FCPA Compliance and Ethics Blog

April 17, 2014

Post Traumatic Settlement Disorder

John HansonEd. Note-the following piece orignially appeared in the newsletter ‘The Informant’ of Artifice Forensic Financial Services LLC. and was also adapted  from two articles published by John Hanson through Corporate Compliance Insights during August 2011. It is published here with the permission of the author John Hanson. 

===============================================================================================================================================================================================================================================

The rigor and stress of an extensive corporate internal investigation is over. You’ve helped your client determine the scope of wrong-doing, take actions against wrong-doers, calculate the damages/amount of the fraud, fix and/or install internal controls, institute and/or strengthen its corporate compliance & ethics program, and negotiate a reasonable settlement with the relevant government agencies. You have helped your client survive what may well be one of the most traumatic events that it will ever face and it is now anxious to return its focus to its business.

But this is not the time to let up. That settlement agreement had requirements. In most instances, those requirements will focus on the organization’s compliance & ethics program, ethical tone and internal controls. This is not a time for relaxation, lest the organization fall into disorder and out of compliance with its settlement agreement. This is the time for vigilance.

Similar to a victim of a heart attack, who is moved from a hospital’s coronary intensive care unit to a general care unit after being stabilized, an organization could be seen as moving from an organizational intensive care unit to general care after the signing of a settlement agreement. Like the heart attack victim, the organization may be in a different place, but is not out of the hospital yet. Without the high level of attention, discipline and care necessary for a complete recovery, the organization can easily relapse back into disorder and return to organizational intensive care – or worse.

In Artifice’s role as an Independent Corporate Monitor (“Monitor”) and advisor to many other Monitors, Artifice has observed first-hand and heard about the post-traumatic settlement disorder that has occurred within numerous organizations. Because the role of a Monitor is so unique and close to an organization’s post-settlement activities, it provides unique insights into what can cause this disorder and how it can be avoided. From such a perspective, there are two key things that counsel may suggest that an organization should do to maintain order and better guarantee its timely and effective compliance with the terms of its settlement agreement: (1) assign and empower a project leader/manager and; (2) spiritual compliance.

The government likely relied on Chapter 8 of the United States Sentencing Guidelines (USSGs), which pertains to the sentencing of organizations, both for purposes of determining corporate liability and the remedial compliance measures required in the settlement agreement. In the spirit of §8B2.1(b)(1 &2) of the USSGs, the organization should designate an individual to monitor and oversee the organization’s compliance with the terms of the settlement agreement and report back to the highest levels of management of the organization regarding it. That person should be empowered to track and assure not only that the organization complies with its settlement agreement obligations, but also obtain and apply whatever resources are necessary to do so and hold people accountable for their roles in those efforts.

This should be done regardless of whether an outside Monitor is imposed as part of the settlement agreement. As part of a Monitor’s efforts to verify an organization’s compliance with the terms of a settlement agreement, a Monitor will track, test and report on an organization’s actions, but cannot participate in those efforts. A Monitor may and should provide guidance to an organization about its efforts, but it would compromise the Monitor’s independence if, for example, the Monitor drafted policies, conducted trainings or otherwise participated in designing or implementing the remedial measures that the Monitor would then be responsible for verifying the effectiveness of to the government. Compliance or non-compliance with its settlement agreement obligations rests solely upon the organization’s shoulders.

While the Compliance Officer may seem a good fit for such a project leader/manager role, because many of the remedial measures required by the settlement agreement may fall under the Compliance Officer’s responsibilities, someone more independent of those responsibilities might be considered. This is not at all to say that the Compliance Officer should never fill such a role, only that consideration should be given to whether or not the independence of the Compliance Officer in verifying to the organization’s management the timeliness and effectiveness of their own actions pursuant to the settlement agreement might be compromised, either in fact or by perception.

The presence of an outside Monitor has a significant impact in this regard and in many instances where a Monitor is imposed, the Compliance Officer is a perfectly appropriate, even preferable choice for this role. Without an imposed Monitor, as is seen in quality Compliance Programs where Internal Audit plays a role in verifying and reporting back to management on a Compliance Officer’s achievements against their yearly Compliance Plans, Internal Audit may provide the organization’s management with a more independent assessment of the organization’s timely and effective compliance with their settlement agreement obligations.

Depending on such factors as resources, level of independence sought, expertise, the requirement of an outside Monitor, etc., an organization may also consider bringing in an outside professional to track, assure and report to management on the organization’s compliance with its settlement agreement. This person may act in a capacity very similar to that of an imposed Monitor, but the organization would exercise a much greater degree of control over their scope and fees and the extent to which they could leverage the organization’s internal resources. Moreover, the organization could empower such a person to design remedial measures, affect change and take actions on behalf of the organization that an imposed Monitor cannot do because of their strict independence requirements.

This is among the greatest causes of disorder among many organizations in their post-settlement actions, who by fracturing this responsibility jeopardize their ability to timely, effectively and fully comply with their settlement agreement obligations, as well as management’s ability to exercise oversight of it. One person, appropriately empowered, enabled and accountable, brings order to the situation and minimizes these risks. In performing this role, such a person should design a workplan that identifies everything that the organization is required to do (and elects to do) and be responsible for assuring that everything is completed timely and effectively, as well as documented and appropriately reported.

Pass or Fail Another significant and common contributor to post traumatic settlement disorder is a tendency by some organizations to focus on meeting the “letter” of its settlement agreement obligations and not the “spirit.” Compliance with the terms of a settlement agreement should not be viewed as a “check the box” exercise.

The government takes a dim view of organizations that have compliance programs that “live on a shelf” and may penalize more harshly such organizations than those who have no compliance program at all. Similarly, if the efforts of an organization to comply with their settlement agreement obligations exist on paper and not in practice, the organization assumes a grave risk.

One of the primary goals of the government in requiring certain post-settlement actions by an organization is the institution of an effective Compliance and Ethics Program and internal controls aimed at reducing the risk of recurrence of the same or similar misconduct as that which led to the settlement agreement. Accordingly, how quickly the organization meets its obligations and, more importantly, the effectiveness of its efforts in doing so, are of tremendous importance.

Determining the effectiveness of an organization’s remedial measures requires much more effort than mere compliance with the letter of a settlement agreement’s obligations. Take, for example, compliance training. While a settlement agreement may require quarterly compliance training, such training is meaningless if the employees who receive the training cannot understand or apply it within the context of their roles. Accordingly, aside from assuring that the training is appropriately designed and affected to maximize such an understanding, an organization may utilize tests, surveys and/or post-training interviews to assess the training’s effectiveness. To the extent it is found not to be effective, it should be immediately remediated.

Another common post-settlement goal of the government is the strengthening or institution of a high ethical tone within an organization, commonly referred to as “tone at the top.” To successfully meet the spirit of an organization’s compliance with its settlement agreement obligations, the upper management of an organization must set the tone and take the lead. The degree to which management demands that the organization’s post-settlement efforts go beyond the letter of compliance has a great impact, in the same manner as their tone, actions and personal accountability does in affecting an ethical tone throughout an organization.

“Tone at the top” is not a compliance buzzword or catch phrase, it is real and plays a very significant role in affecting employee behavior and compliance throughout an organization. How upper management acts and holds themselves accountable sets the ethical tone and standard for how all employees are expected to conduct themselves and their accountability in doing so. While the settlement agreements used by government agencies may vary in how directly they address an organization’s ethical tone, it is generally among their chief concerns.

In living up to the spirit of a settlement agreement, an organization’s management, starting at the very highest levels, must take an active role in setting and living a tone that exemplifies ethical behavior and accountability. In the post-settlement world, this may well begin with the tone they set as it regards complying with their settlement agreement obligations. If, for example, a settlement agreement requires that all employees certify their having read and understood an organization’s compliance policies, upper management should be among the first to do so.

Another strong indicator of spiritual compliance and a positive tone is when organizations look for ways to go above and beyond the letter of their obligations as per the settlement agreement. While settlement agreements have become standardized to some extent, and in such a manner as to address compliance and ethics program issues relatively adequately, the government officials who are involved in drafting them are generally not experts in compliance and ethics programs and may, in fact, have little or no compliance knowledge and/or experience. Because of this, the obligations required in settlement agreements that pertain to corporate compliance and ethics programs may sometimes be minimal, vague and not necessarily comport with that necessary to achieve the government’s ultimate goals.

As an organization endeavors to meet its settlement agreement obligations, it should keep in mind the goals and spirit of its settlement agreement and seek ways to assure that such overarching goals are met or exceeded. One example of this occurred with an organization that Artifice served as the Monitor of, which instituted a process around business opportunities that went beyond that required in its settlement agreement and proved successful in preventing the same misconduct that gave rise to its problems. This reflected very favorably upon how seriously the organization and its management viewed compliance and the ethical tone within the organization.

There are other things that occur within organizations that contribute to post traumatic settlement disorder, but the two discussed above are two of the largest contributors to problems and/or failure that we have seen through the unique lens of an Independent Corporate Monitor.

Getting out of organizational intensive care doesn’t equate to discharge. Organizations must be vigilant, disciplined, rigorous, and take with grave seriousness its settlement agreement obligations. A focus on the spirit of the settlement agreement, together with order and accountability in assuring that all settlement obligations are met timely and effectively, significantly mitigates the risk of post traumatic settlement disorder and ultimately helps an organization become stronger and better servants of its customers, employees, shareholders/owners and the public-at-large.

===============================================================================================================================================================================================================================================

John Hanson is the founder and Executive Director of Artifice. A CPA (LA), Certified Fraud Examiner, and Certified Compliance & Ethics Professional, John has more than 23 years of fraud investigations, forensic accounting, corporate compliance & ethics, and audit experience. Though well regarded for his investigative and litigation support skills and experience, John is a thought leader in the field of Independent Corporate Monitors, having had substantial involvement in five (5) Federal Monitorships, three (3) as the named Monitor. A former Special Agent of the FBI, John spent nearly 10 years refining his white collar crime investigative skills investigating a variety of complex criminal fraud schemes and financial crimes. Prior to forming Artifice in 2010, John was a leader in the fraud investigations and forensic accounting practice of a large publicly traded international financial consulting firm. John can be reached jhanson@artificeforensic.com. s the founder and Executive Director of Artifice. A CPA (LA), Certified Fraud Examiner, and Certified Compliance & Ethics Professional, John has more than 23 years of fraud investigations, forensic accounting, corporate compliance & ethics, and audit experience. Though well regarded for his investigative and litigation support skills and experience, John is a thought leader in the field of Independent Corporate Monitors, h© John Hanson

ving had substantial involvement in five (5) Federal Monitorships, three (3) as the named Monitor. A former Special Agent of the FBI, John spent nearly 10 years refining his white collar crime investigative skills investigating a variety of complex criminal fraud schemes and financial crimes. Prior to forming Artifice in 2010, John was a leader in the fraud investigations and forensic accounting practice of a large publicly traded international financial consulting firm. Hanson is the founder and Executive Director of Artifice.  A CPA (LA), Certified Fraud Examiner, and Certified Compliance & Ethics Professional, John has more than 23 years of fraud investigations, forensic accounting, corporate compliance & ethics, and audit experience.  Though well regarded for his investigative and litigation support skills and experience, John is a thought leader in the field of Independent Corporate Monitors, having had substantial involvement in five (5) Federal Monitorships, three (3) as the named Monitor.  A former Special Agent of the FBI, John spent nearly 10 years refining his white collar crime investigative skills investigating a variety of complex criminal fraud schemes and financial crimes.  Prior to forming Artifice in 2010, John was a leader in the fraud investigations and forensic accounting practice of a large publicly traded international financial consulting firm. 

April 15, 2014

Implementing Compliance Incentives In Your Company

IncentiveSeveral readers have asked why I have not written anything about the Houston Astros this year. The answer is two-fold. The first is that I really do not care. However, the more I thought about it, the real reason is that they are not relevant. Just how not relevant are the bumbling hometown (former) loveables? Last week they achieved the noteworthy accomplishment of obtaining a Nielson rating of 0.00 for a second consecutive season. I am not aware of any other major league team, which has been on television for a game where no one was recorded as watching for the entire game, for two straight seasons. Pretty amazing when you think about it.

However, one thing that is relevant in the context of any best practices anti-bribery compliance program is incentives. The Department Of Justice (DOJ) and Securities Exchange Commission (SEC) could not have been clearer in the FCPA Guidance about their views on the need for incentives to help drive behavior that is ethical and in compliance with the Foreign Corrupt Practices Act (FCPA) when they stated “DOJ and SEC recognize that positive incentives can also drive compliant behavior.” In the Guidance, the SEC cited to the following:

[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cutting ethical corners is an acceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his winloss record.

A recent article in the Spring 2014 issue of the MIT Sloan Management Review, entitled “Combing Purpose with Profits”, by authors Julian Birkinshaw, Nicolai J. Foss and Siegwart Lindenberg, presents some interesting steps on how a company might work towards achieving the goals articulated by the DOJ and SEC. The key thesis of the authors is if you want to motivate employees you have to have purpose. In their article they presented case studies from three entities: the Tata Group, Handelsbanken and HCL Technologies. From these three cases studies they came up with six core principles, which I will adapt for the compliance function in an anti-corruption compliance program.

  1. Compliance incentives don’t have to be elaborate or novel. The first point is that there are only a limited number of compliance incentives that a company can meaningfully target. Evidence suggests the successful companies are the ones that were able to translate pedestrian-sounding compliance incentive goals into consistent and committed action.
  2. Compliance incentives need supporting systems if they are to stick. People take cues from those around them, but people are fickle and easily confused, and gain and hedonic goals can quickly drive out compliance incentives. This means that you will need to construct a compliance function that provides a support system to help them operationalize their pro-incentives at different levels, and thereby make them stick. The specific systems which support incentives can be created specifically to your company but the key point is that they are delivered consistently because it signals that management is sincere.
  3. Support systems are needed to reinforce compliance incentives. One important form of a supporting system for compliance incentives “Is to incorporate tangible manifestations of the company’s pro-social goals into the day-to-day work of employees.” Make the rewards visible. As stated in the FCPA Guidance, “Beyond financial incentives, some companies have highlighted compliance within their organizations by recognizing compliance professionals and internal audit staff. Others have made working in the company’s compliance organization a way to advance an employee’s career.”
  4. Compliance incentives need a “counterweight” to endure. Goal-framing theory shows how easy it is for compliance incentives to be driven out by gain or hedonic goals, so even with the types of supporting systems it is quite common to see executives bowing to short-term financial pressures. Thus, a key factor in creating enduring compliance incentives is a “counterweight,” by which we mean any institutional mechanism that exists to enforce a continued focus on a nonfinancial goal. This means that in any financial downturn compliance incentives are not the first thing that gets thrown out the window and if my oft-cited hypothetical foreign Regional Manager misses his number for two quarters, he does not get fired. So the key is that the counterweight has real influence; it must hold the leader to account.
  5. Compliance incentive alignment works in an oblique, not linear, way. The authors believe that “In most companies, there is an implicit belief that all activities should be aligned in a linear and logical way, from a clear end point back to the starting point. The language used — from cascading goals to key performance indicators — is designed to reinforce this notion of alignment. But goal-framing theory suggests that the most successful companies are balancing multiple objectives (pro-social goals, gain goals, hedonic goals) that are not entirely compatible with one another, which makes a simple linear approach very hard to sustain.” What does this mean in practical terms for your compliance program? If you want your employees to align around compliance incentives, your company will have to “eschew narrow, linear thinking, and instead provide more scope for them to choose their own oblique pathway.” This means emphasizing compliance as part of your company’s DNA on a consistent basis — “the intention being that by encouraging individuals to do “good,” their collective effort leads, seemingly as a side-effect, to better financial results. The logic of “[compliance first], profitability second” needs to find its way deeply into the collective psyche of the company.”
  1. Compliance incentive initiatives can be implemented at all levels. Who at your company is responsible for pursuing compliance incentives? If you head up a division or business unit, it is clearly your job to define what your pro-social goals are and to put in place the supporting structures and systems described here. But what if you are lower in the corporate hierarchy? It is tempting to think this is “someone else’s problem,” but actually there is no reason why you cannot follow your own version of the same process. We have seen quite a few mid-level managers make a real difference, and often quite quickly, using the principles outlined here.

The author’s have set out several steps that you can implement into your compliance program to enhance incentives to facilitate anti-corruption. There have been many who have criticized the FCPA Guidance. While I am certainly not one of them, I do not think there can be any argument that it does not present the DOJ and SEC views on a minimum best practices compliance program. So if the DOJ and SEC think incentives in your compliance program are important, I suggest to you, they are important. The article, which is the basis of this blog post, provides an excellent start for the exploration of some ways to inculcate anti-bribery and anti-corruption incentives into not only your compliance regime but also, more importantly, the DNA of your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 10, 2014

Asking Questions To Build Your Compliance Program

IMG_3289On this day in 1932 President Franklin D. Roosevelt (FDR) enacted the Civilian Conservation Corps (CCC) declaring a “government worthy of its name must make a fitting response” to the suffering of the unemployed. He waxed poetic when lobbying for its passage, declaring “the forests are the lungs of our land [which] purify our air and give fresh strength to our people.” Of FDR’s many New Deal policies, the CCC is considered by many to be one of the most enduring and successful. It provided the model for future state and federal conservation programs. From 1933 to 1942, the CCC employed over 3 million men.

The CCC, also known as “Roosevelt’s Tree Army,” was open to unemployed, unmarried US male citizens between the ages of 18 and 25. All recruits had to be healthy and were expected to perform hard physical labor. Enlistment in the program was for a minimum of 6 months; many re-enlisted after their first term. Participants were paid $30 a month and often given supplemental basic and vocational education while they served. Under the guidance of the Departments of the Interior and Agriculture, CCC employees fought forest fires, planted trees, cleared and maintained access roads, re-seeded grazing lands and implemented soil-erosion controls. The CCC was a solution that was right for the place and time but its effects have lasted up through this day. There are still CCC built national parks and other facilities in use. We still drive over bridges built by the CCC.

I thought about the CCC, how it was such an effective organization for its time and how the results of its efforts have lasted over 80 years, in some cases, when I read an article in the April issue of Inc. magazine, entitled “35 Great Questions”, where Paul Graham, Jim Collins and other business leaders looked at some of questions that thought business leaders should be asking of themselves and of their teams. While the focus was not on compliance and ethics, many of the questions clearly could be viewed through such a prism. The key is that by asking good questions, as listed below, it “opens people to new ideas and possibilities.”

  1. How can we become the company that would put us out of business?
  2. Are we relevant? Will we be relevant five years from now? Ten?
  3. If energy were free, what would we do differently?
  4. What is it like to work for me?
  5. If we weren’t already in this business, would we enter it today? And if not, what are we going to do about it?
  6. What trophy do we want on our mantle?
  7. Do we have bad profits?
  8. What counts that we are not counting?
  9. In the past few months, what is the smallest change we have made that has had the biggest positive result? What was it about that small change that produced the large return?
  10. Are we paying enough attention to the partners our company depends on to succeed?
  11. What prevents me from making the changes I know will make me a more effective leader?
  12. What are the implications of this decision 10 minutes, 10 months, and 10 years from now?
  13. Do I make eye contact 100 percent of the time?
  14. What is the smallest subset of the problem we can usefully solve?
  15. Are we changing as fast as the world around us?
  16. If no one would ever find out about my accomplishments, how would I lead differently?
  17. Which customers can’t participate in our market because they lack the skills, wealth, or convenient access to existing solutions?
  18. Who uses our products in ways we never expected?
  19. How likely is it that a customer would recommend our company to a friend or colleague?
  20. Is this an issue for analysis or intuition?
  21. Who, on the executive team or the board, has spoken to a customer recently?
  22. Did my employees make progress today?
  23. What one word do we want to own in the minds of our customers, employees and partners?
  24. What should we stop doing?
  25. What are the gaps in my knowledge and experience?
  26. What am I trying to prove to myself, and how might it be hijacking my life and business success?
  27. If we got kicked out and the board brought in a new CEO, what would he do?
  28. If I had to leave my organization for a year and the only communication I could have with employees was a single paragraph, what would I write?
  29. What have we, as a company, historically been when we’ve been at our best?
  30. What do we stand for – and what are we against?
  31. Is there any reason to believe the opposite of my current belief?
  32. Do we underestimate the customer’s journey?
  33. Among our stronger employees, how many see themselves at the company in three years? How many would leave for a 10 percent raise from another company?
  34. What did we miss in the interview for the worst hire we ever made?
  35. Do we have the right people on the bus?

As a Chief Compliance Officer (CCO) many of these questions could be adapted to the compliance function or directly asked of you, your leadership and your team. One of the thing that bedevils many CCOs is time to think, plan and consider what Warren Berger, the author of “A More Beautiful Question”, says is the “inquiry’s ability to trigger divergent thinking, in which the mind seeks multiple, sometimes non-obvious paths to a solution.”

I often say that a key role for a CCO is listening but equally important is asking questions. Inc.’s list of thought-provoking questions can give you some excellent ideas about areas to explore with your compliance team, your senior management and the employees in your company. So start asking questions and start listening.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

 

 

April 8, 2014

Mickey Rooney and The 90 Cent Solution

Mickey Rooney as PuckWe begin today with a word on the death of Mickey Rooney. Rooney’s career, spanning nearly 90 years was certainly was from a different era. He was short of stature and long in his number of marriages but as Bob Lefsetz noted in his blog post tribute to Rooney, “But they stood in front of us twenty feet tall. At the drive-in. Even when the pictures truly got small on the tiny old screens of yore they emerged triumphant, because they were so good-looking, so charismatic. And if you were big enough, a bright enough star, your legacy lived on, even if your present day circumstances bore no resemblance to fame.” But here’s why there is always a place in my heart for Mickey Rooney. When I was very young I lived with my grandparents and one night I watched the 1935 movie version of Shakespeare’s A Mid Summer Night’s Dream on television with my grandmother. Rooney’s so over the top performance of Puck began for me a life long love affair with the Bard. So here’s to the grandmother that started me off on a lifelong love affair of Shakespeare’s works and here’s to the Mickster—you did it your way.

I have often considered the role of senior management is to set a proper ‘Tone-At-The-Top” to do business ethically and in compliance with anti-corruption laws like the Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act. Incentives to do business ethically and in compliance are also recognized as an important part of any best practices compliance program. The flip side of incentives is disincentives, such as discipline or financial penalties for affirmatively engaging in misconduct. But how far should such disincentives go and how strong should they be? Should there be penalties for not only affirmatively engaging in misconduct but also failing to monitor risk-taking that allows misconduct to occur? If the latter becomes prevalent, how close do we come to criminalizing conduct, which is arguably negligent and not simply intentional?

I have thought about several of these questions and many others over the past few days when reading about the ongoing struggles of General Motors (GM) over its Cobalt recall issues and Citigroup in regards to its Mexican banking operations. In an article by Gretchen Morgenson in the New York Times (NYT), entitled “The Wallet as Ethics Enforcer”, where she asked “Who decided—and who agreed—that 90 cents was too much to pay for each switch that would have fixed the problem that apparently led to 13 deaths? How much did that decision add to the bottom line and add to executives’ compensation over the years? What will the company have to pay in possible regulatory penalties and legal settlements?” One of her own answers to these questions reads, “While the shareholders of G.M. will shoulder the cost of the fines, the settlements and loss of trust arising from the mess, the executives responsible for monitoring internal risks like these are unlikely to be held accountable by returning past pay.”

Citigroup, which had previously indicated that it had been the victim of a huge fraud perpetrated by one of its customers in Mexico, Oceanografía. However, now Citigroup now faces both federal criminal and civil investigations over the affair. As reported in a Wall Street Journal (WSJ) article, entitled “Crime Inquiry Said to Open On Citigroup”, Ben Protess and Michael Corkery reported that both the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have opened investigations “focusing in part on whether holes in the bank’s internal controls contributed to the fraud in Mexico. The question for the investigators is whether Citigroup—as other banks have been accused of doing in the context of money laundering—ignored warning signs.” For a bank to be criminally liable, “prosecutors would typically need to show that the bank willfully ignored warning signs of the fraud.” However, to show a civil violation, the threshold is lower and there may only need to be a showing that the bank lacked the proper internal controls or internal oversight.

In her article, Morgenson spoke with Scott M. Stringer, the New York City Comptroller, who is a strong advocate of corporate requirements which “make sure that insiders who engage in questionable conduct are required to pay the piper” in the form of clawback provisions. Stringer has worked with companies to expand clawback provisions beyond those mandated by Sarbanes-Oxley (SOX), which required “boards to recover some incentive pay from a chief executive and chief financial officer if a company did not comply with financial reporting requirements.” Now, clawbacks have expanded to require executives to return compensation “even if they did not commit the misconduct themselves; they run afoul of the rules by failing to monitor conduct or risk-taking by subordinates.” Stringer believes that such clawback provisions not only “speak to the issue of financial accountability but also to setting a tone at the top.”

Morgenson ends her article by noting that unless GM makes public its internal investigation, “we may never know how many G.M. executives knew about the Cobalt problems and looked the other way.” In the meantime though, this debacle shows the importance of policies that hold high-level employees accountable for conduct that, even if not illegal, can do serious damage to their companies. Directors creating such policies would be sending a clear signal that they take their duties to the company’s owners seriously.”

At this point, we do not know high up the decision went in GM not to install the 90 cent solution. But I would argue it really does not matter. Somewhere in the company, some engineer figured out a solution and indeed one was implemented without changing the part number. I am sure the GM Board would have been sufficiently shocked, just shocked, to find out that such decisions as monetary over safety were going on inside the company. What does all of the information released so far tell us about the culture inside GM when these decisions were made? While I am certainly willing to give current GM Chief Mary Barra the benefit of the doubt about her intentions for the company going forward, particularly after a grueling couple of days before Congress, what do you think the financial incentives were in the company when the 90 cent solution was rejected?

It initially appeared that Citigroup was the victim of a massive fraud perpetrated by one of its customers. However, even initially it was reported that Citigroup let its Mexican operation, Banamex run its own show with very little oversight from the corporate office in New York. Now Citigroup is not only under a civil investigation for lack of proper internal controls but also a criminal investigation for willful ignorance of Banamex’s operations. Does any of this sound far-fetched or perhaps familiar? Think about Frederick Bourke and ‘conscious indifference’. Even the judge in Burke’s criminal trial mused that she did not know if he was a perpetrator or a victim. Perhaps Citigroup is both, but if he was both it certainly did not help Bourke. While I am certainly sure that the Citigroup Board of Directors would also say that it would also simply be shocked, just shocked, to find that there were even insufficient internal controls over Banamex, let alone willful ignorance of criminal actions of its Mexico subsidiary, it does pose the question as to what is the culture at the bank?

As important as clawbacks are, until the message of compliance gets down from the top of an organization, into the middle and then to the bottom, a culture of compliance will not exist. I have worked in an industry where safety is goal number one. But in the same industry I have heard the apocryphal tale of the foreign Regional Manager who is alleged to have said, “If I violate the Code of Conduct, I may or may not get caught. If I violate the Code of Conduct and get caught, I may or may not be punished. If I miss my numbers for two quarters, I will be fired.” Clawbacks for Board members would not have influenced this apocryphal foreign Regional Manager, any more than they would have worked on the psyche of the GM engineers who proposed and then later dropped the 90 cent solution. It was clear to them what their bosses thought was important for them to keep their jobs. As long as management has that message, doing business ethically and in compliance will always take a second seat.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

April 7, 2014

The Battle of Shiloh, Corruption in Ukraine and Things to Come

Things to ComeOn this day 126 years ago the two-day battle of Shiloh ended. On the second day, the Union troops under General Grant largely recovered the ground that the Confederate troops had taken on the first day. Grant was severely criticized for allegedly being taken by surprise by the Confederate attack but he managed to survive the firestorm. The Confederates lost their most senior commander, General Albert Sydney Johnson, on the first day of the fighting.

With the successful Union counter-attack on the second day the battle is generally viewed as a tactical victory for the North. However, for me the thing that is most significant about this battle is that it was the first horrific slaughter of the Civil War. There were over 23,000 casualties on both sides. Unfortunately it presaged more to come. I will never forget Shelby Foote’s comments in Ken Burn’s documentary The Civil War. Shiloh was not an aberration but there were 25 more Shiloh’s to come. It truly was a sign of things to come.

The recent events in Ukraine have had a variety of interpretations, results and predictions. But one thing is clear, the government of Ukraine allowed systemic corruption to occur. One can look to the Archer-Daniels-Midland Corp. (ADM) Foreign Corrupt Practices Act (FPCA) enforcement action to see the effects in play. In that matter, ADM paid bribes to obtain tax rebates to which it was legally entitled. Unfortunately for ADM it developed opaque schemes to fund bribery payments and then hid them on its books and records. Not good for FPCA compliance.

Or consider the case of Ikea. In an article in Bloomberg, entitled “Dashed Ikea Dreams Show Decades Lost to Bribery in Ukraine”, Agnes Lovasz wrote that Ikea has tried for over a decade to open a store in the country but has been unable to do so because it refuses to pay bribes to do so. She wrote that according to Transparency International’s (TI’s) Corruptions Perceptions Index (CPI), “Stuck between the European Union and its former imperial master Russia, Ukraine has emerged as the most corrupt country on the continent.” She quoted Erik Nielsen, chief global economist at UniCredit SpA in London, for the following, “Even before this latest crisis, Ukraine was a mess beyond description”. How about this recommendation from Lennart Dahlgren, a retired Ikea executive who led the company’s entry into Russia, who said in an interview with Russkiy Reporter magazine in 2010, that compared with Ukraine, Russia, the most corrupt major economy, “is whiter than snow”. Faint praise indeed.

While a US, UK, EU or other western government response is certainly appropriate, I thought about a business led response to such a situation when I read a recent article in the April issue of the Harvard Business Review (HBR), entitled “The Collaboration Imperative”, by authors Ram Nidumolu, Jib Ellison, John Whalen and Erin Billman. In this article they discussed business collaborations in the context of sustainability. I found their concepts should be considered by companies or industry groups when trying to develop strategies to fight corruption. As Jason Poblete continually reminds us, the marketplace is one important place to look for solutions to problems and this article certainly provides some starting points for such an analysis.

The authors posit that collaboration models should be divided into two categories: (1) coordinated processes and (2) coordinated outcomes. Adapting these to anti-corruption/anti-bribery programs, this means that under the ‘coordinated processes’ prong businesses should identify and share industry-wide operational processes that prevent and detect bribery and corruption. Under the ‘coordinated outcomes’ prong, the authors work translates into developing industry benchmarks and standardized systems for measuring anti-corruption/anti-bribery performance across the value chain.

The authors had some specific steps in their article which I thought also provided insightful for implementing their ideas in the anti-corruption/anti-bribery context. First you should being this journey “with a small, committed group.” The reason to do so is “to prevent the logjams that can occur when many stakeholders with conflicting goals try to work together, start by convening a small “founding circle” of participants. The members must have a common motivation and have mutual trust at the outset. This group develops the project vision and selectively invites subsequent tiers of participants into the project as it develops.” Next you should try to “link self-interest to shared interest.” This is because to help facilitate success, “collaboration initiatives must ensure that each participant recognize at the outset the compelling business value that it stands to gain when shared interests are met.” The participants need to then try to monetize the system value by “linking self-interest and shared interest is to quantify how the collaboration reduces costs or generates revenue for each participant.” It helps to build a direct path to some early successes because it is important “to generate momentum and commitment, the action plan must also emphasize quick wins. Business thrives on visible and immediate results, and sustainability collaborations are no exception. Even if these wins are small initially, the cost savings or incremental revenues provide proof to other executives inside participants’ organizations that the investment is worthwhile.”

As many in such a collaborative group will have conflicting priorities, the authors believe it is important to have “independent project-management specialists with demonstrated competence in trust building among diverse stakeholders. Additionally, the project management function must be seen by all participants as neutral and committed to the success of the project, rather than to any individual stakeholder.” Interestingly, the authors note that there should be built in competition which should be “structured to support shared goals.” Finally, and perhaps most obviously, any such group must have a culture of trust. Fortunately, in the anti-corruption/anti-bribery world there are very few trade secrets but beyond this, the “building and maintaining trust is an ongoing practice foundational to every other practice during the collaboration project.”

Perhaps the people or the leadership of Ukraine may at some point realize that the perceived endemic nature of corruption in their economic system, helped lead in part to its current problems. Maybe the citizens in Crimea thought the Russian government less corrupt. While I do not pretend to know the answers to these questions, the collaboration model that the authors have detailed for sustainability initiatives is certainly one that US companies might wish to consider on some type of industry wide basis.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 4, 2014

Life Cycle Management of Third Parties – Step 5 – Management of the Relationship

Five stepsToday ends my review of what I believe to be the five steps in the management of a third party under an anti-bribery regime such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. On Monday, I reviewed Step 1 – the Business Justification, which should kick off your process with any third party relationship. On Tuesday, I looked at Step 2 – the questionnaire that you should send and third party and what information you should elicit. On Wednesday, I discussed Step 3 – the due diligence that you should perform based upon the information that you have received from and ascertained on the third party. On Thursday, I examined Step 4 – how you should use the information you obtain in the due diligence process and the compliance terms and conditions which you should place in any commercial agreement with a third party. Today, I will conclude this series by reviewing how you should manage the relationship after the contract is signed.

I often say that after you complete Steps 1-4 in the life cycle management of a third party, the real work begins and that work is found in Step 5– the Management of the Relationship. While the work done in Steps 1-4 are absolutely critical, if you do not manage the relationship it can all go down hill very quickly and you might find yourself with a potential FCPA or UK Bribery Act violation. There are several different ways that you should manage your post-contract relationship. This post will explore some of the tools which you can use to help make sure that all the work you have done in Steps 1-4 will not be for naught and that you will have a compliant anti-corruption relationship with your third party going forward.

Managing third party relationships is an area that continues to give companies trouble and heartburn. The “2013 Anti-Bribery and Corruption Benchmarking Report – A joint effort between Kroll and Compliance Week” found that many companies are still struggling with ongoing anti-corruption monitoring and training for their third parties. Regarding training, 47% of the respondents said that they conduct no anti-corruption training with their third parties at all. The efforts companies do take to educate and monitor third parties are somewhat pro forma. More than 70% require certification from their third parties that they have completed anti-corruption training; 43% require in-person training and another 40% require online training. Large companies require training considerably more often than smaller ones, although when looking at all the common training methods, 100% of respondents say their company uses at least one method, if not more.

While the FCPA Guidance itself only provides that “companies should undertake some form of ongoing monitoring of third-party relationships”. Diana Lutz, writing in the White Paper by The Steele Foundation entitled “Global anti-corruption and anti-bribery program best practices”, said, “As an additional means of prevention and detection of wrongdoing, an experienced compliance and audit team must be actively engaged in home office and field activities to ensure that financial controls and policy provisions are routinely complied with and that remedial measures for violations or gaps are tracked, implemented and rechecked.”

One noted commentator has discussed techniques to provide this management and oversight any third party relationship. Carol Switzer, President of the Open Compliance and Ethics Group (OCEG), writing in the Compliance Week magazine set out a five-step process for managing corruption risks, which I have adapted for third parties.

  1. Screen - Monitor third party records against trusted data sources for red flags.
  2. Identify – Establish helplines and other open channels for reporting of issues and asking compliance related questions by third parties.
  3. Investigate - Use appropriately qualified investigative teams to obtain and assess information about suspected violations.
  4. Analyze - Evaluate data to determine “concerns and potential problems” by using data analytics, tools and reporting.
  5. Audit - Finally, your company should have regular internal audit reviews and inspections of the third party’s anti-corruption program; including testing and assessment of internal controls to determine if enhancement or modification is necessary.

Based upon the foregoing and other commentators, I believe there are several different roles in a company that play a function in the ongoing monitoring of the third party. While there is overlap, I believe that each role fulfills a critical function in any best practices compliance program.

Relationship Manager

There should be a Relationship Manager for every third party which the company does business with through the sales chain. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the third party. Some of the duties of the Relationship Manager may include:

  • Point of contact with the Third Party for all compliance issues;
  • Maintaining periodic contact with the Third Party;
  • Meeting annually with the Third Party to review its satisfaction of all company compliance obligations;
  • Submitting annual reports to the company’s Oversight Committee summarizing services provided by the Third Party;
  • Assisting the company’s Oversight Committee with any issues with respect to the Third Party.

Compliance Professional

Just as a company needs a subject matter expert (SME) in anti-bribery compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, third parties also need such access. A third party may not be large enough to have its own compliance staff so I advocate a company providing such a dedicated resource to third parties. I do not believe that this will create a conflict of interest or that there are other legal impediments to providing such services. They can also include anti-corruption training for the third party, either through onsite or remote mechanisms. The compliance practitioner should work closely with the relationship manager to provide advice, training and communications to the third party.

Oversight Committee

I advocate that a company should have an Oversight Committee review all documents relating the full panoply of a third party’s relationship with the company. It can be a formal structure or some other type of group but the key is to have the senior management put a ‘second set of eyes’ on any third parties who might represent a company in the sales side. In addition to the basic concept of process validation of your management of third parties, as third parties are recognized as the highest risk in FCPA or Bribery Act compliance, this is a manner to deliver additional management of that risk.

After the commercial relationship has begun the Oversight Committee should monitor the third party relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the third party. The Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. In addition to the above remedial review, the Oversight Committee should review all payments requested by the third party to assure such payment is within the company guidelines and is warranted by the contractual relationship with the third party. Lastly, the Oversight Committee should review any request to provide the third party any type of non-monetary compensation and, as appropriate, approve such requests.

Audit

A key tool in managing the relationship with a third party post-contract is auditing the relationship. I hope that you will have secured audit rights, as that is an important clause in any compliance terms and conditions. Your audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed. Noted fraud examiner expert Tracy Coenen described the process as one to (1) capture the data; (2) analyze the data; and (3) report on the data, which is also appropriate for a compliance audit. As a base line I would suggest that any audit of a third party include, at a minimum, a review of the following:

  1. the effectiveness of existing compliance programs and codes of conduct;
  2. the origin and legitimacy of any funds paid to Company;
  3. books, records and accounts, or those of any of its subsidiaries, joint ventures or affiliates, related to work performed for, or services or equipment provided to, Company;
  4. all disbursements made for or on behalf of Company; and
  5. all funds received from Company in connection with work performed for, or services or equipment provided to, Company.

If you want to engage in a deeper dive you might consider evaluation of some of the following areas:

  • Review of contracts with third parties to confirm that the appropriate FCPA compliance terms and conditions are in place.
  • Determine that actual due diligence took place on the third party.
  • Review FCPA compliance training program; both the substance of the program and attendance records.
  • Does the third party have a hotline or any other reporting mechanism for allegations of compliance violations? If so how are such reports maintained? Review any reports of compliance violations or issues that arose through anonymous reporting, hotline or any other reporting mechanism.
  • Does the third party have written employee discipline procedures? If so have any employees been disciplined for any compliance violations? If yes review all relevant files relating to any such violations to determine the process used and the outcome reached.
  • Review employee expense reports for employees in high-risk positions or high-risk countries.
  • Testing for gifts, travel and entertainment that were provided to, or for, foreign governmental officials.
  • Review the overall structure of the third party’s compliance program. If the company has a designated compliance officer to whom, and how, does that compliance officer report? How is the third party’s compliance program designed to identify risks and what has been the result of any so identified?
  • Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the third party.
  • With regard to any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and apply analytical procedures and testing.

In addition to monitoring and oversight of your third parties, you should periodically review the health of your third party management program. Once again I turn to Diana Lutz and her colleague Marjorie Doyle, and their White Paper entitled “Third Party Essentials: A Reputation/Liability Checkup When Using Third Parties Globally”, where they gave a checklist to test companies on their relationships with their third parties.

  1. Do you have a list or database of all your third parties and their information?
  2. Have you done a risk assessment of your third parties and prioritized them by level of risk?
  3. Do you have a due diligence process for the selection of third parties, based on the risk assessment?
  4. Once the risk categories have been determined, create a written due diligence process.
  5. Once the third party has been selected based on the due diligence process, do you have a contract with the third party stating all the expectations?
  6. Is there someone in your organization who is responsible for the management of each of your third parties?
  7. What are “red flags” regarding a third party?

Perhaps now you will understand why I say that after you prepare the Business Justification; send out, receive back and evaluate the Questionnaire; set the appropriate level of Due Diligence; evaluate the due diligence and execute a contract with appropriate Compliance Terms and Conditions; now the real work begins, as you have to manage the third party relationship.

I hope that you have found this review of the life cycle management of third parties helpful for your compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 21, 2014

The Destruction of Arthur Andersen and the Use of DPAs in FCPA Enforcement

Arthur AndersenThe debate over the efficiencies of Deferred Prosecution Agreements (DPAs) continued this week with additional criticism of their use. I have argued that DPAs are in a corporation’s interest because they can bring certainty to the conclusion of an enforcement action and allow it to make remedial changes and move forward. However yesterday I came across an article by Larry Katzen, a former partner at Arthur Andersen and author of “And You Thought Accountants were Boring – My Life Inside Arthur Andersen.” Katzen’s piece is entitled “A Business World Massacre – What Can Happen 
When Government Needs a Scapegoat” and it details the destruction of the firm after it’s guilty verdict surrounding the Enron scandal. Katzen articulates the human costs for the total wipeout of the firm and sets out clearly what can happen when a company goes to trial and sustains a guilty verdict. I received permission to reprint his article in full, which is below:

==============================================================================================================================================================================================================================

A Business World Massacre – What Can Happen 
When Government Needs a Scapegoat 

It remains one of the greatest travesties in the history of American business: In 2001, the 85,000 employees of one of the world’s largest accounting firms began losing their jobs in droves. Their employer had become tainted by its loose association with Enron Corp., a financial house of cards that was imploding and taking with it billions of dollars in employee pensions and shareholder investments.

In 2002, accounting firm Arthur Andersen was convicted of charges related to Enron’s fraudulent practices. The charges had nothing to do with the quality of their auditing – or any of Enron’s illicit practices. The conviction was appealed, and in 2005, the U.S. Supreme Court struck it down in a unanimous vote. But the damage had already been done.

To date, despite millions of records being subpoenaed, there is no evidence Arthur Andersen ever did anything wrong. Still, perceptions are everything: Most people are not aware that the accounting firm, which led the industry in establishing strict, high standards, became a government scapegoat.

When I speak to groups across the country, I ask the following questions. Below are the typical responses I receive – and the actual facts.

1.     What do you remember about Arthur Andersen? 

Typical Response: They were the ones that helped facilitate the Enron fraud. They deserved what they got.

Fact: Arthur Andersen was the largest and most prestigious firm in the country. It was considered the gold standard of the accounting profession by the business community.

2.     For what was Arthur Andersen indicted? 

Typical Response: They messed up the audit of Enron and signed off on false financial statements.

Fact: They were indicted for shredding documents. These documents were drafts and other items that do not support the final product. All accounting firms establish policies for routinely shredding such documents.

3.     How long was it between the Enron blowup and when Arthur Andersen went out of business? 

Typical Response: One to three years.

Fact: The largest accounting firm in the world was gone in 90 days.

4.     Was the indictment upheld? 

Typical Response: Yes, that is why they went out of business.

Fact: No. The Supreme Court overruled the lower court in a 9-0 decision, and came to the conclusion within weeks, making it one of their quickest decisions ever.

5.     How many people lost their jobs as a result of the false accusations? 

Typical Response: Have no idea, but the partners got what they deserved.

Fact: Eighty-five thousand people lost their jobs and only a few thousand were partners. Most were staff people and clericals who made modest sums of money.

6.     Who benefited from Arthur Andersen going out of business? 

Typical Response: Everyone – we finally got rid of those crooks and made a statement to the rest of business to operate ethically.

Facts: It was not the Arthur Andersen people; they lost their jobs. It was not the clients; they had to go through the stress and expense of finding a new auditing firm. It was not the business world in general: It now has fewer firms from which to choose and rates increased. It was their competitors who benefited – they got Andersen’s best people and clients and were able to increase their rates and profitability.

7.     What accounting firms now have ex Arthur Andersen partners playing leadership roles in their firms? 

Typical Response: None

Facts: The “big four,” all the large middle-tier firms and many small firms have former Arthur Andersen partners in leadership positions. Finally, many members of the new Public Accounting oversight Board (PCAOB), which oversees these firms, now have former Arthur Andersen people involved in reviewing the quality of these firms.

==============================================================================================================================================================================================================================

Was Arthur Andersen guilty of a crime? The jury said yes but the US Supreme Court said no. Were they a part of one of the biggest corporate frauds of all-time? Perhaps. Did Arthur Andersen make mistakes? Yes. Did the firm deserve to get wiped out as a result of document shredding? Are you kidding?

The destruction of Arthur Andersen is foremost on the mind of every General Counsel (GC), Chief Executive Officer (CEO) and Board of Director whose company is facing the decision of whether or not to fight in court any charges related to Foreign Corrupt Practices Act (FCPA) violations. Some have argued that DPAs pervert the course of justice but from where I sit, having seen Arthur Andersen destroyed before our collective eyes, the better practice is to enter into a DPA. Was it really in the interest of the Department of Justice (DOJ), or even the People of the United States, who after all the DOJ represent, to throw 85,000 people out of work for the document shredding engaged in by the firm’s Houston office?

Some commentators seem to argue that if a company violates the FCPA, they should get what they justly deserve. But does it serve any interest to wipeout an entire company? Finally, for those who want to tell company management to man up and go to trial, GCs, Chief Compliance Officer (CCO), Board members and others need to remember their legal obligations to their companies and shareholders and not be cowboys going to the last gunfight. Put another way, do you want to be the first GC, CCO, Board member or CEO who tells the DOJ that you are over-reaching and we are going to trial and lose everything like Arthur Andersen did?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 20, 2014

Something is Rotten in Denmark or Is It the Banking Industry?

Rotten Denmark“Something is rotten in the state of Denmark” is one of the signature lines from Shakespeare’s play Hamlet. I thought about that when I read a couple of recent articles in the New York Times (NYT), entitled “Questions Are Asked of Rot in Banking Culture”, by Peter Eavis and the Wall Street Journal (WSJ), entitled “Lawmakers Tell Justice Dept. to Seek Swiss Banker Extraditions”, by Joel Schectman. Eavis wrote that banks have been accused of money laundering, tax dodging, market rigging and rampant risk-taking; all of which I would add could lead to potential Foreign Corrupt Practices Act (FCPA) violations.

Banks would seem to have a different relationship with the public than energy companies. Eavis said that the “At the heart of the issue is an inviolate social contract that bankers are supposed to honor. The government agrees to protect banks from collapse, and in return, bankers are meant to uphold the highest ethics when handling other people’s money. But when law-breaking and other missteps proliferate at banks, it is a sign that the industry has stopped cleaving to the special contract, endangering taxpayers. And bad management can be a leading indicator of future financial problems at an institution.”

But more than this ‘social contract’ is regulators. The Department of Justice (DOJ) has never been shy about enforcing the FCPA against energy companies who violate the law. “Too Big To Fail” still resonates as an excuse for regulators who didn’t regulate so that they “may find it hard to convince the public that they mean business” this time around and on this issue. Eavis noted that William C. Dudley, president of the New York Fed and Thomas J. Curry, Comptroller of the Currency, have both recently spoken out about banks and their culture. But Eavis notes, “each had a reputation for being too soft on the banks.”

The regulators told Eavis that they are indeed ‘ratcheting up the pressure’ on banks. Curry was quoted as saying, “We are ratcheting up the potential consequences. This is something new.” Eavis properly asks that with some of the best legal talent money can buy for defense, who deploy strategies like refusing to turn over potential evidence to regulators” and simply having such large profits “they can easily absorb the financial penalties the government throws at them”.

Eavis notes that one continuing area of concern and an area of potential change is compensation. He states “compensation is one area where bank regulators may need to do more if they want to do more to clean up bank culture, according to critics of the industry.” This is because bank compensation practices “can reward unhealthy levels of short-term risk-taking and entice bankers into ethical lapses.”

While it is doubtful that banks would ever make changes similar to those made by GlaxoSmithKline PLC (GSK) to move away from compensation variably based upon sales to a straight salary; Eavis reports that regulators outside the US “agreed after the crisis to overhaul bankers’ pay, in part by requiring them to wait several years before they receive all of their bonuses. The hope is that bankers will behave better if they know their employers can easily take back the deferred part of their pay.”

The problem regarding compensation in US banks is that they “are still deferring much less pay than their European peers. The Fed is in charge of regulating compensation at American banks. When asked whether the pay overhaul at American banks had gone far enough, Mr. Dudley said, “There is potential to defer more compensation for longer periods of time.””

However, banks need more than simply a change in compensation to address their cultures. It really is about ethics. Interestingly this is where ‘Too Big To Fail’ comes into play. But Eavis also writes “Some banks may be so large and complex that it would be difficult for managers to maintain a clean culture across all of their operations.” Dudley was quoted as saying, “Either the firm is not too complex, you can manage it, you do know what’s going on,” he said. “Or, if you don’t know, that’s sort of raising the question whether the firm is too complex to manage.” This means “he would not allow size or complexity to be an excuse for ethical breaches.”

Although not directed at US banks and bankers, Senators Carl Levine and John McCain, who jointly lead the Senate’s Permanent Subcommittee on Investigations, channeled their inner Howard Sklar when they wrote a letter to the DOJ and urged them to “at least attempt” extradition proceedings against indicted Swiss bankers. They jointly said “Even if the extradition request is denied, it will inform both Switzerland and its citizens that the United States is ready to make full use of available legal tools to stop facilitation of U.S. tax evasion and hold alleged wrongdoers accountable.”

I felt the DOJ response was well reasoned when a spokesman said, “extradition proceedings would be a poor use of resources. Because aiding tax evasion is not considered a crime in Switzerland, the country is unlikely to honor U.S. extradition requests.” But John Carney, a former federal prosecutor who is now a partner at Baker & Hostetler LLP, believes that “an extradition request from U.S. authorities would be a powerful signal”. He was quoted as saying “It’s a shot across the bow for folks who think it could never happen,” Further, “The unsettling part for a potential defendant is the request is there and if the [Swiss] government ever changes its view, it’s one step closer to actually happening.””

I have written about Bankers Behaving Badly more than once. The litany of financial crimes they have admitted to goes on almost monthly. But when the government regulators start talking about a rotten culture; that seems to take things up a notch or two. Remember, I come from Houston, which is the epicenter of FCPA enforcement. I do not remember any government official or regulator talking about “deep-seated cultural and ethical failures” at energy companies in Houston. These public comments should certainly be a wake up call for senior management at these institutions. My advice would be to get your Chief Compliance Officer (CCO) in for a meeting ASAP and while you are at it, you may want to consider hiring a Chief Ethic’s Officer as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 13, 2014

Harriet Tubman and Navigating to Become an Ethical Company

Harriet TubmanMarch 10th was the 101st anniversary of the death of Harriet Tubman. She was one of the greatest conductors on the Underground Railroad, which took slaves out of the old south and up to freedom in the north and into Canada. I read about her as a child and her story always moved me. The one thing I remembered is that when traveling at night in the pitched darkness, she would feel for the moss growing on trees so that she would always know which way to travel. Moss grows on the north side of a tree so she would always be able to move her way north and to freedom for those she helped escape.

I thought about Harriet Tubman and her story of how she could determine which way to travel in pitch darkness when I recently read an article in the Ethisphere Magazine, entitled “Ethics By Example”, by Gary E. McCullough. In his article he gave some specific steps that a company can engage in to help foster and create an ethical culture which he has learned over the past 25 years from working for companies as varied as Proctor and Gamble, Career Education Company and serving as an infantry officer in the US Army. 

1.    Implement structure and clear expectations. 

McCullough suggests that you should create a mechanism that allows employees to address issues. In doing so, you should also be able to demonstrate both senior management and the company’s commitment to ethics and compliance. He recommends the following steps:

  • Set clear policies and expectations through your vision statement;
  • There must be strong education and training programs;
  • Metrics and measurement systems are a must;
  • A visible compliance structure within your company;
  • A confidential helpline for reporting issues with a stout no retaliation policy; and
  • A method to investigate and resolve complaints. 

2.    Ignoring infractions is not an option.

McCullough recognizes that company leaders face ongoing struggles to balance being too harsh or too lenient. If the former occurs, a leader can run the risk of demoralizing his team. If it is the latter, a leader can simply be run over by his or her troops. But a company leader must address infractions of your internal Code of Conduct, or other similar policies, or no employee will take it seriously. 

3.    Make ruthless decisions, but execute them with compassion. 

Leaders have to make tough decisions. McCullough counsels that no matter how difficult a decision might be, it should be delivered with compassion. In other words, no termination communicated by email. Tell people in person and then give them the assistance to help moving forward. 

4.    Focus on the work. 

Channeling his inner Paul McNulty (he of McNulty’s Maxims), McCullough intones that the most critical thing is what you do after a problem arises. As McNulty might say, “What did you do after you found out about it?” Do not defend your past practices or say that everyone else does it but move forward to remediate the situation, fulfill your obligations and move forward. In the world of Foreign Corrupt Practices Act (FCPA) prosecution, it is clear from 2013 corporate enforcement actions that a company should remediate during the pendency of any FCPA investigation or enforcement action. Such remediation will go a long way in reducing the overall penalty, enhancing your credibility with the Department of Justice (DOJ) and helping to avoid the appointment of a corporate monitor.

5.    Be in alignment with your Board. 

McCullough believes that Boards share ownership of a company’s compliance function with the Chief Executive Officer (CEO), senior management and the compliance function. As such the best accomplishments in compliance comes when the Board, or a committee thereof, can bring a sustained outside perspective, methods and best practices to a company’s overall compliance regime.

6.    Instill it in the culture.   

I once explained a CEO’s role in compliance to a company executive and as I was going through various strategies, he looked at me and said, “You want me to be the ambassador for compliance.” I said that was exactly what I wanted him to do and it was the best description I have ever heard of what both McCullough and I believe a CEO can bring to the table. McCullough writes, “leaders must model the behavior expected from others. And when engaging with individuals, never let an opportunity pass to remind them of the company’s obligations to its stakeholders to always “do the right thing””. I could not have said it better myself.

McCullough’s points, while general in nature, are a good starting point for any compliance practitioner to review the overall nature of a company’s ethical and compliance health. For the compliance practitioner it provides some general, yet important points that they can discuss with a CEO or senior management about the company’s ethical direction. Much like Harriet Tubman’s ability to continue to move north on the Underground Railroad in pitch darkness, these guideposts will help your compliance program to move forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 7, 2014

Machiavelli for Chief Compliance Officers

The PrinceLast year was the 500th anniversary of the publication of one of the most significant books on political theory ever written, The Prince by Niccolò Machiavelli. Just how evil do many people view the treatise? Consider that the book alone is responsible for bringing the word “Machiavellian” into usage as a pejorative term. It also helped make “Old Nick” an English term for the devil, and even contributed to the modern negative connotations of the words “politics” and “politician” in western countries (imagine him pre-saging the US Congress by 500 years). However, it is also view by many as one of the first works of modern philosophy, especially modern political philosophy, in which the effective truth is taken to be more important than any abstract ideal. It was also in direct conflict with the dominant Catholic and scholastic doctrines of the time concerning how to consider politics and ethics.

Many also find it a useful learning tool for a company’s management; though not the part about sawing a poor performing employee in half, literally. For instance in the Texas Lawyer, Work Matters column, Michael P. Maslanka wrote an article, entitled “Machiavelli’s 6 Insights for the General Counsel”. Duly inspired, I have adapted his thoughts for the Chief Compliance Officer (CCO).

Lesson No. 1 – Heed Selected Advice from Selected Advisors

While in medieval Florence, the Prince ruled as the supreme monarch, he still needed advisors. Today, we are called subject matter experts (SMEs). Maslanka advises that “the prince decides from whom and about what he wants counsel, plus when he wants the advisers to offer it.” More importantly, a “prince’s demeanor must encourage truth telling. This creates a virtuous circle from which “everyone may see that the more freely he speaks, the more he will be accepted.””

For the CCO this means that you should find a trusted SME or set of SMEs which you can bounce issues off and they will answer the question. This does not mean to provide you a Memo or some type of cover. You need advisors who will give answers as to what you can and cannot do under such laws as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Moreover, they should be able to point out how to manage risks with increasing oversight as the risk profile increases. 

Lesson No. 2 –  Niccolò is Not Tony Soprano

Unlike Tony, who can do whatever he wants, whenever he wants. Maslanka writes that “As law professor Philip Bobbitt observes in “The Garments of Court and Palace: Machiavelli and the World He Made,” this reasoning undergirds international law, allowing the aggrieved party to disavow its obligations because the reasons for entering into the agreement initially have evaporated.”

For the CCO this means something like the following story. If a company president says that he wants to engage in some transaction or engage a particular agent and you tell him if he does so, he runs the risk of violating the FCPA; he might have a couple of responses. First, he might say that such risk is above his risk tolerance and he will not engage in the behavior. However, he might also say, that you are the compliance professional, you figure out a way to do it legally. What I think that means is that as the risk goes up, the management of that risk also goes up. Would such a response be more costly or more intrusive? Probably, but if there is a way to manage a compliance risk and not violate the FCPA, I think you can legitimately suggest that to your company president.

Lesson No. 3  If you treat others well, they will treat you well

Channeling his inner Machiavelli and HR 101, Maslanka quotes from The Prince when he writes, “A prince must … show himself a lover of merit, give preferment to the able, and those who excel in every act.” Maslanka then notes, “Who invented the suggestion box (aka incentivized ideas)? That’s right: Niccolò. “The prince should offer rewards to whoever … seeks in any way to improve his city or state.””

For the CCO this means that if you are honest and fair with people they will be much more willing to accept bad news in return. This is the basis of the Fair Process Doctrine. If a whistleblower brings allegations of corruption or a violation of your company’s Code of Conduct, keep that whistleblower apprised of the situation as is reasonable to do so.

Lesson No. 4 – People are bad. Work with it

No doubt channeling his inner FCPA Professor on rogue employees, Machiavelli says that there are bad people out there. Maslanka writes, “Not only are they bad but they “are ungrateful, fickle, desolators, apt to flee peril, covetous of gain.”” There are people who will see compensation as the be-all and end-all of corporate life. There are those beyond that who will work to defraud companies. Maslanka’s reading of The Prince leads him to write, “Ditch the naïveté and embrace a complex world. Use a one/two punch: Yes, we must have good laws, but we also must have “good arms.” Yes, be a lion (it’s good for dismaying wolves) but also be a fox (that’s good for recognizing traps).”

For the CCO this means you should have a effective process to ‘prevent, detect and remediate’ violations of your FCPA compliance program.

Lesson No. 5 – Be neither a yellow stripe nor a dead armadillo

Maslanka states “Jim Hightower, former Texas agriculture commissioner, famously remarked that the only items in the middle of the road are yellow stripes and dead armadillos. Machiavelli could not have agreed more. His advice: Take sides. Do not stay neutral. Cowboy up.” In other words, man up.

For the CCO, I think this translates into ‘take a stand’ when you have to do so. Yesterday I wrote about CCOs and the analogy of the Alamo. If you have to draw a line in the sand, do so. The responses to the blog post were interesting in that they were thankful that I pointed out what might happen to a CCO when they do draw the proverbial ‘line in the sand’ but they thought they were better for having done so. Unfortunately if a company moves forward and does not heed such advise it may be the entity that faces sanctions for violating the FCPA.

Lesson No. 6 – Adapt, adapt, adapt

Maslanka wrote, “before Charles Darwin, Machiavelli grasped the power of adaptation. Whoever “adapts his mode of proceeding to the quality of the times is happy and similarly, he whose procedure disagrees with the times is unhappy.” Adaptation is crucial because fortune changes, the earth moving under our feet without warning. Machiavelli’s counsel: Adapt a mindset of being impetuous, not cautious; ferocious, not timid; calculating, not blindly trusting.” In other words, when in doubt, act.

For the CCO this means that you must assess and then act upon that assessment. In the compliance realm this is particularly true because risks change, now so quickly it is sometimes hard to keep track. Even if you perform a risk assessment every two years and believe you have assessed and remediated the new risks; how do you deal with the new environment in places like Ukraine and Turkey? What about China? Have you looked into your Chinese subsidiary’s use of travel agencies? How up to date is the due diligence on your third parties?

Maslanka ends his article with the following, “Machiavelli never wrote that the ends justify the means, and he didn’t intend that to be his message. He believed in what people now call “servant leadership,” which would be a subordination of the prince’s needs and ego to the greater good. In his case, that was a unified Italy, free of foreign domination, achieved by using the principled and humane values—yes, humane values—that he wrote about in “The Prince.” It’s this servant leadership that suits GCs and the C-level executives that they advise.”

I would heartily agree with his sentiment but revise ‘GC’ to CCO.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

Customized Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,229 other followers