FCPA Compliance and Ethics Blog

July 31, 2014

Lessons Learned from the Beautiful Game: Compliance, FIFA and the World Cup

World Cup e-BookThe 2014 World Cup is over and in the books. It was a great tournament for probably everyone across the globe but the host nation of Brazil. While there are many lessons to be learned from this event, the lead up to and events of this year’s World Cup provide some interesting insights for the compliance practitioner. I have collected some of my writings on FIFA, the World Cup and the world of the ‘Beautiful Game’ in one volume, entitled, “Lessons Learned from the Beautiful Game: Compliance, FIFA and the World Cup”. It is now out and available from amazon.com in Kindle e-reader format.

In this short volume I take a look at some for the following topics.

  • FIFA and its selection process for the 2022 World Cup in Qatar.
  • Performing due diligence and World Cup bids.
  • Referee Professionalism as an anti-corruption tool
  • What are some of the consequences for failure to set a proper tone-at-the-top.
  • Leadership lessons from managers of some of the world’s top soccer clubs.
  • Lessons learned from both compliance successes and failures.

I am sure that you will find this e-Book gives you some ideas for your anti-corruption compliance program, no matter which FIFA country you might practice compliance in. Finally, you cannot beat the price, as it is only $3.99. You can order a copy by going to amazon.com or by simply clicking here.

July 29, 2014

Bringing It All Home, the Two Tough Cookies Wrap It Up For You, Part II

Tales from the CryptNote-I asked the Two Tough Cookies if they could put together a series of blog posts wrapping up the lessons they have seen and learned and written about in their series of Tales from the Crypt. They graciously put together a series of posts on the seven elements of an effective compliance program from their 10 tales of Business Conduct. Today, Part II of a Three Part Series…

3. Exercise Due Diligence to Avoid Delegation of Authority to Unethical Individuals

This one is tough, especially in global organizations. In many countries, you simply cannot run a background check, as criminal records are not public. In others, you can run them, but the criminal offense must be related to the job to exclude the candidate from being hired.   In yet others, you can run them, but you can’t use them due to overly strict privacy rules. Then there’s the matter of cost relating to doing all this due diligence. The best thing you can do is determine the following:

  • First, is your business subject to a potential FCPA violation? If you are not “at risk” of public corruption because you are not engaging at any level with foreign government officials, then half the battle is won. Of course, you still run the risk of commercial corruption (bribes, kick backs, etc. with trading partners), but at least the spectre of government sanctions is not looming so large over you.
  • If you are “at risk” of an FCPA violation (you have interaction with govt. officials, including customs) have you developed a robust due diligence program, based on some corruption index to determine the level of due diligence required for your staff, your trading partners?
  • Have you identified your red flags thoroughly to spot anomalies in your business that would signal a deeper view is recommended?
  • Do you have staff to conduct the due diligence, or a vendor to do it on your behalf?
  • Are background checks run on everyone, or just certain individuals, or certain risk areas?
  • Have you taken a hard look at your gift policies to determine whether or not there are glaring holes that could give rise to inappropriate influence in business dealings?
  • Have you taken cultural considerations under advisement in your gift policies? Are they more stringent, or lax, compared to the US? Are the gift policies in Russia different than the gift policies in the US, because someone convinced someone else that you just can’t get things done without greasing a palm here or there?
  • Do you have a formal committee reviewing all charitable contributions, or, are ‘charitable contributions” acceptable as “facilitation” to get non-discretionary government functions moving along? Does your organization allow “facilitation payments” – if so, you better take a second, third, fourth look….

The point I’d like to emphasize here is that even companies that make it on the “World’s Most Ethical Companies” list also make it to the DOJ’s investigation list for foreign corruption, or violation of embargoes, sanctions, and the like. People interpret rules when the rules change, depending on the country. People then make mistakes in favor of what makes business sense to them, in their country, in their environment. You just have to make sure you’ve done what’s reasonable to prevent those mistakes.

  1. Communicate and Educate Employees on Compliance and Ethics Programs

Here’s where the tone from the top, middle and bottom are key to your culture. This is probably the most important thing you want to measure. I am fond of saying 90% of a good ethics & compliance program is communication, and 10% is actions/deeds. While deeds do speak louder than words, it’s the communications – what you say, how you say it, what you mean by it, your intent – that frames up the actions of others.     So you want to measure

  • Are the messages the same, the deeper you get into the organization? Is the understanding of the messages cascading from above the same the further down you go? Easy enough to measure with post-learning survey tools. Give all top, middle, and lower management the same “meeting in a box” and see if the understanding after delivery is the same. Reminds me of that campfire game, where the story starts at one end of the circle, and is completely different by the time the last person hears the tale. Your objective, of course, is to ensure that every person in the corporate audience hears the same message, and has the same take-aways, no matter who is telling the tale.
  • What kind of audience do you have? Does everyone have access to a computer, or do you have the challenge of manufacturing workers, with multiple languages and facilities to manage, and no technical means of reaching them? Have you done what’s necessary to ensure your training and communications mechanisms address every type of audience, or are pockets left out of the mix?
  • What learning aids do you have to help with understanding the code of conduct? Are the examples you use for harassment appropriate for your audience? Do you have a team of global reviewers who will not only preview your training, but offer suggestions on how to localize it to make it appropriate, meaningful and relevant to the teams they serve? If so, do they look at all communications pieces, or only certain ones? If only certain ones, which ones? And why?
  • Are there any leaders who go above and beyond when you launch your annual or quarterly training? I had an Asian business President who made sure he took the course the first day it was launched, and then sent a message to his leadership team about what he learned from the course, and what he wanted them to take away to their teams after they took the course. All of his team had the course done within the first month. I wanted to clone the guy, I swear!

I’m also reminded of mandatory harassment training I gave in Brazil one year. I relied upon the canned on-line training to help with my meeting amongst management, who all spoke English well. I was planning on asking them to cascade the messages to their teams while I was there, but they pointed out that the training was a farce. Women, they told me, wanted wolf calls lobbed in their direction in Brazil – it was not only culturally acceptable, but encouraged. This was substantiated by the several women in the room. Check. Fortunately, I had other examples at the ready to use for a facilitated session, which I vetted with the women on the team prior to delivery. Lesson learned? Make sure your ethics & compliance steering committee has global membership, and are willing to preview your training and communications prior to launch to ensure cultural relevance. If you don’t do this, your ethics & compliance program will be perceived as a joke. Not a desirable outcome, I would say….

  1. Monitor and Audit Compliance and Ethics Programs for Effectiveness

So, how do you measure a non-event? I often ponder…. The challenge in highly ethical organizations is that you have, at first blush, very little to measure. If everyone’s doing a good job, how do you measure effectiveness. Is it because you have a great program that you have absolutely no calls on the hotline? Or is it that everyone is trembling in fear of retaliation the reason for no calls to the hotline? Hmmm.

Some of the things you can measure include

  • Indicators and ‘yardsticks’ – do you crawl, walk, or run to goals?
  • Do you seek periodic stakeholder feedback (including E&C council input)
  • What kind of documentation do you collect – trend analyses of HelpLine metrics, feedback on program enhancements as they are implemented, feedback on training and communications
  • Do you routinely conduct a “Lessons Learned” exercise after substantiated hotline calls?
  • Does your HR team engage in site assessments when a location, facility, or team seems to have a lot of issues that arise from a single manager or set of team leaders?
  • How often are your Code, policies, procedures updated and reviewed?   Are they tested for readability and understanding? Are they just published, or is training introduced for new policies as they are issued?
  • Do you conduct risk assessments and/or change training or communications based on perceived risk areas?
  1. Ensure Consistent Enforcement and Discipline of Violations

Does your organization allow for mistakes? Many will say they do, but when the rubber meets the road, you will find that they can be unforgiving for some transgressions, and unbelievably forgiving for others…. You will want to measure

  • Whether or not there appears to be wiggle room when folks stray. Deeds in this aspect do speak louder than words.
  • Are roles and responsibilities clearly defined, with escalation clauses when things go wrong?
  • Does your organization communicate when things go wrong as well as when things go right? I know one organization that struggled mightily when I suggested we let everyone know what actions we took for certain code violations. The attorneys were all worried that someone would sue, of course, but in the end, integrity prevailed. We were able to sanitize the situations in such a way to communicate what had been done, and what discipline was taken, without anyone learning personal details. Importantly, it drew a virtual line in the sand by publicizing transgression and discipline, so that people knew boundaries. Of course, this was after years of me observing that discipline seemed to be discretionary within the organization, and as a result, trust in management “doing right” was eroding significantly. It didn’t hurt that my observations were followed by multiple hotline calls saying the same thing… but it should never get to that point, should it?

Also measure whether or not policies and communications:

  • Encourage reporting
  • Identify resources to raise concerns
  • Prohibit retaliation for good faith concerns
  • Identifies management as the primary resource for issues or concerns
  • The average timeline to resolve complaints
  • Whether or not you benchmark reports that express fear of retaliation or unwillingness to consult with management first. This is tough to do, unless you build it in to your hotline reporting mechanism as a “customer service” function at the end of every call or report, actively soliciting this very feedback when a report is made.
  1. Respond Appropriately to Incidents and Take Steps to Prevent Future Incidents

So, you are at the point where you have confidence you have the right policies and procedures in place to keep yourselves honest. But in case someone didn’t get the memo of “expected behavior” you have to make sure you respond appropriately, and take steps to avoid future missteps. One organization I worked at realized the culture of an acquired subsidiary was so awful that it opted to sell it off rather than try to fix it. They had other issues in the larger organization, but they knew a bad deal when they saw it, and took steps to rid themselves of an untenable position. Another organization I worked at kept throwing money at a subsidiary, when it probably would have been better to toss in the towel. Different organization, different results, neither perfect, but it fit them as they saw things.

When gauging the culture of your organization, some things you want to look at are the rewards and sanctions for behavior:

Positive rewards:

  • Retention of employment
  • Recognition
  • Appreciation
  • Commendation
  • Monetary or stock reward

Negative sanctions:

  • Termination or Suspension
  • Demotion
  • Probation
  • Appraisal comments/warnings
  • Reduction in compensation or bonus

You also want to measure your Performance Appraisal Systems, and look to see whether or not they include sections on:

  • Demonstrated Ethics and values in workplace conduct
  • Good communication skills
  • Building trust with stakeholders
  • Being fair or equitable
  • Maintaining a high level of quality or integrity in decision-making
  • Reporting Concerns
  • Empowering subordinates to reporting concerns
  • Training and development initiatives for the team

Tomorrow the Two Tough Cookies sum it all up…

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The authors, their affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Authors give their permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the authors.

 

July 28, 2014

Bringing It All Home, the Two Tough Cookies Wrap It Up For You, Part I

Tales from the CryptNote-I asked the Two Tough Cookies if they could put together a series of blog posts wrapping up the lessons they have seen and learned and written about in their series of Tales from the Crypt. They graciously put together a series of posts on the seven elements of an effective compliance program from their 10 tales of Business Conduct. Today, Part I of a Three Part Series…

We’ve talked a lot in our Tales from the Crypt about the signs to watch for that indicate something’s gone wrong, from minor cultural twists to lapses of integrity that are tantamount to criminal activity. We all wish we had a crystal ball we could peer into to predict how various maneuvers will translate into the larger universe of corporate culture. One of the best tools to use to gauge the cultural baseline is an organizational ethics audit, reminding yourself that “what gets reported gets measured.”

Your first hurdle, of course, is getting executive leadership to support the initiative. If they don’t support it, then you have your first cultural indicator. After all, if you have nothing to hide, you have nothing to lose by peering under the covers, now do you? So let’s assume your leadership is supportive of developing, and/or sustaining, a “high integrity” organization. So what do you want to measure? The ‘seven elements of an effective compliance program’ is a good start, but by no means exhaustive. After all, many organizations fulfill “ethics oversight” by having a CCO in title (usually, the GC or CFO), but the day-to-day oversight and management of the program is led by staff members who are not empowered to work towards positive change. You know who you are, you know the daily frustration of knowing what should be done, and what leadership will allow. So while “oversight” is met, is it really “effective?”

So let’s remind ourselves of the seven elements once again:

1. Establish Policies, Procedures and Controls

2. Exercise Effective Compliance and Ethics Oversight

3. Exercise Due Diligence to Avoid Delegation of Authority to Unethical Individuals

4. Communicate and Educate Employees on Compliance and Ethics Programs

5. Monitor and Audit Compliance and Ethics Programs for Effectiveness

6. Ensure Consistent Enforcement and Discipline of Violations

7. Respond Appropriately to Incidents and Take Steps to Prevent Future Incidents

How do these elements translate into an organizational ethics audit? And how do our 10 rules of business conduct in the workplace (from our “Tales from the Crypt” series) fit in? Let’s break it down into manageable chunks.

1. Establish Policies, Procedures and Controls

Under this “bucket” include your Code of Conduct, your Vision and Values statements for your organization, and the various policies and procedures you rely upon to get business done. What you want to know, when conducting your audit, is not just do you have these, but

  • Does your Vision statement create an actionable description of the future? If so, what is it, and more importantly, do your people know it, and understand what role they play in achieving that future?
  • Is “Integrity” one of your Values?
  • What’s the purpose and Focus of your Code of Conduct? What kind of tone does it set, is it widely distributed, prominently displayed, easy to read? Does it have learning aids, and examples of not only wrong doing, but “right” doing behaviors? What expectation does it set? Is it universal or have you caved to various constituencies and created multiple versions (not translations, but actual versions) to “meet the needs” of various cultures. If you have, then you are net setting a single standard that all can live by, and you will have people applying their own standard to their behaviors, not yours. Ethics should not be subject to interpretation, nor external pressures such as Worker’s Councils, unions, or special interest groups.
  • Are your policies relevant to your business, or did someone just borrow something from an HR toolkit to get you started? Do you have a formal non-retaliation policy (and not just a nod towards the concept in your Code of Conduct), and formal procedures to deter retaliation. The rules in this area need to be cut and dry to make people know you “have their back” when the you know what hits the fan. You want to encourage people to step up, and the only way you can do that is a rock solid approach to non-retaliation.
  • Last, but not least, are your policies “uniformly enforced?” Much like the sentencing guidelines, organizations, large and small alike, should be dealing with transgressions with an even hand to truly have an ethical culture. People like boundaries, like to know where the line in the sand is drawn. Trust me on this. So do you know exactly where your organization’s boundaries are? Or does the line move from incident to incident?

2. Exercise Effective Compliance and Ethics Oversight

As I mentioned before, many organizations have day-to-day oversight managed by staff, with a titular CECO residing with one of the executive leaders, like the GC or the CFO. Larger organizations have dedicated compliance officers who aren’t forced to wear multiple hats, who truly have teams of dedicated compliance officials reporting up to their organization. This is particularly true in highly regulated industries, such as finance, insurance, healthcare, food and drug manufacturing, where government oversight plays a large role in day to day business.   It is fair to say that smaller organizations don’t need to have a dedicated compliance officer per se, but when you have a staff attorney, for instance, managing the day to day operations of your ethics and compliance program, you have put that person in a Catch 22. Period. You may want an attorney in that spot for attorney client privilege, but if you do that recognize that you’ve also handcuffed the person from being able to independently report wrong doing if something goes drastically wrong, as they are duty bound to keep matters confidential, even within the business.

So you want to measure whether or not the person with day-to-day oversight has the freedom (or mechanisms) to raise concerns.

  • If it’s a staff attorney, is the job description written so that when wearing the compliance hat, the attorney hat comes off? Tough to do, but possible.
  • Are there layers of management between the day-to-day person who is managing the ethics and compliance program, and the person with the “title” CECO?
  • Are there many people with “compliance” in their title, and do they work together, or independently? I have worked in organizations where “compliance” was part of several functions, but the right hand, and the left hand, weren’t speaking to each other. Trade Compliance reported to one division, Environmental Compliance reported to another division, product compliance reported to yet a third division, HIPAA compliance to yet a fourth, and so on. None of these units worked together, some were staffed heavily, some staffed thinly, and the actual “head” of Integrity & Compliance was ineffective at convincing senior leadership that all compliance functions should be at least working towards the same goals in the organization. It all depended on the business leader at the top of the silo and whether or not they were effective in getting the support they needed to run their business. It also depended on whether or not the business unit was a profit center or a cost center, and if a cost center, where it reported up into the business – as a G&A expense, or an administrative cost aligned with operations. Those that were part of operations were well-funded, those reporting in on the administrative side as a pure cost center (including the “head”) were poorly resourced.
  • Do you have an ethics steering committee or working group that represents all functions and business units, and is staffed by executive or senior leaders who are in a position to make decisions for the larger organization? This serves as a checks and balance that is critical if the day-to-day oversight is led by a staffer. The staffer can build consensus with a larger group that has a vested interest in the outcome by holding those critical meetings before the meeting to test run proposals, and receive important feedback on how to effectively present a proposal to the team to ensure acceptance and success. The staffer can also go to a trusted member of the committee if he or she feels that the CECO is not receptive to hearing concerns and serve as a sounding board. Hopefully, that is.

Tomorrow, elements 3-7.

Who are the Two Tough Cookies?

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies.  Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Their series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone…

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The authors, their affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Authors give their permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the authors.

July 21, 2014

World Cup Finale – Compliance Lessons to be learned from Success and Failure

World Cup 2014Over the past few weeks, I have written several articles on the lessons a compliance practitioner can draw from this year’s World Cup and the international group which runs the event, the Fédération Internationale de Football Association or more commonly know as FIFA. Over on my podcast site, the FCPA Compliance and Ethics Report, Mike Brown, the Managing Director of Infortal and myself have just concluded a 7 part World Cup Report, where we discussed issues surrounded FIFA and this year’s World Cup in the context of anti-corruption programs. Whatever else FIFA may be, it is certainly is a compliance practitioner’s dream for lessons learned on bribery and corruption.

The 2014 championship is over and Germany came through this year’s tournament as the clear victors. Over the past couple of weeks, I was lucky enough to see the current Queen/Adam Lambert Tour. They ended both concerts with We Are the Champions and I could not but help think of the German soccer team and indeed the entire German country, winning its first World Cup title since unification. And, of course, any discussion of Germany, its title and this year’s World Cup will have to include is absolute destruction of the Brazilian team and the hearts of the host country with its 7-1 uber-win in the Semi-Finals. How long will that game be remembered? My guess is as long as soccer is played.

While Argentina did have its shots at Germany in the finals, in order to win they were required to play a near perfect game, which, unfortunately for the team and the country, it failed to do in the finals. Does this mean that Messi is not the greatest player in the game today? I really do not know but I still love watching him play and that is good enough for me.

From all of this, the lessons for the compliance practitioner can be many but I wanted to focus on two leadership lessons: What can you learn from failure? and What can your learn from success? Losing first. In an article in this week’s issue of Sports Illustrated, entitled “And Then There was Ein”, Grant Wahl wrote about how Germany turned its national soccer program around from one of its most devastating performances in Euro 2000 where it finished last in its group and did not win a single match in the tournament. From that nadir, “the national federation teamed up with German clubs to overhaul the country’s youth development.” Players from this development program were instrumental in leading the 2014 German team to the 2014 World Cup win. In other words, the German soccer federation learned from its past mistakes and grew a team that became champions.

Contrast this lesson with Wahl’s take on Brazil. He quoted Alex Bellos who said the following, “What does it mean to be the five-time champion if you let in four goals in six minutes?… The world’s biggest footballing country hosting a World Cup, in front of their own fans, and were made to look like they couldn’t play football. And against a team that was playing with artistry and sophistication and happiness, all the thing that Brazil is supposed to play with. You couldn’t have devised a more devastating epitaph for the Beautiful Game.” Bellos went on to say, “Brazil’s week from hell revealed a nation satisfied with resting on past soccer achievements and unwilling to seek new ideas abroad.”

Just as lessons can be learned from failure they can also be learned from success. In this week’s Corner Office section in the New York Times (NYT), Adam Bryant profiled Kat Cole, the President of Cinnabon, in an article entitled “Questioning Success More Than Failure”. While thinking about Germany’s success in the World Cup I was intrigued when Bryant quoted Cole for the following, “I’ve learned to question success a lot more than failure. I’ll ask more questions when sales are up than I do when they’re down. I ask more questions when things seem to be moving smoothly, because I’m thinking: “There’s got to be something I don’t know. There’s always something.” This approach means that people don’t feel beat up for failing, but they should feel very concerned if they don’t understand why they’re successful. I made mistakes over the years that taught me to ask those questions.”

Both of these perspectives can be very useful for the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance practitioner. Just as it is axiom that your compliance program should not be static but dynamic and evolving, what are you learning from your compliance failures and compliance successes? Most lawyers and compliance practitioners can review root cause/analyses to help determine how a compliance failure might have arisen. But how many are looking at your compliance successes. By this I do not mean celebrating your compliance successes but performing the same type of root cause/analyses to determine how a fact pattern arose but was prevented from becoming a full-blown FCPA violation. If something came in through the hotline, did you interview the whistleblower about what caused them to have confidence to report in that manner? Did you look at the training delivered to the whistleblowing employee? How about their supervisor? Did you interview that supervisor to see how he or she got the message out to not only use the hotline but stress the message of no retaliation?

In her interview Cole put it another way when she said, “I learned to make sure I take the full authority of my role. When I haven’t, I knew it immediately. And so I keep a keen eye out for whether my young leaders are forgoing an opportunity to lead. Their intentions might be right but the action and outcome are wrong. I remind people that they were hired for their point of view: “I want 100 percent of your brain 100 percent of the time, and there is a respectful way to communicate and disagree. Please do not hold back, because I want 100 percent of my investment in you.””

For the compliance practitioner, I found Cole’s insights useful in other areas. Although given in the context of ambitious employees who might want to succeed at Cinnabon, I found them to be useful in compliance as well. “First, I talk about being incredibly coachable, because we all give each other feedback. If you want to move up, you’ve got to get as many inputs as possible to continue to develop. Second, take your development into your own hands and be curious about the entire company. If there’s something you want to learn, go learn it. The structure here is like a start-up. Then I talk about productive achievers and destructive achievers, and that I only promote and support productive achievers. And that’s about mentoring and helping others while you are delivering results.

Germany is the new king of the soccer world. Long live the King, at least until the next World Cup. The lessons that Germany took to heart in the wake of its disaster in Euro 2000 directly led to it hoisting the trophy this year. Conversely, Brazil rested on its considerable laurels and now must live with the ignominy of a 7-1 shellacking, probably for the rest of the country’s collective memory. For a compliance program to be effective it must evolve. As Wahl’s Sports Illustrated article makes clear, lessons can be learned and evolution made from failure. However, as Bryant’s Corner Office article interview of Cole makes clear as well, lessons can be learned from successes as well.

Perhaps that is the final lesson from the 2014 World Cup…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 10, 2014

Mid-Year FCPA Report, Part II

Mid Year ReportToday, I continue my look at what I think were some of the most significant highlights from the first half of 2014 relating to the Foreign Corrupt Practices Act (FCPA). Yesterday, the focus was on corporate and individual enforcement. Today we review a very rare court of appeals decision on whether a state-owned enterprise is covered by the FCPA; yet another surprising result in an opinion release and finally take a look at some real world examples of why the FCPA is such a powerful and positive law for US companies doing business overseas.

Esquenazi Decision on State Owned Enterprises Covered by the FCPA

In what can only be called a judicial decision based on common sense the 11th Circuit Court of Appeals, in an opinion released on May 16, upheld the convictions of Joel Esquenazi and Carlos Rodriguez for violations of the FCPA and certain US anti-money laundering (AML) laws. The two had engaged in a long running bribery scheme with the Haitian telephone company, Telecommunications d’Haiti, S.A.M (Teleco). The pair were convicted and sentenced to lengthy jail terms, Esquenazi receiving 15 years and Rodriguez receiving 7 years. One of their myriad defenses was that a state owned enterprise, such as Telco, was not an instrumentality and thereby not covered under the FCPA.

This opinion was the first time that a Court of Appeals had reviewed the FCPA question of what is an ‘instrumentality’ under the Act. Both defendants had argued that instrumentality could only mean (1) “that only an actual part of the government would qualify as an instrumentality” or (2) the FCPA should be construed to encompass only foreign entities performing ‘core’ governmental functions similar to departments or agencies. The Court rejected both arguments.

The Court constructed a two-prong test to determine if a state owned enterprise is an instrumentality under the FCPA. The first prong is the ‘Control Test’ and the second prong is the ‘Function Test’. Under the Control Test, a compliance practitioner should analyze how much control a foreign government has over a state owned enterprise. The Court suggested questions like: (1) The foreign government’s formal designation of the entity; (2) Whether the government has an interest in the entity; (3) The government’s ability to hire and fire the entity’s principals; (4) The extent to which the entity’s profits, if any, go directly into the governmental fisc; (5) The extent to which the government funds the entity if it fails to break even; and (6) The length of time these indicia have existed. The Court suggested the following for the Function Test: (1) Does the entity have a monopoly over the function it exists to carry out; (2) Does the foreign government subsidize the costs associated with the entity providing the services; (3) Does the entity provide services to the public at large in the foreign Country; and (4) Does the foreign government generally perceive the entity to be performing a governmental function?

I can only say that common sense won out in this decision. The word ‘instrumentality’ must mean something under the FCPA and I believe the Court correctly found that state owned enterprises falls under the rubric of instrumentality under the FCPA.

Opinion Release 14-01

Continuing its run of publishing Opinion Releases where it comes down on the side I had not expected, the DOJ released Opinion Release 14-01. In 14-01, a company wanted to buy-out a now government official from a company he had been a part of before he went into government service. The problem was that his buy-out provision was entered into during the past economic downturn and the value of his buy-out was under water. He wanted to get something for his prior investment. The Relator proposed another formula for his exit compensation and the DOJ agreed it would not be a FCPA violation to do so.

For the compliance practitioner, there are several key points to consider. The first point is found in a footnote detailing the length of time it took to secure the DOJ opinion. This is the first time that I recall seeing a time line laid out in an Opinion Release. This gives a compliance practitioner some idea of the time frames involved in the process. The second is the use of representations and warranties by the parties. In 14-01, the DOJ accepted representations that the foreign official in question would not pass on business in which he either had an interest or help the Relator to ‘obtain or retain’ business with the agency at which the foreign official now worked. This type of evidence is something that a company should now consider when designing protocols to satisfy issues similar to those presented in 14-01. Finally was the quality and quantity of payment(s) to be made to the now foreign official to cash him out and purchase his interest. Here the parties agreed to an independent valuation by an internationally recognized accounting firm. This provides some type of arms-length analysis. It also provides a market based approach to the payment issue so that there is evidence of true (or perhaps truer) market value, not some arbitrary number agreed to by the parties.

The message from 14-01 and last year’s Opinion Release, seems to me, that the DOJ is open to creative arguments about ways to comply with the FCPA. 14-01 also shows that the process can move quickly when the situation warrants it.

The International Effect of the FCPA

In certainly one of the most interesting revelations of the first half of 2014, former US Secretary of Defense, Robert Gates wrote the following in his recently released memoirs, entitled “Duty: A Memoir of a Secretary at War”, in which he said the following, ““In a private meeting, the king [King Abdullah of Saudi Arabia] committed to a $60 billion weapons deal including the purchase of eighty-four F-15’s, the upgrade of seventy-15s already in the Saudi air force, twenty-four Apache helicopters, and seventy-two Blackhawk helicopters. His ministers and generals had pressed him hard to buy either Russian or French fighters, but I think he suspected that was because some of the money would end up in their pockets. He wanted all the Saudi money to go toward military equipment, not into Swiss bank accounts, and thus he wanted to buy from us. The king explicitly told me saw the huge purchase as an investment in a long-term strategic relationship with the United States, linking our militaries for decades to come.”

I would ask you to consider, just how many US interests can be identified in the above quote. I can identify at least five: (1) US security interests; (2) US foreign policy interests; (3) US military interests; (4) US economic interests; and (5) US legal interests as reflected in compliance with the FCPA. For any person or business interest that does not think that the FCPA has a positive aspect, I would commend you to the above Gates quote. His quote, buried at page 395 of a 618-page book, did not even merit an entry in the Index. Yet, I find it to one of the finest, clearest and most concise affirmations of the positive power of the FCPA. Anytime you face criticism of your FCPA compliance program, a senior executive wants to know why you need resources to comply with the FCPA or you hear a business colleague whining about how ‘those people’ do business corruptly, I would suggest that you read to them this quote to show the power of the FCPA in international business.

Tangentially related to this revelation was the work by Scott Killingsworth to lay the legal and theoretical foundations for my real world observation about a business solution to FCPA compliance in his latest article entitled “The Privatization of Compliance”, which he calls this “private-to-private or P2P compliance.” In his introduction he stated, “Embodied in contract clauses and codes of conduct for business partners, these obligations often go beyond mere compliance with law and address the methods by which compliance is assured. They create new compliance obligations and enforcement mechanisms and touch upon the structure, design, priorities, functions and administration of corporate ethics and compliance programs. And these obligations are contagious: increasingly accountable not only for their own compliance but also that of their supply chains, companies must seek corresponding contractual assurances upstream. Compliance is becoming privatized, and privatization is going viral.”

With the long-expected Avon settlement on the horizon and the collapse of the SEC case against the Noble executives, it will be most interesting to see what the second half of the year will bring.

=================================================================================================================================================================================================================================================

On another note, I saw Queen play last night and while I will write about them and their show next week, I can only say that if they are coming to a town near you, run don’t walk to see them. The show was fabulous.

And on a final note, if you are in the mid-west or so inclined to travel their and are interested in the FCPA, I urge you to attend the FCPA Professor‘s initial FCPA Institute, which he is holding in Milwaukee next week. For more information, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 3, 2014

Gettysburg Day 3 – Failure of QA/QC and the Evolution of Your Compliance Program

Rebel ArtilleryToday is the 151st anniversary of Day 3 of the Battle of Gettysburg. Last year I focused on Pickett’s Charge and lessons that a compliance practitioner might draw from it. This year I want to look at the Confederate artillery bombardment, which preceded Pickett’s doomed attack. It was the largest of the Civil War with up to 170 Confederate guns opening fire on the Union center and approximately 80 Federal guns opening up to return fire. If you have seen the movie Gettysburg, you will remember the awesome cannonades and the young Confederate Artillery General Porter Alexander reporting to General Lee. At the time, it was reported that the barrage was so loud it could be heard as far away as Philadelphia and Baltimore.

The artillery barrage lasted just over one hour. The Confederate guns inflicted some damage on the Union batteries, but they largely overshot their targets. It was believed at the time that the reason the Confederate bombardment was ineffective was that Confederate artillerymen tended to aim high and missed their marks due to poor visibility from all the smoke on the battlefield.

However, a commentator named Captain Thorton, posting online in the American Civil War message board, had the following comments, “A week after the battle, Lt James Dinwiddie working for the Ordnance Dept. conducted tests on the various fuses supplied from around the Confederacy at the Richmond Laboratories. His findings showed that while those fuses manufactured in Charleston and Selma were made of exceptional quality, the rate of burn for those fuses was markedly less. In his findings compared with those fuses as previously supplied to the ANV from the Richmond arsenals it was found the fuses from Charleston and Selma burned at a rate of one second longer for the same length of fuse. The result of course was that those fuses in shells intended to explode over the Federal position at Gettysburg ranged anywhere from 150 to 200 yrds further to the rear before exploding. A 4 inch fuse would burn at the rate as one cut to 5 inches”. In other words, it was the quality in the supply chain, aka QA/QC.

I thought about this problem of quality and how it might relate to the compliance practitioner when I read a recent  article in the MIT Sloan Review of Management, entitled “What to Expect from a Corporate Lean Program”, by Torbjørn Netland and Karsa Ferdows. The focus of their articles was around ‘lean’ programs in the manufacturing sector and how “misplaced expectations of how quickly these programs can improve performance can make their implementation more difficult.” The key findings the authors made were threefold: (1) Management should set appropriate targets to move the process along; (2) There is a positive relationship between company or plant maturity in system implementation and its performance; and (3) Plants need to engage in continual assessment in where they are in the process.

Using the article as a basis for a Chief Compliance Officer (CCO) or compliance practitioner, the effectiveness of a compliance system depends on two variables: (1) how widely the compliance system has been implemented in a company, and (2) how thoroughly the company follows its prescriptions. A typical production system has many modules. Typically, at the beginning of an implementation, only a few modules are launched, throughout the company. However as compliance implementation is expanded to other the areas the initial implementation continues to receive upgrades and enhancements. The combination of these two variables — how widely and how thoroughly the compliance system is implemented — reflects a company’s “maturity” in the implementation.

The authors believe this leads to competing arguments for how “maturity in an implementation should affect its performance. On the one hand, if a lean program is a journey of incremental but continuous improvement, we should expect to see a linear relationship between implementation and effect on performance. On the other hand, the “low-hanging fruits” argument suggests that as a plant becomes more mature in an implementation, there would be fewer simple and quick improvements. Therefore, the rate of performance improvement would slow down.”

From this the authors derive four stages of performance improvement, which I believe adapt directly for the CCO or compliance practitioner and in demonstrating how the roles evolve during the life-cycle of a compliance program implementation. 

Stage I – Beginner Compliance Programs

Step One can always be the most difficult but can lead to the greatest results. The difficulty is in bringing in something that people consider new. If you are initially implementing a compliance program there may be some initial resistance to new programs or requirements. But it also provides the greatest opportunity for growth in your compliance regime. So you should expect a low but gradual rate of improvement in the implementation of your compliance regime. As CCO or compliance practitioner you should expect to hold extensive meetings with both the key stakeholders in the business units, senior management and those employees deemed high risk under any anti-corruption regime such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. There should be a dedicated compliance team to drive and coach the program implementation going forward. The budget should set small, measurable targets for improvement and the metrics should be closely followed.

Stage II – In Transition Compliance Programs

When you start to look for ways to improve compliance you inevitably find many low-hanging fruits and simple projects with quick returns. They not only improve the performance of the unit but also convince those directly involved of the value of a production system. Here you can expect to seen improvements in your compliance regime at a high and increasing growth rate. Your role as the compliance practitioner should be threefold. First to set stretch targets and have an expected accelerated rate of improvement. Second, to publicize your compliance program successes throughout the organization. Finally, the authors suggest the need to be ever vigilant for complacency.

Stage III – Advanced Compliance Programs

Companies with advanced compliance programs generally have accumulated both knowledge or and experience with the compliance program. In such companies, the authors predict that there will still be a high rate of improvement but it will be a decreasing rate of growth. However, the low hanging fruit of easy compliance implementation and successes will have been achieved and as the CCO or compliance practitioner in charge you will need to continue to set stretch targets but you may well be faced with a decelerating rate of improvement throughout your organization. You may well need to move your budget to areas for continuous improvement projects such as transaction, third party or relationship monitoring. However, this may be tempered by the fact that you can move more of the ‘doing’ of compliance down into the business units as your program matures.

Stage IV – Gold Standard Compliance Programs

When your compliance program moves to one of the top in your industry it will be time to “move beyond the frontiers of your industry.” As the CCO or compliance practitioner, you can expect to see low rates of improvement and decreasing rates of growth in your overall compliance program improvement. However this does mean you can simply sit around on your hands, as staying at this level is not easy. One thing that will assist you is that there will be a larger pool of compliance talent for you to draw from throughout your organization to help you move to a continuous monitoring model of compliance. By this stage you should have good working relationships with most of the other support functions in your organization which will allow you to leverage upon their specific disciplines for your compliance initiatives going forward.

The authors end their article with something that is often said but bears repeating, that senior management must be committed to the implementation and you must establish a reliable process for measuring the gains you make and the maturity you have achieved. Moreover, the assessment process can be an effective mechanism to transfer best compliance practices and expertise across your organization.

In the aftermath of the Confederate failure at Gettysburg, testing was done on the fuses for Southern artillery shells. This testing showed the reason why the Confederate caissons had been largely ineffective on Day 3 of the battle. However, as your compliance program evolves, your role may well need to change in reference to it. Certainly the roles compliance teams and those in the company business units who assist in the compliance effort will need to be assessed and reviewed as your compliance program matures.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 1, 2014

Gettysburg Day 1 – Stepping Back to See the Whole Picture

Shoes at GettysburgLast year I did a three-day series on the Battle of Gettysburg and looked at some lessons that are applicable to a modern day compliance practitioner. As not only did I learn quite a bit about the battle, it seemed to strike a cord with many readers so this year I will continue the tradition. Today I look at Day 1 of this seminal battle of the Civil War.

One of the enduring myths about the battle is that it started over shoes. In the Encyclopedia Virginia, in an entry entitled “Shoes at Gettysburg”, it states, “One of the most persistent legends surrounding battle is that it was fought over shoes… Ten weeks after the battle, Confederate general Henry Heath a Virginian whose troops were the first to engage on July 1, filed a now-famous report in which he explained why he had sent a portion of his division into the small Pennsylvania town. “On the morning of June 30,” Heath wrote, “I ordered Brigadier General [Johnston] Pettigrew to take his brigade to Gettysburg, search the town for army supplies (shoes especially), and return the same day.” That parenthetical phrase “shoes especially” has taken on a life of its own over the years. A 1997 newsletter of the American Podiatric Medical Association is typical — it claimed, perhaps due to its interest in foot health, that footwear was the battle’s causa belli, adding, “There was a warehouse full of boots and shoes in the town.”

Historians have debated this issue ever since. There is no doubt that General Heath “stumbled into this fight” but over some shoes, as he was under orders from General Lee not to enter into a general engagement with Union troops. In the same Encyclopedia Virginia it ends with the following “The Battle of Gettysburg readily lends itself to being read as a three-act tragedy, dominated, as many have argued, by Lee’s hubris. (“The fundamental fault that disfigured his conduct of the campaign,” historian Brian Holden Reid has written, “was that Lee was overly confident and expected too much of his marvelous troops.”) That it started by accident, over something so “pedestrian” as shoes, is too perfect for writers to ignore.”

Whether the battle started over shoes or not, the Confederate Army did ‘stumble into a fight’. I thought about such randomness in the context of a Chief Compliance Officer (CCO) when I read a couple of recent articles in the Corner Officer section of the New York Times (NYT). In the first article, Adam Bryant interviewed Sabine Heller, the Chief Executive Officer (CEO) of A Small World, in an article entitled “Can You See the Whole Picture?” One of the points that Heller raised was that, at times, you need to step back to look at the bigger picture. She provided the following example, “You have to manage people based on results and set clear goals. It sounds like a simple thing, but people don’t do that often. When I was 22 and working at UGO, it didn’t matter that I had no experience and it didn’t matter what my process was as long as I hit my goal. It taught me how empowering it is to be treated like that. I am a great manager for people who are strong thinkers and motivated. I empower people. I promote people. I give them a lot of leeway. At the end of the day, I look at results, and that’s it. I feel very strongly that organizations infantilize employees. You should treat them like adults.”

In another Corner Office article, entitled “Joanne Rohde, on Knowing When to Get In, and to Get Out”, Bryant interviewed Joanne Rohde, CEO of Axial Exchange. Some of her thoughts on leadership would certainly apply to Confederate General Lee at Gettysburg. She talked about stepping back, breathing and re-assessing the situation. Bryant quoted her for the following, “I remember a day when the markets went crazy, and all of us were losing money because the volatility was going against us. The guy I worked for said, “You all need to get out of your positions.” We tried to explain to him that this was a temporary thing. He said: “No. You have to get out. A couple of days later, he said something that has really been an important life lesson: “If you get out, you can get in exactly the same way the next day, but you have a clear head.” It was such good advice, and so few people follow it. And it’s really important for both entrepreneurship and leadership — you’ve got to get in and take risks, but you also have to get out, reassess and modify. That, in my opinion, is how you get ahead. You may have a vision of where you’re headed, but it is never a straight line. You take a step and you reassess. That gives you courage.”

The key is that you step back and take another look, perhaps even put a second set of eyes on the issue. In the business world there is nothing that requires immediate assessment and a decision for a compliance practitioner. If there is, it is because there has not been any communication to the compliance function during the months and months of work by the business unit working on a deal. Any company that has that type of culture means the CCO has not developed relationships with the business unit personnel to foster adequate communication. If the China business unit head has never met the CCO, it is certainly time for the CCO to go to China, put on some training and introduce him or herself to Regional Manager (RM).

Both of the articles also had some very relevant points regarding the hiring function and compliance. Heller said that one thing she detests from a candidate is canned responses in the interview process. She wants people who “understand the larger space of the industry we’re in.” But I found her further comments considerably insightful. She said that “And I want to know if that person has been able to come up with an idea, build consensus for that idea and follow it through. I want to see if they are a leader in one way or another, because building consensus for something is very important in the world of business. You need someone who can manage laterally and who can get people on board with their ideas. So I always ask for a time in someone’s career when they have come up with an idea and were able to get people on board, and then executed the idea.”

Rohde had another approach to hiring and interviews which I found discerning. It involved preparing for an interview and how that preparation could lead to persons understanding the compliance function. She said, “The first thing I want to know is, “Why are you here?” Smart people can get lots of job interviews. So I want to know that there’s something unique about our opportunity. There are two reasons I do that. You quickly sort out people who haven’t even done their homework. I remember one person had not even looked at our website. He was mad that I didn’t hire him, but he didn’t even know what we did.

In a small company like ours — 14 employees — you have to be passionate about what we’re doing. Everybody who’s really done well at our company has had a passion for health care and, sadly, often has had a bad experience in the health care system with a family member and wants to change it. So, I’m really looking for that.”

But her next comments spoke to some of the leadership lessons from Gettysburg – Day 1. She was quoted as saying, “I also ask for examples of when you’ve chased a dream, whether you made it or not. Was there something you went for? If it worked, great, but if it didn’t work, how did you retrench? So I’m really trying to learn if the person has that ability or interest to do something that’s not there.” Imagine what might have happened if the Confederate Army had not gone looking for those shoes or General Heath had obeyed Lee’s orders and had not ‘stumbled into a fight’.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 30, 2014

In Due Diligence and World Cup Bids: Follow the Money

Follow the MoneyFor those watching the 2104 World Cup, this year’s tournament has certainly been spectacular, from the US reaching the round of 16, the incredible goals scored by Robbie Van Persie and Tim Cahill, to yesterday’s heartbreak for Mexico, who led until the 88th minute, only to be tied and then loose in stoppage time to the Netherlands, this year’s event has been one for the ages. However one very large shadow hangs over the sport’s governing body, Fédération Internationale de Football Association (Fifa) and allegations of corruption in its award of the 2022 World Cup to Qatar.

There were reports as far back as 2011 that Mohamed bin Hammam, offered bribes to members of the Caribbean Football Union (CFU) at a meeting organized by the Fifa vice-president, Jack Warner. As reported by The Guardian, in a 2011 article, entitled “Fifa in crisis after claims against Jack Warner and Mohamed bin Hammam”, Owen Gibson reported, “nine of Fifa’s 24 executive committee members have been accused of corruption in recent months.” But these 2011 reports have paled in comparison to the reports detailed in the past few months regarding allegations of corruptions concerning the award of the 2022 tournament to Qatar.

Earlier this month, The Sunday Times rocked the sporting world with its article “Plot to Buy the World Cup” by Jonathan Calvert and Heidi Blake. In the article, they reported that a number of football officials took £3m in return for support of the Qatari bid. The BBC, in an article entitled “Qatar World Cup 2022: Investigator nears probe conclusion”, said “The Sunday Times claims to have obtained secret documents that implicate the former AFC president in corrupting members of football’s governing body to win the right to stage the 2022 World Cup. The newspaper alleges the documents, seen by BBC sports editor David Bond, show that Qatari Bin Hammam, 65, was lobbying on his country’s behalf at least a year before the decision to award the country hosting rights. They also allegedly show he had made payments into accounts controlled by the presidents of 30 African football associations and accounts controlled by Trinidadian Jack Warner, a former vice-president of Fifa.”

This initial account has been supplemented by additional reports detailing these allegations. In another article in The Guardian, entitled “Mohamed bin Hammam accused of payments to help Qatar World Cup bid”, Agence France-Presse wrote that “Bin Hammam also paid $1.6m into bank accounts controlled by the Trinidadian Jack Warner, also a former vice-president of Fifa, $450,000 of which was before the vote for the World Cup”, citing the report in The Sunday Times. Both Qatar and bin Hammam have denied any improprieties in the award of the bid to Qatar.

But there were more reports of payments to those voting on the Qatar bid beyond Jack Warner. In a June 16th report in the online publication, República, entitled “ANFA chief admits receiving money from Hammam” it reported that Nepal Football Association (ANFA) President Ganesh Thapa had been promised $800,000 from bin Hammam and had been paid $115,000. It also reported that Thapa’s son received $100,000 from bin Hamman. Thapa was quoted as saying that the money was for a business deal, “It is right that I received $115,000 but it was in connection with the business I have partnered with Hammam.”

There have been other issues raised regarding Qatar’s bid to host the World Cup. One is its treatment of the workers who are building the stadiums for the event and the appalling conditions that the workers building the stadiums to host the event are facing. In an article in the online magazine Slate, entitled “The Qatar World Cup Is a Human Rights Catastrophe. It’s Time to Do Something About It” Jeremy Stahl reported that the Nepali embassy has said 400 citizens of its country had died during construction in Qatar and India has reported that 500 of its citizens have died. The article quoted Sharan Burrow, the general secretary of the International Trade Union Confederation (ITUC), who said in an ESPN documentary “that at current rates, 4,000 people will die to make the 2022 World Cup a reality.” The ITUC itself had reported in March that there had been 1200 deaths in the construction of the facilities for the World Cup.

Another significant issue is the heat. Qatar can reach between 40-50C during the summer months, and for those of you who don’t read Celsius temperatures that translates to between 104 to 122 degrees Fahrenheit. I have been in such temperatures and I can assure you that is hot weather. However, although Fifa awarded the 2022 World Cup tournament to Qatar back in 2011, it has only now become aware of the fact that there is hot weather in the summer months in Qatar. If you have watched any games in this year’s tournament, you have seen European players wilt in 80+ degree, which for a Texan is rather pleasant. But no matter how much conditioned air you can pump into a stadium in Qatar, the fact is that it will be 120+ outside.

Even if the stadiums are air conditioned, how are you going to walk to them in that heat? To say that Fifa was unaware that it gets hot in the summer in Qatar seems disingenuous at best. As reported by Roger Blitz, in a Financial Times (FT) article entitled “Fifa faces quandary over World Cup in Qatar”, Sepp Blatter, Fifa President, has gone on record to say that awarding the 2022 World Cup to Qatar was “a mistake”.

But as my friend Mike Brown might say that when you are performing due diligence, ‘follow the money’. This is not only important in thinking about allegations of corruption in the award of the bid to Qatar but also in the overall context of Fifa and the World Cup. It has been estimated that over one-tenth of the world’s population is watching this year’s World Cup. In the US alone, the interest is so high its game against Portugal had more viewers than Game 5 (the final game) of the recent NBA championship. This could well lead to billions for the television rights in 2022 alone. That means that advertisers and sponsors will be paying a pretty penny to be associated with World Cup 2022. Do you think some of the current sponsors, such as Adidas, Coca-Cola, Sony or Visa will want to be associated with such allegations of corruption or deaths of workers from such appalling working conditions?

There is a chorus growing to move the 2022 World Cup from Qatar to another country. Speaking with its usual grownup voice, the FT editorial board has called for a re-vote on the location of the 2022 World Cup tournament venue, in an article entitled “Blow the whistle on Fifa, please”, they said, “The case for rerunning the bid for the 2022 competition looks unassailable. Final judgment should await a pending report into the Qatar bid by Fifa’s top internal investigator. But a string of controversies – among them the health concerns over staging the competition in Qatar’s furnace-like climate – means a new venue is now needed.” But more than simply re-voting on the 2022 bid, the FT said, “Western governments and lawmakers should therefore bring their influence to bear. The US Congress could consider holding hearings to examine the relations between American multinationals and Fifa. US companies have to abide by stringent anti-corruption laws. Congress would be right to examine the implications of US companies doing business with a major international body that has such weak governance. Such public hearings might make corporate sponsors reconsider their stance.”

What are the lesson for the compliance practitioner? Sometimes you need to step back and look at the big overall picture. If a deal has come into your company that is particularly high reward, it generally means that it was high risk. You may want to do a more in-depth look at all aspects of the deal, from the business partners involved, to your internal gifts, travel and entertainment for your employees involved in securing the contract. Putting a second or even third set of eyes on something might well protect your company if something does not seem right, feel right or look right.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 23, 2014

An Event That Changed the World and Fostering Compliance Leadership – Part I

Archduke Ferdinand AssassinationThis coming Saturday, June 28th, is the 100th anniversary of most probably the single most momentous event of the 20th century; the assassination of Archduke Ferdinand and his wife Sophie in Sarajevo, then located in the Austro-Hungarian Empire. I view it as the singular event of the prior century because it led directly to the following events: the First World War, the Second World War, the Russian Revolution, the fall of the Hapsburg, Romanov and Prussian monarchies, the Cold War and a host of other events. One can point to 1963 in Dallas and 9/11 as direct descendants of the actions of the Sarajevo assassins.

One of the best articles I have ever read on the assassination was in the March 22nd edition of the Financial Times (FT) in a piece by Simon Kuper, entitled ‘The crossroads of history”. Kuper returned to modern day Sarajevo “to try and understand his act in its local context – the context both of 1914 and 2104.” I think that Kuper did come to some understanding through his reporting, which I found to be first rate. The attack on the Archduke itself came about through a plethora of mis-steps, foolish decisions and idiotic mistakes that rival any modern day industrial catastrophe. Kuper quoted the author Rebecca West for the following, “Nobody worked to ensure the murder on either side as the people who were murdered.” As this assassination started Europe down a road that led to well over 20 million deaths, it is an appropriate start to many more posts I will have during the centenary of 1914.

Just as Gavrilo Princip changed the course of history, I recently read an article in the May edition of the Harvard Business Review (HBR) which I think could significantly modify how you, as a Chief Compliance Officer (CCO) or compliance practitioner, will think about getting employees to “apply their talent and energy to move organizations forward” in compliance and ethics. The article is entitled “Blue Ocean Leadership”. In this two-part series I will explain the authors view of the problem that “According to Gallup’s 2013 State of the American Workplace report, 50% of employees merely put their time in, while the remaining 20% act out their discontent in counterproductive ways, negatively influencing their coworkers, missing days on the job, and driving customers away through poor service. Gallup estimates that the 20% group alone costs the U.S. economy around half a trillion dollars each year.” The authors believe that “poor leadership is a key cause” of this problem. The authors posit that leadership is a “service that people in an organization “buy” or “don’t buy” and when employees come to value you as a leader, they “in effect buy your leadership.”

Today I will focus on how ‘Blue Ocean Leadership’ differs from conventional leadership and tomorrow I will review strategies of how to execute this type of leadership and explore its implications for the CCO or compliance practitioner.

Key Differences from Conventional Leadership Approaches

The authors point to three key differences between ‘Blue Ocean Leadership’ and traditional leadership approaches.

The first key difference is that ‘Blue Ocean Leadership’ “focuses on what acts and activities leaders need to undertake to boost their teams’ motivation and business results, not on who leaders need to be. This difference in emphasis is important. It is markedly easier to change people’s acts and activities than their values, qualities, and behavioral traits. Of course, altering a leader’s activities is not a complete solution, and having the right values, qualities, and behavioral traits matters. But activities are something that any individual can change, given the right feedback and guidance.”

The second under ‘Blue Ocean Leadership’ is to “connect closely to market realities”. This is accomplished by having “the people who face market realities are asked for their direct input on how their leaders hold them back and what those leaders could do to help them best serve customers and other key stakeholders. And when people are engaged in defining the leadership practices that will enable them to thrive, and those practices are connected to the market realities against which they need to perform, they’re highly motivated to create the best possible profile for leaders and to make the new solutions work.” This allows not only employee buy-in both also quicker and more efficient engagement of the implementation of a leaders program.

The third key difference is that ‘Blue Ocean Leadership’ distributes leadership across all levels of management. The authors quoted one senior executive who said, “The truth is that we, the top management, are not in the field to fully appreciate the middle and frontline actions. We need effective leaders at every level to maximize corporate performance.” However ‘Blue Ocean Leadership’ is more robustly “designed to be applied across the three distinct management levels: top, middle, and frontline. It calls for profiles for leaders that are tailored to the very different tasks, degrees of power, and environments you find at each level. Extending leadership capabilities deep into the front line unleashes the latent talent and drive of a critical mass of employees, and creating strong distributed leadership significantly enhances performance across the organization.”

The Four Steps of Blue Ocean Leadership

Most importantly the authors believe that you have to see your leadership for what it is and not what you wish it to be. If you do not have a “common understanding of where leadership stands and is falling short, a forceful case for change cannot be made.” The authors created a template that they called “Leadership Canvases” which are visual representations to show what leaders actually do, rather than what they think they do. The authors’ research showed that 20% to 40% of all actions taken by managers are of little value to the organization. This led to the “biggest “aha” for the subteams was that senior managers appeared to have scarcely any time to do the real job of top management—thinking, probing, identifying opportunities on the horizon, and gearing up the organization to capitalize on them.”

Based upon this initial finding, the authors began to explore alternative leadership profiles. Here you are required “to think beyond the bounds of the company and focus on effective leadership acts they’ve observed outside the organization, in particular those that could have a strong impact if adopted by internal leaders at their level. Here fresh ideas emerge about what leaders could be doing but aren’t. This is not, however, about benchmarking against corporate icons; employees’ personal experiences are more likely to produce insights. Most of us have come across people in our lives who have had a disproportionately positive influence on us. It might be a sports coach, a schoolteacher, a scoutmaster, a grandparent, or a former boss. Whoever those role models are, it’s important to get interviewees to detail which acts and activities they believe would add real value for them if undertaken by their current leaders.”

The next step begins to take what I call some real corporate courage. It requires that middle and frontline managers critique what senior management has come up with in step 2, developing alternative leadership profiles. Some of the more interesting changes were ‘Cut through the Crap’ in which “frontline leaders did not defer the vast majority of customer queries to middle management and spent less time jumping through procedural hoops. Their time was directed to training frontline personnel to deliver on company promises on the spot” and to resolve problems. Another was ‘Liberate, Coach and Empower’ where leaders “time and attention shifted from controlling to supporting employees.” Finally, there was ‘Delegate and Chart the Company’s Future’ where the front and middle line managers had more responsibility so “senior managers would be freed up to devote a significant portion of their time to thinking about the big picture—the changes in the industry and their implications for strategy and the organization. They would spend less time putting out fires.”

Blue Ocean Leadership’ challenges companies to allow its employees to “think about which acts and activities leaders should do less of because they hold people back, and which activities they should do more of because they inspire people to give their all.” Just as you begin to think through the changes wrought by one action in a small town, very long ago, which changed the 20th Century forever, you may wish to use these concepts to think about how your leadership can be made more effective.

In tomorrow’s post I will look at how the authors believe you can execute a ‘Blue Ocean Leadership’ change in your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 16, 2014

The Magna Carta and Scrutiny of Your Compliance Program

Magna CartaYesterday, June 15 was Father’s Day so for all us fathers out there, it was our day and I hope that you enjoyed and cherished it. It was also the anniversary of what I believe was one of the greatest achievements in Anglo jurisprudence, the signing of the Magna Carta, by King John and the Barons who opposed his tyranny. In 1215, the barons rose up in rebellion against the King’s abuse of feudal law and custom. The legal document drafted up for King John, required him to make specific guarantees of the rights and privileges of his barons and the freedom of the church.

On June 15, 1215, King John met the Barons at Runnymede on the Thames and set his seal to the Articles of the Barons, which after minor revision was formally issued as the Magna Carta. I have visited the field at Runnymeade where the Magna Carta was signed. Next year will be the 1100th anniversary of the signing of this document. For me, the Magna Carta is symbol of the sovereignty of the rule of law over the King. Its grant was of fundamental importance to the constitutional development of England and to the rest of the common law world such as the United States.

I thought about how King John was forced to sign the Magna Carta, clearly against his will, when I read an article in the May issue of the Harvard Business Review (HBR), entitled “How to Outsmart Activist Investors”, by Bill George and Jay W. Lorsch. While the article focuses on steps a company can take before an activist shareholder buys into a company and demands changes, I thought the process of preparation that the authors listed as something that a Chief Compliance Officer (CCO) should consider in his or her company’s compliance program.

The authors lay out the problem faced by company’s as follows, “Their game is simple: They buy stocks they view as undervalued and pressure management to do things they believe will raise the value, such as giving more cash back to shareholders or shedding divisions that they think are driving down the stock price. With increasing frequency they get deeply involved in governance—demanding board seats, replacing CEOs, and advocating specific business strategies.” They proposed a six-step process that allows a company to be ready for such an attack. However, I saw these six-steps as delineations a CCO could institute which would prepare a compliance program for a wide range of reviews, including audits, reviews by government regulators, queries by Board members or other high ranking company officials who may want to know more about a compliance program on a quick basis. So I have adapted the authors’ six steps to advise the CCO on how to be ready for such an event or perhaps a myriad of others.

Have a Clear Strategic Focus and Stick to It

In their article, the authors pointed to PepsiCo’s move to it’s “Performance with Purpose, a strategy targeting three growth areas: (1) “good for you” products, including Quaker Oats and Gatorade; (2) product innovations; and (3) emerging markets. Part of the idea was to fund the substantial investments—including acquisitions—required to build these categories with the cash flow from PepsiCo’s core business. PepsiCo did precisely that, acquiring a number of food and beverage companies in emerging economies such as Brazil, India, Russia, and Ukraine.” For the compliance practitioner, I think it means you need to stick to your guns and move your program forward. It does not mean that you will not hit road bumps along the way but if you have something like Stephen Martin’s suggestion for a 1 – 3 – 5 year program in writing and are following it, you can reject calls for major mid-course changes. 

Analyze Your Business as an Activist Would

In their article, the authors said, “CEOs need to ensure that their boards understand the tactics of activist investors and have a game plan for responding. That means analyzing both how the activists might try to increase short-term shareholder value—through spin-offs and divestitures or financial engineering such as stock buybacks and increased debt—and the company’s possible vulnerabilities in strategy and capital structure. Specific examples from other companies can help.” For the compliance practitioner, I believe this means you need to keep abreast of the most current information available on the Foreign Corrupt Practices Act (FCPA) or other types of anti-corruption compliance. While the 2012 FCPA Guidance still provides some of the best articulation of what the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) believe constitute an effective compliance program, you should still monitor enforcement actions and other information. So if your company is in the tech space, the March HP enforcement action is something you should review to determine if any of HP’s compliance failures might have implications for your company.

Have Your External Advisers Lined Up in Advance and Familiar with Your Company

The authors believe that to fight such proxy challenges “both management and the board must have external advisers whose guidance they can rely on.” However, for the compliance practitioner, it means that you have taken steps to assess and verify the efficacy of your compliance program. Certainly you can benchmark your program against others in your industry but also having third parties assess, benchmark and verify your compliance program can be an excellent way to show where your program stands if someone comes looking at it.

Build Board Chemistry

Obviously when fighting an activist investor, Board cohesion is paramount. The authors note, “Activist investors are often out to divide a target company’s board. To address the issues they raise in an objective and constructive manner, directors need the unity that comes from years of building board chemistry. That chemistry is enhanced through repeated engagement on important issues, weathering crises together, and candid dialogue with the CEO. The latter requires a high degree of transparency from the CEO and a willingness to share even the most sensitive information involved in decision making. To cope with an activist’s challenges, directors must be fully committed to the company and its long-term objectives.” But the same is true for a CCO. Having Board support is imperative to any long-term success for a compliance program. It is up to you to develop the relationships and provide timely information so that there are no surprises, or as few surprises as possible, in the area of compliance.

Perform in the Short Run Against Declared Goals

Just as “the best defense against an activist investor is consistent performance that realizes the company’s stated goals; anything else makes the company vulnerable”, I believe that a compliance program should also measure itself against stated goals. The FCPA Guidance makes clear that a compliance program begins with a risk assessment. The reason is not only to use the risk assessment to determine where your compliance program might stand but also to create a road map for future enhancements. It is also important to set realistic expectations. Overly ambitious compliance goals, which ultimately fall short can trip up a CCO and make a program vulnerable to criticisms.

Don’t Dismiss Activist Ideas Out of Hand

The authors note “Most activist investors are smart, motivated people who often notice things that boards and managers overlook. It is generally worth listening to their recommendations and implementing the ones that make sense.” For the CCO or compliance practitioner, I have long advocated listening to the business units to help see what works and what does not work. This does not mean a compliance program can only be followed when feasible, but it may require compliance program flexibility to allow it to not only measure and assess risk but to adequately manage compliance risk.

Doing What’s Best for All Your Shareholders

The authors believe “One of a board’s most important roles is to ensure that the company stays true to the mission and values that have made it successful. In recent years several activist fund managers with no industry experience have come to corporations with proposals for radical, unproven course changes. Sometimes major changes are needed, but companies that allow outside activists to implement them without full and careful consideration risk losing the commitment and engagement of their employees and customers.” Similarly, a CCO or compliance professional needs “to work to ensure the long-term viability of the company’s [compliance] mission and strategy.”

Whether you are a lawyer or not, I believe that the Magna Carta is one of the most significant legal documents in the history of Anglo jurisprudence. Even if King John signed it at the point of a knife to his throat, or not, it became one of the foundation documents for English and, later, American law. But another lesson one may draw from it was that King John was not prepared when his Barons revolted against him. The HBR article provides a clear path for the compliance practitioner to follow to prepare for excess, outside, unwanted or other scrutiny.

===============================================================================================================================================================================================================================================

M&AM&A UNDER THE FCPA

If you are interested in learning about mergers and acquisitions under the FCPA I am involved in to upcoming events designed to give you the most up-to-date advice on this area of compliance. Both events are sponsored by The Network. The first event is a webinar entitled appropriately enough, “Mergers and Acquisitions Under the FCPA” and is scheduled for  Tuesday, June 17th, 2014 TIME: 2:00 pm EDT. For registration and additional information click here. On Tuesday, June 24th the always popular Tom Fox/Stephen Martin roadshow travels to Denver where I will speak live on Merger and Acquisitions Under the FCPA and Stephen will talk about risk assessments under the FCPA. For information on the Denver event, click here

WORLD CUP REVIEW

World Cup 2014I am putting on a four part podcast series on the World Cup, detailing issues of bribery and corruption, together with an ongoing discussion of Team USA and this year’s tournament. I am joined by Mike Brown, the Managing Director of Infortal. You can check out Part I by clicking here of the series where we discuss bribery of referees in the lead up to the 2010 World Cup held in South Africa and FIFA’s response. Mike and I then review Team USA and it’s draw in Group G-the Group of Death. I hope that you will check out this series and enjoy it as much as Mike and I enjoy recording the episodes. Also remember, my podcast, the FCPA Compliance and Ethics Report is available for download at no charge on iTunes so you can listen to Part I on your commute to work. So sign up for the podcast from WordPress or iTunes and enjoy our series.

==============================================================================================================================================================================================================================================

 

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2014

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,540 other followers