What are your company’s risks for not knowing such information? Clearly anti-corruption legislation has remedies for civil and criminal liability. However, equally great may be reputational damage, “even from public investigations into a third party.” Put another way, how do you think the folks at Apple felt when they woke up on the morning of January 25, 2012 to find the following headline on the front page of the NYT “In China, Human Costs are Built into an iPad”?

In a recent White Paper, entitled “Third Party Essentials: A Reputation/Liability Checkup When Using Third Parties Globally”, authors Marjorie Doyle and Diana Lutz posit that in most foreign business partner relationships, your company will be held responsible for the actions of third parties which work for and with your company. The new global expectation is that “you know who they are, you have vetted them and you are in control of the activities for which you hired them.” They further believe that such is even more important when anti-corruption and anti-bribery laws, such as the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other OECD based legislation, are applicable. They note, “Gone are the days when organizations could wash their hands of liability or damage to reputation from outsourced work due to ethics and compliance failure.”

To help companies navigate through the issues, the authors have prepared a checklist to test an “organizations health status concerning your relationship to your third parties.” It is as follows:

1. Do you have a list or database of all your third parties and their information? Does your company have a full list of all third parties including such basic information as name, location, type of services provided, contract files and dates, principals of the third party and primary contact, due diligence files and any other information you might need to manage the third party relationship going forward?
2. Have you done a risk assessment of your third parties and prioritized them by level of risk? You need to know which third party services present the greatest risk to your company by asking some of the following questions: (a) Is the third party’s service critical to your business?; (b) Is the third party’s service performed with little company supervision or oversight?; (c) Does the third party have access to any company funds, resources or assets?; (d) Can the third party fund the company contractually?; and (e) Does the third party obtain any foreign governmental licenses, certifications or other approvals for your company?
3. Do you have a due diligence process for the selection of third parties, based on the risk assessment? You should use the information determined through the risk assessment to “tailor the level of diligence to the level of risk.” Assign a risk profile to categories, such as high, medium and low. The higher the risk, the more due diligence will be required to vet the third party.
4. Once the risk categories have been determined, create a written due diligence process. Here you need to have a written policy and defined procedures to implement that policy. The policy should include the following: (a) who is responsible for implementation; (b) list of red flags and how such red flags are to be dealt with and cleared; (c) a procedure to pay for any due diligence performed; (d) reference checks on third parties; (e) procedures for in-person interviews for third parties in a high risk category; (f) conflicts of interest checks, and (g) process for documentation and storage of all of the above information.
5. Once the third party has been selected based on the due diligence process, do you have a contract with the third party stating all the expectations? In addition to your standard commercial terms, your third party contract should also include compliance terms and conditions, which should including the following: (a) anti-corruption and anti-bribery certification; (b)requirement that the third party maintain accurate books and records and that your company has audit rights; (c) indemnity rights; (d) anti-corruption and anti-bribery training for the third party’s employees; (e) an anonymous reporting mechanism for ethics complaints; (f) require the third party to obtain pre-approval to subcontract out any of its work for your company; (g) require the third party to report any ownership change back to your company, and lastly (h) clear termination rights.
6. Is there someone in your organization who is responsible for the management of each of your third parties? Just as your company would never have an employee who is not supervised, your company should not have a third party which does not have company oversight. You should designate a manager to maintain the third party relationship with your company. Such relationship manager should maintain and update documentation on the third party, work with Internal Audit to schedule and perform audits, meet regularly with the third party and oversee adherence to the third party’s contract with your company.
7. What are “red flags” regarding a third party? Red flags are generally recognized as signs or situations which should give rise to further investigation by your company. While there are innumerable questions which can be asked and answered, I believe that red flags are generally organized into some or more of the following categories: (a) something seems out of the ordinary; (b) reluctance of party to supply information/difficulty of verifying information; (c) the company/services/principals are not verifiable by data, only anecdotally; and (d) mismatch in business experience with the product or services offered. Whatever red flags you list, if they are undiscovered or left unresolved, it could certainly cost a reputational loss or worse for your company.

Many companies understand the maxim “Know Your Customer (KYC)”, nevertheless, in today’s global economy this maxim may well need to be expanded to “Know Your Third Party”. The authors conclude by agreeing with Thomas Friedman’s observation in his Op-Ed piece “that there is no “out” and no “in” anymore” and that “the rule is: Source everywhere, manufacture everywhere, sell everywhere.” However, with this opportunity brings potential costs. Your company should “apply the same rigor in selecting, training and managing third parties” as it does for its own employees. A good place to start is with a third party checkup.

============================================================================================
Episode 29 of This Week in FCPA is up. Howard Sklar and I visit with the winning defense lawyers in the O’Shea case.

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

So what does the IRS bring to a FCPA investigation? Edmonds stated that the IRS has skills and experience in looking at financial patterns and tracing money. He noted that usually FCPA violations are tied to other legal violations, for example money-laundering or fraud, and that the IRS can comb through financial records to find patterns in payments. He also stated that the IRS has significant experience in investigating corporate shell structures which can be part of an ongoing criminal attempt to obtain bribes and then conceal the location of the money.

Agent Balmaseda stated that the IRS would be looking into financial statements for mis-characterization of bribe payments, specifically focusing on tax returns. Similarly, the IRS would also investigate to determine if companies were amending their financial statement filings, including tax returns, to correct such mis-characterizations after disclosure of any such payments. She later added that the same type of analysis would be applied to any monies which were initially mis-characterized on a company’s books and records, such as gifts, travel, entertainment or charitable contributions.

Agent Balmaseda also discussed some of the red flags the IRS will be looking for in any FCPA investigation in which their assistance is requested. These red flags may include the following:

1. Timing of contract award – Vis-à-vis payment to an agent at, or near, the award of a contract may indicate that monies paid to an agent are being used to pay a bribe.
2. Amount of contract – Check if contract is increased during its term. If there is no corresponding business justification, this may be evidence of corruption.
3. How was a payment made and to whom? – This analysis will look that the methods of payment and delivery.
4. Employee expense reports – While most investigations focus on payments to agents, the IRS may well look more closely at employee expense reports to see if any overall patterns are developing which might indicate corrupt payments are being made elsewhere.
5. The importance of a strong company Internal Audit investigative team – Here Agent Balmaseda emphasized that during a company’s internal investigation it is important to speak with the business unit controller because they decide how payments are categorized. She also emphasized that tax filings and their amendments are important.

The addition of the IRS to any FCPA investigation brings additional specialization and sophistication to the government’s effort. Agent Balmaseda’s remarks provide a company with clear guidance on the types of analysis that the IRS can, and will, perform. Companies should use this information and begin to perform these types of investigations internally before the government comes knocking. Lastly, a corporate tax return may provide fertile grounds for an investigation. Companies which now perform an internal investigation but do not self-report may find themselves in deeper trouble.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

One of the clear pieces of guidance from the Department of Justice (DOJ) is that a ‘tick-the-box’ compliance program is not only insufficient; it will not protect a company if a Foreign Corrupt Practices Act (FCPA) violation is discovered. However, many compliance practitioners do not know what should be analyzed regarding foreign business partners. I recently attended the ACI FCPA Boot Camp in Houston, home of the Johnson Space Center. One of the presentations dealt with how to design an overall program to evaluate, contract with, and manage foreign business partners. Furthermore, the presentation focused on how to assess the information obtained through the due diligence process. The presenters discussed a 12 point evaluation process for reviewing, assessing, then contracting with and managing foreign business partners. The steps are as follows:

1. Consider reputation for corruption in the country. You clearly need to review information from governmental organizations, such as the US Department of Commerce and State. A widely used source is from non-governmental organizations, such as Transparency International. Additionally, there are private sources such as World Check’s Country Check and the FCPA Database that you can use to review and determine a country’s overall reputation for corruption.
2. Competence of foreign business partner. This is a two-part analysis. It includes a review of the qualifications of the candidate for subject matter expertise and the resources to perform the services for which they are being considered. However, it also in includes an identification of the representative’s expected activities for your company.
3. Determine the integrity of the foreign business partner. There are several different methods that can and should be employed for this inquiry. Initially there should be an internal point of contact with the potential foreign business representative who can be used to obtain documents and financial, commercial and compliance references. After obtaining this initial information, you should review US and non-US restricted party lists and other media/internet searches. Next you should, at a minimum, obtain comments back from all references and if needed interview these references. Lastly, you should consider conducting an interview with the candidate. This can be done in house or through a company which specializes in investigations.
4. Identify relationships between agent and foreign governmental official. This inquiry requires a detailed review of the ownership and officers/directors and key employees of the foreign business partner. You will need to obtain and review entity information and documentation. If this is in a foreign language you will need to have it translated. One last point here is that you may now need  to look at customers as well to ascertain past and present relationships with government agencies.
5. Business justification for use of agent and reasonableness of compensation. Here you should begin the entire process by requiring the relevant business unit which desires to obtain the services of any foreign business partner to provide you with a business justification including current opportunities in territory, how the candidate was identified and why no currently existing foreign business relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.
6. Ensure that answers provided by the representative or business partner to due diligence questions are accurate and complete. This is the old Ronald Reagan maxim of ‘trust but verify’. You must verify information received from the prospective foreign business partner with interviews of business references and background searches.
7. Ensure compliance with local laws. This means that both the relationship that you envision is legal within the foreign jurisdiction and that the foreign business partner will comply with all local laws.
8. Integrate FCPA contract safeguards. You will need to incorporate the DOJ required language, listed in its 13 point minimum best practices compliance program. These compliance terms and conditions are found in Attachment C of all Deferred Prosecution Agreements (DPAs), entered into by the DOJ since at least November, 2010.
9. Provide for continuing oversight. After you have performed your due diligence, evaluated it and then entered into the contract for services, now the real work begins. You must manage that relationship. I suggest that you do so through a business unit sponsor for all foreign business partners. Such person must be assigned to and be responsible for ensuring continuing oversight of the foreign business partner.
10. Maintenance of books and records. This requirement also has two parts. Clearly your company must maintain appropriate internal controls over all its foreign business partners but your foreign business partner must also maintain such accurate records. I would go further to add that you should audit these records to ensure compliance.
11. Seek guidance from DOJ. As I mentioned above there are several different resources available to the compliance practitioner for information relating to foreign business partners. These include the minimum best practices as set forth in Attachment C to each DPA; DOJ Opinion Releases; Securities and Exchange (SEC) enforcement actions. Also remember your company can avail itself of the Opinion Release procedure and request guidance from the DOJ via that mechanism.
12. Use consistent standards and common sense. You should not check your common sense at the door when you become a compliance officer. The surest way to get into trouble is by ignoring your own internal warning signs. If a relationship feels bad to you, or something does not quite ‘smell right’ about a proposed foreign business partner, listen to that sensation. It may be a situation where more due diligence is required or a situation where you should walk away. Additionally, you should use consistent terms and conditions across industries and services, such as with customs brokers and freight forwarders.

The Apollo 1 tragedy still haunts NASA today. Vastag noted that “The tragedy is still etched on NASA’s collective psyche.” One NASA veteran, Travis Thompson, worries that the commercial companies which now lead most of American’s space efforts “have not absorbed the prime lesson of Apollo 1 — that bad design begets tragedy.” The 12 point program set out above will help your company to work through any issues with foreign business partners and by following it, you may well prevent your company from having its own compliance failure.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Ed. Note-I read the following post in the January 24 edition of Doug Cornelius’ Compliance Building. I was so impressed with the article that asked Doug if I could repost it in its entirety, which he graciously allowed me to do. 

An acquaintance in the compliance field sent me a copy of Dov Seidman’s How and I let it sit around  for months. (My “To Read” stack has grown very tall.)  I assumed How was vanity book and would rattle on and on about Seidman’s company: LRN. I recently moved and my “To Read” stack was tumbled around in a plain cardboard box.  How resurfaced in the stack and I noticed the forward was by President Bill Clinton. That was enough to catch my eye.

Seidman spends the first half of the book talking about transparency, trust, reputation, and the new inter-connected world. He does a fine job with these topics, but I’ve seen them handled better elsewhere. The second half of the book, which focuses more on Seidman’s philosophy of business, is when the book becomes more valuable.

Seidman highlights an empirical study about reputation using eBay’s seller reputation information. Chrysanthos Dellarocas used eBay as an experiment. In a study selling the same product, in the same way, through eBay sellers with different levels in the site’s reputation scores, the researchers found a measurable difference in price. A seller with a high reputation on average would get a measurable price premium over a seller who did not.

As you might expect, the book is full of stories as examples. One that really caught my eye was the description of four factories as examples of four types of corporate culture. The factories are to be toured and the measuring stick is the use of hard hats. At the first factory, one of lawlessness and anarchy, the factory tour guide does not offer hard hats to the visitors and many workers are seen without hard hats. At the second factory, an example of blind obedience, all workers wear hard hats and the tour guide says everyone has to wear one or they get fired. The tour guide admits that he doesn’t know why he needs to wear it or why the boss also makes him wear blue pants.

The third factory is the next step up the corporate culture ladder as an example of informed acquiescence. Hard hats are there for everyone with big signs saying everyone must wear one. But when one member of the tour group asks to be excused from wearing one, the tour guide scampers off trying to find a higher-up to approve the lack of a hard hat.

At the top of the corporate culture is the fourth factory, an example of Seidman’s self-governance. The tour guide insists that everyone wears a hard hat and when that same member of the tour group asks to be excused the tour guide says no. “I take personal responsibility for what happens to you. I don’t want to offend you, and you can call my boss or the owner if you like, but I believe your safety and the safety of everyone are paramount. “

The how of culture is broken into five parts: how we know, how we behave, how we relate, how we recognize, and how we pursue.

One common theme in the book is an indictment of a rules-based culture. Rules-makers “chase human ingenuity, which races along generally complying with the rules while blithely creating new behaviors that exist outside of them.” The example that caught my eye was the clerk who insisted on wearing ties with cartoon characters. His bosses fought him and finally insisted that he obey the rules on permissible neckwear. The clerk acquiesced and showed up the next day with Tasmanian Devil suspenders.

Ultimately, a rules-based governance focuses on the things you can’t do, while a values-based governance focuses on what is desirable.

This ends up with Seidman’s Leadership Framework. I think that is better left for more to readers of the book.

If this sounds interesting to you, I ended up with a second copy of How. Rahter than have it sitting on my bookshelf, I want to share it with one of my readers. If you are interested, leave a comment on this blog post or send an email to compliancebuilding@gmail.com. I’ll pick a winner on February 1.

============================================================================================Episode 28 of This Week in FCPA is out. Howard and I continue our 2012 discussions of all things FCPA and compliance including the SFO remedy in the Mabey and Johnson enforcement action and the O’Shea acquittal.

———————————————————————————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The editor can be reached at tfox@tfoxlaw.com.

On this discussion panel were two lawyers, Rick Chapman, Assistant General Counsel at Halliburton and John Lewis, Sr. Managing Counsel – Compliance Global Anti-Bribery Counsel, they presented two distinct views on utilizing local compliance point persons in their company’s respective international anti-corruption and anti-bribery efforts. I found that each company’s approach had merit and that they are both models which you can review to determine which might be best suited for implementation in your organization.

Conduit

Rick Chapman described the structure that Halliburton utilizes as a conduit to the compliance department. The local compliance resource is named as the “Local Compliance Advocate (LCA)” and is generally not an attorney or in the company’s Legal Department. The employee is a local business unit employee who Halliburton embeds within the compliance function. Initially the compliance group will identify a person who can handle this role and will then  provide them with specialized compliance training.

Mr. Chapman remarked that two of the main roles of the LCAs are to provide compliance training to other employees in the business unit and also to listen to the compliance concerns of Halliburton employees on the ground. As the local eyes and ears of the compliance group, they can bring day-to-day concerns back to the home office for review and assessment. In this manner they are viewed as a conduit to the compliance group, headquartered in Houston.

First Line

John Lewis contrasted the Halliburton conduit approach with that of Coca-Cola regarding local compliance resources. Coca-Cola utilizes regional counsel from the Legal Department to act as “Legal Ethics Officers (LEOs).” While these LEOs are lawyers, Mr. Lewis made clear that they are employed in the Legal Department and not in the local business unit. In their role, LEOs have authority to make preliminary compliance assessments regarding day-to-day compliance issues. The company views them as the first line of compliance.

Mr. Lewis said that one of the key reasons that the company takes this approach is in dealing with foreign governmental officials. LEOs have authority to make contact directly with foreign government officials and present the company’s position on compliance issues. He stated that this brings one additional level of review and assessment to the company’s compliance regime and that this could be important if a regulator reviewed any decision made by the company in the context of the Foreign Corrupt Practices Act (FCAP), UK Bribery Act or other anti-corruption laws.

I found both of these methods to create and utilize a local compliance representative creative and economically efficient. They are systems to help embed the concept of compliance within the local and international culture of an operation. By utilizing such resources, whether they be in the “conduit” format or the “first line of defense” format, I believe that a company can drive home, on a daily basis, how to conduct business ethically and within the parameters of anti-corruption laws.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The authors break their analysis down into two general areas. The first is “Getting to Know Your Supply Chain” and the second is “Act on Knowledge from Improved Chinese Transparency”.

Getting to Know Your Supply Chain

In this section, the authors suggest five activities which can help your company to foster identification and visibility of compliance into your supply chain.

1. Provide incentives for identifying, disclosing and addressing problems. The authors note that many companies will audit suppliers, which they term “the checklist approach” but that such an approach does little to change behavior. The authors believe that incentivizing suppliers to do business in a more compliant manner will yield more significant compliance performance.
2. Collaborate with NGOs to facilitate compliance education and monitoring. You should encourage suppliers to work with non-governmental organizations (NGOs) in the anti-corruption area so that your suppliers will take greater responsibility towards compliance. This can be done by working with TRACE International, Transparency International or a NGO which works towards a global business ethic of anti-corruption and anti-bribery.
3. Make use of changing governmental attitudes towards corruption. Just as the Chinese government has changed its tune on environmental issues, it has recently done so regarding anti-corruption. This change can be used as a signal to Chinese companies of the need for increased awareness and importance.
4. Work with multi-brand forums to standardize compliance audits. This is an interesting concept which would allow a supplier to receive a compliance audit which could then be used as a reference point in the compliance due diligence portion of your supplier approval process.
5. Encourage anti-corruption transparency as an efficiency tool. While many believe that transparency means additional costs and slows down a sales or production cycle, many have found the opposite to be true. Companies which operate with greater compliance transparency not only do so more efficiently but also in a more cost effective manner.

Act on Knowledge from Your Supply Chain

With visibility into the five areas identified above, your company is now poised to improve performance. Once again, the authors are focusing on improving environmental performance, but I believe that their seven listed action steps work in the compliance arena as well; they are as follows:

1. Encourage training of compliance professionals. US companies can work towards training Chinese compliance professionals at their home companies. I realize that many out there will proclaim that such training cannot be done but several US companies provide such training to their third party business partners.
2. Put skin in the game. Prospects for the greatest compliance improvements and conducting business in an ethical manner come from locations where both the US Company and Chinese supplier have a stake in the outcome. Not only is training a key, as noted above, but insert a compliance component into the financial of the relationship. Also work with the Chinese company to improve its compliance function through audits and assessments.
3. Learn from your suppliers and facilitate learning among your suppliers. US companies need to confront directly the cultural differences between both cultures. Additionally, a successful compliance program does not simply ram a US law, here the Foreign Corrupt Practices Act (FCPA), down the throats of local suppliers. Learn the nuances of local culture regarding gifts and entertainment from your suppliers and incorporate that knowledge into your training.
4. Collaborate with other US companies to drive change across suppliers. Work with industry groups to mandate that any supplier conducts business in an ethical manner.
5. Build collaborative training centers. This will not require your company to violate the Sherman Anti-Trust Act. Be a leader in your company and set up collaborative learning or training centers for compliance. Just as compliance is the most open business function within the US business community in terms of sharing best practices, use this compliance community to lead to ethical business in local suppliers.
6. Use your suppliers to train Tier 2 suppliers. This is a key component of the authors’ thesis. You should be able use your direct suppliers to train their suppliers. By creating such multi-stakeholder approaches, the DNA of compliance will be driven further down the supply chain.
7. Tailor programs to local realities. Similar to step 3 above, you must tailor your message to your local audience. This includes your message roll out. Your compliance program roll out must take into account both human resources constraints and other local conditions while providing incentives to suppliers to take ownership of compliance.

This program may not be easy. However, the authors have provided a framework from which you can design an overall approach to inculcating compliance in your supply chain. I believe it portends a growing trend towards partnering with your business relationships to ensure compliance with not only international anti-corruption and anti-bribery regimes, such as the FCPA and UK Bribery Act, but also local anti-corruption laws. The article is well worth a look.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

My colleague Tracy Coenen writes an invaluable blog entitled The Fraud Files Blog. She consistently writes about detecting fraud in all its forms. In a recent post,entitled “Ponzi Scheme and Investment Fraud Red Flags”, Tracy identified many Red Flags which might come up if you performed some due diligence on a Ponzi scheme or persons promoting it. In her blog post, she listed “some red flags about the “investment” you’re considering that might indicate it is a Ponzi scheme” and they are as follows:

• Promoters are not registered to sell investments (Consider doing a background check through Financial Industry Regulatory Authority (FINRA) if the promoter is U.S. based.);
• Promoters have a history of being investigated and/or disciplined for actions related to investments (Google is your best friend for this one.);
• Promoters and/or founders of the business/investment have criminal, bankruptcy, or civil court histories that are troubling (Use PACER to search all federal court records for a nominal fee. State courts generally have their own online systems, and access to them is growing daily.);
• Difficulty in verifying whether there is a legitimate business behind the investment (Again, Google is your friend!);
• Groundbreaking “new technology” or other special (but super-secret) methods or assets, which are going to take the world by storm and be the greatest thing since sliced bread;
• Complicated alleged business model that prevents an experienced investor from understanding how money is really made;
• The alleged performance of the company is suspiciously higher than competitors or companies in related industries;
• No objective third-party information can be found about the company;
• Elaborate explanations for why the business cannot be verified;
• Unusually high rates of return offered on the investments (Note that this one is the most common across all Ponzi schemes.);
• Returns on investment are guaranteed (Not to be confused with an annuity from a reputable company with a guarantee in the contract.);
• Promoter downplays the amount of risk investors will be exposed to, often  using phrases such as “a sure thing”;
• Reluctance to provide documentation supporting claims being made about the investment and the business behind it;
• Address of the “business” is a mail drop location, virtual office, or small private office that couldn’t possibly hold a business the size that is being claimed (Google Maps is very helpful for this one.);
• Few (if any) employees in the operation other than the founder and/or promoter;
• Background of the principals of the business is mismatched with what the business does (Use Google to find out what kinds of jobs they held previously, and compare it to what they’re supposedly doing now.); and
• Company’s alleged success is related to a recent announcement of some sort, rather than historical financial results (This one is even worse if the information in the announcement can’t be verified, and it appears to just be a PR stunt for the benefit of potential investors.).

One of the things that struck me in reading Tracy’s list of Ponzi scheme Red Flags is how closely they mirror those which may appear in a Foreign Corrupt Practices Act (FCPA) or UK Bribery Act due diligence investigation. Additionally the Red Flags would seem to organize themselves into four general areas:

1. Something seems out of the ordinary.
2. Reluctance of party to supply information/difficulty of verifying information.
3. The scheme is not verifiable by data, only anecdotally.
4. Mismatch in business experience with the product or services offered.

In due diligence training, I always tell people to listen to their guts, or if the hair on the back of their neck stands up, pay attention. Not listening to your internal warning system can lead your company down a path that it may well not desire to travel. Red Flags are so called for a reason and if they are raised they must be sufficiently clear. Tracy Coenen’s list of Red Flags for Ponzi schemes is one which any corporate compliance officer should take to heart.

Tracy Coenen, CPA, CFF  has also written a useful book for helping companies and individuals detect fraud and Ponzi schemes and investment frauds entitled, “Expert Fraud Investigation: A Step-by-Step Guide.” She can be reached via email at tracy@sequenceinc.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

From the perspective of the compliance practitioner, the thing that I found of interest was the discussion of four tasks that General Petraeus believes that leaders must perform. After listing these four tasks out, the authors go on to demonstrate  how General Petraeus applied this approach to such basic tasks as crafting rules on the use of force designed to strike a balance between being aggressive without causing unnecessary civilian casualties. The four tasks are:

1. A leader must get “the big ideas right”;
2. A leader must communicate those “big ideas”;
3. A leader must oversee “the implementation of those big ideas”; and
4. A leader must capture “best practices and lessons” and cycle them “back through the system to help refine the big ideas.”

So how can your senior management use General Petraeus’ four tasks to move towards a best practices compliance program?

Get the Big Ideas Right

The Big Idea here is compliance is good business. One only needs to look at the current debate to amend the FCPA to understand that it can be simple. At the House Judiciary Committee hearing last June, Department of Justice (DOJ) representative Greg Andres said it is quite easy to avoid FCPA liability; simply do not engage in bribery. That is certainly a big idea and one that senior management can lead the way.

Communicate the Big Ideas

Once senior management is committed to a big idea, such as the company will not engage in bribery or other forms of corruption to do business, senior management must communicate this message. Here a variety of forms of communications can be used; email, video messages, presenting at annual sales and leadership conferences or any other medium. Remember you, as the compliance officer, are only limited by your imagination on how to communicate this idea.

Oversee Implementation of the Big Ideas

Here General Petraeus suggests that senior management must take an active involvement in any program implementation or significant enhancement. This does not mean that senior management could or even should be down into the details of compliance program implementation or enhancement. However, it does mean that senior management needs to stay abreast of progress and assist, if required, to untangle strategic bottlenecks within the company.

Capture Best Practices and Lessons and Cycle Back

This fourth task is one that has clearly been discussed by Lanny Breuer and other DOJ representatives at compliance conferences over the past 2+ years. In any minimum best practices compliance program, there should be an annual assessment. The lessons learned from this annual assessment should be cycled back through your compliance program to allow continual refinement of the big idea that your company will not engage in corruption or bribery to obtain business.

General Petraeus’ four tasks outline an excellent manner for senior management to organize its approach to anti-corruption and anti-bribery compliance programs. As a compliance officer, you can present this mechanism to senior management as an approach to think through and manage its role in your compliance program. It is well worth a look.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The above came to mind as I read recent blog posts by the FCPA Professor and the FCPA Blog, that there is a new entry into the Nigerian-Bonney Island Bribery Scandal. That entrant is the Japanese trading company, Marubeni Corporation, which the Department of Justice announced it had settled an enforcement action with this past week. As reported by the FCPA Professor, Marubeni was retained by the joint venture, TSKJ, “to help it obtain and retain business in Nigeria, including by offering to pay and paying bribes to Nigerian government officials.”

Pursuant to the Deferred Prosecution Agreement, Marubeni agreed to pay a penalty of $54.6 million.  Marubeni was paid over $51 million for its services by TSJK so its overall penalty is assessed at slightly more than it received for services it rendered. As noted by the FCPA Professor, “ the advisory Sentencing Guidelines range for the charges at issue was $54.6 million – $109.2 million– a rare instance in which the fine amount is within the guidelines range.”

With this recent enforcement action we present the following updated Nigerian Bribery Scandal Box Score, new and improved with both Corporate and Individual Divisions:

                       SETTLEMENT BOX SCORE

So for those of you keeping score at home, there have been fines, penalties and profit disgorgement of over $1.72 billion. All of this for bribes paid on, by, or on behalf of TSJK. This JV won four contracts, worth more than $6 billion, from the Nigeria government between 1995 and 2004 to build LNG facilities on Bonny Island.

This total settlement figure does not include any potential costs going forward such as reduction of credit ratings, the payment of legal fees and any forensic accounting fees during the pendency of the DPA. The costs listed above do not include the total cost paid by Marubeni for its internal company investigation into this matter. However, based upon the reported fees to date paid by the other defendants, these investigation fees will surely be in the tens of millions of US$. Additionally the above Box Score does not take into account any fines or penalties paid by the defendants to the Nigerian government.

So what is the difference between Marubeni and Ryan Braun? It appears he can accept his MVP Award. Stay tuned for the results of his appeal and whether he can keep his MVP Award. Or as the English might say, “watch this space.” Good Friday to all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 © Thomas R. Fox, 2012

Bucaro’s article is based around the concept that “Decision making is like throwing a rock in a pond. No matter how big or small the rock is, water is displaced.” His thesis is that it is better to consider the ripple effects of your decision making before throwing that rock into your company’s ethics pond. If you do not do so you can easily run the risk of not only having unintended consequences occur but consequences for which you may have no response for, yet be held accountable for in your company. So to help navigate this, he provides five bases to touch before making such a decision.

1. When a decision needs to be made, hold the rock, hold and then hold it longer. In other word, preparation prevents poor performance. To the best that you can do so, do not pull the trigger on the decision until you know what the consequences will be and that you can deal with those you know and be prepared for the unforeseen consequences.
2. 2.      Do not let your emotions dictate when to throw that rock. Ask a trusted colleague for some time and explain the situation. Not only does this bring communal wisdom into your decision making process but it slows down the process to let any excess emotionalism burn off. A good rule of thumb – sleep on it before throwing the rock.
3. Sometimes you need to put the rock down. It is not always wrong to put the rock down and obtain additional information and data. Be careful that you do not fall into catharsis but if you need to put the rock down, do not be afraid to do so.
4. The bigger the rock, the bigger the ripples. A big splash means simply that, your decision will have many ripples and may well splash back on you. But trust your instincts. If your gut says something to you, you had best listen to it.
5. Know what your values are before a decision is made. What are the three most important things about your company’s ethical culture? Values, Values and Values. Know what your values are before you throw that rock. If your decision is values based (assuming you have the right values); both you and your company should be in a good place.

Will the Bucaro five points guarantee a 100% correct decision each and every time? No, they will not, but it will put you in position to anticipate the issues and be prepared for the consequences of your actions.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012