FCPA Compliance and Ethics Blog

December 18, 2014

Ty Cobb and the Compliance Performance Appraisal Review

Ty CobbToday we celebrate greatness, in the form of one of the greatest baseball players ever, with the anniversary of the birthday of Ty Cobb. Coming up to the majors as a center fielder for the Detroit Tigers in 1905, he emerged in 1907 to hit .350 and win the first of nine consecutive league batting titles. He also led the league that year with 212 hits, 49 steals and 116 RBIs. In 1909 he won the league’s Triple Crown for the most home runs (9), most runs batted in (107), and best batting average (.377). In 1911, he led the league in eight offensive categories, including batting (.420), slugging percentage (.621), hits (248), doubles (47), triples (24), runs (147), RBI (144) and steals (83), and won the first American League MVP award. He batted .410 the following season, becoming the first player in the history of baseball to bat better than .400 in two consecutive seasons.

Cobb set a record for stolen bases (96) and won his ninth straight batting title in the 1915 season. He faltered the next year, but came back to win another three straight titles from 1917 to 1919. He left the team in 1926 and signed with the Oakland Athletics, hitting .357 and becoming the first-ever player to reach 4,000 total career hits before retiring after the 1928 season. His record of nine consecutive batting titles as well as his overall number of 12 will never be succeeded.

While Cobb certainly had quite a bit of natural ability, he was also a very dedicated baseball player, forever working to improve his craft. He might not have taken well to criticism but he did work to improve all aspects of his game. One of the modern ways to improve employee performance is through an annual employee performance review. Recently I read an article in the Houston Business Journal entitled “6 Ways To Make Performance Reviews More Productive” by Janet Flewelling. I found her article provided some interesting perspectives on some of the ‘nuts and bolts’ work that you can put into your Foreign Corrupt Practices Act (FCPA) or UK Bribery Act anti-corruption program that can be relatively low-cost but can add potentially high benefits.

One of the ways to drive compliance into the DNA of an organization is through incentives such as making it a component of a year-end discretionary bonus payment. Indeed the FCPA Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance pro­gram, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.”

Most Human Resources (HR) experts will opine that properly executed performance appraisals are crucial to organizational productivity as well as the development of employee skills and employee morale. Moreover, they can serve a couple of different functions for a best practices compliance program. First, and foremost, they communicate to each employee their job performance from a compliance perspective. However, one key is not to approach the performance appraisal review as an isolated event but rather a continual process. This means that instead of trying to play catch-up at the last minute, supervisors should provide feedback and assess job performance throughout the year so annual reviews are grounded in a year’s worth of experience. This includes the compliance component of each job. The second area performance appraisals impact is compensation. As noted above, the DOJ and SEC expect that your compliance program will have both discipline and incentives. But those incentives need to be based upon something. The score or other performance appraisal metrics will provide to you a standard which you can measure and use to evaluate for other purposes such as employee promotion or advancement to senior management going forward.

In her article Flewelling provides six points you should consider which I have adapted for the compliance component of an annual employee performance appraisal. 

  1. Prioritize reviews in your schedule – You should schedule the employee performance appraisal at least several days in advance, rather than when a time slot suddenly opens up. You would make sure that you allot sufficient time for unhurried give and take between the reviewer and the employee.
  2. Review the entire year’s performance – You should resist the attempt to focus the discussion on the latest compliance experience. This is called recency bias. If a compliance issue arose in the past month or so, you need to keep it in perspective for the entire review period. Moreover, by focusing a review on a recent problem you may obscure prior accomplishments and make an employee feel demoralized. Take care not to go too much in the opposite direction as recency bias can work both ways, and one should not let a favorable recent compliance event overshadow the full review period.
  3. Do not hesitate to critique – Be generous with praise where it is warranted, but do not hesitate to discuss improvements needed in the compliance arena. Many supervisors are reluctant to confront and indeed desire to avoid confrontation. However remaining silent about an employee’s compliance shortcomings is a disservice to both the company and the employee.
  4. Do not dominate the conversation – Remember that you must give the employee time for self-appraisal and to ask questions or to comment about the feedback received from the compliance perspective. If there are specific questions or concerns raised by the employee you need to be prepared to address them as appropriate.
  5. Understand the employee’s role – You need to understand and appreciate that if the recent economy has resulted in many employees assuming the responsibilities of more than one position. If relevant to the employee, acknowledge that fact and take it into account in the review. This is certainly true from the compliance perspective as many non-Compliance Department employees have cross-functional responsibilities. If they claim not to have the time to handle their compliance responsibilities you will need to address this with the employee and perhaps structurally as well.
  6. Anticipate reprisal – Although it is rare, you can face the situation where an employee who is very dissatisfied with a review may refuse to sign it. The employee may be offered the opportunity to add a statement to the review. Also point out that the employee signature is an acknowledgement of receiving the review and does not signify agreement. If the employee still refuses to sign, have a second supervisor come in to witness the refusal. This may be particularly important from the compliance perspective.

Flewelling ends her piece by noting, “A proper annual review requires considerable effort from employee supervisors. It should be a full-year process involving regular guidance and feedback and perhaps several mini-reviews along the way. But rather than viewing it as onerous, supervisors should keep in mind that it is a tool for making their departments work more efficiently and yields better results for everyone involved.” I would add this is doubled from the compliance perspective. Nonetheless the potential upside can be significant from your overall compliance program perspective.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 17, 2014

Scrooge and Corporate Settlement Agreements

A Christmas CarolAlthough there seems to be a difference in the precise publication date between the online reference sites This Day in History and Wikipedia, today we celebrate the Charles Dickens’ work A Christmas Carol, which both sites acknowledge was published in 1843. This story has become well known and omnipresent in the Christmas season; in film, theater, radio, television, cartoon, opera and about every other form of media known to mankind. A Christmas Carol tells the story of a bitter old miser, Ebenezer Scrooge and his transformation into a gentler, kindlier man after visitations by the ghost of his former business partner Jacob Marley and the Ghosts of Christmases Past, Present and Yet to Come.

The book was written at a time when the English were examining and exploring Christmas traditions from the past as well as new customs such as Christmas cards and Christmas trees. Dickens’ source materials for the tale appear to be many and varied, but are principally, the humiliating experiences of his childhood, his sympathy for the poor and various Christmas stories and fairy tales. A Christmas Carol has been credited as one of the greatest influences in rejuvenating the old Christmas traditions of England. Scrooge himself is the embodiment of winter, and, just as winter is followed by spring and the renewal of life, so too Scrooge’s cold, pinched heart is restored to the innocent goodwill he had known in his childhood and youth. It is hardy tale that should be retold and remembered each holiday season as one of the true spirits for celebration.

I considered this work by Dickens when I read a recently released article entitled “Improving Corporate Settlement Agreements by The Fraud Guy, John Hanson. In this piece Hanson considers some shortcomings in a variety of corporate misconduct settlement agreements, where he believes “the Terms of most Agreements lack a full and practical appreciation for what constitutes an effective Program within a particular organization.” He articulates that “A key reason for this is because the parties to the Agreement miss the forest for the trees in that they too narrowly focus on Program sub-components (that piece of a Program associated with a particular risk, such as Anti-Corruption, Anti-Trust, False Claims, Organizational Conflicts of Interest, etc.…), the failure of which is only symptomatic of a higher level and overall Program failure.” Although Hanson’s critique of Deferred Prosecution Agreements (DPAs), corporate monitors and settlement agreements was broader than simply those issues in Foreign Corrupt Practices Act (FCPA) enforcement, I found his comments provided some useful insights into how both companies and the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) might help to make the process more robust in helping companies create a culture of compliance and ethics as result of a resolved enforcement action.

Ethical Tone

Here Hanson says that DPAs do not tie the relationship of compliance and ethics together going forward. He believes that one cannot exist without the other. He thinks many compliance program overseers focus too much on the sub-parts and institute too much of “A piecemeal approach that overly focuses on Program sub-components and neglects ethical tone almost completely is doomed to failure. It is like placing a Band-Aid on an arterial wound.”

While many external monitors will drill down into the detailed specifics of a certain issue or even sub-issue under compliance, such a mechanism can be a useful exercise. For example if there is a particular compliance problem being faced such a detailed approach may be warranted. For instance, if the company got into FCPA trouble for its use of third parties that came into a business relationship with the company through the Supply Chain, an extreme deep dive into the Supply Chain and management of those relationships from the compliance perspective may be important. However what such an approach may cost is losing a greater focus of the overall picture.

Time

A second critique is that many DPAs are simply too short in time length to “effectively implement remediation.” While this criticism is largely for DPAs outside the FCPA context, it bears some discussion. Hanson believes that “A Program is a process, not a one-time event. Moreover, it is a process that perpetuates and improves continuously. Generally speaking, for organizations without a robust and effective Program, it realistically takes at least three years to stand up this process to the point where it is effective and begins annually repeating.” A compliance program design and implementation can take up to 18-months and it can often take another year to assess the implementation results and fine tune the compliance regime going forward.

While most DPAs in the FCPA context are for three years, there have been examples of where either a company was released early from a DPA or a monitorship ended at the 18-month mark rather than the full three years. An example of this is Pride International (now ENSCO) who were rewarded by being released early for its superior enhanced compliance efforts. In the latter category is Weatherford, among others, whose external monitorship can end at 18-months after the execution of the DPA, if sufficient progress is met.

External Monitors

Hanson had some very interesting thoughts about the use of corporate monitors. He has long championed more professionalism for monitors, specifically regarding their training in implementing compliance programs, not simply as very good white-collar defense lawyers or internal investigators. However, in his paper Hanson notes that other concerns have lessened both the effectiveness of external monitors or even their use; when he writes, “Due to past negative publicity arising from problems resulting from poor/immature government agency Monitor selection policies and/or inexperienced and/or ineffective Monitors, government agencies and organizations alike have developed some misperceptions that have led to Monitors being underutilized, even avoided. While some government agencies are still developing or improving Monitor selection policies, many have already adopted policies that addressed past concerns.”

Hanson champions his concerns for monitors with the experience issue. He believes that “many Monitors come from the ranks of whitecollar defense attorneys, who, as noted above, frequently lack the requisite level of compliance and ethics training and knowledge, as well as practical Program experience, to serve in that role most effectively. Additionally, most persons selected to be a Monitor have never been a Monitor before and are unaware of the nuances associated with such a specialized role.” To rectify this issue, Hanson advocates greater monitor training from organizations such as the Society of Corporate Compliance and Ethics (SCCE) or others. Finally, as Hanson notes, “it is of much greater importance to engage a Monitor who is an expert in compliance and ethics rather than one who is an expert on the substantive underlying criminal and/or regulatory violations.”

As usual when John Hanson writes something relating to the compliance field, you should definitely read it. Hanson’s unique background as a forensic auditor, FBI agent and four-time corporate monitor provide valuable insights to any compliance related issue. His current article is no different. You can use many of his insights directly in your compliance program through engaging an outside expert, called monitor or something else, to help move your compliance and ethics program forward on a number of fronts.

Hanson’s article is available through JDSupra by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 15, 2014

Hiring and Promotion in Compliance – Wait for Great

7K0A0597The role of Human Resources (HR) in anti-corruption programs, based upon the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act, is often underestimated. I come from a HR background and practiced labor law early in my career so I have an understanding of the skills HR can bring to any business system which deals with legal issues; which is not only required of all businesses but certainly is true of FCPA or UK Bribery Act compliance. If your company has a culture where compliance is perceived to be in competition or worse yet antithetical to HR, the company certainly is not hitting on all cylinders and maybe moving towards dysfunction.

One of the Ten Hallmarks of an Effective Compliance program relates to the key role HR plays in incentives and discipline. However, another key area that is not given as much attention is in hiring and promotion. The FCPA Guidance states, “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cu tting ethical corners is an ac­ceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his win-loss record.” In other words make compliance significant for professional growth in your organization and it will help to drive the message of doing business in compliance.

I thought about these concepts when I read an article in the Corner Office column of the Sunday New York Times (NYT), entitled “Sally Smith of Buffalo Wild Wings, on patience in hiring” where columnist Adam Bryant interviewed Sally Smith, the Chief Executive of Buffalo Wild Wings, the restaurant chain. She had some interesting concepts not only around leadership but thoughts on the hiring and promotion functions, which are useful for any Chief Compliance Officer (CCO) or compliance practitioner striving to drive compliance into the DNA of a company.

Leadership – Get Feedback

One of the early lessons which Smith learned about leadership is to set clear expectations. Bryant wrote that Smith told him, “You have to be really clear about what you want and what your expectations are. When you’re clear and everybody understands them, you have a much better chance of success than if you say, “Just do it.” It’s a great slogan, but you’ve got to know what it is that you’re just doing.” This is a constant battle for the compliance practitioner when senior management also makes clear that you must make your numbers as well. However this dynamic tension can be met and one of the best ways is to require business-types to make their numbers but doing so in a way that is in compliance with a company’s Code of Conduct and compliance regime.

A second leadership lesson that Smith has learned is around feedback. As you might guess from a Chief Executive, Smith has found that obtaining honest critiques about her management style from those who work under her is difficult to acquire. To overcome this reluctance she set up a program where her leadership can give anonymous reviews of her performance annually to the company’s Board of Directors. Bryant said, “My leadership team does a performance review on me each year for the board. It’s anonymous. They can talk about my management style or things I need to work on. If you want to continue growing, you have to be willing to say, “What do I need to get better at?”” This type of insight is absolutely mandatory for any best practices compliance program as anonymous reporting is also one of the Ten Hallmarks of an Effective Compliance program. But more than simply an anonymous reporting line for FCPA violations, how does your company consider feedback to determine how all levels of the company is doing compliance going forward or as the FCPA Guidance states, “From the boardroom to the shop floor.”

Hiring and Promotion – Waiting for Great

Here Smith had some thoughts put in a manner not often articulated. One of her cornerstones when hiring is to search out the best person for any open position, whether through an external hire or internal promotion. Bryant stated that Smith said “We use the phrase “wait for great” in hiring. When you have an open position, don’t settle for someone who doesn’t quite have the cultural match or skill set you want. It’s better to wait for the right person.”

Smith articulated some different skills that she uses to help make such a determination. Once a potential hire or promotion gets to her level for an interview, she will assume that person is technically competent but “I assume that you’re competent, but I’ll probe a bit to make sure you know what you’re talking about. And then I’ll say, “If I asked the person in the office next to you about you, what would they say?””

Passion and curiosity are other areas that Smith believes is important to probe during the hiring or promotion process. In the area of passion, Smith will “Often ask, “What do you do in your free time?” If they’re passionate about something, I know they’re going to bring that passion to the workplace.” Smith believes curiosity is important because it helps to determine whether a prospective hire will fit into the Buffalo Wild Wings culture. Bryant wrote, “I look for curiosity too, because if you’re curious and thinking about how things work, you’ll fit well in our culture. So I’ll ask about the last book they read, or the book that had the greatest impact on them.” Smith also inquires about jobs or assignments that went well and “ones that went off the tracks. You ask enough questions around those and you can determine whether they’re going to need a huge support team.”

I found these insights by Smith very useful for a compliance practitioner and the hiring and promotion functions in a compliance program. By asking questions about compliance you can not only find out the candidates thoughts on compliance but you will also begin to communicate the importance of such precepts to them in this process. Now further imagine how powerful such a technique could be if a Chief Executive asked such questions around compliance when they were involved in the hiring or promotion process. Talk about setting a tone at the top from the start of someone’s career at that company. But the most important single item I gleaned from Bryant’s interview of Smith was the “Wait for great” phrase. If this were a part of the compliance discussion during promotion or hiring that could lead to having a workforce committed to doing business in the right way.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 10, 2014

The Nobel Prize and FCPA Enforcement Going Forward

Nobel Prize MedalOne hundred and 13 years ago on this date, the first Nobel Prizes were awarded in Stockholm, Sweden, in the fields of physics, chemistry, medicine, literature, and peace. The ceremony came on the fifth anniversary of the death of Alfred Nobel, the Swedish inventor of dynamite and other high explosives. In his will, Nobel directed that the bulk of his vast fortune be placed in a fund in which the interest would be “annually distributed in the form of prizes to those who, during the preceding year, shall have conferred the greatest benefit on mankind.” Although Nobel offered no public reason for his creation of the prizes, it is widely believed that he did so out of moral regret over the increasingly lethal uses of his inventions in war. The Royal Swedish Academy of Sciences decides the prizes in physics, chemistry, and economic science; the Swedish Royal Caroline Medico-Surgical Institute determines the physiology or medicine award; the Swedish Academy chooses literature; and a committee elected by the Norwegian parliament awards the peace prize. The Nobel Prizes are still presented annually on December 10, the anniversary of Nobel’s death. Each Nobel Prize carries a cash prize of nearly $1,400,000 and recipients also received a gold medal, as is the tradition.

Just as important in the area of anti-corruption and anti-bribery is the Organization for Economic Development and Cooperation (OECD). Earlier this month the OECD issued a report entitled “Foreign Bribery Report-An Analysis of the Crime of Bribery of Foreign Public Officials”. To say the findings were eye opening, if not disheartening, would be to put it mildly. As reported by Shawn Donnan in the Financial Times (FT), in an article entitled “Big companies blamed for most of the world’s bribery cases”, he said that “Large companies and their senior managers are responsible for the vast majority of the world’s bribery cases and are giving up a third of their profits from related projects to corrupt officials”. Donnan summarized the reports key findings as follows:

  • Companies with more than 250 employees accounted for 60 per cent of the cases of corruption studied. In 31 per cent of the cases the companies brought the bribes to the attention of authorities themselves. In just 2 per cent of the cases were whistleblowers involved.
  • The cost of bribes averaged 10.9 per cent of the value of the related transaction and 34.5 per cent of the profits. The largest bribes paid in a single case were worth $1.4bn. The smallest were valued at just $13.17.
  • A majority of the bribery cases involved company executives. Managers were involved in 41 per cent of the cases. A further 12 per cent involved the president or chief executive officer of a company.
  • Corruption is not just a poor world phenomenon. Almost half the cases studied involved bribery of public officials from countries with “high” or “very high” levels of human development.
  • The number of bribery cases brought around the world has grown substantially since 1999 but has fallen in the past two years after reaching a peak of 68 annually in 2010. Moreover, the time needed to prosecute cases has risen substantially from an average of 2 years in 2003 to 7.3 years in 2013.
  • Executives at state-owned companies accounted were the target of almost three in 10 bribes while customs officials accounted for just 11 per cent. Almost 60 per cent of the bribes were paid in order to obtain government contracts.
  • More than two-thirds of all sanctions levied were the result of legal settlements rather than convictions. In almost half the cases studied the fines levied were worth less than 50 per cent of the profits made by defendants as a result of the bribe.
  • Oil and mining companies on average paid bribes worth 21 per cent of the value of projects whereas those involved in the education sector or in water supply paid just 2 per cent.

I thought about the implications of these key findings in the context of Foreign Corrupt Practices Act (FCPA) enforcement going forward. At the 2014 Securities Enforcement Forum, held in October of this year, Jesse Eisenger reporting in the New York Times (NYT) DealB%k column, in an article entitled “In Turnabout, Former Top Regulators Assail Wall Street Watchdogs”, noted that white-collar defense lawyer Brad S. Karp, the chairman of Paul, Weiss, discussed some of the defense tactics that he uses when the government comes knocking against banks. “First, he pushes to move the charges to a subsidiary. Second, he tries to lower the charge. Third, he said, he focuses “on the powerful individuals in an organization” meaning that lawyers need to put top management first as they prepare a defense.”

Now consider those tactics in the context of the OECD report. Where do you think that the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) might look if they wanted to beef up enforcement? I ask this question because of a second article, which got my attention this week. In the Wall Street Journal (WSJ), Joel Schectman wrote a piece based upon in interview with University of Virginia School of Law professor Brandon Garrett, entitled “Professor Says Corporate Penalties Aren’t Working”. Schectman wrote, “many critics have said the government is still fighting companies with kid gloves.” Garrett delivered some direct criticisms when he was quoted as follows:

Of course, companies, like children, can’t go to jail. You can fine them, but the fines might not affect the right person. There is much more focus on rehabilitation compared with other areas of the criminal justice system. 

What you can do with companies is supervise them strictly, not through the lenient means they are using. People would be really troubled if the most serious individual offenders were let out and told to just behave for a couple years without supervision. And that is what’s happening with companies. In cases that are not plea bargains, there is no probation, there is no court supervision of probation, and with these deferred and non-prosecution agreements, most of them are not even supervised by an independent monitor. Only a quarter get monitorships. 

Most companies don’t have to audit their compliance to validate whether it’s working or not. Obviously a prosecutor is not in any position to obtain a sense of whether a big multinational company is complying with anything. Even a monitor needs a big international team working for them onsite to look at documents and interview employees.

Garrett does not seem to favor the DOJ going to trial but does believe that by getting a criminal plea in front of a court, the DOJ could use the resources and power of a federal court to deal with recidivists. Moreover, he believes that rehabilitation should be more rigorous and stated, “And if prosecutors aren’t getting anything more than the company’s assurance that it will do a systemic fix, that should leave us uneasy. We are starting to see recidivist banks and it’s looking like this compliance stuff isn’t working. A monitor isn’t a cure-all either. There are concerns about how a monitor is appointed. Do some of them go over budget without doing good work? But having someone independent seems a much better way to supervise compliance than rely on the company’s own assurance.”

What does all this mean for FCPA enforcement going forward? On the one hand you have the OECD saying the myth of the rogue employee is simply that, a myth. Corporations are intentionally violating anti-corruption laws such as the FCPA or certainly are aware of the conduct. Couple that with Garrett’s concerns that companies are getting off too easily and you may have a storm of more severe and stringent FCPA enforcement coming out of the DOJ and SEC. It may mean more and greater fines and penalties. It may mean greater use of external monitors who have unlimited budgets. It may mean more court supervision and interpretation of what compliance programs a company may implement going forward. It may mean longer and more thorough investigations as the DOJ and SEC strive to ascertain as much as they can that companies are remediating not only during the pendency of their investigations and enforcement actions but continue to do so while they are under resolution agreements such as Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs).

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 8, 2014

DPAs and NPAs – Powerful Tools in the Fight Against Corruption

ToolAs readers of this blog know the FCPA Professor and I usually look at the same Foreign Corrupt Practices Act (FCPA) enforcement action, item or remark and see different things. Sometimes we even hear the same thing and come away with different interpretations. Last week, we experienced yet another instance of the former where we both looked at the same article, that being one in Global Investigations Review entitled “Caldwell: settlement a “more powerful tool” than convictions” by Rahul Rose, yet came away with different interpretations. After some to-ing and fro-ing, we decided that we would both post our interpretations on the same day. So with a nod to Dan Fogelberg and Tim Weisberg, today we have the first twin posts from different bloggers dual- blog posts. Since we agreed to write our respective posts without seeing the other’s post and hence could not comment on each other’s post, I urge that after you finish reading my blog today, you click on over to the FCPA Professor’s site and see what his thoughts on Caldwell’s remarks might be.

The specific remarks we want to focus on were apparently made by during the Q&A session of Assistant Attorney General Leslie R. Caldwell who spoke at the Launch of the Organization for Economic Co-operation and Development Foreign Bribery Report, note these remarks were not found in the printed remarks of the speech on the Department of Justice (DOJ) website. In her Q&A, Rose reported the following, “Caldwell told the audience in Paris: “Companies cannot be sent to jail, so all a court can do is say you will pay ‘x’. We can say: ‘you will also have a monitor and will do all sorts of other things for the next five years, and if you don’t do them for the next five years then you can still be prosecuted’.” [And for the money shot] “In the United States system at least it is a more powerful tool than actually going to trial,” she said.”

It turns out that I have been thinking along these lines as well. The debate over the usefulness of Deferred Prosecution Agreement (DPAs) and Non-Prosecution Agreements (NPAs) has been long attended. Yet there are a couple of key reasons that DPAs and NPAs are such powerful tools in the fight against anti-corruption and anti-bribery which I do not believe have been fully articulated or explored. The first is that by settling, the DOJ (and Securities and Exchange Commission [SEC]) will have the ability to monitor the company going forward. This process began under the practice of formally appointing a corporate monitor nominated by the company in the throes of the enforcement action and who would be agreed to by the DOJ. This practice is generally referred to as a company having mandatory monitor.

While this specific practice received a fair amount of criticism from a variety of sources, the basic concept was sound. That concept was that a neutral third party would review a company’s compliance with the terms and conditions of a DPA or NPA and report to the DOJ at intervals generally no shorter than annually. This would give the DOJ eyes and ears into a company to oversee its adherence to the terms of the settlement. But what information did Caldwell convey in her statement as to why she thinks settlements are such a powerful tool? I read three pieces of information her statement about why FCPA settlements are such powerful tools.

‘Do All Sorts of Other Things’

Under this prong a settling defendant is required to do “all sorts of other things.” We know from the DPAs and NPAs relating to FCPA enforcement over the past several years, the minimum that a company will be required to institute is a best practices anti-corruption compliance program. While the FCPA Guidance specifies ten hallmarks of an effective compliance program, the DPAs and NPAs have had between 9 to 16 items listed in the best practices anti-corruption compliance programs that settling companies’ have agreed to institute. If the DOJ went to trial and secured a conviction the company would not have to put such a compliance program in place but only pay a fine or some other monetary penalty. Further, by requiring such a best practices anti-corruption compliance program in such a public manner, through a publicly filed DPA or NPA, the DOJ can communicate its current thinking on what it believes constitutes such a program. This provides valuable information to the compliance practitioner going forward and I believe completely disabuses the argument that companies cannot know what their obligations might be to comply with the FCPA or that companies do not know what the DOJ expects from them in the area of a FCPA compliance regime.

‘You will also have a monitor’

David E. Matyas and Lynn Shapiro Snyder
from the law firm of Epstein Becker & Green P.C., described the duties of a corporate monitor in their article entitled, “Monitoring the Monitor? The Need for Further Guidance Governing Corporate Monitors Under Pre-Trial Diversion Agreements”. The monitor would meet with “the company’s board and employees. A monitor then develops a work plan which defines the scope, access, and power the monitor will have over the company. The monitor’s work involves frequent visits to the company (including possible on-site accommodations) and broad access to company documents and meetings. The monitor should be knowledgeable about the regulatory aspects of the company’s operations, but that is not necessarily a criterion for selection of the monitor. Indeed, a monitor can hire others to assist in his or her responsibilities at the company’s expense. The monitor files periodic reports with the U.S. Attorney’s Office and makes visits with that office as well as with the company. At the conclusion of a monitor’s term – often 24-36 months – the monitor files a final report that details the activities accomplished and whether the company complied with all the terms of the agreement.”

So the monitor provides the DOJ with continued insight into what the company is doing to satisfy its settlement obligations around the implementation of its compliance program. If the DOJ has high confidence that the company has and will continue to put significant resources and efforts into its compliance program, it may agree to a voluntary monitor, as we have seen with the Parker Drilling and Hewlett-Packard (HP) DPAs. If the DOJ does not have such confidence, it may require a monitor for the length of the DPA, such as we saw in the Total DPA, which was three years. The DOJ may also take an interim position on the mandatory or voluntary nature of the monitor by allowing a company to end a mandatory monitorship half-way through the pendency of a DPA as it did with the Weatherford DPA, which allowed the mandatory monitorship to end at the 18 month mark of a three year DPA, if certain criteria were met.

‘You can still be prosecuted’ 

This final point is not to be underestimated. Once again if a company is found guilty at trial, a fine and/or penalty will be assessed and payment is the end of it. While it still may be under enhanced scrutiny, it will not have the affirmative obligation to report any FCPA violations going forward, nor will it bear potential liability and prosecution for failure to implement the terms and conditions of the DPA or NPA. Indeed, the company will agree to be prosecuted if there is another violation or it fails to implement as agreed to.

So by using DPAs and NPAs as settlement tools, I believe that the DOJ is able to impact on an ongoing basis, for two to three years, the compliance program of a settling company. This continued oversight usually translates into greater enthusiasm by a settling company to get compliance right so that it does not have to go through the full FCPA investigation and enforcement process. Of course there will always be recalcitrant companies such as Marubeni Corporation, which do not take the agreed to compliance obligations seriously going forward. When they get into trouble as recidivists, the second penalty is usually much higher. But there is also benefit to the compliance practitioner and greater compliance community because the DOJ communicates its expectations in these DPAs and NPAs. So they also work as powerful communication tools. Finally, by requiring a third party to act as the monitor, whether voluntary or mandatory, the DOJ can get some independent insight into what a company is doing compliance-wise.

Not knowing what the Professor has said, I have not tried to anticipate his arguments or rebut them directly. Nonetheless, I have tried to articulate why I agree with Ms. Caldwell’s remarks and why I continue to find the DOJ’s use of DPAs and NPAs as settlement tools a powerful weapon in the fight against bribery and corruption. I also hope that you will find favor with this exercise that the FCPA Professor and I have engaged in because we both believe that ongoing debate over FCPA enforcement is worthwhile for the compliance practitioner and necessary for the long-term success of compliance moving forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 26, 2014

Doing Business in India – Corruption Risks and Responses

IndiaRecently the US law firm of Foley and Lardner LLP and MZM Legal, Advocates & Legal Consultants in India jointly released a white paper, entitled “Anti-Bribery and Foreign Corrupt Practices Act Compliance Guide for U.S. Companies Doing Business in India”. For any compliance practitioner it is a welcome addition to country specific literature on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act and other anti-corruption legislation and includes a section on India’s anti-corruption laws and regulations.

FCPA Enforcement Actions for Conduct Centered in India

Under the FCPA, several notable US companies have been through enforcement actions related to conduct in India. Although not monikered as a ‘Box Score’ the authors do provide a handy chart which lists the companies involved, a description of the conduct and fine/penalty involved.

Company Description Disposition (in USD)
Pride International Payment made for favorable administrative judicial decision regarding customs issues $56.1 million
Tyco International German subsidiary paid third parties to secure contracts; payments recorded as commissions $26 million
Diageo Subsidiary made payments to government official responsible for purchase/authorization of Diageo’s products in India $16.4 million
Textron Subsidiaries paid foreign officials to secure contracts; characterized as commission and consulting fees $5.05 million
Oracle Corporation Oracle distributor allegedly created “slush” fund to pay third parties $2 million
Dow Chemical Company Payments made to India Central Insecticides Board to expedite registration of products $325,000

India Anti-Bribery/Anti-Corruption Laws 

The authors identify the principal anti-corruption legislation in India as the Prevention of Corruption Act, 1988 (PCA), which focuses on bribery of public servants. They go on to state, “Bribery under the PCA includes any “gratification” that a public servant receives other than his/her legal remuneration. Gratification constituting a bribe would include anything intended to motivate, influence, or reward a public servant for performing (or forbearing performance of) an official act, or for showing “favour or disfavour” to any person, or for rendering any service or disservice to a public servant.” However, there are other laws, in addition to the PCA, which govern such issues. These include “specific public servants’ Conduct Rules, which set specific guidelines on the value of gifts that may be accepted in furtherance of local or religious customs (where no reciprocal action is expected and where the public servant has no current or expected future official dealings with the gift giver). The guidelines for permissible gifts are based on the public servant’s rank and service classification and broadly range between 500 – 7,500 Rupees (approximately $8 – $120 U.S. dollars).”

Corruption Risks in India

Corruption risks in India are generally perceived to be high due to its “complex administrative and bureaucratic environment”. Similarly the FCPA Professor would say there are a high number of barriers to trade. Coming at it from a different direction, the Department of Justice (DOJ) would say the risk is high because of the number of licenses and permits required. More pruriently, I would say this leads to more folks having their collective hand out looking to speed things up. Indeed, in the recently released TRACE Matrix India comes in at 185th out of 197 countries listed, with a corruption score of 80, based largely on its score of 92 in the highest weighted category of “Interactions with Governments”.

a. Licenses and Permits

The authors identify that “a host of regulatory hurdles exists in India, including the need to obtain permits, licenses, and other regulatory approvals and to pay various application and registration fees. These types of low-level transactions provide opportunities for bribery. Payments made in such transactions — whether in cash or gifts — may appear minimal (by U.S. standards) and may seem harmless, but they can nonetheless result in violations of U.S. and/or India law.” They go on to list some “Examples of Problematic Conduct” around this issue they identify the following:

  • Paying (or providing some other benefit to) a customs official to bypass inspection or overlook incorrect or incomplete paperwork;
  • Paying a local tax regulator to overlook errors or inconsistencies in filings;
  • Paying an official to expedite the processing of a permit or license;
  • Paying a utilities provider to reduce billings; and
  • Paying a local health and safety regulator to overlook code violations.

b. Gifts, Travel and Entertainment

In the area of gifts, travel and entertainment, the authors state that “companies run the risk of triggering the FCPA and other anti-corruption laws if their marketing and entertainment expenditures cross a line into conduct that could be characterized as bribery or lends to the appearance of attempting to induce a breach of trust or impartiality on the part of the recipient…the various conduct rules for public servants in India establish specific guidelines for accepting gifts and hospitality, and, for some public servants, the maximum permissible gift value may be as low as 500 rupees ($8 U.S. dollars). Companies operating in India should thus familiarize themselves with these guidelines before providing even what may seem to be a modest gift or hospitality.” Some examples of problematic conduct identified is these areas are as follows:

  • Paying for extravagant meals, drinks, and entertainment in connection with a visit by a foreign official;
  • Paying for “side trips” so that foreign officials can visit tourist attractions (e.g., Walt Disney World, Las Vegas) while in the United States;
  • Providing per-diems or “pocket money” for foreign officials to use during a visit;
  • Paying for a foreign official’s spouse or family to accompany the foreign official on a trip; and
  • Providing foreign officials with excessive gifts for birthdays, weddings, holidays, or other events.

c. Third Parties

This is always recognized as the highest FCPA risk and in India it is no different. More importantly, it may be even greater in this country because “Navigating India’s extensive regulations and bureaucracy often requires U.S. companies to rely on third parties, such as agents, brokers, consultants, sales representatives, distributors, and other business partners…The PCA similarly criminalizes bribery through third parties as a direct violation by the third party and as an abetment violation by the company on whose behalf the bribe is being made.” The key is subject any third party to rigorous due diligence and closely manage the relationship after the contract is signed. If a Red Flag appears at any point in the third party lifecycle it should be evaluated and cleared. The authors provide a handy list of some examples of Red Flags regarding third parties when doing business in India. They include:

  • A third party is listed in databases reporting known corruption risks (e.g., World Bank List of Debarred Firms) or has been previously investigated for, charged with, or convicted of corruption or other ethics violations;
  • A foreign official has specifically requested that a certain third party be involved in the company’s transaction or business;
  • An agent or consultant holds himself out as someone with close connections to an important minister or minister’s aide;
  • A third party does not appear to have sufficient resources, real estate/infrastructure, or experience to perform the requested tasks;
  • A third party asks the company to provide it with unreasonably large discounts, excessive commissions, reimbursements, or contingency fees; and
  • A third party requests payment in an irregular or convoluted manner (e.g., cash, offshore bank account, payments to another company, over/under invoicing).

Managing Corruption Risk in India

In their concluding section, the authors relate solid risk management tools tailored to the Indian market. It all starts with robust standards and procedures. From there you should train not only your employees on what may be illegal conduct and how to resist requests for bribes but also your third parties. Annual certifications are an important tool for not only risk management but also communication about anti-corruption expectations. Your compliance program should devote the appropriate level of personnel and resources for your operations in India. Finally, a robust reporting mechanism is key but equally critical is your response after any information comes to light. It must be thoroughly investigated, quickly remedied and reported as appropriate.

The Foley & Lardner/MZM Legal white paper is a welcome addition to literature about country specific risks, remedies and responses. A copy of the full white paper can be obtained by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 25, 2014

How to Avoid a Mousetrap – Resource Reductions in Your Compliance Function

The MousetrapOn this day, 62 years ago, “The Mousetrap”, a murder-mystery written by Agatha Christie, opened at the Ambassadors Theatre in London. The crowd-pleasing whodunit has become the longest continuously running play in history, with more than 10 million people attending its more than 20,000 performances. The play opened with Sir Richard Attenborough and his wife, Sheila Sim, in the cast. To date, more than 300 actors and actresses have appeared in the roles of the eight characters. David Raven, who played “Major Metcalf” for 4,575 performances, is in the “Guinness Book of World Records” as the world’s most durable actor, while Nancy Seabrooke is noted as the world’s most patient understudy for 6,240 performances, or 15 years, as the substitute for “Mrs. Boyle.” The play is still going strong in London’s West End and at theaters across the world today.

The Mousetrap has survived the vicissitudes of one of the most fickle phenomenons known, the theater going public. Unfortunately, not all businesses can make the same claim to longevity, either in revenue sourcing or spending. For instance the energy industry is now facing a future with the price of oil at something currently around $80 per barrel. This has already led to proposed contraction in the energy services industry with the number 2 company, Halliburton Energy Services, buying the number 3 company, Baker Hughes. Halliburton has already announced they hope to achieve financial benefits through elimination of redundancies in the combined organizations.

Given this new thread of economics going through the energy industry, I wondered what it might all mean for a company’s compliance function? I thought about this question when I read a recent article in the Harvard Business Review (HBR), entitled “How Not to Cut Health Care Costs”, by Robert S. Kaplan and Derek A. Haas. Their article posited that many “cost-cutting initiatives actually lead to higher costs and lower-quality care.” This is because “Administrators typically look to reduce line-item expenses and increase the volume of patients seen.” But the authors opine that this is not the best way to cut costs or even deliver a superior health care service. They advocate, “Administrators, in collaboration with clinicians, should examine all the costs incurred over the care cycle for a medical condition. This will uncover multiple opportunities to benchmark, improve, and standardize processes in way that lower total costs and delver better care.”

Just as health care providers deliver services, so do compliance practitioners. This led me to view their article with the angle of a Chief Compliance Officer (CCO) or compliance practitioner that has been told to cut head count or resources. First, and foremost, is to keep in mind the direction provided in the FCPA Guidance, which is well thought out and considered, and will be viewed with a better eye by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) if they take a look at your compliance program after it has been cut. And, as with everything else that is Foreign Corrupt Practices Act (FCPA), UK Bribery Act or any other anti-corruption compliance program related, you must remember the most important aspect, that being Document, Document, and Document. Whatever you do, you should document that you have studied it, considered it and then articulated a reason for taking the steps you decided upon. This means you should take the authors advice and not simply reduce “line-item expenses on their P&L statements” but you should “consider the best mix of resources needed to deliver excellent [compliance] outcomes in an efficient manner.” To do so, the authors examine five cost cutting mistakes, which I will adapt for the compliance practitioner.

Mistake #1 – Cutting Back on Support Staff

Just as in the medical services-delivery world, the compliance arena support staff are a key component of a compliance program’s efficiency. Cutting such functions requires CCOs or others to spend more time on administrative matters and less on actually doing compliance. This can be up to ten times more costly for more senior compliance managers to perform such tasks than properly trained, efficient administrative staff. Arbitrary constraints or cuts in personnel spending, uninformed by the need to deliver high quality compliance outcomes can not only lead to a diminution in the compliance product but very dissatisfied internal compliance consumers.

Mistake #2 – Underinvestiging in Space and Equipment

While this is perhaps more self-evident in the health care services industry, I would argue that it applies to technology in the compliance arena. Underinvesting in technology can lead to a lowering of productivity for a company’s most expensive compliance resource; its compliance group. Further, once technology has been used in one area, the marginal cost to utilize it in a second area is often much lower than the initial cost. A case in point is translation services to translate your Code of Conduct, compliance policy and procedures into languages other than English. After the initial cost, the marginal cost for each update you make is considerably lower. Moreover, the authors point to the “folly of attempting to cut costs by holding down spending in isolated categories. More often than not, much higher costs soon show up in another category.” The key is to measure the costs of all resources used by the compliance function so that the appropriate trade-offs can be made. 

Mistake #3 – Focusing Narrowly on Procurement Prices

Often executives simply say that an overhead function, such as compliance, must “aim their reductions” at outside vendors. This may lead to more negotiations over suppliers’ pricings or attempts to negotiate high discounts. However the author’s note that this blanket approach often fails to take into account the precise mix of goods and services that a compliance department may use. Further, this gross approach focuses too narrowly on negotiating the price and fails to examine how the compliance function might actually consume goods and services from outside vendors. The authors note, “As a result, they miss potential large opportunities to lower spending.”

Mistake #4 – Maximizing Throughput

This mistake revolves around simply trying to get professionals to work faster. However, as with physicians, this mistake “is not sensitive to the impact of seemingly arbitrary standards on [compliance] outcomes.” Interesting what may be true is quite the opposite that a compliance function can receive greater overall productivity by spending more time with fewer problems. This is because by spending less time with problems up front, a compliance professional may be able to bring greater risk management techniques to bear, which can work to prevent or even proscribe a compliance issue rather than simply detecting it after something has occurred. The more time the compliance function can spend in counseling, monitoring or performing in-person training, the more benefits will be paid off from preventing compliance issues from becoming FCPA violative events.

Mistake #5 – Failing to Benchmark and Standardize

Benchmarking is recognized as a key tool of the compliance practitioner. However it is rarely thought of a cost-cutting tool or a cost-efficiency mechanism. Many compliance practitioners can only see the no ‘one-size-fits-all’ proscription which blocks them from seeing what other compliance practitioners might be doing to achieve similar results. If other companies can be used to determine a range of compliance techniques and strategies, perhaps they could also be consulting for the standardization of certain processes or procedures, which might lead to greater cost efficiencies. One constant about compliance is that there are no trade secrets in compliance. A constant about compliance professionals is that they will always share information on their program. Use the knowledge of others to help you deliver a compliance solution in a more cost-effective approach.

The compliance profession is maturing. Costs and inefficiencies can be the result of “mismatched capacity, fragmented delivery, suboptimal outcomes and inefficient use of technology.” In their penultimate paragraph the authors state, “The current practice of managing and cutting costs from a P&L statement does nothing to address those problems.” Unlike the theater version of The Mousetrap, compliance will experience ups and downs in funding similar to other corporate overhead functions. However, such pinch points might present opportunities for the compliance professional to review and assess a company’s compliance program and come up with ways to make it run more efficiently. For if it is true that there is no ‘one-size-fits-all’ approach to compliance; it is equally true that you are only limited by your imagination. But document how you got there and why and be prepared to defend how you identified your risk, coupled with your management of them.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

November 24, 2014

The FCPA Guidance: Still Going Strong at Two

Brithday TwoOne of the great things about Sunday afternoon is that Mike Volkov posts his Monday blog, when I usually have time to read it when I get the email notification that it is up. Yesterday he wished the Department of Justice’s (DOJ) and Securities and Exchange Commission’s (SEC) jointly released 2012 A Resource Guide to the U.S. Foreign Corrupt Practices Act (Guidance) a belated Happy 2nd Birthday and bemoaned the fact no one else had done so. Inspired, and somewhat chagrined by Volkov, I decided to blog today about a couple of the highlights from the FCPA Guidance.

I. The Ten Hallmarks of Effective Compliance Programs

As a ‘Nuts and Bolts’ guy I found the DOJ/SEC formulation of their thoughts on what might constitute a best practices compliance program, the most useful part. The Guidance cautions that there is no “one-size-fits-all” compliance program. It recognizes a variety of factors such as size, type of business, industry and risk profile a company should determine for its own needs regarding a Foreign Corrupt Practices Act (FCPA) compliance program. But the Guidance made clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

  1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states, “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
  2. Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. Importantly, the Guidance made clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model.
  3. Oversight, Autonomy, and Resources. This section began with a discussion on the assignment of a senior level executive to oversee and implement a company’s compliance program. Equally importantly, the compliance function must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Finally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall, the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
  4. Risk Assessment. The Guidance states, “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.” The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.”
  5. Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high-risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
  6. Incentives and Disciplinary Measures. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.”
  7. Third-Party Due Diligence and Payments. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
  8. Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
  9. Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
  1. Mergers and Acquisitions.Pre-Acquisition Due Diligence and Post-Acquisition Integration.Here the DOJ and SEC spell out their expectations in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information was not something on which most companies had previously focused. A company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

II. Declinations

Many commentators such The FCPA Professor, Mike Volkov, myself and others have advocated that the DOJ release information about Declinations because they are an excellent source of information for the compliance practitioner about the DOJ’s thinking on FCPA enforcement issues. Indeed I had written, “In an area like Foreign Corrupt Practice Act (FCPA) enforcement, where guiding case law is largely non-existent, compliance practitioners must rely on the actions and decisions of federal enforcement agencies for information. Such information is available in the form of enforcement actions, the release of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs), and hypothetical fact patterns presented to the Department of Justice (DOJ) through its Opinion Release procedure. But one highly valuable source of guidance has been kept from regulated entities and their counsels: DOJ and Securities and Exchange Commission (SEC) “declination” decisions, opinions which are drafted when the agencies decline to prosecute an individual or organization. A change is needed in this counterproductive policy. The release of substantive information on declinations would help foster greater compliance with the FCPA by providing practitioners with specific facts of circumstances where investigations did not result in an enforcement action.”

Whether the DOJ was answering any of the commentary, it hardly matters. But a significant section of the Guidance is dedicated specifically to six Declinations provided to companies which self-disclosed possible FCPA violations. The types of issues reported to the DOJ were as varied as mergers and acquisitions (M&A); actions by third parties on a company’s behalf which violated the FCPA; payments improperly made by company employees which were incorrectly characterized as facilitation payments; and illegal bribes paid out by a small group of company employees. From these Declinations, I derived the following points (1) The Company was alerted to possible corrupt conduct via its compliance program or internal controls. (2) Possible FCPA violations were self-reported or otherwise voluntarily disclosed to the DOJ/SEC. (3) The entities in question conducted a thorough internal investigation and shared the results with the DOJ/SEC. (4) The conduct violative of the FCPA was not pervasive and consisted of relatively small bribes or other corrupt payments. (5) The company took immediate corrective action against the person(s) engaging in the conduct. (6) Each company’s compliance program was expanded or enhanced and these enhancements were reflected in compliance training, internal process improvements and additional enhanced internal controls.

So here’s to the Guidance at the ripe of age of 2. Thanks for coming into all of our (compliance) lives. I have also held back the best for last; the Guidance is available for free on the DOJ website and you can download it by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 21, 2014

The Strategic Use of Compliance

StrategyWhat is your company’s compliance strategy? By this I do not mean what is your company doing to put in a place a best practices anti-corruption compliance program that meets the requirement of the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. My inquiry goes both further and deeper. Has your company moved beyond the view that compliance with the FCPA is simply enough by incorporating compliance into your business strategy to secure a competitive advantage going forward? I thought about this issue when I read a recent article in the MIT Sloan Management Review, entitled “Finding the Right Corporate Legal Strategy”, by Robert C. Bird and David Orozco. While the authors posed the questions from the legal perspective, I found their insights equally valid from the compliance perspective.

While I am fairly certain that Chief Compliance Officers (CCOs) and compliance practitioners understand the need for the integration of compliance into the day-to-day business operations of a company, many business types still view compliance “as a constraint on managerial decisions, primarily perceiving” compliance as simply a cost. The authors believe that the more enlightened approach is for companies to use functions such as compliance “in order to secure long-term competitive advantage.” To do so the authors detailed five different legal strategies, which they call pathways, that companies might use that I will translate into compliance strategies. They are in ascending order of importance: (1) avoidance; (2) compliance; (3) prevention; (4) value and (5) transformation. The right strategy for your company will depend on a variety of factors such as maturity of your compliance function, commitment by senior management to compliance, your business model and the compliance function’s ability to collaborate with business managers.

Avoidance

This is the idiot response where a company either disregards anti-corruption laws such as the FCPA or UK Bribery Act or engages in willful blindness. Unfortunately, there are many major US and foreign corporations that have come to grief under the FCPA because they did not take some of the most basic steps to comply with these laws. It is largely because senior management believes that compliance provides “little concrete value, so they make no effort to” even acquiring knowledge in the area. Worse yet are companies who gain a modicum of knowledge about such anti-corruption laws “only so that they can circumvent it to achieve a desired objective.” The authors note that while “An avoidance strategy can sometimes be effective…it can also lead to disaster.” This lead to the compliance function and the CCO only being called in an emergency, after the conduct has occurred so that compliance is always in a reactionary mode.

Compliance

This pathway means complying with laws, not the compliance function itself. Under this pathway, “companies recognize that the law is an unwelcome but mandatory constraint on their activities.” So while following this strategy would allow a company to have subject matter expert (SME) practitioners in the field of compliance, it would exist only “so the business could operate within its legal bounds.” Under this pathway, companies still view compliance as a cost to be minimized. Moreover, anti-corruption laws such as the FCPA or UK Bribery Act are “viewed as primarily inflexible—externally imposed rules that cannot be changed or adapted to suit a particular corporate strategy.” This means that business managers will simply not understand that compliance can be used to further business goals. It also leads most business unit folks to believe that compliance is the Land of No and the CCO is in reality ‘Dr. No’ who is there “primarily as a watchdog that polices corporate conduct for illegal activity.”

Prevention 

Under the prevention pathway, senior management acknowledges that anti-corruption laws can be used as competitive advantage “to further well-defined business roles.” This means that the compliance is proactive rather than reactive. Senior managers understand how the law relates to their business areas “and they appreciate how it can be used to minimize particular business risks.” The compliance function “seeks partnerships with managers to help them achieve their risk-management goals.” This pathway has the added benefit that allows compliance practitioners to recognize the importance of measuring and quantifying compliance issues and data “as a part of a broader effort to support a business oriented strategy.” It also means that the compliance function is available to the business unit when the competitive landscape is “strategically assessed” by the business unit. This is more than simply having a seat at the table; it is being a part of and contributing to the commercial strategy.

Value

Companies operating in this pathway use compliance to “create tangible and identifiable value.” But to do so requires a true corporate commitment because business unit managers will need to have a strong understanding of anti-corruption compliance and how it can be tailored to generate value for the company. The CCO, and indeed the entire compliance function, must see itself “as a key stakeholder in helping the company to increase its return on investment” and should see itself in helping to create value for the company. Usually this comes about in two ways. The first is by using compliance to lower costs of doing business, particularly through third parties. Here you can think of reducing the number of vendors who perform the same services or provide the same products to you by appropriate management of your third party compliance program. The second way is by using compliance to increase revenues.

Transformation

In this final pathway, a company will incorporate compliance directly into its business model. While the authors note that few companies have been able to move this far in the legal arena, those who have done so possess a rare and valuable “capability that can provide a competitive advantage that is difficult for a business rival to imitate.” One of the keys to making this transformation is that not only is compliance integrated within “the company’s various value-chain activities; it is also linked with the value chains of important external partners as part of the larger business ecosystem.” This pathway is only available to companies with the most mature compliance function and most usually when compliance is combined with “the business model and core competencies of the company.”

Clearly there is no ‘one size fits all’ approach to compliance strategies. However if your compliance program has maturity and senior management can operate with their eyes open, they will see that while the first three strategies focus on managing risk, the final two are targeted towards generating business opportunities or least have compliance as a part of the team doing so. As compliance practitioners move into the CCO 2.0 role that I have advocated, these pathways can provide you with a tangible starting point to educate senior management on what compliance can bring to the (business) table.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 19, 2014

Chamber of Commerce: Corporations Form the Cornerstone of FCPA Compliance

CornerstoneRecently one of the most unlikely sources for praise of the Foreign Corrupt Practices Act (FCPA) came out to inform us all that corporations are the cornerstone of FCPA compliance and enforcement. You may be surprised to find out that it came from the US Chamber of Commerce. It did not come in the form of Congressional testimony in praise of the FCPA but in the Chamber’s Amicus Curie filing in a case currently being considered by the Texas Supreme Court. Regardless of the forum, the praise was just as strong and hopefully just as lasting.

The Texas Supreme Court recently held oral arguments in the appeal of Shell v. Writt. Unusually for a state supreme court case, it touches on the FCPA. The issue before the Court is whether Shell’s internal FCPA investigation is absolutely privileged from a defamation claim by persons named in the report as having violated the FCPA. Being as this is Texas, with a state supreme court just to the right of Attila the Hun, it is easy to determine what the outcome of the case will be, the company will win.

Procedurally, Writt, the plaintiff claiming defamation from Shell’s report of its internal investigation that it provided to the Department of Justice (DOJ), lost at the trial court on summary judgment. The trial court found that Shell had an absolute privilege because the report was turned over to a government agency investigating the matter. The court of appeals reversed this decision holding that because the internal investigation was voluntary, not mandatory, that only a conditional privilege existed and sent the matter back to the trial court for further proceedings. Shell appealed this court of appeals decision to the Texas Supreme Court.

Interestingly, the US Chamber of Commerce filed an amicus brief in the appeal to the Texas Supreme Court, supporting Shell. In its brief, the Chamber came out with full guns blazing in support of the FCPA and for full internal investigations and self-disclosure by companies. At the start of its brief, the Chamber comes out four square in support of the FCPA stating, “Since 1977, and especially over the last decade, the Foreign Corrupt Practices Act (“FCPA”) has played a very significant role in the federal regulation of multinational corporations. By punishing bribery and other illicit influence of foreign officials by U.S. companies, the statute seeks to improve the integrity of American businesses, promote market efficiency, and maintain the reputation of American democracy abroad.”

The Chamber noted the importance of the FCPA to both the US government and to US businesses. It stated, “Over the past decade, the FCPA has taken on renewed importance for both the U.S. government and American businesses.” As to the importance that the US government places on FCPA enforcement, the Chamber cited to the following, “DOJ officials have publicly stated that “enforcement of the FCPA is second only to fighting terrorism in terms of priority.”” Lastly, because of this focus, “FCPA compliance is now a main focus of concern for U.S. businesses.” Moreover, US companies are now ““light years ahead of where [they were] circa the mid-to-late 1990s,” with companies “implementing more rigorous and sophisticated compliance protocols,” including thorough internal investigations and candid self reporting.”

The Chamber did not stop there with its high praise of the FCPA and the importance of the FCPA and its enforcement for US businesses. The Chamber next turned to US businesses role in FCPA enforcement and compliance when it said, “the government has always relied upon businesses to cooperate with investigations and self-report any potential violations by corporate employees. “Federal enforcement authorities have consistently encouraged, if not as a practical matter demanded, that as to the FCPA companies voluntarily conduct internal investigations, disclose potential violations and cooperate with government investigations.” With their vast resources, individualized focus, and access to documents and witnesses, “companies are actually much better positioned to gather more information more quickly overseas than the Justice Department or the SEC.”” Perhaps channeling some of the criticisms of the recent General Motors (GM) and FIFA investigations, the Chamber recognizes that more than simply results must be shared with the DOJ when it stated, “The government requires that corporations provide not just information on violations that they are certain of, but rather any “relevant information and evidence,” as well as identification of “relevant actors inside and outside the company.””

The money line from the Chamber’s brief is the following, “Corporate cooperation, internal investigation, and self-reporting thus form the cornerstone of FCPA compliance and enforcement.” It could not be clearer from this statement the importance that a robust internal investigation protocol, coupled with self-disclosure bring to FCPA compliance. The FCPA Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken. Companies will want to consider taking “lessons learned” from any reported violations and the outcome of any resulting investigation to update their internal controls and compliance program and focus future training on such issues, as appropriate.”

Thus internal investigations coupled with self-reporting provide both companies and the US government towards the same goal; greater compliance with the FCPA because the Chamber recognizes that the FPCA plays a vital role in international business and corruption prevention and prosecution. The Chamber even cites, favorably, the Congressional logic for the enactment of the FCPA by stating, “Congress determined that such practices tarnish the image of American democracy abroad, impair confidence in American businesses, hamper the efficiency of the market, anger the citizens of otherwise friendly foreign nations, and, put simply, are “morally repugnant” and “bad business.”” Finally, the Chamber acknowledges the importance of the FCPA for both US and international investors; both in the US and for companies abroad by concluding, “The FCPA is a valuable statute that helps to reduce corruption and to reinforce public and investor confidence in the markets here and abroad.”

This brief lays out one of the strongest articulations of the power of the FCPA. I did not expect the Chamber to come out so forcefully in favor of what that many business types continually bemoan. The Chamber’s recognition that FCPA compliance and enforcement are cornerstones of the protection of US businesses; US business interests and investor confidence across the globe is a welcome addition to the FCPA dialogue.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,879 other followers