FCPA Compliance and Ethics Blog

April 24, 2014

Gifts, Travel and Entertainment under the FCPA – Part III

Travel and GiftsNow that we have reviewed all of the public record pronouncements from the Department of Justice (DOJ) and Securities and Exchange Commission (SEC), this post will try and suggest what you might need in your Foreign Corrupt Practices Act (FCPA) compliance policy and attendant procedures regarding gifts, travel and entertainment. Most generally, every company has three levels of written standards and controls around its compliance function. The first is its Code of Conduct, which every company should have to express its ethical principles. I assume your company has a Code of Conduct but if you are reading this blog post and you do not have a Code of Conduct, call me. The second is its standards and policies, which every company should use to build upon the foundation of the Code of Conduct and articulate Code-based policies, which should cover such issues as bribery, corruption and accounting practices. The third, and final component, is procedures, which every company should have to ensure that enabling procedures are implemented to confirm those policies are implemented, followed and enforced.

Rebecca Walker, writing in the Society for Corporate Compliance and Ethics Complete Compliance Manual [Second Edition], in an article entitled “Gifts and Entertainment Compliance”,said written policies around gifts, travel and entertainment typically contain the following elements:

  • An introduction explaining why gifts and entertainment are acceptable and why it is important to place limits on them;
  • A discussion of the types of gifts and entertainment that are acceptable (e.g., commonly accepted business courtesies);
  • A discussion of the types of gifts and entertainment that are unacceptable (e.g., cash);
  • Dollar limits and approval requirements;
  • More stringent rules applicable to employees in particular functions, as appropriate;
  • A mention or discussion of different rules applicable to government officials; and
  • References to other policies.

Mike Volkov, in a blog post entitled “Safe Harbors and Gifts, Meals, Travel, and Entertainment Expenses”, gave these general guidelines about gifts:

  1. Given openly and transparently;
  2. Properly recorded in the company’s books and records;
  3. Motivated to express esteem or gratitude (and not corrupt intent); and
  4. Permitted under local law.

About travel he had the following insights:

  1. Do not select the foreign officials to participate in the event, or use a systematic evaluation to identify appropriate officials to attend;
  2. Pay all costs directly to vendors and do not put “cash” in the pockets of any foreign officials attending an event (as an advance or for reimbursement);
  3. Ensure that stipends are reasonable estimates of expected costs and do not provide any additional compensation or money to foreign officials;
  4. Ensure that payments are transparent and accurately reflected in company books and records;
  5. Do not condition payments on any specific action by foreign official; and
  6. Obtain written confirmation payments do not violate local law.

Below are some of my thoughts about what should go into your gifts, travel and entertainment policy.

A.     Gifts

  • The gift should be provided as a token of esteem, courtesy or in return for hospitality.
  • The gift should be of nominal value but in no case greater than $500.
  • No gifts in cash.
  • The gift shall be permitted under both local law and the guidelines of the employer/governmental agency.
  • The gift should be a value which is customary for the country involved and appropriate for the occasion.
  • The gift should be for official use rather than personal use.
  • The gift should showcase the company’s products or contain the company logo.
  • The gift should be presented openly with complete transparency.
  • The expense for the gift should be correctly recorded on the company’s books and records.

B.     Entertainment

There are no Opinion Releases on the threshold that a Company can establish as a value for entertainment. I am comfortable that such a value can go up to $500 in an appropriate circumstance. However this must be tempered with clear guidelines incorporated into the business expenditure component of a FCPA compliance policy, which should include the following:

  • A reasonable balance must exist for bona fide business entertainment during an official business trip.
  • All business entertainment expenses must be reasonable.
  • The business entertainment expenses must be permitted under (1) local law and (2) customer guidelines.
  • The business entertainment expense must be commensurate with local custom and practice.
  • The business entertainment expense must avoid the appearance of impropriety.
  • The business entertainment expense must be supported by appropriate documentation and properly recorded on the company’s book and records.

C.     Travel

  • Any reimbursement for air fare will be for economy class. However, you may be able to make exceptions for senior government officials, extremely long haul flights, or where you are contractually mandated to pay for business class travel.
  • Do not select the particular officials who will travel. That decision will be made solely by the foreign government.
  • Only host the designated officials and not their spouses or family members.
  • Pay all costs directly to the service providers; in the event that an expense requires reimbursement, you may do so, up to a modest daily minimum (e.g., $35), upon presentation of a written receipt.
  • Any souvenirs you provide the visiting officials should reflect the business and/or logo and would be of nominal value, e.g., shirts or tote bags.
  • Apart from the expenses identified above, do not compensate the foreign government or the officials for their visit, do not fund, organize, or host any other entertainment, side trips, or leisure activities for the officials, or provide the officials with any stipend or spending money.
  • The training costs and expenses will be only those necessary and reasonable to educate the visiting officials about the operation of your company.

The incorporation of these concepts into a FCPA compliance policy is a good first step towards preventing potential FCPA violations from arising, but it must be emphasized that they are only a first step. They must be coupled with active training of all personnel, not only on the policy and procedures, but also on the corporate and individual consequences that may arise if the FCPA is violated regarding gifts, travel and entertainment. Lastly, it is imperative that all such gifts, travel and entertainment be properly recorded, as required by the books and records component of the FCPA.

I view one of the key reasons for the attendant procedure of implanting the company policy around gifts, travel and entertainment is to allow oversight by a second set of eyes. Process validation requires oversight of compliance with gifts and entertainment policies is important to ensuring consistency in policy enforcement. This helps to ensure that there is the perception of fairness in this area, particularly if there must be discipline administered. Nothing is worse for an organization if, say, a salesman from the US is disciplined via a warning letter for cheating on his expense account whereas salesmen in Brazil are fired for the same offense.

Mike Volkov, in another blog post entitled “Creating a Framework for Reviewing Gifts, Meals, Travel and Entertainment Expenses”, said that he believes “There are three basic requirements for making the review process more efficient.” They include:

  1. Prospective standards – Companies need to adopt and enforce a prospective policy which carves out standards for the review and approval of such expenditures. The policy has to be clear on the standards and the procedures to be followed.
  2. Documentation – Companies have to document the process, maintain records, and audit the process. Without documentation, the policy is doomed to fail, and provides no protection when government prosecutors conduct an investigation.
  3. Advice of Counsel – Outside counsel should be used to review and approve any close calls. The run-of-the-mill situations can be handled by the policy. In close cases, outside counsel should review the matter, provide a short memo analyzing and approving the expenditure. The memo should be added to the file and available to auditors and the government if needed.

The final point from Walker, Volkov and myself is that whatever policy and procedures you set up and utilize, they should be designed for your company. The FCPA Guidance speaks to a well-thought out and designed system for any compliance risk and gifts, travel and entertainment is no different. Further, you must not only train but monitor and audit on your gifts, travel and entertainment. As this is one of the top areas that employees generate monies from their employers it is one of the top areas for fraud and hence corruption. And finally, Document, Document and Document.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 23, 2014

Gifts, Travel and Entertainment Under the FCPA – Part II

Travel and GiftsEd. Note – I know yesterday I said this would be a two-part series but as usual I got carried away so it has become a three part series. Today I review the Opinion Releases and Enforcement Actions dealing with gifts, travel and entertainment.

A. Opinion Releases

  1. Gifts

In the early 1980s the Department of Justice (DOJ) issued three Opinion Releases related to gifts under the Foreign Corrupt Practices Act (FCPA). While these Opinion Releases are clearly dated, they do remain instructive. In Opinion Release 82-01, the DOJ approved the gift of cheese samples made to Mexican governmental officials, made by the Department of Agriculture of the State of Missouri to promote the state of Missouri’s agricultural products. However the value of the cheese to be presented was not included. In Opinion Release 81-02, the DOJ approved a gift from the Iowa Beef Packers, Inc. to officials of the Soviet Ministry of Foreign Trade of its packaged beef products. The total value of all the samples presented was estimated to be less than $2,000 and the Iowa Beef Packers, Inc. averred that the individual sample packages would not exceed $250 in value. In Opinion Release 81-01, Bechtel sought approval to use the SGV Group to solicit business on behalf of Bechtel and Bechtel had proposed to reimburse the SGV Group for gift expenses incurred in this business solicitation. The DOJ approved gifts to be given by SGV in the amount of $500.00.

  1. Travel and Lodging for Governmental Officials

 Prior to the FCPA Guidance, the DOJ issued three Opinion Releases which offered guidance to companies considering whether, and if so how, to incur travel and lodging expenses for government officials. These facts provided strong guidance for any company that seeks to bring such governmental officials to the US for a legitimate business purpose. In Opinion Release 07-01, the Company was desired to cover the domestic expenses for a trip to the US for a six-person delegation of the government of an Asian country for an educational and promotional tour of one of the requestor’s US operations sites. In the Release the representations made to the DOJ were as follows:

  • A legal opinion from an established US law firm, with offices in the foreign country, stating that the payment of expenses by the US Company for the travel of the foreign governmental representatives did not violate the laws of the country involved;
  • The US Company did not select the foreign governmental officials who would come to the US for the training program;
  • The delegates who came to the US did not have direct authority over the decisions relating to the US Company’s products or services;
  • The US Company would not pay the expenses of anyone other than the selected officials;
  • The officials would not receive any entertainment, other than room and board from the US Company;
  • All expenses incurred by the US Company would be accurately reflected in this Company’s books and records.

In Opinion Release 07-02 the Company desired to pay certain domestic expenses for a trip within the US by approximately six junior to mid-level officials of a foreign government for an educational program at the Requestor’s US headquarters prior to the delegates attendance at an annual six-week long internship program for foreign insurance regulators sponsored by the National Association of Insurance Commissioners (NAIC). In the Release the representations made to the DOJ were as follows:

  • The US Company would not pay the travel expenses or fees for participation in the NAIC program.
  • The US Company had no “non-routine” business in front of the foreign governmental agency.
  • The routine business it did have before the foreign governmental agency was guided by administrative rules with identified standards.
  • The US Company would not select the delegates for the training program.
  • The US Company would only host the delegates and not their families.
  • The US Company would pay all costs incurred directly to the US service providers and only a modest daily minimum to the foreign governmental officials based upon a properly presented receipt.
  • Any souvenirs presented would be of modest value, with the US Company’s logo.
  • There would be one four-hour sightseeing trip in the city where the US Company is located.
  • The total expenses of the trip are reasonable for such a trip and the training which would be provided at the home offices of the US Company.

Lastly, is Opinion Release 12-02, in which the Requestors, 19 non-profit adoption agencies located in the US, asked the DOJ about bringing certain foreign governmental officials involved in the foreign country’s adoption process to the US. All the foreign governmental officials were involved in the process of allowing children from their country go through the adoption process with the US non-profits involved. The trips to the US would be for two days of meetings. The purpose of the visit would be to demonstrate the Requestors’ work to the government officials so that the officials can see how adopted children from the foreign country had adjusted to life in the US and to help the Requestors learn how they can provide that information to the foreign country’s government with appropriate information during the adoption process. The Requestors would allow the government officials to meet with the Requestors’ employees and to inspect the Requestors’ offices and case files from previous adoptions. The foreign country’s government officials would also meet with families who had adopted children from their country and learn more about the Requestors’ work.

The Requestors stated that they would pay for the following:

  • Business class airfare on international portions of flights for ministers, members of the legislature, and the director of the Orphanage Agency; coach airfare for international portions of flights for all other government officials; and coach airfare for domestic portions of flights for all government officials;
  • Two or three nights hotel stay at a business-class hotel;
  • Meals during the officials’ stays; and
  • Transportation between agencies and local transportation.

What can one glean from these three Opinion Releases? Based upon them, it would seem that a US company could bring foreign officials into the US for legitimate business purposes. A key component is that the guidelines are clearly articulated in a compliance policy. Based upon these Releases the following should be incorporated into a compliance policy regarding travel and lodging:

  • Any reimbursement for air fare will be for economy class, unless it is a long haul international flight, high ranking foreign officials or those entitled to travel business class by contract.
  • Do not select the particular officials who will travel. That decision will be made solely by the foreign government.
  • Only host the designated officials and not their spouses or family members.
  • Pay all costs directly to the service providers; in the event that an expense requires reimbursement, you may do so, up to a modest daily minimum (e.g., $35), upon presentation of a written receipt.
  • Any souvenirs you provide the visiting officials should reflect the business and/or logo and would be of nominal value, e.g., shirts or tote bags.
  • Apart from the expenses identified above, do not compensate the foreign government or the officials for their visit, do not fund, organize, or host any other entertainment, side trips, or leisure activities for the officials, or provide the officials with any stipend or spending money.
  • The training costs and expenses will be only those necessary and reasonable to educate the visiting officials about the operation of your company.

Incorporation of these concepts into a compliance program is a good first step towards preventing any FCPA violations from arising, but it must be emphasized that they are only a first step. These guidelines must be coupled with active training of all personnel, not only on the compliance policy, but also on the corporate and individual consequences that may arise if the FCPA is violated regarding gifts and entertainment. Lastly, it is imperative that all such gifts and entertainment are properly recorded, as required by the books and records component of the FCPA.

B. Enforcement Actions

Mike Volkov refers to the FCPA Paparazzi when he talks about those FCPA practitioners who confuse FCPA information with FCPA scare tactics and manipulate legal reasoning and practical advice with “marketing” using fear as opposed to reliable and accurate information. In a recent blog post, entitled “The So-Called Re-Emergence of Gifts, Meals and Entertainment as a Compliance Problem” Volkov bemoaned recent FCPA Paparazzi client alerts which said that the DOJ was now gunning after companies for FCPA transgressions in this area.

But one point Volkov raised for consideration by the compliance practitioner was the overall management of these risks. He asked the following questions: “Who is responsible for approving expenditures? What controls are in place for ensuring that money is used for proper purposes? How are these expenditures monitored? Who watches the person responsible for controlling the money and what controls are in place to monitor their behavior?” All good questions, and all questions that the compliance function should be able to answer going forward.

While there were three of enforcement actions in 2013 and one in 2014 where gifts, travel and entertainment were discussed. In only one of the four such enforcement actions were gifts, travel and entertainment discussed, where over a period of 15 months these actions were the primary cause of the violation. That matter was the Diebold enforcement action. In all others, HP, Weatherford and Stryker, the gifts, travel and entertainment matters were all ancillary to the primary illegal conduct at issue. This is consistent with DOJ enforcement of the FCPA so Volkov rights notes, the FCPA Paparazzi are howling at the moon once again.

Travel and Entertainment Enforcement Expense Box Score

Company Trip Locations Trip Costs & Perks Company Facilities Present
Lucent Technologies DisneyWorld, Hawaii, Las Vegas, Grand Canyon, Niagara Falls, Universal Studios, NYC $10 million in trips for 1000 Chinese governmental officials, including $34,000 for five days of sightseeing None of the travel destinations
Ingersoll-Rand Trip to Florence after trip to company facility in Vignate, Italy $1000 ‘pocket money’ per attendee Facilities in Vignate but not in Florence
Metcaf & Eddy First trip – Boston, Washington, D.C., Chicago and Orlando. Second trip – Paris, Boston and San Diego. First Class Travel and trip expenses for Egyptian governmental official and his family. Cash payments prior to trips of 150% of estimated daily expenses. Wakefield Mass., not in Washington DC, Chicago, Paris or DisneyWorld
Titan Corporation Reference in company books and records of $20,000 for promotional travel expenses. Not clear if ever funded (Remember a promise to pay equals making a payment under the FCPA)
UTStarcom Hawaii, Las Vegas and NYC Up to $7 million on gifts and all expense paid trips to US No company offices present in any of the travel destinations
Diebold Europe, with stays in:

  • Paris,
  • Amsterdam,
  • Florence,
  • Rome

In the US with visits to:

  • Disneyland,
  • Grand Canyon,
  • Napa Valley,
  • Las Vegas
$1.6MM to employees of Chinese state-owned banks; $175K to employees of Indonesian state-owned banks No company offices present in any of the travel destinations
Weatherford
  • Trip to Germany for the World Cup
  • Honeymoon for Sonatrach official’s daughter
  • Trip to Saudi Arabia for religious holiday
Payment of $24,000 in cash advance for Algerian government officials visiting Houston No legitimate business purpose for any of the business travel
Stryker NYC and Aruba $7000 for Polish gov official and wife No company offices present in any of the travel destinations
HP Las Vegas $35,000 in travel expenses paid for Polish gov official No company offices present in any of the travel destinations

Tomorrow we will tie it all together for you.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 17, 2014

Post Traumatic Settlement Disorder

John HansonEd. Note-the following piece orignially appeared in the newsletter ‘The Informant’ of Artifice Forensic Financial Services LLC. and was also adapted  from two articles published by John Hanson through Corporate Compliance Insights during August 2011. It is published here with the permission of the author John Hanson. 

===============================================================================================================================================================================================================================================

The rigor and stress of an extensive corporate internal investigation is over. You’ve helped your client determine the scope of wrong-doing, take actions against wrong-doers, calculate the damages/amount of the fraud, fix and/or install internal controls, institute and/or strengthen its corporate compliance & ethics program, and negotiate a reasonable settlement with the relevant government agencies. You have helped your client survive what may well be one of the most traumatic events that it will ever face and it is now anxious to return its focus to its business.

But this is not the time to let up. That settlement agreement had requirements. In most instances, those requirements will focus on the organization’s compliance & ethics program, ethical tone and internal controls. This is not a time for relaxation, lest the organization fall into disorder and out of compliance with its settlement agreement. This is the time for vigilance.

Similar to a victim of a heart attack, who is moved from a hospital’s coronary intensive care unit to a general care unit after being stabilized, an organization could be seen as moving from an organizational intensive care unit to general care after the signing of a settlement agreement. Like the heart attack victim, the organization may be in a different place, but is not out of the hospital yet. Without the high level of attention, discipline and care necessary for a complete recovery, the organization can easily relapse back into disorder and return to organizational intensive care – or worse.

In Artifice’s role as an Independent Corporate Monitor (“Monitor”) and advisor to many other Monitors, Artifice has observed first-hand and heard about the post-traumatic settlement disorder that has occurred within numerous organizations. Because the role of a Monitor is so unique and close to an organization’s post-settlement activities, it provides unique insights into what can cause this disorder and how it can be avoided. From such a perspective, there are two key things that counsel may suggest that an organization should do to maintain order and better guarantee its timely and effective compliance with the terms of its settlement agreement: (1) assign and empower a project leader/manager and; (2) spiritual compliance.

The government likely relied on Chapter 8 of the United States Sentencing Guidelines (USSGs), which pertains to the sentencing of organizations, both for purposes of determining corporate liability and the remedial compliance measures required in the settlement agreement. In the spirit of §8B2.1(b)(1 &2) of the USSGs, the organization should designate an individual to monitor and oversee the organization’s compliance with the terms of the settlement agreement and report back to the highest levels of management of the organization regarding it. That person should be empowered to track and assure not only that the organization complies with its settlement agreement obligations, but also obtain and apply whatever resources are necessary to do so and hold people accountable for their roles in those efforts.

This should be done regardless of whether an outside Monitor is imposed as part of the settlement agreement. As part of a Monitor’s efforts to verify an organization’s compliance with the terms of a settlement agreement, a Monitor will track, test and report on an organization’s actions, but cannot participate in those efforts. A Monitor may and should provide guidance to an organization about its efforts, but it would compromise the Monitor’s independence if, for example, the Monitor drafted policies, conducted trainings or otherwise participated in designing or implementing the remedial measures that the Monitor would then be responsible for verifying the effectiveness of to the government. Compliance or non-compliance with its settlement agreement obligations rests solely upon the organization’s shoulders.

While the Compliance Officer may seem a good fit for such a project leader/manager role, because many of the remedial measures required by the settlement agreement may fall under the Compliance Officer’s responsibilities, someone more independent of those responsibilities might be considered. This is not at all to say that the Compliance Officer should never fill such a role, only that consideration should be given to whether or not the independence of the Compliance Officer in verifying to the organization’s management the timeliness and effectiveness of their own actions pursuant to the settlement agreement might be compromised, either in fact or by perception.

The presence of an outside Monitor has a significant impact in this regard and in many instances where a Monitor is imposed, the Compliance Officer is a perfectly appropriate, even preferable choice for this role. Without an imposed Monitor, as is seen in quality Compliance Programs where Internal Audit plays a role in verifying and reporting back to management on a Compliance Officer’s achievements against their yearly Compliance Plans, Internal Audit may provide the organization’s management with a more independent assessment of the organization’s timely and effective compliance with their settlement agreement obligations.

Depending on such factors as resources, level of independence sought, expertise, the requirement of an outside Monitor, etc., an organization may also consider bringing in an outside professional to track, assure and report to management on the organization’s compliance with its settlement agreement. This person may act in a capacity very similar to that of an imposed Monitor, but the organization would exercise a much greater degree of control over their scope and fees and the extent to which they could leverage the organization’s internal resources. Moreover, the organization could empower such a person to design remedial measures, affect change and take actions on behalf of the organization that an imposed Monitor cannot do because of their strict independence requirements.

This is among the greatest causes of disorder among many organizations in their post-settlement actions, who by fracturing this responsibility jeopardize their ability to timely, effectively and fully comply with their settlement agreement obligations, as well as management’s ability to exercise oversight of it. One person, appropriately empowered, enabled and accountable, brings order to the situation and minimizes these risks. In performing this role, such a person should design a workplan that identifies everything that the organization is required to do (and elects to do) and be responsible for assuring that everything is completed timely and effectively, as well as documented and appropriately reported.

Pass or Fail Another significant and common contributor to post traumatic settlement disorder is a tendency by some organizations to focus on meeting the “letter” of its settlement agreement obligations and not the “spirit.” Compliance with the terms of a settlement agreement should not be viewed as a “check the box” exercise.

The government takes a dim view of organizations that have compliance programs that “live on a shelf” and may penalize more harshly such organizations than those who have no compliance program at all. Similarly, if the efforts of an organization to comply with their settlement agreement obligations exist on paper and not in practice, the organization assumes a grave risk.

One of the primary goals of the government in requiring certain post-settlement actions by an organization is the institution of an effective Compliance and Ethics Program and internal controls aimed at reducing the risk of recurrence of the same or similar misconduct as that which led to the settlement agreement. Accordingly, how quickly the organization meets its obligations and, more importantly, the effectiveness of its efforts in doing so, are of tremendous importance.

Determining the effectiveness of an organization’s remedial measures requires much more effort than mere compliance with the letter of a settlement agreement’s obligations. Take, for example, compliance training. While a settlement agreement may require quarterly compliance training, such training is meaningless if the employees who receive the training cannot understand or apply it within the context of their roles. Accordingly, aside from assuring that the training is appropriately designed and affected to maximize such an understanding, an organization may utilize tests, surveys and/or post-training interviews to assess the training’s effectiveness. To the extent it is found not to be effective, it should be immediately remediated.

Another common post-settlement goal of the government is the strengthening or institution of a high ethical tone within an organization, commonly referred to as “tone at the top.” To successfully meet the spirit of an organization’s compliance with its settlement agreement obligations, the upper management of an organization must set the tone and take the lead. The degree to which management demands that the organization’s post-settlement efforts go beyond the letter of compliance has a great impact, in the same manner as their tone, actions and personal accountability does in affecting an ethical tone throughout an organization.

“Tone at the top” is not a compliance buzzword or catch phrase, it is real and plays a very significant role in affecting employee behavior and compliance throughout an organization. How upper management acts and holds themselves accountable sets the ethical tone and standard for how all employees are expected to conduct themselves and their accountability in doing so. While the settlement agreements used by government agencies may vary in how directly they address an organization’s ethical tone, it is generally among their chief concerns.

In living up to the spirit of a settlement agreement, an organization’s management, starting at the very highest levels, must take an active role in setting and living a tone that exemplifies ethical behavior and accountability. In the post-settlement world, this may well begin with the tone they set as it regards complying with their settlement agreement obligations. If, for example, a settlement agreement requires that all employees certify their having read and understood an organization’s compliance policies, upper management should be among the first to do so.

Another strong indicator of spiritual compliance and a positive tone is when organizations look for ways to go above and beyond the letter of their obligations as per the settlement agreement. While settlement agreements have become standardized to some extent, and in such a manner as to address compliance and ethics program issues relatively adequately, the government officials who are involved in drafting them are generally not experts in compliance and ethics programs and may, in fact, have little or no compliance knowledge and/or experience. Because of this, the obligations required in settlement agreements that pertain to corporate compliance and ethics programs may sometimes be minimal, vague and not necessarily comport with that necessary to achieve the government’s ultimate goals.

As an organization endeavors to meet its settlement agreement obligations, it should keep in mind the goals and spirit of its settlement agreement and seek ways to assure that such overarching goals are met or exceeded. One example of this occurred with an organization that Artifice served as the Monitor of, which instituted a process around business opportunities that went beyond that required in its settlement agreement and proved successful in preventing the same misconduct that gave rise to its problems. This reflected very favorably upon how seriously the organization and its management viewed compliance and the ethical tone within the organization.

There are other things that occur within organizations that contribute to post traumatic settlement disorder, but the two discussed above are two of the largest contributors to problems and/or failure that we have seen through the unique lens of an Independent Corporate Monitor.

Getting out of organizational intensive care doesn’t equate to discharge. Organizations must be vigilant, disciplined, rigorous, and take with grave seriousness its settlement agreement obligations. A focus on the spirit of the settlement agreement, together with order and accountability in assuring that all settlement obligations are met timely and effectively, significantly mitigates the risk of post traumatic settlement disorder and ultimately helps an organization become stronger and better servants of its customers, employees, shareholders/owners and the public-at-large.

===============================================================================================================================================================================================================================================

John Hanson is the founder and Executive Director of Artifice. A CPA (LA), Certified Fraud Examiner, and Certified Compliance & Ethics Professional, John has more than 23 years of fraud investigations, forensic accounting, corporate compliance & ethics, and audit experience. Though well regarded for his investigative and litigation support skills and experience, John is a thought leader in the field of Independent Corporate Monitors, having had substantial involvement in five (5) Federal Monitorships, three (3) as the named Monitor. A former Special Agent of the FBI, John spent nearly 10 years refining his white collar crime investigative skills investigating a variety of complex criminal fraud schemes and financial crimes. Prior to forming Artifice in 2010, John was a leader in the fraud investigations and forensic accounting practice of a large publicly traded international financial consulting firm. John can be reached jhanson@artificeforensic.com. s the founder and Executive Director of Artifice. A CPA (LA), Certified Fraud Examiner, and Certified Compliance & Ethics Professional, John has more than 23 years of fraud investigations, forensic accounting, corporate compliance & ethics, and audit experience. Though well regarded for his investigative and litigation support skills and experience, John is a thought leader in the field of Independent Corporate Monitors, h© John Hanson

ving had substantial involvement in five (5) Federal Monitorships, three (3) as the named Monitor. A former Special Agent of the FBI, John spent nearly 10 years refining his white collar crime investigative skills investigating a variety of complex criminal fraud schemes and financial crimes. Prior to forming Artifice in 2010, John was a leader in the fraud investigations and forensic accounting practice of a large publicly traded international financial consulting firm. Hanson is the founder and Executive Director of Artifice.  A CPA (LA), Certified Fraud Examiner, and Certified Compliance & Ethics Professional, John has more than 23 years of fraud investigations, forensic accounting, corporate compliance & ethics, and audit experience.  Though well regarded for his investigative and litigation support skills and experience, John is a thought leader in the field of Independent Corporate Monitors, having had substantial involvement in five (5) Federal Monitorships, three (3) as the named Monitor.  A former Special Agent of the FBI, John spent nearly 10 years refining his white collar crime investigative skills investigating a variety of complex criminal fraud schemes and financial crimes.  Prior to forming Artifice in 2010, John was a leader in the fraud investigations and forensic accounting practice of a large publicly traded international financial consulting firm. 

April 15, 2014

The Louisiana Purchase and Compliance Focus Group – Changing the Game

Focus GroupIn 1803, the fate of the United States changed in ways that could have never been contemplated, when the French Minister Talleyrand offered to sell France’s entire Louisiana Territory in North America to stunned American negotiators, Robert Livingston and James Monroe, who were simply trying to purchase the city of New Orleans from the French Emperor Napoleon. Quickly recognizing that this was an offer of potentially immense significance for the US, Livingston and Monroe began to negotiate on France’s proposed cost for the entire territory. Several weeks later, on April 30, 1803, the American emissaries signed a treaty with France for a purchase of the vast territory for $11,250,000. With the sale of the Louisiana Territory, Napoleon abandoned his dreams of a North American empire, but he also achieved a goal that he thought more important. “The sale [of Louisiana] assures forever the power of the United States,” Napoleon later wrote, “and I have given England a rival who, sooner or later, will humble her pride.”

There are many great resources out there for the compliance practitioner. One of them I have really come to appreciate and look forward to receiving is the Red Flag Group’s bi-monthly Compliance Insider magazine, available both in print and online versions. In the most recent version there were several articles that I found very useful for the compliance practitioner but the one I want to focus on today is the compliance focus group. This provides a forum, which allows employees to raise compliance issues and concerns in “an informal environment, in small groups or in one-on-one sessions. They can be done as stand alone or as break-out sessions from larger meetings, conferences or similar events where multiple parties get together.” The article provided 10 things which you should consider before you hold your compliance focus groups.

  1. Select Your Countries and Regions Carefully. You need to reflect on selecting those areas, which have “compliance issues, have been the subject of investigations or are higher risk.” Contrast that selection with one or more regions that have achieved compliance performance so that you can clearly articulate the difference. Most importantly, pick the regions that need the most support and “have the most business at risk if there is a compliance issue. You will also know from your own business those areas, business units or regions where there is more “noise” around compliance.”
  1. Plan Your Locations, Times and Attendees. Think about your logistics, both higher level such as travel times and lower details such as seating. As you will usually desire to have three to four sessions per day, up to 90 minutes, you will need to make sure people have enough time to get there and register. But also think about seating, as you want to make things as informal as possible. This means a conference table or a large U shape arrangement and not classroom or lecture room seating.
  1. Have Separate Management Sessions. It is important that you make attendees feel that they can give open and honest thoughts about the company and its compliance regime. This means you cannot have senior management in sessions for middle management and lower management and employees.
  1. Draft an Agenda and a Short Presentation. The author believes that many times participants will need a stimulus of some sort to get things going. He advises “A good idea is to build a brief agenda before the meeting, even if it is fairly flexible – many senior employees will demand an agenda before accepting a meeting.” Also prepare a brief PowerPoint presentation for the session designed to explain the purpose and outcomes of the session, keep it to five or six slides which will act as placeholders for discussion topics.
  1. Think About Some Probing Questions In Advance. Here are some of the suggested questions that you should consider asking to the group:
  • Do people understand what compliance is? What does it mean to you in your daily business dealings?
  • What do people think of the policies and procedures across the company?
  • Is the training simple and easy to understand?
  • What is the company culture around compliance? Do people really take it seriously or is there a “tick-the-box” mentality?
  • Are there issues with reporting? How do people report? What is the culture regarding reporting issues?
  • Does management “walk the walk” with compliance or just “talk the talk”?
  • How does your company compare to its peers in the area of compliance?
  • What is the competitive environment like, both externally and internally?
  • Where are the areas that compliance could improve?
  1. Select a Facilitator. Compliance issues can be sensitive and people can be uncomfortable talking about them. For the focus group to succeed and be of value, everyone should be made to feel comfortable; and feel that they are not being audited or reviewed or they will not be confident to speak up. The author believes that here a good facilitator can be assist in keeping “the discussion going, ensure that everyone participates, make people feel at ease and, most importantly, ensure that the discussion is lively. The facilitator might also need to be trained on some of the risk areas of the business and have a solid understanding of the business and the existing compliance program.”
  1. Prepare Your Opening Disclaimer. Some participants may want to know how their comments will be used, quoted directly or generalized. This would be the time to address such concerns and invoke confidentiality of names and other identifiers.
  1. Prepare Some Takeaways. The leader should be prepared to summarize what the next steps will be going forward, including when a report might be issued to management and what might included in the report.
  1. Prepare a Report For All Participants. A key component of any compliance focus group is a post event report, which consolidates all sessions. This should be generated as soon as possible after the end of the last session. The report should include specific actions that will be taken based upon the input received from the focus groups. There will certainly be expectations from participants that if they have reported any circumstances which warranted responses they will want to know what the compliance team is doing about a response. Participants will also want to see whether the feedback they gave is consistent with that given in the other sessions.

10.Write a Report for Management. This report should focus on the larger issues raised in the compliance focus groups and, as the author notes, “looking at the trends, steps forward and lessons learned.”

While your compliance focus group may not be quite the game changer that the Louisiana purchase was for the US, it will certainly provide you solid information on your compliance program that you can use to move it forward; as the article notes, “From the people who use the programme everyday—your employees and partners—you can find out what the programme means, how it adds value (or doesn’t add value) and how it is seen by the management team around the world. And while you are at it, you may want to check out the Red Flag Group’s Compliance Insider magazine, it is a great resource.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Implementing Compliance Incentives In Your Company

IncentiveSeveral readers have asked why I have not written anything about the Houston Astros this year. The answer is two-fold. The first is that I really do not care. However, the more I thought about it, the real reason is that they are not relevant. Just how not relevant are the bumbling hometown (former) loveables? Last week they achieved the noteworthy accomplishment of obtaining a Nielson rating of 0.00 for a second consecutive season. I am not aware of any other major league team, which has been on television for a game where no one was recorded as watching for the entire game, for two straight seasons. Pretty amazing when you think about it.

However, one thing that is relevant in the context of any best practices anti-bribery compliance program is incentives. The Department Of Justice (DOJ) and Securities Exchange Commission (SEC) could not have been clearer in the FCPA Guidance about their views on the need for incentives to help drive behavior that is ethical and in compliance with the Foreign Corrupt Practices Act (FCPA) when they stated “DOJ and SEC recognize that positive incentives can also drive compliant behavior.” In the Guidance, the SEC cited to the following:

[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cutting ethical corners is an acceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his winloss record.

A recent article in the Spring 2014 issue of the MIT Sloan Management Review, entitled “Combing Purpose with Profits”, by authors Julian Birkinshaw, Nicolai J. Foss and Siegwart Lindenberg, presents some interesting steps on how a company might work towards achieving the goals articulated by the DOJ and SEC. The key thesis of the authors is if you want to motivate employees you have to have purpose. In their article they presented case studies from three entities: the Tata Group, Handelsbanken and HCL Technologies. From these three cases studies they came up with six core principles, which I will adapt for the compliance function in an anti-corruption compliance program.

  1. Compliance incentives don’t have to be elaborate or novel. The first point is that there are only a limited number of compliance incentives that a company can meaningfully target. Evidence suggests the successful companies are the ones that were able to translate pedestrian-sounding compliance incentive goals into consistent and committed action.
  2. Compliance incentives need supporting systems if they are to stick. People take cues from those around them, but people are fickle and easily confused, and gain and hedonic goals can quickly drive out compliance incentives. This means that you will need to construct a compliance function that provides a support system to help them operationalize their pro-incentives at different levels, and thereby make them stick. The specific systems which support incentives can be created specifically to your company but the key point is that they are delivered consistently because it signals that management is sincere.
  3. Support systems are needed to reinforce compliance incentives. One important form of a supporting system for compliance incentives “Is to incorporate tangible manifestations of the company’s pro-social goals into the day-to-day work of employees.” Make the rewards visible. As stated in the FCPA Guidance, “Beyond financial incentives, some companies have highlighted compliance within their organizations by recognizing compliance professionals and internal audit staff. Others have made working in the company’s compliance organization a way to advance an employee’s career.”
  4. Compliance incentives need a “counterweight” to endure. Goal-framing theory shows how easy it is for compliance incentives to be driven out by gain or hedonic goals, so even with the types of supporting systems it is quite common to see executives bowing to short-term financial pressures. Thus, a key factor in creating enduring compliance incentives is a “counterweight,” by which we mean any institutional mechanism that exists to enforce a continued focus on a nonfinancial goal. This means that in any financial downturn compliance incentives are not the first thing that gets thrown out the window and if my oft-cited hypothetical foreign Regional Manager misses his number for two quarters, he does not get fired. So the key is that the counterweight has real influence; it must hold the leader to account.
  5. Compliance incentive alignment works in an oblique, not linear, way. The authors believe that “In most companies, there is an implicit belief that all activities should be aligned in a linear and logical way, from a clear end point back to the starting point. The language used — from cascading goals to key performance indicators — is designed to reinforce this notion of alignment. But goal-framing theory suggests that the most successful companies are balancing multiple objectives (pro-social goals, gain goals, hedonic goals) that are not entirely compatible with one another, which makes a simple linear approach very hard to sustain.” What does this mean in practical terms for your compliance program? If you want your employees to align around compliance incentives, your company will have to “eschew narrow, linear thinking, and instead provide more scope for them to choose their own oblique pathway.” This means emphasizing compliance as part of your company’s DNA on a consistent basis — “the intention being that by encouraging individuals to do “good,” their collective effort leads, seemingly as a side-effect, to better financial results. The logic of “[compliance first], profitability second” needs to find its way deeply into the collective psyche of the company.”
  1. Compliance incentive initiatives can be implemented at all levels. Who at your company is responsible for pursuing compliance incentives? If you head up a division or business unit, it is clearly your job to define what your pro-social goals are and to put in place the supporting structures and systems described here. But what if you are lower in the corporate hierarchy? It is tempting to think this is “someone else’s problem,” but actually there is no reason why you cannot follow your own version of the same process. We have seen quite a few mid-level managers make a real difference, and often quite quickly, using the principles outlined here.

The author’s have set out several steps that you can implement into your compliance program to enhance incentives to facilitate anti-corruption. There have been many who have criticized the FCPA Guidance. While I am certainly not one of them, I do not think there can be any argument that it does not present the DOJ and SEC views on a minimum best practices compliance program. So if the DOJ and SEC think incentives in your compliance program are important, I suggest to you, they are important. The article, which is the basis of this blog post, provides an excellent start for the exploration of some ways to inculcate anti-bribery and anti-corruption incentives into not only your compliance regime but also, more importantly, the DNA of your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 11, 2014

Joint Venture Partners and the Company You Keep Under the FCPA

Lie Down Wtih DogsAs the father of a teenage daughter I am sometimes, reluctantly, forced to admit that upon rare occasions my parents were right about a few things. One was asking for permission first rather than asking for forgiveness after the fact, or in my case as a teenager the untoward event. Another was my mother’s admonition that you are judged by the company you keep. I thought about that truism when I read an article in the Financial Times (FT) yesterday, entitled “Steinmetz unit won Guinea mining riches corruptly, inquiry says”, by reporter Tom Burgis.

The article relates the long running story of the BSG Resources’ (BSGR) winning of the multi-billion mining concession for the Simandou iron-ore mine in the country of Guinea, which was awarded to the company at the end of the reign of the country’s former dictator Lansana Conté, before he died in 2008. According to a report prepared by the current government of Guinea, BSGR won the contract by paying bribes to his fourth wife Mamadie Touré in the form of cash and shares “to help ensure those rights were stripped from Anglo-Australian miner Rio-Tinto and granted to BSGR.”

Of course there is also the tale of BSGR employee/agent/representative/other Frederic Cilins who contacted Ms. Touré in the US and offered to pay her some $5MM to retrieve the contracts which detailed the payments she was to receive from BSGR. It turned out that there was a Grand Jury investigation going on over BSGR at the time and by now Ms. Touré was a cooperating witness with the Department of Justice (DOJ). Cilins was arrested, charged with and pled guilty to obstruction of justice.

BSGR has denied all of these allegations and says that it received the rights to the mining concession fair and square. Further, it has questioned not only the legitimacy of the report issued by the Guinea government but of the government itself, saying “[current] President Conté has manipulated the process through unconditional technical and financial support from activists line [billionaire transparency advocate] George Soros and NGOs that function as his personal advocacy groups.” The Guinea government report notes recommends that BSGR’s mining concession be cancelled.

So how does all this imbroglio relate to my mother’s admonition? It is because BSGR was in a joint venture (JV) with the Brazilian company Vale for this concession. The FT article reports “After spending $160m on preliminary development of its Guinea assets, BSGR in April 2010 struck its $2.5bn deal with Vale, of which $500m was payable immediately. The balance was to be paid if targets were met but Vale halted payments last year, after the corruption allegations surfaced. The inquiry concluded that, although payments to Ms Touré allegedly continued following the Vale transaction, it was “likely” that the Brazilian group “has not participated in corrupt practices”. Nonetheless, it said the Vale-BSGR joint venture – which BSGR says has spent $1bn at Simandou – should be stripped of its rights to that and other prospects.”

Vale’s response to all of this has been – wait for it – “conducts appropriate due diligence prior to its investments.” Vale had no comment on the Guinea government report released yesterday. I wonder what its due diligence on BSGR turned up?

I wrote last week about the life cycle management of the third party relationship. Those series of articles was primarily aimed at agents and other representatives in the sales channel and vendors in the supply chain. While those same concepts apply to JV’s, there is another level of management when there is a relationship such as a JV. One JV partner must have transparency into the actions of its partner and there must be as much assurance as can be possible that there is no corruption going on. From the time line presented in the FT article it appears that the JV between BSGR and Vale was created (2010) after the payments were contracted to Ms. Touré and the concession granted to BSGR (2008).

However I am sure that is of little comfort to Vale who is now down its $500MM that it paid to BSGR to enter into the JV relationship. How much has it had to spend to circle the wagons to defend itself? And do you think the DOJ has come knocking on their door during its investigation? (The smart money says yes). To top it all off, last week the company announced it might have to write-off its entire investment in Guinea. While Guinea indicated that Vale would not be banned from rebidding if rights for the mining concessions were reopened, what do you thing Vale’s chances would be? (Here the smart money says no).

Did Vale subject itself to Foreign Corrupt Practices Act (FCPA) liability by joining into a JV with BSGR? At this point I have no idea. But you know my Mom was right, in the FCPA world, when it comes to JV’s, you are known by the company you keep.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 10, 2014

Asking Questions To Build Your Compliance Program

IMG_3289On this day in 1932 President Franklin D. Roosevelt (FDR) enacted the Civilian Conservation Corps (CCC) declaring a “government worthy of its name must make a fitting response” to the suffering of the unemployed. He waxed poetic when lobbying for its passage, declaring “the forests are the lungs of our land [which] purify our air and give fresh strength to our people.” Of FDR’s many New Deal policies, the CCC is considered by many to be one of the most enduring and successful. It provided the model for future state and federal conservation programs. From 1933 to 1942, the CCC employed over 3 million men.

The CCC, also known as “Roosevelt’s Tree Army,” was open to unemployed, unmarried US male citizens between the ages of 18 and 25. All recruits had to be healthy and were expected to perform hard physical labor. Enlistment in the program was for a minimum of 6 months; many re-enlisted after their first term. Participants were paid $30 a month and often given supplemental basic and vocational education while they served. Under the guidance of the Departments of the Interior and Agriculture, CCC employees fought forest fires, planted trees, cleared and maintained access roads, re-seeded grazing lands and implemented soil-erosion controls. The CCC was a solution that was right for the place and time but its effects have lasted up through this day. There are still CCC built national parks and other facilities in use. We still drive over bridges built by the CCC.

I thought about the CCC, how it was such an effective organization for its time and how the results of its efforts have lasted over 80 years, in some cases, when I read an article in the April issue of Inc. magazine, entitled “35 Great Questions”, where Paul Graham, Jim Collins and other business leaders looked at some of questions that thought business leaders should be asking of themselves and of their teams. While the focus was not on compliance and ethics, many of the questions clearly could be viewed through such a prism. The key is that by asking good questions, as listed below, it “opens people to new ideas and possibilities.”

  1. How can we become the company that would put us out of business?
  2. Are we relevant? Will we be relevant five years from now? Ten?
  3. If energy were free, what would we do differently?
  4. What is it like to work for me?
  5. If we weren’t already in this business, would we enter it today? And if not, what are we going to do about it?
  6. What trophy do we want on our mantle?
  7. Do we have bad profits?
  8. What counts that we are not counting?
  9. In the past few months, what is the smallest change we have made that has had the biggest positive result? What was it about that small change that produced the large return?
  10. Are we paying enough attention to the partners our company depends on to succeed?
  11. What prevents me from making the changes I know will make me a more effective leader?
  12. What are the implications of this decision 10 minutes, 10 months, and 10 years from now?
  13. Do I make eye contact 100 percent of the time?
  14. What is the smallest subset of the problem we can usefully solve?
  15. Are we changing as fast as the world around us?
  16. If no one would ever find out about my accomplishments, how would I lead differently?
  17. Which customers can’t participate in our market because they lack the skills, wealth, or convenient access to existing solutions?
  18. Who uses our products in ways we never expected?
  19. How likely is it that a customer would recommend our company to a friend or colleague?
  20. Is this an issue for analysis or intuition?
  21. Who, on the executive team or the board, has spoken to a customer recently?
  22. Did my employees make progress today?
  23. What one word do we want to own in the minds of our customers, employees and partners?
  24. What should we stop doing?
  25. What are the gaps in my knowledge and experience?
  26. What am I trying to prove to myself, and how might it be hijacking my life and business success?
  27. If we got kicked out and the board brought in a new CEO, what would he do?
  28. If I had to leave my organization for a year and the only communication I could have with employees was a single paragraph, what would I write?
  29. What have we, as a company, historically been when we’ve been at our best?
  30. What do we stand for – and what are we against?
  31. Is there any reason to believe the opposite of my current belief?
  32. Do we underestimate the customer’s journey?
  33. Among our stronger employees, how many see themselves at the company in three years? How many would leave for a 10 percent raise from another company?
  34. What did we miss in the interview for the worst hire we ever made?
  35. Do we have the right people on the bus?

As a Chief Compliance Officer (CCO) many of these questions could be adapted to the compliance function or directly asked of you, your leadership and your team. One of the thing that bedevils many CCOs is time to think, plan and consider what Warren Berger, the author of “A More Beautiful Question”, says is the “inquiry’s ability to trigger divergent thinking, in which the mind seeks multiple, sometimes non-obvious paths to a solution.”

I often say that a key role for a CCO is listening but equally important is asking questions. Inc.’s list of thought-provoking questions can give you some excellent ideas about areas to explore with your compliance team, your senior management and the employees in your company. So start asking questions and start listening.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

 

 

April 7, 2014

The Battle of Shiloh, Corruption in Ukraine and Things to Come

Things to ComeOn this day 126 years ago the two-day battle of Shiloh ended. On the second day, the Union troops under General Grant largely recovered the ground that the Confederate troops had taken on the first day. Grant was severely criticized for allegedly being taken by surprise by the Confederate attack but he managed to survive the firestorm. The Confederates lost their most senior commander, General Albert Sydney Johnson, on the first day of the fighting.

With the successful Union counter-attack on the second day the battle is generally viewed as a tactical victory for the North. However, for me the thing that is most significant about this battle is that it was the first horrific slaughter of the Civil War. There were over 23,000 casualties on both sides. Unfortunately it presaged more to come. I will never forget Shelby Foote’s comments in Ken Burn’s documentary The Civil War. Shiloh was not an aberration but there were 25 more Shiloh’s to come. It truly was a sign of things to come.

The recent events in Ukraine have had a variety of interpretations, results and predictions. But one thing is clear, the government of Ukraine allowed systemic corruption to occur. One can look to the Archer-Daniels-Midland Corp. (ADM) Foreign Corrupt Practices Act (FPCA) enforcement action to see the effects in play. In that matter, ADM paid bribes to obtain tax rebates to which it was legally entitled. Unfortunately for ADM it developed opaque schemes to fund bribery payments and then hid them on its books and records. Not good for FPCA compliance.

Or consider the case of Ikea. In an article in Bloomberg, entitled “Dashed Ikea Dreams Show Decades Lost to Bribery in Ukraine”, Agnes Lovasz wrote that Ikea has tried for over a decade to open a store in the country but has been unable to do so because it refuses to pay bribes to do so. She wrote that according to Transparency International’s (TI’s) Corruptions Perceptions Index (CPI), “Stuck between the European Union and its former imperial master Russia, Ukraine has emerged as the most corrupt country on the continent.” She quoted Erik Nielsen, chief global economist at UniCredit SpA in London, for the following, “Even before this latest crisis, Ukraine was a mess beyond description”. How about this recommendation from Lennart Dahlgren, a retired Ikea executive who led the company’s entry into Russia, who said in an interview with Russkiy Reporter magazine in 2010, that compared with Ukraine, Russia, the most corrupt major economy, “is whiter than snow”. Faint praise indeed.

While a US, UK, EU or other western government response is certainly appropriate, I thought about a business led response to such a situation when I read a recent article in the April issue of the Harvard Business Review (HBR), entitled “The Collaboration Imperative”, by authors Ram Nidumolu, Jib Ellison, John Whalen and Erin Billman. In this article they discussed business collaborations in the context of sustainability. I found their concepts should be considered by companies or industry groups when trying to develop strategies to fight corruption. As Jason Poblete continually reminds us, the marketplace is one important place to look for solutions to problems and this article certainly provides some starting points for such an analysis.

The authors posit that collaboration models should be divided into two categories: (1) coordinated processes and (2) coordinated outcomes. Adapting these to anti-corruption/anti-bribery programs, this means that under the ‘coordinated processes’ prong businesses should identify and share industry-wide operational processes that prevent and detect bribery and corruption. Under the ‘coordinated outcomes’ prong, the authors work translates into developing industry benchmarks and standardized systems for measuring anti-corruption/anti-bribery performance across the value chain.

The authors had some specific steps in their article which I thought also provided insightful for implementing their ideas in the anti-corruption/anti-bribery context. First you should being this journey “with a small, committed group.” The reason to do so is “to prevent the logjams that can occur when many stakeholders with conflicting goals try to work together, start by convening a small “founding circle” of participants. The members must have a common motivation and have mutual trust at the outset. This group develops the project vision and selectively invites subsequent tiers of participants into the project as it develops.” Next you should try to “link self-interest to shared interest.” This is because to help facilitate success, “collaboration initiatives must ensure that each participant recognize at the outset the compelling business value that it stands to gain when shared interests are met.” The participants need to then try to monetize the system value by “linking self-interest and shared interest is to quantify how the collaboration reduces costs or generates revenue for each participant.” It helps to build a direct path to some early successes because it is important “to generate momentum and commitment, the action plan must also emphasize quick wins. Business thrives on visible and immediate results, and sustainability collaborations are no exception. Even if these wins are small initially, the cost savings or incremental revenues provide proof to other executives inside participants’ organizations that the investment is worthwhile.”

As many in such a collaborative group will have conflicting priorities, the authors believe it is important to have “independent project-management specialists with demonstrated competence in trust building among diverse stakeholders. Additionally, the project management function must be seen by all participants as neutral and committed to the success of the project, rather than to any individual stakeholder.” Interestingly, the authors note that there should be built in competition which should be “structured to support shared goals.” Finally, and perhaps most obviously, any such group must have a culture of trust. Fortunately, in the anti-corruption/anti-bribery world there are very few trade secrets but beyond this, the “building and maintaining trust is an ongoing practice foundational to every other practice during the collaboration project.”

Perhaps the people or the leadership of Ukraine may at some point realize that the perceived endemic nature of corruption in their economic system, helped lead in part to its current problems. Maybe the citizens in Crimea thought the Russian government less corrupt. While I do not pretend to know the answers to these questions, the collaboration model that the authors have detailed for sustainability initiatives is certainly one that US companies might wish to consider on some type of industry wide basis.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 4, 2014

Life Cycle Management of Third Parties – Step 5 – Management of the Relationship

Five stepsToday ends my review of what I believe to be the five steps in the management of a third party under an anti-bribery regime such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. On Monday, I reviewed Step 1 – the Business Justification, which should kick off your process with any third party relationship. On Tuesday, I looked at Step 2 – the questionnaire that you should send and third party and what information you should elicit. On Wednesday, I discussed Step 3 – the due diligence that you should perform based upon the information that you have received from and ascertained on the third party. On Thursday, I examined Step 4 – how you should use the information you obtain in the due diligence process and the compliance terms and conditions which you should place in any commercial agreement with a third party. Today, I will conclude this series by reviewing how you should manage the relationship after the contract is signed.

I often say that after you complete Steps 1-4 in the life cycle management of a third party, the real work begins and that work is found in Step 5– the Management of the Relationship. While the work done in Steps 1-4 are absolutely critical, if you do not manage the relationship it can all go down hill very quickly and you might find yourself with a potential FCPA or UK Bribery Act violation. There are several different ways that you should manage your post-contract relationship. This post will explore some of the tools which you can use to help make sure that all the work you have done in Steps 1-4 will not be for naught and that you will have a compliant anti-corruption relationship with your third party going forward.

Managing third party relationships is an area that continues to give companies trouble and heartburn. The “2013 Anti-Bribery and Corruption Benchmarking Report – A joint effort between Kroll and Compliance Week” found that many companies are still struggling with ongoing anti-corruption monitoring and training for their third parties. Regarding training, 47% of the respondents said that they conduct no anti-corruption training with their third parties at all. The efforts companies do take to educate and monitor third parties are somewhat pro forma. More than 70% require certification from their third parties that they have completed anti-corruption training; 43% require in-person training and another 40% require online training. Large companies require training considerably more often than smaller ones, although when looking at all the common training methods, 100% of respondents say their company uses at least one method, if not more.

While the FCPA Guidance itself only provides that “companies should undertake some form of ongoing monitoring of third-party relationships”. Diana Lutz, writing in the White Paper by The Steele Foundation entitled “Global anti-corruption and anti-bribery program best practices”, said, “As an additional means of prevention and detection of wrongdoing, an experienced compliance and audit team must be actively engaged in home office and field activities to ensure that financial controls and policy provisions are routinely complied with and that remedial measures for violations or gaps are tracked, implemented and rechecked.”

One noted commentator has discussed techniques to provide this management and oversight any third party relationship. Carol Switzer, President of the Open Compliance and Ethics Group (OCEG), writing in the Compliance Week magazine set out a five-step process for managing corruption risks, which I have adapted for third parties.

  1. Screen - Monitor third party records against trusted data sources for red flags.
  2. Identify – Establish helplines and other open channels for reporting of issues and asking compliance related questions by third parties.
  3. Investigate - Use appropriately qualified investigative teams to obtain and assess information about suspected violations.
  4. Analyze - Evaluate data to determine “concerns and potential problems” by using data analytics, tools and reporting.
  5. Audit - Finally, your company should have regular internal audit reviews and inspections of the third party’s anti-corruption program; including testing and assessment of internal controls to determine if enhancement or modification is necessary.

Based upon the foregoing and other commentators, I believe there are several different roles in a company that play a function in the ongoing monitoring of the third party. While there is overlap, I believe that each role fulfills a critical function in any best practices compliance program.

Relationship Manager

There should be a Relationship Manager for every third party which the company does business with through the sales chain. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the third party. Some of the duties of the Relationship Manager may include:

  • Point of contact with the Third Party for all compliance issues;
  • Maintaining periodic contact with the Third Party;
  • Meeting annually with the Third Party to review its satisfaction of all company compliance obligations;
  • Submitting annual reports to the company’s Oversight Committee summarizing services provided by the Third Party;
  • Assisting the company’s Oversight Committee with any issues with respect to the Third Party.

Compliance Professional

Just as a company needs a subject matter expert (SME) in anti-bribery compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, third parties also need such access. A third party may not be large enough to have its own compliance staff so I advocate a company providing such a dedicated resource to third parties. I do not believe that this will create a conflict of interest or that there are other legal impediments to providing such services. They can also include anti-corruption training for the third party, either through onsite or remote mechanisms. The compliance practitioner should work closely with the relationship manager to provide advice, training and communications to the third party.

Oversight Committee

I advocate that a company should have an Oversight Committee review all documents relating the full panoply of a third party’s relationship with the company. It can be a formal structure or some other type of group but the key is to have the senior management put a ‘second set of eyes’ on any third parties who might represent a company in the sales side. In addition to the basic concept of process validation of your management of third parties, as third parties are recognized as the highest risk in FCPA or Bribery Act compliance, this is a manner to deliver additional management of that risk.

After the commercial relationship has begun the Oversight Committee should monitor the third party relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the third party. The Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. In addition to the above remedial review, the Oversight Committee should review all payments requested by the third party to assure such payment is within the company guidelines and is warranted by the contractual relationship with the third party. Lastly, the Oversight Committee should review any request to provide the third party any type of non-monetary compensation and, as appropriate, approve such requests.

Audit

A key tool in managing the relationship with a third party post-contract is auditing the relationship. I hope that you will have secured audit rights, as that is an important clause in any compliance terms and conditions. Your audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed. Noted fraud examiner expert Tracy Coenen described the process as one to (1) capture the data; (2) analyze the data; and (3) report on the data, which is also appropriate for a compliance audit. As a base line I would suggest that any audit of a third party include, at a minimum, a review of the following:

  1. the effectiveness of existing compliance programs and codes of conduct;
  2. the origin and legitimacy of any funds paid to Company;
  3. books, records and accounts, or those of any of its subsidiaries, joint ventures or affiliates, related to work performed for, or services or equipment provided to, Company;
  4. all disbursements made for or on behalf of Company; and
  5. all funds received from Company in connection with work performed for, or services or equipment provided to, Company.

If you want to engage in a deeper dive you might consider evaluation of some of the following areas:

  • Review of contracts with third parties to confirm that the appropriate FCPA compliance terms and conditions are in place.
  • Determine that actual due diligence took place on the third party.
  • Review FCPA compliance training program; both the substance of the program and attendance records.
  • Does the third party have a hotline or any other reporting mechanism for allegations of compliance violations? If so how are such reports maintained? Review any reports of compliance violations or issues that arose through anonymous reporting, hotline or any other reporting mechanism.
  • Does the third party have written employee discipline procedures? If so have any employees been disciplined for any compliance violations? If yes review all relevant files relating to any such violations to determine the process used and the outcome reached.
  • Review employee expense reports for employees in high-risk positions or high-risk countries.
  • Testing for gifts, travel and entertainment that were provided to, or for, foreign governmental officials.
  • Review the overall structure of the third party’s compliance program. If the company has a designated compliance officer to whom, and how, does that compliance officer report? How is the third party’s compliance program designed to identify risks and what has been the result of any so identified?
  • Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the third party.
  • With regard to any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and apply analytical procedures and testing.

In addition to monitoring and oversight of your third parties, you should periodically review the health of your third party management program. Once again I turn to Diana Lutz and her colleague Marjorie Doyle, and their White Paper entitled “Third Party Essentials: A Reputation/Liability Checkup When Using Third Parties Globally”, where they gave a checklist to test companies on their relationships with their third parties.

  1. Do you have a list or database of all your third parties and their information?
  2. Have you done a risk assessment of your third parties and prioritized them by level of risk?
  3. Do you have a due diligence process for the selection of third parties, based on the risk assessment?
  4. Once the risk categories have been determined, create a written due diligence process.
  5. Once the third party has been selected based on the due diligence process, do you have a contract with the third party stating all the expectations?
  6. Is there someone in your organization who is responsible for the management of each of your third parties?
  7. What are “red flags” regarding a third party?

Perhaps now you will understand why I say that after you prepare the Business Justification; send out, receive back and evaluate the Questionnaire; set the appropriate level of Due Diligence; evaluate the due diligence and execute a contract with appropriate Compliance Terms and Conditions; now the real work begins, as you have to manage the third party relationship.

I hope that you have found this review of the life cycle management of third parties helpful for your compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 3, 2014

Life Cycle Management of Third Parties – Step 4 – The Contract

Five stepsThis post continues to outline what I believe are the five steps in the life cycle of third party management. Today I will look at Step 4, the contract. However, before we get to the contracting stage a word about what to do with Steps 1-3. You cannot simply obtain the information detailed in these first three steps; you must evaluate the information and show that you have used it in your process. If it is incomplete, it must be completed. If there are Red Flags, which have appeared, these Red Flags must be cleared or you must demonstrate how you will manage the risks identified. In others words you must Document, Document and Document that you have read, synthesized and evaluated the information garnered in Steps 1-3. As the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) continually remind us, a compliance program must be a living, evolving system and not simply a ‘Check-the-Box’ exercise.

After you have completed Steps 1-3 and then evaluated and documented your evaluation, you are ready to move onto to Step 4 – the contract. Obviously any commercial relationship should be governed by the terms and conditions of a written contract. Clearly your commercial terms should be set out in the contract. In the area of commercial terms the FCPA Guidance intones “Additional considerations include payment terms and how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business.” This means that you need to understand what the rate of commission is and whether it is reasonable for the services delivered. If the rate is too high, this could be indicia of corruption as high commission rates can create a pool of money to be used to pay bribes. If your company uses a distributor model in its sales side, then it needs to review the discount rates it provides to its distributors to ascertain that the discount rate it warranted.

In addition to the above analysis from the compliance perspective, you should incorporate compliance terms and conditions into your contracts with third parties. I would suggest that you begin with some type of compliance terms and conditions template, which can be used as a starting point for your negotiations. The advantages of such a template are several; they include: (1) the contract language is tested against real events; (2) the contract language assists the company in managing its compliance risks; (3) the contract language fits into a series of related contracts; (4) the contract language is straight-forward to administer and (5) the contract language helps to manage the expectations of both contracting parties regarding anti-bribery and anti-corruption.

What are the compliance terms and conditions that you should include in your commercial contracts with third parties? In the Panalpina Deferred Prosecution Agreement (DPA), Attachment C, Section 12 is found the following language, “Where necessary and appropriate, Panalpina will include standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anticorruption representations and undertakings relating to compliance with the anticorruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.” In the Johnson & Johnson (J&J) DPA, the same language as used in the Panalpina DPA is found in Attachment C, entitled “Corporate Compliance Program”. However, in Attachment D, entitled “Enhanced Compliance Obligations”, the following language is found: “Contracts with such third parties are to include appropriate FCPA compliance terms and conditions including; (i) representatives and undertakings of the third party to compliance; (ii) right to audit; and (iii) right to terminate.”

Mary Jones, in an article in this blog entitled “Panalpina’s World Wide Web”, suggested the following language be present in your compliance terms and conditions:

  • payment mechanisms that comply with this Manual, the FCPA [Foreign Corrupt Practices Act], the UKBA [UK Bribery Act] and other applicable anti-corruption and/or anti-bribery laws during the term of such contract;
  • the counterparty’s obligation to maintain accurate books and records in compliance with the Company’s Policy and Compliance Manual;
  • the counterparty’s obligation to certify on an annual basis that: (i) counterparty has not made, offered, or promised any payment or gift of money or anything of value, directly or indirectly, to any Government Official (or any other person or entity if UK Bribery Act applies) for the purpose of obtaining or retaining business or getting any improper business advantage; and (ii) counterparty has not engaged in any conduct or behavior prohibited by the Code of Conduct, Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law;
  • the Company’s right to audit the counterparty’s books and records, including, without limitation, any documentation relating to the counterparty’s interaction with any governmental entity (or any entity if UK Bribery Act applies) on behalf of the Company, and the counterparty’s obligation to cooperate fully with any such audit; and
  • remedies (including termination rights) for the failure of the counterparty to comply with the terms of the contract, the Code of Conduct, the Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law during the term of such contract.

Based on the foregoing experts and the research I have engaged in, I believe that compliance terms and conditions should be stated directly in the document, whether such document is a simple agency or consulting agreement or a joint venture (JV) with several formation documents. The compliance terms and conditions should include representations that in all undertakings the third party will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the company is a participant.

In addition to the above affirmative statements regarding conduct, a commercial contract with a third party should have the following compliance terms and conditions in it.

  • Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation.
  • Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of foreign business partner emails and bank accounts relating to your Company’s use of the foreign business partner.
  • Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further, such a finding will be the grounds for immediate cessation of all payments.
  • No Sub-Vendors (without approval): The foreign business partner must agree that it will not hire an agent, subcontractor or consultant without the Company’s prior written consent (to be based on adequate due diligence).
  • Audit Rights: An additional key element of a contract between a US Company and a foreign business partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training.
  • Acknowledgment: The foreign business partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws, which apply to either the foreign business partner or business relationship.
  • On-going Training: Require that the top management of the foreign business partner and all persons performing services on your behalf shall receive FCPA compliance training.
  • Annual Certification: Require an annual certification stating that the foreign business partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct.
  • Re-qualification: Require the foreign business partner re-qualify as a business partner at a regular interval of no greater than every three years.

Many will exclaim, “What an order, I can’t go through with it.” By this they mean that they do not believe that they will be able to get the third party to agree to such compliance terms and conditions. I have found that while it may not be easy, it is relatively simply to get a third party to agree to these, or similar, terms and conditions. One approach to take is that they are not negotiable. When faced with such a position on non-commercial terms many third parties will not fight such a position. There is some flexibility but the DOJ will require the minimum terms and conditions that it has suggested in the various Attachment Cs to the DPAs I have discussed. But the best position I have found is that if a third party agrees with these terms and conditions, they can then use that as a market differentiator from other third parties who have not gone through the life cycle management of a third party as this series has discussed.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

Customized Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,228 other followers