FCPA Compliance and Ethics Blog

June 18, 2014

SEC Sanctions Company for Whistleblower Retaliation

WhistleI drove my daughter to the airport today for her summer exchange program in Spain. On the way she asked me what I was going to blog about tomorrow and I told her whistleblowers. She was not familiar with that term so I explained it to her and her response was ‘Oh you mean a snitch’ which she then followed up with ‘Dad, nobody likes a tattletale.’ I digested these cheery thoughts for a few moments and I realized if that is what a 17 year old thinks about a person who tries to inform the appropriate parties of concerns, we still have quite a ways to go in this area.

In Compliance Week, Joe Mont reported that the Securities and Exchange Commission (SEC) brought its first enforcement action for a company’s retaliation against a whistleblower. On Monday of this week, the SEC “charged an Albany, N.Y.-based hedge fund advisory firm with engaging in prohibited transactions and then seeking retribution against the employee who reported the illicit trading activity.”

The hedge fund in question, “Paradigm Capital Management and owner Candace King Weir agreed to pay $2.2 million to settle the charges. According to the SEC’s order instituting a settled administrative proceeding, Weir conducted transactions between Paradigm and a broker-dealer that she also owns while trading on behalf of a hedge fund client. Advisers are required to disclose that they are participating on both sides of the trade and must obtain the client’s consent. Paradigm also failed to provide effective written disclosure to the hedge fund and did not obtain its consent as required prior to the completion of each principal transaction. The SEC’s order adds that Paradigm’s Form ADV was materially misleading because it failed to disclose the CFO’s conflict as a member of the conflicts committee.”

Regarding the whistleblower, the SEC order reflected, “after Paradigm learned that the firm’s head trader had reported potential misconduct to the SEC, it engaged in a series of retaliatory actions that ultimately resulted in his resignation. Paradigm removed him from his head trader position, tasked him with investigating the very conduct he reported to the SEC, changed his job function from head trader to a full-time compliance assistant, stripped him of his supervisory responsibilities, and “otherwise marginalized him,” the order says.”

The Dodd-Frank Whistleblower provisions not only allowed payment of a bounty for information, which leads to a SEC enforcement action, but also protects employees from retaliation. Sean McKessy, chief of the SEC’s Office of the Whistleblower, said in a statement “For whistleblowers to come forward, they must feel assured that they’re protected from retaliation and the law is on their side should it occur. We will continue to exercise our anti-retaliation authority in these and other types of situations where a whistleblower is wrongfully targeted for doing the right thing and reporting a possible securities law violation.”

The difficulties faced by whistleblowers on Wall Street have been well documented. In an article in the Financial Times (FT), entitled “Wall Street Whistleblowers”, William D. Cohen wrote about three such persons. Oliver Budde, a former legal advisor for Lehman Brothers, who was quoted as saying “When the tone at the top is ‘anything goes’ anything will go.” Eric Ben-Artzi, a former analyst at Deutsche Bank, who was quoted as saying “They accused me of trying to bring down the bank.” Peter Sivere, a former compliance officer at JP Morgan Chase, who was quoted as saying “I wish I had known that the house always wins.” All three men had tried to blow the whistle internally but were not only rebuffed but suffered retaliation.

For his article, Cohen interviewed the three men. He found that all of them had “made allegations of wrongdoing at their banks, made strenuous efforts to report what they had discovered through internal and external channels and all three were either fired from their jobs after trying to share the information they had stumbled upon or quit in frustration.” But, equally importantly, Cohen believes that their stories, “and the details of what happened to them are important. Not only do they illustrate the existential risks that whistleblowers take when they attempt to point out wrongdoing that they uncover at powerful institutions. They also matter because their stories show just how uninterested these institutions genuinely remain – despite the lip service of internal hotlines and support groups – in actually ferreting out bad behaviour.”

The article also quoted Jordan Thomas, a former SEC enforcement official now in private practice at the firm of Labaton Sucharow, where he heads the firm’s whistleblower practice. Thomas thinks that the anonymous reporting provisions of the Dodd-Frank Whistleblower provisions will help protect whistleblowers. He said, “Essentially most whistleblower horror stories start with retaliation and to be retaliated against, you have to be known. The genius of Dodd-Frank was it created a way for people with knowledge to report without disclosing their identity to their employers or the general public. That has been a game changer because now people with knowledge are coming forward with a lot to lose, but they have a mechanism where they can report this misconduct without fear of retaliation or blacklisting.” Thomas also said “the fact that the SEC could award $14m to a single whistleblower whose identity has remained unknown, despite efforts by the media to uncover it, sends a powerful message that whistleblower identities will be protected.”

One person who is uncomfortable with this anonymous reporting is Beatrice Edwards, director of the Government Accountability Project. She pointed to a recent SEC payout to an anonymous whistleblower, where “The SEC didn’t even reveal the nature of the wrongdoing the whistleblower uncovered, so both the company’s shareholders and the public remain in the dark about what was specifically uncovered and where. All that is known is that the SEC did bring a major enforcement action against a financial institution that resulted in a large penalty and the corresponding $14m award to the whistleblower.” Edwards argued that “the SEC is a disclosure agency, so they should have to establish that [not revealing the information] is really required in order to protect the whistleblower, if they’re going to in a sense subvert their mission . . . They really are not able to justify why they are silent about the name of the company or the nature of the fraud.”

Perhaps the SEC bounty program and the Paradigm Capital Management enforcement action will change the way that company’s view and treat whistleblowers. I certainly hope so because a company’s own employees are its best source of information about what is going on inside the company. As to my daughter’s perception about whistleblowers, I asked her if her school had any type of reporting system if a student saw or was subject to inappropriate behavior. She said that you are supposed to report it to a school counselor. When I explained that was a whistleblower system she relented somewhat. But then she added, No one should rat out their friends. Just like the SEC, I guess we have a ways to go.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

October 22, 2013

The Tuck Rule, the Push Rule and Retaliation Against Whistleblowers

Filed under: FCPA,SEC,Whistleblower — tfoxlaw @ 1:01 am
Tags: , , , , ,

I cannot say the missed horse-collar on Johnny Football on the Texas A&M Aggies final series takes the worst officiating call of this past weekend award but the un-sportsman like call against the Patriots on the New York Jets first field goal attempt in overtime ranked as the worst pro-football officiating FUBAR of the weekend. For those of you who missed it, on an otherwise unsuccessful Jets field goal attempt, Patriot Chris Jones was flagged for pushing teammate Will Svitek from behind to violate a rule that says players cannot push teammates on the line of scrimmage into the offensive formation. To say that I am still confused by what happened because after watching about 20 different replays of the play would be an understatement; I still am not sure that actually happened or even if Jones pushed Svitek. I said to my wife that not only had I never heard of that rule, I had never seen a penalty called for such conduct; the TV announcers then said the same thing.

In thinking about that play and the Patriots loss to the Jets, I considered the following: is it now the beginning of the end of the Patriots dynasty which started on an equally obscure rule and penalty, aka “The Tuck Rule”? In the play during a 2001 playoff game, Raiders’ cornerback Charles Woodson sacked Patriots’ quarterback Tom Brady, which in turn, caused a fumble that was eventually recovered by Raiders’ linebacker Greg Biekert, and would have almost certainly sealed the game. Officials reviewed the play and eventually determined that Brady’s arm was moving forward, when it was actually moving backwards, thus making it an incomplete pass. Got it?

It was the first playoff game that Patriot coach Bill Belichick had won as head coach. If the Patriots do not win that game, they do not start a run of three Super Bowl victories in four years and Tom Brady probably never becomes the Golden Boy. Now I wonder if the Patriots 11 year run as one of the NFL’s all-time great franchises has ended with an equally obtuse and obscure rule as the Tuck Rule. I also wonder if the Patriots loss to the Jets portends the beginning of the end of their dynasty; all for the want of a rule no one had ever heard about or had seen enforced. Bookends indeed.

I thought about such obtuseness and obscureness when I ready the Memorandum and Order in Meng-Lin Liu v. Siemens AG, in the US District Court for the Southern District of New York. This case involved a whistleblower, Liu, who claimed that he was discharged by the defendant in retaliation for internally reporting violations of Siemens compliance program in North Korea and China. Liu had brought suit under the Dodd-Frank Act for retaliation against a whistleblower. The New York District Court followed the logic of the Fifth Circuit Court of Appeals in the Asadi decision that the Dodd-Frank Act itself does not explicitly provide for an extraterritorial application of the anti-retaliation provision even though a foreign employee may fall within the definition of a whistleblower for whistleblower award purposes. So even though Dodd-Frank and Sarbanes-Oxley (SOX) protect extraterritorial disclosures, they do not protect extraterritorial employees who make them. Got it, sort of like the Tuck Rule; was his arm moving forward, backwards or does it even matter?

All of this was based in part on the fact that “This is a case brought by a Taiwanese resident against a German corporation for acts concerning its Chinese subsidiary relating to alleged corruption in China and North Korea. The only connection to the United States is the fact that Siemens has ADRs [American Depository Receipts] that are traded on an American exchange.” I guess the Court was unaware of the fact that Siemens paid the largest fine for Foreign Corrupt Practices Act (FCPA) violations in the history of the world, ever. There must have been some US jurisdiction there somewhere.

Next the Court weighs into the “apparent incongruity” that while the Dodd-Frank explicitly incorporates SOX whistleblowing into the anti-retaliation protection provisions; for Dodd-Frank protections to apply there must be a disclosure to the Securities and Exchange Commission (SEC). However, for SOX protections to lie, certain internal disclosures are not only protected but required. The SEC itself promulgated a rule that an employee has anti-retaliation protections if (1) you have a ‘reasonable belief’ that securities has or will occur; (2) you provide that information to the SEC; and (3) report such conduct to “persons or governmental authorities other than the [SEC].”

To further confuse things, the Court accepts a Department of Labor (of all things) interpretation that reporting of FCPA violations does not fall within SOX protections because they are not violations of “any rule or regulation of the Securities and Exchange Commission” or “any provisions of Federal law relating to fraud against shareholders.” The Court then goes on to say that the plaintiff alleges that he reported violations of FCPA-relevant securities laws but the plaintiff’s Compliant does not specifically allege “that rule or specifically address recordkeeping violations.” The Court ends this section by stating that SOX does not “protect disclosures of FCPA violations.”

As the FCPA Professor might say “Say What”? To the plaintiff, they Court is saying that we are dismissing your compliant because you did not list with specificity either the Securities Exchange Act section a company violated in their conduct or address recordkeeping violations. But it really does not matter because even if you had listed them with sufficient specificity, SOX does not protect you, period.

In addition to being a little bit more than confusing, this Court ruling sets corporate compliance programs back on their collective backsides. Corporate America fought long and hard to require that employees report allegations of corruption and bribery internally before they went to the government. The reason that companies made this request was that it was only fair to allow companies to fix problems of which they may not have been aware. While the SEC did not require internal reporting as a prerequisite for Dodd-Frank whistleblowing, it did incentivize such whistleblowers to report internally first before submitting information to the SEC. But now that incentive is worthless if an employee who does so can be terminated at will for internally reporting concerns about bribery and corruption.

Just as the push rule may be the point at which the Patriots begin to tip away from their 11 year run as the best franchise in pro football, the Liu decision may be the bookend with the Asadi decision which portends the end of foreign employee protection against retaliation for internal whistleblowing. It is hard to conceive that neither Congress nor the SEC understood that by its nature, FCPA violations would occur overseas since it is a law which prohibits bribery of foreign government officials, not US government officials. While both the Southern District of New York and the Fifth Circuit Court of Appeals may think they are doing corporations a favor by ruling against international employees who internally report, the reality is that both the Liu and the Asadi decision out of the Fifth Circuit will both hurt corporations in the long run as now employees are only protected if they run to the SEC without giving the companies a chance to investigate, remediate or self-disclose any alleged FCPA violations.

As for the Patriots, the King is dead; long live the [next] King. May your reign be as majestic as the Patriots has been.

================================================================================================

Please join me Tuesday, Oct. 22 at noon CDT for a webinar on what I think are the Five Critical Trends in FCPA Compliance for 2014. It is hosted by The Network and you can attend at no charge. For details and registration, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

April 1, 2013

Ethical Behavior in the Navy – Lessons for the Non-Military Compliance Practitioner

What exactly is doing business in an ethical manner? I believe that the answer is different for each company. Ethical behavior can translate into doing business in a manner that does not jeopardize the safety of others and how you treat co-workers and subordinates. One of the things that I think ethical behavior entails is doing business within the rules, regulations and obligations of your business. For US companies doing business internationally, one of things this means is doing business within the parameters of the Foreign Corrupt Practices Act (FCPA).

But what if your business is named the US Navy? A recent article in the New York Times (NYT), entitled Admiral at Center of Inquiry is Censured”, by reporters C. J. Chivers and Thom Shanker explored some of these issues. The article discussed the discipline action taken against “Rear Adm. Charles M. Gaouette, who led Carrier Strike Group Three, which included the aircraft carrier John C. Stennis, had been accused of using profanity in a public setting and making at least two racially insensitive comments, officials familiar with the investigation said.” The article noted that his “case arrived as a worrisomely large number of senior military officers have been investigated or fired for poor judgment, malfeasance, sexual improprieties or sexual violence over the last year.”

Further, the article reported that due to the number of such cases, the new Secretary of Defense, Chuck Hagel, sent out an internal memo to the Pentagon’s top brass, which was also provided to the NYT. In this memo, Hagel “urging a renewed “commitment to values-based ethical conduct.” Further Hagel said that “Each of us must rededicate ourselves to upholding the principles of sound leadership,” and that “Our culture must exemplify both professional excellence and ethical judgment.”

Interestingly, this discipline of Admiral Gaouette, was instituted by a compliant by Navy Captain Ronald Reis, the commander of the Stennis. Reis himself was accused of not following “normal protocols for driving the ship through busy shipping lanes, and ran a bridge in which the surface officers under his command felt tense and unable to offer their input, the officers said. Three officers and two former officers familiar with the ship’s bridge procedures said the captain tended to act alone and by eye, and not carefully track the Stennis’s position relative to other vessels in crowded seas; one of them said he tended “to fly the ship.””

Lastly, the article quoted the former officer for the following “We’re not talking about how Ron worked with the harbor pilot when docking at a pier. We’re talking about how he was driving through congested seas. People were concerned when he was driving because they were concerned he would hit something.”

According to the article, Gaouette was cleared of any criminal violations but was given a “set of administrative penalties which will effectively end his career” in the Navy as “the full inspector-general’s report was ordered to be attached to the admiral’s service record, where it will block his chances at promotion or future command, officials said.”

I recognize that most compliance practitioners do not work for the military but there are some very valuable lessons for the compliance practitioner that can be gleaned from the article.

Ethical Leadership

The few references in the NYT piece to Hagel’s internal memo are quite telling. Like most military organizations, the US Navy relies on strong discipline throughout the ranks. However, this does not mean that a senior officer can act abusively to lesser ranked officers. The article noted that “Navy officials declined to provide details, or discuss precisely what Admiral Gaouette said that Captain Reis and the inspector general deemed insensitive.” Nevertheless, whatever was said would be appear to outside what the Navy believed was tolerable. So intolerable in fact, that it ended Admiral Gaouette’s career.

Treatment of Whistleblower

It was Captain Reis who filed the complaint against Admiral Gaouette, not the other way around. The article reported that “After Admiral Gaouette had ordered the captain to slow down as the vessel was steaming through ship traffic in the Malacca Strait in excess of 20 knots, the officers said, Captain Reis filed a complaint to the inspector general, claiming the admiral was abusive.” The Navy followed through and investigated a senior officer in a situation where it appeared that the junior officer had engaged in conduct where the junior officer did not follow standard Navy protocols. In other words, the Navy did not blame the person who filed the complaint for his actions which may have even led to Admiral Gaouette’s interactions with the Captain.

Discipline

As noted, the conduct which Admiral Gaouette engaged in was so far out of line or unethical that it ended his Navy career. For any compliance program to work there must be both a carrot and a stick, meaning that violation of a company’s ethical values must be punished. In the Navy, abusing a subordinate is something that violates its standards for ethics based conduct. Nothing speaks more strongly than actions and for the Navy to discipline a senior officer in such a manner speaks directly to its commitment of “upholding the principles of sound leadership” that Hagel spoke about in his internal memo.

I found this article provided many things for the compliance practitioner to think about. It showed the Navy’s commitment to have an organization run with ethics. It may be that your company could learn something from this example.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

February 8, 2013

How Does Your Organization Treat Whistleblowers?

As almost everyone knows, Lance Armstrong spoke for the first time about his performance enhancing drug (PED) use recently on Oprah. On the first night he admitted for the first time that he used PEDs during his seven wins at the Tour De France. The title of my colleague Doug Cornelius’ piece in Compliance Building really said it all in his article “Lance Armstrong – A Lying Liar Just Like Madoff”. Cornelius said “What caught my attention about the Armstrong interview was the window into the mind of a pathological liar. Armstrong had been telling the lie over and over and over. He lied to the public. He lied to the press. He lied to cancer survivors. He lied under oath.”

One of the areas which came up for me was how the people who blew the whistle on Armstrong’s use of PEDs before his admission were treated and how Armstrong subsequently treated them. Armstrong admitted that he was a ‘bully’ to those who said, hinted, or even implied that he had taken PEDs. He attacked ex-teammates; wives of ex-teammates and even a masseur who saw him take such substances. He put on an aggressive PR campaign for the better part of the past decade, to which the wife of ex-Tour De France winner Greg LeMond said “I can’t describe to you the level of fear that he brings to a family.”

While I would hope that most American and European companies have moved past the situation where whistleblowers are ostracized or worse threatened, one can certainly remember the GlaxoSmithKline (GSK) whistleblower Cheryl Eckard. A 2010 article in the Guardian by Graeme Wearden, entitled “GlaxoSmithKline whistleblower awarded $96m payout”, he reported that Eckard was fired by the company “after repeatedly complaining to GSK’s management that some drugs made at Cidra were being produced in a non-sterile environment, that the factory’s water system was contaminated with micro-organisms, and that other medicines were being made in the wrong doses.” She later was awarded $96MM as her share of the settlement of a Federal Claims Act whistleblower lawsuit. Eckard was quoted as saying, “It’s difficult to survive this financially, emotionally, you lose all your friends, because all your friends are people you have at work. You really do have to understand that it’s a very difficult process but very well worth it.”

More recently there was the example of NCR Corp., as reported in the Wall Street Journal (WSJ) by Christopher M. Matthews and Samuel Rubenfeld, in an article entitled “NCR Investigates Alleged FCPA Violations”, who stated that NCR spokesperson Lou Casale said “While NCR has certain concerns about the veracity and accuracy of the allegations, NCR takes allegations of this sort very seriously and promptly began an internal investigation that is ongoing,” regarding whistleblowers claims of Foreign Corrupt Practices Act (FCPA) violations. In a later WSJ article by Matthews, entitled “NCR Discloses SEC Subpoena Related to Whistleblower, he reported that NCR also said “NCR has certain concerns about the motivation of the purported whistleblower and the accuracy of the allegations it received, some of which appear to be untrue.”

Lastly, is the situation of two whistleblowers from the British company EADS. As reported by Carola Hoyos in a Financial Times (FT) article, entitled “Emails tell of fears over EADS payments”, Hoyos told the story of two men who notified company officials of allegations of bribery and corruption at the company and who suffered for their actions. The first, Mike Paterson, the then financial controller for an EADS subsidiary GPT, internally reported “unexplained payments to the Cayman Island bank accounts for Simec International and Duranton International, which totaled £11.5M between 2007 and 2009.” Hoyos reported that Paterson was so marginalized in his job that he was basically twiddling his thumbs all day at work.

The second whistleblower was Ian Foxley, a retired British lieutenant-colonel, who had joined the company in the spring of 2010 stationed in Saudi Arabia, to oversee a £2M contract between the British Ministry of Defence (MOD) and the Saudi Arabian National Guard. In December 2010, Foxley discovered some of the concerns which Mike Paterson had raised. According to Hoyos, “The morning after he discovered Mr. Paterson’s concerns he assessed the emails that Mr. Paterson had told him he had written over the previous three years.” This led Foxley to flee Saudi Arabia with documents of these suspicious payments, which he has turned over to the Institute of Chartered Accountants and the UK Serious Fraud Office (SFO).

What does the response of any of these three companies say about the way that it treats whistleblowers? Is it significantly different from the bullying Armstrong admitted he engaged in during his campaign to stop anyone who claimed that he was doping? While I doubt that companies will ever come to embrace whistleblowers, the US Department of Justice’s (DOJ’s) recent FCPA Guidance stated that “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” However, by marginalizing, attacking or even making a whistleblower fear for their life, such actions can drive a whistleblower to go the DOJ, Securities and Exchange Commission (SEC) or SFO. The Guidance recognized that “Assistance and information from a whistleblower who knows of possible securities law violations can be among the most powerful weapons in the law enforcement arsenal.”

So what is the compliance professional to make of the Armstrong confession and how can it be used for a compliance program? A recent White Paper, entitled “Blowing the Whistle on Workplace Misconduct”, released by the Ethics Resource Center (ERC) detailed several findings that the ERC had determined through surveys, interviews and dialogues. One of the key findings in this White Paper was that that a culture of ethics within a company does matter. Such a culture should start with a strong commitment to ethics at the top, however it is also clear that this message must be reinforced throughout all levels of management, and that employees must understand that their company has the expectation that ethical standards are vital in the business’ day-to-day operations. If employees have this understanding, they are more likely to conduct themselves with integrity and report misconduct by others when they believe senior management has a genuine and long-term commitment to ethical behavior. Additionally, those employees who report misconduct are often motivated by the belief that their reports will be properly investigated. Conversely, most employees are less concerned with the particular outcome than in knowing that their report was seriously considered.

This is the ‘Fair Process Doctrine’. This Doctrine generally recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. Considerable research has shown that people are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at by processes and procedures that are perceived as fair. Adhering to the Fair Process Doctrine in two areas of your Compliance Program is critical for you, as a compliance specialist or for your Compliance Department, to have credibility with the rest of the workforce.

In this area is that of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

This fairness has several components. One would be the use of outside counsel, rather than in-house counsel, to handle the investigation. Moreover, if company uses a regular firm, it may be that other outside counsel should be brought in, particularly if regular outside counsel has created or implemented key components which are being investigated. Further, if the company’s regular outside counsel has a large amount of business with the company, then that law firm may have a very vested interest in maintaining the status quo. Lastly, the investigation may require a level of specialization which in-house or regular outside counsel does not possess.

Phrasing it in another way, Mike Volkov, writing in his blog Corruption, Crime and Compliance, in an article entitled “How to Prevent Whistleblower Complaints”, had these suggestions: (1) Listen to the Whistleblower – In dealing with a whistleblower, it is critical to listen to the whistleblowers concerns. (2) Do Not Overpromise – At the conclusion of an initial meeting with a whistleblower, the company representative should inform the whistleblower that the company will review the allegations, conduct a “preliminary” investigation and report back to the whistleblower during, or at the conclusion of, any investigation. (3) Conduct a Fair Investigation – Depending on the nature of the allegations, a follow up inquiry should be conducted. The steps taken in the investigation should be documented.

I would add that after your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for the violation of any compliance policy. Simply put if you are going to fire employees in South America for lying on their expense reports, you have to fire them in North America for the same offense. It cannot matter that the North American employee is a friend of yours or worse yet a ‘high producer’. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

Lance Armstrong has and will continue to provide the ethics and compliance practitioner with many lessons. You can use his treatment of whistleblowers as an opportunity to review how your company treats such persons who make notifications of unethical or illegal conduct. With the increasing number of financial incentives available to persons to blow the whistle to government agencies, such as the SEC under the Dodd-Frank Act, it also makes very good business sense to do so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

January 23, 2013

The FCPA Guidance on the Ten Hallmarks of an Effective Compliance Program

Many commentators are still mining the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) publication, A Resource Guide to the U.S. Foreign Corrupt Practices Act, (the “Guidance”), which was released last November. I continue to find nuggets to provide to the compliance practitioner, as do others. But as we are a Base 10 culture, today I want discuss the 10 points listed as the ‘Hallmarks of Effective Compliance Programs”. They are a change in style, but not content, from the prior 13 point minimum best practices that the DOJ has in the Deferred Prosecution Agreements (DPAs) since at least November, 2010 and, indeed, from prior information made available by the DOJ.

I.                   Where Have We Been

Beginning with at least the Metcalfe & Eddy Consent and Undertaking, filed in December, 1999, the DOJ has laid out its thoughts on what should go into a Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program. In the Metcalfe & Eddy Consent and Undertaking, the DOJ laid out ten points of an effective FCPA anti-corruption compliance program. This was modified somewhat in Opinion Release 04-02, which laid out a best practices compliance program in 12 points, where the DOJ reviewed the proposal by an investment group who were acquiring certain companies and assets from ABB Ltd. ABB Vetco Gray Inc. and ABB Vetco Gray (UK) Ltd., two of the entities being acquired, had previously pled guilty to FCPA violations. The investment group desired to protect itself from further liability, to the extent possible, by proposing to the DOJ a comprehensive best practices compliance program. While the DOJ noted that this compliance program was not a shield against future violations, the DOJ would not “intend to take an enforcement action [against the investors] for violations of the FCPA prior to their acquisition from ABB.”

In the Panalpina DPA, issued in November, 2010, the DOJ laid out a 13 point minimum best practices compliance program. This number was changed this past summer when the Data Systems & Solutions LLC (DS&S) DPA was announced. In this enforcement action the DOJ listed 15 points on its minimum best practices FCPA anti-corruption compliance program. Then later in the summer, the DOJ moved to a 9 point compliance program in the Pfizer DPA. Even with all these changes in the number, the substance of each compliance program has remained the same.

II.                Where Are We Now? Hallmarks of Effective Compliance Programs

The Guidance cautions that there is no “one-size-fits-all” compliance program. It recognizes that depending on a variety of factors such as size, type of business, industry and risk profile that a company should determine what is appropriate for its own needs regarding a FCPA compliance program. But the Guidance makes clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

  1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states that “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
  2. Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. The Guidance makes clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model. Some of the risks a company should assess include “the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.”
  3. Oversight, Autonomy, and Resources. This section starts with a discussion on whether a company has assigned a senior level executive to oversee and implement a company’s compliance program. Not only must a company assign such a person with appropriate authority but that person, and the overall compliance function, must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Additionally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
  4. Risk Assessment. The Guidance states that “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.” The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.”
  5. Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
  6. Incentives and Disciplinary Measures. This involves both the carrot and the stick. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.” These incentives can take the form of a part of senior management’s bonuses or simply recognition on the shop floor.
  7. Third-Party Due Diligence and Payments. Here the Guidance focuses on the ongoing problem area of third parties. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
  8. Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
  9. Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
  10. Mergers and Acquisitions. Pre-Acquisition Due Diligence and Post-Acquisition Integration. Here the DOJ and SEC spell out what it expects in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information is not something that most companies had previously focused on. Basically, a company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

As I commented earlier in this article, the DOJ and SEC have communicated what they believe are the important parts of a risk based, anti-corruption compliance program for many years. I do not think that a compliance defense could be set out any more succinctly. However, I do like things set out in Base 10 and the “Hallmarks of Effective Compliance Programs” is an excellent compilation of where we are and what you need in place to go forward. I recommend this as a good a starting point for any compliance practitioner to implement a new compliance program or to evaluate the state of an ongoing compliance regime so assess your company’s risks and use these hallmarks as a basis to move forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

January 2, 2013

The Allianz FCPA Enforcement Action – What the Compliance Practitioner Needs to Know

Who is your favorite character from the Iliad? Is it Agamemnon the king who brings the Greek Armada to Troy for his brother’s honor; perhaps Ajax the mountain of a man who is the most loyal Greek warrior; how about Achilles the warrior who single-handedly destroys more Trojans than any Greek; or perchance Nestor the wise old counselor who tries to keep the Greeks united in the face of ten years of war? Perhaps your taste runs to the Trojan characters, Priam, the leader of Troy, Paris, now husband of the most beautiful woman on earth, or Hector, the stalwart son of Priam who dies in a duel with Achilles. In the Iliad, my money is on Odysseus, who is a king like Agamemnon and Priam; a shrewd advisor like Nestor; and a great warrior like Ajax, Achilles and Hector. Lastly, he has, if not the most beautiful wife in the world, certainly the most loyal in Penelope.

On December 17, 2012, the Securities and Exchange Commission (SEC) entered into an agreed Cease and Desist Order (Order) with Allianz SE regarding violations of the Foreign Corrupt Practices Act (FCPA). Much like Odysseus, this Order provides several different types of information for the compliance practitioner to digest. This post will work through some of the information and point out to you the lessons which can be drawn from this enforcement action.

The company is in the insurance business, writing lines including property and casualty, life, and health insurance and also is in asset management. Initially it is to be noted that the FCPA violations involve a subsidiary Allianz created to do business in Indonesia, PT Asuransi Allianz Utama Indonesia Ltd (Utama), through which the illegal payments were made. Allianz was the majority owner of this entity and Utama’s financial reporting was rolled up into the parent’s books and records. The Order reported that Utama secured at least 295 Indonesian government contracts through improper payments of approximately $650,626. From these improper payments, Allianz “realized $5,315,649 in profits.”

I.                   Jurisdiction

While the company is headquartered in Munich, Germany, from November 3, 2000 to October 23, 2009, Allianz’s American Depositary Shares and bonds were registered with the Commission pursuant to Section 12(b) of the Exchange Act and traded on the New York Stock Exchange (“NYSE”). This made Allianz an “issuer” within the meaning of the FCPA and therefore subject to the Act. The conduct at issue occurred when Allianz was a US issuer. Interestingly, in 2009, Allianz voluntarily delisted its securities from the New York Stock Exchange (NYSE).

II.                The Bribery Scheme

Back in 1981, the company opened up a “special purpose bank account” for the payment of agent commissions in Indonesia. However, in February, 2001, the Chief Compliance Officer (CEO) and Chief Financial Officer (CFO) of Utama “opened a separate, off-the-books account in the Indonesian Agent’s name (the “Agent special purpose account”). The Agent special purpose account was used to make improper payments to employees of Indonesian state-owned entities and others for the purpose of obtaining and retaining insurance contracts.” Contemporaneously with the creation of this new Agent special purpose account, Utama contracted with its Indonesian Agent a “Paying Agency Agreement” which established the Agent special purpose account would serve as the slush fund to make bribe payments to foreign officials and others as instructed by Utama.

a.      2001-2005

The scheme worked in this manner. There were two components for the insurance premiums, a “technical premium” which was 75-95% of the cost of the insurance product and the “overriding premium” which was the remaining 5-25% of the premium and was to be paid to the agent for the sale. During this time frame, the Utama Marketing Manager would make payments into the Agent special purpose account and these monies would be used to make improper payments to Indonesian government officials. The Indonesian government purchasing the insurance would be billed the combined total of these two premiums for 100% of the cost of the insurance product. The monies received by Utama would be deposited into one bank account and then the amount of the overriding commission would be transferred into the Agent special purpose account. This money would then be paid to the Indonesian government official who directed the purchase of the insurance product, in cash.

b.      2005-2008

Due to an internal whistleblower and subsequent investigation which will be discussed later, this original bribery scheme was modified in 2005; that is after completion of payments to Indonesian government officials who were owed bribes for insurance products purchased previously, up through 2008. Thereafter, Utama employed a variety of methods to make illegal and improper payments to Indonesian government officials. These methods included “1) booking commissions to an agent that was not associated with the account for the government insurance contract and then withdrawing the funds booked to the agent’s account as cash to pay the foreign official; or 2) overstating the amount of a client’s insurance premium, booking the excess amount to an unallocated account and then “reimbursing” the excess funds to the foreign officials, who were responsible for procuring the government insurance contracts.”

III.             Whistleblower and Internal Investigations

In 2005, an internal whistleblower made a complaint about the Agent special purpose account. This whistleblower apparently provided detailed information on the account and “a number of internal controls weaknesses.” The company initiated an internal audit of Utama and the Agent special purpose account but amazingly limited the scope of the audit to “embezzlement from the Company”. Even with this limited scope Allianz’s internal audit group identified the Agent special purpose account as a “vehicle to pay project development and overriding commissions to the special projects and clients for securing business with Utama” and other indicia of FCPA improper payments however “no additional steps were taken to determine the nature and purpose of the accounts or to identify the recipients of payments from the accounts.” The company did instruct Utama to close the Agent special purpose account but as noted above, not only did Utama continue to make improper payments out of the Agent special purpose account but also widened the scope of its bribery practices.

In 2009, the company’s outside auditor “received an anonymous complaint alleging that an Allianz executive created or initiated slush funds during his tenure with AZAP.” In response to this complaint the company created “a Whistleblower Committee to do an internal investigation and retained counsel to conduct an internal investigation of Utama’s payment practices in Indonesia.” However, Allianz did not self-report either the allegations of improper payments or the results of its internal investigations to the SEC or Department of Justice (DOJ). In 2010, the SEC opened an investigation after receiving “an anonymous complaint of possible FCPA violations.” After some initial delay in the timeliness in reporting to the SEC, the company began cooperation with the SEC and began remedial efforts.

IV.              Lessons Learned

There are several lessons which can be learned from the Allianz enforcement action. The first and foremost is jurisdiction. Simply because you are a foreign based company, do not think you are shielded from FCPA enforcement actions. Foreign companies need to review their US listings to determine if they have inadvertently subjected themselves to FCPA jurisdiction. In Allianz’s situation its American Depositary Shares and bonds were registered with the SEC. That is enough for jurisdiction. So if you are sitting across the Atlantic or Pacific or north or south of the border and have some American interests, holdings or anything else that you own or are a part of the US, you had better get your FCPA compliance house in order.

There is a wealth of information that internal auditors can use from this enforcement action. The first and foremost is that when you turn a rock over and look under it there may well be several things that show up under the light of day. If you are tasked with trying to find one scheme, such as embezzlement and find indicia of another, for example bribery and corruption of foreign government officials, it is in the interest of both you and your company to keep looking. If substantive information comes to a company in any manner, the company has a duty to investigate it and not to bury its collective head in the sand.

The bribery schemes used by Utama are also instructive. Initially, they give internal audit and anyone else looking for that matter, clear red flags to investigate further. If there is a “special purpose fund” of any type, the reason for the fund and justifications for payments out of it, thorough review of backup documentation is mandatory for your review. Additionally, there should be a review of the commissions paid. It is easy enough to do; match up the commission paid with the contract for which it is due under, coupled with the work done by the agent who is alleged to be owed the commission. You should also review the amount of commission paid to ascertain if it is within a reasonable range.

Internal controls must also not only be reviewed but additional monitoring and auditing should be put in place to make sure that any recommendations made are followed. Here Utama was told to close the Agent special purpose account in 2005 but not only did they fail to do so they continued to pay bribes out of it into 2008. Apparently no one at Allianz thought they should follow up to see if the instruction to close the Agent special purpose account was followed.

We started this blog with the question of who was your favorite hero from the Iliad. My favorite is Odysseus. He is the only Greek hero who combines all of the traits I listed in the opening paragraph. I think that the Allianz FCPA enforcement action is similar because there are many different lessons which can be learned. The DOJ and SEC consistently put out solid information that the compliance practitioner can use to evaluate and assess a compliance program or to manage specific risks. You do not have to read the tea leaves or try to go to the Oracle of Delphi to understand what the DOJ and SEC expect in the way of FCPA compliance. The Allianz SEC enforcement action continues this tradition.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

November 11, 2012

Armistice Day, Remembrance Day, Veterans Day

On the 11th minute of the 11th day of the 11th month in 1918, the War to End all Wars ended. While this ending did not accomplish that stated purpose, since that day we have honored all those persons who served in our Armed Forces. As you know Mary Jones has been posting for me over the past week when I had surgery and will continue to do so while am now recuperating. I wanted to thank everyone for their good wishes and I am doing as well as can be expected.

My surgery was performed on Election Day and it was not until the next day I was cognizant enough to ask a Nurse who won the election. Later that day, while still in ICU, I had an interesting conversation with another Nurse, who was from Nigeria, about our freedoms in America and that led me think about some of the things we owe all of our Veterans. I asked this Nurse what he thought about all the negative campaigning and accusations which flew back and forth; as opposed to some type of reasoned debate. He just looked at me and said “Do you know what I would have given back at home to be able to hear those things, or even say them.” The look in his eye reminded me that once again our right to vote, debate in public and otherwise engage in a free flowing dialogue about the future and destiny of our country is a freedom not held in other parts of the world, even in a country which, on paper at least, is a democracy.

I once had the rare privilege of trying a lawsuit in Hidalgo County, Texas, for 6 weeks. It was not a place friendly to defendants or corporations. One of the things I will never forget is the trial judge, Frank Evans, telling the jury panel about their rights and obligations as citizens to sit as jurors, and his comments were related to a Veteran. The Veteran was Harlon Block and he was one of the six men who raised the US Flag on Mount Suribachi on February 23, 1945. His name was enshrined outside the County Courthouse, along with the names of all other residents of Hidalgo County who have died serving our country from the Civil War to the present day. Harlon Block grew up in Weslaco, Texas, and played football at Weslaco High School. In February 1943, the entire team, consisting of 13 members, enlisted in the armed forces on the same day. Two years later, Block was one of the six men who made up one of the most iconic photos which came out of World War II and then he was killed while fighting on Iwo Jima.

The Judge who told this story was also one of those 13 boys. He told this story so that all of us might understand what it took for people to have the right to sit on a jury and judge their peers, whether in the criminal or civil context. As a trial lawyer, I think that one of our greatest freedoms is that of the Seventh Amendment which reads:

Amendment VII – Right to a jury trial

In suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury shall be otherwise reexamined in any court of the United States, than according to the rules of the common law.

I believe that this right to a trial by jury speaks to several rights but one of those is that, in the civil context, an aggrieved party gets to tell his or her story to an independent third party. This is a powerful catharsis for any injured person. But more than getting to simply tell their story they will be judged by a process which is fair and open, through the rules of procedure and evidence. I believe it is this concept that is important for compliance. There must be a way for persons to tell (or report) stories which concern them regarding bribery and corruption. Companies must allow employees to use a helpline, report concerns or even whistle blow internally without disparagement or attacking them in public. Because if companies do not allow such a mechanism a whistleblower can go straight to the Securities and Exchange Commission (SEC) and sign up for a bounty.

However, I think that there is another compelling reason that Amendment VII is so important and how it applies directly to compliance. I call it “the light of day”. By allowing ordinary citizens to not only see but participate in the judicial process, it gives greater credibility to the entire process itself. I still think about the scene from ‘On The Waterfront’ where Terry, played by Marlon Brando, calls out to Johnny Friendly, played by Lee J. Cobb, to tell him that where he is standing “in the light of day” is a much better place to be than hiding in the shadows. Today we call that ‘transparency’ and this is something that you must have in your compliance program. Employees must see that those who make internal whistleblower reports are not attacked, demeaned or marginalized. US society is better because of both sides of Amendment VII, those being the protection for and the participation of its citizens in the judicial process. I would posit to you that transparency extends to internal reporting systems which allow employees to express concerns regarding compliance issues without fear of retaliation.

So today I want to thank all the Veterans in my family. To my Father; to Uncle John and Uncle Alvan and to my Father-in-Law Michael Rudland, who served in the British Navy and helped keep my wife’s mother country safe for its Queen and Country. A big and most heartfelt thank you to all.

And for the rest of you, if you know a Veteran, buy them a cup of coffee today or call them up and say thanks. If you see one, tell him or her thanks. Our country just showed why it is the greatest in the world by having a free election; take some time to celebrate what the men and women in our armed forces have done for us.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 23, 2012

What is Your Integrity Capital?

Compliance practitioners often hear that bribes must be paid in emerging markets to get anything done. Indeed a recent survey by CEB (formerly Corporate Executive Board) of more than 700,000 employees of multinationals around the world, discussed in a Harvard Business Review article, entitled “Greased Palms, Giant Headaches”, by Dan Currell and Tracy Davis Bradley reported that there was a large jump in the payments of bribes, providing or receiving improper gifts and failures to report conflicts of interest in the BRIC (Brazil, Russia, India and China) countries over developed countries. Is bribery really pervasive in those countries or is it simply the perception? On the other hand, as Andre Agassi was found to say “Perception is reality.” Certainly the story by the New York Times (NYT) about Wal-Mart in Mexico paying over $24 million to be the first big box retailer into the Mexican market may lead some credence to that perception. While the authors did not specifically address the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act, they did report that “bribery and corruption is the second leading category of unlawful activity by Western companies in emerging markets”.

However, Currell and Bradley focus their collective attention on the US corporate headquarters in their article. They note that “Our research suggests that one driver originates at headquarters-multinationals’ increasing growth imperative in emerging markets.” While it certainly is a recognized and valid long-term growth strategy to identify and develop new markets, the authors believe that companies are now thinking that they can “meet our targets by increasing revenues quickly in markets” like the BRIC countries. In other words, long-term strategic plans suddenly become “short-term necessities” and this change can increase “the pressure on local employees to make their numbers, tempting some to break the law.”

What is a company to do when short term goals cause pressure, pressure and more pressure for increased revenues? The authors acknowledge that a robust compliance program is a key component for protection against bribery and corruption by employees, but they believe that more is needed. They identify “Integrity Capital” as a key component to “lower levels of misconduct along with higher levels of reporting when employees do witness wrongdoing. Integrity capital is embedded in the culture, not instituted through controls, and it helps shape employee behavior, which could include offering a bribe or defrauding the company.” The authors identify the following as five factors of Integrity Capital:

  1. Management takes action when it becomes aware of misconduct. This means that companies “must insist on a swift response to complaints, unbiased investigations” and even “public hangings” of offenders.
  2. Employees are comfortable speaking up about misconduct and don’t fear retaliation. While this would seem to be self-evident, it is a sad fact that in many companies, whistleblowers are ostracized or even blamed for the conduct in question. Witness the initial response by Wal-Mart management in the 2005 time frame to allegations of corruption made by an employee with knowledge of the conduct. He was blamed for the conduct at issue. Even in the recent allegations brought to light with EADS, the whistleblowers were marginalized or worse by the company.
  3. Senior leaders and managers treat employees with respect. The authors believe that in addition to not mistreating whistleblowers, companies should “praise employees who have the courage to call out wrongdoing.”
  4. Managers hold employees accountable. Simply put, if an employee engages in bribery or corruption, they need to be disciplined or discharged. Allowing high revenue generators or high income generating territories or business units to avoid scrutiny and/or sanctions is a clear recipe to destroy the integrity of a compliance program.
  5. High levels of trust exist among colleagues. Your employees must believe that the company will take allegations seriously and will act on the information that they provide.

The authors conclude their article with three different concepts which they believe will minimize the occurrences of bribery and corruption within an organization. First, a company should use commonsense observation. If an emerging market shows success in “speeding things along”, such as regulatory approvals for the construction of bricks-and-mortar facilities, this made need to be looked at closer. Since regulatory approvals do not happen quickly in BRIC countries, it may be that the skids were greased with cash to pay bribes. The second is that a company must be proactive in seeking out and obtaining information from employees about allegations of bribery and corruption. The authors “advise companies to also proactively solicit information from frontline employees and to use surveys or online tools to guarantee anonymity” in reporting allegations of bribery and corruption. Lastly, the authors insist that companies have organization justice so that if there are credible reports of misconduct they are not swept under the rug.

Currell and Bradley provide interesting observations which can be used by a compliance professional to evaluate the sufficiency of their compliance program. Their thoughts on things to look for from an emerging market provide solid guidance on searching for potential red flags which might warrant further investigation from internal audit or a FCPA based compliance audit team. There are a number of practitioners and ethicists who talk about the need for ethics in any company culture to compliment a compliance program. The article by Currell and Bradley provides some of their guidance on what that may look like.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 15, 2012

EADS and Tales of Whistleblowers: A Compliance Nightmare?

What is a compliance professional’s worst nightmare? Last week in Episode 49 of This Week in FCPA, Howard Sklar and I speculated on why the UK Serious Fraud Office (SFO) would announce it was opening an investigation into the activities of the UK defense contractor, EADS. On Tuesday, in a Financial Times (FT) article, entitled “Emails tell of fears over EADS payments”, reporter Carola Hoyos identified some of the reasons that EADS may be under investigation. Hoyos reported that almost five years ago, senior executives of the company were “alerted to questionable payments made to Cayman Island bank accounts and lavish gifts given to the Saudi Arabian royal family and military…”

There were two different instances where an employee brought up these payments to senior officials in the company. Mike Patterson, a senior controller for GPT, a subsidiary of the company, was concerned about “unexplained payments to the Cayman Island bank accounts for Simec International and Duranton International, which totaled £11.5M between 2007 and 2009.” Hoyos reported that Patterson “alerted his superiors about the payments as early as 2007” regarding the payments and his concerns. Patterson continued to raise his concerns internally within the company and by 2010 he had notified EADS Chief Compliance Officer (CCO) Pedro Montoya of these concerns.

Unfortunately, it appears that no one took Patterson’s concerns very seriously. Hoyos quoted from a Patterson email he was provided, which read “I think Pedro Montoya now ignoring me is sufficient indication we are wasting our time internally. Our concern for EADS future seems to be greater than [EADS] first line managers…I need to make a decision whether I persevere internally, whilst suffering mind numbing boredom, or whether I take the statutory directors actions to the authorities.” Hoyos noted that Patterson “transferred to another role within GPT.”

It turned out that Patterson was not alone within the company in noticing red flags over these payments. Ian Foxley, a retired British lieutenant-colonel had joined the company in the spring of 2010 stationed in Saudi Arabia, to oversee a £2M contract between the British Ministry of Defence (MOD) and the Saudi Arabian National Guard. By December of 2010, he was fleeing Saudi Arabia with “evidence of apparent irregular payments to Saudi officials.” Hoyos reported that while Foxley notes early on the suspicious payments, it was not until that someone had not only noted the same red flags but had reported them internally that he took action. The suspicious payments revolved around “bought-in services” which were payments for unexplained goods or services in a contract with a third party. Previously Patterson, in his role as financial controller, had refused to sign off on these contracts because of these “bought-in services” payments.

Although it was not clear from Hoyos article how Foxley became aware of the concerns raised by Patterson, he reported that “The morning after he discovered Mr. Patterson’s concerns he assessed the emails that Mr. Patterson had told him he had written over the previous three years.” This led to Foxley fleeing Saudi Arabia with documents of these suspicious payments. Foxley later raised his concerns “with the business secretary, the SFO and the Institute of Chartered Accountants.”

Hoyos reported that EADS “launched an internal investigation” in mid-2011 and that it is co-operating with the SFO. However, he also reminds readers that UK Prime Minister at the time, Tony Blair, halted a SFO investigation into corruption allegations surrounding another UK defence company BAE, in 2006. BAE later paid a fine to the US government for violations of the US Foreign Corrupt Practices Act (FCPA) of $400M.

So what are some of the questions raised by these allegations? While not specifically stated it appears that the original whistleblower, Mike Patterson, was so marginalized in his job that he was basically twiddling his thumbs all day at work. Foxley so feared for his safety that he gave “the slip” to his employer when fleeing Saudi Arabia. What does that say about EADS and its internal whistleblower program? What about the CCO and those higher up within the company, what role did they play? Finally, what is the role of the British government, not only the MOD as a very interested party, but the party in power; will they allow the SFO to investigate these allegations? As Alice Cooper might say, “Welcome to my nightmare?”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

July 26, 2012

FCPA and Bribery Act Hotlines: Staying Out of Hot Water with Other Jurisdictions

It is finally here. Today is the Opening Ceremony of the Games of the XXX Olympiad in London. The first Olympics I can remember watching were the 1964 Games in Tokyo. I was enthralled with watching the world’s greatest athletes compete and the boyhood joy about the Games still exists for me. And, for my money, the best sporting event will be held in world’s greatest city. It should be a great show for the next two weeks. They are a must watch for me and I hope that you will enjoy them as much as I intend to.

Today’s compliance thoughts relate to the Olympics in another way. I recently came across not only a must read article for the compliance practitioner but also a must save article. In the International Lawyer, Winter 2011*Volume 45*Number 4, I came across an excellent article, entitled “How to Launch and Operate a Legally-Compliant International Workplace Report Channel” or in Foreign Corrupt Practices Act (FCPA) parlance, a hotline. It was authored by Donald Dowling of the law firm of White and Case. Dowling provides a very useful guide to help navigate the challenges of setting up a multi-national whistleblower’s hotline, such as is required under the FCPA and UK Bribery Act. The majority of his article “analyzes the six categories of laws that can restrict whistleblower hotlines abroad, focusing on compliance.” You should obtain a copy of this article and keep it for reference in regards to your company’s hotlines. It is available on the White and Case website, by clicking here.

1.      Laws Mandating Whistleblower Procedures

This group of laws “comprises mandates that require setting up whistleblower hotlines in the first place.” This includes the US Sarbanes-Oxley (SOX) as well as other jurisdiction laws which generally protect whistleblowers from retaliation but do specifically require any hotlines be set up on a company wide basis. Dowling also found a couple of countries, Norway and Liberia, which require general receiving and processing of “public interest disclosures.”

2.      Laws Promoting Denunciations to Government Authorities

This category of laws generally related to legal requirements for the reporting of illegal acts to government authorities in two ways. First, these laws encourage whistleblowing to government which then compete with employer hotlines by enticing internal whistleblowers to divert denunciations from company compliance experts and over to outside law enforcers who indict white collar criminals. This first approach is found in Dodd-Frank, which offers bounties. Second, these “laws that require (as opposed merely to encourage) government denunciations rarely except corporate hotline sponsors. These laws therefore force hotline sponsors to divulge hotline allegations over to law enforcement.” This second approach is found in SOX which “requires an employer to offer internal hotline procedures”.

3.      Laws Restricting Hotlines Specifically

This category is exemplified by European data protection laws which act to restrict companies’ freedom to launch and operate reporting programs. Dowling believes that these laws are based upon the fact that Europeans “see hotlines as threatening privacy rights of denounced targets and witness”. Also this would seem to be in response to the totalitarian past from the World War II era. The author identifies what he termed “the four biggest hurdles” set up to frustrate hotlines in EU jurisdiction. They are “(1) restrictions against hotlines accepting anonymous denunciations; (2) limits on the universe of proportionate infractions on which a hotline accepts denunciations; (3) limits on who can use a hotline and be denounced by hotline; and (4) hotline registration requirements.

4.      Laws Prohibiting Whistleblower Retaliation

This category will be familiar to US compliance practitioners through the applications of US laws such as SOX, Dodd-Frank and numerous state whistleblower statutes. Additionally, the author lists numerous foreign jurisdictions which have such laws. But here he believes that the key is communication because in many countries and foreign jurisdictions, there is no tradition of protection of persons who make reports against superiors so that an “employer needs to overcome worker fear of reprisal for whistleblowing.”

5.      Laws Regulating Internal Investigations

Typically laws on internal investigation do not impact hotlines because a hotline is a “pre-investigation tool.” However, the author believes that No. 4 above, communication by the employer is critical to complying with laws that enact procedural safeguards for persons under investigation. Heavy-handed communications about a hotline could blow back against employers in claims by employees that “an employer rigged the investigation process.” So companies should ensure that communications about hotlines do not convey an “overzealous approach to complaint processing and investigations.”

6.      Laws Silent on, but Possibly Triggered By, Whistleblower Hotlines

Here the author recognizes that the title of this category “is necessarily vague and determining which laws fall into it is difficult.” Nevertheless, he writes that the most “likely candidates are data protection laws silent on hotlines and labor laws imposing negotiation duties and work rules.” Regarding the former, the author argues that hotlines are not databases but conduits for the transmittal of information. He acknowledges that EU data privacy laws reject this distinction and treat hotlines as if they were databases where information is stored. He does not identify other jurisdictions which yet take this aggressive approach but he believes this may become a trend. The labor law issue is also tricky and may turn on the interpretation of whether the institution of a hotline is viewed as substantive change in working conditions under a union-management labor agreement and therefore subject to collective bargaining.

In addition to all information I have only skimmed what is in the body of the text; the author also provides a handy chart which has the following headings:

Jurisdiction Is the authority binding law? Must confine hotline to certain topics only? Are anonymous whistleblower calls ever OK? Is outsourced (vs. in-house) hotline favored? Must disclose hotline to data agency?

So just as the London Olympics is a must watch for me, this article is a must read and a must download for compliance practitioners.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,816 other followers