Deferred Prosecution Agreement | FCPA Compliance and Ethics Blog

June 5, 2013

Return to the Baker’s Dozen in a Best Practices Compliance Program – Total Part II

Filed under: Best Practices,compliance programs,Deferred Prosecution Agreement,Department of Justice,Enforcement Actions,FCPA,SEC — tfoxlaw @ 1:01 am
Tags: best practices, compliance, compliance programs, Department of Justice, DOJ, FCPA, Foreign Corrupt Practices Act, SEC

Yesterday I reviewed the facts surround Total SA’s (Total) lengthy bribery scheme to win contracts in Iran. At this point, the settlement documents consist of the Deferred Prosecution Agreement (DPA), which was filed by the US Department of Justice (DOJ), and the Securities and Exchange Commission’s (SEC) Cease and Desist Order (the Order). Today begins a two-part discussion of Total’s obligations going forward under the settlement documents. In the DPA, there are two Attachments which speak to its ongoing obligations under its settlement with the DOJ. Attachment C is entitled “Corporate Compliance Obligations” and Attachment D is entitled, “Independent Corporate Monitor”. Today I will review the 13-point best practices compliance program in the context of lessons learned for the compliance practitioner going forward and tomorrow I will discuss the Monitor as required under the DPA and the Compliance Consultant as required under the Order.

The DPA and Total’s Corporate Compliance Obligations

The information included in Total’s Corporate Compliance Program provides the Foreign Corrupt Practices Act (FCPA) compliance practitioner with the most current components that the DOJ believes should be included in a FCPA compliance program. Hence, this information is a valuable tool by which companies can assess if they need to adopt new or modify their existing internal controls, policies, and procedures in order to ensure that their FCPA compliance program maintains: (a) a system of internal accounting controls designed to ensure that Total makes and keeps fair and accurate books, records, and accounts; and (b) a rigorous anti-corruption compliance code, standards, and procedures designed to detect and deter violations of the FCP A and other applicable anti-corruption laws. Total’s obligations are:

1. Written Compliance Code. Total should develop and promulgate a clearly articulated and visible corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable foreign law counterparts (collectively, the “anti-corruption laws”), which policy should be memorialized in a written compliance code.

2. Tone at the Top. The Company will ensure that its Board of Directors and senior management provides strong, explicit, and visible support and commitment to its corporate policy against violations of the anti-corruption laws and its compliance code.

3. Anti-Corruption Policies and Procedures. Total should develop and promulgate compliance standards and procedures designed to reduce the prospect of violations of the anti-corruption laws and the Company’s compliance code, and the Company should take appropriate measures to encourage and support the observance of ethics and compliance standards and procedures against foreign bribery by personnel at all levels of the company. These anti-corruption standards and procedures shall apply to all directors, officers, and employees and, where necessary and appropriate, outside parties acting on behalf of the Company in a foreign jurisdiction, including but not limited to, agents and intermediaries, consultants, representatives, distributors, teaming partners, contractors and suppliers, consortia, and joint venture partners (collectively, “agents and business partners”), to the extent that agents and business partners may be employed under the Company’s corporate policy. The Company shall notify all employees that compliance with the standards and procedures is the duty of individuals at all levels of the company. Such standards and procedures shall include policies governing:

gifts;
hospitality, entertainment, and expenses;
customer travel;
political contributions;
charitable donations and sponsorships;
facilitation payments; and
solicitation and extortion

4. Use of Risk Assessment. Total should develop these compliance standards and procedures, including internal controls, ethics, and compliance programs on the basis of a risk assessment addressing the individual circumstances of the Company, in particular the foreign bribery risks facing the Company, including, but not limited to, its geographical organization, interactions with various types and levels of government officials, industrial sectors of operation, involvement in joint venture arrangements, importance of licenses and permits in the company’s operations, degree of governmental oversight and inspection, and volume and importance of goods and personnel clearing through customs and immigration.

5. Annual Review. Total should review its anti-corruption compliance standards and procedures, including internal controls, ethics, and compliance programs, no less than annually, and update them as appropriate, taking into account relevant developments in the field and evolving international and industry standards, and update and adapt them as necessary to ensure their continued effectiveness.

6. Sr. Management Oversight and Reporting. Total should assign responsibility to one or more senior corporate executives of the Company for the implementation and oversight of the Company’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to the Company’s Legal Counsel or Legal Director as well as the Company’s independent monitoring bodies, including internal audit, the Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.

7. Internal Controls. Total should ensure that it has a system of financial and accounting procedures, including a system of internal controls, reasonably designed to ensure the maintenance of fair and accurate books, records, and accounts to ensure that they cannot be used for the purpose of foreign bribery or concealing such bribery.

8. Training. Total should implement mechanisms designed to ensure that its anti-corruption policies, standards, and procedures are communicated effectively to all directors, officers, employees, and, where necessary and appropriate, agents and business partners. These mechanisms shall include: (a) periodic training for all directors and officers, and, where necessary and appropriate, employees, agents, and business partners; and (b) annual certifications by all such directors and officers, and, where necessary and appropriate, employees, agents, and business partners, certifying compliance with the training requirements.

9. Ongoing Advice and Guidance. The Company should establish or maintain an effective system for:

Providing guidance and advice to directors, officers, employees, and, where necessary and appropriate, agents and business partners, on complying with the Company’s anti-corruption compliance policies, standards, and procedures, including when they need advice on an urgent basis or in any foreign jurisdiction in which the Company operates;
Internal and, where possible, confidential reporting by, and protection of, directors, officers, employees, and, where necessary and appropriate, agents and business partners, not willing to violate professional standards or ethics under instructions or pressure from hierarchical superiors, as well as for directors, officers, employees, and, where appropriate, agents and business partners, willing to report breaches of the law or professional standards or ethics concerning anticorruption occurring within the company, suspected criminal conduct, and/or violations of the compliance policies, standards, and procedures regarding the anticorruption laws for directors, officers, employees, and, where necessary and appropriate, agents and business partners; and
Responding to such requests and undertaking necessary and appropriate action in response to such reports.

10. Discipline. Total should have appropriate disciplinary procedures to address, among other things, violations of the anti-corruption laws and the Company’s anti-corruption compliance code, policies, and procedures by the Company’s directors, officers, and employees. Total should implement procedures to ensure that where misconduct is discovered, reasonable steps are taken to remedy the harm resulting from such misconduct, and to ensure that appropriate steps are taken to prevent further similar misconduct, including assessing the internal controls, ethics, and compliance program and making modifications necessary to ensure the program is effective.

11. Use of Agents and Other Business Partners. To the extent that the use of agents and business partners is permitted at all by the Company, it should institute appropriate due diligence and compliance requirements pertaining to the retention and oversight of all agents and business partners, including:

Properly documented risk-based due diligence pertaining to the hiring and appropriate and regular oversight of agents and business partners;
Informing agents and business partners of the Company’s commitment to abiding by laws on the prohibitions against foreign bribery, and of the Company’s ethics and compliance standards and procedures and other measures for preventing and detecting such bribery; and
Seeking a reciprocal commitment from agents and business partners.

12. Contractual Compliance Terms and Conditions. Total should include standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anticorruption representations and undertakings relating to compliance with the anticorruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.

13. Ongoing Assessment. Total should conduct periodic review and testing of its anticorruption compliance code, standards, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anticorruption laws and the Company’s anti-corruption code, standards and procedures, taking into account relevant developments in the field and evolving international and industry standards.

Discussion

Interestingly, the Total DPA returns to the 13 point minimum best practices compliance regime that had been articulated by the DOJ prior to the FCPA Guidance. In the Non-Prosecution Agreement (NPA) sustained by Ralph Lauren in April, there was an 18 point compliance program set forth, which had all of the elements present in the Total compliance program plus one additional one which was a section relating to Ralph Lauren’s compliance obligations during mergers and acquisitions. However I think that the gist is that Total’s compliance obligations supplements the Ten Hallmarks of an Effective Compliance Program set out in the FCPA Guidance.

For the compliance practitioner, the opportunity is to use either the Total DPA (or Ralph Lauren NPA) in conjunction with the Ten Hallmarks to evaluate your own compliance program. Both the Ten Hallmarks and the Total DPA/Ralph Lauren NPA discuss the need for annual evaluations of a compliance program. You need to assess where your program is in light of legal developments, compliance developments, new product or services offerings your company may have developed and any new geographic territories that present updated compliance risks for your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Leave a Comment

May 9, 2013

DPAs and NPAs – Useful Tools to Achieve Compliance

Filed under: Deferred Prosecution Agreement,Department of Justice,FCPA,FCPA Professor,Michael Volkov,Non-Prosecution Agreements,SEC,Uncategorized — tfoxlaw @ 1:01 am
Tags: compliance, compliance programs, Department of Justice, DOJ, DPA, FCPA, FCPA Professor, Foreign Corrupt Practices Act, Michael Volkov, NPA, SEC

The debate on whether the use of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) has become lively again over the past couple of weeks. Last week, there was a panel hosted by the Corporate Crime Reporter conference at the National Press Club. The panel was moderated by Steven Fagell, a partner at Covington & Burling LLP, and the panelists included Denis McInerney, the Criminal Division’s Deputy Assistant Attorney General, David Uhlmann, the former chief of the Environmental Crimes Section at the Department of Justice (DOJ), and currently a Professor of Law at the University of Michigan, the FCPA Professor, Michael Koehler, Kathleen Harris, a partner at Arnold & Porter LLP in London, and Anthony Barkow, a partner at Jenner & Block in New York.

The FCPA Professor wrote about the conference in two posts this week. The second post, entitled “Seeing the Light from the ‘Dark Ages’”, reported on the panel discussion. In this post, the Professor flatly says that DPAs and NPAs should be abolished in the context of Foreign Corrupt Practices Act (FCPA) enforcement and that a compliance defense should be added to the FCPA. In the other corner stands Mike Volkov, who said in a recent post, entitled “The Continuing Controversy Over DPAs and NPAs”, that DPAs and NPAs are part of the growing arsenal of prosecutorial tools that can be brought to bear by the DOJ and now the Securities and Exchange Commission (SEC).

The Professor previously articulated his views against DPAs and NPAs last fall in a post entitled “Assistant Attorney General Breuer’s Unconvincing Defense Of DPAs / NPAs”. In that post he said that the “use of NPAs or DPAs allow “under-prosecution” of egregious instance of corporate conduct while at the same time facilitate the “over-prosecution” of business conduct.” The ‘under-prosecution’ comes “because they [DPAs and NPAs] do not result in any actual charges filed against a company, and thus do not require the company to plead to any charges, allow egregious instances of corporate conduct to be resolved too lightly without adequate sanctions and without achieving maximum deterrence.” The ‘over-prosecution’ comes “because of the “carrots” and “sticks’ relevant to resolving a DOJ enforcement action often nudge companies to agree to these vehicles for reasons of risk-aversion and efficiency and not necessarily because the conduct at issue actually violates the law.” Volkov, being a former prosecutor, says that “Prosecutors like to have a variety of tools. An up or down decision system – indict or decline to indict – does not give prosecutors any ability to address the hard cases, where they are more inclined to decline prosecution rather than indict.”

However, I am neither a former prosecutor, like Volkov, nor a former white collar defense lawyer, like the Professor. I am a recovering trial lawyer who then went in-house. From this background I think that there is another line of reasoning as to why DPAs and NPAs are useful FCPA compliance enforcement tools and that line of reasoning is certainty. The primary reason for the prosecution and a company entering into a DPA/NPA is certainty. The one thing I learned in almost 20 years of trying cases is that nothing is certain when you leave the final decision to an ultimate trier of fact who is not yourself, whether that trier of fact be a jury, judge or arbitrator. The most important thing for a company is certainty and that is even more paramount when a potential criminal conviction looms over its corporate head. Certainty is equally critical for the prosecution. No matter how ‘slam dunk’ the facts are, or appear to be, once a prosecutor turns over the final decision in a case to another trier of fact; the prosecution has lost certainty in the final decision. Every corporate defendant who goes to trial can and should raise all procedural and factual defenses available to it. No prosecutor can ever be 100% certain that it will win every court ruling or that a guilty conviction will be upheld on appeal. However, a DPA/NPA can bring certainty. For a company, certainty in its rights and obligations, for the prosecution the same is true.

There was another article which considered the panel discussion held at the Corporate Crime Reporter conference entitled “McInerney Defends Deferred and Non Prosecution Agreements”. This article included quotes from David Uhlmann, who said that he believes, “This is about a profound ambivalence in parts of the Department about the very notion of corporate criminality.” Uhlmann believes that it this ambivalence which has driven the use of DPAs. He believes that the DOJ should make an “up or down” decision on whether a corporation should be prosecuted or not. He was quoted as saying “There is no more important role that the Justice Department plays than its role investigating and prosecuting crime. And if the Justice Department believes that a particular case warrants criminal prosecution, it should bring criminal charges. It should not sacrifice criminal prosecution to a private agreement never entered in court, never overseen by a judge in any meaningful way that doesn’t involve any public hearing, that doesn’t involve any corporate officials coming into the courtroom admitting guilt. On the other hand, if the Justice Department doesn’t believe that a criminal prosecution is necessary or warranted, then they should decline. They should decline prosecution in favor of — in most cases they have the option of civil or administrative enforcement.”

The Professor had a slightly different take on the use of DPAs in the context of criminal prosecutions of corporations. He was quoted as saying, “The Department has become so uncomfortable with the traditional notions of corporate criminal liability that they have constructed and indeed championed this alternative reality that is equally problematic.” Further, “These resolutions have had a troubling, distortive and toxic effect on this one area of law,” Koehler concluded. “There is no judicial scrutiny of most fcpa enforcement theories.” And, lastly, “Of course, the Justice Department is in favor of these because it makes their job easier. Of course, the FCPA bar and FCPA Inc. is in favor of these it expands the market for legal services.”

Criminal Division Deputy Assistant Attorney General McInerney made clear that he is not ambivalent at all about corporate criminal liability and specifically stated this. So let me speak from the perspective of a lawyer from Houston, who has represented companies in the energy space for quite some time. The frustration that boiled over from the lack of prosecutions regarding the financial troubles of the recent years should not obscure the fact that the DOJ has and will continue to pursue criminal cases against corporations.

But to paraphrase Joe Jackson, something else is going on ‘round here with prosecutions of corporate criminal conduct and the use of DPAs/NPAs. While one role of the DOJ is to prosecute law breakers; I believe that another role of the DOJ is to increase and encourage compliance with laws. The DPA/NPA debate does not stand in a vacuum. I believe that by offering incentives for companies to self-disclose and cooperate, the DOJ is increasing compliance with the FCPA. If there is no incentive to cooperate, there will be none. Period. If a company will face a criminal indictment or charge if it investigates a matter and self-discloses to the DOJ, how many companies will do so? McInerney was quoted as saying, “You are disincentivizing companies in terms of doing the right thing. You are not crediting companies for doing the right thing.”

Now let me take the flip side; Arthur Anderson. For all the howls that there is no empirical evidence that indicting and convicting companies puts them out of business; I am certainly not persuaded. I saw it happen, here in Houston. Was it in the interest of the US government to put Arthur Anderson out of business? Did it further the policies of this country to go from the Big Four to the Big Three? What about all the Arthur Anderson employees who did not work on the Enron account, what policy did it further to have them lose everything they invested in their professional life? If DPAs/NPAs are less draconian in their effect than destruction of a corporation’s existence, does that make them somehow less useful? If the DOJ wants to put such a factor into their decision making, I find that to be an appropriate calculus.

As to the charge that the FCPA Bar/FCPA Inc. used DPAs/NPAs to expand their market for work? [Full disclosure - I am a member of the FCPA Bar and ergo, FCPA Inc.] I think that it is the job of a lawyer to advise his or her clients on their legal obligations and to assist in fulfilling those obligations. Is it in my own myopic self-interest to advocate compliance with the FCPA? Or am I a part of the FCPA Bar and Inc. which assists companies to comply with a now 35 year old law? Whichever answer you prefer, I believe that there is more compliance now and that the use of DPAs/NPAs is a contributing factor to this increased compliance.

Another panelist, Anthony Barkow posited yet another angle. He said “one the primary policy justifications — or certainly a significant policy justification — is — getting DPAs and NPAs is easy. “It’s a lot easier than charging a company,”” Barkow said. “And it’s a lot easier than charging it and to try to get a plea.” While I do not pretend to know the intricacies of obtaining an indictment or going before a grand jury, it is always easier to settle something rather than try a case. But that does not mean any less work goes on, either from the corporate side or especially from the government side. FCPA enforcement actions are huge, document intensive cases and from what little I know of the process, the DOJ works quite hard to craft an appropriate resolution for each case. Further, there are multiple levels of review in the DOJ so many sets of eyes look at these matters. So while it may be easier to reach a resolution rather than charging and criminally trying a corporation, that does not mean in any way, shape or form that this work is easy. The work is hard, time intensive and takes literally thousands of man-hours by all parties involved to reach any resolution. Simply because a new enforcement tool is available, which is short of a criminal indictment and trial, does not mean that it is not a useful tool and should not be used.

Mike Volkov ended his post with the following, “The debate will continue – I have no doubt of that.” I would certainly second that notion. But from where I sit the use of DPAs/NPAs has improved compliance with the FCPA because their use has given corporations a real incentive to thoroughly investigate allegations of bribery and corruption and then work with the government to appropriately remediate the situation.

© Thomas R. Fox, 2013

Leave a Comment

April 25, 2013

Actions Taken During a FCPA Enforcement Action-Lessons from Parker Drilling and Ralph Lauren

Filed under: Best Practices,compliance programs,Deferred Prosecution Agreement,Department of Justice,Enforcement Actions,FCPA,Panalpina,SEC — tfoxlaw @ 4:07 am
Tags: best practices, compliance programs, Department of Justice, DOJ, FCPA, Foreign Corrupt Practices Act, SEC

In the two most recent corporate Foreign Corrupt Practices Act (FCPA) enforcement actions, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) to communicate not only what they believe constitutes a best practices compliance program but equally importantly what actions a company can engage in which will significantly reduce a company’s overall fine and penalty. These matters involved Parker Drilling Company (Parker Drilling) and the Ralph Lauren Corporation. Parker Drilling received a Deferred Prosecution Agreement (DPA) and Ralph Lauren sustained a Non-Prosecution Agreement (NPA).

Fines and Penalties

Parker Drilling’s conduct earned it an “approximately 20 percent reduction off the bottom of the fine range” which suggested a fine of between $14.7MM to $29.4MM. The final DOJ fine was $11,760,000. The company also agreed to pay disgorgement of $3,050MM plus pre-judgment interest of $1,040,818, to the SEC. Ralph Lauren agreed to pay $882K to the DOJ and $593K in disgorgement and $141K in pre-judgment interest to the SEC.

Self-Disclosure

In the DOJ/SEC FCPA Guidance released last year one of the clear messages was that companies should self-disclose any potential FCPA violations. While this question is debated by the FCPA intelligentsia and in compliance/legal department across the country, one of the key takeaways is that companies should self-disclose. In the section on Declinations, which included stripped out information on six companies which received declinations to prosecute, one of the common factors was that each company self-disclosed its FCPA violation.

In the Ralph Lauren NPA, the DOJ stated that one of the factors which led to the NPA was “the Company’s timely, voluntary, and complete disclosure of the conduct”. This is contrasted with the Parker Drilling DPA, where there was no information listed regarding self-disclosure. In its Press Release announcing the resolution of the Parker Drilling matter, the DOJ stated it “stemmed from the DOJ’s Panalpina-related investigations.”

What Did You Do When You Found Out About It? Prong II – Extensive Cooperation

Both companies provided extensive cooperation to the DOJ and SEC throughout the pendency of their respective investigations. In the Ralph Lauren NPA, the DOJ detailed the company’s conduct by stating that “the Company’s extensive, thorough, and real-time cooperation with the Department, including conducting an internal investigation, voluntarily making employees available for interviews, making voluntary document disclosures, conducting a world-wide risk assessment, and making multiple presentations to the Department on the status and findings of the internal investigation and the risk assessment”. In the Parker Drilling DPA, the DOJ stated that “the Company’s cooperation, including conducting an extensive internal investigation and collecting, analyzing, and organizing voluminous evidence and information for the Department”.

What Did You Do When You Found Out About It? Prong I – Remediation

Implementing one of the prongs of McNulty’s Maxim No. 3, both companies engaged in extensive remediation during the investigations. The Ralph Lauren NPA stated that “the Company’s early and extensive remedial efforts already undertaken – including conducting extensive FCPA training for employees world-wide, enhancing the Company’s existing FCPA policy, implementing an enhanced gift policy as well as other enhanced compliance, control and anti-corruption policies and procedures, enhancing its due diligence protocol for third-party agents, terminating culpable employees and a third-party agent, instituting a whistleblower hotline, and hiring a designated corporate compliance attorney – and to be undertaken, including enhancements to its compliance program as described in Attachment B (Corporate Compliance Program);”.

Parker Drilling also engaged in extensive work to create a gold standard compliance program all the while undergoing its own internal investigation. According to the DPA, “the Company has engaged in extensive remediation, including ending its business relationships with officers, employees, or agents primarily responsible for the corrupt payments, enhancing its due diligence protocol for third-party agents and consultants, increasing training and testing requirements, and instituting heightened review of proposals and other transactional documents for all the Company’s contracts.” Parker Drilling also hired “a fulltime Chief Compliance Officer and Counsel who reports to the Chief Executive Officer and Audit Committee, as well as staff to assist the Chief Compliance Officer and Counsel.” The Company worked to strengthen its internal controls. Lastly, and I hope that you remember this from the Morgan Stanley Declination, Parker Drilling implemented “a compliance-awareness improvement initiative and program that includes issuance of periodic anti-bribery compliance alerts.”

Self-Monitoring and Reporting to the DOJ

In an area that is sometimes overlooked in both DPAs and NPAs, both companies agreed to self-monitor the effectiveness of their compliance programs and make no less than annual reports to the DOJ. In its three-year DPA, Parker Drilling agreed to monitor and “that it will report to the Department periodically, at no less than twelve-month intervals during a three-year term, regarding remediation and implementation of the compliance program and internal controls, policies, and procedures”. In its two year NPA, Ralph Lauren agreed to monitor and “report to the Department periodically, at no less than twelve-month intervals during a two-year term, regarding remediation and implementation of the compliance program and internal controls, policies, and procedures.”

Both the DOJ and SEC continue to communicate to the compliance practitioner what they expect from companies in the way of a best practices compliance program and what a company should do if they discover a potential FCPA violation. These communications, through enforcement actions, DPAs, NPAs and Declinations, are consistent with the information provided by the DOJ/SEC in the FCPA Guidance. Both of these enforcement actions demonstrate that if a company gets ahead of the curve, it can significantly lessen its overall penalty and pain.

© Thomas R. Fox, 2013

Comments (1)

April 24, 2013

Using Bribery and Corruption to Steal Business – A Thyestean Feast?

Filed under: Agents,Deferred Prosecution Agreement,Enforcement Actions,FCPA,Financial Times,Governmental Official — tfoxlaw @ 1:01 am
Tags: FCPA, Foreign Corrupt Practices Act, FT

Not much beats the ancient Greek House of Atreus for dramatic gore: infanticide, patricide, fratricide, filicide, matricide, cannibalism, incest and about every other horror which can befall one family occurs in the various stories of this, the ruling family of Mycenae. One of the most horrific stories involves the brothers Atreus and Thyestes. After Atreus steals the throne from Thyestes, Thyestes seeks his revenge by sleeping with Atreus’ wife Aerope. Atreus then invites Thyestes to a reconciliation banquet where he serves the roasted heads of Atreus’ two sons on platters as the main course. Atreus then puts a curse on Atreus and all his offspring, which lasted throughout Greek antiquity (i.e. longer than the Curse of the Bambino or Curse of the Billy Goat). To this day a Thyestean Feast is synonymous as cannibalistic feast. In other words, at what cost did you really prevail?

I thought about the above myth in the context of the arrest of two articles I wrote about yesterday which appeared in the Weekend Edition of the Financial Times (FT) about the arrest of Frederic Cilins, a French citizen, for seeking to obstruct a federal grand jury investigation about alleged Foreign Corrupt Practices Act (FCPA) violations. The two articles were “Contracts link BSGR to alleged bribes” (mine rights article) and “FBI sting says that ‘agent’ sought to have mining contracts destroyed” (FBI sting article). Both articles were by the same triumvirate of FT reporters, Tom Burgis, Misha Glenny and Cynthia O’Murchu.

To recap, the articles revolved around allegations that “The resources arm of Beny Steinmetz Group agreed to pay $2m to the wife of an African president to help it secure rights to one of the world’s richest untapped mineral deposits, according to documents seen by the Financial Times”. These payments were allegedly memorialized in “Copies of two contracts from 2007 and 2008, apparently signed by BSGR’s representatives in the mineral-rich west African nation of Guinea, set out agreements for the company to make payments and transfer shares to Mamadie Touré, wife of the then president Lansana Conté.”

The FBI sting article also revealed a bit more of the history of the underlying mining rights at issue. The Australian company Rio Tinto “held the rights to the whole of Simandou, a mountain range groaning with iron ore in Guinea’s remote interior, for a decade.” But in August, 2008, the Conté government withdrew the mining group’s concession, “saying it had taken too long to develop a mine.” In December 2008, just days before the dictator’s death, the then Guinean government assigned over half the rights of Simandou to BSGR. The FT also reported that “One African mining veteran described BSGR’s sale as the “best private mining deal of our generation.”” After spending $160m developing its assets in Guinea, 18 months later, in April 2010, BSGR sold a 51% stake of its Guinean venture to Vale of Brazil for $2.5bn.

The FT also reported that after the transfer of mining rights from Rio Tinto to BSGR, another mining entity, “Vale of Brazil, the world’s biggest iron ore miner, bought a 51 per cent in BSR’s Guinea assets in April 2010. Late last year, as a Guinean government committee levelled corruption allegations against BSGR, Vale put the Simandou project on hold. Earlier this month, it suspended payments on the $2.5bn it agreed to pay for its stake.”

Now all of the above are only allegations at this point and BSGR has clearly stated that it believes the allegations have no merit. As the mining rights article noted, “BSGR said in a statement to the FT on Friday: “Allegations of fraud in obtaining our mining rights in Guinea are entirely baseless. We are confident that BSGR’s position in Guinea will be fully vindicated.””

But under such a scenario, what might be the cost to be to a company which engages in such conduct. Fortunately we have somewhat evolved past the blood feuds that the ancients Greeks engaged in were they wronged. We have developed the litigation system to help redress violations of law. In an interesting note, even this was foreshadowed in the Greek myths where the final play about the House of Atreus involved a trial rather than blood revenge.

In the above scenario, what might be some of the legal rights of the parties listed? In an article entitled “Use of the FCPA in State-Law Unfair Competition Cases”, Edward Little, Jr. explored the question of whether the FCPA can serve as the basis as a predicate act for civil liability under state unfair competition laws. He makes a powerful case that such lawsuits may be the next frontier for FCPA cases.

Little next noted that the violation of the FCPA may provide a basis for civil liability under federal or state anti-trust laws, “especially when it is proved that the foreign bribery had an anti-competitive effect within the United States.” Little pointed to the example of two Phillip Morris subsidiaries that bribed officials in several South American countries “to obtain price controls on tobacco.” There was also a recent FCPA/anti-trust enforcement action against Bridgestone which may provide such a trigger.

Little turned to state unfair competition laws which, if based on the Revised Uniform Deceptive Trade Practices Act, can “provide severe penalties for violations of federal and state laws when committed in trade or commerce.” These penalties can include treble damages and attorneys’ fees. He pointed to a currently pending litigation matter styled “Newmarket Corp. v. Innospec, Inc. Civil Action No. 10-503-HEH (E.D Va.)” in which Newmarket has brought claims under the Sherman Act, the Robinson-Patman Act and the state of Virginia Business Conspiracy Act. This state law makes illegal “combinations of two or more persons for the purpose of willfully and maliciously injuring another in his…business…”

Most states have some type of law which broadly declares that “unfair methods of competition are…unlawful.” If a company admits to guilt under the FCPA the facts of liability are laid out in a Deferred Prosecution Agreement (DPA). There is some discussion of the amount of bribes paid, usually referencing both the monetary value of the contract or other business obtained through the conduct, which laid the predicate for the FCPA violation. Lastly, there is often a specific amount of money identified as profit disgorgement that is remitted to the government. Doesn’t this sound something like “Did the defendant engage in illegal conduct which impacted the plaintiff?” and “If so, what are the plaintiff’s damages?”

As a recovering trial lawyer, I was proud to engage in a profession which can trace its roots back to ancient Greece. As a lawyer, who specializes in the FCPA, I wonder if a company which uses corruption and bribery to steal or even procure a contract or business might find that the cost of obtaining such business is too high if they are forced to defend themselves in a civil trial and pay out the amount of damages that their conduct caused. Indeed, might it even be the modern day equivalent to a Thyestean Feast?

© Thomas R. Fox, 2013

Leave a Comment

April 18, 2013

What’s the Message from BizJet? Self-Disclose and Cooperate

Filed under: Deferred Prosecution Agreement,Department of Justice,Enforcement Actions,FCPA,FCPA Professor,FCPABlog,Federal Sentencing Guidelines,US Sentencing Guidelines — tfoxlaw @ 9:13 am
Tags: BizJet, Department of Justice, DOJ, FCPA, FCPA Blog, FCPA Professor, Foreign Corrupt Practices Act

Over the past week there has been a plethora of Foreign Corrupt Practices Act (FCPA) enforcement actions released. One group was the four enforcement actions involving individuals concerning BizJet. While I cannot say that the enforcement actions against the individuals were stunning, perhaps what was surprising were the penalties that two of the individual received. The lineup of those three BizJet executives and one employee involved in these enforcement actions is as follows:

Bernd Kowalewski – President and Chief Executive Officer (CEO);
Peter DuBois – Vice President of Sales and Marketing;
Neal Uhl – Vice President of Finance; and
Jald Jensen – Regional Sales Manager

Defendants DuBois and Uhl pled guilty in January, 2012 and had their pleas unsealed on April 5, 2013. Defendants Kowalewski and Jensen were charged by Criminal Indictment, also in January, 2012 but are still at large today. The Department of Justice (DOJ) Press Release states that “The two remaining defendants are believed to remain abroad.”

BizJet Bribery Box Score

From the previously released Bizjet Deferred Prosecution Agreement (DPA) and the recently released documents, I have updated the “BizJet Bribery Box Score”.

BizJet Executive or Employee Named	Payment Made To	Amount of Payment	Others Involved
Jald Jensen	Official 6	Cell Phone and $10K	Peter DuBois and Neal Uhl
Jald Jensen	Official 3	$2K	Peter DuBois
Peter DuBois, Neal Uhl and Jald Jensen	Official 2	$20K
Neal Uhl	Official 2	$30K	Jald Jensen
Peter DuBois	Mexican Federal Police Chief	$10K	Neal Uhl and Jald Jensen
Neal Uhl	Official 5	$18K	Jald Jensen
Jald Jensen	Official 4	$50K
Jald Jensen	Mexican Federal Police	$176	Neal Uhl
Jald Jensen	Official 4	$40K
Jald Jensen	Mexican Federal Police	$210K	Neal Uhl
Jald Jensen	Official 5	$6K	Neal Uhl
Neal Uhl	Official 5	$22K

The above bribes were characterized as “commission payments” and “referral fees” on the company’s books and records. Payments were made from both international and company bank accounts here in the United States. In other words, this was as clear a case of a pattern and practice of bribery, authorized by the highest levels of the company, paid through US banks and attempts to hide all of the above by mis-characterizing them in the company’s books and records.

Penalty Box Score

As bad as the conduct of the BizJet executives and sales manager was – and it was very bad – the thing that stood out in the enforcement actions announced last week was the sentences. So without further ado here is the “Penalty Box Score” for defendants DuBois and Uhl.

Individual	Fine or Disgorgement	Potential Incarceration	Actual Incarceration
Peter DuBois	$159,950	108 to 120 months in jail	8 months home incarceration, 60 month’s probation
Neal Uhl	$10,000	60 months in jail	60 month’s probation

The clear import of the BizJet DPA was that a company can make a comeback in the face of very bad facts. In the BizJet DPA, the calculation of the fine, based upon the factors set out in the US Sentencing Guidelines, ranged between a low of $17.1MM to a high of $34.2MM. The final agreed upon monetary penalty was $11.8MM. This was a significant reduction from the suggested low or high end, or as was noted by the FCPA Blog “BizJet’s reduction was 30% off the bottom of the fine range, and a whopping 65% off the top of the fine range.” Finally, BizJet was able to avoid having an external monitor put in place.

Cooperation is the Key

What led to these sentence reductions? Quite simply the answer is full cooperation with the DOJ. The FCPA Professor stated, in a post entitled “Unsealed Documents In Enforcement Acton Against Former BizJet Executives Reveal A Trove Of Information”, that “As part of his plea agreement, DuBois worked in an undercover capacity for the government. The motion specifically states as follows. “As part of his work in an undercover capacity, Mr. DuBois has recorded conversations with former BizJet executives and other subjects of the government’s ongoing investigation.” Later, the motion to seal states that “public identification of Mr. DuBois as a defendant who likely is cooperating with the government may jeopardize the undercover aspect of the government’s investigation.”

In addition to his work as an undercover operative, the Professor quoted from the DOJ Sentencing Memorandum that “assisted in the investigation from the outset and cooperated fully with the government throughout its investigation. DuBois submitted to multiple interviews by the government and has assisted in every way that the government has asked. DuBois told the truth to the government from the outset and continued to do so up until this very day. DuBois’ cooperation not only assisted the government in connection with its investigation into BizJet, but also led to the investigation of another maintenance, repair, and overhaul company engaged in a similar scheme to pay bribes to government officials overseas.”

With regarding to UHL, the Professor quoted from the DOJ Motion for a Downward Departure as follows, “Uhl “agreed to a voluntary proffer session and, when confronted by the government, admitted to the illegal conduct. Throughout the course of the investigation, Uhl was cooperative and provided truthful information that substantially assisted the government in confronting other co-conspirators and witnesses. Uhl offered to assist in any way that he could.”

In another post, entitled “Where Was the BizJet Board?”, the FCPA Professor noted that the conduct engaged in by BizJet was “egregious” and I would certainly second that, perhaps adding that it was about as bad as it could get in the FCPA world. He goes on to state that “Yet, BizJet was allowed to resolve the enforcement action via a deferred prosecution agreement, meaning that should it abide by the terms and conditions of the agreement, BizJet will never be required to plead guilty to anything.” He went on to pose the question, “If that is the DOJ position, then it must be asked – does corporate criminal liability actually mean anything if a company like BizJet – given the DOJ’s allegations – is not actually criminally prosecuted or required to plead guilty?” He ended his post with the following, “In short, the resolution vehicles the DOJ has created and championed has again lead to a “facade of enforcement” – albeit an instance on the opposite end of the spectrum that I normally highlight.”

I think that there is another way to look at the BizJet enforcement action and the individual enforcement actions against DuBois and Uhl. BizJet self-disclosed to the DOJ, engaged in what the DOJ termed “extraordinary cooperation” and remediated the people and conduct in question. Further, DuBois and Uhl not only offered themselves up but actively worked with and assisted the DOJ in its investigation going forward. If one of the goals of the DOJ is to achieve greater compliance with the FCPA, I think that the BizJet cases is a clear demonstration that if a company has FCPA violations they can self-disclose and be given credit for working very diligently in conjunction with the DOJ to remedy the conduct at issue and move the investigation forward.

I believe the same is true for individuals who have engaged in FCPA violations. If a person provides the same level of cooperation as DuBois and Uhl and the DOJ then prosecutes them to the full extent of the US Sentencing Guidelines, how much cooperation do you think the DOJ will engender going forward once the word gets out in the white collar defense bar?

© Thomas R. Fox, 2013

Leave a Comment

April 9, 2013

Why Eat Your Words When You Can Eat a Peach?

Filed under: Deferred Prosecution Agreement,Department of Justice,FCPA,FCPA Professor,Financial Times — tfoxlaw @ 1:01 am
Tags: Department of Justice, DPA, FCPA Professor, Standard Chartered

Taken to the woodshed or when should a company have to eat its own words? Remember when President Reagan’s Director of the Office of Management and Budget, David Stockman, was ‘taken to the woodshed’ by White House Chief of Staff James Baker after public comments that Stockman made for an Atlantic Monthly article that questioned the monetary policy which underpinned the entire Reagan Revolution? Stockman was most contrite thereafter.

We had a recent example of this in the context of US federal enforcement actions in the Standard Chartered (StanChart) matter. For those who might not remember, our friends at StanChart agreed to pay approximately $667MM in fines to several US regulators for the bank’s conduct around its breach of US sanctions on Iran. The bank agreed to voluntarily enter into a Deferred Prosecution Agreement (DPA) and as part of that DPA it agreed not to publicly contest the agreement or generally make any public statements contradicting the acceptance of responsibility. There are usually similar clauses in Foreign Corrupt Practices Act (FCPA) DPAs as well.

In an article in the Financial Times (FT), entitled “StanChart trio are called before US regulators”, by Kara Scannell, Patrick Jenkins and Lina Saigol, they reported that Sir John Peace, StanChart chairman said at a March 5 Press Conference that the Bank had engaged in “no wilful act to avoid sanctions; you know, mistakes are made – clerical errors” related to its myriad of conduct in doing business with Iran, in violation of US trade sanctions. This language directly contradicted the terms of the StanChart’s various settlement agreements with US regulators. On March 21, he was required to eat those words when he “said those comments were “both legally and factually incorrect”” and retracted them. “Standard Chartered Bank unequivocally acknowledges and accepts responsibility . . . for past knowing and wilful criminal conduct in violating US economic sanctions laws and regulations”.

According to the article this retraction was the result of a meeting he, Chief Executive Peter Sands and Finance Director Richard Meddings were called to with the Department of Justice (DOJ) and New York district attorney Cy Vance, “Standard Chartered was required to retract the statement or be subject to prosecution,” the DOJ said. The article also reported that “US officials at the meeting emphasised the importance of the terms of a settlement over sanction violations, including the bank’s ongoing co-operation. DoJ officials were concerned because the comments came from the top of the bank and had pushed for a public retraction and email to the entire staff. Sir John told them it was a humiliating day for him personally and for the bank, the person said.” This is the ‘going to the woodshed part’.

But what about these clauses prohibiting such contradictions? The FCPA Professor lets you know where he stands on the issue with his post on StanChart, entitled “The “Muzzle” Clause”, where he poses the question, “Is this an effective system of justice?” when the following exists:

First, the DOJ can use its leverage and its ability to bring criminal charges against a company. Second, the DOJ will can then use an NPA or DPA to insulate its version of the facts and enforcement theories from judicial scrutiny which the risk averse company will more often that not accept. Third, in the resolution agreement, the DOJ can include a “muzzle” clause prohibiting anyone associated with the company from making any statement inconsistent with the DOJ’s version of the facts or its enforcement theories. Fourth, if the DOJ believes, in its sole discretion, that a public statement has been made contradicting its version of the facts or its enforcement theories, the DOJ can “pounce” and threaten to bring criminal charges.

As to the first point, I think that the DOJ would respond that it brings enforcement actions that are appropriate under the facts and circumstances of the case. But as to the second point, I believe that DPAs and Non-Prosecution Agreements (NPAs) are equally preferred, if not more so by companies. The reason is that they bring closure with certainty, which is what company’s desire in any legal proceeding. If there are company’s which want to go to trial and test the Arthur Anderson result, they should go ahead and do so but I certainly do not want to be the first General Counsel (GC) or Chief Compliance Officer (CCO) who makes the wrong call and have my company go poof because I turned down an offer to settle.

As to point three, I am somewhat more concerned with this issue in the context of the First Amendment. Here the Professor cites to Professor Ellen Podgor who asked “whether the government can include such clauses in resolution agreements without infringing on First Amendment rights.” Clearly if a person or company is convicted of a crime they have the right to contest that finding, vocally or otherwise. However, in the DPA context, a company has admitted to conduct and findings so perhaps there is a difference than a person convicted at trial who wants to scream from the highest mountaintop “I didn’t do it”.

On point four, I have to disagree with the Professor. In another FT article, entitled “StanChart chairman forced to eat his words over Iran”, the reports quoted Simon Maughan, an analyst at Olivetree Securities, who with perhaps less delicacy and also with greater English irony, said “StanChart had tried to play hardball with the US regulators and lost.”

I have worked in a company under a DPA for its FCPA violations. I did not find it hard to not contradict the facts and findings in the DPA. In fact, the company used those facts and findings to make itself into a stronger and more financially viable entity. It seems to me, if one cannot even accept the fact that it was your company which engaged in legal violations and not simply some ‘clerical errors’ which caused your company to pay $667MM in fines, you really have not learned very much. Perhaps that is what the DOJ really wants companies to understand.

Eat A Peach is the final studio Allman Brothers album on which both Duane and Greg Allman played before the untimely death of Duane.

© Thomas R. Fox, 2013

Comments (2)

April 4, 2013

Three Compliance Interviews on April 3

Filed under: Best Practices,compliance programs,Declination,Deferred Prosecution Agreement,Department of Justice,FCPA,FCPA Guidance,Risk Assessment,Wall Street Journal — tfoxlaw @ 5:57 am
Tags: compliance programs, Department of Justice, DOJ, FCPA, Wall Street Journal

I attended the Dow Jones Global Compliance Symposium over the past couple of days. It was a great conference and kudos to the entire Dow Jones team for putting on a truly memorable event. Day 2 had some interesting speakers and I thought that I might highlight some of the note-worthy things that they said. I should initially note that they did not present prepared remarks but were interviewed by Wall Street Journal (WSJ) reporters. Frustratingly, all three were very good at not answering some of the more pointed questions they were posed but they did have some thought-provoking answers to some of the questions posed to them.

Jeff Benjamin

Benjamin was retired and living in Cape Cod, when he was lured out of retirement to take over as the Senior Vice President (SVP) and General Counsel (GC) for Avon Products, Inc., in September of last year. He used this late entry into the company as a way not to answer questions about the ongoing investigation or the company’s amount of legal and investigative fees incurred to-date. He did answer a question generally around the company using two law firms which I found fascinating. He said that more law firms do not necessarily mean more lawyers working on an assignment or project. He said that by using two law firms, he can use “the best people in the best roles” rather than simply the best people. For all you Chief Compliance Officers (CCO’s) or GC’s out there you might want to think about that concept.

I was a bit frustrated that he was cut off when answering the question of his thoughts on what differentiated an elite compliance program from merely a functional one. The first point was that the compliance program seeks continual improvement. The second is that each of a company’s employees takes personal responsibility for establishing and retaining a culture of compliance and ethics in a company. I wish he had been able to give us the final two but he got side-tracked on another point.

I asked Benjamin the role that compliance plays in reconstituting employee morale after a catastrophic compliance failure that (apparently) occurred at Avon. Benjamin initially noted that he believes that the compliance function has a large role to play in rebuilding employee morale. He said a key for Avon was to look at the compliance failures and to use those as teaching moments for the work force. He coupled this with a very intensive construction of the compliance architecture for the company, communicated thoroughly to all employees. He ended with some out of the box thinking like bringing in Cynthia Cooper, the employee who blew the whistle at WorldCom, to speak to company employees on the need to ‘Speak Up and Speak Out’.

Gerson Zweifach

Zweifach is the General Counsel and Chief Compliance Officer for News Corp. He is former federal prosecutor and holds himself very much with that bearing and demeanor. He was asked about his dual roles as GC and CCO and he said that given where the company is, in the middle of a multi-jurisdiction, multi-law investigation, he believed that combining both roles was appropriate, at least for the next couple of years. He also noted that he was told by the News Corp’s Chief Executive Officer (CEO) that “I don’t want this to happen again” and he took that as another reason that the roles should be combined, at least for the foreseeable future.

Zweifach said the biggest change that he had to effect on the company was to elevate problems to the corporate headquarters, if they involved “the core integrity” of the company. News Corp is a very decentralized business with assets all over the world. Prior to their current legal imbroglio, they did not handle such problems in the US but Zweifach has learned that this must be done to help ensure that the company gets a full picture of the facts as soon as possible. Further, any core integrity issue can become global very quickly so there needs to be central management of this issue as soon as possible.

As a former prosecutor and white collar defense lawyer, he was not too familiar with the concept of risk assessments as a corporate tool, so he had a fair amount to learn on the subject. But he learned something very interesting and that was simply because a business is located in a high-risk country it may not be high risk. Conversely, simply because a business is in a perceived low risk country, such as the UK, the business may be high risk. I found this to be a very interesting insight and something that Foreign Corrupt Practices Act (FCPA) compliance practitioners could consider when doing their overall risk assessments.

Alberto Gonzales

Gonzales is the former Attorney General of the United States and is currently Of Counsel to the law firm of Waller Lansden Dortch & Davis LLP. Gonzales spoke about the FCPA and potential change of the law. Initially he noted that reform of the FCPA in Congress is dead, although he tried to blame it on the Democratic administration, forgetting perhaps that the greatest increase in FCPA enforcement occurred while he was Attorney General (oops!). But he did say that perhaps there could be some different interpretations by regulators, such as the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). Leaving aside the subtle distinction that the DOJ are prosecutors and not regulators (oops again!) he said that he believed business groups were right to continue to clamor for additional FCPA guidance, as he clearly demeaned the November-released FCPA Guidance as “so-called guidance”.

He also said that greater transparency would be of assistance to the compliance practitioner and here he talked about further information on declinations. He said that he believed the DOJ could strip out the indemnity markers but the key information would be for the DOJ to itemize the information which went into their decision making calculus as to why a declination was granted as opposed to an enforcement action. This is certainly something that I do agree with Gonzales on.

The Dow Jones Global Compliance Symposium continues to be one of the premier compliance events annually. If you did not attend this year and can do so next year, I urge you to try and get yourself up to DC for the conference.

© Thomas R. Fox, 2013

Comments (1)

January 23, 2013

The FCPA Guidance on the Ten Hallmarks of an Effective Compliance Program

Many commentators are still mining the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) publication, A Resource Guide to the U.S. Foreign Corrupt Practices Act, (the “Guidance”), which was released last November. I continue to find nuggets to provide to the compliance practitioner, as do others. But as we are a Base 10 culture, today I want discuss the 10 points listed as the ‘Hallmarks of Effective Compliance Programs”. They are a change in style, but not content, from the prior 13 point minimum best practices that the DOJ has in the Deferred Prosecution Agreements (DPAs) since at least November, 2010 and, indeed, from prior information made available by the DOJ.

I. Where Have We Been

Beginning with at least the Metcalfe & Eddy Consent and Undertaking, filed in December, 1999, the DOJ has laid out its thoughts on what should go into a Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program. In the Metcalfe & Eddy Consent and Undertaking, the DOJ laid out ten points of an effective FCPA anti-corruption compliance program. This was modified somewhat in Opinion Release 04-02, which laid out a best practices compliance program in 12 points, where the DOJ reviewed the proposal by an investment group who were acquiring certain companies and assets from ABB Ltd. ABB Vetco Gray Inc. and ABB Vetco Gray (UK) Ltd., two of the entities being acquired, had previously pled guilty to FCPA violations. The investment group desired to protect itself from further liability, to the extent possible, by proposing to the DOJ a comprehensive best practices compliance program. While the DOJ noted that this compliance program was not a shield against future violations, the DOJ would not “intend to take an enforcement action [against the investors] for violations of the FCPA prior to their acquisition from ABB.”

In the Panalpina DPA, issued in November, 2010, the DOJ laid out a 13 point minimum best practices compliance program. This number was changed this past summer when the Data Systems & Solutions LLC (DS&S) DPA was announced. In this enforcement action the DOJ listed 15 points on its minimum best practices FCPA anti-corruption compliance program. Then later in the summer, the DOJ moved to a 9 point compliance program in the Pfizer DPA. Even with all these changes in the number, the substance of each compliance program has remained the same.

II. Where Are We Now? Hallmarks of Effective Compliance Programs

The Guidance cautions that there is no “one-size-fits-all” compliance program. It recognizes that depending on a variety of factors such as size, type of business, industry and risk profile that a company should determine what is appropriate for its own needs regarding a FCPA compliance program. But the Guidance makes clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states that “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. The Guidance makes clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model. Some of the risks a company should assess include “the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.”
Oversight, Autonomy, and Resources. This section starts with a discussion on whether a company has assigned a senior level executive to oversee and implement a company’s compliance program. Not only must a company assign such a person with appropriate authority but that person, and the overall compliance function, must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Additionally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
Risk Assessment. The Guidance states that “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.” The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.”
Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
Incentives and Disciplinary Measures. This involves both the carrot and the stick. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.” These incentives can take the form of a part of senior management’s bonuses or simply recognition on the shop floor.
Third-Party Due Diligence and Payments. Here the Guidance focuses on the ongoing problem area of third parties. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
Mergers and Acquisitions. Pre-Acquisition Due Diligence and Post-Acquisition Integration. Here the DOJ and SEC spell out what it expects in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information is not something that most companies had previously focused on. Basically, a company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

As I commented earlier in this article, the DOJ and SEC have communicated what they believe are the important parts of a risk based, anti-corruption compliance program for many years. I do not think that a compliance defense could be set out any more succinctly. However, I do like things set out in Base 10 and the “Hallmarks of Effective Compliance Programs” is an excellent compilation of where we are and what you need in place to go forward. I recommend this as a good a starting point for any compliance practitioner to implement a new compliance program or to evaluate the state of an ongoing compliance regime so assess your company’s risks and use these hallmarks as a basis to move forward.

Leave a Comment

October 31, 2012

From Trick or Treat through Thanksgiving: Examining the Past to Prepare for the Future

Filed under: Best Practices,compliance programs,Deferred Prosecution Agreement,FCPA,Gifts and Business Entertainment,Mary Jones,Record Keeping,Travel and Entertainment — tfoxlaw @ 12:00 pm
Tags: best practices, compliance programs, Department of Justice, ethics and compliance, FCPA, Mary Shaddock Jones

Ed. Note- For those of you who do not know her, Mary Shaddock Jones is one of the compliance professions I regularly rely on for advice. I continually ask her to send over some guest posts as they are always topical, top notch and provide practical advice for the compliance practitioner. I will be out of pocket over the next two weeks and Mary has agreed to take over the lion’s share of posts for my blog. Today she begins her series with a topical post on chocolates and the pre-holiday season from Halloween to Thanksgiving. I know you will not only enjoy her series but get quite a bit out of them.

This summer, the Securities and Exchange commission charged Texas-based medical device company Orthofix International with violating the Foreign Corrupt Practices Act (“FCPA”) through improper payments of bribes (code named “chocolate”) to officials at Mexico’s government-owned health care and social services institution, Instituto Mexicana del Seguro Social (“ IMSS”), in order to obtain or retain business. Sure, for those of you who regularly read Tom Fox’s blog, this is old news. However, since he is off and today is Halloween, I thought I would start a series for the next two weeks re-examining some of the more recent, and perhaps not so recent cases with a fresh set of eyes.

The practical pointer for today’s blog is straightforward – it is imperative that companies which have FCPA exposure audit both their petty cash accounts, and all expenses coded to training and promotion. This is apparently where the improper expenditures were “hidden” by employees of Orthofix. In my experience, companies need to be closely reviewing what little case law or factual allegations exist with regard to the FCPA so that they too know where to find any potential problems that may exist within their own company. There are only so many ways to hide the dollar. If you find yourself sitting in front of the DOJ and/or SEC in the future on allegations related to a violation of the FCPA…you will not gain any “chocolate points” if you haven’t implemented a robust compliance program. But as FCPA practitioners have said over and over again – simply having a Code of Business Conduct, an Anti-Corruption Policy Manual and even person to person training is not enough. You have to be proactive in trying to find what others don’t want to be found. That is why the Orthofix employees didn’t book the improper payments as “bribes”. They aren’t stupid. They know this is one red flag that will stop the energizer bunny in its tracks. So instead, they disguise the improper payments in a way that they think is clever.

According to the SEC, in order to obtain cash for the bribes, the Promeca executives wrote checks to themselves, which they justified as “cash advances”. A smart person in the accounting department would ask – what was the cash advance for? What was bought? Are their valid receipts which state what was bought, when was it bought, who was taken to dinner or lunch, what was discussed, etc? In order to continue the deception, the executives submitted false receipts for imaginary expenses including meals and new car tires. Practical Pointer: It may be a boring and tedious task, and one which hopefully never uncovers questionable payments – but companies must have someone in charge of reviewing expense reports – for everyone – from the top dog on down to the dog walker. Do you have a process in place for reviewing expense accounts? If not, put one in place.

Unfortunately for Orthofix, the improper payments became too large to hide in expense reports; therefore, a new hiding place had to be located. The next best thing to expense reports is training and promotional expenses. Remember that the FCPA includes three affirmative defenses under its anti-bribery provisions – the first of which is “reasonable and bona fide expenditures related to certain promotional activities”. If the FCPA allows the payment for “promotional expenses”, what better place to hide improper payments than in plain sight? Just because someone calls an expense a promotional expense, does not mean that the Company does not have to trust, but verify.

Specifically, the FCPA permits payments if the payment to a foreign official was a “reasonable and bona fide expenditure, such as travel or accommodation expense, that was directly related to the demonstration of a product or service, or performance of a contract with a governmental agency.” Unfortunately, I was unable to determine from the public filings how the training or promotional payments were characterized so as to allow them to remain undetected by the accounting department at Orthofix until hundreds of thousands of dollars in improper payments had been made. However, the practical pointer for you is this – do you have a process in place which places controls over when expenditures can be made for travel and lodging/training and/or promotional/marketing expenses?

Consider the following policy language:

The FCPA permits the payment of reasonable and bona fide expenditures on behalf of a Government Official and directly related to (1) the promotion, demonstration, or explanation of products or services; or (2) the execution or performance of a contract with a non-U.S. government or agency thereof.

Travel and Lodging: No travel or lodging may be offered or given to a Government Official without the prior written consent of the Company Compliance Officer or his or her designee and must meet the following guidelines: (1) it serves a legitimate Company business purpose; (2) invitations to a Government Official are transparent, in writing, and clearly state the business purpose of the trip; (3) no payment is made directly to a Government Official either through an advance or reimbursement for expenses (the Company should directly purchase travel or lodging from those who provide them, utilizing a travel agent or other third party if possible); (4) providing “per diem” fees or expenses is avoided, particularly where meals are already being provided; (5) no cash payments to a Government Official are made whatsoever; (6) travel and lodging expenses are only provided for the identified Government Official and not for spouses, family, or friends of the Government Official; (7) travel arrangements are directly between the place of residence or employment of the Government Official and the intended destination of the business travel, with no non-business side trips; (8) no reimbursements are paid without presentation of appropriate receipts; (9) providing the travel or lodging is permitted under local law and regulations and guidelines of the recipient’s governmental entity (note that some customers have strict policies against receiving gifts); and (10) other than the travel or lodging identified above, the Government Official is not compensated for his or her participation in the planned trip.

Guidelines for Entertainment: Unless prior written approval from the Company Compliance Officer or his or her designee is obtained, entertainment provided to a Government Official must meet the following guidelines: (1) it serves a legitimate Company business purpose; (2) providing the entertainment is permitted under local law and regulations and guidelines of the recipient’s governmental entity (note that some customers have strict policies against receiving gifts); (3) it is of the type and value that is reasonable (not lavish, excessive, or frequent); (4) it is in line with the local customs of the country where provided; (5) it is of a type that is appropriate (e.g. no strip clubs); and (6) it is accurately recorded in the Company’s books and records.

Guidelines for Marketing Expenses: Unless prior written approval from the Company Compliance Officer or his or her designee is obtained, marketing materials (such as pens, caps, or mugs) provided to a Government Official must meet the following guidelines: (1) they serve a legitimate Company business purpose; (2) they are of nominal value; (3) they are of the type and value that are customary and appropriate for the occasion;(4) they are branded with the Company’s name and/or logo; (5) they are permitted under local law and regulations and guidelines of the recipient’s governmental entity (note that some customers have strict policies against receiving gifts); and (6) they are fully and accurately recorded in the Company’s books and records.

Remember, it is not enough to simply have a policy in place; you must also conduct trainings (have the training in both English and the predominant local language of your employees) and audits to ensure compliance.

No more chocolates for today… tomorrow is All Saints Day. Stay tuned to see who didn’t perhaps make the list of saints.

—————————————————————————————————————————-

Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries. She was of the first individuals in the United States to earn TRACE Anti-bribery Specialist Accreditation (TASA). She can be reached at msjones@msjllc.com or 337-513-0335. Her associate, Miller M. Flynt, assisted in the preparation of this series. He can be reached at mmflynt@msjllc.com.

—————————————————————————————————————————–

Leave a Comment

October 2, 2012

Tyco NPA and Chris Economaki – Details from the Pits

“This is Chris Economaki in the pits.”

That was the signature line of race car announcer Chris Economaki, who died last week at the age of 91. For a generation of us who grew up watching ABC’s Wide World of Sports, Chris Economaki was the voice of the Indy 500, the Dayton 500, the Summer and Winter Nationals of the National Hot Rod Association (NHRA) and a host of other auto races. In addition to having one of the most unique names this Southerner had ever heard of, Economaki had a staccato vocal delivery that, as noted in his obituary in the New York Times (NYT) by writer Douglas Martin, “reminded some of a rumbling racing engine.”

The Bribery Schemes

I thought about Chris Economaki and the detail he brought as a track-side commentator to a generation of Wide World of Sports’ aficionados when considering the various documents released last week in connection with the Tyco International Ltd (Tyco) Foreign Corrupt Practices Act (FCPA) enforcement action. For the most comprehensive summary of the Department of Justice’s (DOJ) criminal enforcement action and the Securities and Exchange Commission’s (SEC) civil action, I recommend either of the FCPA Professor’s excellent posts on Tyco. In addition to the points raised by the Professor I believe that there are significant lessons learned for the FCPA compliance practitioner. With a tip of our collective caps to the baseball pennant races which are down to the final few days, I present the Tyco Bribery Box Score.

Tyco Subsidiary	Bribe Amount Paid	Profits Earned by Conduct
M/A Com	Not reported	$71,770
TTC Huzhou and TTC Shanghai	$196,267	$3,470,180
TWW Germany and Erhard	$2,371,094	$4,684,966
TFC HK and Keystone	$137,000	$378,088
TFCT Shanghai	$24,000	$59,412
ET Thailand	$292,268	$879,258
TFIS France	$363,839	$1,256,389
THC China	$250,000	$353,800
TVC ME	$488,479	$1,153,500
ADT Thailand	$78,000	$473,262
Tatra	$96,000	$226,863
Eurapipe	$358,000	$1,298,453
THC Saudi Arabia	Not reported	$1,900,600
Dulmison	$68,426	$109,249

I set out the full Box Score of bribes paid by Tyco in this detail to emphasize how bad the conduct of the company is and this is in the VERY BAD CONDUCT realm, coupled with the facts that (a) Tyco is now a two-time loser under the FCPA and (b) most of the illegal conduct occurred after Tyco agreed to an initial FCPA based Deferred Prosecution Agreement (DPA) in 2006 for prior FCPA sins. Yet even with all of this Tyco was able to obtain a Non Prosecution Agreement (NPA). Such a result is fairly stunning if you think about it in a superficial basis. However, if you consider what Paul McNulty continually says, and which I continually write about, the most important question will be What did you do when you found out about it?

As noted in the letter from the DOJ to counsel for Tyco, the DOJ entered into the NPA with Tyco based upon the following factors: (1) timely and voluntary self-disclosure; (2) a full and complete global investigation by Tyco; (3) extensive remediation including implementation of an enhanced compliance program, termination of employees responsible for the conduct at issue, severing contracts with third party agents who were parties to the frauds, closing subsidiaries involved in the illegal conduct; and (4) provide annual written reports to the DOJ on progress of the company’s enhanced compliance program.

Corporate Compliance Program

Tyco agreed to a robust corporate compliance program that either currently exists or will be implemented in the future. This Corporate Compliance Program is somewhat different than most of the 13 minimum best practices compliance regimes reported in DPAs and NPAs since the Panalpina DPA of November, 2010. Tyco agreed to a point compliance regime, which consists of the following.

1. High level commitment. The Company will ensure that its senior management provides strong, explicit, and visible support and commitment to its corporate policy against violations of the anti-corruption laws and its compliance code.

2. Policies and Procedures. Tyco will promulgate compliance standards and procedures designed to reduce the prospect of violations of the anti-corruption laws and the Company’s compliance code, and the Company should take appropriate measures to encourage and support the observance of ethics and compliance standards and procedures against foreign bribery by personnel at all levels of the company. These anti-corruption standards and procedures shall apply to all directors, officers, and employees and, where necessary and appropriate, outside parties acting on behalf of the Company in a foreign jurisdiction, including but not limited to, agents and intermediaries, consultants, representatives, distributors, teaming partners, contractors and suppliers, consortia, and joint venture partners (collectively, “agents and business partners”), to the extent that agents and business partners may be employed under the Company’s corporate policy. The Company shall notify all employees that compliance with the standards and procedures is the duty of individuals at all levels of the company. Such standards and procedures shall include policies governing:

gifts;
hospitality, entertainment, and expenses;
customer travel;
political contributions;
charitable donations and sponsorships;
facilitation payments; and
solicitation and extortion.

3. Internal Controls. Tyco will ensure that it has a system of financial and accounting procedures, including a system of internal controls, reasonably designed to ensure the maintenance of fair and accurate books, records, and accounts to ensure that they cannot be used for the purpose of foreign bribery or concealing such bribery. This system should be designed to provide reasonable assurance that:

Transactions are executed in accordance with management’s general or specific authorization;
Transactions are recorded to permit preparation of financial statements in accordance with GAAP;
Access to assets is permitted only in accordance with management’s general or specific authorization; and
Recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken if discrepancies are found.

4. Periodic Risk-Based Reviews. Tyco agreed to develop these compliance standards and procedures, on the basis of a risk assessment addressing the individual circumstances of Tyco, in particular the foreign bribery risks it faces including, its geographical organization, interactions with various types and levels of government officials, industrial sectors of operation, involvement in joint venture arrangements, importance of licenses and permits in the company’s operations, degree of governmental oversight and inspection, and volume and importance of goods and personnel clearing through customs and immigration.

5. Proper Oversight and Independence. Tyco will (or once again has) assign responsibility to one or more senior corporate executives of the Company for the implementation and oversight of the Company’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to the Tyco’s independent monitoring bodies, including internal audit, the Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.

6. Training and Guidance.

Training. Tyco will implement mechanisms designed to ensure that its anti-corruption policies, standards, and procedures are communicated effectively to all directors, officers, employees, and where appropriate, agents and business partners. These mechanisms shall include periodic training for all directors and officers, and, all employees in positions of leadership or trust or positions which might otherwise pose a risk of corruption to the company. The training shall also be provided to agents and business partners. Lastly there shall be biannual certifications by all such directors and officers, and, where necessary and appropriate, employees, agents, and business partners, certifying compliance with the training requirements.
Guidance. Tyco is required to maintain an effective system for providing guidance and advice to directors, officers, employees, and, where necessary and appropriate, agents and business partners, on complying with Tyco’s anti-corruption compliance policies, standards, and procedures, including when they need advice on an urgent basis or in any foreign jurisdiction in which Tyco operates.

7. Internal Reporting and Investigation. Tyco will provide an effective system for internal and where possible, confidential reporting by, and protection of, directors, officers, employees, and, where necessary and appropriate, agents and business partners, concerning violations of the Company’s compliance program. Tyco also agreed to dedicate sufficient resources to respond to such requests and undertaking necessary and appropriate action in response to such reports.

8. Enforcement and Discipline. Tyco will institute appropriate disciplinary procedures to address, violations of the anti-corruption laws and the Company’s anti-corruption compliance code, policies, and procedures by the Company’s directors, officers, and employees. This shall include disciplining of those within the company no matter how the position of the person or their perceived authority. In addition to discipline, Tyco agrees to add appropriate mechanisms to incentivize compliant behavior.

9. Third Party Relationships. Tyco agreed to institute appropriate due diligence and compliance requirements pertaining to the retention and oversight of all agents and business partners, including: (a) properly documented risk-based due diligence pertaining to the hiring and appropriate and regular oversight of agents and business partners; (b) informing agents and business partners of the Company’s commitment to abiding by laws on the prohibitions against foreign bribery, and of the Company’s ethics and compliance standards and procedures and other measures for preventing and detecting such bribery; (c) seeking a reciprocal commitment from agents and business partners and (d) including appropriate compliance terms and conditions in the contract.

10. Mergers and Acquisitions. Tyco agreed to develop and implement appropriate compliance policies and procedures for any acquisition based upon an appropriate risk-analysis which would be completed as soon as practicable. Further such changes would be implemented as soon as practicable. Directors, officers and employees of newly acquired entities would be trained as soon as practicable.

11. Monitoring and Testing. Tyco agreed to conduct periodic review and testing of its anti-corruption compliance code, standards, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, standards and procedures, taking into account relevant developments in the field and evolving international and industry standards.

So the prior 13 point best practices program is now folded down to 11 for Tyco. Nevertheless, the general concepts are still the same for a company seeking to implement or enhance its compliance solution. Much like Chris Economaki reporting from the Pits at the Indy 500, the level of detail provided in the Tyco NPA should allow the compliance practitioner to evaluate their company’s compliance program.

============================================================================================

The Wall Street Journal has a series of articles today on the FCPA. In conjunction with these articles I will join Joe Palazzolo, Law Blog lead writer, for a conversation on the FCPA at 2:30 PM EDT. We will take your questions. To join us, click here.

===========================================================================================

Leave a Comment

FCPA Compliance and Ethics Blog

June 5, 2013

Return to the Baker’s Dozen in a Best Practices Compliance Program – Total Part II

May 9, 2013

DPAs and NPAs – Useful Tools to Achieve Compliance

April 25, 2013

Actions Taken During a FCPA Enforcement Action-Lessons from Parker Drilling and Ralph Lauren

April 24, 2013

Using Bribery and Corruption to Steal Business – A Thyestean Feast?

April 18, 2013

What’s the Message from BizJet? Self-Disclose and Cooperate

April 9, 2013

Why Eat Your Words When You Can Eat a Peach?

April 4, 2013

Three Compliance Interviews on April 3

January 23, 2013

The FCPA Guidance on the Ten Hallmarks of an Effective Compliance Program

October 31, 2012

From Trick or Treat through Thanksgiving: Examining the Past to Prepare for the Future

October 2, 2012

Tyco NPA and Chris Economaki – Details from the Pits

January

Blogroll

Pages

Admin

Read by Email

Follow “FCPA Compliance and Ethics Blog”