FCPA Compliance and Ethics Blog

November 24, 2014

The FCPA Guidance: Still Going Strong at Two

Brithday TwoOne of the great things about Sunday afternoon is that Mike Volkov posts his Monday blog, when I usually have time to read it when I get the email notification that it is up. Yesterday he wished the Department of Justice’s (DOJ) and Securities and Exchange Commission’s (SEC) jointly released 2012 A Resource Guide to the U.S. Foreign Corrupt Practices Act (Guidance) a belated Happy 2nd Birthday and bemoaned the fact no one else had done so. Inspired, and somewhat chagrined by Volkov, I decided to blog today about a couple of the highlights from the FCPA Guidance.

I. The Ten Hallmarks of Effective Compliance Programs

As a ‘Nuts and Bolts’ guy I found the DOJ/SEC formulation of their thoughts on what might constitute a best practices compliance program, the most useful part. The Guidance cautions that there is no “one-size-fits-all” compliance program. It recognizes a variety of factors such as size, type of business, industry and risk profile a company should determine for its own needs regarding a Foreign Corrupt Practices Act (FCPA) compliance program. But the Guidance made clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

  1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states, “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
  2. Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. Importantly, the Guidance made clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model.
  3. Oversight, Autonomy, and Resources. This section began with a discussion on the assignment of a senior level executive to oversee and implement a company’s compliance program. Equally importantly, the compliance function must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Finally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall, the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
  4. Risk Assessment. The Guidance states, “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.” The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.”
  5. Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high-risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
  6. Incentives and Disciplinary Measures. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.”
  7. Third-Party Due Diligence and Payments. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
  8. Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
  9. Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
  1. Mergers and Acquisitions.Pre-Acquisition Due Diligence and Post-Acquisition Integration.Here the DOJ and SEC spell out their expectations in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information was not something on which most companies had previously focused. A company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

II. Declinations

Many commentators such The FCPA Professor, Mike Volkov, myself and others have advocated that the DOJ release information about Declinations because they are an excellent source of information for the compliance practitioner about the DOJ’s thinking on FCPA enforcement issues. Indeed I had written, “In an area like Foreign Corrupt Practice Act (FCPA) enforcement, where guiding case law is largely non-existent, compliance practitioners must rely on the actions and decisions of federal enforcement agencies for information. Such information is available in the form of enforcement actions, the release of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs), and hypothetical fact patterns presented to the Department of Justice (DOJ) through its Opinion Release procedure. But one highly valuable source of guidance has been kept from regulated entities and their counsels: DOJ and Securities and Exchange Commission (SEC) “declination” decisions, opinions which are drafted when the agencies decline to prosecute an individual or organization. A change is needed in this counterproductive policy. The release of substantive information on declinations would help foster greater compliance with the FCPA by providing practitioners with specific facts of circumstances where investigations did not result in an enforcement action.”

Whether the DOJ was answering any of the commentary, it hardly matters. But a significant section of the Guidance is dedicated specifically to six Declinations provided to companies which self-disclosed possible FCPA violations. The types of issues reported to the DOJ were as varied as mergers and acquisitions (M&A); actions by third parties on a company’s behalf which violated the FCPA; payments improperly made by company employees which were incorrectly characterized as facilitation payments; and illegal bribes paid out by a small group of company employees. From these Declinations, I derived the following points (1) The Company was alerted to possible corrupt conduct via its compliance program or internal controls. (2) Possible FCPA violations were self-reported or otherwise voluntarily disclosed to the DOJ/SEC. (3) The entities in question conducted a thorough internal investigation and shared the results with the DOJ/SEC. (4) The conduct violative of the FCPA was not pervasive and consisted of relatively small bribes or other corrupt payments. (5) The company took immediate corrective action against the person(s) engaging in the conduct. (6) Each company’s compliance program was expanded or enhanced and these enhancements were reflected in compliance training, internal process improvements and additional enhanced internal controls.

So here’s to the Guidance at the ripe of age of 2. Thanks for coming into all of our (compliance) lives. I have also held back the best for last; the Guidance is available for free on the DOJ website and you can download it by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 21, 2014

The Strategic Use of Compliance

StrategyWhat is your company’s compliance strategy? By this I do not mean what is your company doing to put in a place a best practices anti-corruption compliance program that meets the requirement of the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. My inquiry goes both further and deeper. Has your company moved beyond the view that compliance with the FCPA is simply enough by incorporating compliance into your business strategy to secure a competitive advantage going forward? I thought about this issue when I read a recent article in the MIT Sloan Management Review, entitled “Finding the Right Corporate Legal Strategy”, by Robert C. Bird and David Orozco. While the authors posed the questions from the legal perspective, I found their insights equally valid from the compliance perspective.

While I am fairly certain that Chief Compliance Officers (CCOs) and compliance practitioners understand the need for the integration of compliance into the day-to-day business operations of a company, many business types still view compliance “as a constraint on managerial decisions, primarily perceiving” compliance as simply a cost. The authors believe that the more enlightened approach is for companies to use functions such as compliance “in order to secure long-term competitive advantage.” To do so the authors detailed five different legal strategies, which they call pathways, that companies might use that I will translate into compliance strategies. They are in ascending order of importance: (1) avoidance; (2) compliance; (3) prevention; (4) value and (5) transformation. The right strategy for your company will depend on a variety of factors such as maturity of your compliance function, commitment by senior management to compliance, your business model and the compliance function’s ability to collaborate with business managers.

Avoidance

This is the idiot response where a company either disregards anti-corruption laws such as the FCPA or UK Bribery Act or engages in willful blindness. Unfortunately, there are many major US and foreign corporations that have come to grief under the FCPA because they did not take some of the most basic steps to comply with these laws. It is largely because senior management believes that compliance provides “little concrete value, so they make no effort to” even acquiring knowledge in the area. Worse yet are companies who gain a modicum of knowledge about such anti-corruption laws “only so that they can circumvent it to achieve a desired objective.” The authors note that while “An avoidance strategy can sometimes be effective…it can also lead to disaster.” This lead to the compliance function and the CCO only being called in an emergency, after the conduct has occurred so that compliance is always in a reactionary mode.

Compliance

This pathway means complying with laws, not the compliance function itself. Under this pathway, “companies recognize that the law is an unwelcome but mandatory constraint on their activities.” So while following this strategy would allow a company to have subject matter expert (SME) practitioners in the field of compliance, it would exist only “so the business could operate within its legal bounds.” Under this pathway, companies still view compliance as a cost to be minimized. Moreover, anti-corruption laws such as the FCPA or UK Bribery Act are “viewed as primarily inflexible—externally imposed rules that cannot be changed or adapted to suit a particular corporate strategy.” This means that business managers will simply not understand that compliance can be used to further business goals. It also leads most business unit folks to believe that compliance is the Land of No and the CCO is in reality ‘Dr. No’ who is there “primarily as a watchdog that polices corporate conduct for illegal activity.”

Prevention 

Under the prevention pathway, senior management acknowledges that anti-corruption laws can be used as competitive advantage “to further well-defined business roles.” This means that the compliance is proactive rather than reactive. Senior managers understand how the law relates to their business areas “and they appreciate how it can be used to minimize particular business risks.” The compliance function “seeks partnerships with managers to help them achieve their risk-management goals.” This pathway has the added benefit that allows compliance practitioners to recognize the importance of measuring and quantifying compliance issues and data “as a part of a broader effort to support a business oriented strategy.” It also means that the compliance function is available to the business unit when the competitive landscape is “strategically assessed” by the business unit. This is more than simply having a seat at the table; it is being a part of and contributing to the commercial strategy.

Value

Companies operating in this pathway use compliance to “create tangible and identifiable value.” But to do so requires a true corporate commitment because business unit managers will need to have a strong understanding of anti-corruption compliance and how it can be tailored to generate value for the company. The CCO, and indeed the entire compliance function, must see itself “as a key stakeholder in helping the company to increase its return on investment” and should see itself in helping to create value for the company. Usually this comes about in two ways. The first is by using compliance to lower costs of doing business, particularly through third parties. Here you can think of reducing the number of vendors who perform the same services or provide the same products to you by appropriate management of your third party compliance program. The second way is by using compliance to increase revenues.

Transformation

In this final pathway, a company will incorporate compliance directly into its business model. While the authors note that few companies have been able to move this far in the legal arena, those who have done so possess a rare and valuable “capability that can provide a competitive advantage that is difficult for a business rival to imitate.” One of the keys to making this transformation is that not only is compliance integrated within “the company’s various value-chain activities; it is also linked with the value chains of important external partners as part of the larger business ecosystem.” This pathway is only available to companies with the most mature compliance function and most usually when compliance is combined with “the business model and core competencies of the company.”

Clearly there is no ‘one size fits all’ approach to compliance strategies. However if your compliance program has maturity and senior management can operate with their eyes open, they will see that while the first three strategies focus on managing risk, the final two are targeted towards generating business opportunities or least have compliance as a part of the team doing so. As compliance practitioners move into the CCO 2.0 role that I have advocated, these pathways can provide you with a tangible starting point to educate senior management on what compliance can bring to the (business) table.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 19, 2014

Chamber of Commerce: Corporations Form the Cornerstone of FCPA Compliance

CornerstoneRecently one of the most unlikely sources for praise of the Foreign Corrupt Practices Act (FCPA) came out to inform us all that corporations are the cornerstone of FCPA compliance and enforcement. You may be surprised to find out that it came from the US Chamber of Commerce. It did not come in the form of Congressional testimony in praise of the FCPA but in the Chamber’s Amicus Curie filing in a case currently being considered by the Texas Supreme Court. Regardless of the forum, the praise was just as strong and hopefully just as lasting.

The Texas Supreme Court recently held oral arguments in the appeal of Shell v. Writt. Unusually for a state supreme court case, it touches on the FCPA. The issue before the Court is whether Shell’s internal FCPA investigation is absolutely privileged from a defamation claim by persons named in the report as having violated the FCPA. Being as this is Texas, with a state supreme court just to the right of Attila the Hun, it is easy to determine what the outcome of the case will be, the company will win.

Procedurally, Writt, the plaintiff claiming defamation from Shell’s report of its internal investigation that it provided to the Department of Justice (DOJ), lost at the trial court on summary judgment. The trial court found that Shell had an absolute privilege because the report was turned over to a government agency investigating the matter. The court of appeals reversed this decision holding that because the internal investigation was voluntary, not mandatory, that only a conditional privilege existed and sent the matter back to the trial court for further proceedings. Shell appealed this court of appeals decision to the Texas Supreme Court.

Interestingly, the US Chamber of Commerce filed an amicus brief in the appeal to the Texas Supreme Court, supporting Shell. In its brief, the Chamber came out with full guns blazing in support of the FCPA and for full internal investigations and self-disclosure by companies. At the start of its brief, the Chamber comes out four square in support of the FCPA stating, “Since 1977, and especially over the last decade, the Foreign Corrupt Practices Act (“FCPA”) has played a very significant role in the federal regulation of multinational corporations. By punishing bribery and other illicit influence of foreign officials by U.S. companies, the statute seeks to improve the integrity of American businesses, promote market efficiency, and maintain the reputation of American democracy abroad.”

The Chamber noted the importance of the FCPA to both the US government and to US businesses. It stated, “Over the past decade, the FCPA has taken on renewed importance for both the U.S. government and American businesses.” As to the importance that the US government places on FCPA enforcement, the Chamber cited to the following, “DOJ officials have publicly stated that “enforcement of the FCPA is second only to fighting terrorism in terms of priority.”” Lastly, because of this focus, “FCPA compliance is now a main focus of concern for U.S. businesses.” Moreover, US companies are now ““light years ahead of where [they were] circa the mid-to-late 1990s,” with companies “implementing more rigorous and sophisticated compliance protocols,” including thorough internal investigations and candid self reporting.”

The Chamber did not stop there with its high praise of the FCPA and the importance of the FCPA and its enforcement for US businesses. The Chamber next turned to US businesses role in FCPA enforcement and compliance when it said, “the government has always relied upon businesses to cooperate with investigations and self-report any potential violations by corporate employees. “Federal enforcement authorities have consistently encouraged, if not as a practical matter demanded, that as to the FCPA companies voluntarily conduct internal investigations, disclose potential violations and cooperate with government investigations.” With their vast resources, individualized focus, and access to documents and witnesses, “companies are actually much better positioned to gather more information more quickly overseas than the Justice Department or the SEC.”” Perhaps channeling some of the criticisms of the recent General Motors (GM) and FIFA investigations, the Chamber recognizes that more than simply results must be shared with the DOJ when it stated, “The government requires that corporations provide not just information on violations that they are certain of, but rather any “relevant information and evidence,” as well as identification of “relevant actors inside and outside the company.””

The money line from the Chamber’s brief is the following, “Corporate cooperation, internal investigation, and self-reporting thus form the cornerstone of FCPA compliance and enforcement.” It could not be clearer from this statement the importance that a robust internal investigation protocol, coupled with self-disclosure bring to FCPA compliance. The FCPA Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken. Companies will want to consider taking “lessons learned” from any reported violations and the outcome of any resulting investigation to update their internal controls and compliance program and focus future training on such issues, as appropriate.”

Thus internal investigations coupled with self-reporting provide both companies and the US government towards the same goal; greater compliance with the FCPA because the Chamber recognizes that the FPCA plays a vital role in international business and corruption prevention and prosecution. The Chamber even cites, favorably, the Congressional logic for the enactment of the FCPA by stating, “Congress determined that such practices tarnish the image of American democracy abroad, impair confidence in American businesses, hamper the efficiency of the market, anger the citizens of otherwise friendly foreign nations, and, put simply, are “morally repugnant” and “bad business.”” Finally, the Chamber acknowledges the importance of the FCPA for both US and international investors; both in the US and for companies abroad by concluding, “The FCPA is a valuable statute that helps to reduce corruption and to reinforce public and investor confidence in the markets here and abroad.”

This brief lays out one of the strongest articulations of the power of the FCPA. I did not expect the Chamber to come out so forcefully in favor of what that many business types continually bemoan. The Chamber’s recognition that FCPA compliance and enforcement are cornerstones of the protection of US businesses; US business interests and investor confidence across the globe is a welcome addition to the FCPA dialogue.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 18, 2014

FIFA and Good-Faith Investigations

CautionYou know things are getting bad when the Wall Street Journal (WSJ) questions a business’ moral authority. Things certainly cannot be much better when the regulators begin nosing around your own self-indulgence. What happens when you realize all of a sudden that all those actions you have taken may actually fall under the jurisdiction of both the United Kingdom and the United States and their respective anti-corruption laws, the UK Bribery Act and the US Foreign Corrupt Practices Act (FCPA)? It turns out all of this may have come through for our friends at Fédération Internationale de Football Association (FIFA).

Last week FIFA announced that it had considered the investigation into allegations of corruption into the awarding of the 2018 World Cup tournament to Russia and the 2022 World Cup tournament to Qatar and found, as reported in the Financial Times (FT) by Roger Blitz in an article entitled “Fifa thrown into fresh turmoil over Qatar World Cup corruption claims”, that “any improper behaviour in the bidding process for the tournament was “of very limited scope.”” This conclusion was made by a FIFA appointed former judge, “Hans-Joachim Eckert, who is chairman of the adjudicatory chamber of Fifa’s ethics committee.” Eckert had reviewed a 350-page report by investigator Michael J. Garcia, who is a former US prosecutor now practicing law in New York. Eckert released a 42 page “summary study” of the Garcia report, which he claimed supported his decision.

Unfortunately for FIFA and Eckert, Blitz reported in another FT article, entitled “Garcia and Eckert set for showdown over Fifa report”, that “Mr Eckert’s summary was disowned within hours of its publication by Mr Garcia, who claimed it misrepresented his findings. He has protested to Fifa’s appeals committee.” Garcia’s statement “has blown apart Fifa’s attempt to bring to a close nearly three years of allegations of unethical behaviour and has left Mr Eckert under increasing pressure to publish the Garcia investigation.” This action by FIFA led Reinhard Rauball, president of the German football league (DFL), to say, “Europe would have to consider breaking away from Fifa unless the Garcia investigation was published in full.”

All of this came after the summary itself noted that documents and evidence surrounding the Russian bid were lost because the computers on which they were stored had been destroyed. Garcia was not even able to speak with all the relevant witness in the Qatar bid as well. Even with this lack of full investigation, Garcia issues a statement which said that Eckert’s summary contained “numerous and materially incomplete and erroneous representations of the facts and conclusions detailed in the investigatory chamber’s report.”

What does all of this mean for FIFA? Certainly if the head of the German football league says that the European soccer federations may have to pull out of the organization because it is so corrupt that portends poorly. In another article in the FT, entitled “Brussels launches sliding tackle against Fifa”, Alex Barker reported “The EU’s top sports official is urging Fifa to come clean with findings from its corruption investigation, in a warning that signals a Brussels rethink over the commercial freedoms enjoyed by football’s scandal-tarnished governing body. In a direct swipe at Fifa’s attempt to clear Russia and Qatar to run the next two World Cups, Tibor Navracsics, the EU commissioner for sports, has called for full publication of a graft report into the 2010 bidding process to “remove doubts” about its findings. While Sepp Blatter’s Fifa is an unregulated Swiss body independent from government, its lucrative business activities in the European market are subject to rules overseen by EU regulators, including sales of television rights.”

What about any criminal issues? A quick Google search reveals that FIFA has offices in both the US and the UK. Given the very broad jurisdiction of the FCPA and perhaps the UK Bribery Act, it does not seem too far a stretch for either the Department of Justice (DOJ), the FBI, the UK Serious Fraud Office (SFO) or even the Overseas anti-corruption unit of the London police might want to open an investigation. Indeed CNN reported that the FBI is investigating FIFA at this time, saying “Investigators are moving ahead with their probe, which could result in charges against senior FIFA officials, the U.S. law enforcement officials said.”

For the compliance practitioner there are a couple of important lesson in all of this. First and foremost, in your internal investigations, you need to provide access of both documents and witnesses to your counsel. If you do not that alone may certainly compromise your investigation. This point was recently re-emphasized in the ongoing General Motors (GM) scandal over its ignition switch problems. It turns out that over two months prior to the public announcement the company had ordered over 500,000 new switches from its supplier. According to Hilary Stout and Bill Vlasic, writing in the New York Times (NYT) in an article entitled “G.M. Ordered a Half-Million Replacement Switches 2 Months Before Recall”, the order was placed after an internal company committee met. But no records of the meeting were provided to company’s outside counsel investigating this matter, Anton R. Valukas. Interestingly Valukas released a statement which the article quoted, ““To my knowledge, G.M. provided me access to all information in its possession related to G.M. inquiries regarding various repair options and part availability as G.M. considered potential fixes for the ignition switch in the event that a recall would occur,” the statement said.” That is lawyer-speak for I looked at what they showed me.

Hiding or not providing access to internal or outside counsel can be a recipe for disaster with the DOJ. The reason is the same as it is a disaster for FIFA in Europe. There is no trust left for the organization. Ask any ex-DOJer and they will tell you that it is all about credibility when you self-disclose to the DOJ or when you are in negotiations with the DOJ over a potential FCPA penalty. I regularly hear Stephen Martin and Mike Volkov say precisely that when they talk about their experiences from working for the US government. If you do not allow your investigators access to all relevant documents and those witnesses under your control, the DOJ will most probably not consider the results of your investigation valid. The DOJ may not even consider your exertions worthy of a good-faith effort.

One thing is also very relevant for the compliance practitioner. If your outside counsel disavows him or herself from the company’s interpretation of it going forward, you are in big trouble. Even the WSJ, in its Op-Ed piece said, “FIFA’s moral failure stands out.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 17, 2014

Opinion Release 14-02: Dis-Linking The Illegal Conduct Going Forward

Dis-linkOne of my favorite words in the context of Foreign Corrupt Practices Act (FCPA) enforcement is dis-link. I find it a useful adjective in explaining how certain conduct by a company must be separated from the winning of business. But it works on so many different levels when discussing the FCPA. Last week I thought about this concept of dis-linking when I read the second Opinion Release of 2014, that being 14-02. One of the clearest ways that the Department of Justice (DOJ) communicates is through the Opinion Release procedure. This procedure provides to the compliance practitioner solid and specific information about what steps a company needs to take in the pre-acquisition phase of due diligence. However, 14-02 directly answers many FCPA naysayers long incorrect claim about how companies step into FCPA liability through mergers and acquisitions (M&A) activity.

From the Opinion Release it was noted that the Requestor is a multinational company headquartered in the United States. Requestor desired to acquire a foreign consumer products company and it’s wholly owned subsidiary (collectively, the “Target”), both of which are incorporated and operate in a foreign country, never issuing securities in the United States. The Target had negligible business contacts in the US, including no direct sale or distribution of their products. In the course of its pre-acquisition due diligence of the Target, Requestor identified a number of likely improper payments by the Target to government officials of Foreign Country, as well as substantial weaknesses in accounting and recordkeeping. In light of the bribery and other concerns identified in the due diligence process, Requestor also detailed a plan for remedial pre-acquisition measures and post-acquisition integration steps. Requestor sought from the DOJ an Opinion as to whether the Department would then bring an FCPA enforcement action against Requestor for the Target’s pre-acquisition conduct. It was specifically noted that the Requestor did not seek an Opinion from the Department as to Requestor’s criminal liability for any post-acquisition conduct by the Target.

Improper Payments and Compliance Program Weaknesses

In preparing for the acquisition, Requestor undertook due diligence aimed at identifying, among other things, potential legal and compliance concerns at the Target. Requestor retained an experienced forensic accounting firm (“the Accounting Firm”) to carry out the due diligence review. This review brought to light evidence of apparent improper payments, as well as substantial accounting weaknesses and poor recordkeeping. The Accounting Firm reviewed approximately 1,300 transactions with a total value of approximately $12.9 million with over $100,000 in transactions that raised compliance issues. The vast majority of these transactions involved payments to government officials related to obtaining permits and licenses. Other transactions involved gifts and cash donations to government officials, charitable contributions and sponsorships, and payments to members of the state-controlled media to minimize negative publicity. None of the payments, gifts, donations, contributions, or sponsorships occurred in the US, none were made by or through a US person or issuer and apparently none went through a US bank.

The due diligence showed that the Target had significant recordkeeping deficiencies. Nonetheless, documentary records did not support the vast majority of the cash payments and gifts to government officials and the charitable contributions. There were expenses that were improperly and inaccurately classified. It was specifically noted that the accounting records were so disorganized that the Accounting Firm was unable to physically locate or identify many of the underlying records for the tested transactions. Finally, the Target had not developed or implemented a written code of conduct or other compliance policies and procedures, nor did the Target’s employees show an adequate understanding or awareness of anti-bribery laws and regulations.

Post-Acquisition Remediation

The Requestor presented several pre-closing steps to begin to remediate the Target’s weaknesses prior to the planned closing in 2015. Requestor aimed to complete the full integration of the Target into Requestor’s compliance and reporting structure within one year of the closing. Requestor has set forth an integration schedule of the Target that included various risk mitigation steps, dissemination and training with regard to compliance procedures and policies, standardization of business relationships with third parties, and formalization of the Target’s accounting and record-keeping in accordance with Requestor’s policies and applicable law.

DOJ Analysis

The DOJ noted black-letter letter when it stated, ““It is a basic principle of corporate law that a company assumes certain liabilities when merging with or acquiring another company. In a situation such as this, where a purchaser acquires the stock of a seller and integrates the target into its operations, successor liability may be conferred upon the purchaser for the acquired entity’s pre-existing criminal and civil liabilities, including, for example, for FCPA violations of the target. However this is tempered by the following from the 2012 FCPA Guidance, “Successor liability does not, however, create liability where none existed before. For example, if an issuer were to acquire a foreign company that was not previously subject to the FCPA’s jurisdiction, the mere acquisition of that foreign company would not retroactively create FCPA liability for the acquiring issuer.””

This means that because none of the payments were made in the US, none went through the US banking system and none involved a US person or entity that this would not lead to a creation of liability for the acquiring company. Moreover, there would be no continuing or ongoing illegal conduct going forward because “no contracts or other assets were determined to have been acquired through bribery that would remain in operation and from which Requestor would derive financial benefit following the acquisition.” Therefore there would be no jurisdiction under the FCPA to prosecute any person or entity involved after the acquisition.

The DOJ also provided this additional information, “To be sure, the Department encourages companies engaging in mergers and acquisitions to (1) conduct thorough risk-based FCPA and anti-corruption due diligence; (2) implement the acquiring company’s code of conduct and anti-corruption policies as quickly as practicable; (3) conduct FCPA and other relevant training for the acquired entity’s directors and employees, as well as third-party agents and partners; (4) conduct an FCPA-specific audit of the acquired entity as quickly as practicable; and (5) disclose to the Department any corrupt payments discovered during the due diligence process. See FCPA Guide at 29. Adherence to these elements by Requestor may, among several other factors, determine whether and how the Department would seek to impose post-acquisition successor liability in case of a putative violation.”

Discussion

Mike Volkov calls it ‘reading the tea leaves’ when it comes to what information the DOJ is communicating. However, sometimes I think it is far simpler. First, and foremost, 14-02 communicates that there is no such thing as ‘springing liability’ to an acquiring company in the FCPA context nor such a thing as simply buying a FCPA violation, simply through an acquisition only, there must be continuing conduct for FCPA liability to arise. Most clearly beginning with the FCPA Guidance, the DOJ and Securities and Exchange Commission (SEC) have communicated what companies need to do in any M&A environment. While many compliance practitioners had only focused on the post-acquisition integration and remediation; the clear import of 14-02 is to re-emphasize importance of the pre-acquisition phase.

Your due diligence must being in the pre-acquisition phase. The steps taken by the Requestor in this Opinion Release demonstrate some of the concrete steps that you can take. Some of the techniques you can use in the pre-acquisition phase include (1) having your internal or external legal, accounting, and compliance departments review a target’s sales and financial data, its customer contracts, and its third-party and distributor agreements; (2) performing a risk-based analysis of a target’s customer base; (3) performing an audit of selected transactions engaged in by the target; and (4) engaging in discussions with the target’s general counsel, vice president of sales, and head of internal audit regarding all corruption risks, compliance efforts, and any other major corruption-related issues that have surfaced at the target over the past ten years.

Whether you can make these inquiries or not, you will also need to engage in post-acquisition integration and remediation. 14-02 provides you with some of the steps you need to perform after the transaction is closed. If you cannot perform any or even an adequate pre-acquisition due diligence, the time frames you put in place after the acquisition closes may need to be compressed to make sure that you are not continuing any nefarious FCPA conduct going forward. But it all goes back to dis-linking. If a target is engaging in conduct that violates the FCPA but the target itself is not subject to the jurisdiction of the FCPA, you simply cannot afford to allow that conduct to continue. If you do allow such conduct to continue you will have bought a FCPA violation and your company will be actively engaging and participating in an ongoing FCPA violation. That is the final takeaway I derive from this Opinion Release; it is allowing corruption and bribery to continue which brings companies into FCPA grief. Opinion Release 14-02 provides you a roadmap of the steps you and your company can take to prevent such FCPA exposure.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 14, 2014

Trial Lawyering and FCPA Compliance

Filed under: Best Practices,compliance programs,Department of Justice,FCPA — tfoxlaw @ 12:01 am

Single KnightAs most readers of this blog know, I am a recovering trial lawyer. To this day, some of my best friends are still out there, still teeing it up as trial lawyers. They have an important place in our country’s legal system, including defending corporations, which was my primary client base in those long ago days of yore. To be a trial lawyer requires a certain cache; as you really are a hired gun, king’s champion, free lance fighter, single combat warrior for your client. If not exactly a knight in shining armor, certainly one ready to take on all comers with something as blunt as a mace, as the company’s single combat champion. Frankly there is nothing much better than standing up in front of an antagonistic jury and announcing that I am proud to represent XXXX (name the corporation). It may not be the same as standing up and saying you represent the People of the United States, the People of the Great State of Texas or the People of Houston, but it is still very cool.

But just as it takes a certain skill set and mentality to be able to pull that off that trial lawyer hutzpah, such skills and mentality do not necessarily translate into the skills necessary to be good counselors. As Donna Boehme continually reminds us that is even truer when it comes to the compliance function in a Foreign Corrupt Practices Act (FCPA) compliance program. That point was driven home to me yet again in a recent article in the Texas Lawyer, entitled “FCPA Practices: Right-to-Audit Clauses”. In this article the authors, have a section denominated as ‘Defending An Audit’. I would suggest that if you are in a commercial contract relationship and your attitude starts with ‘defending an audit’ you are getting seriously low-value compliance counseling for your lawyer-dollars.

Contract negotiations which begin with such an adversarial attitude are apt to go nowhere on a slow boat to China. The right to audit was enshrined in every commercial contract that I ever negotiated, whether my client was paying money out or receiving money back for services or products delivered. If you are going to start fighting about the audit clause out of the box, frankly you probably have engaged outside counsel who is charging by the word. Worse, everyone from the Department of Justice (DOJ) down the chain of compliance understands the absolute need for audit rights. If your company comes out of the box fighting about audit terms so that you can defend an audit it certainly marks you as outside of the mainstream of entities around the best practices of compliance. Moreover, it would immediately set off huge Red Flags, if not cannonades of ringing church bells saying that my company has something to hide. Your corporate counter-party could very easily say that your client is not someone they could or even should do business with, if they want to fight over such a basic component in a best practices compliance program as audit rights.

It is that type of trial lawyer mentality which also seems to seep into the debate about a compliance defense under the FCPA. Leaving aside the Arthur Andersen effect of 63,000 people losing there livelihoods because one corporation made an idiotic decision to go to trial; the trial lawyer mentality that wants to tee it up with the DOJ does not serve the counseling function which corporations require. What does a trial lawyer tell a client about its chances at trial? You have a 10% chance; 20% chance; 50% chance; 75% chance of winning? What is that based on? Knowing what 12 (or perhaps 6) citizens will say? If there is a potential $500MM fine for a guilty verdict and there is a 10% chance of losing, is settling for $50MM reasonable? What if your illegal conduct was over five years ago, are you really going to trial on statute of limitations defense, where your own conduct hid the FCPA violations? Want to try and use that fact issue to persuade a jury that the government waited too long to indict?

Further, what are the true costs of litigating a criminal charge against your company? Attorney fees, defense costs for all those individuals the company has to defend, zero to no productivity for some period of time? What about all the negative stuff that will come out at trial about the company’s conduct, think there might be any negative effect on your corporate reputation, if not what about tanking of the stock price? How about all those plaintiff’s lawyers circling in the water with their shareholder derivative actions lawsuits firmly planted in their teeth, think they might be interested in what the Board knew, when it knew it or conversely that it did not know anything? Do you really want to put your Chief Executive Officer (CEO) up on the stand and have him or her cross-examined by the DOJ on what he/she allowed the compliance function to do at the company? Remember the great performance by Ken Lay at his company’s trial? (It’s my company – I do what I want.)

Yesterday, Mike Volkov wrote a blog post, entitled “Working in the Compliance Field – The Need for Practical Solutions”, where he said “compliance professionals need support with practical solutions to real problems. In some cases, compliance support professionals can help to define a strategy to solve a problem.” That seems to me to be the clearest articulation of why a compliance defense appended to the FCPA would not mean anything in the practice of compliance inside a corporation. If no corporation is going to trial, standing up and saying we have a compliance defense is not going to help the compliance practitioner do compliance inside a company. So as much as trial lawyers want to create something so that they can take on the DOJ over some FCPA issues at trial, such a defense will not move forward the doing of compliance.

Near the end of his piece Volkov said, “In the end, compliance professionals need less theoretical mumbo jumbo and more practical, real-world solutions.” Here, here Mike. Fighting your customer over audit rights is not a real world solution that a compliance practitioner needs.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 12, 2014

John Doar and the Bio-Rad FCPA Enforcement Action – Part II

John DoarJohn Doar died yesterday. He was perhaps most famously known for his role as the House Judiciary Committee Chief Counsel during the investigation of and impeachment proceedings against then President Nixon. However, it was his role in the civil rights movement in the South that in large part inspired me to become a lawyer. He rode with the Freedom Riders in Alabama; walked with James Meredith so that he could register to attend the University of Mississippi, then stayed in the same dorm room with Meredith while the campus rioted; prosecuted the KKK in Mississippi after the murder of three civil rights workers in 1964; and marched for voting rights with Dr. King in Selma. My favorite John Doar story was retold in his obituary in the New York Times (NYT), where he stopped a riot in its tracks with the following ““My name is John Doar — D-O-A-R,” he shouted to the crowd. “I’m from the Justice Department, and anybody here knows what I stand for is right.” That qualified as a full-length speech from the laconic Mr. Doar. At his continued urging, the crowd slowly melted away.”” In my book, he is right up there with Atticus Finch.

In an earlier post, I reviewed the Bio-Rad Laboratories, Inc. (Bio-Rad) Foreign Corrupt Practices Act (FCPA) enforcement action from the perspective of the Non-Prosecution Agreement (NPA) the company was able to secure with the Department of Justice (DOJ). Today I want to review the bribery schemes that the company used to either internally fund the bribes or attempt to evade internal detection. Both the NPA and the Securities and Exchange Commission’s (SEC) Order Instituting Cease-and-Desist Proceedings (Order). The compliance practitioner can use these bribery schemes not only for FCPA training but also to see if any such schemes or their indicia may be present in your company.

Initially I need to discuss the corporate structure. It was apparently quite decentralized. According to the Order, “Bio-Rad’s international sales organization (“ISO”) oversees the company’s international sales operations; this includes all locations outside the United States and Canada. In 2009, the ISO consisted of four sub-divisions: (1) Western Europe; (2) Asia Pacific; (3) Japan; and (4) Emerging Markets. Each sub-division had a general manager, reporting to the vice-president of ISO. The Asia Pacific sub-division included Vietnam and Thailand. The Emerging Markets sub-division included Russia and other eastern European countries. Some countries within the sub-divisions had a country manager who reported to the ISO sub-division general manager.” Emerging markets is clearly a high-risk area for pharmaceutical companies. If your business development or sales organization has such a designation, I would suggest that you check and see if there are sufficient protections in place to at least raise any red flags, which might need further investigation.

However, it was more than the management structure of the business operations that was decentralized, the compliance function was similarly structured. The NPA stated, “BIO-RAD also decentralized its compliance program such that its international offices were responsible for ensuring adequate compliance with its business ethics policy and code of conduct.” This decentralization so defanged the company’s compliance program that it could not perform even the most basic functions of a compliance organization; no due diligence on third parties, indeed no management of third parties at all from the compliance perspective; no risk assessments were performed and, finally, the most damning was that the compliance function could not even ensure compliance with the company’s own business ethics policy.

The Russia Scheme

However the company used third party representatives to facilitate the bribery scheme. In addition to the lack of due diligence or usual steps that a compliance practitioner might put in place to manage third parties under the FCPA there were several other items of note which constitute lessons learned by the compliance practitioner. First and foremost was the commission rate paid to these third parties, that being between 15%-30%. This alone may well have been enough to demonstrate “a conscious disregard for the high probability that the Russian Agents were passing along at least a portion of their commissions to Russian government officials to obtain profitable public contracts for the sale of medical diagnostic equipment.” Further, the payments made to these agents were sent to countries outside Russia, where neither the alleged services were delivered nor where the agents were legally domiciled. Moreover, not only did these agents have no offices in Russia, they had no employees in Russia either.

Apparently there were contracts in place with these agents. The services these agents were specified to deliver included, “acquiring new business, creating and disseminating promotional materials to prospective customers, distributing and installing products and related equipment, and training customers.” But it really is hard to deliver services if you have no employees. Apparently there were times these agents did deliver something identified as “distribution services” for the commission rates between 15%-30%. However the estimated value of these services for the company was between 2%-2.5% of the total sales.

Another area of obvious concern should have been the pre-payment of commissions to these agents. Any time you pre-pay before a service is delivered (other than a retainer into a lawyer’s trust account) you can potentially run into trouble. But Bio-Rad took it a step further by making pre-payments before contracts with the ultimate buyer were negotiated. Any ideas where those pre-paid commissions might have gone? Another area was the amount of the commissions. They were just less than $200,000, which happened to be the authority level of the head of Bio-Rad’s Emerging Markets business unit. So there was no oversight or second set of eyes on these pre-payments because it was within the manager’s authority level. Finally, these pre-payments were actually forbidden under the contracts but they were made anyway.

The Vietnam Scheme 

The Vietnam Country Manager had contracting authority up to $100,000 and sales commissions up to $20,000. From 2005-2009 Bio-Rad apparently paid bribes directly to health care workers so they would purchase the company’s products. When it was pointed out to the Country Manager this was illegal, he simply moved to a distributor “at a deep discount, which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes…Between 2005 and the end of 2009, the Vietnam office made improper payments of $2.2 million to agents or distributors, which was funneled to Vietnamese government officials. These bribes, recorded as “commissions,” “advertising fees,” and “training fees,” generated gross sales revenues of $23.7 million to Bio-Rad Singapore.” 

The Thailand Scheme

In Thailand, it was an almost mundane bribery scheme involved compared to Russia and Vietnam. Bio-Rad acquired an interest in a Thai Joint Venture (JV) through an acquisition where it performed “very little due diligence” on the JV. Bio-Rad acquired a minority interest in the JV and it did not communicate directly with the JV’s distributors but only through the majority owners of the JV. The bribery scheme was funded through “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” The due diligence was so poor that Bio-Rad did not know that the prime third party sales representative for the JV were the same majority owners of the JV.

Tomorrow, I will discuss some of the internal controls that a company might employ to help prevent such a compliance failure as occurred at Bio-Rad.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 10, 2014

Gordon Lightfoot, the Edmund Fitzgerald and the Bio-Rad FCPA Settlement, Part I

Wreck of the Edmund FitzgeraldThis month there are two dates that are forever tied together in the annuals of maritime tragedies and great songwriters. November 10 is the 39th anniversary of the sinking of the Great Lakes freighter the SS Edmund Fitzgerald, who sank 17 miles from the entrance to Whitefish Bay on Lake Superior taking all 29 crewmembers to the bottom with her. Next Monday, November 17, is the 76th birthday of the Canadian singer-songwriter Gordon Lightfoot, who memorialized the tragedy in the song The Wreck of the Edmund Fitzgerald, which he released on the album Summertime Dream in 1976. The song went all the way to Number 2 on the charts. I can still hear Lightfoot’s haunting tale in my head to this day and for me, it was his greatest single.

Earlier this month, Bio-Rad Laboratories Inc. (Bio-Rad) concluded a multi-year Foreign Corrupt Practices Act (FCPA) investigation and enforcement action. It was notable for many reasons. First and foremost was the stunning bribery and corruption scheme that the company engaged in; multiple bribery schemes in multiple countries. Also notable were the results that the company achieved. While we do not yet know if there will be any individual prosecutions of this matter, the company received a Non-Prosecution Agreement (NPA) from the Department of Justice (DOJ) and a relatively small fine of $14.35MM for what clearly would appear to be criminal violations of the FCPA. Perhaps equally stunning is the amount of profit disgorgement that the company agreed to with the Securities and Exchange Commission (SEC), that amount being $40.7MM.

As with the Layne Christensen FCPA enforcement action from October, both settlement documents provide a wealth of very useful information for the compliance practitioner to use to not only help create a best practices compliance program, but also review your company’s compliance program to see if there might be areas of risk which need to be assessed or have greater compliance scrutiny. Over the next couple of blog posts I want to explore the Bio-Rad FCPA settlement, discuss some of the lessons learned for the compliance practitioner and explore what this settlement may unveil for future FCPA enforcement actions.

With his usual thoroughness, the FCPA Professor went into deep dive mode to lay out the underlying facts involved in this matter, in a post entitled “Bio-Rad Laboratories Agrees To Pay $55 Million To Resolve FCPA Enforcement Action”. According to the NPA, Bio-Rad had bribery schemes running in the following countries: Russia, Vietnam and Thailand. In Russia, persons identified as ‘Manager-1’ who was a high-level manager of the company’s Emerging Markets sales region and ‘Manager-2’ who worked for Manager-1 and was described as a high-level accounting manager of the company’s Emerging Markets sales region, engaged with ‘Agent-1’ paying him “a commission of 15-30% purportedly in exchange for various services outlined in the agency contracts, including acquiring new business by creating and disseminating promotional materials to prospective customers, installing Bio-Rad products and related equipment, training customers on the installation and the use of Bio-Rad products, and delivering Bio-Rad products.”

The commission rates were approved by Manager 1 and 2 even though they were both aware that Agent 1 did not and indeed could not perform the contracted services. Payments were made to a level of $200,000 or less because that was the spending authority of the managers, which did not require a higher level of company review. Both managers communicated with Agent 1 through multiple fraudulent email addresses to avoid detection by the company. Finally, Agent 1 had a 100% success rate in obtaining sales into Russia.

In Vietnam, the system was much simpler and even more directly corrupt. The Bio-Rad country manager was authorized to approve contracts up the amount of $100,000 and to pay sales commissions up to $20,000 without further review. This un-named country manager simply authorized cash payments to officials at state-owned hospitals to obtain or retain business for the company. When the country manager was finally challenged on this direct bribery scheme, he simply “proposed a solution that entailed employing a middleman to pay the bribes to the Vietnamese government officials as a means of insulating Bio-Rad from liability.” The bribery funds were created by giving these middlemen, named distributors, deep discounts “which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes.” These bribes were recorded on the company’s books and records as “commissions”, “advertising fees” and “training fees”.

In Thailand, the company acquired a 49% interest in a joint venture (JV) through acquisition. Initially I would note that there is no record that Bio-Rad either performed pre-acquisition due diligence or engaged in any post acquisition integration or remediation so that an ongoing bribery scheme which began under a previous company’s ownership continued after Bio-Rad took control of the Thailand JV. The bribery scheme involved paying an agent “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” Just to top it all off, the agent involved in the bribery scheme was Bio-Rad’s JV partner.

I would say that all of the above is very bad conduct. Yet, Bio-Rad was able to garner a NPA from the DOJ and a civil Cease and Desist Order from the SEC. How did they accomplish this? In the DOJ Press Release, it stated, “The department entered into a non-prosecution agreement with the company due, in large part, to Bio-Rad’s self-disclosure of the misconduct and full cooperation with the department’s investigation…In addition, Bio-Rad has engaged in significant remedial actions, including enhancing its anti-corruption compliance programs globally, improving internal controls and compliance functions, developing and implementing additional due diligence and contracting procedures for intermediaries, and conducting extensive anti-corruption training throughout the organization.”

For the compliance practitioner, yet once again the DOJ and SEC are sounding a LOUD and CLEAR message that even with very bad conduct, the systemic failure of internal controls and having a culture that turned a very blind eye at best to what was going on; you can make a comeback. Moreover, you can make such a spectacular comeback that does not even sustain a Deferred Prosecution Agreement (DPA) let alone have to accept a guilty plea. It all starts with putting a best practices compliance program in place and the DPA lists the steps that any company should consider in its compliance regime.

  1. High level commitment by providing visible support by senior management.
  2. An appropriate corporate policy around anti-corruption.
  3. Specific policies and procedures in the following areas: (a) gifts, (b) hospitality, entertainment and travel, (c) customer travel, (d) political contributions, (e) charitable donations and sponsorship, (f) facilitation payments and (g) solicitation and extortion.
  4. Appropriate internal controls to ensure transactions are authorized and properly recorded.
  5. A periodic risk-based review. In other words, a risk assessment. Policies and procedures need to be reviewed no less than annually and updated as appropriate.
  6. The compliance function should have proper Board oversight, independence to act and support within the organization.
  7. Compliance shall provide training on and guidance to the business units on its anti-corruption compliance program.
  8. There should be mechanisms for employees to report internally compliance issues of concern with no fear of retaliation.
  9. A company must maintain and provide “effective and reliable” processes and resources to responding to any raised issues.
  10. A company must use both incentives to encourage behavior and discipline of those employees who violate its compliance program.
  11. Third parties must be subjected to an appropriate due diligence based vetting process, have an appropriate contract and thereafter be managed going forward after the contract is signed.
  12. There should be a protocol for evaluation of any potential acquisitions or merger candidates and then appropriate review and remediation after any acquisition is complete.
  13. There should be ongoing monitoring and testing of the compliance program going forward.

At the conclusion of its NPA, Bio-Rad agreed to ongoing compliance reporting, at annual anniversaries of the date of the NPA by reporting to the DOJ the results of its remediation efforts over the past year. This is one of the most significantly overlooked positive aspects of any FCPA resolution. This allows the DOJ to have a continued view into the company’s compliance function. It is not an ongoing monitor but it does give the DOJ a transparent view into the company’s work towards the overall goal of putting a best practices compliance program in place and not simply stopping work when the settlement is signed. It keeps the company on its toes and allows the DOJ to continue to assess the company’s actions around anti-corruption compliance.

In the next blog post on Bio-Rad, I will review some of the specific bribery schemes that the company used and discuss how a compliance practitioner might use them for some lessons learned.

For a YouTube version of Gordon Lightfoot signing The Wreck of the Edmund Fitzgerald, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 7, 2014

Don’t Collapse in the Wind – Knowledge is Power

Tacoma Narrows BridgeOn November 7, 1940, high winds buffeted the Tacoma Narrows Bridge leading to its collapse. The first failure came at about 11 a.m., when concrete dropped from the road surface. Just minutes later, a 600-foot section of the bridge broke free. Subsequent investigations and testing revealed that when the bridge experienced strong winds from a certain direction, the frequency oscillations built up to such an extent that collapse was inevitable. For posterity, the collapse of the Bridge was captured on film.

I thought about this spectacular engineering failure when I read, yet again, commentary about representatives from the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) appearing at for-profit conferences to give presentations to attendees. Personally, I was shocked, simply shocked to find out that one has to pay to attend these events. Further, it appears that one or more of the companies running these events, ACI, Momentum, IQPC, HansonWade, among others, might actually be for-profit companies. It was intimated that one of the ways the conference providers enticed registrants to pay their fees was to provide a forum of lawyers practicing in the Foreign Corrupt Practices Act (FCPA) space, to whom representatives from the DOJ and SEC could speak. Now I am really, really really shocked to find that people actually pay to obtain knowledge.

Armed with the new piece of information that there is a marketplace where people actually pay to obtain information, I have decided to practice what I preach and perform a self-assessment to determine if I am part of this commerce in ideas. Unfortunately I have come to the understanding that not only do I participate in that marketplace but also I actually use information provided by representatives of the US government in my very own marketing and commerce. So with a nod to Adam Smith’s Invisible Hand of the Marketplace; I now fully self-disclose that I digest to what US government regulators say about the FCPA, repackage it and then (try) and make money from it. (I know you are probably as shocked, shocked as I was to discover this.)

Where can one go to find out information about the FCPA, its enforcement and how the DOJ and SEC view compliance programs? First and foremost is the FCPA Guidance, jointly issued by the DOJ and SEC back in 2012. It is still the best one volume resource on the government’s thinking on a wide range of issues relating to the FCPA. For a ‘Nuts and Bolts’ guy like me, it even has some suggested building blocks of FCPA compliance called the Ten Hallmarks of an Effective Compliance Program. Of course, such a treatise must cost thousands of dollars so that it is only available to a very select few. Oops, it is available for FREE on the DOJ website. Darn, as I planned to buy up all of the copies and then put on for pay seminars across the world as the only source of such knowledge.

Since the FCPA Guidance is available for free, perhaps I can corner the market on all known enforcement actions and Opinion Releases. I am sure that they will provide lots of good information such as what might constitute an effective compliance program, what are some of the actions that got companies into FCPA hot water and suggestions by the DOJ and SEC as to what might have constituted compliance failures. I have even heard that in Opinion Releases, the DOJ will pass upon fact patterns and indicate if they believe such facts might be prosecuted for FCPA violations. Double oops, as all of those are publicly available as well and for FREE. Double Darn.

OK, well if the FCPA Guidance is free and all the enforcement actions and Opinion Releases are available for free; maybe I can corner the market on court opinions, which discuss the FCPA. I am a lawyer and I bet all the other lawyers would pay me if I were the only person in the world who had access to them (or even better yet we were in China where the trials are held in secret-imagine that market!). I know there are only a handful of such cases but imagine the power I would have if only I knew about them. Why I could I put on seminars and pay people to attend. Triple oops, as I just found out that the court decisions are public record and available for FREE. Drat.

Well if all this information about the FCPA is available for free what can I do to make money? Hmm, maybe, just maybe, if I put information together from all of the above sources in a book people might be interested in buying it. What if I wrote multiple books? Do you think there might be a market for such written texts? I certainly hope so and to further entice you to join in this nefarious act of for-profit commerce, I invite you to check out my latest book, Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program, available at Compliance Week. Or perhaps you might want to purchase either of the other three printed or five eBooks I have written on FCPA compliance. But wait a minute, wouldn’t that mean I am making money off free government information? I guess I better self-disclose those facts and let the chips fall where they may. Hopefully Adam Smith will give me a declination of the Invisible Hand.

If no one will buy any of the books I have written, maybe they would attend training that I might put on. I could talk about all this free government information, put it in power points slides and other written materials and then charge people to get trained. I could even call it ‘FCPA Training’. Maybe I could go to other parts of the country and put on training, maybe in places where they might not have heard about all the free DOJ and SEC information. Of course, I would have to find such a place. But wait a minute, wouldn’t that mean I am making money off of free government information. I guess I better self-disclose that as well.

If no one will buy any books I write or go to training seminars that I might put on, I could always write a blog. Do you think anyone would pay to read a blog? Nah 

How about the following as a business strategy? I will tell people I am lawyer and I will give them legal advice on the FCPA. Of course to do so, I will have to use all of these free resources listed above and then charge clients for my legal services. Think there might be a market for that legal advice? I am not really sure so perhaps I should make a provisional self-disclosure that if any clients came to me for legal advice, I would charge them and hence engage in commerce. It would also allow me to apply to join that hallowed group, FCPA INC. whose members (1) practice law around the FCPA, (2) put on FCPA training, (3) write books on the FCPA and (4) generally pontificate on all things FCPA. Sounds like a great group to belong to, you think they will take me? If so I can’t wait to learn the secret handshake so I can proudly commune, in secret, with its members. Hopefully they will not haze pledges too badly, as I am way too old to survive another Pledge Week.

If you have not quite ascertained the point of today’s post, please consider the following – knowledge is power. If you want knowledge about the FCPA there are plenty of places you can look for free to obtain that knowledge. If you want to hear the DOJ or SEC’s most current thinking on FCPA related issues, you can also attend a (for-pay) FCPA conference. If so, I am sure I will see you there because I certainly value what they have to communicate to us. I also plan to continue to communicate it to you; sometimes even for profit. Long Live Adam Smith and his Invisible Hand! 

Always remember, a little knowledge can go a long way, even if you have to pay to garner it.

================================================================================================================================================================================================================================================

To further emphasize some of these articulations, I am pleased to announce that I will present some of my thoughts on the issue of internal controls in an effective compliance program, in a webinar hosted by The Network, next Tuesday, November 11 at 1 PM EST. For details and registration, click here.

On December 4, I will be making a live presentation on the recent trend for the DOJ and SEC to target internal controls in FCPA enforcement actions and the interplay with the COSO 2013 Update at a live event, hosted by The Network, in Houston. Baker and McKenzie partner Stephen Martin will be joining me and will discuss risk assessments in a best practices compliance program. For details and registration, click here.

And best of all both events are FREE, just like this video of the Tacoma Narrow Bridge collapsing.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 5, 2014

A Royal Fan Responds: Russ Berland on the SEC Financial Report for FY 2014

Russ Berland

Ed. Note-today we have a guest post from KC Royals fan and Stinson Leonard Street partner Russ Berland. 

As a Kansas City Royals fan, I would like to use this opportunity to congratulate the Royals on a great season and say to them, “Ya done good.”  Despite losing an extremely close seventh World Series game to a very able and talented San Francisco Giants team, which included a pitcher whose name and face will one day be memorialized in Cooperstown, this year has been a banner, or should I say, a pennant year for the boys in blue.

The SEC likewise would like to take a moment to be congratulated on their banner year in their annual enforcement preview of their Agency Financial Report.  So here goes … The SEC wants us to know that they are using creative means to find misconduct on their own and go after it, to hold people and corporations accountable,  and to pay and protect whistleblowers.  On October 16, the SEC put out its official preview of its upcoming Agency Financial Report for FY 2014.  The SEC’s fiscal year ends September 30, so this spans every enforcement action the SEC has taken since October 1, 2013.  The report has four major themes:

  1. The SEC is enforcing the law against people, not just companies. It takes people to commit misconduct on behalf of companies so those same people should be held accountable.  And if the SEC is counting on you to watch over companies and transactions you better take it seriously.  The SEC does and they will hold you accountable.  The preview made this point in showcasing its major enforcement actions against Fifth Third Bancorp and its former CFO, Diamond Foods Inc. and its former CEO and CFO, World Capital Market and its founder, and many, many others.  The most poignant example was the enforcement action against the Chairman of the Audit Committee of AgFeed Industries, Inc.  The SEC alleges that Ivan Gothner, the chairman of AgFeed’s audit committee received information that AgFeed’s Chinese operations were conducting accounting fraud and instead of taking a fellow director’s advice to “hire professional investigators guided by outside legal counsel,” he directed internal resources to assess the situation.  When that resulted in late and inadequate information, the SEC charged him “with violating or aiding and abetting violations of the anti-fraud, reporting, books and records, and internal controls provisions of the federal securities laws” and ” with making false statements to AgFeed’s outside auditors.”  Andrew Ceresney, Director of the SEC’s Division of Enforcement, called this “a cautionary tale of what happens when an audit committee chair fails to perform his gatekeeper function in the face of massive red flags.”
  2. Corporations must admit their actions. Last year, the SEC Chairman, Mary Jo White, announced that more companies must admit their wrongdoing in settlements.  The SEC’s Admissions Policy states that the companies may be required to admit their wrongdoing when there is “(1) misconduct that harmed large numbers of investors, or placed investors or the market at risk of potentially serious harm, (2) egregious intentional misconduct, or (3) when the defendant engaged in unlawful obstruction of the commission’s investigative processes.”  Now, the Preview adds two more categories to those required to make admissions: “[4] where an admission can send a particularly important message to the markets, or [5] where the wrongdoer poses a particular future threat to investors or the markets.”  For example, in the settlement with ConvergEx for misrepresenting its commissions to brokerage customers, ConvergEx was required to admit the facts stated by the SEC and admit that it had violated Securities Laws.  In one interesting twist, Wells Fargo Advisors LLC was forced to admit its wrongdoing when one of its brokers traded on non-public information about the sale of Burger King to a private equity firm. The “wrongdoing” that Wells Fargo Advisors admitted encompassed inadequate policies, inadequate coordination among internal groups tasked with policing insider trading and the compliance officer who should have spotted the insider trading missing it. This is an interesting view of what constitutes “egregious intentional misconduct.” The message seems to be that in order to settle a matter with the SEC without admitting or denying facts or legal conclusions, the defendant will need to prove they do not fit in one of the five listed categories.  It’s possible that the SEC forced Wells Fargo Advisors to admit it’s wrongdoing because it delayed production of relevant documents or because one of the documents that they turned over had been altered by the compliance officer herself.  Or perhaps they are sending “a particularly important message” to compliance officers that they need to be vigilant in doing their jobs.
  3. Whistleblowing Pays.  In FY2014, the SEC paid $35 million to 9 whistleblowers.  One of them received $30 million by him or herself.   Because the SEC rules protect the identity of whistleblowers, we don’t know who got paid.  But the SEC whistleblowing process has multiple stages, which include bringing original information or an original analysis of existing information to the SEC, having the SEC pursue that information leading to a prosecution, and successfully prosecuting or settling that matter with a recovery of over $1 million.  This takes  a long time from beginning to end.  Dodd Frank was passed in 2010.  The first REAL money ($14 million) was paid last year.  And now someone is getting $30 million.  The pipeline took a while to fill, but it is reaching a full state and we can probably expect to see a lot more whistleblower payments in the next few years.
  4. If you don’t come to us, we’ll find you. The SEC is using more and more data analytics on financial and trading activity to find wrongdoers.   According to the SEC, ” innovative use of data and analytical tools contributed to a very strong year for enforcement marked by cases that spanned the securities industry.”   Right now, they are telling us that they are using those techniques to look at filing deficiencies, hedge fund returns, and insider trading.  But we can anticipate they are looking at more than just those categories and we should expect to see more and more use of these techniques over broader areas in the coming years.  And, the SEC is telling us that they are also currently implementing and developing “next generation tools” to review market and other data for suspicious activity.

So, this Preview of the FY2014 Agency Financial Report suggests that the SEC should not be seen as sitting back and waiting for cases to come to them.  And when companies and people violate Securities Laws, the SEC will work hard to make sure that they each take accountability, either personally through fines and penalties or corporately, through admissions.   Like the Royals, the SEC would like us to know that they have had a banner year.

Berland can be reached at russ.berland@stinsonleonard.com. He was lead investigative counsel for Layne Christensen in its recently concluded FCPA enforcement action by the SEC. In my podcast, the FCPA Compliance and Ethics Report, Episode 104, I interview Berland on how the company was able to receive a declination from the DOJ. The Episode will post Thursday, Nov. 7.

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,824 other followers