What is Your Compliance Strategy?

Do you have a strategy? The Houston Astros claim to have a strategy that involves being the worst team in baseball for up to the next five years and then magically they will become a winner. I suppose that having the worst record in baseball demonstrates that they are on the right path. Another three game series, another three game sweep by the visiting team, thus ending three games of some of the most pathetic baseball I have ever seen. However, even the ever-optimistic Astros manager, Bo Porter, admitted in an interview to the Houston Chronicle last week that “He has no idea if the Astros’ rebuilding plan will work.”

Now suppose you are in management, though not in the Houston Astros where you are implementing a strategy to set the all-time season record for losses, but a successful compliance program. How can you go about it? While most companies have compliance programs, they do not have a compliance strategy. To endure, a compliance strategy must address the interests of all stakeholders: investors, employees, customers, governments, NGOs, and society at large. A compliance strategy should increase shareholder value while at the same time improve the firm’s performance on environmental, social, and governance (ESG) dimensions. These concepts were recently explored in an article on sustainability in the May issue of the Harvard Business Review (HBR), article entitled “The Performance Frontier”. I found the concepts that the authors Robert G. Eccles and George Serafeim put forth, translate into the compliance arena as well.

The basic posit is that corporate investments in compliance do not necessarily require trade-offs in financial performance. Instead, if a company will focus on the issues that are the most relevant to both risk and shareholder value, a company should be able to boost both financial value and compliance performance. The authors believe that to do so, companies should focus on four areas.

1.      Identify Material Compliance Issues

While the overall list of compliance issues may be long and broad, the key is to determine the material issues to your company. In the context of sustainability, the authors suggest you can use a “Which Issues Matter Most” data map. They also phrased it in another manner by stating, “Evidence of economic impact is determined by evaluating both anecdotal reports and quantitative studies to gauge whether management (or mismanagement) of the issue will affect traditional corporate valuation parameters: revenue growth, return on capital, risk management, and management quality.” In the compliance arena, this would correspond to a risk assessment.

2.      Quantify the Relationship Between Financial and Compliance Performance

After you understand your company’s material compliance issues, assess the impact that improvements in each would have on financial performance. Compliance performance has many dimensions and depending on the company’s compliance strategy and the issue being considered, the most important dimension could be cost reduction, revenue growth, or gross margin defense. In the sustainability area, the authors state that a “host of factors complicate evaluations of the relationship between ESG and financial performance. Not the least of them are limitations on the ability to precisely measure ESG performance—a challenge that SASB and others are working to address.” However, even with this difficulty, I believe that a company can make an informed estimate of the slope of the performance-frontier curve for any pair of compliance and financial variables by determining whether each incremental improvement in compliance performance causes a corresponding positive or negative change in financial results – or has no impact.

3.      Innovate Products, Processes and Business Models

As with any strategy, it should be informed by your analysis. Once you determine the compliance issues to focus on, you should benchmark your industry peers on these issues. If your company’s performance falls short of industry benchmarks in a particular risk parameter, getting it up above par is the first priority. Within the sustainability context, the authors state that “At the very least it will mitigate your risks, since stakeholders tend to focus on industry laggards in campaigns aimed at increasing corporate ESG performance. Many improvements, such as reducing manufacturing waste, involve minor or moderate innovations that can enhance efficiency and, therefore, financial performance. Those sorts of innovations are increasingly necessary (but not sufficient) to ensure competitiveness.”

In the compliance arena, there are many resources available to you for benchmarking. The first place to start is the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) Guidance released last November. The “Hallmarks of Effective Compliance Programs” set forth in the Guidance is an excellent compilation of where we are and what you need in place to go forward. I recommend this as a good a starting point to evaluate the state of an ongoing compliance regime so assess your company’s risks and use these hallmarks as a basis to move forward.

4.      Communicate the Company’s Innovations to Stakeholders

This may be one area of a typical compliance strategy that a company does not normally take into account. A company’s compliance function cannot assume that shareholders and other stakeholders will understand how its innovations have improved both compliance and financial performance – and how the two interrelate – unless such information is communicated effectively. As the authors state in the framework of sustainability “This is more than a matter of public relations; major innovations often require substantial investments whose benefits will not be seen for years to come. If a company expects shareholders to commit for the long term in order to receive those benefits, it needs to provide them with information that justifies their investments.” The authors call this “integrated reporting” and I believe that this is also true in the area of compliance.

As a communications tool, integrated reporting involves more than posting a PDF version of the Code of Conduct on a company’s website. As with almost all reporting, the most effective reporting is as much about listening as talking, and it serves as a key platform for stakeholder engagement. The authors believe that integrated reporting is a “way to establish a conversation that considers a company’s performance in a holistic way, identifies the tough trade-offs, and builds a case for innovation and the benefits it can generate. This engagement is also central to eliciting feedback on how well the company is meeting expectations, the quality of its communications, and what it can do to improve them.”

On the final point, the authors state something that I believe is often overlooked as a part of any compliance strategy. It is that “integrated reporting enhances discipline. It forces management and employees to think about both the financial and the ESG implications of their decisions and helps spur innovation as they seek to improve both kinds of performance.” The FCPA Guidance speaks to Incentives and Disciplinary Measures, which is generally considered to be both the carrot and the stick. The stick to demonstrate that there should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. The carrot as the DOJ and SEC recognize that positive incentives can also drive compliant behavior. This would dovetail with the authors’ observation that integrated reporting enhances discipline.

Eccles and Serafeim discuss in their article the corporate benefits of having a sustainability strategy. I think their ideas are applicable to the compliance field and give you new ways to think about old problems. As for the Astros, maybe they could develop a winning strategy.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

DPAs and NPAs – Useful Tools to Achieve Compliance

The debate on whether the use of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) has become lively again over the past couple of weeks. Last week, there was a panel hosted by the Corporate Crime Reporter conference at the National Press Club. The panel was moderated by Steven Fagell, a partner at Covington & Burling LLP, and the panelists included Denis McInerney, the Criminal Division’s Deputy Assistant Attorney General, David Uhlmann, the former chief of the Environmental Crimes Section at the Department of Justice (DOJ), and currently a Professor of Law at the University of Michigan, the FCPA Professor, Michael Koehler, Kathleen Harris, a partner at Arnold & Porter LLP in London, and Anthony Barkow, a partner at Jenner & Block in New York.

The FCPA Professor wrote about the conference in two posts this week. The second post, entitled “Seeing the Light from the ‘Dark Ages’”, reported on the panel discussion. In this post, the Professor flatly says that DPAs and NPAs should be abolished in the context of Foreign Corrupt Practices Act (FCPA) enforcement and that a compliance defense should be added to the FCPA. In the other corner stands Mike Volkov, who said in a recent post, entitled “The Continuing Controversy Over DPAs and NPAs”, that DPAs and NPAs are part of the growing arsenal of prosecutorial tools that can be brought to bear by the DOJ and now the Securities and Exchange Commission (SEC).

The Professor previously articulated his views against DPAs and NPAs last fall in a post entitled “Assistant Attorney General Breuer’s Unconvincing Defense Of DPAs / NPAs”. In that post he said that the “use of NPAs or DPAs allow “under-prosecution” of egregious instance of corporate conduct while at the same time facilitate the “over-prosecution” of business conduct.” The ‘under-prosecution’ comes “because they [DPAs and NPAs] do not result in any actual charges filed against a company, and thus do not require the company to plead to any charges, allow egregious instances of corporate conduct to be resolved too lightly without adequate sanctions and without achieving maximum deterrence.” The ‘over-prosecution’ comes “because of the “carrots” and “sticks’ relevant to resolving a DOJ enforcement action often nudge companies to agree to these vehicles for reasons of risk-aversion and efficiency and not necessarily because the conduct at issue actually violates the law.” Volkov, being a former prosecutor, says that “Prosecutors like to have a variety of tools. An up or down decision system – indict or decline to indict – does not give prosecutors any ability to address the hard cases, where they are more inclined to decline prosecution rather than indict.”

However, I am neither a former prosecutor, like Volkov, nor a former white collar defense lawyer, like the Professor. I am a recovering trial lawyer who then went in-house. From this background I think that there is another line of reasoning as to why DPAs and NPAs are useful FCPA compliance enforcement tools and that line of reasoning is certainty. The primary reason for the prosecution and a company entering into a DPA/NPA is certainty. The one thing I learned in almost 20 years of trying cases is that nothing is certain when you leave the final decision to an ultimate trier of fact who is not yourself, whether that trier of fact be a jury, judge or arbitrator. The most important thing for a company is certainty and that is even more paramount when a potential criminal conviction looms over its corporate head. Certainty is equally critical for the prosecution. No matter how ‘slam dunk’ the facts are, or appear to be, once a prosecutor turns over the final decision in a case to another trier of fact; the prosecution has lost certainty in the final decision. Every corporate defendant who goes to trial can and should raise all procedural and factual defenses available to it. No prosecutor can ever be 100% certain that it will win every court ruling or that a guilty conviction will be upheld on appeal. However, a DPA/NPA can bring certainty. For a company, certainty in its rights and obligations, for the prosecution the same is true.

There was another article which considered the panel discussion held at the Corporate Crime Reporter conference entitled “McInerney Defends Deferred and Non Prosecution Agreements”. This article included quotes from David Uhlmann, who said that he believes, “This is about a profound ambivalence in parts of the Department about the very notion of corporate criminality.” Uhlmann believes that it this ambivalence which has driven the use of DPAs. He believes that the DOJ should make an “up or down” decision on whether a corporation should be prosecuted or not. He was quoted as saying “There is no more important role that the Justice Department plays than its role investigating and prosecuting crime. And if the Justice Department believes that a particular case warrants criminal prosecution, it should bring criminal charges. It should not sacrifice criminal prosecution to a private agreement never entered in court, never overseen by a judge in any meaningful way that doesn’t involve any public hearing, that doesn’t involve any corporate officials coming into the courtroom admitting guilt. On the other hand, if the Justice Department doesn’t believe that a criminal prosecution is necessary or warranted, then they should decline. They should decline prosecution in favor of — in most cases they have the option of civil or administrative enforcement.”

The Professor had a slightly different take on the use of DPAs in the context of criminal prosecutions of corporations. He was quoted as saying, “The Department has become so uncomfortable with the traditional notions of corporate criminal liability that they have constructed and indeed championed this alternative reality that is equally problematic.” Further, “These resolutions have had a troubling, distortive and toxic effect on this one area of law,” Koehler concluded. “There is no judicial scrutiny of most fcpa enforcement theories.” And, lastly, “Of course, the Justice Department is in favor of these because it makes their job easier. Of course, the FCPA bar and FCPA Inc. is in favor of these it expands the market for legal services.”

Criminal Division Deputy Assistant Attorney General McInerney made clear that he is not ambivalent at all about corporate criminal liability and specifically stated this. So let me speak from the perspective of a lawyer from Houston, who has represented companies in the energy space for quite some time. The frustration that boiled over from the lack of prosecutions regarding the financial troubles of the recent years should not obscure the fact that the DOJ has and will continue to pursue criminal cases against corporations.

But to paraphrase Joe Jackson, something else is going on ‘round here with prosecutions of corporate criminal conduct and the use of DPAs/NPAs. While one role of the DOJ is to prosecute law breakers; I believe that another role of the DOJ is to increase and encourage compliance with laws. The DPA/NPA debate does not stand in a vacuum. I believe that by offering incentives for companies to self-disclose and cooperate, the DOJ is increasing compliance with the FCPA. If there is no incentive to cooperate, there will be none. Period. If a company will face a criminal indictment or charge if it investigates a matter and self-discloses to the DOJ, how many companies will do so? McInerney was quoted as saying, “You are disincentivizing companies in terms of doing the right thing. You are not crediting companies for doing the right thing.”

Now let me take the flip side; Arthur Anderson. For all the howls that there is no empirical evidence that indicting and convicting companies puts them out of business; I am certainly not persuaded. I saw it happen, here in Houston. Was it in the interest of the US government to put Arthur Anderson out of business? Did it further the policies of this country to go from the Big Four to the Big Three? What about all the Arthur Anderson employees who did not work on the Enron account, what policy did it further to have them lose everything they invested in their professional life? If DPAs/NPAs are less draconian in their effect than destruction of a corporation’s existence, does that make them somehow less useful? If the DOJ wants to put such a factor into their decision making, I find that to be an appropriate calculus.

As to the charge that the FCPA Bar/FCPA Inc. used DPAs/NPAs to expand their market for work? [Full disclosure - I am a member of the FCPA Bar and ergo, FCPA Inc.] I think that it is the job of a lawyer to advise his or her clients on their legal obligations and to assist in fulfilling those obligations. Is it in my own myopic self-interest to advocate compliance with the FCPA? Or am I a part of the FCPA Bar and Inc. which assists companies to comply with a now 35 year old law? Whichever answer you prefer, I believe that there is more compliance now and that the use of DPAs/NPAs is a contributing factor to this increased compliance.

Another panelist, Anthony Barkow posited yet another angle. He said “one the primary policy justifications — or certainly a significant policy justification — is — getting DPAs and NPAs is easy. “It’s a lot easier than charging a company,”” Barkow said. “And it’s a lot easier than charging it and to try to get a plea.” While I do not pretend to know the intricacies of obtaining an indictment or going before a grand jury, it is always easier to settle something rather than try a case. But that does not mean any less work goes on, either from the corporate side or especially from the government side. FCPA enforcement actions are huge, document intensive cases and from what little I know of the process, the DOJ works quite hard to craft an appropriate resolution for each case. Further, there are multiple levels of review in the DOJ so many sets of eyes look at these matters. So while it may be easier to reach a resolution rather than charging and criminally trying a corporation, that does not mean in any way, shape or form that this work is easy. The work is hard, time intensive and takes literally thousands of man-hours by all parties involved to reach any resolution. Simply because a new enforcement tool is available, which is short of a criminal indictment and trial, does not mean that it is not a useful tool and should not be used.

Mike Volkov ended his post with the following, “The debate will continue – I have no doubt of that.” I would certainly second that notion. But from where I sit the use of DPAs/NPAs has improved compliance with the FCPA because their use has given corporations a real incentive to thoroughly investigate allegations of bribery and corruption and then work with the government to appropriately remediate the situation.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

And Then There Was One – Willbros Related FCPA Enforcement Continues

Last week, the US Department of Justice (DOJ) announced the sentencing of Paul G. Novak, a former consultant of Willbros International, Inc., a subsidiary of the Houston based Willbros Group, for his role in a conspiracy to pay more than $6 million in bribes to government officials of the Federal Republic of Nigeria and officials from a Nigerian political party. According to the DOJ Press Release announcing the sentencing, “Novak pleaded guilty to one count of conspiracy to violate the Foreign Corrupt Practices Act (FCPA) and one substantive count of violating the FCPA. Novak admitted that from approximately late-2003 to March 2005, he conspired with others to make a series of corrupt payments”. Novak was sentenced to serve 15 months in a federal prison.

The sentencing continues the long running saga of the company over efforts by Willbros, Novak, certain employees and others to make a series of corrupt payments totaling more than $6 million to various Nigerian government officials and officials from a Nigerian political party to assist Willbros and its joint venture partner, a construction company based in Mannheim, Germany, in obtaining and retaining the Eastern Gas Gathering System (EGGS) Project, which was valued at approximately $387 million. The EGGS project was a natural gas pipeline system in the Niger Delta designed to relieve existing pipeline capacity constraints.

The company itself paid $32.3 million and entered into a Deferred Prosecution Agreement (DPA) to settle civil and criminal FCPA charges with the DOJ and Securities and Exchange Commission (SEC). According to the FCPA Blog, in a post entitled “Willbros Resolves FCPA Offenses”, “the FCPA violations involved former operations in Bolivia, Ecuador and Nigeria.” The DOJ’s “information included substantive violations of the FCPA’s antibribery provisions and violations of the books and records provisions. All twelve counts relate to operations in Nigeria, Ecuador and Bolivia during the period from 1996 to 2005. The SEC’s complaint alleged civil violations of the antifraud provisions of the Securities Exchange Act, the antibribery provisions, and the reporting, books and records and internal controls provisions.” The company paid $22 million to settle the DOJ’s criminal case and $10.3 million relating to the SEC’s civil enforcement action. The company agreed to a three-year DPA with the DOJ and had a corporate monitor.  The company successfully completed its DPA, which was discharged in 2012.

In addition to the charges against the company and Novak, three former Willbros employees were also indicted over the FCPA violations. According another post by the FCPA Blog, entitled “Prison for Ex-Willbros Execs”, two of these former Willbros executives received and successfully served prison time. “Jim Bob Brown, 48, was sentenced in federal court in Houston to one year and one day in prison and fined $17,500; Jason Edward Steph, 40, was sentenced to 15 months and fined $2,000. Steph, who once served as general manager of on-shore operations for Willbros International, pleaded guilty in November 2007. He said in his plea that in 2005 he, Brown, and others arranged to pay about $1.8 million in cash to Nigerian officials. Brown pleaded guilty in September 2006 to conspiracy to violate the FCPA.” This brings the sentencing for Willbros related FCPA violations up to date as the following:

Sentencing Box Score

Entity or Person	Fine	DPA Time and Resolution	Jail Time
Willbros Group, Inc. and Willbros International Inc.	$22MM to DOJ$10.30MM to SEC	3 year DPA with Monitor. Successfully completed.
Jim Bob Brown	$17,500.00		12 months and one day in prison, 2 years supervised release.
Jason Steph	$2,000.00		15 months in prison, 2 years supervised release
Paul Novak	$1MM		15 months in prison, 2 years of supervised release

A third former company executive, James Tillery, had been previously charged with conspiring to bribe Nigerian and Ecuadorian government officials to obtain and retain gas pipeline construction and rehabilitation business from state-owned oil companies in those countries. Tillery was indicted for one count of conspiracy to violate the FCPA, two counts of violating the FCPA in connection with the authorization of specific corrupt payments to officials in Nigeria and Ecuador. Tillery was alleged to be a Willbros International employee and executive from the 1980s through January 2005. From 2002 until January 2005, he served as executive vice president and later as president of the company. Novak was an employee in the mid-1990s and later worked as an oil and gas consultant in Nigeria, purporting to provide consulting services to companies in that field.

Interestingly, in 2010, Tillery was arrested in Lagos, Nigeria. As reported by the FCPA Blog, in a post entitled “Tillery’s Extraction”, he was “seized by the Federal Bureau of Investigation (FBI) in Lagos and is being held by American authorities.” However, at some point later, the process was ceased due to intervention by the “Nigerian high court had halted the extradition at least until the end of the month because due process wasn’t followed.” In yet another twist to the saga, Tillery had apparently renounced his US citizenship and “had since naturalized as a Nigerian.” The FCPA Blog quoted a report from a Nigerian press source who said “normal extradition procedures weren’t followed and characterized Tillery’s arrest as an “extraction” and a “forceful extradition.””

So, now there is one left from the Willbros FCPA enforcement action, that being James Tillery. The Willbros bribery scheme was one of the most comprehensive and certainly one of the early cases in the post-2004 increase in growth regarding enforcement actions. It will be interesting to see if Tillery ever has to answer the charges brought against him in connection with this matter.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

From the Compact Model to the Luxury Model – Managing Your Third Party Risk

I am currently attending the Hanson Wade Oil and Gas Supply Chain Compliance conference in Houston. The event is excellent and the presentations have been ‘spot on’ for the nuts and bolts of how to do compliance. As the conference is in Houston, a number of the speakers and attendees are from energy companies but the concepts that are being discussed apply to all companies which have an anti-corruption or anti-bribery compliance program. One of the things that came through each of the presentations was that as compliance programs mature, many companies are developing programs which are more tailored towards the risks that companies face, which are ascertained through more sophisticated risk assessments and management of those risks.

This pattern is certainly consistent with the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) FCPA Guidance which says that a company should assess its risks and manage its risks. From this starting position, a company can then put together a well thought out and reasoned approach to Foreign Corrupt Practices Act (FCPA) compliance. Many of the presentations dealt with third parties and the differing responses and approaches companies have developed for the specific risks that they have uncovered.

Clearly third party risk mitigation through due diligence is key. How much due diligence is enough? One speaker said that it is a balancing call to determine the right amount. There were several presentations which spoke about the increasing use of technology to assist companies in this process. One speaker, a former federal prosecutor, said that one of the things that she looked for when a prosecutor was the ‘thoughtful analysis’ that the FCPA Guidance speaks about. To this end she believes that the human element will always be important because prosecutors want to see the thought process of not only how your program is designed but how you have crafted your risk mitigation based upon the information that you have assessed.

One of the speakers listed some of the factors to begin the review of your third parties. Recognizing that there is no one all-encompassing list, she suggested the following:

1. How many third parties do you have?
2. Where are these third parties located?
3. Industry or sector do you conduct business?
4. What is the relationship of the third party to a foreign government or state owned enterprise?
5. Are the owners of the third party related at all to government employees?
6. Is the use of the third party a business necessity or not? Why do you need to use sales representatives?
7. What are the reputations and qualifications of the third parties? Can they do what you need them to do from a commercial perspective?
8. How much control will you have over the third parties? Contrast the control that you have over sales agents with the lesser amount of control that you have over distributors and joint ventures.

From the answers to some of these questions you can begin to craft your third party due diligence inquiries. I was intrigued by one speaker who speech contrasted the steps that you might take with a lower risk third party with that of a higher risk third party. She likened the lower risk approach to that of a compact car and set out the following suggestions:

• Rank each third party by the risk you have assessed;
• Perform an Internet search on the third party;
• Perform reference checks on the third party;
• Interview control persons involved with the third party;
• Agreement to abide by anti-bribery and anti-corruption laws;
• Insert appropriate compliance terms and conditions in your third party contracts.

She contrasted the Compact model with what she termed the ‘Luxury model’ requirements of a third party program:

• Prioritize your third parties by risk;
• Appoint a Business Unit sponsor for each third party;
• Develop a detailed third party application;
• Perform an electronic records search on each third party;
• Also perform independent screening of each third party;
• Perform reference checks on each third party;
• Perform site visits and interviews of each third party;
• Have each third party acknowledgement your company’s Code of Conduct;
• Require each third party  to go through ethics training;
• Create a company committee, consisting of internal business, legal and compliance representatives to review your high risk third parties;
• Insert compliance terms and conditions into each third party contract;
• Require both internal and external audits of each third party;
• Perform annual updates on your third parties; and
• Perform quarterly electronic database rescreening.

There was also a discussion of some common Red Flags that you should be on the outlook for. They included:

• Excessive commissions paid to third parties;
• Unreasonable discounts given to third parties such as distributors;
• Vaguely described services in a third party contract or invoice back to your company;
• A third party which is in a different line of business than the one you want to hire to assist your company;
• Close association by the third party with a Foreign Official;
• Retention of the third party is required by a Foreign Official;
• The third party is a shell company located offshore; and
• Payments made to the third party are in a country different from the location where the third party’s services are delivered.

The concepts I derived from this presentation is that you should assess and manage your risks. If you determine them to be low, the Compact Model may work for you. If your third party risks are high, then the Luxury Model may be more appropriate. If you use a thoughtful and reasoned approach, you can navigate this area. But always Document, Document and then Document what you have done and why.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

FCPA Prosecutions Against Individuals? Check Out April

One of the oft-heard criticisms of the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) is the lack of individual prosecutions under the Foreign Corrupt Practices Act (FCPA). That may well be on its way to changing as April 2013 may become known as “FCPA Individuals Month” for the charges and enforcement actions brought against various individuals for FCPA violations. The DOJ and SEC used several different types of enforcement actions, both criminal and civil, against a variety of individuals over the past month.

I.                   BizJet

One group of charges was the four enforcement actions involving individuals concerning BizJet. The lineup of those three BizJet executives and one employee involved in these enforcement actions is as follows:

1. Bernd Kowalewski – President and Chief Executive Officer (CEO);
2. Peter DuBois – Vice President of Sales and Marketing;
3. Neal Uhl – Vice President of Finance; and
4. Jald Jensen – Regional Sales Manager

Defendants DuBois and Uhl pled guilty in January, 2012 and had their pleas unsealed on April 5, 2013. Defendants Kowalewski and Jensen were charged by Criminal Indictment, also in January, 2012, but are still at large today. The DOJ Press Release states that “The two remaining defendants are believed to remain abroad.” The bribes were characterized as “commission payments” and “referral fees” on the company’s books and records. Payments were made from both international and company bank accounts here in the United States. In other words, this was as clear a case of a pattern and practice of bribery, authorized by the highest levels of the company, paid through US banks and attempts to hide all of the above by mis-characterizing them in the company’s books and records.

II.                Alstom

Two individuals from the company later identified as Alstom were charged or had their charges made public in April. According to a DOJ Press Release dated April 16, 2013, “Frederic Pierucci, 45, a current company executive [of Alstom] who previously held the position of vice president of global sales for the Connecticut-based U.S. subsidiary, was charged in an indictment unsealed yesterday in the District of Connecticut with conspiring to violate the Foreign Corrupt Practices Act (FCPA) and to launder money, as well as substantive charges of violating the FCPA and money laundering.” Pierucci was arrested. A former Alstom executive, “David Rothschild, 67, of Massachusetts, a former vice president of sales for the Connecticut-based U.S. subsidiary, pleaded guilty on Nov. 2, 2012, to a criminal information charging one count of conspiracy to violate the FCPA.”

In a post by the FCPA Professor, entitled “Current And Former Alstom Employees Charged In Connection With Payments In Indonesia”, he stated the two were involved with the following: “The conduct at issue concerned the Tarahan coal-fired steam power plant project in Indonesia.” Both were charged around the same set of facts. Pierucci and Rothschild, together with others, paid bribes to officials in Indonesia, including a member of Indonesian Parliament and high-ranking members of Perusahaan Listrik Negara (PLN), the state-owned and state-controlled electricity company, in exchange for those officials’ assistance in securing a contract for the company to provide power-related services for the citizens of Indonesia, known as the Tarahan project. The charges allege that, in order to conceal the bribes, the defendants retained two consultants purportedly to provide legitimate consulting services on behalf of the power company and its subsidiaries in connection with the Tarahan project. In reality, however, the primary purpose for hiring the consultants was allegedly to use the consultants to pay bribes to Indonesian officials.

The Pierucci Indictment specified the following Counts for violations of the FCPA involving the first consultant.

Count	Date	Means and Instrumentalities of Interstate and International Commerce
Two	11/16/2005	Wire transfer in the amount of $200,064 from Power Company’s Connecticut bank account to Consultant A’s bank account in Maryland for the purpose of bribing Official 1.
Three	1/4/2006	Wire transfer in the amount of $200,064 from Power Company’s Connecticut bank account to Consultant A’s bank account in Maryland for the purpose of bribing Official 1.
Four	3/7/2007	Wire transfer in the amount of $200,064 from Power Company’s Connecticut bank account to Consultant A’s bank account in Maryland for the purpose of bribing Official 1.
Five	10/5/2009	Wire transfer in the amount of $66,688 from Power Company’s Connecticut bank account to Consultant A’s bank account in Maryland for the purpose of bribing Official 1.

III.             Frederic Cilnis

In a blog post, entitled “The Danger of FCPA “Proactive” Investigations”, Mike Volkov stated “At the recent Dow Jones Compliance Symposium in Washington, D.C., an FBI official warned the attendees that the Shot Show debacle would not deter law enforcement from using proactive investigations techniques. It was a stark warning because it was realized in less than thirty days.” This was dramatically demonstrated with the arrest of Frederic Cilnis.

An article in the Financial Times (FT), entitled “FBI sting says that ‘agent’ sought to have mining contracts destroyed”, it was reported that “Frederic Cilins held the last of a series of meetings with the widow of an African dictator to discuss what she was going to do with some sensitive documents.” What were these ‘sensitive documents’? The FT reported that it had seen “some of the documents” and “According to one copy of a contract seen by the FT” it appeared to agree to pay $4m the wife of the then President of the country to help to secure rights to a mining concession in Guinea. Unfortunately for Cilins he “did not realise that the woman he was talking to was wearing a wire and that FBI agents were watching. As he left the meeting, the agents arrested him carrying envelopes filled with $20,000 in cash, the indictment says. That was a pittance compared with the $5m he was taped offering the dictator’s widow during what US authorities say was a two-month campaign to tamper with a witness and destroy records.”

IV.              Uriel Sharef

Uriel Sharef was a former officer and board member of Siemens. According to the SEC Press Release announcing resolution of his matter, “The settlement resolves the Commission’s civil action against Sharef for his role in Siemens’ decade-long bribery scheme to retain a $1 billion government contract to produce national identity cards for Argentine citizens. The final judgment, to which Sharef consented, enjoins him from violating the anti-bribery and related internal controls provisions of the FCPA and orders him to pay a $275,000 civil penalty, the second highest penalty assessed against an individual in an FCPA case.”

The FCPA Professor, in his April 19 Friday Roundup, posed the following “The burning question of course is whether the SEC would have prevailed against Sharef if he put the SEC to its burden of proof. As highlighted in this previous post, Sharef’s co-defendant, Herbert Steffen, did just that and in February Judge Shira Scheindlin dismissed the SEC’s complaint against Steffen finding that personal jurisdiction over Steffen exceeded the limits of due process.” However, the SEC Press Release seemed to anticipate this query by stating that “Sharef met with payment intermediaries in the United States and agreed to pay $27 million in bribes to Argentine officials. Sharef also enlisted subordinates to conceal the payments by circumventing Siemens’ internal accounting controls.”

In the month of April, the US enforcement agencies certainly seemed to be answering the questions about bringing FCPA criminal charges and civil complaints against individuals. You may quibble about the sentences handed out in the BizJet case but that is another discussion for another day. For those who may have thought that the use of wire taps, cooperating witness and other proactive federal law enforcement techniques may not be used in FCPA cases after the Gun Sting cases dismissals, such techniques were used in both the BizJet matters and the action against Cilnis. Lastly, one phone call to the US may not create in personam jurisdiction but if you come to the US and engage in conduct which violates the FCPA, personal jurisdiction will attach.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

My FCPA and Bribery Act Musings Continue

This past week, my second book, “Best Practices Under the FCPA and Bribery Act” was released. Over the past few years I have tried to provide the compliance practitioner with solid information that can be used to implement, review and enhance a US Foreign Corrupt Practices Act (FCPA) or UK Bribery Act based compliance program. I am often asked to collect my blog posting regarding what are the current best practices for an anti-corruption/anti-bribery compliance program. In other words, what are the specifics of a compliance program. This volume will provide the compliance practitioner with information that can be used for the ‘nuts and bolts’ of compliance.

Using the format of the most recent US Department of Justice (DOJ) and Securities and Exchange Commission (SEC) “A Resource Guide to the U.S. Foreign Corrupt Practices Act. The Foreign Corrupt Practices Act (FCPA)” [the “FCPA Guidance”]; I have included some of my thoughts on what you can do to create and maintain a best practices compliance program. I have also included some thoughts on how to create and maintain such a compliance program using the Six Principles of an Adequate Procedures compliance regime under the UK Bribery Act.

I was honored to have the FCPA Professor, Mike Koehler, pen the forward and he said, in part, “In the current global marketplace, Foreign Corrupt Practices Act (“FCPA”) risk needs to be on the radar screen of most companies – large and small, public and private, and across industry sectors. Given the current enforcement theories of the Department of Justice and Securities and Exchange Commission, FCPA risk is not always apparent from reading the statute. There is no way for business organizations to truly eliminate FCPA risk, but such risk can be effectively managed and minimized through pro-active policies and procedures and other means of risk assessment.”

I hope that you can use this volume, in conjunction with the FCPA Guidance and the Ministry of Justice’s Six Principles of an Adequate Procedures compliance program, to implement or enhance your compliance regime. Both the FCPA Guidance and Six Principles make clear that there is no ‘one size fits all’ compliance program. The key is to assess your company’s risks and to manage those risks appropriately. This volume will help you to determine the type and scope of program that is appropriate for your company and will assist your compliance efforts going forward.

Best Practices Under the FCPA and Bribery Act is available exclusively on amazon.com. For a copy, click here.

Actions Taken During a FCPA Enforcement Action-Lessons from Parker Drilling and Ralph Lauren

In the two most recent corporate Foreign Corrupt Practices Act (FCPA) enforcement actions, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) to communicate not only what they believe constitutes a best practices compliance program but equally importantly what actions a company can engage in which will significantly reduce a company’s overall fine and penalty. These matters involved Parker Drilling Company (Parker Drilling) and the Ralph Lauren Corporation. Parker Drilling received a Deferred Prosecution Agreement (DPA) and Ralph Lauren sustained a Non-Prosecution Agreement (NPA).

Fines and Penalties

Parker Drilling’s conduct earned it an “approximately 20 percent reduction off the bottom of the fine range” which suggested a fine of between $14.7MM to $29.4MM. The final DOJ fine was  $11,760,000. The company also agreed to pay disgorgement of $3,050MM plus pre-judgment interest of $1,040,818, to the SEC. Ralph Lauren  agreed to pay $882K to the DOJ and $593K in disgorgement and $141K in pre-judgment interest to the SEC.

Self-Disclosure

In the DOJ/SEC FCPA Guidance released last year one of the clear messages was that companies should self-disclose any potential FCPA violations. While this question is debated by the FCPA intelligentsia and in compliance/legal department across the country, one of the key takeaways is that companies should self-disclose. In the section on Declinations, which included stripped out information on six companies which received declinations to prosecute, one of the common factors was that each company self-disclosed its FCPA violation.

In the Ralph Lauren NPA, the DOJ stated that one of the factors which led to the NPA was “the Company’s timely, voluntary, and complete disclosure of the conduct”. This is contrasted with the Parker Drilling DPA, where there was no information listed regarding self-disclosure. In its Press Release announcing the resolution of the Parker Drilling matter, the DOJ stated it “stemmed from the DOJ’s Panalpina-related investigations.”

What Did You Do When You Found Out About It? Prong II – Extensive Cooperation

Both companies provided extensive cooperation to the DOJ and SEC throughout the pendency of their respective investigations. In the Ralph Lauren NPA, the DOJ detailed the company’s conduct by stating that “the Company’s extensive, thorough, and real-time cooperation with the Department, including conducting an internal investigation, voluntarily making employees available for interviews, making voluntary document disclosures, conducting a world-wide risk assessment, and making multiple presentations to the Department on the status and findings of the internal investigation and the risk assessment”. In the Parker Drilling DPA, the DOJ stated that “the Company’s cooperation, including conducting an extensive internal investigation and collecting, analyzing, and organizing voluminous evidence and information for the Department”.

What Did You Do When You Found Out About It? Prong I – Remediation

Implementing one of the prongs of McNulty’s Maxim No. 3, both companies engaged in extensive remediation during the investigations. The Ralph Lauren NPA stated that “the Company’s early and extensive remedial efforts already undertaken – including conducting extensive FCPA training for employees world-wide, enhancing the Company’s existing FCPA policy, implementing an enhanced gift policy as well as other enhanced compliance, control and anti-corruption policies and procedures, enhancing its due diligence protocol for third-party agents, terminating culpable employees and a third-party agent, instituting a whistleblower hotline, and hiring a designated corporate compliance attorney – and to be undertaken, including enhancements to its compliance program as described in Attachment B (Corporate Compliance Program);”.

Parker Drilling also engaged in extensive work to create a gold standard compliance program all the while undergoing its own internal investigation. According to the DPA, “the Company has engaged in extensive remediation, including ending its business relationships with officers, employees, or agents primarily responsible for the corrupt payments, enhancing its due diligence protocol for third-party agents and consultants, increasing training and testing requirements, and instituting heightened review of proposals and other transactional documents for all the Company’s contracts.” Parker Drilling also hired “a fulltime Chief Compliance Officer and Counsel who reports to the Chief Executive Officer and Audit Committee, as well as staff to assist the Chief Compliance Officer and Counsel.” The Company worked to strengthen its internal controls. Lastly, and I hope that you remember this from the Morgan Stanley Declination, Parker Drilling implemented “a compliance-awareness improvement initiative and program that includes issuance of periodic anti-bribery compliance alerts.”

Self-Monitoring and Reporting to the DOJ

In an area that is sometimes overlooked in both DPAs and NPAs, both companies agreed to self-monitor the effectiveness of their compliance programs and make no less than annual reports to the DOJ. In its three-year DPA, Parker Drilling agreed to monitor and “that it will report to the Department periodically, at no less than twelve-month intervals during a three-year term, regarding remediation and implementation of the compliance program and internal controls, policies, and procedures”. In its two year NPA, Ralph Lauren agreed to monitor and “report to the Department periodically, at no less than twelve-month intervals during a two-year term, regarding remediation and implementation of the compliance program and internal controls, policies, and procedures.”

Both the DOJ and SEC continue to communicate to the compliance practitioner what they expect from companies in the way of a best practices compliance program and what a company should do if they discover a potential FCPA violation. These communications, through enforcement actions, DPAs, NPAs and Declinations, are consistent with the information provided by the DOJ/SEC in the FCPA Guidance. Both of these enforcement actions demonstrate that if a company gets ahead of the curve, it can significantly lessen its overall penalty and pain.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

What’s the Message from BizJet? Self-Disclose and Cooperate

Over the past week there has been a plethora of Foreign Corrupt Practices Act (FCPA) enforcement actions released. One group was the four enforcement actions involving individuals concerning BizJet. While I cannot say that the enforcement actions against the individuals were stunning, perhaps what was surprising were the penalties that two of the individual received. The lineup of those three BizJet executives and one employee involved in these enforcement actions is as follows:

1. Bernd Kowalewski – President and Chief Executive Officer (CEO);
2. Peter DuBois – Vice President of Sales and Marketing;
3. Neal Uhl – Vice President of Finance; and
4. Jald Jensen – Regional Sales Manager

Defendants DuBois and Uhl pled guilty in January, 2012 and had their pleas unsealed on April 5, 2013. Defendants Kowalewski and Jensen were charged by Criminal Indictment, also in January, 2012 but are still at large today. The Department of Justice (DOJ) Press Release states that “The two remaining defendants are believed to remain abroad.”

BizJet Bribery Box Score

From the previously released Bizjet Deferred Prosecution Agreement (DPA) and the recently released documents, I have updated the “BizJet Bribery Box Score”.

BizJet Executive or Employee Named	Payment Made To	Amount of Payment	Others Involved
Jald Jensen	Official 6	Cell Phone and $10K	Peter DuBois and Neal Uhl
Jald Jensen	Official 3	$2K	Peter DuBois
Peter DuBois, Neal Uhl and Jald Jensen	Official 2	$20K
Neal Uhl	Official 2	$30K	Jald Jensen
Peter DuBois	Mexican Federal Police Chief	$10K	Neal Uhl and Jald Jensen
Neal Uhl	Official 5	$18K	Jald Jensen
Jald Jensen	Official 4	$50K
Jald Jensen	Mexican Federal Police	$176	Neal Uhl
Jald Jensen	Official 4	$40K
Jald Jensen	Mexican Federal Police	$210K	Neal Uhl
Jald Jensen	Official 5	$6K	Neal Uhl
Neal Uhl	Official 5	$22K

The above bribes were characterized as “commission payments” and “referral fees” on the company’s books and records. Payments were made from both international and company bank accounts here in the United States. In other words, this was as clear a case of a pattern and practice of bribery, authorized by the highest levels of the company, paid through US banks and attempts to hide all of the above by mis-characterizing them in the company’s books and records.

Penalty Box Score

As bad as the conduct of the BizJet executives and sales manager was – and it was very bad – the thing that stood out in the enforcement actions announced last week was the sentences. So without further ado here is the “Penalty Box Score” for defendants DuBois and Uhl.

Individual	Fine or Disgorgement	Potential Incarceration	Actual Incarceration
Peter DuBois	$159,950	108 to 120 months in jail	8 months home incarceration, 60 month’s probation
Neal Uhl	$10,000	60 months in jail	60 month’s probation

The clear import of the BizJet DPA was that a company can make a comeback in the face of very bad facts. In the BizJet DPA, the calculation of the fine, based upon the factors set out in the US Sentencing Guidelines, ranged between a low of $17.1MM to a high of $34.2MM. The final agreed upon monetary penalty was $11.8MM. This was a significant reduction from the suggested low or high end, or as was noted by the FCPA Blog “BizJet’s reduction was 30% off the bottom of the fine range, and a whopping 65% off the top of the fine range.” Finally, BizJet was able to avoid having an external monitor put in place.

Cooperation is the Key

What led to these sentence reductions? Quite simply the answer is full cooperation with the DOJ. The FCPA Professor stated, in a post entitled “Unsealed Documents In Enforcement Acton Against Former BizJet Executives Reveal A Trove Of Information”, that “As part of his plea agreement, DuBois worked in an undercover capacity for the government. The motion specifically states as follows. “As part of his work in an undercover capacity, Mr. DuBois has recorded conversations with former BizJet executives and other subjects of the government’s ongoing investigation.” Later, the motion to seal states that “public identification of Mr. DuBois as a defendant who likely is cooperating with the government may jeopardize the undercover aspect of the government’s investigation.”

In addition to his work as an undercover operative, the Professor quoted from the DOJ Sentencing Memorandum that “assisted in the investigation from the outset and cooperated fully with the government throughout its investigation. DuBois submitted to multiple interviews by the government and has assisted in every way that the government has asked. DuBois told the truth to the government from the outset and continued to do so up until this very day. DuBois’ cooperation not only assisted the government in connection with its investigation into BizJet, but also led to the investigation of another maintenance, repair, and overhaul company engaged in a similar scheme to pay bribes to government officials overseas.”

With regarding to UHL, the Professor quoted from the DOJ Motion for a Downward Departure as follows, “Uhl “agreed to a voluntary proffer session and, when confronted by the government, admitted to the illegal conduct. Throughout the course of the investigation, Uhl was cooperative and provided truthful information that substantially assisted the government in confronting other co-conspirators and witnesses. Uhl offered to assist in any way that he could.”

In another post, entitled “Where Was the BizJet Board?”, the FCPA Professor noted that the conduct engaged in by BizJet was “egregious” and I would certainly second that, perhaps adding that it was about as bad as it could get in the FCPA world. He goes on to state that “Yet, BizJet was allowed to resolve the enforcement action via a deferred prosecution agreement, meaning that should it abide by the terms and conditions of the agreement, BizJet will never be required to plead guilty to anything.” He went on to pose the question, “If that is the DOJ position, then it must be asked – does corporate criminal liability actually mean anything if a company like BizJet – given the DOJ’s allegations – is not actually criminally prosecuted or required to plead guilty?” He ended his post with the following, “In short, the resolution vehicles the DOJ has created and championed has again lead to a “facade of enforcement” – albeit an instance on the opposite end of the spectrum that I normally highlight.”

I think that there is another way to look at the BizJet enforcement action and the individual enforcement actions against DuBois and Uhl. BizJet self-disclosed to the DOJ, engaged in what the DOJ termed “extraordinary cooperation” and remediated the people and conduct in question. Further, DuBois and Uhl not only offered themselves up but actively worked with and assisted the DOJ in its investigation going forward. If one of the goals of the DOJ is to achieve greater compliance with the FCPA, I think that the BizJet cases is a clear demonstration that if a company has FCPA violations they can self-disclose and be given credit for working very diligently in conjunction with the DOJ to remedy the conduct at issue and move the investigation forward.

I believe the same is true for individuals who have engaged in FCPA violations. If a person provides the same level of cooperation as DuBois and Uhl and the DOJ then prosecutes them to the full extent of the US Sentencing Guidelines, how much cooperation do you think the DOJ will engender going forward once the word gets out in the white collar defense bar?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

In the Limelight-the Theater, Lady Gaga and Compliance

What is your favorite Canadian group? For my money it is the band Rush. My favorite Rush song is probably “Limelight”. How many times have you heard about ‘being in the limelight’? The phrase comes from the British theater where lights in the theater used quicklime. Although long since replaced, lighting in the British theater is still called ‘limes’.

I thought about Rush and their hit song when I recently read a couple of articles on leadership in the theater. I found that some of the insights in these articles could be applied in a compliance program for a multi-national company. In an article in the New York Times (NYT) Corner Office Section, entitled “First, Make Sure Your Idea Works On a Small Stage”, reporter Adam Bryant interviewed Francesca Zambello who is both the general and artistic director of the Glimmerglass Festival and the artistic director of the Washington National Opera.

Think Small

Zambello had a very interesting point that I do not consider often. She said that one of the most memorable lessons that she ever learned from a mentor was to make sure that your creative idea will work on the small stage. By this she did not mean that you cannot have a big idea or large concept. Instead “The most important thing he ever taught me was that if you don’t make sure the show is right in a small room, it will never be right in a big space, on a big stage.”

I found this comment particularly insightful in the context of the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance. The FCPA Guidance makes clear that a company should design a compliance program which is appropriate for its size, markets and risks. There is no one standard and the FCPA Guidance states: “DOJ and SEC have no formulaic requirements regarding compliance programs. Rather, they employ a common-sense and pragmatic approach to evaluating compliance programs, making inquiries related to three basic questions: • Is the company’s compliance program well designed? • Is it being applied in good faith? • Does it work?”

I have seen many instances where a company will try and implement a compliance regime which is appropriate for a company many times its size. It becomes a top down exercise but as noted in the Zambello interview, it does not work well in the smaller setting because it is not assessing and managing the risks appropriate to a small company. Here a bottom up approach can be much more effective. Certainly this could be accomplished through a formal risk assessment but it may also come through talking and meeting with your internal business units or partners. Such informal assessments can provide valuable information which may work on a ‘smaller stage’ than a compliance program designed for a multi-billion, multi-national company.

Learn How to Fail

Another insight I garnered from the Zambello interview for the compliance practitioner was what she termed “You have to learn how to fail.” She believes that in any position you are in, that you are going to fail. But the real key is that “if you don’t fail, you are probably not that good.” Lastly, if you fail you have to learn to pick yourself up, “The more you get knocked down, the more you learn to pick yourself up.”

In the context of the FCPA Guidance, “DOJ and SEC understand that “no compliance program can ever prevent all criminal activity by a corporation’s employees,” and they do not hold companies to a standard of perfection. An assessment of a company’s compliance program, including its design and good faith implementation and enforcement, is an important part of the government’s assessment of whether a violation occurred, and if so, what action should be taken.” Clearly how a company handles any Foreign Corrupt Practices Act (FCPA) violation is an important key to any DOJ or SEC analysis regarding enforcement.

However, the other point for the compliance practitioner is that not everything should always go right under your compliance regime. Not every third party business representative you look at should pass muster under your process for approval. If everyone does, your process may not be robust enough. Not all of your employees do everything right all the time. If you have never disciplined an employee for a violation of your company’s Code of Conduct or compliance program, you should look to determine if this area needs to be explored as not every expense report is always correct. Lastly, if there has never been a substantial tip to your anonymous reporting line, this is an area which should also be explored. You may need to conduct more, or better, training so that employees understand that they can report incidents in confidence, without fear of retribution.

Be Courteous

Another interesting topic that Zambello discussed was the following, “I think that good manners matter a lot…Some of those are old fashioned things, but manners don’t cost anything.” Think about it – when was the last time you had a discussion of manners or even courtesy? This point is not something which is discussed much in the compliance arena but I think that courtesy is something that compliance practitioners need to be aware of when involved in a multi-national compliance program. Be sensitive to cultural norms in other countries and be respectful of them. As my very southern grandmother used to say, you are never wrong being courteous. Lastly, do not forget the cost for being courteous, nothing. But the benefits can be quite great.

From Lady Gaga to Compliance

For a different type of theater and how it relates to your compliance program, I recently came across an article in the Financial Times (FT), entitled “In need management tips? Try Lady Gagahttp://www.ft.com/intl/cms/s/2/da6559ce-a289-11e2-9b70-00144feabdc0.html#axzz2Qcpc6zzT”, by reporter Miles Johnson. (While some might suggest that Lady Gaga is a musician, I certainly think she is all about theater so it ties in with the above, really.) Johnson’s article reviews the work of Salvador Lopéz, a marketing and research professor at Spain’s ESADE business school. Lopéz believes that the world of business can learn quite a bit from the Lady Gaga’s of the world and I found that a couple of them apply to the compliance arena.

The first is that Lady Gaga generates emotions in her fans. Lopéz likened this to Steve Jobs who created “an entire style at Apple and made people feel things through his products.” Here I think that this applies to compliance because most employees want to do the right thing and will feel better about themselves if they conduct business in an ethical manner. The key for the compliance professional is not only to provide the processes and procedures for them to do so but to also acknowledge those employees who follow a company’s ethical business values. This can occur through financial incentives such as part of an employee’s discretionary bonus awards; promotion of employees who conduct business in accord with a company’s ethical practices or even something as simple as a companywide acknowledgement. The point is to make people feel that something positive for doing compliance the right way.

The second point that Lopéz gleans from performance artists like Lady Gaga is that they are much better in the use of technology than most companies. There are now a plethora of technological tools available to assist the compliance practitioner. I firmly believe that the DOJ and SEC have communicated that transaction monitoring will become a standard best practice quite soon, but certainly within the next 18 months. There are companies, such as Oversight Systems to name but one, which have technological tools to help move to this standard. But that is only one of many tools available to assist in your compliance program. So take a clue from Lady Gaga and ‘keep it fresh’.

These two articles demonstrate that the compliance practitioner can draw from a wide variety of sources and disciplines for inspiration to incorporate into a FCPA or UK Bribery Act compliance program. Further, the tools are out there to help you. I hope that this article has given you some ideas while drumming your fingers along to Rush or Lady Gaga for that matter.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

How To Demonstrate Ethics and Compliance – Earn It, Re-Earn It and Re-Evaluate It

What should your company do if it finds itself in a situation where some of its senior leadership has engaged in conduct which violates its own ethical standards or external legal standard such as the Foreign Corrupt Practices Act (FCPA)? Assume your company is now in McNulty Maxim No. 3 of “What did you do about it?” as you have investigated the conduct and disciplined the senior management in question. However, you want to go further and try to take steps that will detect and prevent the conduct in the future.

A current example of this is going on in the US military. In reaction to recent scandals involving lapses of personal character, the US military has instituted a series of changes to help military commanders to focus on ethical standards. In an article in the New York Times (NYT), entitled “Conduct at Issue as Military Officers Face a New Review”, Thom Shanker discussed a range of responses that the military will pursue. He reported that “The new effort is being led by Gen. Martin E. Dempsey, the chairman of the Joint Chiefs of Staff, as part of a broad overhaul of training and development programs for generals and admirals. It will include new courses to train the security detail, executive staffs and even the spouses of senior officers.” The article quoted General Dempsey as saying, “Conversely, you can have someone who is intensely competent, who is steeped in the skills of the profession, but doesn’t live a life of character. And that doesn’t do me any good.”

The military has initiated three broad responses. The first is a “regularly scheduled professional reviews would be transformed from top-down assessments to the kind of “360-degree performance evaluation” often seen in corporate settings.” A 360-degree review is one which comes from members of an employee’s immediate work circle. Most often, 360-degree feedback will include direct feedback from an employee’s subordinates, peers, and supervisor(s), as well as a self-evaluation. It can also include, in some cases, feedback from external sources, such as customers and suppliers or other interested stakeholders. The results from a 360-degree evaluation are often used by the person receiving the feedback to plan and map specific paths in their development.

While acknowledging the challenges from that comes from a subordinate review in a top-down hierarchical structure, such as the military, General Dempsey stated that “we’ve developed some bad habits” and that “It’s those bad habits we are seeking to overcome.” The article quoted Richard H. Kohn, a professor emeritus at the University of North Carolina, Chapel Hill, who specializes in military culture who said “he thought the 360-degree evaluation would have a positive effect on the leadership styles of many officers. He also stated that “It will reduce what the military calls ‘toxic leadership,’ elevating those who are highly competent but also fair and less brusque and peremptory.”

The second response was increased training on values. “General Dempsey said the demands of combat deployments in the past decade had prevented officers from attending the academic programs that historically had been integrated into an officer’s career every few years, and he pledged to rebalance that.” I found this quote very fascinating as it showed the extent that the military uses outside resources, I.E. civilian academic programs to supplement training on military values. Due to the increased deployments since 9/11, these traditional academic rotations have been less ongoing. Dr. Kohn found that these new training programs are a good enhancement to military training as “most officers need to be reminded of the rules and regulations on a routine basis.” But this training will go past simply the senior officers as “new programs will be instituted to ensure that a commander’s staff, and a spouse, are fully aware of military regulations.”

The third component will be more internal audits. The articled noted that “Under General Dempsey’s plan teams of inspectors will observe and review the procedures of commanders and their staffs. The inspections will not be punitive, but will provide a “periodic opportunity for general officers and flag officers to understand whether, from an institutional perspective, we think they are inside or outside the white lines.”” I found this component to be similar to the ‘Mock Audit’ concept that is used in the power industry that I recently wrote about in the post “In Praise of the Mock Audit”. A ‘Mock Audit’ is a mechanism by which a compliance team can go into a facility and not only try to determine what might need remediation but, equally importantly, help the employees in that facility to move towards greater compliance.

For the FCPA compliance practitioner, this response by the US military has some very interesting parallels to what the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) say should be in your FCPA compliance program. The DOJ/SEC FCPA Guidance demonstrates that a company should strengthen and supplement its compliance program on causes underlying the compliance issues which arose. The Guidance states, “An effective compliance program promotes “an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” Such a program protects a company’s reputation, ensures investor value and confidence, reduces uncertainty in business transactions, and secures a company’s assets. A well-constructed, thoughtfully implemented, and consistently enforced compliance and ethics program helps prevent, detect, remediate, and report misconduct, including FCPA violations. [emphasis supplied] Further, in its section on Declinations, one of the six common elements which companies that received declinations engaged in was to make their compliance program more robust around the FCPA violation which arose. Clearly the DOJ and SEC believe that a company with a strong compliance system and culture will not only be in better position to comply with the FCPA but will be a better company.

General Dempsey clearly believes that the military has high ethical values. Shanker wrote that “He said the issue of understanding the military as a profession, and not just an occupation, had fascinated him since his days as a junior officer; he would be subject to the same rules, regulations and assessments he now is championing.” Shanker ended his article with the following quote from General Dempsey, “In my 39 years in the military, I have learned that you are not a profession just because you say you are,” he said. “You have to earn it and re-earn it and re-evaluate it from time to time.”

To me that sounds something like the following-you are not an ethical company because you say you are but because you do compliance by putting in the policies and procedures to do so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013