FCPA Compliance and Ethics Blog

December 3, 2013

The Weatherford FCPA Settlement, Part II

Yesterday, I reviewed the Weatherford International Limited (Weatherford) Foreign Corrupt Practices Act (FCPA) settlement. Today I will take a more focused look at the bribery schemes involved and the failure of the company to bring internal controls up to standard or even follow its own compliance program. Weatherford’s compliance program was a joke but worse was its conduct, which many in the company knew was illegal and reported internally but the company did not stop the conduct. The company also, early on in the investigation, actively impeded regulators access to personnel and documents. However, and this is one of the key messages from the Weatherford FCPA enforcement action, the company truly ‘turned it around’. Tomorrow we will explore how the company made this dramatic turnaround.

The bribery schemes had four basic scenarios and, for those of you keeping score at home, I have summarized them below.

I.                   Corrupt Conduct

Weatherford Bribery Box Score

Country Bribery Scheme Government or SOE Official Involved Amount of Bribe Paid
Angola Payments through 3rd parties Sonagol Drilling Manager $250K
Angola JV Partners Government Ministers, wives and other relatives $810K
Congo Payments thru 3rd parties SOE officials $500K
Middle East Countries Unauthorized distributor discounts SOE officials $11.8MM
Algeria Improper travel and entertainment SOE officials $35K
Albania Misappropriation of company funds Tax Auditors $41K

Angola

In Angola two separate bribery schemes were used. The first involved payment of a $250,000 bribe to the Sonagol Drilling Manager. To funnel the bribe the company retained a Swiss agent who paid the money. This Swiss agent billed Weatherford for non-existent and fraudulent services. He would retain a percentage of the total he billed as a commission and would pass the remainder to the Sonagol Drilling Manager. The bribery of the Drilling Manager also included a week long, all-expenses paid trip to Italy and Portugal, where only one of the days was business related.

The company continued this further creativity when it set up a joint venture (JV) which had two local JV partners, JV Partner A and JV Partner B. Partner A consisted of Sonagol government officials, their wives and other relatives and held a 45% stake in the overall JV. JV Partner B’s principals included the relative of an Angolan Minister, the relative’s spouse, and another Angolan official. It held 10% of the overall JV interest. Neither of these JV Partners contributed capital, expertise or labor to the JV. In addition to the straight quid pro quo of awarding Weatherford 100% of the Angolan well screens market, these JV Partners had contracts which were awarded to Weatherford competitors, revoked after the initial award and then awarded them to Weatherford.

Congo

In the Congo, Weatherford made over $500,000 in commercial bribe payments through the same Swiss Agent they had utilized in the initial Angolan bribery scheme to employees of a commercial customer, a wholly-owned subsidiary of an Italian energy company, between March 2002 and December 2008. The Swiss Agent’s role in the scheme included submitting false invoices and sending payments to individuals as directed by Weatherford Services Limited (WSL) employees and others. WSL employees created and sent false work orders to the Swiss Agent. The Swiss Agent, WSL employees and others knew the services would not be performed and that the work orders were a pretext to funnel money to the Swiss Agent. The Swiss Agent forwarded the money, less a commission, once again based on fraudulent invoices for non-existent services.

The Middle East

In certain un-named Middle Eastern countries between the years of 2005 and 2011 another Weatherford subsidiary employed another bribery scheme to funnel payments to officials of state owned National Oil Company (NOC). This bribery scheme entailed the awarding of improper “volume discounts” to a company that served as an agent, distributor and reseller which supplied Weatherford products to a state-owned and controlled NOC, believing that those discounts were being used to create a slush fund with which to make bribe payments to decision makers at the NOC.

The Securities and Exchange Commission (SEC) Complaint noted that as early as 2001, officials at the un-named national oil company directed Weatherford to sell goods to the company through a particular distributor. Prior to entering into the contract with the distributor, Weatherford did not conduct any due diligence on the distributor, despite: (a) the fact that the distributor would be furnishing Weatherford goods directly to an instrumentality of a foreign government; (b) the fact that a foreign official had specifically directed the company to contract with that particular distributor; and (c) the fact that Weatherford executives knew that a member of the country’s royal family had an ownership interest in the distributor. In late 2001, the company entered into a representation agreement with the distributor to sell its Completion and Production Systems products to the NOC.

Thereafter, the distributor created a slush fund by providing the distributor with unauthorized volume and pricing discounts, in addition to the agent’s 5% commission. Company employees intended that the slush fund would be used to pay officials at the un-named NOC. The “volume discounts” to the distributor were typically between 5-l0% of the contact price. The discounts allowed the distributor to accumulate funds which were used to pay bribes to the NOC officials.

Algeria

Weatherford also provided improper travel and entertainment to officials of the Algerian NOC, Sonatrach, which did not have any legitimate business purpose. The SEC Complaint detailed the following improper travel and entertainment provided to Sonatrach officials:

  • June 2006 trip by two Sonatrach officials to the FIFA World Cup soccer tournament in Hanover, Germany;
  • July 2006 honeymoon trip of the daughter of a Sonatrach official; and
  • October 2005 trip by a Sonatrach employee and his family to Jeddah, Saudi Arabia, for religious reasons that were improperly booked as a donation.

In addition, on at least two other occasions, Weatherford provided Sonatrach officials with cash sums while they were visiting Houston. For example, in May 2007, Weatherford paid for four Sonatrach officials, including a tender committee official, to attend a conference in Houston. Further, the company provided an approximate $24,000 cash advance for the trip where there was no evidence of any legitimate business purpose or promotional expenses.

Albania

In Albania, Weatherford had a tax evaluation problem. To deal with this issue the general manager and financial manager of the company’s Italian subsidiary misappropriated over $200,000 of company funds, to fund a bribery scheme involving Albanian tax auditors. The general manager, financial manager and the Albania country manager made $41,000 in payments to Albanian tax auditors who questioned details of the company’s accounts and demanded payment to close out the audit or speed up the certification process in 2001, 2002 and 2004.

The general manager and financial manager misappropriated the funds by taking advantage of Weatherford’s inadequate system of internal accounting controls. They misreported cash advances, diverted payments on previously paid invoices, misappropriated government rebate checks and received reimbursement of expenses that did not relate to business activities. A memo drafted by the general manager and financial manager in the months after their co-worker confronted them discussed the misappropriated funds and indicated that funds were paid to tax auditors in Albania and others for the benefit of Weatherford. This was the bribery scheme which was reported to the company and the internal whistle-blower employee was terminated.

II.                Program Deficiencies Lack of Cooperation

The DPA laid out in equally stark terms the complete and utter disregard, non-existence of and/or complete failure of any systemic compliance program, prior to 2008. These deficiencies included:

  • Failure to establish internal accounting controls to prevent bribery and corruption;
  • Failure to perform due diligence on any prospective third parties, including who they were, ultimate beneficial ownership and business justifications;
  • Failure to perform due diligence or in any meaningful manage joint venture partners;
  • Failure to have any meaningful internal controls for gifts, travel and entertainment;
  • No effective internal reporting system for FCPA violations or issues; and
  • (Most amazingly) No Chief Compliance Officer or even compliance professionals in a multi-billion dollar, multi-national company in the energy industry.

In addition to all of the above, Weatherford engaged in active conduct to impede the investigations of both the SEC and DOJ. In one instance, the company told investigators that a key witness was dead when he was not only still alive and well but working for Weatherford. In other instances, the company, emails were deleted by employees prior to the imaging of their computers. It was also noted that Weatherford failed to secure important computers and documents and allowed potentially complicit employees to collect documents subpoenaed by the staff.

Tomorrow, the Weatherford compliance comeback.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

December 2, 2013

The Weatherford FCPA Settlement, Part I

Last week Weatherford International Limited (Weatherford) concluded one of the longest running open Foreign Corrupt Practices Act (FCPA) investigations when it agreed to the ninth largest FCPA fine of all-time and one of its subsidiaries, Weatherford Services Limited (WSL), agreed to plead guilty to violating the anti-bribery provisions of the FCPA. The total amount of fines and penalties for the FCPA violations was $152.6 million. The company was also hit with another $100 million in fines and penalties for trade sanctions bringing its total amount paid to $252.6 million.

The bribery schemes that Weatherford used were varied but stunning in their brazen nature. Further, early on in the investigation, the company thumbed its nose at the Department of Justice (DOJ) by refusing to cooperate in any meaningful way and actually destroying documents and computer hard drives rather than turn over relevant documents. There were also examples of internal company whistleblowers, who were either ignored or, worse, terminated when they internally reported illegal conduct which violated the FCPA. Lastly, the company did not self-disclose their conduct so things started out badly, badly, did I say badly, for the company. But in spite of how things began, Weatherford was able to make a turnaround and substantially improve its position by reversing this initial nose-thumbing at US regulators. Over the next three blog posts I will explore the bribery schemes involved, how the company’s new-found attitude led to lower fines that might otherwise have been expected and what the lessons are for the compliance practitioner going forward.

DOJ Criminal Information and Deferred Prosecution Agreement

To resolve the criminal aspects of this case, Weatherford agreed to pay an $87.2 million criminal penalty as part of a Deferred Prosecution Agreement (DPA) with the DOJ.

In the Information filed as a part of the resolution reveals that company employees established and operated a joint venture (JV) in Africa with two local entities controlled by foreign officials and their relatives from 2004 through at least 2008. These foreign officials selected the entities with which WSL would partner and the company knew that the members of the local entities included foreign officials’ relatives and associates. The sole purpose of those local entities was to serve as conduits through which WSL pay bribes to the foreign officials controlling them as neither of the JV partners contributed capital, expertise or labor to the JV. In exchange for the illegal payments they received, through the JV, lucrative contracts, gave WSL inside information about competitors’ pricing, and took contracts away from WSL’s competitors and awarded them to the JV.

The Information also noted that Weatherford knowingly failed to establish an effective system of internal accounting controls designed to detect and prevent corruption, including FCPA violations. The company failed to implement these internal controls despite operating in an industry with a substantial corruption risk profile and despite growing its global footprint in large part by purchasing existing companies, often themselves in countries with high corruption risks.   As a result, a permissive and uncontrolled environment existed within which employees of certain Weatherford’s wholly owned subsidiaries in Africa and the Middle East were able to engage in corrupt conduct over the course of many years, including the bribery of foreign officials.

In yet another scheme detailed in the Information, a Weatherford employee in the Middle East, gave improper “volume discounts” to a distributor who supplied company products to a government-owned National  Oil Company (NOC), believing that those discounts were being used to create a slush fund with which to make bribe payments to decision-makers at the NOC. Between 2005 and 2011, Weatherford Oil Tools Middle East Limited (WOTME) paid approximately $15 million in “volume discounts” to the distributor.

In its Press Release the DOJ also spoke to the nefarious conduct of the company. Acting Assistant Attorney General Raman was quoted as saying “This case demonstrates how loose controls and an anemic compliance environment can foster foreign bribery and fraud by a company’s subsidiaries around the globe. Although Weatherford’s extensive remediation and its efforts to improve its compliance functions are positive signs, the corrupt conduct of Weatherford International’s subsidiaries allowed it to earn millions of dollars in illicit profits, for which it is now paying a significant price.” He also said that “Effective internal accounting controls are not only good policy, they are required by law for publicly traded companies – and for good reason.” The Federal Bureau of Investigation (FBI) chimed in when Assistant Director in Charge Parlave said that “The FBI is committed to investigating corrupt backroom deals that influence contract procurement and threaten our global commerce.”

SEC Compliant

In its civil Complaint, the Securities and Exchange Commission (SEC) alleged that Weatherford and its subsidiaries falsified its books and records to conceal not only these illicit payments, but also commercial transactions with Cuba, Iran, Syria, and Sudan that violated US sanctions and export control laws. Further, the company failed to establish an effective system of internal accounting controls to monitor risks of improper payments and prevent or detect misconduct. The company obtained more than $59.3 million in profits from business obtained through improper payments, and more than $30 million in profits from its improper sales to sanctioned countries. This conduct lasted from 2002 up until 2011 and included the lack of internal controls plus the affirmative falsification of its books and records to facilitate the bribe payments. The payment of disgorgement, prejudgment interest, and civil penalties to the SEC was in the amount of $65,612,360.34.

As you would expect, the SEC focused on the company’s books and records violations. Andrew Ceresney, co-director of the SEC’s Enforcement Division, was quoted in the SEC’s Press Release that “The nonexistence of internal controls at Weatherford fostered an environment where employees across the globe engaged in bribery and failed to maintain accurate books and records,” said  “They used code names like ‘Dubai across the water’ to conceal references to Iran in internal correspondence, placed key transaction documents in mislabeled binders, and created whatever bogus accounting and inventory records were necessary to hide illegal transactions.” Kara Brockmeyer, Chief of the SEC Enforcement Division’s FCPA Unit, said, “Whether the money went to tax auditors in Albania or officials at the state-owned oil company in Angola, bribes and improper payments were an accustomed way for Weatherford to conduct business. While the profits may have seemed bountiful at the time, the costs far outweigh the benefits in the end as coordinated law enforcement efforts have unraveled the widespread schemes and heavily sanctioned the misconduct.”

All of the settlement documents are chocked full of information about bribery schemes Weatherford engaged in for many years. For the compliance practitioner, they provide a list that can be used a check and balance to see if your company may be engaging in any of these practices. Additionally, both the DOJ and SEC listed out the internal controls and books and records failures of the company. Tomorrow, I will review the specific bribery scheme and failures of the Weatherford compliance program.

For a copy of the DOJ Information, click here.

For a copy of the DOJ Deferred Prosecution Agreement, click here.

For a copy of the SEC Civil Compliant, click here.

For a copy of the Plea Agreement, click here.

For a copy of the DOJ Press Release, click here.

For a copy of the SEC Press Release, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

November 11, 2013

Honor Our Veterans and Compliance in the Supply Chain

Today is National Remembrance Day for Veterans who served their country and across the world. In the US we call it Veterans Day. In the UK, it is called Remembrance Day. Whatever it is called, it is designed so that we may never forget the sacrifices that the men and women made so that we can live in a free society. So today, I ask you to personally thank a veteran, buy them a cup of coffee or simply reflect on those who made the ultimate sacrifice to allow us all to go forward into the 21st Century.

My father is a veteran of both World War II and the Korean Conflict. I saw him this weekend and at 87 he is still kicking along, reading, studying and thinking about the relevant issues of the day. He gave to me a copy of the Fall 2013 issue of the University of Illinois, College of Law, Comparative Labor Law & Policy Journal which had an article, entitled “Toward Joint Liability in Global Supply Chains: Addressing the Root Causes of Labor Violations In International Subcontracting Networks”, by authors Mark Anner, Jennifer Bair and Jeremy Blasi. So to honor my father’s continuing interest in anti-corruption compliance, today I will write about this article and how it informs anti-corruption compliance in the Supply Chain.

The authors starting point is that of the Rana Plaza building collapse in Bangladesh, which killed at least 1129 workers, which has led to a “significant departure from the extant model of labor compliance that has developed over the past two decades”. The previous model of labor compliance had assumed that labor issues were a “factory-level problem and the only entity that needs to be regulated is the contractor factory.” This was enforced by companies adopting codes of conduct and then monitoring their suppliers for compliance. However, after the Rana Plaza tragedy, certain western corporations adopted the Bangladesh Accord, which anticipates joint responsibility for labor issues between both vendors and the purchasers of their goods and services. Further, the Bangladesh Accord is not merely like the prior general statements of intent but brings binding, contractually enforceable duties.

While the focus of the article was on labor issues such as pay, safety and retaliation for raising such concerns, the article did point to some interesting ideas which could be applied to this issue as it relates to anti-corruption compliance under laws such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Obviously both laws require a specified protocol for the hiring of third parties which represent companies. These concepts and techniques are now being used for third parties who develop relationships with companies through the supply chain. Companies such as freight forwarders, visa processors and customs brokers have foreign governmental touch points which clearly mandate a through due diligence process under the FCPA and Bribery Act. However, many companies may not recognize their potential exposure for companies which supply them but engage in bribery and corruption to fulfill their contracts.

Using the authors discussion of the regulatory scheme for compliance of labor and safety issues for suppliers under the Bangladesh Accord I have adapted them for anti-corruption compliance. The intention is to create stable, long term relationships and also to promote a stable core of suppliers who are FCPA or Bribery Act compliant in anti-corruption and anti-bribery. These points can incentive suppliers to not only become more compliant in anti-corruption and anti-bribery programs but also reward them for doing business with other like-minded sub-suppliers and sub-contractors. They include:

  • Requiring suppliers to designate all sub-suppliers and sub-contractors that they will use.
  • Restrict the subset of sub-suppliers and sub-contractors to those who have been certified, through a recognized Non-governmental organization (NGO) or company, in anti-corruption.
  • Prohibit retaliation against supplier employees who report, in good faith, allegations of bribery and corruption.
  • Require a supplier to register the number of sub-suppliers and sub-contractors that it intends to use for a company.

For US, and other western companies, I think that there are some lessons which might be drawn from the authors’ piece in connection with their compliance programs around the Supply Chain.

Know Your Suppliers

When it comes to anti-corruption compliance in the Supply Chain, many companies either fail to embrace this concept or, worse yet, do not understand how this concept is interwoven into an overall compliance program. Indeed, one of the perceived banes of compliance is that a company is responsible for the actions of its suppliers. Nevertheless, if companies understand that suppliers are a critical component of an overall compliance program it becomes much easier to understand how such a model can and should be used as a guidepost for the Supply Chain and compliance.

The Compliance Oversight Committee

The Oversight Committee is a key component of any best practices compliance program. Not only should it be used for reviewing and managing traditional high risk areas such as third party business representatives in the sales chain; a company can create such committees for other high risk issues particular to a company. Witness the Johnson & Johnson (J&J) Deferred Prosecution Agreement (DPA) and its “Enhanced Compliance Obligations”. In this J&J agreed to establish “a “Sensitive Issue Triage Committee” to review and respond to any such [Foreign Corrupt Practices Act] FCPA issues as may arise.” This is precisely the type of rigor which should be included in a best practices compliance program. Compliance Committees can serve to escalate compliance issues before they become violations of the FCPA or UK Bribery Act and are becoming a part of a best practices compliance program. If a company decides to disband such a committee it must clearly perform rigorous audits or place such safeguards in place to send a message to both vendors in the Supply Chain and employees that compliance is still held in the highest regard by the company.

Risk Assessments – Don’t Let Growth Overwhelm Your Compliance Program

The Department of Justice (DOJ) continually reminds us of the need for risk assessments. One of the areas often overlooked in risk assessments is growth. Growth and indeed explosive growth can be pursued or occur while not fully assessing or even appreciating the risks involved. This could mean that there were many new vendors in the Supply Chain that did not receive the rigorous due diligence and training in anti-corruption and anti-bribery compliance. A company can also hire huge numbers of new contract employees who do not receive the same anti-corruption training as previously hired employees. These can lead to organizational incentives that become skewered towards growth and not compliance.

If a company wants to move forward with an aggressive growth model, it should assess the compliance risks of doing so. Through a risk assessment, it might be determined that compliance might suffer through the increased use of new vendors. For the compliance practitioner, these risks might also be that new vendors in the Supply Chain need full and complete compliance training, that contract employees need the same compliance training as full-time employees; additionally new vendors need rigorous screening through a robust due diligence process to not only identify Red Flags regarding corruption but to help educate them that your company takes compliance very seriously.

So today I honor my father and all Veterans everywhere. And thanks to my father for continuing to be interested enough to read articles which help inform my knowledge of anti-corruption compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

October 11, 2013

Pre-Acquisition Due Diligence Program for Evaluating Target Companies in M&A

7K0A0223I am just back from our nation’s capital attending the Society of Corporate Compliance and Ethics (SCCE) 2013 annual Compliance and Ethics Institute. If you have a chance to attend next year’s event in Chicago I urge you to do so. The sessions were first rate, topical and had great insights. The networking and sharing of information was also great. While the vendors were there to market their own products and services they were clearly part of the overall solution, so kudos to every company that showed at the event. Hats off to everyone on Team SCCE for doing a great job. Finally, to Roy Snell, Matt Kelly was right; you take the casual, hip look up to the next level, I wish I had your style.

One of the sessions I attended was entitled “Compliance Due Diligence In Multi-National Transactions: Mergers & Acquisitions and Third Parties”, led by Louis Perold, Legal Compliance Manager at Sasol Ltd., and Krista Muszak, Senior Compliance Analyst at Paychex, Inc. In this session, they laid out the steps that you should take when looking at an acquisition from the compliance perspective.

I.                   Review

They suggested a five step process which I thought was well laid out to show you how to plan and execute a strategy to perform pre-acquisition due diligence in the merger context. The process was as follows:

  1. Establish a point of contact. Here you need to determine one point of contact that you can liaise with throughout the process. They suggested that typically this would be the target’s Chief Compliance Officer (CCO) if the company is large enough to have full time position.
  2. Collect relevant documents. The documents suggested that you begin with are a detailed list of sales going back 3-5 years, broken out by country and, if possible, obtain a further breakdown by product and/or services; all JV contracts and due diligence on JVs and other third party business partners; the travel and entertainment records of the acquisition target company’s top sales personnel in high risk countries; internal audit reports and other relevant documents.
  3. Review the compliance and ethics mission and goals. Here they said you should look at the Code of Conduct or other foundational documents that a company might have to gain some insight into what they publicly espouse.
  4. Review the seven elements of an effective compliance program, as below:

A. Oversight and operational structure of the compliance program. Here you should assess the role of board, CCO and if there is one, the compliance committee. Regarding the CCO, you need to look at their reporting and access – is it independent within the overall structure of the company? Also, what are the resources dedicated to the compliance program including a review of personnel, the budget and overall resources?

B. Policies/Procedures, Code of Conduct. In this analysis you should identify industry practices and legal standards which may exist for the target company. You need to review how the compliance policies and procedures were developed and determine the review cycles for compliance policies, if any. Lastly, you need to know how everything is distributed and what are the enforcement mechanisms for compliance policies? The speakers pointed out that you should check with HR for terminations or discipline relating to compliance

C. Education, training and communication. Here you need to review the compliance training process as it exists in the company; both the formal and the informal. You should ask such questions as “What are the plans and schedules for compliance training?” Next determine if the training material itself is fit for intended purpose, including both internal and external training for third parties. You should also evaluate the training delivery channels. Is the compliance training delivered live, online, or through video? Finally, assess whether the company has updated their training based on changing of laws.

D. Monitoring and auditing. Under this section you need to review both the internal audit plan and methodology used regarding any compliance audits. A couple of key points are (1) is it consistent over a period of time and (2) what is the audit frequency? You should also try and judge whether the audit is truly independent or if there was manipulation by the business unit.

E. Reporting. What is the company’s system for reporting violations or allegations of violations? Is the reporting system anonymous? From there you need to then turn to who does the investigations and how are they conducted? A key here, as well as something to keep in mind throughout the process, is the adequacy of record keeping by the target.

F. Response to detected violations. This review is to determine management’s response to detected violations. What is the remediation that has occurred and what corrective action has been taken to prevent future, similar violations. Has there been any internal enforcement and discipline of compliance policies if there were violations? Lastly, what are the disclosure procedures to let the relevant regulatory or other authorities know about any violations and the responses thereto?

G. Enforcement Practices/Disciplinary Actions. Under this analysis, you need to see if there was any discipline delivered up to and including termination. If remedial measures were put in place, how were they distributed throughout the company and were they understood by employees?

5. Review the periodic evaluation of the program’s effectiveness. Under this they suggested a review of the target’s internal audit reports or outside investigations if they were performed.

II.        Red Flags

The speakers provided a short list of red flags that, should you determine exist, need to be further investigated and cleared. They listed the following:

  • Ineffective compliance program elements
  • Company in financial difficulty
  • Frequent breach of policies and procedures
  • Inactive compliance and ethics committee
  • No access to the board
  • No regular reports to the board
  • CCO not allowed direct access to the Chief Executive Officer (CEO)
  • Lack of independence
  • Frequent requests to waive policies
  • No consistent consequence management for violations

III.             Evaluation

The speakers also provided a ranking system which can be used to think through and evaluate the information that you have obtained. They proposed the following.

  • Level 1 – Absent. There is no commitment to compliance illustrated by no dedicated resources, no formal compliance policy and the absence of a compliance program.
  • Level 2 – Reactive. There is commitment to address compliance issues when major breaches arise.
  • Level 3 – Foundational. While there is commitment to address compliance issues when major breaches arise, there is no formal compliance program but policies and monitoring activities are put in place to prevent the reoccurrence of major breaches.
  • Level 4 – Proactive. There is a commitment to have a strong compliance program in place with dedicated resources and a clear assessment of all risk areas. The program encompasses ongoing monitoring and measurement as well as proactive and preventative elements.
  • Level 5 – Embedded. The compliance program pervades the organization in every respect: strategically, culturally and operationally. Every staff member is aware of and takes appropriate responsibility for the effective implementation of the compliance program and its ongoing improvement.

I found their program a very useful session on how you should think through performing due diligence on a target in the acquisition context. With the Department Of Justice’s (DOJ’s) emphasis on pre-acquisition due diligence, as set out in last year’s FCPA Guidance, I think more companies will need to strengthen this portion of their compliance program.

And once again, a big thanks to SCCE for a great week at the Compliance and Ethics Institute 2013.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

October 8, 2013

Due Diligence: Past, Present and Future

Released 40 years ago this month, the Al Stewart album Past Present and Future was a departure from his earlier folk based work. In this album, Stewart focused on historical themes. I was particularly drawn to two long songs, “Roads To Moscow” which is Stewart’s tribute to the Russian author and modern day philosopher Aleksandr Solzhenitsyn and “Nostradamus” which is about the famous supposed prophet and his prophecies.

I thought about Stewart’s album title while I was listening to Frank Taber, Director, Global Ethics and Compliance for Hospira, Inc. (HSP) speak at the Society of Corporate and Compliance (SCCE), 2013 national Compliance and Ethics Institute on the topic of “Third Party Risk-Based Anti-Bribery Due Diligence”. While most compliance practitioners certainly are aware of the need to perform due diligence, Tabor’s presentation was not only a very good refresher on the topic but he presented the information together that gave me pause to think about due diligence in a new way. Hence when he said past, present and future; I thought about Stewart’s album as a new way to think about due diligence. These ideas became even more interesting when considered in the light of GlaxoSmithKline PLC (GSK) issues in China.

Past

Obviously, your company wants to know who they are doing business with, whether it is a person or entity as a sales chain partner, joint venture partner or other business relationship. This is also true for acquisitions. But more than wanting to know about who you are doing business with, due diligence is an important tool in the overall international efforts to fight bribery and corruption. It also supports your company’s Code of Conduct, protects your reputation and allows early discovery of deal-breakers before it is too late. Due diligence also helps to provide a legal defense to anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. In addition to the background and reputation, you need to know a party’s qualifications to do business with you.

One of the things that GSK apparently did not check on was the qualifications of the lead travel agency it used in China. If it had done so, it may well have discovered that the principals of the lead travel agency did not have any experience in the business. If this had been reviewed by a compliance professional in the corporate office, it should have been red flagged for additional investigation.

Present

What are the types of information that you should obtain in due diligence? Tabor had a good list for you to begin with, which included the following.

  • Identification – It is important to obtain the basic identification information on a third party. This includes, names, addresses, phone numbers, basic license information, the identities of officers, directors, shareholders and those who will handle your business or be your point of contact. You need to obtain corporate regulatory and partnership filings, a list of countries where it does business and find out if there have been any name changes in the past five years.
  • Financial – Your financial review should be based on three years of audited (if any) financial records.
  • Capabilities – This should include a review of the party’s facilities, support services, amount of work outsourced, number of employees and number of years in business. You should also ask for a list of its top 10 customers.
  • Government Exposure – You need to determine if the third party does business with any foreign governments or government officials and if there are any government officials otherwise involved with the third party. This extends to relatives and close friends of government officials.
  • Enforcement Actions – Here you need to determine if the party or any of its officials have ever been charged with criminal conduct or been party to criminal proceedings. You also need to make the same inquiries for civil proceedings or regulatory actions. You should review news media stories on the party.
  • Internal Control Environment – You should review the party’s compliance program, including their Code of Conduct. You should also test their employees’ familiarity with the FCPA or Bribery Act. See if the company has a written policy regarding gifts, travel and entertainment and if the employees are trained on same.

Future

Tabor discussed how you should respond to negative information which may be uncovered during the due diligence process. He began though by emphasizing it is important to have a plan in place so that your internal team can address any negative issues that might arise. I was intrigued by his assertion that you can use due diligence as part of a risk management plan going forward. Some of the mitigation options he discussed were to share your Code of Conduct with the third party and draw attention to your internal reporting line for questions and concerns. You should clearly communicate that bribery and corruption is not tolerated. You may need to use the due diligence you have obtained to review and improve existing contracts to reflect this priority. You may suggest that the third party adopt a compliance regime similar to your program or provide training on specific issues.

Tabor also spoke about the need for ongoing due diligence monitoring. I agree that under most of the recent expert commentary on what constitutes a best practices compliance program, under laws from different countries and in a wide variety of industries, the ongoing monitoring of third parties is viewed as critical. This is because any due diligence performed on a third party during the time which may lead up to a contract, would only be scheduled to be performed again during the next qualification period, typically every two to three years. Much can happen during this ensuing time frame. I believe that the “Future” prong of due diligence monitoring is a step that companies need to develop in order to monitor their third parties during the life of the contract rather than simply at the start of the qualification process.

Tabor’s three pronged approach gave me a new way to see due diligence. Once again, Tabor’s presentation emphasized to me the ongoing, organic nature of a compliance program. If you obtain more information you can make adjustments to manage your risk more fully, completely and certainly more timely.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

August 9, 2013

Who Watches the Watchmen? A Look at Anti-Bribery Risks in the Legal Profession

Teodoro Obiang Mangue  has led a life that few could easily relate to.   At age 8, his father organized a coup against his uncle to assume the Presidency of Equatorial Guinea.  Thirty years later, his father continues to maintain a tight grip over the country and Teodoro (nicknamed “Teodorin”) has become the heir apparent, comfortably coasting for the time being as Minister of Agriculture and Forestry.

Equatorial Guinea is a small country of about 600,000 people on the west coast of Africa.  Much in Equatorial Guinea changed in the 1990s when large offshore oil deposits were discovered and the country quickly became one of the leading oil producers in sub-Saharan Africa.  But while the elite in government enjoyed their newfound wealth, none have enjoyed it with quite as much flair as Teodoro.  Among his list of expensive toys are  several Bugattis, a couple Ferraris, Lamborghinis and Bentleys,  a $38.5 million private jet, and a $30 million Malibu home bought in 2006 that was later ranked as the 6th most expensive residential purchase in the United States that year.  Not bad for someone whose official salary is only $60,000 a year.  The true tragedy of the situation, however, is that the majority of Equatorial Guineans live below the poverty line, and the country ranks 136 of the 186 nations on the United Nation’s Human Development Index.  This hasn’t stopped a playboy millionaire like Teodoro, though, who’s reportedly spent nearly $700,000 just to rent Microsoft co-founder Paul Allen’s 303-foot yacht for a weekend.

The Bribery Bar

For years, the international community has tried to expose Obiang’s illegitimate wealth, and in 2010, the United States Senate’s Permanent Subcommittee on Investigations published a scathing report on Obiang’s use of U.S. lawyers, bankers, real estate agents and escrow agents to launder $110 million in suspect funds out of Equatorial Guinea and into the United States.  The report, entitled Keeping Foreign Corruption Out of the United States: Four Case Histories, shows how two U.S. lawyers, Michael Berger and George Nagler, actively helped Obiang to circumvent U.S. anti-money laundering controls at U.S. banks by allowing him to use their attorney-client and law office accounts as conduits for his funds.  The two-step process of first transferring the funds to the lawyers’ attorney-client and law office accounts before transferring the funds to U.S. banks helped mask the fact that the funds were coming from Equatorial Guinea, which most banks flag as a high risk country due to its reputation for corruption.  According to the report, Mr. Berger and Mr. Nagler assisted Mr. Obiang to hide his identity from the banks by, among other things, setting up shell companies for Mr. Obiang and failing to disclose to the banks that Mr. Obiang was the beneficial owner of those companies.  “The Obiang case history,” summarized the Senate Subcommittee report, “demonstrates how a determined [politically exposed person] can employ the services of U.S. attorneys to bring millions of dollars in suspect funds into the United States through U.S. financial institutions.“

A few months after the Senate published its findings on Obiang, the International Bar Association, in cooperation with the Organization for Economic Co-operation and Development (OECD) and the United Nations Office on Drugs and Crime (UNODC), published the results of their own survey entitled Risks and threats of corruption and the legal profession.  The survey’s goal was to alert readers “to the unfortunate fact that lawyers are indeed approached to act as agents/middlemen in transactions that could reasonably be suspected to involve international corruption.”  Indeed, the results of the survey were disconcerting:

  • Nearly half of all respondents stated that corruption was an issue in the legal profession in their own jurisdiction;
  • More than a fifth of respondents said they have or may have been approached to act as an agent or middleman in a transaction that could reasonably be suspected to involve international corruption; and
  • Nearly 30 per cent of respondents said they’d lost business to corrupt law firms or individuals who have engaged in international bribery and corruption.

That lawyers are routinely involved in bribery schemes should come as little surprise to those in the FCPA bar. Some of the biggest cases brought under the Foreign Corrupt Practices Act have involved lawyers, including:

  • Hans Bodmer, a Swiss lawyer, who pleaded guilty in 2004 to helping move money in Viktor Kozeny’s scheme to bribe Azeri officials and gain control over the state-run oil company;
  • Jeffery Tessler, a British lawyer, who was hired by the TSKJ consortium to funnel bribes to high-ranking Nigerian officials regarding contracts to build liquefied natural gas facilities in Nigeria; and
  • Pablo Alegría Con Alonso and José Manuel Aguirre Juárez, two Mexican attorneys accused of assisting Walmart to deliver cash to mayors, city council members, urban planners, and all manner of government bureaucrats in Mexico in order to secure business in the country.

Legal Obligations

Why are members of the legal profession so often implicated in these bribery schemes?  Part of the problem may be due to a lack of client transparency.  In many countries, lawyers have no obligation to look into the source of their client’s funds, even if their client is a high-risk, politically exposed person.   In the US, for example, lawyers have been excluded under the Patriot Act to conduct anti-money laundering due diligence, unlike banks and other financial institutions.  Other countries that have no direct anti-money laundering measures applicable to lawyers include China, India and Canada.

Even when a lawyer is aware that their client is engaged in illegal behavior, many legal professionals may feel a contradictory obligation to refrain from revealing confidential information that they’ve gained as part of the attorney-client relationship.   This issue was brought center-stage in the early 2000s after the Enron, WorldCom and Tyco scandals, which showed just how much attorneys knew of the illicit behavior going on without doing anything to stop it.  Now, in the wake of Sarbanes Oxley, the American Bar Association’s Model Rules of Professional Conduct state that once a client has used the lawyer’s services in furtherance of a crime, the lawyer must withdraw completely from representation.

Still, many lawyers remain unaware of their responsibilities, especially those having to do with corruption.  As a result, the IBA has made it a goal to continue to inform lawyers of their duties not to perpetuate bribery schemes.  Earlier this year, it published an Anticorruption Guidance meant for bar associations around the world to develop anti-corruption initiatives that are relevant to practitioners in their jurisdictions, and last year, the IBA coordinated with the OECD, the UNODC and 40 law schools selected from various countries to pilot the use of anti-corruption training into the syllabus of law degrees.

Increasing Due Diligence

Another problem in this area is the fact that law firms are so rarely vetted themselves for anti-bribery.  In fact, more than two-thirds of respondents in the 2010 IBA survey said that their law firms had never been subject to anti-corruption or anti-money laundering due diligence conducted by foreign clients; more than 90 per cent stated that less than 25 per cent of clients required them to certify that they had any anti-corruption compliance program at all.  Often, that means that companies operating in foreign jurisdictions are choosing who to hire for legal advice based solely on reputation.  In its 2010 report, the IBA wrote “that clients are unaware of their own due diligence responsibilities and/or that they do not consider lawyers as intermediaries who could engage in corrupt acts and/or be subject to anti-corruption rules and regulations.”  The dilemma brings to mind the Latin phrase quis custodiet ipsos custodes?  –  “who watches the watchmen?“

As companies become increasingly aware of these risks, many are now asking to conduct at least some level of due diligence on their outside lawyers.   And if this was something that at one time would have been frowned upon in the legal profession, many foreign lawyers, like other third party intermediaries, are seeing due diligence as a way to distinguish themselves from their peers.  Earlier this Summer, TRACE International partnered with the Pan-African Lawyer’s Union (PALU) to offer free TRAC profiles to African lawyers and law firms.  The TRAC certification offers PALU law firms an online platform to rapidly exchange baseline due-diligence information with potential clients.  For those companies operating in the high-speed world of complex international commercial negotiations and international dispute resolution, TRAC is a quick and easy way to gain comfort with an outside law firm.

Conclusion

Lawyers, as guardians of the law, play a vital role in the fight against corruption.  Yet the unfortunate reality is that some abuse their positions to perpetuate bribery schemes.   Companies, aware that there is a growing expectation for them to conduct due diligence on a broader range of third parties, are now beginning to weigh outside counsel as potential risks.  After all, if bribery  doesn’t discriminate based on profession, then nor should a company’s due diligence program.  All of that is a good thing for honest lawyers, companies that want to do right, and, in the end, the innocent victims of corruption.

Severin Wirz, Attorney and Manager, Advisory Services ,TRACE International, Inc. He can be reached via email  at wirz@TRACEinternational.org and phone at 410) 990 0076.

TRACE is a non-profit membership association helping companies to raise their anti-bribery standards.  As part of its commitment to transparency in the legal profession, TRACE is waiving the fee for all attorneys and law firms who would like to subscribe to TRAC.  Simply visit www.tracnumber.com and apply the code: OPENLAW2013.  This code will remain valid for the whole month of August.   

July 29, 2013

What Is Due Diligence?

What is due diligence? When did due diligence begin? What does it really mean to perform due diligence? Further, how do you tie the information that you obtain in the due diligence process into your ongoing compliance program? I thought about those questions in the context of two very different types of information that I recently came across.

The first is Professor Donald Kagan’s 24 lecture series on Ancient Greece. Kagan, a professor at Yale, is considered to be one of the pre-eminent American scholars on Ancient Greece. I downloaded this lecture series on iTunes U, from the selection of Open Yale courses. For a non-Eli, such as myself, to have access to the lectures of Professor Kagan is a treat beyond words.

The Athenian democracy had many interesting features. The entire citizenship of Athens elected its leaders annually. One of the interesting features of the Athenian democracy was that before each election there would an exhaustive background investigation into each candidate, including their financial dealings, legal proceedings, military service and other relevant factors which might provide information on their character and fitness to hold office. After their one year tenure, there would be an audit of the former office holders’ finances to determine if anything was askance or if there was evidence of bribery and corruption. All of that sounds like a fairly robust program to determine the qualifications of a leader beforehand and then a backend determination if there was any indicia of bribery and corruption which could be further investigated if required.

Lest you think that there was no management of politicians during their term, there were 10 votes annually on whether a leader was doing his job. If there was a majority vote against the politician, he would have to go court to defend himself by proving that he was performing his job correctly and going to court in ancient Athens, meant a trial before the entire body of eligible voters. If the politician lost, he was thrown out before the end of his one year term. If he won, he reassumed his elected duties.

So the ancient Athenians had pre-election due diligence, management of the relationship during their annual term and then a post-relationship audit. Not too bad a system, particularly when you consider that it was developed over 2500 years ago.

The second item of interest was an article in the New York Times (NYT), High & Low Finance column of Floyd Norris, entitled “Intersection of Fraud and Traffic Violations”. The article was quite fascinating. It reported on a study by Robert Davidson, who teaches accounting at Georgetown University, along with Aiyesha Dey, of the University of Minnesota, and Abbie Smith, of the University of Chicago. Norris reported that “Their results are reported in a paper, “Executives’ ‘Off-the-Job’ Behavior, Corporate Culture and Financial Reporting Risk,” which is to appear in the Journal of Financial Economics.”

The bottom line is that if your company’s Chief Executive Officer (CEO) “likes to drive too fast, watch out. He may be more likely to commit fraud.” However, (and perhaps counter-intuitively) “If he lives too high on the hog, worry about whether he is paying enough attention to work to catch fraud being committed by his subordinates. And there may be a greater chance that the company is making mistakes in its accounting, though not fraudulently.”

The authors used some interesting investigative techniques for their paper. First they examined “fraud cases that the Securities and Exchange Commission [SEC] filed over the years — covering frauds that began between 1992 and 2004.” Next, the “researchers looked for other companies that were as similar as possible to the companies that were caught. Those companies were of similar size, had similar balance sheets and similar prefraud stock market performance as the fraudulent companies and were in the same industries.” This netted them “109 companies where fraud was detected and 109 similar ones where it was not.” The next step was the one that I found the most interesting, “The academics then hired private investigators to check out the bosses. They looked for past criminal records, including traffic violations, and they searched public records to see which cars, homes and boats the chief executives owned.”

Norris reported that while “The statistics are far from conclusive — 109 is not a large number — but they may take on a little more weight from the decision of the researchers to investigate an additional 164 chief executives. They came from 94 companies that were forced to restate their financial statements but were not accused of fraud by the S.E.C., and from 70 others chosen at random from the universe of companies that did not have fraud or accounting errors.” Norris believes what the report “could indicate is that people who are willing to violate one set of social norms are more likely to be willing to violate far more serious ones.”

I do not think that his last statement would be too controversial. However, the research went further. The authors of the report “also set out to if what they called unfrugal chief executives run companies that are fundamentally different from those run by bosses who spend less on themselves. To determine that required decisions on just what constituted unfrugal behavior. They settled on a definition involving ownership of homes, boats and cars, which is available from public records. Chief executives were deemed to be unfrugal if they owned a car that listed for more than $75,000, a boat that was more than 25 feet long or a house worth more than twice the average cost of a home near the company’s headquarters.”

Once again, the report findings seemed interesting. The researchers found that “Unfrugal chief executives are no more likely to commit fraud than their colleagues, but they are more likely to run companies where others commit fraud, and they are more likely to run companies that are forced to restate their financial statements.” In other words, they were playing with their expensive toys and not watching the shop.

Norris concludes his piece with the following, “I don’t think any of this proves that a traffic ticket should disqualify someone from running a public company. And it appears that most fraud is committed by chief executives who have no previous record of criminal behavior, so that is hardly the only thing a board should monitor. But the evidence may indicate that boards should routinely run background checks on top officers and on those being considered for such positions. If someone does have a bunch of traffic tickets, or worse, that could be an indication that deeper consideration is needed before that person is given control of a public company.”

I think that Norris has correctly articulated one of the key issues for any compliance practitioner in the due diligence process. What is the analysis that you should use? The FCPA Guidance provides a list of red flags which should be very large warning signs for a company in creating a business relationship with a third party. But beyond this well-known list of red flags, which information is relevant in assessing a third party, corporate CEO or other executive or simply a new hire. Does the fact that someone had a business failure and filed bankruptcy or has a low credit score mean they are prone to corruption? Or does that mean they have an entrepreneurial bend that would be an asset in a company? How about if they went through a major health issue and their health care provider and insurance carrier got into such a dispute over payment it affected the person’s credit score? What about multiple marriages, does that demonstrate a lack of stability?

So while Norris’ article does raise perhaps more questions than it has answers, you can take some solace in knowing that the due diligence process you have in your company is not new. The ancient Greeks used in 500 BCE.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

June 12, 2013

British PM Leads the Fight against Shell Corporations

One of the critical areas in due diligence for foreign business partners is determining who are the true owners of an entity. Unfortunately this is not always possible to determine as many countries do not require the names, addresses and other identifying information of shell company owners or limited liability partners. Many people think of the Cayman Islands or other traditional tax havens when such issues arise.

However, a surprising number of allegedly low risk countries also have this problem. New Zealand is generally recognized as one of the lowest risk countries in the annual Transparency International Corruption Perceptions Index (TI CPI), nevertheless this rating may not be all it seems. In an article by Michael Field on Stuff.co.nz, entitled “NZ firms linked to money laundering”, Field reported that one individual was listed as a Director of over 300 New Zealand formed companies. Another person, listed as the Director of the New Zealand Company alleged to have been involved with the shipment of arms to North Korea, was “convicted of 75 breaches of the Companies Act for giving false addresses on registration forms”.

New Zealand is not the only country with a low corruption perception which may not be completely accurate. In a Reuters article, entitled “Special Report: A little house of secrets on the Great Plains”, authors Kelly Carr and Brian Grow reported on one house in Cheyenne, Wyoming, which the authors claim “serves as a little Cayman Island on the Great Plains” as it is home to the registration of over 2,000 entities. The article claims that Wyoming allows “the real owners of corporations to hide behind “nominee” officers and directors with no direct role in the business, often executives of the mass incorporator.” Carr and Grow also quote Jason Sharman, a professor at Griffith University in Nathan, Australia, who states that “Somalia has slightly higher standards [for business incorporation] than Wyoming and Nevada.”

One of the anomalies in the ongoing Hewlett-Packard (HP) investigation, for alleged bribery and corruption violations in its German subsidiary, was the German authorities’ investigation of activities in and through the state of Wyoming. The article by Carr and Grow may help explain why the German authorities needed to investigate matters relating to Wyoming where the allegations were that bribes were paid by a HP German subsidiary for a sale into Russia.

Against this backdrop, British Prime Minister David Cameron has taken the lead in forcing jurisdictions who register such companies to disclose their ownership. While Cameron has come at this problem through the angle of tax evasion and compliance, it clearly has implications for the US Foreign Corrupt Practices Act (FCPA), UK Bribery Act and various anti-money laundering (AML) laws. The issue of public registers and beneficial ownership is coming to the fore on the eve of the G8 Summit which will be held in Northern Ireland starting next Monday. The Guardian has reported, in an article entitled “David Cameron under pressure to clarify owners of firms at G8”, that Cameron has also been given a political boost by the Cayman Islands agreeing to sign the OECD multilateral convention on tax transparency and information, the most important of the British overseas territories to do so.”

However, perhaps there is legislation on the way to close this loophole in the US. In another Reuters article, entitled “US House bill targets anonymous shell corporations”, Patrick Temple-West reported on prior US legislative attempts to require disclosure of corporate beneficial owners. Three such efforts have failed since the year 2000. Who might oppose such legislation? Temple-West reported that “Some state government group[s] remain opposed. In the past, resistance has also come from business groups and lawyers.” I am also somewhat chagrined to report that an organization that I belong to, the American Bar Association (ABA), has opposed prior legislation to provide greater discloser for shell companies.

Still this resistance may be changing. In an article in the New York Times (NYT), entitled “Obama Urged To Back Plan To List Owners Of Shell Firms”, Ravi Somaiya reported that “Anticorruption activists have urged President Obama to back a plan to publicly register the owners of shell companies in the United States and around the world, a move they say is essential to thwart corrupt government officials, tax evaders and money launderers who rely on an opaque financial system.” This problem has existed for several years in the US. Somaiya reported that “The Financial Crimes Enforcement Network, a bureau of the Treasury Department, estimated in 2005 that as much as $18 billion in suspicious transactions were made using international wire transfers that used shell companies in the United States.”

Somaiya also quoted Jack A. Blum, a lawyer and the chairman of Tax Justice Network USA, who said “These anonymous shell companies are used by everybody who steals money. Tens of thousands of shell corporations have been set up within the United States, he said, primarily in four states — Delaware, Montana, Nevada and Wyoming — that have loose regulations.” We know that the bad guys are selling the U.S. as a place to set up companies,” Mr. Blum said, citing its “aura of legitimacy.”

How does all of this relate to due diligence as the US problem would not seem to impact a company covered by FCPA? First of all, a company should know with whom they are doing business, and more pointedly a US company which is subject to the UK Bribery Act needs to recognize that any agent, distributor or other type of representative here in the US, is a foreign entity under the Bribery Act and needs full due diligence. While the jurisdictional scope of the Bribery Act has yet to be fully fleshed out, such a US company needs to consider its due diligence here in the US and may need to strengthen its investigations and background checks on such parties to comply with the Bribery Act.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

May 29, 2013

Kroll and Compliance Week Survey Anti-Bribery and Anti-Corruption

Not many people realize that the US has elected one president who served as a prisoner of war. That man was Andrew Jackson, who was captured by the British during the Revolutionary War. Now, can you name the American President who killed another man in a duel? If you guessed Andrew Jackson you are right and if you knew that today is the anniversary you receive extra credit and can proceed directly to Final Jeopardy.

I thought about the somewhat surprising history on Jackson when I read the recently released the “2013 Anti-Bribery and Corruption Benchmarking Report-A joint effort between Kroll and Compliance Week” (the “Survey”). Much like Jackson himself, the Survey had some interesting and somewhat disturbing findings as well regarding companies and their third parties. The findings were troubling because I think that most compliance practitioners recognize that their highest compliance risks under the Foreign Corrupt Practices Act (FPCA) and UK Bribery Act revolve around third parties. Some of the highlights of the survey are as follows.

I.                   Risks

While 43% of respondents said their bribery and corruption risks have increased in the last two years, another 39% said those compliance risks have remained mostly the same and, finally, 7.7% reported that they believe their compliance risks have actually fallen. Regarding future corruption risks, the respondents were split with half saying they expect compliance risks to rise in the next 12 months, and half do not. The single most common reason given for increasing compliance risks was expansion into new markets, followed by more vigorous enforcement of current anti-bribery laws. The Survey reported the “good news is that 57% of respondents say they conduct an enterprise-wide assessment of bribery and corruption risk annually. The bad news: the other 43% conduct such an assessment less than once a year, and 16.9% say they’ve never conducted a corruption risk assessment at all. A solid majority of companies also say they have some sort of documented approach to managing bribery and corruption risks; 37.7 say they have a “well-defined, documented process dedicated solely to global bribery risks,” and another 42.7% say they treat corruption risks as part of a larger documented process to address all compliance risks.”

II.                Due diligence

The Survey indicated that most companies have a good understanding of the need to, and performance of due diligence on third parties or acquisition targets. It found that 87% perform at least some sort of due diligence on third parties, and the criteria that help a compliance department decide how much diligence to perform generally seem risk-based. The top criteria were, in order, the nature of the work a third party would provide; the amount of contact the third party has with foreign officials; and where the third party is domiciled. A variety of tools were used to perform due diligence. These tools included: certifications from the third party that it has no corruption problems; reviews by your company’s legal or finance team; and data collected by your local business-unit leaders. Reference checks, on-site interviews, and research from professional investigators were some of the less-used techniques.

III.             Third parties

The Survey found that many companies are still struggling with ongoing anti-corruption monitoring and training for their third parties. Regarding training, 47% of the respondents said that they conduct no anti-corruption training with their third parties at all. The efforts companies do take to educate and monitor third parties are somewhat pro forma. More than 70% require certification from their third parties that they have completed anti-corruption training; 43% require in-person training and another 40% require online training. Large companies require training considerably more often than smaller ones, although when looking at all the common training methods, fully 100% of respondents say their company uses at least one method, if not more.

An astonishing 47% of all respondents said they conduct no anti-corruption training with their third parties at all. The numbers are even higher for companies based outside of North America (51%) and those with less than $1 billion in annual revenue (55%). Violet Ho, senior managing director for Kroll’s practice in greater China, was quoted as saying, “A lot of companies have very good intentions of doing a thorough job looking at their third parties,” Ho says. “But ultimately when you are a very large organization with more than 10,000 vendors, it’s not financially viable. You do not really have the time or resources to look deep into each and every one of them.” Another factor that Ho noted was significant is that companies often do not even know how many third parties they use, which makes training all of them impossible. Moreover, corporations typically have much less bargaining power with third parties, especially when they are located in far-flung jurisdictions. The result: if a company is using only one vendor to source an item and asks that vendor to promise to follow some anti-corruption code of conduct, the vendor feels emboldened to refuse.

Lastly, Ho stated “Trying to reach all third parties with a generic, headquarters-issued policy is a waste of time and money. Such policies tempt employees and third parties to find loopholes, and they ignore important regional differences. On-the-ground workers, are focused on revenue and profit, not compliance. Those goals aren’t mutually exclusive, but they do require coordination for a policy’s effective implementation—which adds all the more pressure on compliance officers to articulate why strong anti-corruption programs are good for business.” Clearly this Survey shows the challenges around third parties.

IV.              Effectiveness

For all a company’s efforts at risk assessment, due diligence, and monitoring third parties, the ultimate question for a compliance officer is simply does my system work? Questions about effectiveness, therefore, get to that core issue of whether all the compliance activities outlined above actually make the business less vulnerable to corruption risk. The Survey found that the responses in their anti-corruption procedures depended on how close to home the tasks actually are. 73% rated their training of domestic employees as “effective” or “very effective.” That figure dropped to 63.8% for foreign employees, and only 30% for third parties.

Melvin Glapion, Kroll managing director in EMEA, said that this phenomenon was the “downward and outward” problem. He explained that this meant that companies tend to overestimate how seriously messages sent from corporate headquarters are received elsewhere. Cultural differences abound, and many employees don’t see how anti-bribery policies apply to them in their daily jobs. Worse, the person doing compliance checks is often less senior than the executives he or she is monitoring.

Companies with less than $1 billion in revenue were actually more confident in their procedures’ effectiveness than larger businesses, the survey showed. Glapion was quoted as saying “that may be because smaller organizations have less bureaucracy and fewer third parties, or they may feel that they are not necessarily in the firing line.”

The Survey appears to indicate that companies still have a long way to go in certain areas, particularly third parties. The Survey provides the compliance practitioner with a good benchmark to look at the overall company program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

May 3, 2013

How Much Due Diligence is Enough?

Do you really know who you are doing business with in your supply chain? How much due diligence is enough? Should you update your due diligence on a regular basis? How about on a continuous basis? What ethical considerations come into play in the manufacturing sector, in the supply chain? These questions, and perhaps more, came to me as I was reading about the recent tragedy in Bangladesh involving the collapse of Rana Plaza. At this time, there are 433 confirmed dead and police report that 149 people are still missing in what has become the worst disaster for Bangladesh’s $20 billion-a-year garment industry. The collapsed building was built and owned by Mohammed Sohel Rana, he was not the owner of the factories that operated in Rana Plaza; he was simply the building owner and landlord and, therefore, is legally required to provide a safe structure

In an article in the New York Times (NYT), entitled “The Most Hated Bangladeshi, Toppled From a Shady Empire”, reporter Jim Yardley wrote about Mr. Rana’s rise to power and the problems that companies face when trying to do the right thing regarding corporate social responsibility in general, and bribery and corruption specifically, in the supply chain. This problem has become much more public for clothing companies who purchase finished goods from countries like Bangladesh. This is because even if you know who you are directly contracting with, your company may not know the subcontractors or your direct counter-party and you probably have no chance to know who the building owner or landlord might be. Finally, how can you determine if the building where your products are being produced meets minimum building code standards or is even safe to work in at all?

Rana Plaza was originally designed as a five story building. Yardley’s article details the methods that Rana used to secure the land and the permits to construct the building. Yardley reported, “To build Rana Plaza, Mr. Rana and his father bullied adjacent landowners, the landowners themselves say, and ultimately took their property by force. His political allies gave him a construction permit, despite his dubious claims of title to the land, and a second permit later to add upper floors that may have destabilized the building.” After the building was completed Mr. Rana successfully leased “out the existing five floors and gotten a permit from the local mayor, a political ally, to build additional floors. Mr. Khan, the former mayor, said this practice created serious risks, since officials were handing out permits, often for bribes, without insisting on the necessary safeguards.”

On the day before the building collapse “Workers on the third floor were stitching clothing when they were startled by a noise that sounded like an explosion. Cracks had appeared in the building. Workers rushed outside in terror. By late morning, Mr. Rana’s representatives had brought in Abdur Razzaque Khan, an engineer. Taken to the third floor, Mr. Khan examined three support pillars, and became horrified at the cracks he found. “I became scared,” Mr. Khan said. “It was not safe to stay inside this building.” He rushed downstairs and told one of Mr. Rana’s administrators that the building needed to be closed immediately. But Mr. Rana was apparently not impressed; he was holding court with about a dozen local journalists.”

Yardley quoted another journalist, Shamim Hossain, a local newspaper reporter, who reported that Mr. Rana said, “This is not a crack. The plaster on the wall is broken, nothing more. It is not a problem.” Unfortunately the next day the building collapsed.

Rana had rammed five separate garment factories into his now eight story building. How many people were employed there? I don’t think anyone will ever know the true number. As for Mr. Rana, perhaps understanding his personal criminal exposure for these actions, he was caught trying to flee the country. He is now in police custody. He, of course, says it was the evil factory owners which caused the entire catastrophe.

If your company is a US or EU purchaser of such finished products, what should your response be? In another NYT article, entitled “Some Retailers Rethink Role in Bangladesh”, reporter Steven Greenhouse noted that the Walt Disney Company “in March ordered an end to production of branded merchandise in Bangladesh.” Greenhouse said, “Disney’s move reflects the difficult calculus that companies with operations in countries like Bangladesh are facing as they balance profit and reputation against the backdrop of a wrenching human disaster.”

But is this the right response? In an article in the Financial Times (FT), entitled “Business must lead in Bangladesh”, John Grapper wrote “The first thing western companies need to do is the simplest: to stay in the country and to keep providing jobs for women, not to withdraw because they fear being tainted by association. Despite everything, the industry provides better-paid jobs than the alternative – working on rural farms – and has helped to emancipate women.”

Gapper further argues that US and EU retailer collective action is the only thing which will force change upon a corrupt Bangladeshi government. He said, “The second thing brands and retailers must do is band together. The factories they directly oversee in export zones tend to be better run. But they exert weak influence over the contractors and subcontractors that comprise most of the industry. Retailers use auditors to inspect suppliers but lack the information or power to stop abuses. Rana Plaza shows the difficulties. Planning and building controls are lax in Bangladesh and there is no simple way to check whether a factory is properly built. Raising building standards is beyond the power of any single company – it needs concerted action.”

Many have argued that the US government in particular has no place in enforcing its version of morality, in the form of the US Foreign Corrupt Practices Act (FCPA). But rarely is the flip side of this argument discussed, that being where a business solution can help to end corruption. Gapper notes this reality with the following, “Collectively, companies could push the government to overcome the obstacles of corruption, hidden army influence and factory owners who double as politicians. They hold the buying power in a sector that makes up 13 per cent of gross domestic product.”

What is the cost of bribery and corruption? I think that we are seeing it played out daily in Bangladesh as each body is pulled out of the rubble of the Rana Plaza. As a US company, how can you manage your FCPA risk? Should you perform due diligence on your landlord? I do not think any US company would think more than a nano-second when answering that question if they were leasing office space for their own employees. But the tragedy at Rana Plaza does beg the question, how much due diligence is enough and how far is far enough down the supply chain?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

« Previous PageNext Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,514 other followers