Seabrooke is noted as the world’s most patient understudy for 6,240 performances, or 15 years, as the substitute for “Mrs. Boyle.” The play is still going strong in London’s West End and at theaters across the world today.

The Mousetrap has survived the vicissitudes of one of the most fickle phenomenons known, the theater going public. Unfortunately, not all businesses can make the same claim to longevity, either in revenue sourcing or spending. For instance the energy industry is now facing a future with the price of oil at something currently around $80 per barrel. This has already led to proposed contraction in the energy services industry with the number 2 company, Halliburton Energy Services, buying the number 3 company, Baker Hughes. Halliburton has already announced they hope to achieve financial benefits through elimination of redundancies in the combined organizations.

Given this new thread of economics going through the energy industry, I wondered what it might all mean for a company’s compliance function? I thought about this question when I read a recent article in the Harvard Business Review (HBR), entitled “How Not to Cut Health Care Costs”, by Robert S. Kaplan and Derek A. Haas. Their article posited that many “cost-cutting initiatives actually lead to higher costs and lower-quality care.” This is because “Administrators typically look to reduce line-item expenses and increase the volume of patients seen.” But the authors opine that this is not the best way to cut costs or even deliver a superior health care service. They advocate, “Administrators, in collaboration with clinicians, should examine all the costs incurred over the care cycle for a medical condition. This will uncover multiple opportunities to benchmark, improve, and standardize processes in way that lower total costs and delver better care.”

Just as health care providers deliver services, so do compliance practitioners. This led me to view their article with the angle of a Chief Compliance Officer (CCO) or compliance practitioner that has been told to cut head count or resources. First, and foremost, is to keep in mind the direction provided in the FCPA Guidance, which is well thought out and considered, and will be viewed with a better eye by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) if they take a look at your compliance program after it has been cut. And, as with everything else that is Foreign Corrupt Practices Act (FCPA), UK Bribery Act or any other anti-corruption compliance program related, you must remember the most important aspect, that being Document, Document, and Document. Whatever you do, you should document that you have studied it, considered it and then articulated a reason for taking the steps you decided upon. This means you should take the authors advice and not simply reduce “line-item expenses on their P&L statements” but you should “consider the best mix of resources needed to deliver excellent [compliance] outcomes in an efficient manner.” To do so, the authors examine five cost cutting mistakes, which I will adapt for the compliance practitioner.

Mistake #1 – Cutting Back on Support Staff

Just as in the medical services-delivery world, the compliance arena support staff are a key component of a compliance program’s efficiency. Cutting such functions requires CCOs or others to spend more time on administrative matters and less on actually doing compliance. This can be up to ten times more costly for more senior compliance managers to perform such tasks than properly trained, efficient administrative staff. Arbitrary constraints or cuts in personnel spending, uninformed by the need to deliver high quality compliance outcomes can not only lead to a diminution in the compliance product but very dissatisfied internal compliance consumers.

Mistake #2 – Underinvestiging in Space and Equipment

While this is perhaps more self-evident in the health care services industry, I would argue that it applies to technology in the compliance arena. Underinvesting in technology can lead to a lowering of productivity for a company’s most expensive compliance resource; its compliance group. Further, once technology has been used in one area, the marginal cost to utilize it in a second area is often much lower than the initial cost. A case in point is translation services to translate your Code of Conduct, compliance policy and procedures into languages other than English. After the initial cost, the marginal cost for each update you make is considerably lower. Moreover, the authors point to the “folly of attempting to cut costs by holding down spending in isolated categories. More often than not, much higher costs soon show up in another category.” The key is to measure the costs of all resources used by the compliance function so that the appropriate trade-offs can be made. 

Mistake #3 – Focusing Narrowly on Procurement Prices

Often executives simply say that an overhead function, such as compliance, must “aim their reductions” at outside vendors. This may lead to more negotiations over suppliers’ pricings or attempts to negotiate high discounts. However the author’s note that this blanket approach often fails to take into account the precise mix of goods and services that a compliance department may use. Further, this gross approach focuses too narrowly on negotiating the price and fails to examine how the compliance function might actually consume goods and services from outside vendors. The authors note, “As a result, they miss potential large opportunities to lower spending.”

Mistake #4 – Maximizing Throughput

This mistake revolves around simply trying to get professionals to work faster. However, as with physicians, this mistake “is not sensitive to the impact of seemingly arbitrary standards on [compliance] outcomes.” Interesting what may be true is quite the opposite that a compliance function can receive greater overall productivity by spending more time with fewer problems. This is because by spending less time with problems up front, a compliance professional may be able to bring greater risk management techniques to bear, which can work to prevent or even proscribe a compliance issue rather than simply detecting it after something has occurred. The more time the compliance function can spend in counseling, monitoring or performing in-person training, the more benefits will be paid off from preventing compliance issues from becoming FCPA violative events.

Mistake #5 – Failing to Benchmark and Standardize

Benchmarking is recognized as a key tool of the compliance practitioner. However it is rarely thought of a cost-cutting tool or a cost-efficiency mechanism. Many compliance practitioners can only see the no ‘one-size-fits-all’ proscription which blocks them from seeing what other compliance practitioners might be doing to achieve similar results. If other companies can be used to determine a range of compliance techniques and strategies, perhaps they could also be consulting for the standardization of certain processes or procedures, which might lead to greater cost efficiencies. One constant about compliance is that there are no trade secrets in compliance. A constant about compliance professionals is that they will always share information on their program. Use the knowledge of others to help you deliver a compliance solution in a more cost-effective approach.

The compliance profession is maturing. Costs and inefficiencies can be the result of “mismatched capacity, fragmented delivery, suboptimal outcomes and inefficient use of technology.” In their penultimate paragraph the authors state, “The current practice of managing and cutting costs from a P&L statement does nothing to address those problems.” Unlike the theater version of The Mousetrap, compliance will experience ups and downs in funding similar to other corporate overhead functions. However, such pinch points might present opportunities for the compliance professional to review and assess a company’s compliance program and come up with ways to make it run more efficiently. For if it is true that there is no ‘one-size-fits-all’ approach to compliance; it is equally true that you are only limited by your imagination. But document how you got there and why and be prepared to defend how you identified your risk, coupled with your management of them.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

November 24, 2014

The FCPA Guidance: Still Going Strong at Two

Brithday TwoOne of the great things about Sunday afternoon is that Mike Volkov posts his Monday blog, when I usually have time to read it when I get the email notification that it is up. Yesterday he wished the Department of Justice’s (DOJ) and Securities and Exchange Commission’s (SEC) jointly released 2012 A Resource Guide to the U.S. Foreign Corrupt Practices Act (Guidance) a belated Happy 2nd Birthday and bemoaned the fact no one else had done so. Inspired, and somewhat chagrined by Volkov, I decided to blog today about a couple of the highlights from the FCPA Guidance.

I. The Ten Hallmarks of Effective Compliance Programs

As a ‘Nuts and Bolts’ guy I found the DOJ/SEC formulation of their thoughts on what might constitute a best practices compliance program, the most useful part. The Guidance cautions that there is no “one-size-fits-all” compliance program. It recognizes a variety of factors such as size, type of business, industry and risk profile a company should determine for its own needs regarding a Foreign Corrupt Practices Act (FCPA) compliance program. But the Guidance made clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

  1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states, “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
  2. Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. Importantly, the Guidance made clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model.
  3. Oversight, Autonomy, and Resources. This section began with a discussion on the assignment of a senior level executive to oversee and implement a company’s compliance program. Equally importantly, the compliance function must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Finally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall, the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
  4. Risk Assessment. The Guidance states, “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.” The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.”
  5. Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high-risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
  6. Incentives and Disciplinary Measures. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.”
  7. Third-Party Due Diligence and Payments. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
  8. Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
  9. Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
  1. Mergers and Acquisitions.Pre-Acquisition Due Diligence and Post-Acquisition Integration.Here the DOJ and SEC spell out their expectations in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information was not something on which most companies had previously focused. A company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

II. Declinations

Many commentators such The FCPA Professor, Mike Volkov, myself and others have advocated that the DOJ release information about Declinations because they are an excellent source of information for the compliance practitioner about the DOJ’s thinking on FCPA enforcement issues. Indeed I had written, “In an area like Foreign Corrupt Practice Act (FCPA) enforcement, where guiding case law is largely non-existent, compliance practitioners must rely on the actions and decisions of federal enforcement agencies for information. Such information is available in the form of enforcement actions, the release of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs), and hypothetical fact patterns presented to the Department of Justice (DOJ) through its Opinion Release procedure. But one highly valuable source of guidance has been kept from regulated entities and their counsels: DOJ and Securities and Exchange Commission (SEC) “declination” decisions, opinions which are drafted when the agencies decline to prosecute an individual or organization. A change is needed in this counterproductive policy. The release of substantive information on declinations would help foster greater compliance with the FCPA by providing practitioners with specific facts of circumstances where investigations did not result in an enforcement action.”

Whether the DOJ was answering any of the commentary, it hardly matters. But a significant section of the Guidance is dedicated specifically to six Declinations provided to companies which self-disclosed possible FCPA violations. The types of issues reported to the DOJ were as varied as mergers and acquisitions (M&A); actions by third parties on a company’s behalf which violated the FCPA; payments improperly made by company employees which were incorrectly characterized as facilitation payments; and illegal bribes paid out by a small group of company employees. From these Declinations, I derived the following points (1) The Company was alerted to possible corrupt conduct via its compliance program or internal controls. (2) Possible FCPA violations were self-reported or otherwise voluntarily disclosed to the DOJ/SEC. (3) The entities in question conducted a thorough internal investigation and shared the results with the DOJ/SEC. (4) The conduct violative of the FCPA was not pervasive and consisted of relatively small bribes or other corrupt payments. (5) The company took immediate corrective action against the person(s) engaging in the conduct. (6) Each company’s compliance program was expanded or enhanced and these enhancements were reflected in compliance training, internal process improvements and additional enhanced internal controls.

So here’s to the Guidance at the ripe of age of 2. Thanks for coming into all of our (compliance) lives. I have also held back the best for last; the Guidance is available for free on the DOJ website and you can download it by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 21, 2014

The Strategic Use of Compliance

StrategyWhat is your company’s compliance strategy? By this I do not mean what is your company doing to put in a place a best practices anti-corruption compliance program that meets the requirement of the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. My inquiry goes both further and deeper. Has your company moved beyond the view that compliance with the FCPA is simply enough by incorporating compliance into your business strategy to secure a competitive advantage going forward? I thought about this issue when I read a recent article in the MIT Sloan Management Review, entitled “Finding the Right Corporate Legal Strategy”, by Robert C. Bird and David Orozco. While the authors posed the questions from the legal perspective, I found their insights equally valid from the compliance perspective.

While I am fairly certain that Chief Compliance Officers (CCOs) and compliance practitioners understand the need for the integration of compliance into the day-to-day business operations of a company, many business types still view compliance “as a constraint on managerial decisions, primarily perceiving” compliance as simply a cost. The authors believe that the more enlightened approach is for companies to use functions such as compliance “in order to secure long-term competitive advantage.” To do so the authors detailed five different legal strategies, which they call pathways, that companies might use that I will translate into compliance strategies. They are in ascending order of importance: (1) avoidance; (2) compliance; (3) prevention; (4) value and (5) transformation. The right strategy for your company will depend on a variety of factors such as maturity of your compliance function, commitment by senior management to compliance, your business model and the compliance function’s ability to collaborate with business managers.

Avoidance

This is the idiot response where a company either disregards anti-corruption laws such as the FCPA or UK Bribery Act or engages in willful blindness. Unfortunately, there are many major US and foreign corporations that have come to grief under the FCPA because they did not take some of the most basic steps to comply with these laws. It is largely because senior management believes that compliance provides “little concrete value, so they make no effort to” even acquiring knowledge in the area. Worse yet are companies who gain a modicum of knowledge about such anti-corruption laws “only so that they can circumvent it to achieve a desired objective.” The authors note that while “An avoidance strategy can sometimes be effective…it can also lead to disaster.” This lead to the compliance function and the CCO only being called in an emergency, after the conduct has occurred so that compliance is always in a reactionary mode.

Compliance

This pathway means complying with laws, not the compliance function itself. Under this pathway, “companies recognize that the law is an unwelcome but mandatory constraint on their activities.” So while following this strategy would allow a company to have subject matter expert (SME) practitioners in the field of compliance, it would exist only “so the business could operate within its legal bounds.” Under this pathway, companies still view compliance as a cost to be minimized. Moreover, anti-corruption laws such as the FCPA or UK Bribery Act are “viewed as primarily inflexible—externally imposed rules that cannot be changed or adapted to suit a particular corporate strategy.” This means that business managers will simply not understand that compliance can be used to further business goals. It also leads most business unit folks to believe that compliance is the Land of No and the CCO is in reality ‘Dr. No’ who is there “primarily as a watchdog that polices corporate conduct for illegal activity.”

Prevention 

Under the prevention pathway, senior management acknowledges that anti-corruption laws can be used as competitive advantage “to further well-defined business roles.” This means that the compliance is proactive rather than reactive. Senior managers understand how the law relates to their business areas “and they appreciate how it can be used to minimize particular business risks.” The compliance function “seeks partnerships with managers to help them achieve their risk-management goals.” This pathway has the added benefit that allows compliance practitioners to recognize the importance of measuring and quantifying compliance issues and data “as a part of a broader effort to support a business oriented strategy.” It also means that the compliance function is available to the business unit when the competitive landscape is “strategically assessed” by the business unit. This is more than simply having a seat at the table; it is being a part of and contributing to the commercial strategy.

Value

Companies operating in this pathway use compliance to “create tangible and identifiable value.” But to do so requires a true corporate commitment because business unit managers will need to have a strong understanding of anti-corruption compliance and how it can be tailored to generate value for the company. The CCO, and indeed the entire compliance function, must see itself “as a key stakeholder in helping the company to increase its return on investment” and should see itself in helping to create value for the company. Usually this comes about in two ways. The first is by using compliance to lower costs of doing business, particularly through third parties. Here you can think of reducing the number of vendors who perform the same services or provide the same products to you by appropriate management of your third party compliance program. The second way is by using compliance to increase revenues.

Transformation

In this final pathway, a company will incorporate compliance directly into its business model. While the authors note that few companies have been able to move this far in the legal arena, those who have done so possess a rare and valuable “capability that can provide a competitive advantage that is difficult for a business rival to imitate.” One of the keys to making this transformation is that not only is compliance integrated within “the company’s various value-chain activities; it is also linked with the value chains of important external partners as part of the larger business ecosystem.” This pathway is only available to companies with the most mature compliance function and most usually when compliance is combined with “the business model and core competencies of the company.”

Clearly there is no ‘one size fits all’ approach to compliance strategies. However if your compliance program has maturity and senior management can operate with their eyes open, they will see that while the first three strategies focus on managing risk, the final two are targeted towards generating business opportunities or least have compliance as a part of the team doing so. As compliance practitioners move into the CCO 2.0 role that I have advocated, these pathways can provide you with a tangible starting point to educate senior management on what compliance can bring to the (business) table.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 19, 2014

Chamber of Commerce: Corporations Form the Cornerstone of FCPA Compliance

CornerstoneRecently one of the most unlikely sources for praise of the Foreign Corrupt Practices Act (FCPA) came out to inform us all that corporations are the cornerstone of FCPA compliance and enforcement. You may be surprised to find out that it came from the US Chamber of Commerce. It did not come in the form of Congressional testimony in praise of the FCPA but in the Chamber’s Amicus Curie filing in a case currently being considered by the Texas Supreme Court. Regardless of the forum, the praise was just as strong and hopefully just as lasting.

The Texas Supreme Court recently held oral arguments in the appeal of Shell v. Writt. Unusually for a state supreme court case, it touches on the FCPA. The issue before the Court is whether Shell’s internal FCPA investigation is absolutely privileged from a defamation claim by persons named in the report as having violated the FCPA. Being as this is Texas, with a state supreme court just to the right of Attila the Hun, it is easy to determine what the outcome of the case will be, the company will win.

Procedurally, Writt, the plaintiff claiming defamation from Shell’s report of its internal investigation that it provided to the Department of Justice (DOJ), lost at the trial court on summary judgment. The trial court found that Shell had an absolute privilege because the report was turned over to a government agency investigating the matter. The court of appeals reversed this decision holding that because the internal investigation was voluntary, not mandatory, that only a conditional privilege existed and sent the matter back to the trial court for further proceedings. Shell appealed this court of appeals decision to the Texas Supreme Court.

Interestingly, the US Chamber of Commerce filed an amicus brief in the appeal to the Texas Supreme Court, supporting Shell. In its brief, the Chamber came out with full guns blazing in support of the FCPA and for full internal investigations and self-disclosure by companies. At the start of its brief, the Chamber comes out four square in support of the FCPA stating, “Since 1977, and especially over the last decade, the Foreign Corrupt Practices Act (“FCPA”) has played a very significant role in the federal regulation of multinational corporations. By punishing bribery and other illicit influence of foreign officials by U.S. companies, the statute seeks to improve the integrity of American businesses, promote market efficiency, and maintain the reputation of American democracy abroad.”

The Chamber noted the importance of the FCPA to both the US government and to US businesses. It stated, “Over the past decade, the FCPA has taken on renewed importance for both the U.S. government and American businesses.” As to the importance that the US government places on FCPA enforcement, the Chamber cited to the following, “DOJ officials have publicly stated that “enforcement of the FCPA is second only to fighting terrorism in terms of priority.”” Lastly, because of this focus, “FCPA compliance is now a main focus of concern for U.S. businesses.” Moreover, US companies are now ““light years ahead of where [they were] circa the mid-to-late 1990s,” with companies “implementing more rigorous and sophisticated compliance protocols,” including thorough internal investigations and candid self reporting.”

The Chamber did not stop there with its high praise of the FCPA and the importance of the FCPA and its enforcement for US businesses. The Chamber next turned to US businesses role in FCPA enforcement and compliance when it said, “the government has always relied upon businesses to cooperate with investigations and self-report any potential violations by corporate employees. “Federal enforcement authorities have consistently encouraged, if not as a practical matter demanded, that as to the FCPA companies voluntarily conduct internal investigations, disclose potential violations and cooperate with government investigations.” With their vast resources, individualized focus, and access to documents and witnesses, “companies are actually much better positioned to gather more information more quickly overseas than the Justice Department or the SEC.”” Perhaps channeling some of the criticisms of the recent General Motors (GM) and FIFA investigations, the Chamber recognizes that more than simply results must be shared with the DOJ when it stated, “The government requires that corporations provide not just information on violations that they are certain of, but rather any “relevant information and evidence,” as well as identification of “relevant actors inside and outside the company.””

The money line from the Chamber’s brief is the following, “Corporate cooperation, internal investigation, and self-reporting thus form the cornerstone of FCPA compliance and enforcement.” It could not be clearer from this statement the importance that a robust internal investigation protocol, coupled with self-disclosure bring to FCPA compliance. The FCPA Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken. Companies will want to consider taking “lessons learned” from any reported violations and the outcome of any resulting investigation to update their internal controls and compliance program and focus future training on such issues, as appropriate.”

Thus internal investigations coupled with self-reporting provide both companies and the US government towards the same goal; greater compliance with the FCPA because the Chamber recognizes that the FPCA plays a vital role in international business and corruption prevention and prosecution. The Chamber even cites, favorably, the Congressional logic for the enactment of the FCPA by stating, “Congress determined that such practices tarnish the image of American democracy abroad, impair confidence in American businesses, hamper the efficiency of the market, anger the citizens of otherwise friendly foreign nations, and, put simply, are “morally repugnant” and “bad business.”” Finally, the Chamber acknowledges the importance of the FCPA for both US and international investors; both in the US and for companies abroad by concluding, “The FCPA is a valuable statute that helps to reduce corruption and to reinforce public and investor confidence in the markets here and abroad.”

This brief lays out one of the strongest articulations of the power of the FCPA. I did not expect the Chamber to come out so forcefully in favor of what that many business types continually bemoan. The Chamber’s recognition that FCPA compliance and enforcement are cornerstones of the protection of US businesses; US business interests and investor confidence across the globe is a welcome addition to the FCPA dialogue.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 18, 2014

FIFA and Good-Faith Investigations

CautionYou know things are getting bad when the Wall Street Journal (WSJ) questions a business’ moral authority. Things certainly cannot be much better when the regulators begin nosing around your own self-indulgence. What happens when you realize all of a sudden that all those actions you have taken may actually fall under the jurisdiction of both the United Kingdom and the United States and their respective anti-corruption laws, the UK Bribery Act and the US Foreign Corrupt Practices Act (FCPA)? It turns out all of this may have come through for our friends at Fédération Internationale de Football Association (FIFA).

Last week FIFA announced that it had considered the investigation into allegations of corruption into the awarding of the 2018 World Cup tournament to Russia and the 2022 World Cup tournament to Qatar and found, as reported in the Financial Times (FT) by Roger Blitz in an article entitled “Fifa thrown into fresh turmoil over Qatar World Cup corruption claims”, that “any improper behaviour in the bidding process for the tournament was “of very limited scope.”” This conclusion was made by a FIFA appointed former judge, “Hans-Joachim Eckert, who is chairman of the adjudicatory chamber of Fifa’s ethics committee.” Eckert had reviewed a 350-page report by investigator Michael J. Garcia, who is a former US prosecutor now practicing law in New York. Eckert released a 42 page “summary study” of the Garcia report, which he claimed supported his decision.

Unfortunately for FIFA and Eckert, Blitz reported in another FT article, entitled “Garcia and Eckert set for showdown over Fifa report”, that “Mr Eckert’s summary was disowned within hours of its publication by Mr Garcia, who claimed it misrepresented his findings. He has protested to Fifa’s appeals committee.” Garcia’s statement “has blown apart Fifa’s attempt to bring to a close nearly three years of allegations of unethical behaviour and has left Mr Eckert under increasing pressure to publish the Garcia investigation.” This action by FIFA led Reinhard Rauball, president of the German football league (DFL), to say, “Europe would have to consider breaking away from Fifa unless the Garcia investigation was published in full.”

All of this came after the summary itself noted that documents and evidence surrounding the Russian bid were lost because the computers on which they were stored had been destroyed. Garcia was not even able to speak with all the relevant witness in the Qatar bid as well. Even with this lack of full investigation, Garcia issues a statement which said that Eckert’s summary contained “numerous and materially incomplete and erroneous representations of the facts and conclusions detailed in the investigatory chamber’s report.”

What does all of this mean for FIFA? Certainly if the head of the German football league says that the European soccer federations may have to pull out of the organization because it is so corrupt that portends poorly. In another article in the FT, entitled “Brussels launches sliding tackle against Fifa”, Alex Barker reported “The EU’s top sports official is urging Fifa to come clean with findings from its corruption investigation, in a warning that signals a Brussels rethink over the commercial freedoms enjoyed by football’s scandal-tarnished governing body. In a direct swipe at Fifa’s attempt to clear Russia and Qatar to run the next two World Cups, Tibor Navracsics, the EU commissioner for sports, has called for full publication of a graft report into the 2010 bidding process to “remove doubts” about its findings. While Sepp Blatter’s Fifa is an unregulated Swiss body independent from government, its lucrative business activities in the European market are subject to rules overseen by EU regulators, including sales of television rights.”

What about any criminal issues? A quick Google search reveals that FIFA has offices in both the US and the UK. Given the very broad jurisdiction of the FCPA and perhaps the UK Bribery Act, it does not seem too far a stretch for either the Department of Justice (DOJ), the FBI, the UK Serious Fraud Office (SFO) or even the Overseas anti-corruption unit of the London police might want to open an investigation. Indeed CNN reported that the FBI is investigating FIFA at this time, saying “Investigators are moving ahead with their probe, which could result in charges against senior FIFA officials, the U.S. law enforcement officials said.”

For the compliance practitioner there are a couple of important lesson in all of this. First and foremost, in your internal investigations, you need to provide access of both documents and witnesses to your counsel. If you do not that alone may certainly compromise your investigation. This point was recently re-emphasized in the ongoing General Motors (GM) scandal over its ignition switch problems. It turns out that over two months prior to the public announcement the company had ordered over 500,000 new switches from its supplier. According to Hilary Stout and Bill Vlasic, writing in the New York Times (NYT) in an article entitled “G.M. Ordered a Half-Million Replacement Switches 2 Months Before Recall”, the order was placed after an internal company committee met. But no records of the meeting were provided to company’s outside counsel investigating this matter, Anton R. Valukas. Interestingly Valukas released a statement which the article quoted, ““To my knowledge, G.M. provided me access to all information in its possession related to G.M. inquiries regarding various repair options and part availability as G.M. considered potential fixes for the ignition switch in the event that a recall would occur,” the statement said.” That is lawyer-speak for I looked at what they showed me.

Hiding or not providing access to internal or outside counsel can be a recipe for disaster with the DOJ. The reason is the same as it is a disaster for FIFA in Europe. There is no trust left for the organization. Ask any ex-DOJer and they will tell you that it is all about credibility when you self-disclose to the DOJ or when you are in negotiations with the DOJ over a potential FCPA penalty. I regularly hear Stephen Martin and Mike Volkov say precisely that when they talk about their experiences from working for the US government. If you do not allow your investigators access to all relevant documents and those witnesses under your control, the DOJ will most probably not consider the results of your investigation valid. The DOJ may not even consider your exertions worthy of a good-faith effort.

One thing is also very relevant for the compliance practitioner. If your outside counsel disavows him or herself from the company’s interpretation of it going forward, you are in big trouble. Even the WSJ, in its Op-Ed piece said, “FIFA’s moral failure stands out.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 17, 2014

Opinion Release 14-02: Dis-Linking The Illegal Conduct Going Forward

Dis-linkOne of my favorite words in the context of Foreign Corrupt Practices Act (FCPA) enforcement is dis-link. I find it a useful adjective in explaining how certain conduct by a company must be separated from the winning of business. But it works on so many different levels when discussing the FCPA. Last week I thought about this concept of dis-linking when I read the second Opinion Release of 2014, that being 14-02. One of the clearest ways that the Department of Justice (DOJ) communicates is through the Opinion Release procedure. This procedure provides to the compliance practitioner solid and specific information about what steps a company needs to take in the pre-acquisition phase of due diligence. However, 14-02 directly answers many FCPA naysayers long incorrect claim about how companies step into FCPA liability through mergers and acquisitions (M&A) activity.

From the Opinion Release it was noted that the Requestor is a multinational company headquartered in the United States. Requestor desired to acquire a foreign consumer products company and it’s wholly owned subsidiary (collectively, the “Target”), both of which are incorporated and operate in a foreign country, never issuing securities in the United States. The Target had negligible business contacts in the US, including no direct sale or distribution of their products. In the course of its pre-acquisition due diligence of the Target, Requestor identified a number of likely improper payments by the Target to government officials of Foreign Country, as well as substantial weaknesses in accounting and recordkeeping. In light of the bribery and other concerns identified in the due diligence process, Requestor also detailed a plan for remedial pre-acquisition measures and post-acquisition integration steps. Requestor sought from the DOJ an Opinion as to whether the Department would then bring an FCPA enforcement action against Requestor for the Target’s pre-acquisition conduct. It was specifically noted that the Requestor did not seek an Opinion from the Department as to Requestor’s criminal liability for any post-acquisition conduct by the Target.

Improper Payments and Compliance Program Weaknesses

In preparing for the acquisition, Requestor undertook due diligence aimed at identifying, among other things, potential legal and compliance concerns at the Target. Requestor retained an experienced forensic accounting firm (“the Accounting Firm”) to carry out the due diligence review. This review brought to light evidence of apparent improper payments, as well as substantial accounting weaknesses and poor recordkeeping. The Accounting Firm reviewed approximately 1,300 transactions with a total value of approximately $12.9 million with over $100,000 in transactions that raised compliance issues. The vast majority of these transactions involved payments to government officials related to obtaining permits and licenses. Other transactions involved gifts and cash donations to government officials, charitable contributions and sponsorships, and payments to members of the state-controlled media to minimize negative publicity. None of the payments, gifts, donations, contributions, or sponsorships occurred in the US, none were made by or through a US person or issuer and apparently none went through a US bank.

The due diligence showed that the Target had significant recordkeeping deficiencies. Nonetheless, documentary records did not support the vast majority of the cash payments and gifts to government officials and the charitable contributions. There were expenses that were improperly and inaccurately classified. It was specifically noted that the accounting records were so disorganized that the Accounting Firm was unable to physically locate or identify many of the underlying records for the tested transactions. Finally, the Target had not developed or implemented a written code of conduct or other compliance policies and procedures, nor did the Target’s employees show an adequate understanding or awareness of anti-bribery laws and regulations.

Post-Acquisition Remediation

The Requestor presented several pre-closing steps to begin to remediate the Target’s weaknesses prior to the planned closing in 2015. Requestor aimed to complete the full integration of the Target into Requestor’s compliance and reporting structure within one year of the closing. Requestor has set forth an integration schedule of the Target that included various risk mitigation steps, dissemination and training with regard to compliance procedures and policies, standardization of business relationships with third parties, and formalization of the Target’s accounting and record-keeping in accordance with Requestor’s policies and applicable law.

DOJ Analysis

The DOJ noted black-letter letter when it stated, ““It is a basic principle of corporate law that a company assumes certain liabilities when merging with or acquiring another company. In a situation such as this, where a purchaser acquires the stock of a seller and integrates the target into its operations, successor liability may be conferred upon the purchaser for the acquired entity’s pre-existing criminal and civil liabilities, including, for example, for FCPA violations of the target. However this is tempered by the following from the 2012 FCPA Guidance, “Successor liability does not, however, create liability where none existed before. For example, if an issuer were to acquire a foreign company that was not previously subject to the FCPA’s jurisdiction, the mere acquisition of that foreign company would not retroactively create FCPA liability for the acquiring issuer.””

This means that because none of the payments were made in the US, none went through the US banking system and none involved a US person or entity that this would not lead to a creation of liability for the acquiring company. Moreover, there would be no continuing or ongoing illegal conduct going forward because “no contracts or other assets were determined to have been acquired through bribery that would remain in operation and from which Requestor would derive financial benefit following the acquisition.” Therefore there would be no jurisdiction under the FCPA to prosecute any person or entity involved after the acquisition.

The DOJ also provided this additional information, “To be sure, the Department encourages companies engaging in mergers and acquisitions to (1) conduct thorough risk-based FCPA and anti-corruption due diligence; (2) implement the acquiring company’s code of conduct and anti-corruption policies as quickly as practicable; (3) conduct FCPA and other relevant training for the acquired entity’s directors and employees, as well as third-party agents and partners; (4) conduct an FCPA-specific audit of the acquired entity as quickly as practicable; and (5) disclose to the Department any corrupt payments discovered during the due diligence process. See FCPA Guide at 29. Adherence to these elements by Requestor may, among several other factors, determine whether and how the Department would seek to impose post-acquisition successor liability in case of a putative violation.”

Discussion

Mike Volkov calls it ‘reading the tea leaves’ when it comes to what information the DOJ is communicating. However, sometimes I think it is far simpler. First, and foremost, 14-02 communicates that there is no such thing as ‘springing liability’ to an acquiring company in the FCPA context nor such a thing as simply buying a FCPA violation, simply through an acquisition only, there must be continuing conduct for FCPA liability to arise. Most clearly beginning with the FCPA Guidance, the DOJ and Securities and Exchange Commission (SEC) have communicated what companies need to do in any M&A environment. While many compliance practitioners had only focused on the post-acquisition integration and remediation; the clear import of 14-02 is to re-emphasize importance of the pre-acquisition phase.

Your due diligence must being in the pre-acquisition phase. The steps taken by the Requestor in this Opinion Release demonstrate some of the concrete steps that you can take. Some of the techniques you can use in the pre-acquisition phase include (1) having your internal or external legal, accounting, and compliance departments review a target’s sales and financial data, its customer contracts, and its third-party and distributor agreements; (2) performing a risk-based analysis of a target’s customer base; (3) performing an audit of selected transactions engaged in by the target; and (4) engaging in discussions with the target’s general counsel, vice president of sales, and head of internal audit regarding all corruption risks, compliance efforts, and any other major corruption-related issues that have surfaced at the target over the past ten years.

Whether you can make these inquiries or not, you will also need to engage in post-acquisition integration and remediation. 14-02 provides you with some of the steps you need to perform after the transaction is closed. If you cannot perform any or even an adequate pre-acquisition due diligence, the time frames you put in place after the acquisition closes may need to be compressed to make sure that you are not continuing any nefarious FCPA conduct going forward. But it all goes back to dis-linking. If a target is engaging in conduct that violates the FCPA but the target itself is not subject to the jurisdiction of the FCPA, you simply cannot afford to allow that conduct to continue. If you do allow such conduct to continue you will have bought a FCPA violation and your company will be actively engaging and participating in an ongoing FCPA violation. That is the final takeaway I derive from this Opinion Release; it is allowing corruption and bribery to continue which brings companies into FCPA grief. Opinion Release 14-02 provides you a roadmap of the steps you and your company can take to prevent such FCPA exposure.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 14, 2014

Trial Lawyering and FCPA Compliance

Filed under: Best Practices,compliance programs,Department of Justice,FCPA — tfoxlaw @ 12:01 am

Single KnightAs most readers of this blog know, I am a recovering trial lawyer. To this day, some of my best friends are still out there, still teeing it up as trial lawyers. They have an important place in our country’s legal system, including defending corporations, which was my primary client base in those long ago days of yore. To be a trial lawyer requires a certain cache; as you really are a hired gun, king’s champion, free lance fighter, single combat warrior for your client. If not exactly a knight in shining armor, certainly one ready to take on all comers with something as blunt as a mace, as the company’s single combat champion. Frankly there is nothing much better than standing up in front of an antagonistic jury and announcing that I am proud to represent XXXX (name the corporation). It may not be the same as standing up and saying you represent the People of the United States, the People of the Great State of Texas or the People of Houston, but it is still very cool.

But just as it takes a certain skill set and mentality to be able to pull that off that trial lawyer hutzpah, such skills and mentality do not necessarily translate into the skills necessary to be good counselors. As Donna Boehme continually reminds us that is even truer when it comes to the compliance function in a Foreign Corrupt Practices Act (FCPA) compliance program. That point was driven home to me yet again in a recent article in the Texas Lawyer, entitled “FCPA Practices: Right-to-Audit Clauses”. In this article the authors, have a section denominated as ‘Defending An Audit’. I would suggest that if you are in a commercial contract relationship and your attitude starts with ‘defending an audit’ you are getting seriously low-value compliance counseling for your lawyer-dollars.

Contract negotiations which begin with such an adversarial attitude are apt to go nowhere on a slow boat to China. The right to audit was enshrined in every commercial contract that I ever negotiated, whether my client was paying money out or receiving money back for services or products delivered. If you are going to start fighting about the audit clause out of the box, frankly you probably have engaged outside counsel who is charging by the word. Worse, everyone from the Department of Justice (DOJ) down the chain of compliance understands the absolute need for audit rights. If your company comes out of the box fighting about audit terms so that you can defend an audit it certainly marks you as outside of the mainstream of entities around the best practices of compliance. Moreover, it would immediately set off huge Red Flags, if not cannonades of ringing church bells saying that my company has something to hide. Your corporate counter-party could very easily say that your client is not someone they could or even should do business with, if they want to fight over such a basic component in a best practices compliance program as audit rights.

It is that type of trial lawyer mentality which also seems to seep into the debate about a compliance defense under the FCPA. Leaving aside the Arthur Andersen effect of 63,000 people losing there livelihoods because one corporation made an idiotic decision to go to trial; the trial lawyer mentality that wants to tee it up with the DOJ does not serve the counseling function which corporations require. What does a trial lawyer tell a client about its chances at trial? You have a 10% chance; 20% chance; 50% chance; 75% chance of winning? What is that based on? Knowing what 12 (or perhaps 6) citizens will say? If there is a potential $500MM fine for a guilty verdict and there is a 10% chance of losing, is settling for $50MM reasonable? What if your illegal conduct was over five years ago, are you really going to trial on statute of limitations defense, where your own conduct hid the FCPA violations? Want to try and use that fact issue to persuade a jury that the government waited too long to indict?

Further, what are the true costs of litigating a criminal charge against your company? Attorney fees, defense costs for all those individuals the company has to defend, zero to no productivity for some period of time? What about all the negative stuff that will come out at trial about the company’s conduct, think there might be any negative effect on your corporate reputation, if not what about tanking of the stock price? How about all those plaintiff’s lawyers circling in the water with their shareholder derivative actions lawsuits firmly planted in their teeth, think they might be interested in what the Board knew, when it knew it or conversely that it did not know anything? Do you really want to put your Chief Executive Officer (CEO) up on the stand and have him or her cross-examined by the DOJ on what he/she allowed the compliance function to do at the company? Remember the great performance by Ken Lay at his company’s trial? (It’s my company – I do what I want.)

Yesterday, Mike Volkov wrote a blog post, entitled “Working in the Compliance Field – The Need for Practical Solutions”, where he said “compliance professionals need support with practical solutions to real problems. In some cases, compliance support professionals can help to define a strategy to solve a problem.” That seems to me to be the clearest articulation of why a compliance defense appended to the FCPA would not mean anything in the practice of compliance inside a corporation. If no corporation is going to trial, standing up and saying we have a compliance defense is not going to help the compliance practitioner do compliance inside a company. So as much as trial lawyers want to create something so that they can take on the DOJ over some FCPA issues at trial, such a defense will not move forward the doing of compliance.

Near the end of his piece Volkov said, “In the end, compliance professionals need less theoretical mumbo jumbo and more practical, real-world solutions.” Here, here Mike. Fighting your customer over audit rights is not a real world solution that a compliance practitioner needs.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 12, 2014

John Doar and the Bio-Rad FCPA Enforcement Action – Part II

John DoarJohn Doar died yesterday. He was perhaps most famously known for his role as the House Judiciary Committee Chief Counsel during the investigation of and impeachment proceedings against then President Nixon. However, it was his role in the civil rights movement in the South that in large part inspired me to become a lawyer. He rode with the Freedom Riders in Alabama; walked with James Meredith so that he could register to attend the University of Mississippi, then stayed in the same dorm room with Meredith while the campus rioted; prosecuted the KKK in Mississippi after the murder of three civil rights workers in 1964; and marched for voting rights with Dr. King in Selma. My favorite John Doar story was retold in his obituary in the New York Times (NYT), where he stopped a riot in its tracks with the following ““My name is John Doar — D-O-A-R,” he shouted to the crowd. “I’m from the Justice Department, and anybody here knows what I stand for is right.” That qualified as a full-length speech from the laconic Mr. Doar. At his continued urging, the crowd slowly melted away.”” In my book, he is right up there with Atticus Finch.

In an earlier post, I reviewed the Bio-Rad Laboratories, Inc. (Bio-Rad) Foreign Corrupt Practices Act (FCPA) enforcement action from the perspective of the Non-Prosecution Agreement (NPA) the company was able to secure with the Department of Justice (DOJ). Today I want to review the bribery schemes that the company used to either internally fund the bribes or attempt to evade internal detection. Both the NPA and the Securities and Exchange Commission’s (SEC) Order Instituting Cease-and-Desist Proceedings (Order). The compliance practitioner can use these bribery schemes not only for FCPA training but also to see if any such schemes or their indicia may be present in your company.

Initially I need to discuss the corporate structure. It was apparently quite decentralized. According to the Order, “Bio-Rad’s international sales organization (“ISO”) oversees the company’s international sales operations; this includes all locations outside the United States and Canada. In 2009, the ISO consisted of four sub-divisions: (1) Western Europe; (2) Asia Pacific; (3) Japan; and (4) Emerging Markets. Each sub-division had a general manager, reporting to the vice-president of ISO. The Asia Pacific sub-division included Vietnam and Thailand. The Emerging Markets sub-division included Russia and other eastern European countries. Some countries within the sub-divisions had a country manager who reported to the ISO sub-division general manager.” Emerging markets is clearly a high-risk area for pharmaceutical companies. If your business development or sales organization has such a designation, I would suggest that you check and see if there are sufficient protections in place to at least raise any red flags, which might need further investigation.

However, it was more than the management structure of the business operations that was decentralized, the compliance function was similarly structured. The NPA stated, “BIO-RAD also decentralized its compliance program such that its international offices were responsible for ensuring adequate compliance with its business ethics policy and code of conduct.” This decentralization so defanged the company’s compliance program that it could not perform even the most basic functions of a compliance organization; no due diligence on third parties, indeed no management of third parties at all from the compliance perspective; no risk assessments were performed and, finally, the most damning was that the compliance function could not even ensure compliance with the company’s own business ethics policy.

The Russia Scheme

However the company used third party representatives to facilitate the bribery scheme. In addition to the lack of due diligence or usual steps that a compliance practitioner might put in place to manage third parties under the FCPA there were several other items of note which constitute lessons learned by the compliance practitioner. First and foremost was the commission rate paid to these third parties, that being between 15%-30%. This alone may well have been enough to demonstrate “a conscious disregard for the high probability that the Russian Agents were passing along at least a portion of their commissions to Russian government officials to obtain profitable public contracts for the sale of medical diagnostic equipment.” Further, the payments made to these agents were sent to countries outside Russia, where neither the alleged services were delivered nor where the agents were legally domiciled. Moreover, not only did these agents have no offices in Russia, they had no employees in Russia either.

Apparently there were contracts in place with these agents. The services these agents were specified to deliver included, “acquiring new business, creating and disseminating promotional materials to prospective customers, distributing and installing products and related equipment, and training customers.” But it really is hard to deliver services if you have no employees. Apparently there were times these agents did deliver something identified as “distribution services” for the commission rates between 15%-30%. However the estimated value of these services for the company was between 2%-2.5% of the total sales.

Another area of obvious concern should have been the pre-payment of commissions to these agents. Any time you pre-pay before a service is delivered (other than a retainer into a lawyer’s trust account) you can potentially run into trouble. But Bio-Rad took it a step further by making pre-payments before contracts with the ultimate buyer were negotiated. Any ideas where those pre-paid commissions might have gone? Another area was the amount of the commissions. They were just less than $200,000, which happened to be the authority level of the head of Bio-Rad’s Emerging Markets business unit. So there was no oversight or second set of eyes on these pre-payments because it was within the manager’s authority level. Finally, these pre-payments were actually forbidden under the contracts but they were made anyway.

The Vietnam Scheme 

The Vietnam Country Manager had contracting authority up to $100,000 and sales commissions up to $20,000. From 2005-2009 Bio-Rad apparently paid bribes directly to health care workers so they would purchase the company’s products. When it was pointed out to the Country Manager this was illegal, he simply moved to a distributor “at a deep discount, which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes…Between 2005 and the end of 2009, the Vietnam office made improper payments of $2.2 million to agents or distributors, which was funneled to Vietnamese government officials. These bribes, recorded as “commissions,” “advertising fees,” and “training fees,” generated gross sales revenues of $23.7 million to Bio-Rad Singapore.” 

The Thailand Scheme

In Thailand, it was an almost mundane bribery scheme involved compared to Russia and Vietnam. Bio-Rad acquired an interest in a Thai Joint Venture (JV) through an acquisition where it performed “very little due diligence” on the JV. Bio-Rad acquired a minority interest in the JV and it did not communicate directly with the JV’s distributors but only through the majority owners of the JV. The bribery scheme was funded through “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” The due diligence was so poor that Bio-Rad did not know that the prime third party sales representative for the JV were the same majority owners of the JV.

Tomorrow, I will discuss some of the internal controls that a company might employ to help prevent such a compliance failure as occurred at Bio-Rad.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 10, 2014

Gordon Lightfoot, the Edmund Fitzgerald and the Bio-Rad FCPA Settlement, Part I

Wreck of the Edmund FitzgeraldThis month there are two dates that are forever tied together in the annuals of maritime tragedies and great songwriters. November 10 is the 39th anniversary of the sinking of the Great Lakes freighter the SS Edmund Fitzgerald, who sank 17 miles from the entrance to Whitefish Bay on Lake Superior taking all 29 crewmembers to the bottom with her. Next Monday, November 17, is the 76th birthday of the Canadian singer-songwriter Gordon Lightfoot, who memorialized the tragedy in the song The Wreck of the Edmund Fitzgerald, which he released on the album Summertime Dream in 1976. The song went all the way to Number 2 on the charts. I can still hear Lightfoot’s haunting tale in my head to this day and for me, it was his greatest single.

Earlier this month, Bio-Rad Laboratories Inc. (Bio-Rad) concluded a multi-year Foreign Corrupt Practices Act (FCPA) investigation and enforcement action. It was notable for many reasons. First and foremost was the stunning bribery and corruption scheme that the company engaged in; multiple bribery schemes in multiple countries. Also notable were the results that the company achieved. While we do not yet know if there will be any individual prosecutions of this matter, the company received a Non-Prosecution Agreement (NPA) from the Department of Justice (DOJ) and a relatively small fine of $14.35MM for what clearly would appear to be criminal violations of the FCPA. Perhaps equally stunning is the amount of profit disgorgement that the company agreed to with the Securities and Exchange Commission (SEC), that amount being $40.7MM.

As with the Layne Christensen FCPA enforcement action from October, both settlement documents provide a wealth of very useful information for the compliance practitioner to use to not only help create a best practices compliance program, but also review your company’s compliance program to see if there might be areas of risk which need to be assessed or have greater compliance scrutiny. Over the next couple of blog posts I want to explore the Bio-Rad FCPA settlement, discuss some of the lessons learned for the compliance practitioner and explore what this settlement may unveil for future FCPA enforcement actions.

With his usual thoroughness, the FCPA Professor went into deep dive mode to lay out the underlying facts involved in this matter, in a post entitled “Bio-Rad Laboratories Agrees To Pay $55 Million To Resolve FCPA Enforcement Action”. According to the NPA, Bio-Rad had bribery schemes running in the following countries: Russia, Vietnam and Thailand. In Russia, persons identified as ‘Manager-1’ who was a high-level manager of the company’s Emerging Markets sales region and ‘Manager-2’ who worked for Manager-1 and was described as a high-level accounting manager of the company’s Emerging Markets sales region, engaged with ‘Agent-1’ paying him “a commission of 15-30% purportedly in exchange for various services outlined in the agency contracts, including acquiring new business by creating and disseminating promotional materials to prospective customers, installing Bio-Rad products and related equipment, training customers on the installation and the use of Bio-Rad products, and delivering Bio-Rad products.”

The commission rates were approved by Manager 1 and 2 even though they were both aware that Agent 1 did not and indeed could not perform the contracted services. Payments were made to a level of $200,000 or less because that was the spending authority of the managers, which did not require a higher level of company review. Both managers communicated with Agent 1 through multiple fraudulent email addresses to avoid detection by the company. Finally, Agent 1 had a 100% success rate in obtaining sales into Russia.

In Vietnam, the system was much simpler and even more directly corrupt. The Bio-Rad country manager was authorized to approve contracts up the amount of $100,000 and to pay sales commissions up to $20,000 without further review. This un-named country manager simply authorized cash payments to officials at state-owned hospitals to obtain or retain business for the company. When the country manager was finally challenged on this direct bribery scheme, he simply “proposed a solution that entailed employing a middleman to pay the bribes to the Vietnamese government officials as a means of insulating Bio-Rad from liability.” The bribery funds were created by giving these middlemen, named distributors, deep discounts “which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes.” These bribes were recorded on the company’s books and records as “commissions”, “advertising fees” and “training fees”.

In Thailand, the company acquired a 49% interest in a joint venture (JV) through acquisition. Initially I would note that there is no record that Bio-Rad either performed pre-acquisition due diligence or engaged in any post acquisition integration or remediation so that an ongoing bribery scheme which began under a previous company’s ownership continued after Bio-Rad took control of the Thailand JV. The bribery scheme involved paying an agent “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” Just to top it all off, the agent involved in the bribery scheme was Bio-Rad’s JV partner.

I would say that all of the above is very bad conduct. Yet, Bio-Rad was able to garner a NPA from the DOJ and a civil Cease and Desist Order from the SEC. How did they accomplish this? In the DOJ Press Release, it stated, “The department entered into a non-prosecution agreement with the company due, in large part, to Bio-Rad’s self-disclosure of the misconduct and full cooperation with the department’s investigation…In addition, Bio-Rad has engaged in significant remedial actions, including enhancing its anti-corruption compliance programs globally, improving internal controls and compliance functions, developing and implementing additional due diligence and contracting procedures for intermediaries, and conducting extensive anti-corruption training throughout the organization.”

For the compliance practitioner, yet once again the DOJ and SEC are sounding a LOUD and CLEAR message that even with very bad conduct, the systemic failure of internal controls and having a culture that turned a very blind eye at best to what was going on; you can make a comeback. Moreover, you can make such a spectacular comeback that does not even sustain a Deferred Prosecution Agreement (DPA) let alone have to accept a guilty plea. It all starts with putting a best practices compliance program in place and the DPA lists the steps that any company should consider in its compliance regime.

  1. High level commitment by providing visible support by senior management.
  2. An appropriate corporate policy around anti-corruption.
  3. Specific policies and procedures in the following areas: (a) gifts, (b) hospitality, entertainment and travel, (c) customer travel, (d) political contributions, (e) charitable donations and sponsorship, (f) facilitation payments and (g) solicitation and extortion.
  4. Appropriate internal controls to ensure transactions are authorized and properly recorded.
  5. A periodic risk-based review. In other words, a risk assessment. Policies and procedures need to be reviewed no less than annually and updated as appropriate.
  6. The compliance function should have proper Board oversight, independence to act and support within the organization.
  7. Compliance shall provide training on and guidance to the business units on its anti-corruption compliance program.
  8. There should be mechanisms for employees to report internally compliance issues of concern with no fear of retaliation.
  9. A company must maintain and provide “effective and reliable” processes and resources to responding to any raised issues.
  10. A company must use both incentives to encourage behavior and discipline of those employees who violate its compliance program.
  11. Third parties must be subjected to an appropriate due diligence based vetting process, have an appropriate contract and thereafter be managed going forward after the contract is signed.
  12. There should be a protocol for evaluation of any potential acquisitions or merger candidates and then appropriate review and remediation after any acquisition is complete.
  13. There should be ongoing monitoring and testing of the compliance program going forward.

At the conclusion of its NPA, Bio-Rad agreed to ongoing compliance reporting, at annual anniversaries of the date of the NPA by reporting to the DOJ the results of its remediation efforts over the past year. This is one of the most significantly overlooked positive aspects of any FCPA resolution. This allows the DOJ to have a continued view into the company’s compliance function. It is not an ongoing monitor but it does give the DOJ a transparent view into the company’s work towards the overall goal of putting a best practices compliance program in place and not simply stopping work when the settlement is signed. It keeps the company on its toes and allows the DOJ to continue to assess the company’s actions around anti-corruption compliance.

In the next blog post on Bio-Rad, I will review some of the specific bribery schemes that the company used and discuss how a compliance practitioner might use them for some lessons learned.

For a YouTube version of Gordon Lightfoot signing The Wreck of the Edmund Fitzgerald, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,828 other followers