FCPA Compliance and Ethics Blog

May 28, 2014

What Does an Effective Compliance Program Look Like? – The Regulators Perspective

Compliance ProgramWhat does an effective compliance program look like? Is it one that follows the Ten Hallmarks of an Effective Compliance Program as set out in the 2012 FCPA Guidance? How about one that uses the Six Principals of Adequate Procedures relating to the UK Bribery Act as its guideposts? Or should a company follow the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance? More importantly, for anti-corruption enforcement under the Foreign Corrupt Practices Act (FCPA), what does the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) look for when assessing a compliance program?

Over the years, we have heard various formulations of inquiries that regulators might use when reviewing a compliance program. While not exactly a review of a compliance protocol, one of my favorites is what I call McNulty’s Maxims or the three questions that former United States Deputy Attorney General, and  Baker & McKenzie LLP partner, Paul McNulty said were three general areas of inquiry the he would assess regarding an enforcement action when he was at the DOJ. They are: first: “What did you do to stay out of trouble?” second: “What did you do when you found out?” and third: “What remedial action did you take?”

Paul’s former partner at Baker & McKenzie, Stephen Martin, who still runs Baker & McKenzie Compliance Consulting LLC, said that an inquiry he might make was along the lines of the following. First he would ask someone who came in before the DOJ what the company’s annual compliance budget was for the past year. If the answer started with something like, “We did all we could with what we had ($100K, $200K, name the figure), he would then ask, “How much was the corporate budget for Post-It Notes last year?” The answer was always in the 7-figure range. His next question would then be, “Which is more business critical for your company; complying with the FCPA or Post-It Notes?” Unfortunately, it has been Martin’s experience that most companies spent far more on the Post-It Notes than they were willing to invest into their compliance program.

Last week at Compliance Week 2014, Andrew Ceresney, Director of the Division of Enforcement of the SEC, gave one of the Keynote Addresses. In his remarks he talked about the importance that the SEC is putting into compliance. He said “I start from the premise that the companies that have done well in avoiding significant regulatory issues typically have prioritized legal and compliance issues, and developed a strong culture of compliance across their business lines and throughout the management chain. This is something I observed firsthand while in private practice and have come to fully appreciate from my perch at the SEC.”

But, more importantly, he said that he has “found that you can predict a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company’s legal and compliance departments in the firm.” He then went on to detail some rather straightforward questions that he believes can show just how much a company is committed to having a robust compliance regime.

  • Are legal and compliance personnel included in critical meetings?
  • Are their views typically sought and followed?
  • Do legal and compliance officers report to the CEO and have significant visibility with the board?
  • Are the legal and compliance departments viewed as an important partner in the business and not simply as support functions or a cost center?

Beyond simply going into the DOJ or SEC and claiming that your company is very ethical and does business in compliance with the FCPA, how can a company demonstrate the above? This is where the Tom Fox Mantra of Document, Document and Document comes into play. No matter how much input the compliance function has into the above suggested inquiries if the inputs are not documented, it is if they did not exist. So for meetings, you should keep attendance sheets or notations. A compliance representative can put a short, three to four sentence memo into the file about the recommendations and the response thereto. If the compliance department advise was not followed, there should be a business reason documented for the decision. Moreover, if there is a rejection of the compliance function advise and the course of action leads to some type of FCPA issue, it may well be assumed the company knew or should have known that the course of action taken could reasonably lead to a FCPA issue if not full blown violation. As to the issues of compliance visibility at the Board level, once again the documentation of any presentation and their substance can provide evidence to answer the query in the affirmative. But the key to all of these questions is if there is documentation to prove the assertions that they actually occurred.

Near the end of his presentation, Cerensey said that “Far too often, the answer to these questions is no, and the absence of real legal and compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues. When I was in private practice, I always could detect a significant difference between companies that prioritized legal and compliance and those that did not. When legal and compliance were not equal partners in the business, and were not consulted as a matter of course, problems were inevitable.”

McNulty’s Maxims, Martin’s question on budget and now Cerensey’s questions all provide significant guideposts to how regulators think about FCPA compliance programs. For me, I think the point is that companies which actually Do Compliance are easy to spot. For all the gnashing of teeth about how hard it is to comply with what the DOJ and SEC want to see in FCPA compliance, when the true focus can be distilled into whether a company actually does compliance as opposed to saying how ethical they are, I think it simplifies the inquiry and the issues senior management and a Board of Directors really needs to pay attention to.

For a copy of the full text of Director Cerensey’s remarks, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 23, 2014

Trip To Annapolis and Teaching Leadership

Naval AcademyMonday is Memorial Day and is the day wherein the men and women who died while serving in the United States Armed Forces are remembered. The holiday is celebrated every year on the final Monday of May. The first recorded Memorial was held on May 1, 1865 in Charleston, South Carolina to commemorate the soldiers who died in the Civil War. By the 20th century, Memorial Day had been extended to honor all Americans who have died while in the military service.

I thought about Memorial Day when I toured the US Naval Academy this week. This is also Commissioning Week for graduating seniors who will become officers in the Navy or Marine Corps this coming Saturday. One of the buildings that I toured was the US Naval Academy Museum. The mission of the Naval Academy Museum is to collect, preserve, and exhibit the artifacts and art that are the physical heritage of the US Navy and the Naval Academy in order to instill in Midshipmen a knowledge of the history and heritage of the Navy and the Naval Academy and to supplement the instruction of all academic departments of the Academy, as well as to demonstrate to the public the contributions of Academy graduates to the military services and to the Nation. And to motivate in young people a desire to become part of the Brigade of Midshipmen and to begin a career of service to their Nation.

The Museum is many ways a teaching museum. One of the courses taught directly in classrooms in the building is on leadership. Of course, the curriculum teaches the overriding theme of the Naval Academy, which is Duty Honor Loyalty, but it goes beyond this to a moral and ethical dimension to its leadership classes. The firm belief at the Academy is that leadership can be taught through the modeling from prior leaders.

I thought about this concept of modeling leadership in the context of compliance. One area that is not focused on too often in company-sponsored training is that of leadership. Moreover, while many business leaders receive substantial training on the technical aspects of doing business, they rarely receive training or are even assessed on leadership attributes to do business ethically and in compliance with laws such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. It occurred to me that if the US Naval Academy can teach leadership, this is something that US businesses could also teach.

While you are pondering this question, I hope that you might think about all the men and women who have gave their lives so that we might live in freedom and are honored this and every Memorial Day. While in Annapolis I had another reminder of their sacrifice. While having some lunch at Chick and Ruth’s, the owner came over the PA and asked us all to stand and say The Pledge of Allegiance. He said the reason that he made the request was “because we could stand and say it.” I realized that we are honoring those people who made ultimate sacrifice.

Happy Memorial Day to all but I would ask that you take a moment to thank all those we honor for this holiday and to honor the men and women of the US Naval Academy who will be commissioned this weekend and will serve us all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 16, 2014

Compliance Hiring Practices under the FCPA

King Solomon and the BabyHiring practices under the Foreign Corrupt Practices Act (FCPA) are not often given much thought or widely discussed. They have come up for discussion more recently because of the issues surrounding the hiring of sons and daughters of foreign government officials most publicized with JPMorgan Chase & Co. But numerous other company’s similar hiring practices are under regulator scrutiny. As far back as 2004, in Opinion Release 04-02, the Department of Justice (DOJ) realized this was an important part of an overall compliance program when it approved a proposed compliance program that had the following requirement:

Clearly articulated procedures which ensure that discretionary authority is not delegated to persons who the company knows have a propensity to engage in illegal or improper activities.

I thought about some of these issues when I read The Saturday Essay in the Wall Street Journal (WSJ), entitled “How to Trick the Guilty and Gullible into Revealing Themselves” by Steven Levitt and Stephen Dubner, which they adapted from their most recent book Think Like a Freak. In their essay they began by comparing two diverse tactics used by King Solomon and the band Van Halen to see who might be telling the truth, or not, in a specific situation. In the oft-told tale involving King Solomon he decreed that he would split a baby and give one-half each to two women who claimed to be the mother. The true mother told him to give the baby to the other woman. King Solomon used this fact to determine which was the real mother. In the case of rock band Van Halen, they had a 53-page rider giving “point-by-point instructions” in in their touring contract. This rider had technical and security specifications for each venue the band played. It also had language in ALL CAPS that stated “M&M’s (WARNING: ABSOLUTELY NO BROWN ONES).” Initially this language was derided as simply rock and roll excess to the hilt, but band member David Lee Roth explained that if he went into the dressing room and found no brown M&Ms, it signified to him that the local promoter had read the contract. If there were brown M&Ms, the band had to perform extra reviews of the stage electrical and lighting requirements.

Why is hiring so important under the FCPA? It is because hiring is important to any company’s health and reputation. At this point, until the US Supreme Court tells us that a corporation is the same as a human being, with both obligations and rights; a company is only as strong as its employees. Like most areas of FCPA compliance good hiring practices for those employees who will do business in compliance with anti-corruption laws such as the FCPA are simply good business practice. Levitt and Dubner cite the following statistic, “By one industry estimate, it costs an average of roughly $4,000 to replace a single employee, and one survey of 2,5000 companies found that a single bad hire can cost more than $25,000 in lost productivity, lower morale and the like.” For one of the energy Services Company where I worked this estimate went as high as $400,000 to hire and fully train a new employee. I would add that those costs could go up significantly if a bad hire violates the FCPA.

Brooke Denihan Barrett, Chief Executive Officer (CEO) of the Denihan Hospitality Group, interviewed in the New York Times (NYT) Corner Office column said that by the “time somebody meets me, you can assume that the skills are there. So what I interview for is fit. And I’m always very curious to know, what is it about our company that appeals to that person?” She asks specifically about culture, requesting the candidate define it and how do you think that culture is special. She also asks candidates to talk about a failure and what lessons that they learned from the experience and how they dealt with the experience. I would suggest that both of those lines of inquiries should be used when evaluating a candidate for hire.

In a completely different arena, Houston Dash General Manager (GM) Brian Ching talked about the expectations he and his club have for the female soccer players on the squad. In addition to the obvious requirement for a professional soccer player to be technically proficient in the game of soccer, the team expects each player to have significant community involvement to help develop a fan base for the club. In the player interview process, this is thoroughly explained and each prospective player is asked if they would be willing to take on this additional role. But more than simply using this Q&A as an evaluation technique, it allows the team to communicate its expectations to each potential team member.

This is something that Human Resources (HR) and others involved in the hiring process can take to heart. They should have a serious and frank discussion with all potential hires, particularly those going into senior management or FCPA-related high-risk areas. This not only allows an evaluation along the lines that Barrett uses to determine if a hire will be a cultural fit for her company but it permits a company to directly express its expectations surrounding FCPA compliance and doing business ethically if a person is hired.

Another area that is often overlooked is the reference check. Many practitioners feel that a reference is not of value because prospective candidates will only list references that they believe will provide glowing recommendations of character. This leads to a pro forma reference check. However, in an article in Harvard Business Review (HBR), entitled “Gilt Groupe’s CEO on Building a Team of A Players”, author Kevin Ryan explodes this misconception by detailing how he views the entire hiring process and specifically checking references. I would add that it could be a valuable and useful tool for you and your compliance program.

In the hiring of personnel, Ryan details the three steps his company takes: (1) Resume review; (2) In-Person interview; and (3) Reference checks. Ryan believes that resumes are good for establishing “basic qualifications for the job, but not for much else.” He believes that the primary problem with in-person interviews is that they are skewed in favor of “persons who are well spoken [or] present well.” For Ryan, the key check is through references and he says, “References are really the only way to learn these things?”

Ryan recognizes that many people believe that reference checks are not of great value because companies cannot or will not give out much more information than confirming dates of employment. However, he also believes that “the way around it is to dig up people who will speak candidly.” He also recognizes that if you only speak to the references listed on a resume or other application, you may not receive the most robust appraisal. Ryan responds that the answer is to put in the work to check out references properly. Ryan believes this is one of the key strengths of search firms and that companies should emulate this practice when it comes to reference checks.

He notes that anyone who has worked in an industry for any significant length of time will have made many connections. Invariably some of these connections will be acquainted with you or those in your current, and former, company. Ryan gave the following example: A longtime friend who was employed at another company called and said that he had been asked by his hiring partner to find out “the real story” on a hiring candidate by asking Ryan his candid opinion of the candidate. Ryan’s response was “Don’t hire him.” Lest you think that such refreshing honesty no longer exists when informal employment references are provided, you are mistaken. In my past corporate position, I was charged with performing compliance due diligence on senior executives and I spent time doing what Ryan suggested, calling acquaintances that I knew and asking such direct questions. More than 75% of the time, I got direct responses.

Ryan believes that you must invest your company in the hiring process to get the right people for your company. The same is true in compliance. You do not want people with a propensity for engaging in corrupt acts working for, or leading, your company.

The hiring of someone who will perform business activities in compliance with anti-corruption laws such as the FCPA or UK Bribery Act will continue to be as much art as science because the hiring of quality employees for senior management positions is similarly situated. But that does not mean a company cannot work to not hire those persons who might have a propensity to engage in bribery and corruption if the situation presented itself. The hiring process is just one more tool that can be utilized to build an effective compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 14, 2014

FCPA Compliance and the Convergence of US Security, Economic and Foreign Policy Interests

Robert Gates“In a private meeting, the king [King Abdullah of Saudi Arabia] committed to a $60 billion weapons deal including the purchase of eighty-four F-15’s, the upgrade of seventy-15s already in the Saudi air force, twenty-four Apache helicopters, and seventy-two Blackhawk helicopters. His ministers and generals had pressed him hard to buy either Russian or French fighters, but I think he suspected that was because some of the money would end up in their pockets. He wanted all the Saudi money to go toward military equipment, not into Swiss bank accounts, and thus he wanted to buy from us. The king explicitly told me saw the huge purchase as an investment in a long-term strategic relationship with the United States, linking our militaries for decades to come.”

The above quote comes from Robert Gates recent book, Duty: Memoirs of a Secretary at War. I would like you to identify how many interests of the US are contained in the above quotation. I can identify at least five interests of the US: (1) US security interests; (2) US foreign policy interests; (3) US military interests; (4) US economic interests; and (5) US legal interests as reflected in compliance with the Foreign Corrupt Practices Act (FCPA).

The above quote synthesizes succinctly concepts that I have tried to articulate for some time as to the worldwide effects of the FCPA. The fight against terrorism has many different tools and I certainly recognize the FCPA as one of them. But this citation from former Secretary of Defense Gates clearly shows the convergence of several interests of the US through the effectiveness of the FCPA. If it had not been for the effective compliance programs of the US aerospace and armament industry, the Saudi Arabian ministers, who advised the King to buy something other than American, might have held sway. But because bribing such ministers would violate US law and put the US companies under potential legal liability, the King had confidence that the US companies were not bribing his ministers to get the Saudi business.

Put another way, what is the cost of paying a bribe to a foreign governmental official? It means that said official’s judgment is clouded by his own self-interest in giving the business to a company, which has bribed him for his business. As Jeff Kaplan would say, there is a clear conflict of interest by the bribe receiver because they are being paid to make a decision to award the business to a company which lines their pockets. Or, in the case of the Saudi ministers that the Saudi King referred to, their collective Swiss bank accounts.

I recognize that the FCPA is a supply side focused law. It criminalizes the conduct of the bribe-giver and not the bribe-receiver. But because of this fact it means that US companies that comply with the law can help foster the US interests that I listed above and perhaps others that I have not identified. So just as I believe that the FCPA helps in the fight against terrorism, I also believe that the FCPA helps to foster US foreign policy, US economic interests and US legal interests.

I see this most clearly in Houston, Texas, generally recognized as the epi-center of FCPA enforcement. There have been more FCPA enforcement actions against companies based in Houston than in any other single city in the world. This is largely because Houston is the self-proclaimed energy capital of the world but this profusion of FCPA enforcement has also led to companies in Houston having some of the most mature compliance programs and it has also led to quite a bit of FCPA knowledge throughout businesses in the city. Nonetheless the key is the business response to the issue and not strictly a legal response.

In the energy industry, the exploration and production companies (E&P) are usually thought of as existing at the top of the food chain (i.e. Mega-Big). Below them are the service companies, which actually do the work of exploration (i.e. Very-Big). The next level down are companies which all work with the service companies, from the multi-billion chemical production firm down to the $15MM company which has a piece of software which does something useful. All of these companies down the chain are required to have a compliance program.

In practice it works something like this. A service company needs a product or service. As part of the regular contracting process, the service company will inquire into the contractor’s compliance function and policy. If the contractor provides a service which deals with a foreign government in any way or has foreign government touch points, the service company may well come and audit the contractor’s compliance program prior to executing the contract. Thereafter the contractor is subject to being audited for not only the execution of the contract but also the continued maintenance of its compliance program. All of this is done for business reasons. It is a business response to a legal issue, that being compliance with the FCPA.

FCPA compliance can be expressed through the formulation articulated by Paul McNulty and Stephen Martin, of Baker and McKenzie, which they call the “Five Elements of an Effective Compliance Program”, which are leadership, performing a risk assessment, instituting standards and controls, then providing training and communication on those standards and controls and, finally, oversight of your compliance program. While McNulty and Martin have written and spoken extensively on these five elements to flesh them out, these basic concepts are usually quickly and easily understood. Further, and perhaps not said as often as it should be said, companies which have a robust compliance program, are usually better run companies because of the controls that are put in place.

In other areas, anti-corruption compliance programs are becoming requirements to access cash to fund your business. If your company is going through traditional corporate refinancing in the next 18 months, any bank or other financial institution that you go to will want to not only review your compliance program but may well want to review where that compliance program may be in terms of an overall assessment of the compliance risks that your company faces. If you want to sell your business, enter into a joint venture (JV) or even receive some other type of funding, your compliance program will be assessed.

While the world is not free of US companies that run afoul of the FCPA, to paraphrase Dick Cassin, there is certainly more anti-corruption compliance going on in the world. But FCPA compliance serves many interests of the US. Robert Gates’ passage above makes clear that the FCPA is doing what it was intended to do and perhaps much more. But of even greater significance is that the King of Saudi Arabia recognized the effectiveness in a business context. Policy makers need to consider how powerful the FCPA is in a variety of US interests before they argue for a change in the law.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 8, 2014

Tales from the Crypt-Rule No. 10-Rule – There is no “I(ntegrity)” in Team-Part II

Tales from the CryptEd. Note-today we conclude a two-part series from the Two Tough Cookies about some of the toughest choices a compliance practitioner may face. As important as this message is for the compliance practitioner, I hope that this series will be read by senior management as well….As Part I was concluded, the Tough Cookie had just been terminated.

Unfortunately for me, there’s no employment law preventing discrimination based on bullying, jealously or insecurity; no law against termination for simply not liking your subordinate or the subordinate’s ability to garner respect.   The hostile work environment I suffered through the entire prior year was due to her insecurity around me, and not based on any protected class. I simply got the shaft for speaking up and expressing the concerns of the team.   Her mistake? She gave me nothing left to lose.

I’ve had a few weeks to cool down since that initial rush of anger, and revenge is best when served with cold, hard logic, and irrefutable facts. Throwing caution to the wind (well, not entirely), I made the ultimate act of moral courage, and sent a letter to executive management, asking that they review the character of the person that they were entrusting the reputation of the company with. For the first time in my career, I was a whistleblower, one of the “one percenters” I used to joke about that throttled the hotline with endless unsubstantiated complaints of “he said, she said.” Now, I am totally sympathetic to the courage it takes to step up to the plate, stand apart from the crowd, and speak up in the hopes of being an earnest agent for positive change.

When asked what resolution looked like for me,   I replied that I was satisfied that the company took my complaint seriously, that this investigation was taking place. I also asked the investigator to thank the company for taking me seriously. I was asked on several occasions “You want her fired, don’t you?!?” and not once did I say yes, even though I wished for it desperately. My response was merely “I just want the company to be aware of the character and qualifications of the person in this most important role, and that appropriate actions be taken when all is said and done.” I did mention it would be nice to have a job again, but that I had little hope of returning.

What did I expect as an outcome? Nothing. What did I get as a reward for that final act of moral courage? Boatloads. First, and foremost, by taking my time, and reducing my concerns from 20 pages of emotional ranting to less than a handful of concise, fact-laden pages, I came across as legitimate. Second, my patience and due diligence paid off – by taking my time to sort through my emotions and only give a factual account of events, and seeking out someone in authority to hear my case, I ensured that my voice would be heard. The company listened. An investigation ensued. The circumstances were weighed, measured, and she was found wanting.

Being in the integrity department is a tough spot to be in – you are supposed to represent the even hand of justice, you are supposed to be the unbiased, objective observer who gathers facts and makes recommendations, when someone behaves badly towards another. No one EVER stops to think who you can call if you are the one on the receiving end of misconduct, or if you become aware of an issue and confidentiality provisions silence your voice (such as in the case of the dual duty corporate counsel and compliance pro) and hobble your effectiveness to effect positive change. If you find yourself in a dilemma such as mine, circle the wagons, but as Ronald Reagan was fond of saying, “Trust, then verify.” Always remember, Integrity and Compliance is not a team function – it is most often singular acts of moral courage taken by brave individuals that override personal risk and reward. High Integrity often demands that you be willing to risk everything for the sake of integrity, to be labeled a pariah, to be shunned, to be shown the door for voicing the unpopular decision. But many times what is said is what is needed to be said. Just don’t let the situation take you by surprise like I did, or for heaven’s sake, don’t wait an unreasonable time for something to change. When I first suffered demoralizing behavior at her hands and got no relief, I should have escalated the matter, going directly to the TOP of HR, to the TOP of legal, and outlined my concerns to insulate myself from retaliation months earlier. I did not. Instead, I chose to simply wait for the change I had been promised, reluctant to make waves, fearful of establishing a reputation as a “whiner” instead of a “winner.” While my intentions were good, the outcome for me, clearly, was not. Here, the compliance leaders were too inexperienced to understand or appreciate the adverse repercussions from both their actions and inaction.

While I still am searching for that high integrity organization that will recognize and appreciate the value I bring, the insights I can share, and the wealth of experiences that have shaped who I am today, I usually sleep well at night, knowing that I have done no wrong. I have left no casualties behind, and I have always treated people with respect, sometimes more than they deserved.   I understand my former boss is no longer in a role where she manages people, which is a good thing.    In fact, I hear she may be getting a dose of her own medicine, but I sincerely hope not – no one deserves the relentless bullying and belittling, facing each work day fearful of the outcome.  If, through each of life’s trials, we can see the lesson, then we can move forward. I know I am a better person for it, even though I still am suffering the consequences of an extended unemployment.   I daily struggle with the choice of telling the truth about why I left that company (retaliated against for reporting a violation), and opting for a more benign “reason for leaving” (departmental reorganization). The stigma of being perceived as an “undesirable” candidate if I am honest about blowing the whistle is a real concern of mine, and I have been passed over in favor of other candidates because such a short stint at my level does not come across well to potential employers. I don’t want to be caught in a lie, because recovery from that route is nearly impossible when you claim to be an “Integrity” professional. I face a real Hobson’s choice, and it is the one thing that keeps me up at night since whichever path I choose can have lasting negative implications for me both professionally, and personally. I am hopeful for the future – the eternal optimist in me, I guess. I do not relish the prospect of either having to live with a lie, or an interminable time of unemployment and the risk of losing my home and my livelihood for taking the high road – the very dear price of moral courage.

Who are the Two Tough Cookies?

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies. Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Their series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone…

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The authors, their affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Authors give their permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the authors.

 

 

April 30, 2014

Interview with Brian Ching – Ideas on Engaging Your Compliance Constituency

Brian ChingLast week I interviewed Brian Ching, the General Manager (GM) of the Houston Dash, which is our local entry into the US National Women’s Soccer League (NWSL). Ching is the recently retired star of the Houston Dynamos, our Major League Soccer (MLS) team. Ching had a star-studded career here in Houston, playing in MLS Championships, making numerous all-star teams and was on the American team in the 2006 World Cup. I had planned to record the interview and post it on my podcast, the FCPA Compliance and Ethics Report; however, due to the technical incompetency of my Recording and Sound Engineer (me) I did not hit the record button so it was not recorded.

But I did take notes, which was fortunate because the interview, which was intended to focus on the issue of leadership, went in a direction that I had not anticipated. I wanted to visit with Ching about his transition from being a player into management and his resulting leadership style. In preparation for the interview I sent him a list of questions to garner more detail on his playing career; who may have influenced him and how the former helped him to inform the leadership style that he might now be using in his position as Dash GM. But as I said, it went in a very different direction midway through the interview.

Ching was recognized as the “Face of the Franchise” and the state-of-the-art soccer stadium, BBVA Compass Stadium where the Dynamos play, is generally recognized as ‘The House that Ching Built’ for all his efforts to bring a fan base and support to Houston. But what I did not realize was that Ching was only one part of the effort that Dynamos management made to reach out to the Houston community to develop a strong and devoted fan base. The Dynamos not only sent its players out into the community to meet fans but also encouraged its players to adopt local charities and become involved to create greater community involvement and raise awareness. The Dynamos left it up to the individual player as to which charity they might want to be involved with. Some of the examples Ching cited were Dynamos’ players involvement with charities as diverse as honoring of veterans and their families, the Houston Zoo, Habitat for Humanity, the SPCA, Toys for Tots and other charitable programs.

I asked Ching if this was a program that had been brought over for the women’s team as well. He answered absolutely. I then asked him how the team could work to draft or sign players or prospects who are willing to engage in that type of community development. He said that in addition to the metrics and traditional scouting it involved having a frank discussion with any prospective signing about what would be expected of her as a Dash member. If getting out, meeting and interacting with the fans was not something that the prospective player was interested in doing that was taken into account in the evaluation process. This last point is assessed during face-to-face interviews with any prospect.

I thought these points raised by Ching were very interesting in the context of a compliance function and what might be needed for a compliance practitioner. The first is the concept of getting out to not only meet your constituency but also develop relationships with them. When the Dynamos moved to Houston there was very little tradition of professional soccer in this city. Yet there was a large segment of the population who were a natural interest group, having played the game growing up. So there was a built-in market ready to be tapped. But the Dynamos took it a step further by going into those areas and developing relationships with the fans and maintaining those relationships with outreach efforts. While many professional sports teams have ‘meet the team’ days, signing day and the like; the Dynamos have events where players, like Brian Ching, would help build houses or perform services for their charities. This garnered not only quite a bit of publicity for the team but also generated much goodwill with the team’s fan base. Finally, it gave ordinary people the opportunity to meet and get to know many of the players. Even if this did not turn an adults head, you can imagine the magic it worked on kids. They all became Dynamo fans.

For the compliance practitioner, the Dynamo and Dash’s approach to developing a loyal fan base can also be a guide to developing such a relationship with your institutional client base. Ching’s goals were and are clearly more than to simply get out of the office and meet people. It is to get involved with the community. Traveling to regions outside the corporate home office is a great idea but try and come up with ways of informally interacting with people. You do not have to build houses like Ching did but you can go to lunch or have a cup of coffee while you are in town for meetings or putting on training. The Dynamos and Dash make themselves accessible and I think that it is important for the compliance practitioner too. It can do wonders to help create a better relationship but getting out of the office is only the first step. You have to engage with those folks as well.

The second thing I culled from Ching was the selection process for players. Something that may not seem important for professional athletes is the ability to get out and engage with the community, however this was viewed as not only an important part of the job description with the team but a key job skill which was required. For the Dynamos and Dash, this meant that there had to be some direct conversations about not only the team’s expectations but also the prospects ability to engage in those activities.

Ching’s discussion about how they communicate their expectations was also an important point that the compliance practitioner should also consider in the interview process and compliance. Just as the Dynamos and Dash use the interview process to convey expectations, they also use the interview to directly inquire from candidates whether they would be willing to go out into the public and represent the franchise. This is important when interviewing for compliance positions and for senior management positions in companies as well.

I am continually amazed to find the numerous examples available to the compliance practitioner from other areas and other disciplines that can not only help inform an individual’s approach to the practice of compliance; but also tips to help companies do the business of compliance better and more efficiently. For myself, it was a learning experience to plan to interview Brian Ching on one thing and have the interview go down a completely separate path. And, of course, the key lesson learned is if you plan to record an interview, make sure that the recorder is turned on.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 14, 2014

The HP FCPA Settlement

FCPA SettlementLast week the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) jointly announced the conclusion of a Foreign Corrupt Practices Act (FCPA) enforcement action against Hewlett-Packard Company (HP). In the settlement, HP agreed to pay $108MM in fines, penalties and disgorgements for criminal and civil acts. To say that it was one of the more perplexing FCPA settlements would seem to be an understatement. While some will read the settlement documents and see conduct which did not merit such a high total amount of fines and penalties, I am not from that camp.

The tale of this sordid affair of bribery and corruption occurred over 3 continents with multiple countries involved, evidencing an entire breakdown in company internal controls and a complete lack of a culture of compliance. Yet the settlement documents make great pains to emphasize that few employees were actually involved in the nefarious conduct. How bad was the conduct? Think right up there with BizJet because we had bags of cash delivered to a Polish government official. (But unlike BizJet, the Board of Directors did not approve the bribery scheme and it was not taken across the border.) For the Russian deal, it was shopped through several countries with multiple levels of company review, which did not seem to work or care much about anything except getting the deal done. For Mexico, they just seemed to get a free pass where the contract description for the agent who paid the bribe was “influencer fee”.

Finally, as most readers might remember, HP did not self-report this misconduct to the DOJ or SEC. Apparently, the story of HP’s bribery by its German subsidiary to gain a contract in Russia was broken by the Wall Street Journal (WSJ) article in April 15, 2010. The next day, the DOJ and SEC announced they were investigating the allegations of bribery. However, HP was made aware of the allegations by its German subsidiary in December 2009, when German authorities raided HP’s offices in Munich and arrested one HP Germany executive and two former employees. Yet HP never self-reported. Not exactly the poster child for self-disclosure for any company going forward.

Of course HP’s public response at the time indicated its attitude, when a HP spokesperson was quoted in the WSJ article as saying “This is an investigation of alleged conduct that occurred almost seven years ago, largely by employees no longer with HP. We are cooperating fully with the German and Russian authorities and will continue to conduct our own internal investigation.”

More befuddlement comes from the reported facts around HP Germany. As noted by the WSJ report, one, then current, HP executive was arrested and two former employees were arrested in connection with the investigation by German authorities. There is no mention of them in any of the settlement documents. The WSJ article also reported that investigation-related documents submitted to a German court showed that German prosecutors were “looking into whether H-P executives funneled the suspected bribes through a network of shell companies and accounts in places including Britain, Austria, Switzerland, the British Virgin Islands, Belize, New Zealand, the Baltic nations of Latvia and Lithuania, and the states of Delaware and Wyoming”. While some of these countries were mentioned in the settlement documents there was no mentions of DOJ or SEC investigations into Wyoming, Belize, the British Virgin Islands or New Zealand.

What are we to make of the criminal fines levied against the Russian and Polish subsidiaries of HP? The Polish subsidiary pled guilty to a two count Criminal Information consisting of (1) violating the FCPA’s internal control provisions; (2) violating the FCPA’s books and records provisions. The US Sentencing Guidelines suggested a fine range of $19MM to $38MM, the final fine was $15,450,244.

For the Russia deal, the Russian subsidiary pled guilty to a four count Criminal Information consisting of (1) conspiracy to violate the books and records provisions of the FCPA; (2) violating the FCPA’s anti-bribery provisions; (3) violating the FCPA’s internal control provisions; (4) violating the FCPA’s books and records provisions. The US Sentencing Guidelines suggested a fine range of $87MM to $174MM, yet the final fine was $58,772,250.

Finally, in Mexico HP’s subsidiary, according the to the SEC Press Release, “paid a consultant to help the company win a public IT contract worth approximately $6 million. At least $125,000 was funneled to a government official at the state-owned petroleum company with whom the consultant had connections. Although the consultant was not an approved deal partner and had not been subjected to the due diligence required under company policy, HP Mexico sales managers used a pass-through entity to pay inflated commissions to the consultant.” This was internally referred to by HP as an “influencer fee.” Pretty clear evidence of what it was to be used for, wouldn’t you say? Yet the DOJ did not to criminally prosecute the company’s Mexican subsidiary and entered into a Non-Prosecution Agreement (NPA), HP agreed to pay forfeiture in the amount of $2,527,750.

How did HP accomplish all of this? In a Press Release HP Executive Vice President and General Counsel John Schultz said, “The misconduct described in the settlement was limited to a small number of people who are no longer employed by the company. HP fully cooperated with both the Department of Justice and the Securities and Exchange Commission in the investigation of these matters and will continue to provide customers around the world with top quality products and services without interruption.”

As reported by the FCPA Professor, in his blog post entitled “HP And Related Entities Resolve $108 Million FCPA Enforcement Action”, the HP Russian subsidiary Plea Agreement gave the following factors for the reduction in the fine from the Sentencing Guideline range:

“(a) monetary assessments that HP has agreed to pay to the SEC and is expected to pay to law enforcement authorities in Germany relating to the same conduct at issue …; (b) HP Russia’s and HP’s cooperation has been, on the whole, extraordinary, including conducting an extensive internal investigation, voluntarily making U.S. and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the Department; (c) HP Russia and HP have engaged in extensive remediation, including by taking appropriate disciplinary action against culpable employees of HP and enhancing their internal accounting, reporting, and compliance functions; (d) HP has committed to continue enhancing its compliance program and internal accounting controls … (e) the misconduct identified … was largely undertaken by employees associated with HP Russia, which employed a small fraction of HP global workforce during the relevant period; (f) neither HP nor HP Russia has previously been subject of any criminal enforcement action by the Department or law enforcement authority in Russia or elsewhere; (g) HP Russia and HP have agreed to continue to cooperate with the Department and other U.S. and foreign law enforcement authorities, if requested by the Department …”

In the same blog post, the Professor reported the following reasons were stated for reduction in the final fine by HP’s Polish subsidiary’s:

“(a) HP Poland’s cooperation with the Department’s investigation; (b) HP Poland’s ultimate parent corporation, HP, has committed to maintain and continue enhancing its compliance program and internal accounting controls …; and (c) HP Poland and HP have agreed to continue with the Department and other U.S. and foreign law enforcement authorities in any ongoing investigation …”

We have witnessed companies, which have engaged in ‘extraordinary cooperation’ with the DOJ during the pendency of their FCPA investigations. BizJet is certainly one that comes to mind. Further, there are clear examples of companies, which extensively remediated during the pendancies of their FCPA investigations, from which they clearly benefited. Two prime examples are Parker Drilling, which not only received a financial penalty below the suggested range but also was not required to have a corporate monitor, while they had C-Suite involvement in its bribery scheme. Weatherford seeming came back from the brink during mid-investigation when they hired Billy Jacobson and turned around not only their attitude towards cooperation with the DOJ but also their efforts toward remediation.

Both of these companies are headquartered in Houston and both have been quite active on the conference circuit talking about their compliance programs so most compliance practitioners are aware that these companies are on the forefront of best practices. Perhaps HP is on some circuit doing that, somewhere. If so, kudos to them. If their remediation work led to a best practices compliance program for the company and their extraordinary cooperation led to the astonishing reduction in penalties to their entities, I certainly tip my cap to them. If their lawyers were great negotiators and made great presentations to the DOJ and SEC, all of which led to or contributed to the final results, a tip of the cap to them as well.

So what is the lesson to be learned for the compliance practitioner? Other than befuddlement, I am not sure. Congratulating HP and its counsel is not a lesson it is an action. If HP now has a best practices compliance program, I hope they will provide the compliance community with the lessons that they learned and incorporated into their compliance program, which allowed them to obtain the fines below the minimum suggested range. If they have incorporated some enhanced compliance components into their program I hope they will share those enhancements too.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 10, 2014

Asking Questions To Build Your Compliance Program

IMG_3289On this day in 1932 President Franklin D. Roosevelt (FDR) enacted the Civilian Conservation Corps (CCC) declaring a “government worthy of its name must make a fitting response” to the suffering of the unemployed. He waxed poetic when lobbying for its passage, declaring “the forests are the lungs of our land [which] purify our air and give fresh strength to our people.” Of FDR’s many New Deal policies, the CCC is considered by many to be one of the most enduring and successful. It provided the model for future state and federal conservation programs. From 1933 to 1942, the CCC employed over 3 million men.

The CCC, also known as “Roosevelt’s Tree Army,” was open to unemployed, unmarried US male citizens between the ages of 18 and 25. All recruits had to be healthy and were expected to perform hard physical labor. Enlistment in the program was for a minimum of 6 months; many re-enlisted after their first term. Participants were paid $30 a month and often given supplemental basic and vocational education while they served. Under the guidance of the Departments of the Interior and Agriculture, CCC employees fought forest fires, planted trees, cleared and maintained access roads, re-seeded grazing lands and implemented soil-erosion controls. The CCC was a solution that was right for the place and time but its effects have lasted up through this day. There are still CCC built national parks and other facilities in use. We still drive over bridges built by the CCC.

I thought about the CCC, how it was such an effective organization for its time and how the results of its efforts have lasted over 80 years, in some cases, when I read an article in the April issue of Inc. magazine, entitled “35 Great Questions”, where Paul Graham, Jim Collins and other business leaders looked at some of questions that thought business leaders should be asking of themselves and of their teams. While the focus was not on compliance and ethics, many of the questions clearly could be viewed through such a prism. The key is that by asking good questions, as listed below, it “opens people to new ideas and possibilities.”

  1. How can we become the company that would put us out of business?
  2. Are we relevant? Will we be relevant five years from now? Ten?
  3. If energy were free, what would we do differently?
  4. What is it like to work for me?
  5. If we weren’t already in this business, would we enter it today? And if not, what are we going to do about it?
  6. What trophy do we want on our mantle?
  7. Do we have bad profits?
  8. What counts that we are not counting?
  9. In the past few months, what is the smallest change we have made that has had the biggest positive result? What was it about that small change that produced the large return?
  10. Are we paying enough attention to the partners our company depends on to succeed?
  11. What prevents me from making the changes I know will make me a more effective leader?
  12. What are the implications of this decision 10 minutes, 10 months, and 10 years from now?
  13. Do I make eye contact 100 percent of the time?
  14. What is the smallest subset of the problem we can usefully solve?
  15. Are we changing as fast as the world around us?
  16. If no one would ever find out about my accomplishments, how would I lead differently?
  17. Which customers can’t participate in our market because they lack the skills, wealth, or convenient access to existing solutions?
  18. Who uses our products in ways we never expected?
  19. How likely is it that a customer would recommend our company to a friend or colleague?
  20. Is this an issue for analysis or intuition?
  21. Who, on the executive team or the board, has spoken to a customer recently?
  22. Did my employees make progress today?
  23. What one word do we want to own in the minds of our customers, employees and partners?
  24. What should we stop doing?
  25. What are the gaps in my knowledge and experience?
  26. What am I trying to prove to myself, and how might it be hijacking my life and business success?
  27. If we got kicked out and the board brought in a new CEO, what would he do?
  28. If I had to leave my organization for a year and the only communication I could have with employees was a single paragraph, what would I write?
  29. What have we, as a company, historically been when we’ve been at our best?
  30. What do we stand for – and what are we against?
  31. Is there any reason to believe the opposite of my current belief?
  32. Do we underestimate the customer’s journey?
  33. Among our stronger employees, how many see themselves at the company in three years? How many would leave for a 10 percent raise from another company?
  34. What did we miss in the interview for the worst hire we ever made?
  35. Do we have the right people on the bus?

As a Chief Compliance Officer (CCO) many of these questions could be adapted to the compliance function or directly asked of you, your leadership and your team. One of the thing that bedevils many CCOs is time to think, plan and consider what Warren Berger, the author of “A More Beautiful Question”, says is the “inquiry’s ability to trigger divergent thinking, in which the mind seeks multiple, sometimes non-obvious paths to a solution.”

I often say that a key role for a CCO is listening but equally important is asking questions. Inc.’s list of thought-provoking questions can give you some excellent ideas about areas to explore with your compliance team, your senior management and the employees in your company. So start asking questions and start listening.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

 

 

April 8, 2014

Mickey Rooney and The 90 Cent Solution

Mickey Rooney as PuckWe begin today with a word on the death of Mickey Rooney. Rooney’s career, spanning nearly 90 years was certainly was from a different era. He was short of stature and long in his number of marriages but as Bob Lefsetz noted in his blog post tribute to Rooney, “But they stood in front of us twenty feet tall. At the drive-in. Even when the pictures truly got small on the tiny old screens of yore they emerged triumphant, because they were so good-looking, so charismatic. And if you were big enough, a bright enough star, your legacy lived on, even if your present day circumstances bore no resemblance to fame.” But here’s why there is always a place in my heart for Mickey Rooney. When I was very young I lived with my grandparents and one night I watched the 1935 movie version of Shakespeare’s A Mid Summer Night’s Dream on television with my grandmother. Rooney’s so over the top performance of Puck began for me a life long love affair with the Bard. So here’s to the grandmother that started me off on a lifelong love affair of Shakespeare’s works and here’s to the Mickster—you did it your way.

I have often considered the role of senior management is to set a proper ‘Tone-At-The-Top” to do business ethically and in compliance with anti-corruption laws like the Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act. Incentives to do business ethically and in compliance are also recognized as an important part of any best practices compliance program. The flip side of incentives is disincentives, such as discipline or financial penalties for affirmatively engaging in misconduct. But how far should such disincentives go and how strong should they be? Should there be penalties for not only affirmatively engaging in misconduct but also failing to monitor risk-taking that allows misconduct to occur? If the latter becomes prevalent, how close do we come to criminalizing conduct, which is arguably negligent and not simply intentional?

I have thought about several of these questions and many others over the past few days when reading about the ongoing struggles of General Motors (GM) over its Cobalt recall issues and Citigroup in regards to its Mexican banking operations. In an article by Gretchen Morgenson in the New York Times (NYT), entitled “The Wallet as Ethics Enforcer”, where she asked “Who decided—and who agreed—that 90 cents was too much to pay for each switch that would have fixed the problem that apparently led to 13 deaths? How much did that decision add to the bottom line and add to executives’ compensation over the years? What will the company have to pay in possible regulatory penalties and legal settlements?” One of her own answers to these questions reads, “While the shareholders of G.M. will shoulder the cost of the fines, the settlements and loss of trust arising from the mess, the executives responsible for monitoring internal risks like these are unlikely to be held accountable by returning past pay.”

Citigroup, which had previously indicated that it had been the victim of a huge fraud perpetrated by one of its customers in Mexico, Oceanografía. However, now Citigroup now faces both federal criminal and civil investigations over the affair. As reported in a Wall Street Journal (WSJ) article, entitled “Crime Inquiry Said to Open On Citigroup”, Ben Protess and Michael Corkery reported that both the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have opened investigations “focusing in part on whether holes in the bank’s internal controls contributed to the fraud in Mexico. The question for the investigators is whether Citigroup—as other banks have been accused of doing in the context of money laundering—ignored warning signs.” For a bank to be criminally liable, “prosecutors would typically need to show that the bank willfully ignored warning signs of the fraud.” However, to show a civil violation, the threshold is lower and there may only need to be a showing that the bank lacked the proper internal controls or internal oversight.

In her article, Morgenson spoke with Scott M. Stringer, the New York City Comptroller, who is a strong advocate of corporate requirements which “make sure that insiders who engage in questionable conduct are required to pay the piper” in the form of clawback provisions. Stringer has worked with companies to expand clawback provisions beyond those mandated by Sarbanes-Oxley (SOX), which required “boards to recover some incentive pay from a chief executive and chief financial officer if a company did not comply with financial reporting requirements.” Now, clawbacks have expanded to require executives to return compensation “even if they did not commit the misconduct themselves; they run afoul of the rules by failing to monitor conduct or risk-taking by subordinates.” Stringer believes that such clawback provisions not only “speak to the issue of financial accountability but also to setting a tone at the top.”

Morgenson ends her article by noting that unless GM makes public its internal investigation, “we may never know how many G.M. executives knew about the Cobalt problems and looked the other way.” In the meantime though, this debacle shows the importance of policies that hold high-level employees accountable for conduct that, even if not illegal, can do serious damage to their companies. Directors creating such policies would be sending a clear signal that they take their duties to the company’s owners seriously.”

At this point, we do not know high up the decision went in GM not to install the 90 cent solution. But I would argue it really does not matter. Somewhere in the company, some engineer figured out a solution and indeed one was implemented without changing the part number. I am sure the GM Board would have been sufficiently shocked, just shocked, to find out that such decisions as monetary over safety were going on inside the company. What does all of the information released so far tell us about the culture inside GM when these decisions were made? While I am certainly willing to give current GM Chief Mary Barra the benefit of the doubt about her intentions for the company going forward, particularly after a grueling couple of days before Congress, what do you think the financial incentives were in the company when the 90 cent solution was rejected?

It initially appeared that Citigroup was the victim of a massive fraud perpetrated by one of its customers. However, even initially it was reported that Citigroup let its Mexican operation, Banamex run its own show with very little oversight from the corporate office in New York. Now Citigroup is not only under a civil investigation for lack of proper internal controls but also a criminal investigation for willful ignorance of Banamex’s operations. Does any of this sound far-fetched or perhaps familiar? Think about Frederick Bourke and ‘conscious indifference’. Even the judge in Burke’s criminal trial mused that she did not know if he was a perpetrator or a victim. Perhaps Citigroup is both, but if he was both it certainly did not help Bourke. While I am certainly sure that the Citigroup Board of Directors would also say that it would also simply be shocked, just shocked, to find that there were even insufficient internal controls over Banamex, let alone willful ignorance of criminal actions of its Mexico subsidiary, it does pose the question as to what is the culture at the bank?

As important as clawbacks are, until the message of compliance gets down from the top of an organization, into the middle and then to the bottom, a culture of compliance will not exist. I have worked in an industry where safety is goal number one. But in the same industry I have heard the apocryphal tale of the foreign Regional Manager who is alleged to have said, “If I violate the Code of Conduct, I may or may not get caught. If I violate the Code of Conduct and get caught, I may or may not be punished. If I miss my numbers for two quarters, I will be fired.” Clawbacks for Board members would not have influenced this apocryphal foreign Regional Manager, any more than they would have worked on the psyche of the GM engineers who proposed and then later dropped the 90 cent solution. It was clear to them what their bosses thought was important for them to keep their jobs. As long as management has that message, doing business ethically and in compliance will always take a second seat.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

March 28, 2014

Tales From the Crypt-Rule 6: Never Mix Business With Pleasure

Tales from the CryptEd. Note-this week on am on a Spring Break college tour with my daughter. The Two Tough Cookies whom are penning the Tales From the Crypt Series have graciously agreed to contribute a week’s worth of workplace Tales from their crypts so help illustrate some key compliance and ethics concepts. Today they look at why you should never mix business with pleasure…

This Tale from our Crypt highlights the treacherous abyss of dating in the workplace, especially when it involves senior management.  We have alluded in prior posts that management doesn’t always want to get involved in personal matters, and in this instance, that reservation was in full force. The rumor mill was in high gear pertaining to a certain US-based manager and an overseas executive.  If the rumors were right, the two of them were managing a global whirlwind romance, which seemed a bit of a stretch to those of us in HQ, so we really didn’t pay much attention when the rumors first surfaced.  After all, if it didn’t interfere with either individual’s work commitments, it was not “our place” to interfere.

Imagine my surprise when I received an anonymous email, written as if a committee had crafted the contents, pleading for help because the overseas executive appeared to be too distracted by his temptress’s charms to mind the shop, and critical business decisions either weren’t being made, or were being made without full consideration of the outcome.   “Business” meetings hours long in length were being held behind closed doors between the executive and the manager, notwithstanding the fact that the executive was married, and the manager was not one of his direct reports. Ultimately, the allegations  escalated to the level of accusing the executive of turning the keys of the kingdom over to his “princess” who was running the subsidiary as the de facto executive, making decisions on employee roles and responsibilities.

Our first reaction was to reply to the email, seeking some nuggets of information that would give us a bit more than simply lack of discretion and “suspected” unauthorized delegation of authority. It wouldn’t be the first time, and most certainly not the last, that an illicit workplace affair would surface – it happens sometimes.  Rumors start, regardless of the truth of the allegations, whenever two people of spend a lot of time together.  In fact, I have been suspected of having an affair with a junior colleague although the suspicions were baseless.  We simply got along incredibly well, and I would never think of jeopardizing my extremely happy marriage (not to mention my career) with even a moment of workplace indiscretion.

When we started to dig after receiving some more detail from the anonymous source, we also started to hear rumors that the pair were recently seen, holding hands while out in public, during one of those extended business trips the executive made to the States.  While there was no allegation of misconduct in violation of the Code of Conduct or any other policy in the organization, the tone of the concerns inferred a serious lack of management oversight by the executive, with work assignments, customers and special projects all being assigned favorably to the manager or her “friends.”  As we started to look a bit closer, we found she had convinced her Stateside manager that her skills were in “desperate need” at the foreign subsidiary, and she had been making frequent trips there with the costs charged back to the sub.  Her boss didn’t care as long as she got her work done, and the bills for her frequent trips were not on his P&L.

Once again, we started a forensic review of each party’s computer records to determine if there were any inappropriate communications between them.  While the executive’s email account was purged nightly based on his settings, the manager’s wasn’t, giving us some insight into the true nature of their relationship.  The smoking gun surfaced when I discovered an email just prior to the most recent ‘business trip’ with a demand for expensive lingerie and perfume as “presents” for their next “meeting.”  So I tagged that email, and started a mail server search of all related messages, and a treasure trove opened wide for me.  Jaw dropping material, revealing pet names and an intimate relationship that easily spanned upwards of a year.  A review of the subsidiary’s financial records revealed bills paid for a rent on house, a car, clothing allowances… the works, with all of these “perks” earmarked for the manager charged back to (and paid for by) the subsidiary, of course.

I decided to expand the scope of my search, and asked IT to patch me into the executive’s system when he would be away from the office, during off hours.   We sent out a memo to the location, advising the local management team that all computers had to be left on each night for the following week so that critical updates and software patches could be remotely made to their computers from HQ.  What I found when I finally got “in” shocked me to the core.  Not only were there intimate emails from the manager squirreled away on his hard drive, but oh, so much more…. A whole folder devoted entirely to hard core porn. What WAS that guy thinking!?!  Sometimes my job is actually distasteful – copying those images onto our servers to “preserve” the evidence, along with an image of the file hierarchy on his hard drive, made me squeamish.  When I shared my findings with the General Counsel, his face beet red in embarrassment at the images I called up, he told me he had seen enough.  We had to plan what to do, because removal of this executive entailed a lengthy process under local laws.

Putting our collective heads together, we determined the best course of action would be to offer the executive the opportunity to resign.  We prepared the papers, and consulted with a local board member who we trusted with our findings.  The shock that registered on his face when he learned our news told a tale of utter devastation.  The innocent lives of his family and loved ones were to be ruined with this man’s single act of selfish impropriety if we did not act with care. This was no time to make a public example of the executive – we needed to act with delicacy and tact.  The manager, on the other hand, was not our concern.  We had no issue taking prompt action with her for her lack of discretion.

It is only when I received a note of thanks from my anonymous source that I understood the true impact we Integrity and Compliance professionals have on others’ lives.  I was satisfied with the outcome against the executive.  He clearly breached his duty of trust to the organization, but more importantly, he lost the trust of the very people who looked up to him, day to day.  Another set of circumstances may have resulted differently, but these people cared about the company, cared that their “leader” was absent.  We owed it to them to care as well.

The anonymous note of thanks which I received warmed me to my very core:

The head is today held high in pride of working for a Company which has …. demonstrated unflinching commitment to ethics and values… the recent action taken has brought unprecedented respect and esteem in the minds of the entire working community. [We] want to personally thank you for …. restoring faith and confidence that any violation in ethics or values in this company, if reported to the [correct people], shall be dealt with immediately … professionally …  and transparently. Since complete confidentiality has been maintained, people now know that what has gone wrong is more important than who has reported the issue…. Thank you once again and forever indebted…….

No, my dear colleagues, the Company is in your debt for demonstrating unshakable courage during a time which must have provoked intense fear and uncertainty.

Who are the Two Tough Cookies? 

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies.  Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Our series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone… 

« Previous PageNext Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,509 other followers