FCPA Compliance and Ethics Blog

October 22, 2013

The Tuck Rule, the Push Rule and Retaliation Against Whistleblowers

Filed under: FCPA,SEC,Whistleblower — tfoxlaw @ 1:01 am
Tags: , , , , ,

I cannot say the missed horse-collar on Johnny Football on the Texas A&M Aggies final series takes the worst officiating call of this past weekend award but the un-sportsman like call against the Patriots on the New York Jets first field goal attempt in overtime ranked as the worst pro-football officiating FUBAR of the weekend. For those of you who missed it, on an otherwise unsuccessful Jets field goal attempt, Patriot Chris Jones was flagged for pushing teammate Will Svitek from behind to violate a rule that says players cannot push teammates on the line of scrimmage into the offensive formation. To say that I am still confused by what happened because after watching about 20 different replays of the play would be an understatement; I still am not sure that actually happened or even if Jones pushed Svitek. I said to my wife that not only had I never heard of that rule, I had never seen a penalty called for such conduct; the TV announcers then said the same thing.

In thinking about that play and the Patriots loss to the Jets, I considered the following: is it now the beginning of the end of the Patriots dynasty which started on an equally obscure rule and penalty, aka “The Tuck Rule”? In the play during a 2001 playoff game, Raiders’ cornerback Charles Woodson sacked Patriots’ quarterback Tom Brady, which in turn, caused a fumble that was eventually recovered by Raiders’ linebacker Greg Biekert, and would have almost certainly sealed the game. Officials reviewed the play and eventually determined that Brady’s arm was moving forward, when it was actually moving backwards, thus making it an incomplete pass. Got it?

It was the first playoff game that Patriot coach Bill Belichick had won as head coach. If the Patriots do not win that game, they do not start a run of three Super Bowl victories in four years and Tom Brady probably never becomes the Golden Boy. Now I wonder if the Patriots 11 year run as one of the NFL’s all-time great franchises has ended with an equally obtuse and obscure rule as the Tuck Rule. I also wonder if the Patriots loss to the Jets portends the beginning of the end of their dynasty; all for the want of a rule no one had ever heard about or had seen enforced. Bookends indeed.

I thought about such obtuseness and obscureness when I ready the Memorandum and Order in Meng-Lin Liu v. Siemens AG, in the US District Court for the Southern District of New York. This case involved a whistleblower, Liu, who claimed that he was discharged by the defendant in retaliation for internally reporting violations of Siemens compliance program in North Korea and China. Liu had brought suit under the Dodd-Frank Act for retaliation against a whistleblower. The New York District Court followed the logic of the Fifth Circuit Court of Appeals in the Asadi decision that the Dodd-Frank Act itself does not explicitly provide for an extraterritorial application of the anti-retaliation provision even though a foreign employee may fall within the definition of a whistleblower for whistleblower award purposes. So even though Dodd-Frank and Sarbanes-Oxley (SOX) protect extraterritorial disclosures, they do not protect extraterritorial employees who make them. Got it, sort of like the Tuck Rule; was his arm moving forward, backwards or does it even matter?

All of this was based in part on the fact that “This is a case brought by a Taiwanese resident against a German corporation for acts concerning its Chinese subsidiary relating to alleged corruption in China and North Korea. The only connection to the United States is the fact that Siemens has ADRs [American Depository Receipts] that are traded on an American exchange.” I guess the Court was unaware of the fact that Siemens paid the largest fine for Foreign Corrupt Practices Act (FCPA) violations in the history of the world, ever. There must have been some US jurisdiction there somewhere.

Next the Court weighs into the “apparent incongruity” that while the Dodd-Frank explicitly incorporates SOX whistleblowing into the anti-retaliation protection provisions; for Dodd-Frank protections to apply there must be a disclosure to the Securities and Exchange Commission (SEC). However, for SOX protections to lie, certain internal disclosures are not only protected but required. The SEC itself promulgated a rule that an employee has anti-retaliation protections if (1) you have a ‘reasonable belief’ that securities has or will occur; (2) you provide that information to the SEC; and (3) report such conduct to “persons or governmental authorities other than the [SEC].”

To further confuse things, the Court accepts a Department of Labor (of all things) interpretation that reporting of FCPA violations does not fall within SOX protections because they are not violations of “any rule or regulation of the Securities and Exchange Commission” or “any provisions of Federal law relating to fraud against shareholders.” The Court then goes on to say that the plaintiff alleges that he reported violations of FCPA-relevant securities laws but the plaintiff’s Compliant does not specifically allege “that rule or specifically address recordkeeping violations.” The Court ends this section by stating that SOX does not “protect disclosures of FCPA violations.”

As the FCPA Professor might say “Say What”? To the plaintiff, they Court is saying that we are dismissing your compliant because you did not list with specificity either the Securities Exchange Act section a company violated in their conduct or address recordkeeping violations. But it really does not matter because even if you had listed them with sufficient specificity, SOX does not protect you, period.

In addition to being a little bit more than confusing, this Court ruling sets corporate compliance programs back on their collective backsides. Corporate America fought long and hard to require that employees report allegations of corruption and bribery internally before they went to the government. The reason that companies made this request was that it was only fair to allow companies to fix problems of which they may not have been aware. While the SEC did not require internal reporting as a prerequisite for Dodd-Frank whistleblowing, it did incentivize such whistleblowers to report internally first before submitting information to the SEC. But now that incentive is worthless if an employee who does so can be terminated at will for internally reporting concerns about bribery and corruption.

Just as the push rule may be the point at which the Patriots begin to tip away from their 11 year run as the best franchise in pro football, the Liu decision may be the bookend with the Asadi decision which portends the end of foreign employee protection against retaliation for internal whistleblowing. It is hard to conceive that neither Congress nor the SEC understood that by its nature, FCPA violations would occur overseas since it is a law which prohibits bribery of foreign government officials, not US government officials. While both the Southern District of New York and the Fifth Circuit Court of Appeals may think they are doing corporations a favor by ruling against international employees who internally report, the reality is that both the Liu and the Asadi decision out of the Fifth Circuit will both hurt corporations in the long run as now employees are only protected if they run to the SEC without giving the companies a chance to investigate, remediate or self-disclose any alleged FCPA violations.

As for the Patriots, the King is dead; long live the [next] King. May your reign be as majestic as the Patriots has been.

================================================================================================

Please join me Tuesday, Oct. 22 at noon CDT for a webinar on what I think are the Five Critical Trends in FCPA Compliance for 2014. It is hosted by The Network and you can attend at no charge. For details and registration, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

April 1, 2013

Ethical Behavior in the Navy – Lessons for the Non-Military Compliance Practitioner

What exactly is doing business in an ethical manner? I believe that the answer is different for each company. Ethical behavior can translate into doing business in a manner that does not jeopardize the safety of others and how you treat co-workers and subordinates. One of the things that I think ethical behavior entails is doing business within the rules, regulations and obligations of your business. For US companies doing business internationally, one of things this means is doing business within the parameters of the Foreign Corrupt Practices Act (FCPA).

But what if your business is named the US Navy? A recent article in the New York Times (NYT), entitled Admiral at Center of Inquiry is Censured”, by reporters C. J. Chivers and Thom Shanker explored some of these issues. The article discussed the discipline action taken against “Rear Adm. Charles M. Gaouette, who led Carrier Strike Group Three, which included the aircraft carrier John C. Stennis, had been accused of using profanity in a public setting and making at least two racially insensitive comments, officials familiar with the investigation said.” The article noted that his “case arrived as a worrisomely large number of senior military officers have been investigated or fired for poor judgment, malfeasance, sexual improprieties or sexual violence over the last year.”

Further, the article reported that due to the number of such cases, the new Secretary of Defense, Chuck Hagel, sent out an internal memo to the Pentagon’s top brass, which was also provided to the NYT. In this memo, Hagel “urging a renewed “commitment to values-based ethical conduct.” Further Hagel said that “Each of us must rededicate ourselves to upholding the principles of sound leadership,” and that “Our culture must exemplify both professional excellence and ethical judgment.”

Interestingly, this discipline of Admiral Gaouette, was instituted by a compliant by Navy Captain Ronald Reis, the commander of the Stennis. Reis himself was accused of not following “normal protocols for driving the ship through busy shipping lanes, and ran a bridge in which the surface officers under his command felt tense and unable to offer their input, the officers said. Three officers and two former officers familiar with the ship’s bridge procedures said the captain tended to act alone and by eye, and not carefully track the Stennis’s position relative to other vessels in crowded seas; one of them said he tended “to fly the ship.””

Lastly, the article quoted the former officer for the following “We’re not talking about how Ron worked with the harbor pilot when docking at a pier. We’re talking about how he was driving through congested seas. People were concerned when he was driving because they were concerned he would hit something.”

According to the article, Gaouette was cleared of any criminal violations but was given a “set of administrative penalties which will effectively end his career” in the Navy as “the full inspector-general’s report was ordered to be attached to the admiral’s service record, where it will block his chances at promotion or future command, officials said.”

I recognize that most compliance practitioners do not work for the military but there are some very valuable lessons for the compliance practitioner that can be gleaned from the article.

Ethical Leadership

The few references in the NYT piece to Hagel’s internal memo are quite telling. Like most military organizations, the US Navy relies on strong discipline throughout the ranks. However, this does not mean that a senior officer can act abusively to lesser ranked officers. The article noted that “Navy officials declined to provide details, or discuss precisely what Admiral Gaouette said that Captain Reis and the inspector general deemed insensitive.” Nevertheless, whatever was said would be appear to outside what the Navy believed was tolerable. So intolerable in fact, that it ended Admiral Gaouette’s career.

Treatment of Whistleblower

It was Captain Reis who filed the complaint against Admiral Gaouette, not the other way around. The article reported that “After Admiral Gaouette had ordered the captain to slow down as the vessel was steaming through ship traffic in the Malacca Strait in excess of 20 knots, the officers said, Captain Reis filed a complaint to the inspector general, claiming the admiral was abusive.” The Navy followed through and investigated a senior officer in a situation where it appeared that the junior officer had engaged in conduct where the junior officer did not follow standard Navy protocols. In other words, the Navy did not blame the person who filed the complaint for his actions which may have even led to Admiral Gaouette’s interactions with the Captain.

Discipline

As noted, the conduct which Admiral Gaouette engaged in was so far out of line or unethical that it ended his Navy career. For any compliance program to work there must be both a carrot and a stick, meaning that violation of a company’s ethical values must be punished. In the Navy, abusing a subordinate is something that violates its standards for ethics based conduct. Nothing speaks more strongly than actions and for the Navy to discipline a senior officer in such a manner speaks directly to its commitment of “upholding the principles of sound leadership” that Hagel spoke about in his internal memo.

I found this article provided many things for the compliance practitioner to think about. It showed the Navy’s commitment to have an organization run with ethics. It may be that your company could learn something from this example.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

February 8, 2013

How Does Your Organization Treat Whistleblowers?

As almost everyone knows, Lance Armstrong spoke for the first time about his performance enhancing drug (PED) use recently on Oprah. On the first night he admitted for the first time that he used PEDs during his seven wins at the Tour De France. The title of my colleague Doug Cornelius’ piece in Compliance Building really said it all in his article “Lance Armstrong – A Lying Liar Just Like Madoff”. Cornelius said “What caught my attention about the Armstrong interview was the window into the mind of a pathological liar. Armstrong had been telling the lie over and over and over. He lied to the public. He lied to the press. He lied to cancer survivors. He lied under oath.”

One of the areas which came up for me was how the people who blew the whistle on Armstrong’s use of PEDs before his admission were treated and how Armstrong subsequently treated them. Armstrong admitted that he was a ‘bully’ to those who said, hinted, or even implied that he had taken PEDs. He attacked ex-teammates; wives of ex-teammates and even a masseur who saw him take such substances. He put on an aggressive PR campaign for the better part of the past decade, to which the wife of ex-Tour De France winner Greg LeMond said “I can’t describe to you the level of fear that he brings to a family.”

While I would hope that most American and European companies have moved past the situation where whistleblowers are ostracized or worse threatened, one can certainly remember the GlaxoSmithKline (GSK) whistleblower Cheryl Eckard. A 2010 article in the Guardian by Graeme Wearden, entitled “GlaxoSmithKline whistleblower awarded $96m payout”, he reported that Eckard was fired by the company “after repeatedly complaining to GSK’s management that some drugs made at Cidra were being produced in a non-sterile environment, that the factory’s water system was contaminated with micro-organisms, and that other medicines were being made in the wrong doses.” She later was awarded $96MM as her share of the settlement of a Federal Claims Act whistleblower lawsuit. Eckard was quoted as saying, “It’s difficult to survive this financially, emotionally, you lose all your friends, because all your friends are people you have at work. You really do have to understand that it’s a very difficult process but very well worth it.”

More recently there was the example of NCR Corp., as reported in the Wall Street Journal (WSJ) by Christopher M. Matthews and Samuel Rubenfeld, in an article entitled “NCR Investigates Alleged FCPA Violations”, who stated that NCR spokesperson Lou Casale said “While NCR has certain concerns about the veracity and accuracy of the allegations, NCR takes allegations of this sort very seriously and promptly began an internal investigation that is ongoing,” regarding whistleblowers claims of Foreign Corrupt Practices Act (FCPA) violations. In a later WSJ article by Matthews, entitled “NCR Discloses SEC Subpoena Related to Whistleblower, he reported that NCR also said “NCR has certain concerns about the motivation of the purported whistleblower and the accuracy of the allegations it received, some of which appear to be untrue.”

Lastly, is the situation of two whistleblowers from the British company EADS. As reported by Carola Hoyos in a Financial Times (FT) article, entitled “Emails tell of fears over EADS payments”, Hoyos told the story of two men who notified company officials of allegations of bribery and corruption at the company and who suffered for their actions. The first, Mike Paterson, the then financial controller for an EADS subsidiary GPT, internally reported “unexplained payments to the Cayman Island bank accounts for Simec International and Duranton International, which totaled £11.5M between 2007 and 2009.” Hoyos reported that Paterson was so marginalized in his job that he was basically twiddling his thumbs all day at work.

The second whistleblower was Ian Foxley, a retired British lieutenant-colonel, who had joined the company in the spring of 2010 stationed in Saudi Arabia, to oversee a £2M contract between the British Ministry of Defence (MOD) and the Saudi Arabian National Guard. In December 2010, Foxley discovered some of the concerns which Mike Paterson had raised. According to Hoyos, “The morning after he discovered Mr. Paterson’s concerns he assessed the emails that Mr. Paterson had told him he had written over the previous three years.” This led Foxley to flee Saudi Arabia with documents of these suspicious payments, which he has turned over to the Institute of Chartered Accountants and the UK Serious Fraud Office (SFO).

What does the response of any of these three companies say about the way that it treats whistleblowers? Is it significantly different from the bullying Armstrong admitted he engaged in during his campaign to stop anyone who claimed that he was doping? While I doubt that companies will ever come to embrace whistleblowers, the US Department of Justice’s (DOJ’s) recent FCPA Guidance stated that “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” However, by marginalizing, attacking or even making a whistleblower fear for their life, such actions can drive a whistleblower to go the DOJ, Securities and Exchange Commission (SEC) or SFO. The Guidance recognized that “Assistance and information from a whistleblower who knows of possible securities law violations can be among the most powerful weapons in the law enforcement arsenal.”

So what is the compliance professional to make of the Armstrong confession and how can it be used for a compliance program? A recent White Paper, entitled “Blowing the Whistle on Workplace Misconduct”, released by the Ethics Resource Center (ERC) detailed several findings that the ERC had determined through surveys, interviews and dialogues. One of the key findings in this White Paper was that that a culture of ethics within a company does matter. Such a culture should start with a strong commitment to ethics at the top, however it is also clear that this message must be reinforced throughout all levels of management, and that employees must understand that their company has the expectation that ethical standards are vital in the business’ day-to-day operations. If employees have this understanding, they are more likely to conduct themselves with integrity and report misconduct by others when they believe senior management has a genuine and long-term commitment to ethical behavior. Additionally, those employees who report misconduct are often motivated by the belief that their reports will be properly investigated. Conversely, most employees are less concerned with the particular outcome than in knowing that their report was seriously considered.

This is the ‘Fair Process Doctrine’. This Doctrine generally recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. Considerable research has shown that people are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at by processes and procedures that are perceived as fair. Adhering to the Fair Process Doctrine in two areas of your Compliance Program is critical for you, as a compliance specialist or for your Compliance Department, to have credibility with the rest of the workforce.

In this area is that of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

This fairness has several components. One would be the use of outside counsel, rather than in-house counsel, to handle the investigation. Moreover, if company uses a regular firm, it may be that other outside counsel should be brought in, particularly if regular outside counsel has created or implemented key components which are being investigated. Further, if the company’s regular outside counsel has a large amount of business with the company, then that law firm may have a very vested interest in maintaining the status quo. Lastly, the investigation may require a level of specialization which in-house or regular outside counsel does not possess.

Phrasing it in another way, Mike Volkov, writing in his blog Corruption, Crime and Compliance, in an article entitled “How to Prevent Whistleblower Complaints”, had these suggestions: (1) Listen to the Whistleblower – In dealing with a whistleblower, it is critical to listen to the whistleblowers concerns. (2) Do Not Overpromise – At the conclusion of an initial meeting with a whistleblower, the company representative should inform the whistleblower that the company will review the allegations, conduct a “preliminary” investigation and report back to the whistleblower during, or at the conclusion of, any investigation. (3) Conduct a Fair Investigation – Depending on the nature of the allegations, a follow up inquiry should be conducted. The steps taken in the investigation should be documented.

I would add that after your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for the violation of any compliance policy. Simply put if you are going to fire employees in South America for lying on their expense reports, you have to fire them in North America for the same offense. It cannot matter that the North American employee is a friend of yours or worse yet a ‘high producer’. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

Lance Armstrong has and will continue to provide the ethics and compliance practitioner with many lessons. You can use his treatment of whistleblowers as an opportunity to review how your company treats such persons who make notifications of unethical or illegal conduct. With the increasing number of financial incentives available to persons to blow the whistle to government agencies, such as the SEC under the Dodd-Frank Act, it also makes very good business sense to do so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

January 23, 2013

The FCPA Guidance on the Ten Hallmarks of an Effective Compliance Program

Many commentators are still mining the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) publication, A Resource Guide to the U.S. Foreign Corrupt Practices Act, (the “Guidance”), which was released last November. I continue to find nuggets to provide to the compliance practitioner, as do others. But as we are a Base 10 culture, today I want discuss the 10 points listed as the ‘Hallmarks of Effective Compliance Programs”. They are a change in style, but not content, from the prior 13 point minimum best practices that the DOJ has in the Deferred Prosecution Agreements (DPAs) since at least November, 2010 and, indeed, from prior information made available by the DOJ.

I.                   Where Have We Been

Beginning with at least the Metcalfe & Eddy Consent and Undertaking, filed in December, 1999, the DOJ has laid out its thoughts on what should go into a Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program. In the Metcalfe & Eddy Consent and Undertaking, the DOJ laid out ten points of an effective FCPA anti-corruption compliance program. This was modified somewhat in Opinion Release 04-02, which laid out a best practices compliance program in 12 points, where the DOJ reviewed the proposal by an investment group who were acquiring certain companies and assets from ABB Ltd. ABB Vetco Gray Inc. and ABB Vetco Gray (UK) Ltd., two of the entities being acquired, had previously pled guilty to FCPA violations. The investment group desired to protect itself from further liability, to the extent possible, by proposing to the DOJ a comprehensive best practices compliance program. While the DOJ noted that this compliance program was not a shield against future violations, the DOJ would not “intend to take an enforcement action [against the investors] for violations of the FCPA prior to their acquisition from ABB.”

In the Panalpina DPA, issued in November, 2010, the DOJ laid out a 13 point minimum best practices compliance program. This number was changed this past summer when the Data Systems & Solutions LLC (DS&S) DPA was announced. In this enforcement action the DOJ listed 15 points on its minimum best practices FCPA anti-corruption compliance program. Then later in the summer, the DOJ moved to a 9 point compliance program in the Pfizer DPA. Even with all these changes in the number, the substance of each compliance program has remained the same.

II.                Where Are We Now? Hallmarks of Effective Compliance Programs

The Guidance cautions that there is no “one-size-fits-all” compliance program. It recognizes that depending on a variety of factors such as size, type of business, industry and risk profile that a company should determine what is appropriate for its own needs regarding a FCPA compliance program. But the Guidance makes clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

  1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states that “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
  2. Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. The Guidance makes clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model. Some of the risks a company should assess include “the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.”
  3. Oversight, Autonomy, and Resources. This section starts with a discussion on whether a company has assigned a senior level executive to oversee and implement a company’s compliance program. Not only must a company assign such a person with appropriate authority but that person, and the overall compliance function, must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Additionally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
  4. Risk Assessment. The Guidance states that “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.” The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.”
  5. Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
  6. Incentives and Disciplinary Measures. This involves both the carrot and the stick. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.” These incentives can take the form of a part of senior management’s bonuses or simply recognition on the shop floor.
  7. Third-Party Due Diligence and Payments. Here the Guidance focuses on the ongoing problem area of third parties. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
  8. Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
  9. Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
  10. Mergers and Acquisitions. Pre-Acquisition Due Diligence and Post-Acquisition Integration. Here the DOJ and SEC spell out what it expects in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information is not something that most companies had previously focused on. Basically, a company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

As I commented earlier in this article, the DOJ and SEC have communicated what they believe are the important parts of a risk based, anti-corruption compliance program for many years. I do not think that a compliance defense could be set out any more succinctly. However, I do like things set out in Base 10 and the “Hallmarks of Effective Compliance Programs” is an excellent compilation of where we are and what you need in place to go forward. I recommend this as a good a starting point for any compliance practitioner to implement a new compliance program or to evaluate the state of an ongoing compliance regime so assess your company’s risks and use these hallmarks as a basis to move forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

January 2, 2013

The Allianz FCPA Enforcement Action – What the Compliance Practitioner Needs to Know

Who is your favorite character from the Iliad? Is it Agamemnon the king who brings the Greek Armada to Troy for his brother’s honor; perhaps Ajax the mountain of a man who is the most loyal Greek warrior; how about Achilles the warrior who single-handedly destroys more Trojans than any Greek; or perchance Nestor the wise old counselor who tries to keep the Greeks united in the face of ten years of war? Perhaps your taste runs to the Trojan characters, Priam, the leader of Troy, Paris, now husband of the most beautiful woman on earth, or Hector, the stalwart son of Priam who dies in a duel with Achilles. In the Iliad, my money is on Odysseus, who is a king like Agamemnon and Priam; a shrewd advisor like Nestor; and a great warrior like Ajax, Achilles and Hector. Lastly, he has, if not the most beautiful wife in the world, certainly the most loyal in Penelope.

On December 17, 2012, the Securities and Exchange Commission (SEC) entered into an agreed Cease and Desist Order (Order) with Allianz SE regarding violations of the Foreign Corrupt Practices Act (FCPA). Much like Odysseus, this Order provides several different types of information for the compliance practitioner to digest. This post will work through some of the information and point out to you the lessons which can be drawn from this enforcement action.

The company is in the insurance business, writing lines including property and casualty, life, and health insurance and also is in asset management. Initially it is to be noted that the FCPA violations involve a subsidiary Allianz created to do business in Indonesia, PT Asuransi Allianz Utama Indonesia Ltd (Utama), through which the illegal payments were made. Allianz was the majority owner of this entity and Utama’s financial reporting was rolled up into the parent’s books and records. The Order reported that Utama secured at least 295 Indonesian government contracts through improper payments of approximately $650,626. From these improper payments, Allianz “realized $5,315,649 in profits.”

I.                   Jurisdiction

While the company is headquartered in Munich, Germany, from November 3, 2000 to October 23, 2009, Allianz’s American Depositary Shares and bonds were registered with the Commission pursuant to Section 12(b) of the Exchange Act and traded on the New York Stock Exchange (“NYSE”). This made Allianz an “issuer” within the meaning of the FCPA and therefore subject to the Act. The conduct at issue occurred when Allianz was a US issuer. Interestingly, in 2009, Allianz voluntarily delisted its securities from the New York Stock Exchange (NYSE).

II.                The Bribery Scheme

Back in 1981, the company opened up a “special purpose bank account” for the payment of agent commissions in Indonesia. However, in February, 2001, the Chief Compliance Officer (CEO) and Chief Financial Officer (CFO) of Utama “opened a separate, off-the-books account in the Indonesian Agent’s name (the “Agent special purpose account”). The Agent special purpose account was used to make improper payments to employees of Indonesian state-owned entities and others for the purpose of obtaining and retaining insurance contracts.” Contemporaneously with the creation of this new Agent special purpose account, Utama contracted with its Indonesian Agent a “Paying Agency Agreement” which established the Agent special purpose account would serve as the slush fund to make bribe payments to foreign officials and others as instructed by Utama.

a.      2001-2005

The scheme worked in this manner. There were two components for the insurance premiums, a “technical premium” which was 75-95% of the cost of the insurance product and the “overriding premium” which was the remaining 5-25% of the premium and was to be paid to the agent for the sale. During this time frame, the Utama Marketing Manager would make payments into the Agent special purpose account and these monies would be used to make improper payments to Indonesian government officials. The Indonesian government purchasing the insurance would be billed the combined total of these two premiums for 100% of the cost of the insurance product. The monies received by Utama would be deposited into one bank account and then the amount of the overriding commission would be transferred into the Agent special purpose account. This money would then be paid to the Indonesian government official who directed the purchase of the insurance product, in cash.

b.      2005-2008

Due to an internal whistleblower and subsequent investigation which will be discussed later, this original bribery scheme was modified in 2005; that is after completion of payments to Indonesian government officials who were owed bribes for insurance products purchased previously, up through 2008. Thereafter, Utama employed a variety of methods to make illegal and improper payments to Indonesian government officials. These methods included “1) booking commissions to an agent that was not associated with the account for the government insurance contract and then withdrawing the funds booked to the agent’s account as cash to pay the foreign official; or 2) overstating the amount of a client’s insurance premium, booking the excess amount to an unallocated account and then “reimbursing” the excess funds to the foreign officials, who were responsible for procuring the government insurance contracts.”

III.             Whistleblower and Internal Investigations

In 2005, an internal whistleblower made a complaint about the Agent special purpose account. This whistleblower apparently provided detailed information on the account and “a number of internal controls weaknesses.” The company initiated an internal audit of Utama and the Agent special purpose account but amazingly limited the scope of the audit to “embezzlement from the Company”. Even with this limited scope Allianz’s internal audit group identified the Agent special purpose account as a “vehicle to pay project development and overriding commissions to the special projects and clients for securing business with Utama” and other indicia of FCPA improper payments however “no additional steps were taken to determine the nature and purpose of the accounts or to identify the recipients of payments from the accounts.” The company did instruct Utama to close the Agent special purpose account but as noted above, not only did Utama continue to make improper payments out of the Agent special purpose account but also widened the scope of its bribery practices.

In 2009, the company’s outside auditor “received an anonymous complaint alleging that an Allianz executive created or initiated slush funds during his tenure with AZAP.” In response to this complaint the company created “a Whistleblower Committee to do an internal investigation and retained counsel to conduct an internal investigation of Utama’s payment practices in Indonesia.” However, Allianz did not self-report either the allegations of improper payments or the results of its internal investigations to the SEC or Department of Justice (DOJ). In 2010, the SEC opened an investigation after receiving “an anonymous complaint of possible FCPA violations.” After some initial delay in the timeliness in reporting to the SEC, the company began cooperation with the SEC and began remedial efforts.

IV.              Lessons Learned

There are several lessons which can be learned from the Allianz enforcement action. The first and foremost is jurisdiction. Simply because you are a foreign based company, do not think you are shielded from FCPA enforcement actions. Foreign companies need to review their US listings to determine if they have inadvertently subjected themselves to FCPA jurisdiction. In Allianz’s situation its American Depositary Shares and bonds were registered with the SEC. That is enough for jurisdiction. So if you are sitting across the Atlantic or Pacific or north or south of the border and have some American interests, holdings or anything else that you own or are a part of the US, you had better get your FCPA compliance house in order.

There is a wealth of information that internal auditors can use from this enforcement action. The first and foremost is that when you turn a rock over and look under it there may well be several things that show up under the light of day. If you are tasked with trying to find one scheme, such as embezzlement and find indicia of another, for example bribery and corruption of foreign government officials, it is in the interest of both you and your company to keep looking. If substantive information comes to a company in any manner, the company has a duty to investigate it and not to bury its collective head in the sand.

The bribery schemes used by Utama are also instructive. Initially, they give internal audit and anyone else looking for that matter, clear red flags to investigate further. If there is a “special purpose fund” of any type, the reason for the fund and justifications for payments out of it, thorough review of backup documentation is mandatory for your review. Additionally, there should be a review of the commissions paid. It is easy enough to do; match up the commission paid with the contract for which it is due under, coupled with the work done by the agent who is alleged to be owed the commission. You should also review the amount of commission paid to ascertain if it is within a reasonable range.

Internal controls must also not only be reviewed but additional monitoring and auditing should be put in place to make sure that any recommendations made are followed. Here Utama was told to close the Agent special purpose account in 2005 but not only did they fail to do so they continued to pay bribes out of it into 2008. Apparently no one at Allianz thought they should follow up to see if the instruction to close the Agent special purpose account was followed.

We started this blog with the question of who was your favorite hero from the Iliad. My favorite is Odysseus. He is the only Greek hero who combines all of the traits I listed in the opening paragraph. I think that the Allianz FCPA enforcement action is similar because there are many different lessons which can be learned. The DOJ and SEC consistently put out solid information that the compliance practitioner can use to evaluate and assess a compliance program or to manage specific risks. You do not have to read the tea leaves or try to go to the Oracle of Delphi to understand what the DOJ and SEC expect in the way of FCPA compliance. The Allianz SEC enforcement action continues this tradition.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

November 11, 2012

Armistice Day, Remembrance Day, Veterans Day

On the 11th minute of the 11th day of the 11th month in 1918, the War to End all Wars ended. While this ending did not accomplish that stated purpose, since that day we have honored all those persons who served in our Armed Forces. As you know Mary Jones has been posting for me over the past week when I had surgery and will continue to do so while am now recuperating. I wanted to thank everyone for their good wishes and I am doing as well as can be expected.

My surgery was performed on Election Day and it was not until the next day I was cognizant enough to ask a Nurse who won the election. Later that day, while still in ICU, I had an interesting conversation with another Nurse, who was from Nigeria, about our freedoms in America and that led me think about some of the things we owe all of our Veterans. I asked this Nurse what he thought about all the negative campaigning and accusations which flew back and forth; as opposed to some type of reasoned debate. He just looked at me and said “Do you know what I would have given back at home to be able to hear those things, or even say them.” The look in his eye reminded me that once again our right to vote, debate in public and otherwise engage in a free flowing dialogue about the future and destiny of our country is a freedom not held in other parts of the world, even in a country which, on paper at least, is a democracy.

I once had the rare privilege of trying a lawsuit in Hidalgo County, Texas, for 6 weeks. It was not a place friendly to defendants or corporations. One of the things I will never forget is the trial judge, Frank Evans, telling the jury panel about their rights and obligations as citizens to sit as jurors, and his comments were related to a Veteran. The Veteran was Harlon Block and he was one of the six men who raised the US Flag on Mount Suribachi on February 23, 1945. His name was enshrined outside the County Courthouse, along with the names of all other residents of Hidalgo County who have died serving our country from the Civil War to the present day. Harlon Block grew up in Weslaco, Texas, and played football at Weslaco High School. In February 1943, the entire team, consisting of 13 members, enlisted in the armed forces on the same day. Two years later, Block was one of the six men who made up one of the most iconic photos which came out of World War II and then he was killed while fighting on Iwo Jima.

The Judge who told this story was also one of those 13 boys. He told this story so that all of us might understand what it took for people to have the right to sit on a jury and judge their peers, whether in the criminal or civil context. As a trial lawyer, I think that one of our greatest freedoms is that of the Seventh Amendment which reads:

Amendment VII – Right to a jury trial

In suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury shall be otherwise reexamined in any court of the United States, than according to the rules of the common law.

I believe that this right to a trial by jury speaks to several rights but one of those is that, in the civil context, an aggrieved party gets to tell his or her story to an independent third party. This is a powerful catharsis for any injured person. But more than getting to simply tell their story they will be judged by a process which is fair and open, through the rules of procedure and evidence. I believe it is this concept that is important for compliance. There must be a way for persons to tell (or report) stories which concern them regarding bribery and corruption. Companies must allow employees to use a helpline, report concerns or even whistle blow internally without disparagement or attacking them in public. Because if companies do not allow such a mechanism a whistleblower can go straight to the Securities and Exchange Commission (SEC) and sign up for a bounty.

However, I think that there is another compelling reason that Amendment VII is so important and how it applies directly to compliance. I call it “the light of day”. By allowing ordinary citizens to not only see but participate in the judicial process, it gives greater credibility to the entire process itself. I still think about the scene from ‘On The Waterfront’ where Terry, played by Marlon Brando, calls out to Johnny Friendly, played by Lee J. Cobb, to tell him that where he is standing “in the light of day” is a much better place to be than hiding in the shadows. Today we call that ‘transparency’ and this is something that you must have in your compliance program. Employees must see that those who make internal whistleblower reports are not attacked, demeaned or marginalized. US society is better because of both sides of Amendment VII, those being the protection for and the participation of its citizens in the judicial process. I would posit to you that transparency extends to internal reporting systems which allow employees to express concerns regarding compliance issues without fear of retaliation.

So today I want to thank all the Veterans in my family. To my Father; to Uncle John and Uncle Alvan and to my Father-in-Law Michael Rudland, who served in the British Navy and helped keep my wife’s mother country safe for its Queen and Country. A big and most heartfelt thank you to all.

And for the rest of you, if you know a Veteran, buy them a cup of coffee today or call them up and say thanks. If you see one, tell him or her thanks. Our country just showed why it is the greatest in the world by having a free election; take some time to celebrate what the men and women in our armed forces have done for us.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 23, 2012

What is Your Integrity Capital?

Compliance practitioners often hear that bribes must be paid in emerging markets to get anything done. Indeed a recent survey by CEB (formerly Corporate Executive Board) of more than 700,000 employees of multinationals around the world, discussed in a Harvard Business Review article, entitled “Greased Palms, Giant Headaches”, by Dan Currell and Tracy Davis Bradley reported that there was a large jump in the payments of bribes, providing or receiving improper gifts and failures to report conflicts of interest in the BRIC (Brazil, Russia, India and China) countries over developed countries. Is bribery really pervasive in those countries or is it simply the perception? On the other hand, as Andre Agassi was found to say “Perception is reality.” Certainly the story by the New York Times (NYT) about Wal-Mart in Mexico paying over $24 million to be the first big box retailer into the Mexican market may lead some credence to that perception. While the authors did not specifically address the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act, they did report that “bribery and corruption is the second leading category of unlawful activity by Western companies in emerging markets”.

However, Currell and Bradley focus their collective attention on the US corporate headquarters in their article. They note that “Our research suggests that one driver originates at headquarters-multinationals’ increasing growth imperative in emerging markets.” While it certainly is a recognized and valid long-term growth strategy to identify and develop new markets, the authors believe that companies are now thinking that they can “meet our targets by increasing revenues quickly in markets” like the BRIC countries. In other words, long-term strategic plans suddenly become “short-term necessities” and this change can increase “the pressure on local employees to make their numbers, tempting some to break the law.”

What is a company to do when short term goals cause pressure, pressure and more pressure for increased revenues? The authors acknowledge that a robust compliance program is a key component for protection against bribery and corruption by employees, but they believe that more is needed. They identify “Integrity Capital” as a key component to “lower levels of misconduct along with higher levels of reporting when employees do witness wrongdoing. Integrity capital is embedded in the culture, not instituted through controls, and it helps shape employee behavior, which could include offering a bribe or defrauding the company.” The authors identify the following as five factors of Integrity Capital:

  1. Management takes action when it becomes aware of misconduct. This means that companies “must insist on a swift response to complaints, unbiased investigations” and even “public hangings” of offenders.
  2. Employees are comfortable speaking up about misconduct and don’t fear retaliation. While this would seem to be self-evident, it is a sad fact that in many companies, whistleblowers are ostracized or even blamed for the conduct in question. Witness the initial response by Wal-Mart management in the 2005 time frame to allegations of corruption made by an employee with knowledge of the conduct. He was blamed for the conduct at issue. Even in the recent allegations brought to light with EADS, the whistleblowers were marginalized or worse by the company.
  3. Senior leaders and managers treat employees with respect. The authors believe that in addition to not mistreating whistleblowers, companies should “praise employees who have the courage to call out wrongdoing.”
  4. Managers hold employees accountable. Simply put, if an employee engages in bribery or corruption, they need to be disciplined or discharged. Allowing high revenue generators or high income generating territories or business units to avoid scrutiny and/or sanctions is a clear recipe to destroy the integrity of a compliance program.
  5. High levels of trust exist among colleagues. Your employees must believe that the company will take allegations seriously and will act on the information that they provide.

The authors conclude their article with three different concepts which they believe will minimize the occurrences of bribery and corruption within an organization. First, a company should use commonsense observation. If an emerging market shows success in “speeding things along”, such as regulatory approvals for the construction of bricks-and-mortar facilities, this made need to be looked at closer. Since regulatory approvals do not happen quickly in BRIC countries, it may be that the skids were greased with cash to pay bribes. The second is that a company must be proactive in seeking out and obtaining information from employees about allegations of bribery and corruption. The authors “advise companies to also proactively solicit information from frontline employees and to use surveys or online tools to guarantee anonymity” in reporting allegations of bribery and corruption. Lastly, the authors insist that companies have organization justice so that if there are credible reports of misconduct they are not swept under the rug.

Currell and Bradley provide interesting observations which can be used by a compliance professional to evaluate the sufficiency of their compliance program. Their thoughts on things to look for from an emerging market provide solid guidance on searching for potential red flags which might warrant further investigation from internal audit or a FCPA based compliance audit team. There are a number of practitioners and ethicists who talk about the need for ethics in any company culture to compliment a compliance program. The article by Currell and Bradley provides some of their guidance on what that may look like.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 15, 2012

EADS and Tales of Whistleblowers: A Compliance Nightmare?

What is a compliance professional’s worst nightmare? Last week in Episode 49 of This Week in FCPA, Howard Sklar and I speculated on why the UK Serious Fraud Office (SFO) would announce it was opening an investigation into the activities of the UK defense contractor, EADS. On Tuesday, in a Financial Times (FT) article, entitled “Emails tell of fears over EADS payments”, reporter Carola Hoyos identified some of the reasons that EADS may be under investigation. Hoyos reported that almost five years ago, senior executives of the company were “alerted to questionable payments made to Cayman Island bank accounts and lavish gifts given to the Saudi Arabian royal family and military…”

There were two different instances where an employee brought up these payments to senior officials in the company. Mike Patterson, a senior controller for GPT, a subsidiary of the company, was concerned about “unexplained payments to the Cayman Island bank accounts for Simec International and Duranton International, which totaled £11.5M between 2007 and 2009.” Hoyos reported that Patterson “alerted his superiors about the payments as early as 2007” regarding the payments and his concerns. Patterson continued to raise his concerns internally within the company and by 2010 he had notified EADS Chief Compliance Officer (CCO) Pedro Montoya of these concerns.

Unfortunately, it appears that no one took Patterson’s concerns very seriously. Hoyos quoted from a Patterson email he was provided, which read “I think Pedro Montoya now ignoring me is sufficient indication we are wasting our time internally. Our concern for EADS future seems to be greater than [EADS] first line managers…I need to make a decision whether I persevere internally, whilst suffering mind numbing boredom, or whether I take the statutory directors actions to the authorities.” Hoyos noted that Patterson “transferred to another role within GPT.”

It turned out that Patterson was not alone within the company in noticing red flags over these payments. Ian Foxley, a retired British lieutenant-colonel had joined the company in the spring of 2010 stationed in Saudi Arabia, to oversee a £2M contract between the British Ministry of Defence (MOD) and the Saudi Arabian National Guard. By December of 2010, he was fleeing Saudi Arabia with “evidence of apparent irregular payments to Saudi officials.” Hoyos reported that while Foxley notes early on the suspicious payments, it was not until that someone had not only noted the same red flags but had reported them internally that he took action. The suspicious payments revolved around “bought-in services” which were payments for unexplained goods or services in a contract with a third party. Previously Patterson, in his role as financial controller, had refused to sign off on these contracts because of these “bought-in services” payments.

Although it was not clear from Hoyos article how Foxley became aware of the concerns raised by Patterson, he reported that “The morning after he discovered Mr. Patterson’s concerns he assessed the emails that Mr. Patterson had told him he had written over the previous three years.” This led to Foxley fleeing Saudi Arabia with documents of these suspicious payments. Foxley later raised his concerns “with the business secretary, the SFO and the Institute of Chartered Accountants.”

Hoyos reported that EADS “launched an internal investigation” in mid-2011 and that it is co-operating with the SFO. However, he also reminds readers that UK Prime Minister at the time, Tony Blair, halted a SFO investigation into corruption allegations surrounding another UK defence company BAE, in 2006. BAE later paid a fine to the US government for violations of the US Foreign Corrupt Practices Act (FCPA) of $400M.

So what are some of the questions raised by these allegations? While not specifically stated it appears that the original whistleblower, Mike Patterson, was so marginalized in his job that he was basically twiddling his thumbs all day at work. Foxley so feared for his safety that he gave “the slip” to his employer when fleeing Saudi Arabia. What does that say about EADS and its internal whistleblower program? What about the CCO and those higher up within the company, what role did they play? Finally, what is the role of the British government, not only the MOD as a very interested party, but the party in power; will they allow the SFO to investigate these allegations? As Alice Cooper might say, “Welcome to my nightmare?”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

July 26, 2012

FCPA and Bribery Act Hotlines: Staying Out of Hot Water with Other Jurisdictions

It is finally here. Today is the Opening Ceremony of the Games of the XXX Olympiad in London. The first Olympics I can remember watching were the 1964 Games in Tokyo. I was enthralled with watching the world’s greatest athletes compete and the boyhood joy about the Games still exists for me. And, for my money, the best sporting event will be held in world’s greatest city. It should be a great show for the next two weeks. They are a must watch for me and I hope that you will enjoy them as much as I intend to.

Today’s compliance thoughts relate to the Olympics in another way. I recently came across not only a must read article for the compliance practitioner but also a must save article. In the International Lawyer, Winter 2011*Volume 45*Number 4, I came across an excellent article, entitled “How to Launch and Operate a Legally-Compliant International Workplace Report Channel” or in Foreign Corrupt Practices Act (FCPA) parlance, a hotline. It was authored by Donald Dowling of the law firm of White and Case. Dowling provides a very useful guide to help navigate the challenges of setting up a multi-national whistleblower’s hotline, such as is required under the FCPA and UK Bribery Act. The majority of his article “analyzes the six categories of laws that can restrict whistleblower hotlines abroad, focusing on compliance.” You should obtain a copy of this article and keep it for reference in regards to your company’s hotlines. It is available on the White and Case website, by clicking here.

1.      Laws Mandating Whistleblower Procedures

This group of laws “comprises mandates that require setting up whistleblower hotlines in the first place.” This includes the US Sarbanes-Oxley (SOX) as well as other jurisdiction laws which generally protect whistleblowers from retaliation but do specifically require any hotlines be set up on a company wide basis. Dowling also found a couple of countries, Norway and Liberia, which require general receiving and processing of “public interest disclosures.”

2.      Laws Promoting Denunciations to Government Authorities

This category of laws generally related to legal requirements for the reporting of illegal acts to government authorities in two ways. First, these laws encourage whistleblowing to government which then compete with employer hotlines by enticing internal whistleblowers to divert denunciations from company compliance experts and over to outside law enforcers who indict white collar criminals. This first approach is found in Dodd-Frank, which offers bounties. Second, these “laws that require (as opposed merely to encourage) government denunciations rarely except corporate hotline sponsors. These laws therefore force hotline sponsors to divulge hotline allegations over to law enforcement.” This second approach is found in SOX which “requires an employer to offer internal hotline procedures”.

3.      Laws Restricting Hotlines Specifically

This category is exemplified by European data protection laws which act to restrict companies’ freedom to launch and operate reporting programs. Dowling believes that these laws are based upon the fact that Europeans “see hotlines as threatening privacy rights of denounced targets and witness”. Also this would seem to be in response to the totalitarian past from the World War II era. The author identifies what he termed “the four biggest hurdles” set up to frustrate hotlines in EU jurisdiction. They are “(1) restrictions against hotlines accepting anonymous denunciations; (2) limits on the universe of proportionate infractions on which a hotline accepts denunciations; (3) limits on who can use a hotline and be denounced by hotline; and (4) hotline registration requirements.

4.      Laws Prohibiting Whistleblower Retaliation

This category will be familiar to US compliance practitioners through the applications of US laws such as SOX, Dodd-Frank and numerous state whistleblower statutes. Additionally, the author lists numerous foreign jurisdictions which have such laws. But here he believes that the key is communication because in many countries and foreign jurisdictions, there is no tradition of protection of persons who make reports against superiors so that an “employer needs to overcome worker fear of reprisal for whistleblowing.”

5.      Laws Regulating Internal Investigations

Typically laws on internal investigation do not impact hotlines because a hotline is a “pre-investigation tool.” However, the author believes that No. 4 above, communication by the employer is critical to complying with laws that enact procedural safeguards for persons under investigation. Heavy-handed communications about a hotline could blow back against employers in claims by employees that “an employer rigged the investigation process.” So companies should ensure that communications about hotlines do not convey an “overzealous approach to complaint processing and investigations.”

6.      Laws Silent on, but Possibly Triggered By, Whistleblower Hotlines

Here the author recognizes that the title of this category “is necessarily vague and determining which laws fall into it is difficult.” Nevertheless, he writes that the most “likely candidates are data protection laws silent on hotlines and labor laws imposing negotiation duties and work rules.” Regarding the former, the author argues that hotlines are not databases but conduits for the transmittal of information. He acknowledges that EU data privacy laws reject this distinction and treat hotlines as if they were databases where information is stored. He does not identify other jurisdictions which yet take this aggressive approach but he believes this may become a trend. The labor law issue is also tricky and may turn on the interpretation of whether the institution of a hotline is viewed as substantive change in working conditions under a union-management labor agreement and therefore subject to collective bargaining.

In addition to all information I have only skimmed what is in the body of the text; the author also provides a handy chart which has the following headings:

Jurisdiction Is the authority binding law? Must confine hotline to certain topics only? Are anonymous whistleblower calls ever OK? Is outsourced (vs. in-house) hotline favored? Must disclose hotline to data agency?

So just as the London Olympics is a must watch for me, this article is a must read and a must download for compliance practitioners.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

February 3, 2012

The Gun Sting Case Defeats and What it means For FCPA Enforcement? Absolutely Nothing!

In a stunning rebuke of the Department of Justice’s (DOJ) trial strategy, all defendants in the second group of Gun Sting defendants walked out of the federal courthouse, still free. Two defendants were acquitted and the remaining three defendants were granted a mistrial. One defendant was dismissed at the close of the prosecution’s case in December as was the DOJ’s Foreign Corrupt Practices Act (FCPA) conspiracy count against all defendants. So, as the FCPA Professor noted, the DOJ is 0-10 in trial prosecutions in its Gun Sting case. However, that stark number does not tell the full picture of what is going on in enforcement of the FCPA.

First and foremost, not all of the Gun Sting defendants have been acquitted or even been granted mistrials, three defendants, Haim Geri, Daniel Alvarez and Jonathan Spiller all pled guilty. A fourth defendant, Richard Bistrong, reported by the FCPA Blog to be “the key intermediary between the FBI and the shot-show defendants”, pled guilty to one count of conspiracy to violate the FCPA and other statutes in 2010. So to imply the DOJ is zero in obtaining guilty verdicts and pleas for all defendants in its Gun Sting case is not precisely correct.

The defeats in the Gun Sting trials, coupled with the overturning of the guilty verdict in the Lindsey Manufacturing case and the O’Shea acquittal, have lead many commentators to make one of two arguments: (1) the DOJ is getting is comeuppance for ‘aggressive’ prosecution of the FCPA; and (2) coupled with the claim that the FCPA hurts US competitiveness overseas, it is the end of FCPA enforcement as we know it. Both positions are far wide of the mark. So what does the DOJ record for the two Gun Sting trials mean for FCPA enforcement? Absolutely nothing! As reported by the FCPA Blog, in 2011 15 companies settled FCPA enforcement actions by paying a total of $508.6 million in fines and penalties. Although this is a drop from both the number of companies which resolved FCPA enforcement actions and aggregate amount of fines and penalties paid over the previous year, this number is still significant. One need only take a look at the reported ongoing FCPA investigations to see that there is still significant enforcement occurring. As to the ‘aggressive’ DOJ enforcement, remember these enforcement actions against companies are made largely through self-disclosure. If the DOJ does not believe that there is a sufficient basis to bring an enforcement action, it will decline to prosecute the company.

What can be portended by the defeats at trial? First the whole notion that the Lindsey Manufacturing company defendants were somehow acquitted or over-zealously prosecuted is just plain wrong. They were found guilty and this guilty verdict was thrown out due to prosecutorial misconduct. As to O’Shea, it appears that the trial judge concluded that the government simply did not have enough evidence to get it to a jury. While it appears that the O’Shea case should not have gone to trial, the government at least put enough evidence forward to get to trial.

Such was not the case in the Gun Sting trials, where it appears the jury both (a) did not think the defendants were guilty, or (b) leaned so heavily towards acquittal that no unanimous decision could be made. It is still not clear why the government failed so miserably with the juries in the Gun Sting trials. It may be that people do not understand why the government would set up an apparently legitimate business transaction and then overlay a corruption case on it. After all, everyone understands that any business dealing involving illegal narcotics is illegal from the get-go. It does not matter if bribery and corruption are involved, the entire transaction is illegal. It may be the jurors did not feel the same about an underlying transaction which was clearly legal; here the sale of armaments to a foreign government, something the US government does on a routine basis.

It may also be the jury simply did not believe or even like the government’s star co-operating witness, Richard Bistrong. As reported by the FCPA Professor, Bistrong pled guilty long before any of the 2010 arrests in the Gun Sting case. He pled guilty back in 2009 which means that at least some of the time he was working undercover for the government, he had already pled guilty. This fact may have persuaded the jury in the Gun Sting trials that his testimony did not support the illegal conduct that the government claimed it supported. Or as asked by the FCPA Professor, in a post entitled “Will Bistrong’s Plea Impact The Africa Sting Cases?”, “What impact will Bistrong’s plea have in the Africa [Gun] Sting case – particularly the defendants’ expected entrapment defense?” It may have been quite a bit.

As your company’s compliance officer, what should you make of all this? My take is that you had better double down on your compliance program because I believe that the DOJ will refocus its efforts where it will have the most success, with enforcement actions against corporations. Why do I say this? First of all, there is the self-disclosure issue noted above which is now compounded by the Dodd-Frank Whistleblower provision. Second is the new norm of industry sweeps, and remember these started long before Johnson & Johnson who agreed, as part of its DPA, to turn in its competitors for alleged FCPA violations. Also name one company which will go to trial? The answer is easy because it’s none, nada, zilch and zero. After Arthur Anderson, no public US Company will go to trial in a FCPA case and risk a guilty verdict. Lindsey Manufacturing and the individual defendants went to trial because they were the company and the company was them.

So what is my take on the effect on ongoing FCPA enforcement of the failure of the DOJ to convict any of the Gun Sting defendants at trial? Once again, Absolutely nothing!

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Next Page »

Customized Rubric Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,199 other followers