FCPA | FCPA Compliance and Ethics Blog

May 22, 2013

What Are The Essential Elements of a Corporate Compliance Program?

Filed under: Adequate Procedures,Best Practices,Bribery Act,compliance programs,Department of Justice,Ethical Leadership,FCPA,FCPA Guidance,Paul McNulty,Stephen Martin — tfoxlaw @ 5:56 am
Tags: best practices, Bribery Act, compliance programs, Department of Justice, DOJ, ethical leadership, FCPA, Foreign Corrupt Practices Act

Can you synthesize and reconcile the world’s leading laws, regulations and commentaries on the best practices an anti-bribery and anti-corruption compliance program. I recently saw one such approach by Paul McNulty and Stephen Martin of the law firm, Baker and McKenzie. They have developed what they term the five essential elements of a corporate compliance program. These five elements are based upon the best practices as set out in the seven elements of a corporate compliance program under the US Sentencing Guidelines; the 13 Good Practices by the OECD on Internal Controls, Ethics, and Compliance; the FCPA Guidance’s Ten Hallmarks of Effective Compliance Program and the UK Bribery Act’s Six Principles of an Adequate Procedures compliance program. The five elements are:

Leadership
Risk Assessment
Standards and Controls
Training and Communication
Oversight

I. Leadership

The point means more than simply “Tone-at-the-top”; a successful compliance program must be built on a solid foundation of ethics that are fully and openly endorsed by senior management. There should be an unambiguous, visible and active commitment to compliance. But even more than support or the right tone, compliance standards require that companies must have high-ranking compliance officers with the authority and resources to manage the program on a day-to-day basis. And compliance officers must have the ear of those ultimately responsible for corporate conduct, including the board of directors.

Some of the questions you might think about in connection with the leadership of your compliance program are the following: How is board oversight implemented? Is there an ethics or audit committee reporting to the full board? What is the role of the Chief Compliance Officer? What is the role of the General Counsel? How do the legal and compliance departments interact? Does the CCO have “real power”? Is she or he treated as a second-class citizen?

Equally the Board of Directors has a key role to fulfill. The Board must ensure compliance policies, systems and procedures are in place and it should monitor implementation and effectiveness of the compliance program:

Be actively involved
Attend Board meetings
Review, consider and evaluate information provided
Inquire further when presented with questionable circumstances or potential issues
Once Board knows of a potential compliance issue it must act.
Regularly receive compliance briefings and training.

II. Risk Assessment

The implementation of an effective compliance program is more than simply following a set of accounting rules or providing effective training. Compliance issues can touch many areas of your business and you need to know not only what your highest risks are but where to marshal your efforts in moving forward. A risk assessment is designed to provide a big picture of your overall compliance obligations and then identify areas of high risk so that you can prioritize your resources to tackle these high risk areas first.

What are some of the areas where you need to assess your risks?

Country Risk - What is the correlation between growth markets and corruption risk and what is the perceived level of corruption? In other words, the Transparency International Corruption Perceptions Index or similar list.
Sector Risk - Has government publicly stated industry is under scrutiny or already conducted investigations in sector? Are there corruption risks particular to the industry?
Business Opportunity Risk - Is the business opportunity a high value project for your company? Are there multiple contractors or intermediaries involved in the bidding or contract execution phase?
Business Partnership Risk - Does this business opportunity require a foreign government relationship? Does a foreign government require you to rely upon any third parties?
Transaction Risk - Will your company be required to make any “compelled giving” through any requirements for political or charitable contributions? Are you required to use any intermediaries to obtain licenses and permits?

In addition to an initial risk assessment to either (1) inform your compliance program or (2) help you to identify high risks and prioritize their remediation, risk assessments should be a regular, systemic part of compliance efforts rather than an occasional, ad hoc exercise cobbled together when convenient or after a crisis. They should be conducted at the same time every year and performed by a consistent group, such as your internal audit department or enterprise risk management team. Such annual risk assessments act as a strong preventive measure if they are performed before something goes wrong as it avoids a “wait and see” approach.

III. Standards and Controls

Generally, every company has three levels of standards and controls. (1) Code of Conduct. Every company should have a Code of Conduct which should express its ethical principles. However, a Code of Conduct is not enough. (2) Standards and Policies. Every company should have standards and policies in place that build upon the foundation of the Code of Conduct and articulate Code-based policies, which should cover such issues as bribery, corruption and accounting practices. (3) Procedures. Every Company should then ensure that enabling procedures are implemented to confirm those policies are implemented, followed and enforced.

FCPA compliance best practices now require companies to have additional standards and controls, including, for example, detailed due diligence protocols for screening third-party business partners for criminal backgrounds, financial stability and improper associations with government agencies. Ultimately, the purpose of establishing effective standards and controls is to demonstrate that your compliance program is more than just words on a piece of paper.

IV. Training

Another pillar of a strong compliance program is properly training company officers, employees and third parties on relevant laws, regulations, corporate policies and prohibited conduct. Simply conducting training usually is not enough. Enforcement officials want to be certain the messages in the training actually get through to employees. The Department of Justice’s (DOJ) expectations of effectiveness are measured by who a company trains, how the training is conducted and how often training occurs.

There are several key elements to training. First is that you need to train the right people. You must prioritize which audience to educate by starting your training program in higher risk markets and focus on directors, officers and sales employees who may have direct contact with government officials or deal with state-owned entities. Again, focus initially on training country managers in your company’s high-risk markets, then expand geographically and through the ranks of employees.

Second, in high risk markets and for high risk employees or third parties you should conduct live, annual training. Enforcement officials have made it clear that live, in-person training is the preferred method in high-risk markets and also that it should be regular and frequent. Another benefit of live training is the immediate feedback from employees that would be much less likely to occur during a webinar or other remote training. Lastly, during live training, employees are more likely to make casual mention of a potentially risky practice, giving you the opportunity to address it before it becomes a larger problem.

It is important that you pay attention to what employees say during training. This is because training can alert you to potential problems based on the type of questions employees ask and their level of receptiveness to certain concepts. For example, during training employees might ask specific questions about important compliance considerations such as their interactions with government officials or gift-giving practices. Such questions can raise red flags and uncover issues that should be reviewed and addressed quickly.

V. Oversight – including monitoring, auditing and responses

The issue your company should focus on here is whether employees are staying with the compliance program. Even after all the important ethical messages from management have been communicated to the appropriate audiences and key standards and controls are in place, there should still be a question of whether the company’s employees are adhering to the compliance program. These ongoing efforts demonstrate your company is serious about compliance.

Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. However, you should not assume that because your company conducts audits that it is effectively monitoring. A robust program should include separate functions for auditing and monitoring. While unique in protocol, however, the two functions are related and can operate in tandem.

Finally, what are your remediation efforts? Your company should remediate problems quickly. A key concept behind the oversight element of compliance is that if a company is policing itself on compliance-related issues, the government will not have to do it for them. Remediation, then, is an important component of oversight. It is not enough to just gather information and identify compliance problems through monitoring and auditing. To fulfill this essential element of compliance, you also have to respond and fix the problems.

I have found that the Baker ‘Five Essentials’ approach is an excellent way to think through your obligations under a wide variety of anti-corruption and anti-bribery requirements. It allows you to put in place a program which should meet virtually any legal requirements you may come up against by doing business anywhere in the world. Lastly, the five-step approach is an excellent way for you to benchmark your current compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Leave a Comment

May 20, 2013

An Inspired Choice – Ethical Leadership Under Difficult Circumstances

Filed under: Best Practices,Bribery Act,compliance programs,Compliance Week,Culture,Ethical Leadership,Ethics,FCPA,Top Level Commitment — tfoxlaw @ 7:44 pm
Tags: compliance, Compliance Week 2013, CW2013, ethical leaders, ethical leadership, FCPA

I am attending Compliance Week 2013 through Wednesday. As usual Matt Kelly and the Compliance Week team have put together a first rate program for the event. There have been, and will be over the next couple of days, some very informative panels, speakers, roundtables and conversations. The conference began today with a talk by Retired Major General Lewis MacKenzie, the former head of the United Nations peacekeeping forces. Although General MacKenzie’s choice as the initial keynote speaker of the conference might not seem self-obvious, I found Matt Kelly’s invitation to the General to speak and his position as the first speaker on the first day of the conference, were both inspired decisions.

The theme of his talk was how to maintain ethical leadership under difficult circumstances. Matt Kelly posed the question to the General of “how do you speak the truth to power?” The General began his remarks by giving his definition of leadership, which as he said was “getting people to do what they don’t want to do and having them enjoy it while they are doing it.” Based on that definition and his remarks below, I came to see why Matt wanted the General to speak to a gathering of compliance professionals on ethical leadership under difficult circumstances.

The General said that it all starts with a leader being him or herself, after they take the reins of leadership. He believes that people usually rise to a high level in an organization because of technical competence, coupled with the relationships they developed along the way. He believes that a leader must strive to maintain those relationships because that is the key to information flow both upwards to the top and down through the organization. A leader must take all pains not to become isolated.

The General believes that relationships work in several critical areas. The first is that a leader can utilize the talents of his subordinates to not only understand but to overcome obstacles. But equally important is that by having a relationship with someone, it may provide an avenue to resolve a matter before it blows up into a full financial reporting issue or even criminal issue. He said that he would try to find out the one thing that his troops were passionate about and he could use that information “as a window into what they think about the organization.”

He designated his next point with the acronym, LWWA, or ‘leading while walking around’. He said that to get people to do things, a leader must get out of the office and talk to people. But he cautioned that it is more than simply talking to people, as he believes a critical skill of a leader is to listen as well. To this skill, he said that rather than hear someone and think about what your response might be, you should actually listen to what they have to say. He found that by listening good ideas could come up to him and then he could implement them and get the credit.

The General talked about courage. By this he did not mean the courage to lead a charge up a hill, but rather, he meant the courage to say no and to hear someone who says no to you. He believes it is the job of a leader to set the tone for an organization. A leader must teach his subordinates to have the courage to disagree with him or as he said “disagree without being disagreeable”. If one of the first things you do in a leadership position is belittle or defame publicly someone who disagrees with you, no one will do so in the future. For a leader to succeed, the General believes that a speak up culture must exist. To do so, a leader must make it acceptable and safe for subordinates to say no.

It is the job of a leader to accept responsibility. In an interesting exercise, the General asked the entire audience of over 500 conference participants to raise their hand if they had ever been criticized for being ‘too responsible’. He then asked anyone in the audience to raise their hand if they had criticized someone else for being ‘too responsible’. No one person raised their hand in response to either query. It is clear that the General believes a leader must take responsibility. Further, there is no ‘but’ which follows the line “I am responsible”. In other words, no ifs, ands, or buts are allowed when it comes to a leader taking responsibility.

The General said that one of the best ways he found to motivate people was to give them a job which had difficult but not impossible objectives to success. This has two benefits. The first was that most people would be motivated to try and achieve the difficult objective. However the second was more long term. By achieving the results, the person or team had something to brag about and it gave them greater confidence going forward. This is particularly true if there is a metric which can be used to demonstrate the overcoming of the obstacle. However, a leader must not set a high or unreasonable objective that it can only be achieved by “breaking the back of the organization.”

The General took some questions from the audience. One that I found applicable to the compliance arena was about resources. Specifically he was asked how to carry out missions with limited resources. He tied his answer back into his thoughts on relationship. He said that people want to contribute their ideas. If you give them a means to do so, in a speak up culture, they can be your best resource. An army has often times to do more with less and must do so on the fly. But this same concept translates to civilian employees who want their company to succeed and can stand ready with ideas to assist you moving forward toward your objective.

If you are a Chief Compliance Officer (CCO) or in a senior leadership position, you should think about the General’s remarks in the context of what you and how you do it, within your organization. Do you have relationships with other key members of senior management so that you can go to them, not only when things are going well, but more importantly when they are not going well or a crisis has arisen? Do you have a speak up culture at your company? If not why not, as that certainly is a part of any best practices compliance program under the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act.

Lastly, think about the General’s remarks on resources. One never has all the resources you need or even think that you want. But use the talent that is available to you. There are other professionals in your company who do not work in the compliance department but are equally dedicated to doing business ethically and in compliance. Human Resources and Internal Audit are but two prime examples. Seek them out and ask their assistance. I think you may be well surprised at the solutions they can provide or suggest to you.

As I said, by the end of General MacKenzie’s talk, I had come to believe that Matt Kelly made an inspired decision not only to invite him to speak to the conference but to be the first speaker out of the box. It has set a great tone for the event.

© Thomas R. Fox, 2013

Leave a Comment

May 19, 2013

The Drugstore Cowboy and Compliance

Filed under: Anti-Money Laundering,Audit,Best Practices,compliance programs,FCPA,Monitors,Training — tfoxlaw @ 6:28 pm
Tags: auditing, compliance, Internal Controls, monitoring, training, Wired Magazine

One does not have to look very far in the business world to come across the phrase “Know Your Customer.” A company certainly needs to know if an entity that it may sell products or provide services to will pay for those items. Running a Dun & Bradstreet credit check is routinely performed to ascertain if a counter-party is a good credit risk. But how much more should a company do in regards to its customers? Clearly banks, other financial institutions and even casinos need to assess a customer from the perspective of anti-money laundering (AML). Is there a reason grounded in the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act that would suggest that customers should go through background scrutiny from the anti-bribery/anti-corruption compliance perspective?

I thought about internal controls regarding due diligence requirements on customers, effective compliance programs and third party validation of credentials when reading an article in June issue of Wired Magazine, entitled “Drugstore Cowboy”, by Jake Pearson. I found this article to be a very cautionary tale for those companies which need to consider just whom they are doing business with or for. The story involved an undercover sting operation by the US government against Google. The operation involved a convicted felon, one David Whitaker, who convinced law enforcement authorities that Google had assisted him, in violation of its own internal protocols and US laws, to sell illegal “black market steroids and human growth hormones” online. Whitaker told federal officials that “Google employees had actively helped him advertise his business, even though he made no attempt to hide its illegal nature.” Based upon his experience, Whitaker believed that Google must be “helping other rogue Internet pharmacies too.”

On paper, it appeared from the article that Google has a systems designed to ferret out sites which used words or had other indicia that they were selling illegal drugs. There was an initial screening by a Google sales representative. There was an automated program which searched for key words that might indicate illegal drugs were being sold. There was a review of the website itself to see of other factors were present which might show that illegal products were being sold. Finally, Google used a third party verification service, to attest that any site selling pharmaceutical products was properly licensed.

Based upon his experiences, the government set Whitaker up with an alias, fake company, bank account and phone lines and then monitored and watched him to see if his claims were true. He was told to see if Google would actively assist him to sell advertising for a non-existent company called “SportsDrugs.net, a website that sold HGH and steroids from Mexico, with no doctor’s prescription.” The plan that Whitaker used was straightforward.

Establish a fake identity. Whitaker made cold calls to representatives of Google to get set up as an account in the company’s system.
Submit the site. The feds designed the sting operation so that it would be obvious the false company was selling illegal drugs. So it offered HGH and steroids, had pictures of the drugs and even had a ‘Buy Now’ button to make clear that no doctor’s prescription was required. The Google sales representative passed the fake sales site along for “policy review, an automated process that Google uses to vet all advertisers.”
Scrub the site. After the fake sales company was initially rejected by the policy review process, a Google representative agreed to help “tweak it” so that it would pass through the Google approval process. The Google sales representative advised Whitaker to rename the site, remove the pictures of the illegal drugs and delete the ‘Buy Now’ button from the site.
Rework the site. After the suggested changes were made by Whitaker, his fake site was approved by Google. Thereafter the items which had been removed from the website, including both the photos of illegal drugs and ‘Buy Now’ button were added back into the site, all with the assistance of the Google sale representative.
Raise the stakes. In this phase, the undercover sting operation widened. After their initial success with SportsDrugs.net; the feds created other fake websites for Whitaker, all of which purported to sell illegal drugs. The other sites included one selling “RU-486, better known as the abortion pill, which is normally taken under close supervision of a doctor.” Another site sold the psychotropic drugs Xanax and Valium, both without any need of a doctor’s prescription. In a final example the feds created a ‘Trojan Horse’ site; in which a pharmacy site that held a valid license also had sales for “three clearly disreputable online pharmacies.”

The chilling thing I found in this article was it reported that in each one of the false scenarios, Whitaker was reported to have explained to the Google representative the true nature and purpose of the site. All of the information that Whitaker conveyed made clear that these sites were designed to sell drugs which are illegal in the US, without a doctor’s prescription. In just over the span of three months, the undercover operation spent over $200,000 with Google.

Google ended up settling with the US government for a fine of $500 million. Although Pearson did not quote the US Assistant District Attorney, who headed the investigation and enforcement action, Peter Neronha, was quoted as telling the Wall Street Journal (WSJ) the “culpability went far higher than the sales reps that Whitaker worked with. Indeed, he said, some of the company’s most powerful executives were aware that illegal pharmacies were advertising on the site.” Google itself would not comment for the Pearson article.

From the account in the Pearson piece it would appear that Google had a system in place to check and make sure that it was not advertising sites which sold illegal drugs but that system, both human and automated, was worked around. For the anti-corruption compliance practitioner, I think that there are several key lessons which can be learned from this tale.

Train, Train, Train. If you sell services, which can be used to facilitate illegal conduct, you need to train your sales force to watch out for signs of that illegal activity. The initial Google sales representative who was contacted by Whitaker should have been the first line of prevention to stop the issue before it came up for the company.

Monitor, Monitor, Monitor. There should be several types of monitoring. If a business name comes through your system and it is rejected, there should be a monitoring mechanism in place to note if it reappears later or is approved through some other means, as was done in this situation. Similarly, if the name of a business owner comes up in connection with another company, there needs to a mechanism in place to perform a cross check. The sales representatives should also be monitored to determine if they are manipulating the system.

Incentives, Incentives, Incentives. While not discussed in the Pearson article, what do you want to bet that the Google sales representatives were compensated, at least in part, with a commission based upon the number of GoogleAds that they sold? If your compensation structure or other incentive structure rewards people who use shortcuts, then there will always be employees who take them.

Audit, Audit, Audit. Remember the part of the story about how the Google sales representative would advise Whitaker how to scrub his website of key words, search terms and other information which would indicate that it was selling illegal pharmaceuticals only to reinsert those on the site after the scrubbed site had been approved? You need to audit to determine if any illegal conduct has begun after the contract is signed. And if you do not have audit rights, you have a very slim chance of actually performing an audit.

© Thomas R. Fox, 2013

Leave a Comment

May 16, 2013

Four Keys to Compliance Leadership

Filed under: Adam Bryant,Best Practices,compliance programs,Culture,Ethical Leadership,Ethics,New York Times,Policies and Procedures,Tone at the Top,Training — tfoxlaw @ 1:01 am
Tags: best practices, compliance programs, ethical leadership, ethics, ethics and compliance, Hiring, New York Times, promotion, training

One of the most divisive moments in American history occurred on this date in 1868. On this day the US Senate voted against impeaching President Andrew Johnson thereby acquitting him of having committed “high crimes and misdemeanors” as required under the US Constitution. After all the arguments had been presented for and against him, Johnson waited for his fate, which hung on one swing vote, as there is a Constitutional requirement that requires a vote of 2/3rds of the Senate for impeachment. The vote was one short, at 35-19. Johnson was acquitted and finished out his term. If Johnson had been impeached, it surely would have led to a very different political development in the US, where not liking the sitting President could have become a constitutional basis for impeachment.

The Radical Republicans who ran the Congress immediately after the conclusion of the Civil War certainly did not think much of President Johnson’s leadership style. So what about you as a compliance officer? Certainly part of your leadership is implementing and enhancing policies and procedures? In many ways it is the human element, which President Johnson sorely lacked, that you may well need to devote most of your time focusing on. I recently read an excellent article it the Corner Office section of the New York Times (NYT), entitled “We’re Family Yes, but We’re Still Accountable”, in which Adam Bryant reported on his interview with Brooke Denihan Barrett, the co-Chief Executive Officer (co-CEO) of the Denihan Hospitality Group (Denihan), a 50-year old family business which focuses on the hospitality business.

Training

One of the things that Barrett has learned is how to train people. She explained that “I thought the way you got things done was by telling people what to do. That’s where I learned what not to do. I spent a good portion of my time telling people what they did wrong instead of really encouraging them about what they did right.” She came to realize that was perhaps not the best way to manage people and “learned to cut people some slack.” She said that she found “that you get a lot more with the carrot routine than the stick routine. I also realized that you really needed to explain the “why” of things. You need to give people a little bit of space to come around, and say, “Yeah, that makes sense,” before you really engage them in what needed to be done.”

I found that her final point may be critical for compliance training. By explaining the why of compliance, employees can better understand what the company is trying to accomplish. So if your goal is to do business in an ethical manner, then explain this and how the company’s compliance program will help to accomplish this goal through its policies and procedures.

Accountability

One of the things that Barrett emphasized was the erroneous perception that because her company was a family business there was no accountability. She made clear that “You have to set certain standards that you want people to live up to. And if people need help, then we want to help them along the way.” However, accountability is a two-way street. Just as the employee must be held accountable, so must the company in terms of providing support to allow employees who want to do the right thing and to do their job well. Barrett said, “Sometimes organizations can fall down if they don’t also ask: How do you give people the tools they need to be successful? How do you get that person to understand what change needs to happen, and how do you help them along the way? Because people can’t always figure it out on their own, and nor should you expect them to.”

Listening

Many of the CEOs that Bryant interviews for his Corner Office section speak about the need for listening skills. Barrett was no exception. But as CEO she found that employees were sometimes reluctant to speak openly and candidly with her. So she began to meet with employees in small groups of 10 to 12 people. At Denihan they call them ‘Roundtables’. Barrett said that she will say to them ““Tell me something I don’t know.” And I’ll get comments like: “Oh, but you know everything. You’re the C.E.O.” It’s just a reminder of the perceptions that people have of the head of the company. But every time I ask that question, I learn something new.” Imagine as a compliance officer if you were to ask that question in a roundtable, what do you think you might hear back from your company’s employees?

Barrett also spoke about how to have a ‘difficult conversation’. She said that if there is a mistake made she views it as an opportunity for learning and professional growth. At Denihan, they call them ‘lessons learned conversations’ and they may occur with a group where a problem has arisen. Barrett related, “we might bring people together in a room who were involved in a project and ask: What were the things that worked? What were the things that didn’t? What could we have done differently? And we’ve had some very spirited and cathartic conversations. You have to be able to let people put something on the table without actually pointing the finger. It allows things to come out in more of a non-accusatory manner.”

Hiring and Promotion

These are two key areas in compliance that are finally beginning to receive the attention that they deserve. Barrett’s thoughts on how she views these in the context of her interviewing are instructive. She acknowledged that by the “time somebody meets me, you can assume that the skills are there. So what I interview for is fit. And I’m always very curious to know, what is it about our company that appeals to that person?” She asks specifically about culture, requesting the candidate define it and how do you think that culture is special. She also asks candidates to talk about a failure and what lessons that they learned from the experience and how they dealt with the experience. I would suggest that both of those lines of inquiries should be used when evaluating a candidate for hire or promotion.

Barrett’s interview provided some interesting insights on leadership. Moreover, her experience in professional growth has shown there are different styles and techniques that you can successfully use in your company’s compliance program. Train people on the reasons why your company is doing compliance so that they will understand how to do it. Make them accountable but also provide them with the compliance tools and support to do business the right way. If there is a problem or issue, use it as a lesson learned so that employees can profit from the experience. Lastly, make a discussion of culture a cornerstone in your hiring interview or promotion interview process.

© Thomas R. Fox, 2013

Leave a Comment

May 15, 2013

Scam Artists from Texas and Compliance Risk Management

Filed under: compliance programs,Department of Justice,Ethical Leadership,Ethics,FCPA,FCPA Guidance,Risk Assessment,Risk Management — tfoxlaw @ 1:01 am
Tags: compliance, compliance programs, Risk Management

Billie Sol Estes died yesterday and when it comes to scam artists from the great state of Texas, before there was Allen Stanford and his magical Certificates of Deposits located in his private bank in Antigua, there was Billie Sol Estes. Before Sir Allen came along, Billie Sol had a 50 year run as the King of Texas Swindlers. He was most well-known for his scam involving phony financial statements and non-existent fertilizer tanks to loot a federal crop subsidy program. He went to jail for mail fraud over this scheme, although his conviction was later over-turned. But his lasting legacy may be the following quote by former Associated Press (AP) correspondent Mike Cochran, who recalled writing how Estes made millions of dollars in phone fertilizer tanks scam and noted “how many city slickers from New York or Chicago can make a fortune selling phantom cow manure?”

Billie Sol’s risk tolerance was quite high and his implementation of a risk management plan may have seemed, well, rather 1950ish. Hopefully your company is a tad more mature in this process. But after you have identified a compliance risk, what should the next steps be for a company’s Chief Compliance Officer (CCO)? This question was explored in an article by C. J. Rathbun, in the May/June issue of Compliance and Ethics Professional Magazine, in an article entitled “You’ve identified a corporate risk—what next?”. Rathbun believes that any consideration of such an identified risk will be in the context of three key questions:

The severity of the risk weighed against the company’s appetite for risk.
How the company has performed in the past on managing similar risks and if so, what the impact might be on the company if the risk actually occurred.
The probability or likelihood of the risk event occurring.

I. The Compliance Report

Rathbun explained that a CCO needs to consider several questions when shaping the report which will go to the management group or Chief Executive Officer (CEO) to make any decision on whether a new risk should be accepted. These questions include:

Who is the audience for the report? Will it be the CEO, Board of Directors or some other senior management group or council? Further, what is the level of trust between the CCO and those constituent groups? Has the CCO been elevated to a C-Suite level position within the company? Could the audience be a regulatory body or perhaps even a Judge?
What is your company’s organizational structure? In this question you need to consider how decisions of this dimension are usually made in your company.
What reputational risk for the company should be anticipated? This is the Wall Street Journal (or New York Times) questions. How would your CEO feel if he woke up to read about your company and its decision being on the front page of the Wall Street Journal?
What should be incorporated into the report? Should other business concerns be incorporated into the report, such as financial or other legal issues?
How should the report be presented? In what format or with what technology should the report be presented? Will the group or person tasked with making the decision accept a written report or will it simply be a high-level PowerPoint presented to a Board of Directors?

II. Weighing the Options

Once the report is considered and the options weighed, what are some of the possible outcomes that a company may utilize? Rathbun breaks the options down to four. The first is risk avoidance, where a company decides that the risk is simply too great. The second option is risk management, where the company implements procedures to manage the risk and then monitors the risk closely. The third is risk shifting where some portion of the risk is transferred through insurance or other mechanism. Fourth, and finally, is that the company can simply accept the risk, so risk acceptance.

III. Implementation

Rathbun believes that the risk management choice is the one which may well take the most work, particularly for a CCO. You may be required to create new policies and procedures to assist in the risk management process. Any new policies and procedures will need to be implemented with attendant training for the affected employees. There will need to be follow-up monitoring to ensure engagement and accountability.

IV. Confirming Changes in Behavior

Rathbun articulates that are two mechanisms by which a “checkback” can be performed on policies, procedures, actions and employee accountability. These two mechanisms are monitoring and auditing. Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. However, more aggressive approaches may be required such as the addition of follow-up assessments to confirm effective management of the new risk.

Rathbun cautions that the use of more standard tools to “checkback” should also be utilized. These include compliance by third parties, testing or otherwise gauging employee knowledge regarding the risk management program and even hotline complaints. Rathbun also suggests that relatively new tools such as transaction monitoring, relationship monitoring and real-time party monitoring of third parties should be considered.

V. End Goal

Rathbun believes that the end goal should be “to allow the company to identify a growing concern before it becomes an issue—before consumers are harmed or regulators become concerned.” While a well-structured program does require vigilance it also allows the opportunity for continuous improvement for your company. Rathbun concludes by stating that your goal should be to “help ensure that you and your company ‘will get the first crack’ at addressing a problem, if one occurs.”

I found the Rathbun article to provide a good method for the compliance practitioner to think through, then design and implement a risk management plan, within the context of your overall compliance program. Although she never states it, a key component that she outlined is the Document, Document, Document component of any compliance program. The Department of Justice and Securities and Exchange Commission said in their FCPA Guidance “In the end, if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately.” I believe that you can achieve such a carefully designed and earnestly implemented risk management program by using Rathbun’s suggestions.

Finally, if a long, tall Texan comes to you wanting to borrow money against some fertilizer tanker; do not just turn and walk, run in the other direction.

© Thomas R. Fox, 2013

Leave a Comment

May 14, 2013

What is Your Compliance Strategy?

Filed under: Best Practices,compliance programs,Department of Justice,FCPA,FCPA Guidance — tfoxlaw @ 1:01 am
Tags: best practices, compliance programs, DOJ, ethics and compliance, FCPA, HBR

Do you have a strategy? The Houston Astros claim to have a strategy that involves being the worst team in baseball for up to the next five years and then magically they will become a winner. I suppose that having the worst record in baseball demonstrates that they are on the right path. Another three game series, another three game sweep by the visiting team, thus ending three games of some of the most pathetic baseball I have ever seen. However, even the ever-optimistic Astros manager, Bo Porter, admitted in an interview to the Houston Chronicle last week that “He has no idea if the Astros’ rebuilding plan will work.”

Now suppose you are in management, though not in the Houston Astros where you are implementing a strategy to set the all-time season record for losses, but a successful compliance program. How can you go about it? While most companies have compliance programs, they do not have a compliance strategy. To endure, a compliance strategy must address the interests of all stakeholders: investors, employees, customers, governments, NGOs, and society at large. A compliance strategy should increase shareholder value while at the same time improve the firm’s performance on environmental, social, and governance (ESG) dimensions. These concepts were recently explored in an article on sustainability in the May issue of the Harvard Business Review (HBR), article entitled “The Performance Frontier”. I found the concepts that the authors Robert G. Eccles and George Serafeim put forth, translate into the compliance arena as well.

The basic posit is that corporate investments in compliance do not necessarily require trade-offs in financial performance. Instead, if a company will focus on the issues that are the most relevant to both risk and shareholder value, a company should be able to boost both financial value and compliance performance. The authors believe that to do so, companies should focus on four areas.

1. Identify Material Compliance Issues

While the overall list of compliance issues may be long and broad, the key is to determine the material issues to your company. In the context of sustainability, the authors suggest you can use a “Which Issues Matter Most” data map. They also phrased it in another manner by stating, “Evidence of economic impact is determined by evaluating both anecdotal reports and quantitative studies to gauge whether management (or mismanagement) of the issue will affect traditional corporate valuation parameters: revenue growth, return on capital, risk management, and management quality.” In the compliance arena, this would correspond to a risk assessment.

2. Quantify the Relationship Between Financial and Compliance Performance

After you understand your company’s material compliance issues, assess the impact that improvements in each would have on financial performance. Compliance performance has many dimensions and depending on the company’s compliance strategy and the issue being considered, the most important dimension could be cost reduction, revenue growth, or gross margin defense. In the sustainability area, the authors state that a “host of factors complicate evaluations of the relationship between ESG and financial performance. Not the least of them are limitations on the ability to precisely measure ESG performance—a challenge that SASB and others are working to address.” However, even with this difficulty, I believe that a company can make an informed estimate of the slope of the performance-frontier curve for any pair of compliance and financial variables by determining whether each incremental improvement in compliance performance causes a corresponding positive or negative change in financial results – or has no impact.

3. Innovate Products, Processes and Business Models

As with any strategy, it should be informed by your analysis. Once you determine the compliance issues to focus on, you should benchmark your industry peers on these issues. If your company’s performance falls short of industry benchmarks in a particular risk parameter, getting it up above par is the first priority. Within the sustainability context, the authors state that “At the very least it will mitigate your risks, since stakeholders tend to focus on industry laggards in campaigns aimed at increasing corporate ESG performance. Many improvements, such as reducing manufacturing waste, involve minor or moderate innovations that can enhance efficiency and, therefore, financial performance. Those sorts of innovations are increasingly necessary (but not sufficient) to ensure competitiveness.”

In the compliance arena, there are many resources available to you for benchmarking. The first place to start is the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) Guidance released last November. The “Hallmarks of Effective Compliance Programs” set forth in the Guidance is an excellent compilation of where we are and what you need in place to go forward. I recommend this as a good a starting point to evaluate the state of an ongoing compliance regime so assess your company’s risks and use these hallmarks as a basis to move forward.

4. Communicate the Company’s Innovations to Stakeholders

This may be one area of a typical compliance strategy that a company does not normally take into account. A company’s compliance function cannot assume that shareholders and other stakeholders will understand how its innovations have improved both compliance and financial performance – and how the two interrelate – unless such information is communicated effectively. As the authors state in the framework of sustainability “This is more than a matter of public relations; major innovations often require substantial investments whose benefits will not be seen for years to come. If a company expects shareholders to commit for the long term in order to receive those benefits, it needs to provide them with information that justifies their investments.” The authors call this “integrated reporting” and I believe that this is also true in the area of compliance.

As a communications tool, integrated reporting involves more than posting a PDF version of the Code of Conduct on a company’s website. As with almost all reporting, the most effective reporting is as much about listening as talking, and it serves as a key platform for stakeholder engagement. The authors believe that integrated reporting is a “way to establish a conversation that considers a company’s performance in a holistic way, identifies the tough trade-offs, and builds a case for innovation and the benefits it can generate. This engagement is also central to eliciting feedback on how well the company is meeting expectations, the quality of its communications, and what it can do to improve them.”

On the final point, the authors state something that I believe is often overlooked as a part of any compliance strategy. It is that “integrated reporting enhances discipline. It forces management and employees to think about both the financial and the ESG implications of their decisions and helps spur innovation as they seek to improve both kinds of performance.” The FCPA Guidance speaks to Incentives and Disciplinary Measures, which is generally considered to be both the carrot and the stick. The stick to demonstrate that there should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. The carrot as the DOJ and SEC recognize that positive incentives can also drive compliant behavior. This would dovetail with the authors’ observation that integrated reporting enhances discipline.

Eccles and Serafeim discuss in their article the corporate benefits of having a sustainability strategy. I think their ideas are applicable to the compliance field and give you new ways to think about old problems. As for the Astros, maybe they could develop a winning strategy.

© Thomas R. Fox, 2013

Leave a Comment

May 13, 2013

In FCPA Enforcement Sometimes Truth is Stranger than Fiction – The Cilnis Complaint

Filed under: Enforcement Actions,FCPA,Financial Times,Sam Rubenfeld,Wall Street Journal — tfoxlaw @ 1:01 am

I often marvel at some of the stories which come up in the context of Foreign Corrupt Practices Act (FCPA) investigations and enforcement. If you made up some of the things which are reported, I fear that people might find you simply crazy. One of these stranger than fiction stories now appears to be playing out in the US District Court for the Southern District of New York, where a Complaint was recently filed by the US government against one Frederic Cilnis, for obstruction of justice into an ongoing FCPA investigation.

Cilnis was arrested on April 14, 2013 in Jacksonville, Florida and charged with obstruction of justice for attempting to persuade an individual who is a Cooperating Witness (CW), to destroy documents which purport to show the bribery scheme engaged in to obtain mining concessions. In the Complaint filed in the US District Court for the Southern District of New York, a Special Agent with the Federal Bureau of Investigation (FBI) detailed five contracts which Cilnis sought to obtain from the CW and destroy. As reported by the Financial Times (FT), in an article entitled “Contracts link BSGR to alleged bribes”, Tom Burgis, Misha Glenny and Cynthia O’Murchu, reported documents related to allegations that “The resources arm of Beny Steinmetz Group agreed to pay $2m to the wife of an African president to help it secure rights to one of the world’s richest untapped mineral deposits”. The contracts “set out agreements for the company to make payments and transfer shares to Mamadie Touré, wife of the then president Lansana Conté.” As the quid pro quo for these commission payments, “Ms Touré would take “all necessary steps” to advance its efforts to win rights to the Simandou deposit, a February 2008 contract says. A further $2m would be dispersed among other people to facilitate the acquisition of the rights.”

In the Complaint the CW is only identified as “the former wife of a now deceased high-ranking official in the government of Guinea”. Mamadie Touré’s former husband, the then president Lansana Conté is now deceased. Cilnis is identified in the Complaint but his business relationship is only identified as “Entity”. In an article in the Wall Street Journal (WSJ), entitled “BSGR Confirms Engaging Man in Guinea Charged with Obstruction”, Sam Rubenfeld reported that the company BSG Resources, Ltd. now says that it worked with Frederic Cilnis, although Cilnis was never an employee of the company.

The Complaint detailed five separate contracts which are alleged to show the efforts of Cilnis and his business relations to pay bribes and engage in corruption to obtain the mining concession. The Compliant specifies that Cilnis requested the CW produce original copies of the contracts and that he personally witness their destruction. In addition to the five contracts, Cilnis prepared for and had the CW sign an Attestation denying any involvement with him or helping his company obtain the mining rights in Guinea.

Protocol-1

This contract was dated June 20, 2007, and was between the CW and the Guinean subsidiary of the Entity. For her assistance in obtaining permits, the Entity’s Guinean subsidiary would transfer 5% of its shares to a company controlled by the CW.

Protocol-2

This contract was dated February 28, 2008 and stated that the Entity “commits to giving 5% of the shares of stock of blocks 1 and 2 of Simadou [the mining concession]” to the CW.

Commission Contract

This contract is dated February 27, 2008. In this agreement, the CW’s company commits to “taking all necessary steps from the authorities the signature for the obtaining of the aforementioned blocks”. For this consideration, a $2MM would be made available for the distribution “among persons of good will who may have contributed to facilitating the granting of the blocks”.

Engagement Letter

This is an undated document. In it the Guinean subsidiary proposed to allow the CW up to a 5% shareholding stake in the Guinean subsidiary. There would be a further transfer of 17.65% of the capital by the Guinean subsidiary as well.

August 3, 2010 Contract

This is a contract dated August 3, 2010. In it the Entity’s holding company agrees to pay to the CW the additional amount of $5MM, in two tranches. The first payment of $2.5MM was to be paid at contract execution and the second to be paid 24 months later. Interestingly, the Compliant stated that this contract “required the CW to conceal the CW’s relationship with the Holding Company, reciting that the CW and the CW’s company ‘commit herewith to make no use of the document, in any manner, directly or indirectly, and not to use this document against the [Holding Company] and/or its partner and/or its associates in Guinea or elsewhere.’”

The Attestation

In addition to the documents that Cilnis sought to have destroyed, he prepared and presented to the CW a document entitled “Attestation”. The CW signed this Attestation and copies were made. According to the Complaint, the Attestation was drafted as if it was written and prepared by the CW herself and in it were the following statements:

I have never signed a single contract with the Entity, neither directly or indirectly through anyone else.
I never intervened with Guinean officials in favor of [the Entity]…
I have never received any money from [the Entity], neither directly or indirectly… [The Entity] never gave…any money, neither directly to me nor to anyone else on by behalf. They did not promise to pay me anything, neither to me, nor to anyone else on my behalf.

Destruction of Documents

The Complaint specified that Cilnis told the CW several times that the documents need to be destroyed urgently. Moreover, “they need to find a place to burn all of them, adding that they cannot do it at the CW’s house.” When the CW suggested that she could destroy the documents, Cilnis repeated that “Cilnis was instructed to see it happen in person and that Cilnis cannot lie when he is asked whether he, Cilnis, saw the papers being burned.”

For the destruction of the documents, the Complaint notes that Cilnis offered the CW $1MM. $200,000 of this total would be paid now and “$800,000 at a later date.” Further, Cilnis is alleged to have proposed an additional $5MM fee “if the group is not forced out” of Guinea but that the CW will receive “the $1million regardless of the outcome.”

I guess Cilnis has nothing on John Connally who once advised President Nixon to burn the White House tapes on the front lawn of the White House, in the full view of the American people. The WSJ article reported that BSGR said that “allegations of any improper conduct relating to how the company obtained a mining license in Guinea “are entirely baseless and motivated by an ongoing campaign to seize the assets” of the company.” Then BSGR claimed it is the real victim here as it has become “the victim of extortion attempts by individuals who are seeking economic gains.” Further, “The modus operandi of these attempts involved at times the use of forged documentation, blackmail and harassment.” No word from BSGR if anyone has asked them to burn documents.

Like I said, in the world of FCPA enforcement, sometimes truth is stranger than fiction.

Leave a Comment

May 10, 2013

Use Planes, Trains and Automobiles to get to Compliance Week 2013

Filed under: Compliance Week,Department of Justice,Export Control,FCPA,FCPA Guidance,SEC,Transaction Monitoring — tfoxlaw @ 1:01 am
Tags: best practices, compliance programs, Department of Justice, FCPA, SEC

To say I am excited would be putting it mildly. Yes that most premier of compliance related conferences is on the short horizon; Compliance Week 2013 is nearly upon us. It will be from May 20-22 at the Mayflower Hotel in Washington DC. As usual, Matt Kelly and his outstanding team have put together a first rate program for the General Counsel (GC), compliance practitioner (in-house or outside counsel), FCPA Bar/FCPA Inc. or even Mike Volkov’s good friends, the FCPA Paparazzi. If there is one national compliance conference that you can attend each year, for my money, this is the event.

As Matt Kelly has said, the theme of Compliance Week 2013 is “Seeing All the Data” and is designed as “a testament to how vital it is that compliance executives have visibility into all the information and operations at their enterprises. That could be anything from tracking all your third parties, or monitoring all the data your business collects about customers, or seeing all the regulatory risks you face as you build a risk-management program.” This theme is certainly appropriate as I believe that 2013 will be the year that the use of data in transaction; third party; relationship and all other forms of ongoing monitoring will make any compliance program more robust. There are several sessions where these topics will be explored, including the following: Continuous Transaction Monitoring That Works, the Kroll Benchmarking Report, Mapping Data on Information Governance, Automating Third Party Risk, and Financial Reporting. This plethora of sessions speaks to the emergence of technology as a tool to support compliance.

Another key theme of Compliance Week 2013 is leadership. The first day of the conference is the subject of leadership. The first keynote speaker on Day One is Ed Breen, the chairman and former Chief Executive Officer (CEO) of Tyco International Ltd, who had to pick up the tatters of that company in 2002, as his predecessor went off to prison, and then rebuild the entire operation. The second keynote speaker on Day One is retired Major General Lewis MacKenzie, former head of U.N. peacekeeping forces in Yugoslavia, Central America, Middle East and Vietnam. Some of the sessions on Day One regarding leadership will focus on the practical; how to position the compliance department as an asset rather than an obstacle; how to craft a Code of Conduct that fits your business and culture; how to do business in India, Latin America, and elsewhere.

For the FCPA consigliori amongst you, I will once again be leading a conversation on the most recent Foreign Corrupt Practices Act (FCPA) developments. With the recent Parker Drilling Company and Ralph Lauren Corporation resolutions and the various individuals who have been indicted or have pled out, it promises to be an interesting and informative time for anyone interested in all things FCPA. If it turns out that after my session you are still craving more insight about effective compliance with the FCPA there will be a session entitled “FCPA Guidance, Right From the Source”. This session will address any lingering questions you may have about the FCPA guidance published last fall by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). The panel will include the top FCPA enforcers from both the DOJ and SEC, who will offer their latest thinking on anti-bribery enforcement and answer questions from the audience about best practices and putting agency guidance to good use.

If your compliance challenges reach beyond the FCPA, there will be sessions which deal with broader compliance themes. In the area of export control, one conversation will have regulators who will discuss issues related to sponsoring a foreign-born worker here in the United States; some of the implications of the export control reform effort on investigations and prosecutions; and the absolute requirement to know your customer. There will also be a session which showcases the Boeing Co.’s approach to trade compliance, from monitoring regulatory changes to developing processes that simplify compliance and examples of how the Boeing program was implemented in its business units.

If internal controls are more to your taste or needs, then check out the panel discussion regarding FMC Corp. You will hear from the company’s internal control team that implemented an automated system to collect and monitor financial data: the software they used; the controls they streamlined; the high-level components of internal controls they did not automate, and the results so far. More focused on training? One session will discuss how to align business and compliance objectives with training, how to ensure you get the data you need to demonstrate progress, and what tools you can use to deliver training to a diverse workforce cost effectively. If you want to move beyond training and into embedding compliance into your company’s DNA, check out this session “Beyond Training: Articulating & Embedding Company Values”. This session will discuss how organizations with the most ethical rigor want to embed their cultural values in everything they do, so employees know how to conduct themselves in any circumstance, not just in moments of obvious crisis.

So whether it’s by plane, train or automobile, I hope that you can get to Compliance Week 2013. To help you do so, I have been authorized to offer a discount to readers of my blog. For registration and information, click here.

Leave a Comment

May 9, 2013

DPAs and NPAs – Useful Tools to Achieve Compliance

Filed under: Deferred Prosecution Agreement,Department of Justice,FCPA,FCPA Professor,Michael Volkov,Non-Prosecution Agreements,SEC,Uncategorized — tfoxlaw @ 1:01 am
Tags: compliance, compliance programs, Department of Justice, DOJ, DPA, FCPA, FCPA Professor, Foreign Corrupt Practices Act, Michael Volkov, NPA, SEC

The debate on whether the use of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) has become lively again over the past couple of weeks. Last week, there was a panel hosted by the Corporate Crime Reporter conference at the National Press Club. The panel was moderated by Steven Fagell, a partner at Covington & Burling LLP, and the panelists included Denis McInerney, the Criminal Division’s Deputy Assistant Attorney General, David Uhlmann, the former chief of the Environmental Crimes Section at the Department of Justice (DOJ), and currently a Professor of Law at the University of Michigan, the FCPA Professor, Michael Koehler, Kathleen Harris, a partner at Arnold & Porter LLP in London, and Anthony Barkow, a partner at Jenner & Block in New York.

The FCPA Professor wrote about the conference in two posts this week. The second post, entitled “Seeing the Light from the ‘Dark Ages’”, reported on the panel discussion. In this post, the Professor flatly says that DPAs and NPAs should be abolished in the context of Foreign Corrupt Practices Act (FCPA) enforcement and that a compliance defense should be added to the FCPA. In the other corner stands Mike Volkov, who said in a recent post, entitled “The Continuing Controversy Over DPAs and NPAs”, that DPAs and NPAs are part of the growing arsenal of prosecutorial tools that can be brought to bear by the DOJ and now the Securities and Exchange Commission (SEC).

The Professor previously articulated his views against DPAs and NPAs last fall in a post entitled “Assistant Attorney General Breuer’s Unconvincing Defense Of DPAs / NPAs”. In that post he said that the “use of NPAs or DPAs allow “under-prosecution” of egregious instance of corporate conduct while at the same time facilitate the “over-prosecution” of business conduct.” The ‘under-prosecution’ comes “because they [DPAs and NPAs] do not result in any actual charges filed against a company, and thus do not require the company to plead to any charges, allow egregious instances of corporate conduct to be resolved too lightly without adequate sanctions and without achieving maximum deterrence.” The ‘over-prosecution’ comes “because of the “carrots” and “sticks’ relevant to resolving a DOJ enforcement action often nudge companies to agree to these vehicles for reasons of risk-aversion and efficiency and not necessarily because the conduct at issue actually violates the law.” Volkov, being a former prosecutor, says that “Prosecutors like to have a variety of tools. An up or down decision system – indict or decline to indict – does not give prosecutors any ability to address the hard cases, where they are more inclined to decline prosecution rather than indict.”

However, I am neither a former prosecutor, like Volkov, nor a former white collar defense lawyer, like the Professor. I am a recovering trial lawyer who then went in-house. From this background I think that there is another line of reasoning as to why DPAs and NPAs are useful FCPA compliance enforcement tools and that line of reasoning is certainty. The primary reason for the prosecution and a company entering into a DPA/NPA is certainty. The one thing I learned in almost 20 years of trying cases is that nothing is certain when you leave the final decision to an ultimate trier of fact who is not yourself, whether that trier of fact be a jury, judge or arbitrator. The most important thing for a company is certainty and that is even more paramount when a potential criminal conviction looms over its corporate head. Certainty is equally critical for the prosecution. No matter how ‘slam dunk’ the facts are, or appear to be, once a prosecutor turns over the final decision in a case to another trier of fact; the prosecution has lost certainty in the final decision. Every corporate defendant who goes to trial can and should raise all procedural and factual defenses available to it. No prosecutor can ever be 100% certain that it will win every court ruling or that a guilty conviction will be upheld on appeal. However, a DPA/NPA can bring certainty. For a company, certainty in its rights and obligations, for the prosecution the same is true.

There was another article which considered the panel discussion held at the Corporate Crime Reporter conference entitled “McInerney Defends Deferred and Non Prosecution Agreements”. This article included quotes from David Uhlmann, who said that he believes, “This is about a profound ambivalence in parts of the Department about the very notion of corporate criminality.” Uhlmann believes that it this ambivalence which has driven the use of DPAs. He believes that the DOJ should make an “up or down” decision on whether a corporation should be prosecuted or not. He was quoted as saying “There is no more important role that the Justice Department plays than its role investigating and prosecuting crime. And if the Justice Department believes that a particular case warrants criminal prosecution, it should bring criminal charges. It should not sacrifice criminal prosecution to a private agreement never entered in court, never overseen by a judge in any meaningful way that doesn’t involve any public hearing, that doesn’t involve any corporate officials coming into the courtroom admitting guilt. On the other hand, if the Justice Department doesn’t believe that a criminal prosecution is necessary or warranted, then they should decline. They should decline prosecution in favor of — in most cases they have the option of civil or administrative enforcement.”

The Professor had a slightly different take on the use of DPAs in the context of criminal prosecutions of corporations. He was quoted as saying, “The Department has become so uncomfortable with the traditional notions of corporate criminal liability that they have constructed and indeed championed this alternative reality that is equally problematic.” Further, “These resolutions have had a troubling, distortive and toxic effect on this one area of law,” Koehler concluded. “There is no judicial scrutiny of most fcpa enforcement theories.” And, lastly, “Of course, the Justice Department is in favor of these because it makes their job easier. Of course, the FCPA bar and FCPA Inc. is in favor of these it expands the market for legal services.”

Criminal Division Deputy Assistant Attorney General McInerney made clear that he is not ambivalent at all about corporate criminal liability and specifically stated this. So let me speak from the perspective of a lawyer from Houston, who has represented companies in the energy space for quite some time. The frustration that boiled over from the lack of prosecutions regarding the financial troubles of the recent years should not obscure the fact that the DOJ has and will continue to pursue criminal cases against corporations.

But to paraphrase Joe Jackson, something else is going on ‘round here with prosecutions of corporate criminal conduct and the use of DPAs/NPAs. While one role of the DOJ is to prosecute law breakers; I believe that another role of the DOJ is to increase and encourage compliance with laws. The DPA/NPA debate does not stand in a vacuum. I believe that by offering incentives for companies to self-disclose and cooperate, the DOJ is increasing compliance with the FCPA. If there is no incentive to cooperate, there will be none. Period. If a company will face a criminal indictment or charge if it investigates a matter and self-discloses to the DOJ, how many companies will do so? McInerney was quoted as saying, “You are disincentivizing companies in terms of doing the right thing. You are not crediting companies for doing the right thing.”

Now let me take the flip side; Arthur Anderson. For all the howls that there is no empirical evidence that indicting and convicting companies puts them out of business; I am certainly not persuaded. I saw it happen, here in Houston. Was it in the interest of the US government to put Arthur Anderson out of business? Did it further the policies of this country to go from the Big Four to the Big Three? What about all the Arthur Anderson employees who did not work on the Enron account, what policy did it further to have them lose everything they invested in their professional life? If DPAs/NPAs are less draconian in their effect than destruction of a corporation’s existence, does that make them somehow less useful? If the DOJ wants to put such a factor into their decision making, I find that to be an appropriate calculus.

As to the charge that the FCPA Bar/FCPA Inc. used DPAs/NPAs to expand their market for work? [Full disclosure - I am a member of the FCPA Bar and ergo, FCPA Inc.] I think that it is the job of a lawyer to advise his or her clients on their legal obligations and to assist in fulfilling those obligations. Is it in my own myopic self-interest to advocate compliance with the FCPA? Or am I a part of the FCPA Bar and Inc. which assists companies to comply with a now 35 year old law? Whichever answer you prefer, I believe that there is more compliance now and that the use of DPAs/NPAs is a contributing factor to this increased compliance.

Another panelist, Anthony Barkow posited yet another angle. He said “one the primary policy justifications — or certainly a significant policy justification — is — getting DPAs and NPAs is easy. “It’s a lot easier than charging a company,”” Barkow said. “And it’s a lot easier than charging it and to try to get a plea.” While I do not pretend to know the intricacies of obtaining an indictment or going before a grand jury, it is always easier to settle something rather than try a case. But that does not mean any less work goes on, either from the corporate side or especially from the government side. FCPA enforcement actions are huge, document intensive cases and from what little I know of the process, the DOJ works quite hard to craft an appropriate resolution for each case. Further, there are multiple levels of review in the DOJ so many sets of eyes look at these matters. So while it may be easier to reach a resolution rather than charging and criminally trying a corporation, that does not mean in any way, shape or form that this work is easy. The work is hard, time intensive and takes literally thousands of man-hours by all parties involved to reach any resolution. Simply because a new enforcement tool is available, which is short of a criminal indictment and trial, does not mean that it is not a useful tool and should not be used.

Mike Volkov ended his post with the following, “The debate will continue – I have no doubt of that.” I would certainly second that notion. But from where I sit the use of DPAs/NPAs has improved compliance with the FCPA because their use has given corporations a real incentive to thoroughly investigate allegations of bribery and corruption and then work with the government to appropriately remediate the situation.

Leave a Comment

May 7, 2013

Do Law Firms Have an In-House Privilege?

Filed under: Attorney-Client Privilege,External investigations,FCPA,Investigations — tfoxlaw @ 1:01 am
Tags: ABA, American Bar Association, external investigations, FCPA, in-house counsel, investigations

There is often a discussion about the retention of outside counsel to lead an investigation of alleged violations of the US Foreign Corrupt Practices Act (FCPA) so that the company may maintain the attorney-client privilege. But is there some other privilege which might be lurking in this relationship? This question was discussed in an article in the May issue of the ABA Journal, entitled “Inside Story”, by Mark Curriden, which details a discovery dispute before the Georgia Supreme Court where a law firm has claimed that it enjoys an attorney-client privilege in a malpractice claim brought by a former client. The case involves allegations that communications between a law firm and its in-house counsel are privileged in favor of the law firm and poses the following query: “whether communications between lawyers and in-house counsel are protected by the attorney-client privilege and the work product doctrine when a dispute arises between the firm and a client.”

The case involves three lawyers from the Savannah, GA law firm of Hunter, Maclean, Exley & Dunn PC (Hunter Mclean). The law firm had prepared certain real estate sales contracts, which were used by the firm’s client, St. Simons Waterfront LLC. After buyers began to opt out of these contracts to purchase certain properties, the law firm suggested that the company negotiate with the purchasers.

The company demanded that the law firm work to enforce the agreements. Curriden wrote that “The lawyers for Hunter Maclean took the scolding as a sign that St. Simons Waterfront was planning a malpractice claim against them and contacted the firm’s in-house counsel immediately after the call.” He quoted the lawyer for St. Simons Waterfront who said that “Within minutes of the conference call, Hunter Maclean lawyers were already taking legal steps to defend themselves for litigation, even though they were still representing the client and would continue to represent the client for another three months.”

The law firm understood that the company was threatening litigation against the law firm and claimed they told the client that it needed new counsel. The company said at no time did it suggest that it was preparing to sue its own lawyers and denies that the law firm told them after the phone call in question that a conflict existed and that the company should retain new counsel.

Indeed later, the client sued the law firm for malpractice in the drafting of the real estate contracts, in a case styled, St. Simons Waterfront v. Hunter, Maclean, Exley & Dunn. The dispute currently before the Georgia Supreme Court is over certain documents that the law firm claims is its internal attorney-client privileged communications , specifically including a 33-page memo from the firm’s own in-house lawyer describing the Feb. 18, 2008, conference call referenced above, that lawyers at the firm wrote the day after the telephone conversation occurred.

Susan W. Cox, counsel representing Hunter Mclean, said that “The documents and communications sought involve efforts by the firm to investigate, evaluate and consider how to respond to the client’s asserted claim.” Curriden further quoted her as stating that “Under the plaintiff’s argument, Cox says, “a law firm would have to immediately withdraw from any further client representation, regardless of the harm to the client and regardless of whether the client consented to the additional temporary and necessary representation, in order to protect its in-house information from disclosure in the malpractice claim. It was impossible for Hunter Maclean to immediately withdraw without causing great harm to the client. Under Georgia and federal law, the attorney-client privilege is interpreted to protect against disclosure of information obtained or shared in a confidential relationship, and that applies equally to communications with in-house and outside counsel.””

However, the trial court disagreed with the law firm’s position and ordered production of the documents “ruling that the privilege didn’t apply because Hunter Maclean failed to inform the client about its conflicts. The judge ordered Hunter Maclean to turn over the internal documents that St. Simons Waterfront was seeking.” Then “The Georgia Court of Appeals reversed, ruling that the firm’s communications with in-house counsel remained privileged because the in-house counsel was completely isolated from the St. Simons Waterfront legal work and thus did not have a conflict. St. Simons Waterfront appealed to the state supreme court. Oral arguments were held in March.”

The article posited the two schools of thought on this question. Attorney John G. Nelson, counsel for the St. Simons Waterfront, was quoted as saying “The appellate court’s reasoning “makes it too easy for law firms to conceal unethical conduct from clients…If the client’s attorneys consult with the in-house attorney—not for the purpose of meeting their ethical obligations to the client but to cover up their own malpractice, and the in-house attorney assists them in doing so—the firm could withhold that information simply because the in-house attorney was ‘segregated’ from directly representing the client.”” Nelson further said that “The reason is simple: When a law firm represents a current client, the entire law firm’s fiduciary and ethical duties are to that client.”

However at least 13 law firms which are not parties to this dispute, signed an amicus brief in support of the law firm in the discovery dispute. Interestingly, the American Bar Association (ABA) filed an amicus brief which stated the ABA “takes no position on whether the privilege and work product claims in this case should be sustained.” After quoting this statement, Curriden goes on to quote from the ABA’s amicus brief that ““the ABA urges that lawyers’ communications when seeking legal advice from their in-house counsel should be broadly protected because of the benefits to their clients and the legal system, and to lawyers and their firms,” states the association’s brief. “Lawyers face an increasing array of legal and ethics duties, and the availability of in-house advice, without the cost or inconvenience of seeking an outside lawyer, encourages lawyers to pursue internal investigations where questions of misconduct or malpractice arise.”” Therefore, the attorney-client ““privilege should not be abrogated or limited except for compelling reasons.” But this analysis changes “if it is concluded that the client may have a malpractice claim against the lawyer,” states the brief. “Whether the privilege as to further in-house consultations is abrogated or limited during a continuing representation might become a question of fact for the trial court as to whether the client were promptly and adequately informed of the potential claim.””

As a former in-house counsel I certainly find it troubling if, at the slightest spat between a law firm and a client, the law firm then ‘lawyers-up’ and girds for a lawsuit. One of the greatest things about the legal profession is that it holds the highest duty possible to its clients. If a law firm is taking a position contrary to its client’s interest, it cannot no longer ethically represent the client. Curriden ends his article with a short discussion on this point when he said, “many corporate GCs privately express concerns about what their law firms may be doing behind their backs.” He quoted Randy Johnston, who focuses his practice at JohnstonTobey PC in Dallas on professional malpractice cases, who said “Corporate general counsel have every right to be concerned that their law firm is secretly plotting against them and their best interests, and are doing so without notifying them,”. Johnston goes on further to say “In the end, I think there’s only one solution: Law firms should have the right to internal defense and to work product, but the law firm must immediately inform the client when there is a conflict. Failure to tell the client eviscerates the privilege. Period.”

This is a case which certainly bears watching as it may go quite a long way towards fundamentally altering the attorney-client relationship.

Leave a Comment

FCPA Compliance and Ethics Blog

May 22, 2013

What Are The Essential Elements of a Corporate Compliance Program?

May 20, 2013

An Inspired Choice – Ethical Leadership Under Difficult Circumstances

May 19, 2013

The Drugstore Cowboy and Compliance

May 16, 2013

Four Keys to Compliance Leadership

May 15, 2013

Scam Artists from Texas and Compliance Risk Management

May 14, 2013

What is Your Compliance Strategy?

May 13, 2013

In FCPA Enforcement Sometimes Truth is Stranger than Fiction – The Cilnis Complaint

May 10, 2013

Use Planes, Trains and Automobiles to get to Compliance Week 2013

May 9, 2013

DPAs and NPAs – Useful Tools to Achieve Compliance

May 7, 2013

Do Law Firms Have an In-House Privilege?

January

Blogroll

Pages

Admin

Read by Email

Follow “FCPA Compliance and Ethics Blog”

May 2013
M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31