FCPA Compliance and Ethics Blog

June 23, 2014

An Event That Changed the World and Fostering Compliance Leadership – Part I

Archduke Ferdinand AssassinationThis coming Saturday, June 28th, is the 100th anniversary of most probably the single most momentous event of the 20th century; the assassination of Archduke Ferdinand and his wife Sophie in Sarajevo, then located in the Austro-Hungarian Empire. I view it as the singular event of the prior century because it led directly to the following events: the First World War, the Second World War, the Russian Revolution, the fall of the Hapsburg, Romanov and Prussian monarchies, the Cold War and a host of other events. One can point to 1963 in Dallas and 9/11 as direct descendants of the actions of the Sarajevo assassins.

One of the best articles I have ever read on the assassination was in the March 22nd edition of the Financial Times (FT) in a piece by Simon Kuper, entitled ‘The crossroads of history”. Kuper returned to modern day Sarajevo “to try and understand his act in its local context – the context both of 1914 and 2104.” I think that Kuper did come to some understanding through his reporting, which I found to be first rate. The attack on the Archduke itself came about through a plethora of mis-steps, foolish decisions and idiotic mistakes that rival any modern day industrial catastrophe. Kuper quoted the author Rebecca West for the following, “Nobody worked to ensure the murder on either side as the people who were murdered.” As this assassination started Europe down a road that led to well over 20 million deaths, it is an appropriate start to many more posts I will have during the centenary of 1914.

Just as Gavrilo Princip changed the course of history, I recently read an article in the May edition of the Harvard Business Review (HBR) which I think could significantly modify how you, as a Chief Compliance Officer (CCO) or compliance practitioner, will think about getting employees to “apply their talent and energy to move organizations forward” in compliance and ethics. The article is entitled “Blue Ocean Leadership”. In this two-part series I will explain the authors view of the problem that “According to Gallup’s 2013 State of the American Workplace report, 50% of employees merely put their time in, while the remaining 20% act out their discontent in counterproductive ways, negatively influencing their coworkers, missing days on the job, and driving customers away through poor service. Gallup estimates that the 20% group alone costs the U.S. economy around half a trillion dollars each year.” The authors believe that “poor leadership is a key cause” of this problem. The authors posit that leadership is a “service that people in an organization “buy” or “don’t buy” and when employees come to value you as a leader, they “in effect buy your leadership.”

Today I will focus on how ‘Blue Ocean Leadership’ differs from conventional leadership and tomorrow I will review strategies of how to execute this type of leadership and explore its implications for the CCO or compliance practitioner.

Key Differences from Conventional Leadership Approaches

The authors point to three key differences between ‘Blue Ocean Leadership’ and traditional leadership approaches.

The first key difference is that ‘Blue Ocean Leadership’ “focuses on what acts and activities leaders need to undertake to boost their teams’ motivation and business results, not on who leaders need to be. This difference in emphasis is important. It is markedly easier to change people’s acts and activities than their values, qualities, and behavioral traits. Of course, altering a leader’s activities is not a complete solution, and having the right values, qualities, and behavioral traits matters. But activities are something that any individual can change, given the right feedback and guidance.”

The second under ‘Blue Ocean Leadership’ is to “connect closely to market realities”. This is accomplished by having “the people who face market realities are asked for their direct input on how their leaders hold them back and what those leaders could do to help them best serve customers and other key stakeholders. And when people are engaged in defining the leadership practices that will enable them to thrive, and those practices are connected to the market realities against which they need to perform, they’re highly motivated to create the best possible profile for leaders and to make the new solutions work.” This allows not only employee buy-in both also quicker and more efficient engagement of the implementation of a leaders program.

The third key difference is that ‘Blue Ocean Leadership’ distributes leadership across all levels of management. The authors quoted one senior executive who said, “The truth is that we, the top management, are not in the field to fully appreciate the middle and frontline actions. We need effective leaders at every level to maximize corporate performance.” However ‘Blue Ocean Leadership’ is more robustly “designed to be applied across the three distinct management levels: top, middle, and frontline. It calls for profiles for leaders that are tailored to the very different tasks, degrees of power, and environments you find at each level. Extending leadership capabilities deep into the front line unleashes the latent talent and drive of a critical mass of employees, and creating strong distributed leadership significantly enhances performance across the organization.”

The Four Steps of Blue Ocean Leadership

Most importantly the authors believe that you have to see your leadership for what it is and not what you wish it to be. If you do not have a “common understanding of where leadership stands and is falling short, a forceful case for change cannot be made.” The authors created a template that they called “Leadership Canvases” which are visual representations to show what leaders actually do, rather than what they think they do. The authors’ research showed that 20% to 40% of all actions taken by managers are of little value to the organization. This led to the “biggest “aha” for the subteams was that senior managers appeared to have scarcely any time to do the real job of top management—thinking, probing, identifying opportunities on the horizon, and gearing up the organization to capitalize on them.”

Based upon this initial finding, the authors began to explore alternative leadership profiles. Here you are required “to think beyond the bounds of the company and focus on effective leadership acts they’ve observed outside the organization, in particular those that could have a strong impact if adopted by internal leaders at their level. Here fresh ideas emerge about what leaders could be doing but aren’t. This is not, however, about benchmarking against corporate icons; employees’ personal experiences are more likely to produce insights. Most of us have come across people in our lives who have had a disproportionately positive influence on us. It might be a sports coach, a schoolteacher, a scoutmaster, a grandparent, or a former boss. Whoever those role models are, it’s important to get interviewees to detail which acts and activities they believe would add real value for them if undertaken by their current leaders.”

The next step begins to take what I call some real corporate courage. It requires that middle and frontline managers critique what senior management has come up with in step 2, developing alternative leadership profiles. Some of the more interesting changes were ‘Cut through the Crap’ in which “frontline leaders did not defer the vast majority of customer queries to middle management and spent less time jumping through procedural hoops. Their time was directed to training frontline personnel to deliver on company promises on the spot” and to resolve problems. Another was ‘Liberate, Coach and Empower’ where leaders “time and attention shifted from controlling to supporting employees.” Finally, there was ‘Delegate and Chart the Company’s Future’ where the front and middle line managers had more responsibility so “senior managers would be freed up to devote a significant portion of their time to thinking about the big picture—the changes in the industry and their implications for strategy and the organization. They would spend less time putting out fires.”

Blue Ocean Leadership’ challenges companies to allow its employees to “think about which acts and activities leaders should do less of because they hold people back, and which activities they should do more of because they inspire people to give their all.” Just as you begin to think through the changes wrought by one action in a small town, very long ago, which changed the 20th Century forever, you may wish to use these concepts to think about how your leadership can be made more effective.

In tomorrow’s post I will look at how the authors believe you can execute a ‘Blue Ocean Leadership’ change in your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 11, 2014

Semper Fi and Compliance-Leadership Lessons from the Marines

Marines as Devil DogsEver wonder where the US Marine Corp got its nickname of ‘hellhounds’? It came courtesy of the Imperial Germany Army from a battle that took place in the month of June 1918, the Battle of Belleau Wood. According to the Battle’s entry in Wikipedia, the Marines forces marched 10K to reach a site where the German Army had broken through against the French Army. After arriving on the site and turning back the German advance, the Marines were repeatedly urged to turn back by retreating French forces, Marine Captain Lloyd W. Williams of the 2nd Battalion, 5th Marines, uttered the now-famous retort Retreat? Hell, we just got here.” 

After the battle, the French renamed the wood “Bois de la Brigade de Marine” (“Wood of the Marine Brigade”) in honor of the Marines’ tenacity. The French government also later awarded the 4th Brigade the Croix de guerre. An official German report classified the Marines as “vigorous, self-confident, and remarkable marksmen…” General Pershing – Commander of the American Expeditionary Force – even said, “The deadliest weapon in the world is a Marine and his rifle!” Pershing also said “the Battle of Belleau Wood was for the U.S. the biggest battle since Appomattox and the most considerable engagement American troops had ever had with a foreign enemy.” But it was the Germans who gave the Marine Corp its most lasting moniker, when the called them ‘the dogs from hell.’ Tribute indeed.

I thought about this tribute to the Marine Corp when I recently read an article in the Corner Office section of the New York Times (NYT), entitled “Leading By Putting Your Followers First”, by Adam Bryant. In this article, he profiled Don Knauss, the Chief Executive Officer (CEO) of Clorox Company. Knauss joined the Marine Corp after college and this experience gave him some valuable leadership lessons that Bryant detailed in his article. One of the things that influenced Knauss’ philosophy on leadership was the Marine Corp process of thinking through an issue. Bryant wrote, “I learned in the Marine Corps that I really liked strategy. Every operation in the military is based on a five-paragraph order, and the acronym is Smeac — situation, mission, execution, administration and communication. It’s a very logical flow.”

Another key leadership lesson is defined by the age-old acronym KISS or Keep it simple, sir. Bryant wrote that Knauss said, “how are you going to focus the organization? And it had better be simple, and it probably should not be more than three things. You’ve got to communicate it about 100 times and align your incentive structure to it. It’s about distilling the complex to the simple, and I’ve seen leaders fail because they do the reverse, by trying to make things into some intellectual exercise. Whatever business you’re in, there are fundamentals, just like blocking and tackling in football. It always comes back to the fundamentals. You cannot let yourself get bored with the fundamentals.”

But more than simply communicating something about 100 times to get your message across, Knauss believes that you have to make sure that people believe that you care about them. That is certainly something a compliance practitioner needs to take to heart. Knauss reflected, “it’s all about your people. If you’re going to engage the best and the brightest and retain them, they’d better think that you care more about them than you care about yourself. They’re not about making you look good. You’re about making them successful. If you really believe that and act on that, it gains you credibility and trust. You can run an organization based on fear for a short time. But trust is a much more powerful, long-term and sustainable way to drive an organization.”

Knauss had some interesting insights relating to how he evaluates potential hires that I think makes a lot of sense for the compliance professional to consider.

  1. Passion – Knauss looks for energy and considers whether the person will have an impact on the business.
  2. Smarts – Can the candidate think analytically, creatively and strategically?
  3. Develop others – Is there any pattern in the person’s career that shows they can develop people or put inversely, did people move up through an organization because they were mentored by this person?
  4. Communication skills – Knauss considers if he can imagine this person on a stage, inspiring a large group? He also assesses whether the candidate has an easy, informal manner to conversely test if they are too formal and too focused on hierarchy, as Knauss believes formality and rigidity do not work.
  5. Use of power v. use of authority – Here Knauss believes “it is much more powerful to use authority than power. One of the things I’ve learned is that as you move up in an organization, you’re given more power. The less you use the power you’ve been given, the more authority people give you, because they think: “You know what? This guy’s O.K.” Persuading people to do things – come along with me because we’re going in the right direction – is much more powerful over time.”
  6. Values – Knauss said that the final thing he tries to evaluate is the values of a candidate. He considers that it is important that they are honest and will tell the truth. Moreover, “do they also stand up for what they think is right in the company? It starts with integrity, which is really the grease of commerce. You get things done much more quickly when people trust you.”

However, I found one of the most important lessons that Knauss intoned was about how a leader should treat people. He told the story about how he joined a group of Marines who had been in the field for several weeks and had been eating C-rations. When Knauss met them, they were having their first hot meal since going into the field. Knauss related, “I had been up since 5 in the morning, and I was pretty hungry. I started walking over to get in front of the line, and this gunnery sergeant grabbed my shoulder and turned me around. He said: “Lieutenant, in the field the men always eat first. You can have some if there’s any left.” I said, “O.K., I get it.” That was the whole Marine Corps approach – it’s all about your people; it’s not about you. And if you’re going to lead these people, you’d better demonstrate that you care more about them than you care about yourself. I’ve never forgotten that, and that shaped my whole approach to leadership from then on.”

That final lesson is the most important one for any compliance practitioner. Your gold-plated written compliance program is only as strong as the people you have in your company. If you can demonstrate, and lead in compliance, by showing your fellow company employees that you are there to assist them but you will also go the extra mile to make them understand you care about them, you will get much more out of them at the end of the day.

===============================================================================================================================================================================================================================================


M&AIf you are interested in learning about mergers and acquisitions under the FCPA I am involved in to upcoming events designed to give you the most up-to-date advice on this area of compliance. Both events are sponsored by The Network. The first event is a webinar entitled appropriately enough, “Mergers and Acquisitions Under the FCPA” and is scheduled for  Tuesday, June 17th, 2014 TIME: 2:00 pm EDT. For registration and additional information click here. On Tuesday, June 24th the always popular Tom Fox/Stephen Martin roadshow returns to Denver where I will speak live on Merger and Acquisitions Under the FCPA and Stephen will talk about risk assessments under the FCPA. For information on the Denver event, click here

 

 

 

World Cup 2014

I am putting on a four part podcast series on the World Cup, detailing issues of bribery and corruption, together with an ongoing discussion of Team USA and this year’s tournament. I am joined by Mike Brown, the Managing Director of Infortal. You can check out Part I by clicking here of the series where we discuss bribery of referees in the lead up to the 2010 World Cup held in South Africa and FIFA’s response. Mike and I then review Team USA and it’s draw in Group g-the Group of Death. I hope that you will check out this series and enjoy it as much as Mike and I enjoy recording the episodes. Also remember, my podcast, the FCPA Compliance and Ethics Report is available for download at no charge on iTunes so you can listen to Part I on your commute to work. So sign up for the podcast from WordPress or iTunes and enjoy our series.

===============================================================================================================================================================================================================================================

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. 

© Thomas R. Fox, 2014

 

 

 

 

Private-to-Private – How Business is Driving FCPA Compliance

Ben HoganToday we celebrate greatness. On this day in 1950, Texan Ben Hogan fully returned to the world of professional golf by winning the US Open, just 16 months after sustaining near fatal injuries in a car crash. His injuries were indeed horrific. Hogan suffered a broken collarbone, ankle, ribs and a double fracture to his pelvis. While in the hospital, a blood clot appeared in his leg, forcing doctors to tie off the surrounding veins to keep the clot from reaching his heart. Hogan’s legs atrophied, and doctors worried he would never walk again, let alone play golf at a professional level. Yet Hogan was able to walk 36 holes on the final day of regulation play and win the tournament the next day in an 18-hole playoff. Hogan is one of two golfers to win three of golf’s major championships in one year, won after his 1949 automobile accident.

A few weeks ago I wrote and put out a podcast about how the Houston energy community had developed a business solution to Foreign Corrupt Practices Act (FCPA) compliance. In the energy industry, the exploration and production companies (E&P) are usually thought of as existing at the top of the food chain (i.e. Mega-Big). Below them are the service companies, which actually do the work of exploration (i.e. Very-Big). The next level down are companies who work with the service companies, from the multi-billion chemical production firm down to the $15MM company which has a piece of software which does something useful. All of these companies down the chain are required to have a compliance program.

In practice it works something like this. A service company needs a product or service. As part of the regular contracting process, the service company will inquire into the contractor’s compliance function and policy. If the contractor provides a service which deals with a foreign government in any way or has foreign government touch points, the service company may well come and audit the contractor’s compliance program prior to executing the contract. Thereafter the contractor is subject to being audited for not only the execution of the contract but also the continued maintenance of its compliance program. All of this is done for business reasons. It is a business response to a legal issue, that being compliance with the FCPA.

Last week I received a copy of a paper by Scott Killingsworth, one of the true great practitioners in the field of compliance. Last year, he was listed by Ethisphere as one of its “Attorneys Who Matter” in ethics and compliance. His 2013 paper, “article, “Modeling the Message: Communicating Compliance through Organizational Values and Culture”” received a 2013 Burton Award for Distinguished Legal Writing. Killingsworth’s latest article is entitled “The Privatization of Compliance” and in it he sets out the legal and theoretical underpinnings for what I call the business solution to FCPA compliance. In his introduction he stated, “Embodied in contract clauses and codes of conduct for business partners, these obligations often go beyond mere compliance with law and address the methods by which compliance is assured. They create new compliance obligations and enforcement mechanisms and touch upon the structure, design, priorities, functions and administration of corporate ethics and compliance programs. And these obligations are contagious: increasingly accountable not only for their own compliance but also that of their supply chains, companies must seek corresponding contractual assurances upstream. Compliance is becoming privatized, and privatization is going viral.” And he calls this “private-to-private or P2P compliance.”

Killingsworth says this is a change from a “vertical, state-imposed” mandate to “an integral adoption of best practices both as a cultural norm and critically, as a path to profit”. [Italics mine] He notes that when such obligations come from a business partner, “This message has the potential to re-orient some attitudes and remove some ethical blinders. As more businesses are forced by their counterparties to examine their compliance processes and routinely accept business and legal consequences for them, we can expect increases in overall investment in compliance, in the scope and robustness of the average compliance program, and in ambient awareness of compliance issues outside the compliance, audit, and legal staffs. The viral nature of the process, in which each participant can exert pressure on a large number of direct and indirect upstream or downstream parties, while simultaneously fielding demands from other members of its value chain, suggests that the trend will continue and its influence will grow.”

Specifically in the area of anti-bribery/anti-corruption compliance programs, he writes “The debates about best practices are settled, save for skirmishes over when they can be practically applied.” Such best practices can be seen in the area of third-party due diligence and anti-bribery provisions, which are written into contracts with “domino-style flow-down requirements.” These obligations can arise through directly incorporating anti-corruption compliance obligations or by reference to one party’s compliance regime, or both. Such contractual provisions can cover a variety of issues, such as “ethical rules governing relationship issues such as conflicts of interest and gifts and entertainment; requirements to obey specific laws of concern and laws generally; and procedural rules such as the right to audit the partner’s records or train its personnel. Process and structural rules may be imposed on the partner’s compliance activities, such as requirements to establish management accountability, develop appropriate policies and procedures, maintain an anonymous reporting system and an anti-retaliation policy, train employees, conduct periodic audits, risk assessments and remediation, and of course, sometimes to cascade these program elements to downstream associates.”

Killingsworth details several areas that compliance professionals and contract lawyers should look for when confronted with P2P clauses and he does warn that some negotiators “will always be zero-sum business partners whose prime goal is risk transfer and who will do everything within their power to achieve it through contracts and P2P Codes.” However, he ends his paper with an upbeat note that he believes P2P codes and contract clauses can further the goals of greater compliance with anti-corruption laws.

I found his paper to be a ‘must read’ for anyone in the compliance field. He lays out a theoretical framework, coupled with some of the practical issues which need to be addressed moving forward for what I believe is a business solution to a legal problem. Kudos to Killingsworth for his continued contributions to the field of compliance and ethics where he is truly one of the greats.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2014

May 28, 2014

What Does an Effective Compliance Program Look Like? – The Regulators Perspective

Compliance ProgramWhat does an effective compliance program look like? Is it one that follows the Ten Hallmarks of an Effective Compliance Program as set out in the 2012 FCPA Guidance? How about one that uses the Six Principals of Adequate Procedures relating to the UK Bribery Act as its guideposts? Or should a company follow the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance? More importantly, for anti-corruption enforcement under the Foreign Corrupt Practices Act (FCPA), what does the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) look for when assessing a compliance program?

Over the years, we have heard various formulations of inquiries that regulators might use when reviewing a compliance program. While not exactly a review of a compliance protocol, one of my favorites is what I call McNulty’s Maxims or the three questions that former United States Deputy Attorney General, and  Baker & McKenzie LLP partner, Paul McNulty said were three general areas of inquiry the he would assess regarding an enforcement action when he was at the DOJ. They are: first: “What did you do to stay out of trouble?” second: “What did you do when you found out?” and third: “What remedial action did you take?”

Paul’s former partner at Baker & McKenzie, Stephen Martin, who still runs Baker & McKenzie Compliance Consulting LLC, said that an inquiry he might make was along the lines of the following. First he would ask someone who came in before the DOJ what the company’s annual compliance budget was for the past year. If the answer started with something like, “We did all we could with what we had ($100K, $200K, name the figure), he would then ask, “How much was the corporate budget for Post-It Notes last year?” The answer was always in the 7-figure range. His next question would then be, “Which is more business critical for your company; complying with the FCPA or Post-It Notes?” Unfortunately, it has been Martin’s experience that most companies spent far more on the Post-It Notes than they were willing to invest into their compliance program.

Last week at Compliance Week 2014, Andrew Ceresney, Director of the Division of Enforcement of the SEC, gave one of the Keynote Addresses. In his remarks he talked about the importance that the SEC is putting into compliance. He said “I start from the premise that the companies that have done well in avoiding significant regulatory issues typically have prioritized legal and compliance issues, and developed a strong culture of compliance across their business lines and throughout the management chain. This is something I observed firsthand while in private practice and have come to fully appreciate from my perch at the SEC.”

But, more importantly, he said that he has “found that you can predict a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company’s legal and compliance departments in the firm.” He then went on to detail some rather straightforward questions that he believes can show just how much a company is committed to having a robust compliance regime.

  • Are legal and compliance personnel included in critical meetings?
  • Are their views typically sought and followed?
  • Do legal and compliance officers report to the CEO and have significant visibility with the board?
  • Are the legal and compliance departments viewed as an important partner in the business and not simply as support functions or a cost center?

Beyond simply going into the DOJ or SEC and claiming that your company is very ethical and does business in compliance with the FCPA, how can a company demonstrate the above? This is where the Tom Fox Mantra of Document, Document and Document comes into play. No matter how much input the compliance function has into the above suggested inquiries if the inputs are not documented, it is if they did not exist. So for meetings, you should keep attendance sheets or notations. A compliance representative can put a short, three to four sentence memo into the file about the recommendations and the response thereto. If the compliance department advise was not followed, there should be a business reason documented for the decision. Moreover, if there is a rejection of the compliance function advise and the course of action leads to some type of FCPA issue, it may well be assumed the company knew or should have known that the course of action taken could reasonably lead to a FCPA issue if not full blown violation. As to the issues of compliance visibility at the Board level, once again the documentation of any presentation and their substance can provide evidence to answer the query in the affirmative. But the key to all of these questions is if there is documentation to prove the assertions that they actually occurred.

Near the end of his presentation, Cerensey said that “Far too often, the answer to these questions is no, and the absence of real legal and compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues. When I was in private practice, I always could detect a significant difference between companies that prioritized legal and compliance and those that did not. When legal and compliance were not equal partners in the business, and were not consulted as a matter of course, problems were inevitable.”

McNulty’s Maxims, Martin’s question on budget and now Cerensey’s questions all provide significant guideposts to how regulators think about FCPA compliance programs. For me, I think the point is that companies which actually Do Compliance are easy to spot. For all the gnashing of teeth about how hard it is to comply with what the DOJ and SEC want to see in FCPA compliance, when the true focus can be distilled into whether a company actually does compliance as opposed to saying how ethical they are, I think it simplifies the inquiry and the issues senior management and a Board of Directors really needs to pay attention to.

For a copy of the full text of Director Cerensey’s remarks, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 23, 2014

Trip To Annapolis and Teaching Leadership

Naval AcademyMonday is Memorial Day and is the day wherein the men and women who died while serving in the United States Armed Forces are remembered. The holiday is celebrated every year on the final Monday of May. The first recorded Memorial was held on May 1, 1865 in Charleston, South Carolina to commemorate the soldiers who died in the Civil War. By the 20th century, Memorial Day had been extended to honor all Americans who have died while in the military service.

I thought about Memorial Day when I toured the US Naval Academy this week. This is also Commissioning Week for graduating seniors who will become officers in the Navy or Marine Corps this coming Saturday. One of the buildings that I toured was the US Naval Academy Museum. The mission of the Naval Academy Museum is to collect, preserve, and exhibit the artifacts and art that are the physical heritage of the US Navy and the Naval Academy in order to instill in Midshipmen a knowledge of the history and heritage of the Navy and the Naval Academy and to supplement the instruction of all academic departments of the Academy, as well as to demonstrate to the public the contributions of Academy graduates to the military services and to the Nation. And to motivate in young people a desire to become part of the Brigade of Midshipmen and to begin a career of service to their Nation.

The Museum is many ways a teaching museum. One of the courses taught directly in classrooms in the building is on leadership. Of course, the curriculum teaches the overriding theme of the Naval Academy, which is Duty Honor Loyalty, but it goes beyond this to a moral and ethical dimension to its leadership classes. The firm belief at the Academy is that leadership can be taught through the modeling from prior leaders.

I thought about this concept of modeling leadership in the context of compliance. One area that is not focused on too often in company-sponsored training is that of leadership. Moreover, while many business leaders receive substantial training on the technical aspects of doing business, they rarely receive training or are even assessed on leadership attributes to do business ethically and in compliance with laws such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. It occurred to me that if the US Naval Academy can teach leadership, this is something that US businesses could also teach.

While you are pondering this question, I hope that you might think about all the men and women who have gave their lives so that we might live in freedom and are honored this and every Memorial Day. While in Annapolis I had another reminder of their sacrifice. While having some lunch at Chick and Ruth’s, the owner came over the PA and asked us all to stand and say The Pledge of Allegiance. He said the reason that he made the request was “because we could stand and say it.” I realized that we are honoring those people who made ultimate sacrifice.

Happy Memorial Day to all but I would ask that you take a moment to thank all those we honor for this holiday and to honor the men and women of the US Naval Academy who will be commissioned this weekend and will serve us all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 16, 2014

Compliance Hiring Practices under the FCPA

King Solomon and the BabyHiring practices under the Foreign Corrupt Practices Act (FCPA) are not often given much thought or widely discussed. They have come up for discussion more recently because of the issues surrounding the hiring of sons and daughters of foreign government officials most publicized with JPMorgan Chase & Co. But numerous other company’s similar hiring practices are under regulator scrutiny. As far back as 2004, in Opinion Release 04-02, the Department of Justice (DOJ) realized this was an important part of an overall compliance program when it approved a proposed compliance program that had the following requirement:

Clearly articulated procedures which ensure that discretionary authority is not delegated to persons who the company knows have a propensity to engage in illegal or improper activities.

I thought about some of these issues when I read The Saturday Essay in the Wall Street Journal (WSJ), entitled “How to Trick the Guilty and Gullible into Revealing Themselves” by Steven Levitt and Stephen Dubner, which they adapted from their most recent book Think Like a Freak. In their essay they began by comparing two diverse tactics used by King Solomon and the band Van Halen to see who might be telling the truth, or not, in a specific situation. In the oft-told tale involving King Solomon he decreed that he would split a baby and give one-half each to two women who claimed to be the mother. The true mother told him to give the baby to the other woman. King Solomon used this fact to determine which was the real mother. In the case of rock band Van Halen, they had a 53-page rider giving “point-by-point instructions” in in their touring contract. This rider had technical and security specifications for each venue the band played. It also had language in ALL CAPS that stated “M&M’s (WARNING: ABSOLUTELY NO BROWN ONES).” Initially this language was derided as simply rock and roll excess to the hilt, but band member David Lee Roth explained that if he went into the dressing room and found no brown M&Ms, it signified to him that the local promoter had read the contract. If there were brown M&Ms, the band had to perform extra reviews of the stage electrical and lighting requirements.

Why is hiring so important under the FCPA? It is because hiring is important to any company’s health and reputation. At this point, until the US Supreme Court tells us that a corporation is the same as a human being, with both obligations and rights; a company is only as strong as its employees. Like most areas of FCPA compliance good hiring practices for those employees who will do business in compliance with anti-corruption laws such as the FCPA are simply good business practice. Levitt and Dubner cite the following statistic, “By one industry estimate, it costs an average of roughly $4,000 to replace a single employee, and one survey of 2,5000 companies found that a single bad hire can cost more than $25,000 in lost productivity, lower morale and the like.” For one of the energy Services Company where I worked this estimate went as high as $400,000 to hire and fully train a new employee. I would add that those costs could go up significantly if a bad hire violates the FCPA.

Brooke Denihan Barrett, Chief Executive Officer (CEO) of the Denihan Hospitality Group, interviewed in the New York Times (NYT) Corner Office column said that by the “time somebody meets me, you can assume that the skills are there. So what I interview for is fit. And I’m always very curious to know, what is it about our company that appeals to that person?” She asks specifically about culture, requesting the candidate define it and how do you think that culture is special. She also asks candidates to talk about a failure and what lessons that they learned from the experience and how they dealt with the experience. I would suggest that both of those lines of inquiries should be used when evaluating a candidate for hire.

In a completely different arena, Houston Dash General Manager (GM) Brian Ching talked about the expectations he and his club have for the female soccer players on the squad. In addition to the obvious requirement for a professional soccer player to be technically proficient in the game of soccer, the team expects each player to have significant community involvement to help develop a fan base for the club. In the player interview process, this is thoroughly explained and each prospective player is asked if they would be willing to take on this additional role. But more than simply using this Q&A as an evaluation technique, it allows the team to communicate its expectations to each potential team member.

This is something that Human Resources (HR) and others involved in the hiring process can take to heart. They should have a serious and frank discussion with all potential hires, particularly those going into senior management or FCPA-related high-risk areas. This not only allows an evaluation along the lines that Barrett uses to determine if a hire will be a cultural fit for her company but it permits a company to directly express its expectations surrounding FCPA compliance and doing business ethically if a person is hired.

Another area that is often overlooked is the reference check. Many practitioners feel that a reference is not of value because prospective candidates will only list references that they believe will provide glowing recommendations of character. This leads to a pro forma reference check. However, in an article in Harvard Business Review (HBR), entitled “Gilt Groupe’s CEO on Building a Team of A Players”, author Kevin Ryan explodes this misconception by detailing how he views the entire hiring process and specifically checking references. I would add that it could be a valuable and useful tool for you and your compliance program.

In the hiring of personnel, Ryan details the three steps his company takes: (1) Resume review; (2) In-Person interview; and (3) Reference checks. Ryan believes that resumes are good for establishing “basic qualifications for the job, but not for much else.” He believes that the primary problem with in-person interviews is that they are skewed in favor of “persons who are well spoken [or] present well.” For Ryan, the key check is through references and he says, “References are really the only way to learn these things?”

Ryan recognizes that many people believe that reference checks are not of great value because companies cannot or will not give out much more information than confirming dates of employment. However, he also believes that “the way around it is to dig up people who will speak candidly.” He also recognizes that if you only speak to the references listed on a resume or other application, you may not receive the most robust appraisal. Ryan responds that the answer is to put in the work to check out references properly. Ryan believes this is one of the key strengths of search firms and that companies should emulate this practice when it comes to reference checks.

He notes that anyone who has worked in an industry for any significant length of time will have made many connections. Invariably some of these connections will be acquainted with you or those in your current, and former, company. Ryan gave the following example: A longtime friend who was employed at another company called and said that he had been asked by his hiring partner to find out “the real story” on a hiring candidate by asking Ryan his candid opinion of the candidate. Ryan’s response was “Don’t hire him.” Lest you think that such refreshing honesty no longer exists when informal employment references are provided, you are mistaken. In my past corporate position, I was charged with performing compliance due diligence on senior executives and I spent time doing what Ryan suggested, calling acquaintances that I knew and asking such direct questions. More than 75% of the time, I got direct responses.

Ryan believes that you must invest your company in the hiring process to get the right people for your company. The same is true in compliance. You do not want people with a propensity for engaging in corrupt acts working for, or leading, your company.

The hiring of someone who will perform business activities in compliance with anti-corruption laws such as the FCPA or UK Bribery Act will continue to be as much art as science because the hiring of quality employees for senior management positions is similarly situated. But that does not mean a company cannot work to not hire those persons who might have a propensity to engage in bribery and corruption if the situation presented itself. The hiring process is just one more tool that can be utilized to build an effective compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 14, 2014

FCPA Compliance and the Convergence of US Security, Economic and Foreign Policy Interests

Robert Gates“In a private meeting, the king [King Abdullah of Saudi Arabia] committed to a $60 billion weapons deal including the purchase of eighty-four F-15’s, the upgrade of seventy-15s already in the Saudi air force, twenty-four Apache helicopters, and seventy-two Blackhawk helicopters. His ministers and generals had pressed him hard to buy either Russian or French fighters, but I think he suspected that was because some of the money would end up in their pockets. He wanted all the Saudi money to go toward military equipment, not into Swiss bank accounts, and thus he wanted to buy from us. The king explicitly told me saw the huge purchase as an investment in a long-term strategic relationship with the United States, linking our militaries for decades to come.”

The above quote comes from Robert Gates recent book, Duty: Memoirs of a Secretary at War. I would like you to identify how many interests of the US are contained in the above quotation. I can identify at least five interests of the US: (1) US security interests; (2) US foreign policy interests; (3) US military interests; (4) US economic interests; and (5) US legal interests as reflected in compliance with the Foreign Corrupt Practices Act (FCPA).

The above quote synthesizes succinctly concepts that I have tried to articulate for some time as to the worldwide effects of the FCPA. The fight against terrorism has many different tools and I certainly recognize the FCPA as one of them. But this citation from former Secretary of Defense Gates clearly shows the convergence of several interests of the US through the effectiveness of the FCPA. If it had not been for the effective compliance programs of the US aerospace and armament industry, the Saudi Arabian ministers, who advised the King to buy something other than American, might have held sway. But because bribing such ministers would violate US law and put the US companies under potential legal liability, the King had confidence that the US companies were not bribing his ministers to get the Saudi business.

Put another way, what is the cost of paying a bribe to a foreign governmental official? It means that said official’s judgment is clouded by his own self-interest in giving the business to a company, which has bribed him for his business. As Jeff Kaplan would say, there is a clear conflict of interest by the bribe receiver because they are being paid to make a decision to award the business to a company which lines their pockets. Or, in the case of the Saudi ministers that the Saudi King referred to, their collective Swiss bank accounts.

I recognize that the FCPA is a supply side focused law. It criminalizes the conduct of the bribe-giver and not the bribe-receiver. But because of this fact it means that US companies that comply with the law can help foster the US interests that I listed above and perhaps others that I have not identified. So just as I believe that the FCPA helps in the fight against terrorism, I also believe that the FCPA helps to foster US foreign policy, US economic interests and US legal interests.

I see this most clearly in Houston, Texas, generally recognized as the epi-center of FCPA enforcement. There have been more FCPA enforcement actions against companies based in Houston than in any other single city in the world. This is largely because Houston is the self-proclaimed energy capital of the world but this profusion of FCPA enforcement has also led to companies in Houston having some of the most mature compliance programs and it has also led to quite a bit of FCPA knowledge throughout businesses in the city. Nonetheless the key is the business response to the issue and not strictly a legal response.

In the energy industry, the exploration and production companies (E&P) are usually thought of as existing at the top of the food chain (i.e. Mega-Big). Below them are the service companies, which actually do the work of exploration (i.e. Very-Big). The next level down are companies which all work with the service companies, from the multi-billion chemical production firm down to the $15MM company which has a piece of software which does something useful. All of these companies down the chain are required to have a compliance program.

In practice it works something like this. A service company needs a product or service. As part of the regular contracting process, the service company will inquire into the contractor’s compliance function and policy. If the contractor provides a service which deals with a foreign government in any way or has foreign government touch points, the service company may well come and audit the contractor’s compliance program prior to executing the contract. Thereafter the contractor is subject to being audited for not only the execution of the contract but also the continued maintenance of its compliance program. All of this is done for business reasons. It is a business response to a legal issue, that being compliance with the FCPA.

FCPA compliance can be expressed through the formulation articulated by Paul McNulty and Stephen Martin, of Baker and McKenzie, which they call the “Five Elements of an Effective Compliance Program”, which are leadership, performing a risk assessment, instituting standards and controls, then providing training and communication on those standards and controls and, finally, oversight of your compliance program. While McNulty and Martin have written and spoken extensively on these five elements to flesh them out, these basic concepts are usually quickly and easily understood. Further, and perhaps not said as often as it should be said, companies which have a robust compliance program, are usually better run companies because of the controls that are put in place.

In other areas, anti-corruption compliance programs are becoming requirements to access cash to fund your business. If your company is going through traditional corporate refinancing in the next 18 months, any bank or other financial institution that you go to will want to not only review your compliance program but may well want to review where that compliance program may be in terms of an overall assessment of the compliance risks that your company faces. If you want to sell your business, enter into a joint venture (JV) or even receive some other type of funding, your compliance program will be assessed.

While the world is not free of US companies that run afoul of the FCPA, to paraphrase Dick Cassin, there is certainly more anti-corruption compliance going on in the world. But FCPA compliance serves many interests of the US. Robert Gates’ passage above makes clear that the FCPA is doing what it was intended to do and perhaps much more. But of even greater significance is that the King of Saudi Arabia recognized the effectiveness in a business context. Policy makers need to consider how powerful the FCPA is in a variety of US interests before they argue for a change in the law.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 8, 2014

Tales from the Crypt-Rule No. 10-Rule – There is no “I(ntegrity)” in Team-Part II

Tales from the CryptEd. Note-today we conclude a two-part series from the Two Tough Cookies about some of the toughest choices a compliance practitioner may face. As important as this message is for the compliance practitioner, I hope that this series will be read by senior management as well….As Part I was concluded, the Tough Cookie had just been terminated.

Unfortunately for me, there’s no employment law preventing discrimination based on bullying, jealously or insecurity; no law against termination for simply not liking your subordinate or the subordinate’s ability to garner respect.   The hostile work environment I suffered through the entire prior year was due to her insecurity around me, and not based on any protected class. I simply got the shaft for speaking up and expressing the concerns of the team.   Her mistake? She gave me nothing left to lose.

I’ve had a few weeks to cool down since that initial rush of anger, and revenge is best when served with cold, hard logic, and irrefutable facts. Throwing caution to the wind (well, not entirely), I made the ultimate act of moral courage, and sent a letter to executive management, asking that they review the character of the person that they were entrusting the reputation of the company with. For the first time in my career, I was a whistleblower, one of the “one percenters” I used to joke about that throttled the hotline with endless unsubstantiated complaints of “he said, she said.” Now, I am totally sympathetic to the courage it takes to step up to the plate, stand apart from the crowd, and speak up in the hopes of being an earnest agent for positive change.

When asked what resolution looked like for me,   I replied that I was satisfied that the company took my complaint seriously, that this investigation was taking place. I also asked the investigator to thank the company for taking me seriously. I was asked on several occasions “You want her fired, don’t you?!?” and not once did I say yes, even though I wished for it desperately. My response was merely “I just want the company to be aware of the character and qualifications of the person in this most important role, and that appropriate actions be taken when all is said and done.” I did mention it would be nice to have a job again, but that I had little hope of returning.

What did I expect as an outcome? Nothing. What did I get as a reward for that final act of moral courage? Boatloads. First, and foremost, by taking my time, and reducing my concerns from 20 pages of emotional ranting to less than a handful of concise, fact-laden pages, I came across as legitimate. Second, my patience and due diligence paid off – by taking my time to sort through my emotions and only give a factual account of events, and seeking out someone in authority to hear my case, I ensured that my voice would be heard. The company listened. An investigation ensued. The circumstances were weighed, measured, and she was found wanting.

Being in the integrity department is a tough spot to be in – you are supposed to represent the even hand of justice, you are supposed to be the unbiased, objective observer who gathers facts and makes recommendations, when someone behaves badly towards another. No one EVER stops to think who you can call if you are the one on the receiving end of misconduct, or if you become aware of an issue and confidentiality provisions silence your voice (such as in the case of the dual duty corporate counsel and compliance pro) and hobble your effectiveness to effect positive change. If you find yourself in a dilemma such as mine, circle the wagons, but as Ronald Reagan was fond of saying, “Trust, then verify.” Always remember, Integrity and Compliance is not a team function – it is most often singular acts of moral courage taken by brave individuals that override personal risk and reward. High Integrity often demands that you be willing to risk everything for the sake of integrity, to be labeled a pariah, to be shunned, to be shown the door for voicing the unpopular decision. But many times what is said is what is needed to be said. Just don’t let the situation take you by surprise like I did, or for heaven’s sake, don’t wait an unreasonable time for something to change. When I first suffered demoralizing behavior at her hands and got no relief, I should have escalated the matter, going directly to the TOP of HR, to the TOP of legal, and outlined my concerns to insulate myself from retaliation months earlier. I did not. Instead, I chose to simply wait for the change I had been promised, reluctant to make waves, fearful of establishing a reputation as a “whiner” instead of a “winner.” While my intentions were good, the outcome for me, clearly, was not. Here, the compliance leaders were too inexperienced to understand or appreciate the adverse repercussions from both their actions and inaction.

While I still am searching for that high integrity organization that will recognize and appreciate the value I bring, the insights I can share, and the wealth of experiences that have shaped who I am today, I usually sleep well at night, knowing that I have done no wrong. I have left no casualties behind, and I have always treated people with respect, sometimes more than they deserved.   I understand my former boss is no longer in a role where she manages people, which is a good thing.    In fact, I hear she may be getting a dose of her own medicine, but I sincerely hope not – no one deserves the relentless bullying and belittling, facing each work day fearful of the outcome.  If, through each of life’s trials, we can see the lesson, then we can move forward. I know I am a better person for it, even though I still am suffering the consequences of an extended unemployment.   I daily struggle with the choice of telling the truth about why I left that company (retaliated against for reporting a violation), and opting for a more benign “reason for leaving” (departmental reorganization). The stigma of being perceived as an “undesirable” candidate if I am honest about blowing the whistle is a real concern of mine, and I have been passed over in favor of other candidates because such a short stint at my level does not come across well to potential employers. I don’t want to be caught in a lie, because recovery from that route is nearly impossible when you claim to be an “Integrity” professional. I face a real Hobson’s choice, and it is the one thing that keeps me up at night since whichever path I choose can have lasting negative implications for me both professionally, and personally. I am hopeful for the future – the eternal optimist in me, I guess. I do not relish the prospect of either having to live with a lie, or an interminable time of unemployment and the risk of losing my home and my livelihood for taking the high road – the very dear price of moral courage.

Who are the Two Tough Cookies?

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies. Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Their series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone…

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The authors, their affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Authors give their permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the authors.

 

 

April 30, 2014

Interview with Brian Ching – Ideas on Engaging Your Compliance Constituency

Brian ChingLast week I interviewed Brian Ching, the General Manager (GM) of the Houston Dash, which is our local entry into the US National Women’s Soccer League (NWSL). Ching is the recently retired star of the Houston Dynamos, our Major League Soccer (MLS) team. Ching had a star-studded career here in Houston, playing in MLS Championships, making numerous all-star teams and was on the American team in the 2006 World Cup. I had planned to record the interview and post it on my podcast, the FCPA Compliance and Ethics Report; however, due to the technical incompetency of my Recording and Sound Engineer (me) I did not hit the record button so it was not recorded.

But I did take notes, which was fortunate because the interview, which was intended to focus on the issue of leadership, went in a direction that I had not anticipated. I wanted to visit with Ching about his transition from being a player into management and his resulting leadership style. In preparation for the interview I sent him a list of questions to garner more detail on his playing career; who may have influenced him and how the former helped him to inform the leadership style that he might now be using in his position as Dash GM. But as I said, it went in a very different direction midway through the interview.

Ching was recognized as the “Face of the Franchise” and the state-of-the-art soccer stadium, BBVA Compass Stadium where the Dynamos play, is generally recognized as ‘The House that Ching Built’ for all his efforts to bring a fan base and support to Houston. But what I did not realize was that Ching was only one part of the effort that Dynamos management made to reach out to the Houston community to develop a strong and devoted fan base. The Dynamos not only sent its players out into the community to meet fans but also encouraged its players to adopt local charities and become involved to create greater community involvement and raise awareness. The Dynamos left it up to the individual player as to which charity they might want to be involved with. Some of the examples Ching cited were Dynamos’ players involvement with charities as diverse as honoring of veterans and their families, the Houston Zoo, Habitat for Humanity, the SPCA, Toys for Tots and other charitable programs.

I asked Ching if this was a program that had been brought over for the women’s team as well. He answered absolutely. I then asked him how the team could work to draft or sign players or prospects who are willing to engage in that type of community development. He said that in addition to the metrics and traditional scouting it involved having a frank discussion with any prospective signing about what would be expected of her as a Dash member. If getting out, meeting and interacting with the fans was not something that the prospective player was interested in doing that was taken into account in the evaluation process. This last point is assessed during face-to-face interviews with any prospect.

I thought these points raised by Ching were very interesting in the context of a compliance function and what might be needed for a compliance practitioner. The first is the concept of getting out to not only meet your constituency but also develop relationships with them. When the Dynamos moved to Houston there was very little tradition of professional soccer in this city. Yet there was a large segment of the population who were a natural interest group, having played the game growing up. So there was a built-in market ready to be tapped. But the Dynamos took it a step further by going into those areas and developing relationships with the fans and maintaining those relationships with outreach efforts. While many professional sports teams have ‘meet the team’ days, signing day and the like; the Dynamos have events where players, like Brian Ching, would help build houses or perform services for their charities. This garnered not only quite a bit of publicity for the team but also generated much goodwill with the team’s fan base. Finally, it gave ordinary people the opportunity to meet and get to know many of the players. Even if this did not turn an adults head, you can imagine the magic it worked on kids. They all became Dynamo fans.

For the compliance practitioner, the Dynamo and Dash’s approach to developing a loyal fan base can also be a guide to developing such a relationship with your institutional client base. Ching’s goals were and are clearly more than to simply get out of the office and meet people. It is to get involved with the community. Traveling to regions outside the corporate home office is a great idea but try and come up with ways of informally interacting with people. You do not have to build houses like Ching did but you can go to lunch or have a cup of coffee while you are in town for meetings or putting on training. The Dynamos and Dash make themselves accessible and I think that it is important for the compliance practitioner too. It can do wonders to help create a better relationship but getting out of the office is only the first step. You have to engage with those folks as well.

The second thing I culled from Ching was the selection process for players. Something that may not seem important for professional athletes is the ability to get out and engage with the community, however this was viewed as not only an important part of the job description with the team but a key job skill which was required. For the Dynamos and Dash, this meant that there had to be some direct conversations about not only the team’s expectations but also the prospects ability to engage in those activities.

Ching’s discussion about how they communicate their expectations was also an important point that the compliance practitioner should also consider in the interview process and compliance. Just as the Dynamos and Dash use the interview process to convey expectations, they also use the interview to directly inquire from candidates whether they would be willing to go out into the public and represent the franchise. This is important when interviewing for compliance positions and for senior management positions in companies as well.

I am continually amazed to find the numerous examples available to the compliance practitioner from other areas and other disciplines that can not only help inform an individual’s approach to the practice of compliance; but also tips to help companies do the business of compliance better and more efficiently. For myself, it was a learning experience to plan to interview Brian Ching on one thing and have the interview go down a completely separate path. And, of course, the key lesson learned is if you plan to record an interview, make sure that the recorder is turned on.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 14, 2014

The HP FCPA Settlement

FCPA SettlementLast week the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) jointly announced the conclusion of a Foreign Corrupt Practices Act (FCPA) enforcement action against Hewlett-Packard Company (HP). In the settlement, HP agreed to pay $108MM in fines, penalties and disgorgements for criminal and civil acts. To say that it was one of the more perplexing FCPA settlements would seem to be an understatement. While some will read the settlement documents and see conduct which did not merit such a high total amount of fines and penalties, I am not from that camp.

The tale of this sordid affair of bribery and corruption occurred over 3 continents with multiple countries involved, evidencing an entire breakdown in company internal controls and a complete lack of a culture of compliance. Yet the settlement documents make great pains to emphasize that few employees were actually involved in the nefarious conduct. How bad was the conduct? Think right up there with BizJet because we had bags of cash delivered to a Polish government official. (But unlike BizJet, the Board of Directors did not approve the bribery scheme and it was not taken across the border.) For the Russian deal, it was shopped through several countries with multiple levels of company review, which did not seem to work or care much about anything except getting the deal done. For Mexico, they just seemed to get a free pass where the contract description for the agent who paid the bribe was “influencer fee”.

Finally, as most readers might remember, HP did not self-report this misconduct to the DOJ or SEC. Apparently, the story of HP’s bribery by its German subsidiary to gain a contract in Russia was broken by the Wall Street Journal (WSJ) article in April 15, 2010. The next day, the DOJ and SEC announced they were investigating the allegations of bribery. However, HP was made aware of the allegations by its German subsidiary in December 2009, when German authorities raided HP’s offices in Munich and arrested one HP Germany executive and two former employees. Yet HP never self-reported. Not exactly the poster child for self-disclosure for any company going forward.

Of course HP’s public response at the time indicated its attitude, when a HP spokesperson was quoted in the WSJ article as saying “This is an investigation of alleged conduct that occurred almost seven years ago, largely by employees no longer with HP. We are cooperating fully with the German and Russian authorities and will continue to conduct our own internal investigation.”

More befuddlement comes from the reported facts around HP Germany. As noted by the WSJ report, one, then current, HP executive was arrested and two former employees were arrested in connection with the investigation by German authorities. There is no mention of them in any of the settlement documents. The WSJ article also reported that investigation-related documents submitted to a German court showed that German prosecutors were “looking into whether H-P executives funneled the suspected bribes through a network of shell companies and accounts in places including Britain, Austria, Switzerland, the British Virgin Islands, Belize, New Zealand, the Baltic nations of Latvia and Lithuania, and the states of Delaware and Wyoming”. While some of these countries were mentioned in the settlement documents there was no mentions of DOJ or SEC investigations into Wyoming, Belize, the British Virgin Islands or New Zealand.

What are we to make of the criminal fines levied against the Russian and Polish subsidiaries of HP? The Polish subsidiary pled guilty to a two count Criminal Information consisting of (1) violating the FCPA’s internal control provisions; (2) violating the FCPA’s books and records provisions. The US Sentencing Guidelines suggested a fine range of $19MM to $38MM, the final fine was $15,450,244.

For the Russia deal, the Russian subsidiary pled guilty to a four count Criminal Information consisting of (1) conspiracy to violate the books and records provisions of the FCPA; (2) violating the FCPA’s anti-bribery provisions; (3) violating the FCPA’s internal control provisions; (4) violating the FCPA’s books and records provisions. The US Sentencing Guidelines suggested a fine range of $87MM to $174MM, yet the final fine was $58,772,250.

Finally, in Mexico HP’s subsidiary, according the to the SEC Press Release, “paid a consultant to help the company win a public IT contract worth approximately $6 million. At least $125,000 was funneled to a government official at the state-owned petroleum company with whom the consultant had connections. Although the consultant was not an approved deal partner and had not been subjected to the due diligence required under company policy, HP Mexico sales managers used a pass-through entity to pay inflated commissions to the consultant.” This was internally referred to by HP as an “influencer fee.” Pretty clear evidence of what it was to be used for, wouldn’t you say? Yet the DOJ did not to criminally prosecute the company’s Mexican subsidiary and entered into a Non-Prosecution Agreement (NPA), HP agreed to pay forfeiture in the amount of $2,527,750.

How did HP accomplish all of this? In a Press Release HP Executive Vice President and General Counsel John Schultz said, “The misconduct described in the settlement was limited to a small number of people who are no longer employed by the company. HP fully cooperated with both the Department of Justice and the Securities and Exchange Commission in the investigation of these matters and will continue to provide customers around the world with top quality products and services without interruption.”

As reported by the FCPA Professor, in his blog post entitled “HP And Related Entities Resolve $108 Million FCPA Enforcement Action”, the HP Russian subsidiary Plea Agreement gave the following factors for the reduction in the fine from the Sentencing Guideline range:

“(a) monetary assessments that HP has agreed to pay to the SEC and is expected to pay to law enforcement authorities in Germany relating to the same conduct at issue …; (b) HP Russia’s and HP’s cooperation has been, on the whole, extraordinary, including conducting an extensive internal investigation, voluntarily making U.S. and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the Department; (c) HP Russia and HP have engaged in extensive remediation, including by taking appropriate disciplinary action against culpable employees of HP and enhancing their internal accounting, reporting, and compliance functions; (d) HP has committed to continue enhancing its compliance program and internal accounting controls … (e) the misconduct identified … was largely undertaken by employees associated with HP Russia, which employed a small fraction of HP global workforce during the relevant period; (f) neither HP nor HP Russia has previously been subject of any criminal enforcement action by the Department or law enforcement authority in Russia or elsewhere; (g) HP Russia and HP have agreed to continue to cooperate with the Department and other U.S. and foreign law enforcement authorities, if requested by the Department …”

In the same blog post, the Professor reported the following reasons were stated for reduction in the final fine by HP’s Polish subsidiary’s:

“(a) HP Poland’s cooperation with the Department’s investigation; (b) HP Poland’s ultimate parent corporation, HP, has committed to maintain and continue enhancing its compliance program and internal accounting controls …; and (c) HP Poland and HP have agreed to continue with the Department and other U.S. and foreign law enforcement authorities in any ongoing investigation …”

We have witnessed companies, which have engaged in ‘extraordinary cooperation’ with the DOJ during the pendency of their FCPA investigations. BizJet is certainly one that comes to mind. Further, there are clear examples of companies, which extensively remediated during the pendancies of their FCPA investigations, from which they clearly benefited. Two prime examples are Parker Drilling, which not only received a financial penalty below the suggested range but also was not required to have a corporate monitor, while they had C-Suite involvement in its bribery scheme. Weatherford seeming came back from the brink during mid-investigation when they hired Billy Jacobson and turned around not only their attitude towards cooperation with the DOJ but also their efforts toward remediation.

Both of these companies are headquartered in Houston and both have been quite active on the conference circuit talking about their compliance programs so most compliance practitioners are aware that these companies are on the forefront of best practices. Perhaps HP is on some circuit doing that, somewhere. If so, kudos to them. If their remediation work led to a best practices compliance program for the company and their extraordinary cooperation led to the astonishing reduction in penalties to their entities, I certainly tip my cap to them. If their lawyers were great negotiators and made great presentations to the DOJ and SEC, all of which led to or contributed to the final results, a tip of the cap to them as well.

So what is the lesson to be learned for the compliance practitioner? Other than befuddlement, I am not sure. Congratulating HP and its counsel is not a lesson it is an action. If HP now has a best practices compliance program, I hope they will provide the compliance community with the lessons that they learned and incorporated into their compliance program, which allowed them to obtain the fines below the minimum suggested range. If they have incorporated some enhanced compliance components into their program I hope they will share those enhancements too.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

« Previous PageNext Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,532 other followers