FCPA Compliance and Ethics Blog

December 12, 2014

Seamus Heaney and Compliance With a Seat at the Table

Seamus Heaney and beowulfI have long been fascinated with the Irish poet Seamus Heaney. I came to know him thought his 1999 translation of Beowulf. While I was aware that he had been awarded the 1995 Nobel Prize for Literature, I did not know his work as an Irish poet. However, this was rectified in a piece in the Times Literary Supplement (TLS), entitled “A stay against confusion – Seamus Heaney and the Ireland of his time”, by Roy Foster. In this piece he reviewed the evolution of Heaney’s poetry through the 1960s and 1990s. Foster believed that Heaney’s work in many ways mimicked the growth that “Irish intellectual as well as social and economic life”. Heaney began as a ‘nuts and bolts’ type of poet and moved to become a Yeatsian figure as the national poet of Ireland.

I thought about that growth and Foster’s article when I considered the question of what happens if you seek for something and then actually get it? For instance, you may have wanted a seat at the C-Suite table as a Chief Compliance Officer (CCO) and now you have one. What happens now, for instance in the situation where you find out that your company has decided to enter a new overseas market with a new product offering? The Chief Executive Officer (CEO) who championed you coming onboard with the big boys (or perhaps big girls) team looks down and says, “We need an analysis from the compliance perspective by the end of the week?” Where do you begin?

Obviously there are some preconditions for success such as your company should have a product that you can make and sell overseas for a profit. Further, you should have the time, money and sophistication to develop an international distribution network and you have the home office infrastructure to support a truly international business. Finally, you should have a senior management with at least an appreciation of compliance challenges in the target, with the personnel, technological solutions and internal training to address and meet these challenges. As you begin to think through this assignment you fall back on the four basic questions of (1) Who will we sell to? (2) What are we going to sell? (3) Where will we sell? (4) How will we sell?

Who will we sell to?

For any anti-corruption analysis you need to begin here as the Foreign Corrupt Practices Act (FCPA) applies to commercial relationships with foreign governments or instrumentalities such as state owned enterprises. Will your end using-direct customers be foreign governments or privately owned companies? What if your customers are distributors or other middlemen who will then sell to foreign governments or state owned enterprises? What about licenses; will you need special permits to sell to a foreign government or state owned enterprise or will you need some type of basic permit simply to transact business? If your company is subject to the UK Bribery Act this public/private distinction does not exist.

What are we going to sell?

What is the product or service you wish to take internationally? I will assume your company has done the market studies to ascertain it is a viable commercial concept. If it a product, is it a complete or partial product? Will you manufacture here in the US and only sell internationally or will you manufacture abroad as well? If it is here in the US, what about spare parts and accessories, will you need to obtain any licenses overseas? What about your technology, will that component require any licenses? If you will manufacture outside the corporate offices in the US, how will you assure quality in your supply chain? Conversely, if you manufacture in the US, do your supplier agreements allow you to resell outside the US?

Where will we sell? 

This question may seem more important for export control issues; however it is also important in the anti-corruption world. Obviously this is because certain geographic areas are more prone to corruption than others. A starting place might be the Transparency International-Corruption Perception Index but you can also use tools such as the recently released TRACE Matrix which provides a much broader assessment of corruption indices and give you additional insight into a fuller panoply of corruption risks in a country. In addition to the basic corruption analysis you need to ascertain whether you can even sell your products in a new country, either because of US export regulations or the end using jurisdictions laws. You should also focus on the business culture of a country and whether it is compatible in doing business in compliance with relevant anti-corruption legislation. This will also help you in your search to find any local business partners. 

How are you going to sell?

This is one of the most important questions you can ask under a FCPA analysis. It is because well over 90% of all FCPA enforcement actions involve third parties. If this is your first international sales effort, your company probably does not have an international based employee sales force. This means you will most probably need in-country partners for your target markets. Some of the most basic sales arrangements for third parties are as follows:

  1. Agent/Sales Representative – This person or entity is an independent third party from the company. Compensation is usually commission based or combined with a periodic fee plus commission. It is generally viewed as the highest risk from the anti-corruption perspective but you will have a direct relationship with the end-using customer.
  2. Distributor/Retailer – This person or entity is an independent third party from the company. Your company will sell to the distributor/retailer who then resells your product. You will have less visibility into the end user and hence a greater export control risk. Consignment is a variation on this model but if you are warehousing you will need to be aware of other US rules such as revenue recognition under US GAAP or local, indigenous rules on storage and warehousing.
  3. Consultant – This is also an independent third party who is paid a periodic fee. The fee can be more easily assessed for an hourly or service based rather than simply a commission based fee structure.

There are some other sales arrangements that you may whish to consider. You can acquire a local business and run it as your own company. Of course if you do so, you may buy all of these liabilities, both known and unknown. You can joint venture with another local company. Here you may have the dual problems of less actual control yet the same amount of potential exposure, particularly under the FCPA if you fail to perform the requisite pre-acquisition due diligence and allow any illegal conduct to continue going forward. You can issue a manufacturing license to an in-country manufacturer and allow them to make and then sell your product using your technology. Finally, you can issue a brand license where you license an existing company to put your brand name on your product manufactured by another entity. Of course if you use any of these types of arrangements you will need to go through a full third party management cycle; consisting of a business justification, questionnaire, due diligence, contract and management thereafter.

From the internal control perspective you will need to make sure you have several key compliance related controls in place. This will include the aforementioned vetting of all customers and third parties; appropriate controls over each transaction, including both quotes and contracts; empowered and non-conflicted employees; and finally training and self-auditing. You will need separate controls over payment terms and payment mechanisms and controls to align shipping and export controls. Finally, do not forget the omnipresent segregation of duties and control over the vendor master file.

Lastly, you should focus on your high-risk points in any of the above. These include your full vetting and management of third parties. You should pay attention as to how you became aware of these third party sales representatives. You will also need to pay attention to your freight forwarders and other export control representatives. You will need to be vigilant going forward for outright bribes paid in either cash or other values such as free products, lavish travel, gifts and entertainment, especially if the travel has no business purpose.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 1, 2014

Sherlock Holmes and Innovation in the Compliance Function, Part I – A Study In Scarlet

A Study in ScarletToday begins a week of double themed blog-posts. First I am back with an homage to Sherlock Holmes, for it was in the magazine Beeton’s Christmas Annual that the characters Sherlock Holmes and Watson were introduced to the world in 1887, in the short story A Study in Scarlet. The second theme will be innovation in the compliance department. I will take some recent concepts explored in the December issue of the Harvard Business Review (HBR) and apply them to innovation and development of your compliance function. I hope that you will both enjoy my dual themed week and find it helpful.

Today I begin with the first novel, A Study in Scarlet. There are two items of note that I learnt in researching this work. The first is that it was written in 1886 and even Conan Doyle had trouble finding a publisher for what went on to become the most famous detective character of all-time. The second was the title. I had always thought it referred to the color of blood but it turns out that it comes from a speech given by Holmes to Dr. Watson on the nature of his work, in which he describes the story’s murder investigation as his “study in scarlet”: “There’s the scarlet thread of murder running through the colourless skein of life, and our duty is to unravel it, and isolate it, and expose every inch of it.” Furthermore, a ‘study’ is a preliminary drawing, sketch or painting done in preparation for a finished piece.

I thought Doyle’s first work would provide an excellent entrée into today’s topic, that being leadership in the compliance function. While many compliance departments may have begun more as a command and control function, set up by lawyers to comply with anti-bribery laws such as the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or others; this type of leadership model is now becoming outmoded in today’s world. It is not that employees are interested in the ‘why’ they should do business ethically and in compliance with such laws but it is more that power is shifting inside corporations. In a HBR article, entitled “Understanding “New Power””, authors Jeremy Heimans and Henry Timms explore how leadership dynamics are changing and what companies might be able to do to harness them. I found them to have some excellent insights, which a Chief Compliance Officer (CCO) moving to CCO 2.0 or compliance practitioner might be able to garner for a compliance function.

The authors begin by noting that ‘new power’ differs from ‘old power’ in a bi-lateral dimension of intersection. This intersection is between the models used to exercise power and the values which are now embraced. It is the understanding of this shift in power, which will facilitate the compliance function moving more to the forefront of a business integration role. The new power models are fourfold. Under sharing and shaping a company is much more integrated with its customers and supply chain. Second is funding which continues this integration by adding a vertical component of funding, whether equity positions or some other type of funding. Third is producing in which “participants go beyond supporting or sharing other people’s efforts and contribute their own.” Finally, there is co-ownership, which is the most decentralized, pushing participation down to the lowest or most basic levels.

But beyond these new power systems, the authors believe that “a new set of values and beliefs is being forged. Power is not just flowing differently; people are feeling and thinking differently about it.” The authors call them “feedback loops” which “make visible the payoffs of peer-based collective action and endow people with a sense of power. In doing so, they strengthen norms around collaboration”.

The authors lay out five new values. They include the area of governance where the authors note, “new power favors informal, networked approaches to governance and decision making.” Next is in the area of collaboration where the authors believe that this new power value rewards “those who share their own ideas, spread those of others, or build on existing ideas to make them even better.” The next new value is DIO or do it ourselves. Under this value, there is a “belief in amateur culture in arenas that used to be characterized by specialization and professionalization.” Next is transparency which, while not a new concept, says that more permanent transparency between business and social lives will lead to a “response in kind from our institutions and leaders who are challenged to rethink the way they engage with their constituencies” specifically including their employee base. The final new value identified by the authors is affiliation, which means that new and younger employees are less like to “forge decades-long relationships with institutions.”

The authors have three prescriptions that I found could be useful for the CCO or compliance practitioner to incorporate into a mature and evolving compliance program moving forward. Compliance functions need to “engage in three essential tasks: (1) assess their place in a shifting power environment, (2) channel their harshest critic, and (3) develop a mobilization capacity.

Assess where you are

This prong is quite close to something compliance practitioners are comfortable with in their role, a risk assessment. However the authors suggest that the assessment be turned inward so you should assess the compliance function on this “new power compass—both where you are today and where you want to be in five years.” You can benchmark from other companies in responding to this query. Internally, you can begin this process with a conversation about new realities and how the compliance function should perform. More importantly such an assessment can help you identify the aspects of their core models and values that should not be changed.

Incorporate business unit interests

The authors note, “Today, the wisest organizations will be those engaging in the most painfully honest conversations, inside and outside, about their impact.” However, I think this question should be asked first by the CCO or compliance practitioner. For it is not only what you are doing to work with your business units but more importantly what are you doing to incorporate their concerns and suggestions into your compliance regime. If you are going to ask the business unit to be a significant partner or better yet be your business partner, you will need to have a mechanism in place to engage your business unit so there can be an inflow of input before the compliance function has an output of requirements. As the authors write, “This level of introspection has to precede any investment in any new power mechanisms” to which I would add any successful compliance function.

Mobilize your capacity

Here I suggest you consider contracted third parties and other third parties such as joint venture (JV) partners as an avenue through which the compliance function can bring greater benefits to an organization. I have often heard compliance expert Mary Jones talk about her training of her company’s third parties and how thankful they were that when she, Global Industries Director of Compliance, would personally travel to their locations and put on in-person training. Her efforts to travel to their locations, spend the money required to do so not only directly strengthened Global Industries’ compliance function but created allies for her efforts by giving these suppliers the information and training they needed to comply with their customers requirements. By reaching out in this manner, Global Industries used its contracted third party suppliers to create a stronger company compliance program.

As the anti-corruption compliance profession matures, it will become more a component of a company’s business function. This means less of a lawyer’s top down mentality of do it because I said to do it, to more collaboration. It also means, as with the premier of Sherlock Holmes in A Study in Scarlet that something new is on the horizon and it could be here for quite sometime to come.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

November 21, 2014

The Strategic Use of Compliance

StrategyWhat is your company’s compliance strategy? By this I do not mean what is your company doing to put in a place a best practices anti-corruption compliance program that meets the requirement of the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. My inquiry goes both further and deeper. Has your company moved beyond the view that compliance with the FCPA is simply enough by incorporating compliance into your business strategy to secure a competitive advantage going forward? I thought about this issue when I read a recent article in the MIT Sloan Management Review, entitled “Finding the Right Corporate Legal Strategy”, by Robert C. Bird and David Orozco. While the authors posed the questions from the legal perspective, I found their insights equally valid from the compliance perspective.

While I am fairly certain that Chief Compliance Officers (CCOs) and compliance practitioners understand the need for the integration of compliance into the day-to-day business operations of a company, many business types still view compliance “as a constraint on managerial decisions, primarily perceiving” compliance as simply a cost. The authors believe that the more enlightened approach is for companies to use functions such as compliance “in order to secure long-term competitive advantage.” To do so the authors detailed five different legal strategies, which they call pathways, that companies might use that I will translate into compliance strategies. They are in ascending order of importance: (1) avoidance; (2) compliance; (3) prevention; (4) value and (5) transformation. The right strategy for your company will depend on a variety of factors such as maturity of your compliance function, commitment by senior management to compliance, your business model and the compliance function’s ability to collaborate with business managers.

Avoidance

This is the idiot response where a company either disregards anti-corruption laws such as the FCPA or UK Bribery Act or engages in willful blindness. Unfortunately, there are many major US and foreign corporations that have come to grief under the FCPA because they did not take some of the most basic steps to comply with these laws. It is largely because senior management believes that compliance provides “little concrete value, so they make no effort to” even acquiring knowledge in the area. Worse yet are companies who gain a modicum of knowledge about such anti-corruption laws “only so that they can circumvent it to achieve a desired objective.” The authors note that while “An avoidance strategy can sometimes be effective…it can also lead to disaster.” This lead to the compliance function and the CCO only being called in an emergency, after the conduct has occurred so that compliance is always in a reactionary mode.

Compliance

This pathway means complying with laws, not the compliance function itself. Under this pathway, “companies recognize that the law is an unwelcome but mandatory constraint on their activities.” So while following this strategy would allow a company to have subject matter expert (SME) practitioners in the field of compliance, it would exist only “so the business could operate within its legal bounds.” Under this pathway, companies still view compliance as a cost to be minimized. Moreover, anti-corruption laws such as the FCPA or UK Bribery Act are “viewed as primarily inflexible—externally imposed rules that cannot be changed or adapted to suit a particular corporate strategy.” This means that business managers will simply not understand that compliance can be used to further business goals. It also leads most business unit folks to believe that compliance is the Land of No and the CCO is in reality ‘Dr. No’ who is there “primarily as a watchdog that polices corporate conduct for illegal activity.”

Prevention 

Under the prevention pathway, senior management acknowledges that anti-corruption laws can be used as competitive advantage “to further well-defined business roles.” This means that the compliance is proactive rather than reactive. Senior managers understand how the law relates to their business areas “and they appreciate how it can be used to minimize particular business risks.” The compliance function “seeks partnerships with managers to help them achieve their risk-management goals.” This pathway has the added benefit that allows compliance practitioners to recognize the importance of measuring and quantifying compliance issues and data “as a part of a broader effort to support a business oriented strategy.” It also means that the compliance function is available to the business unit when the competitive landscape is “strategically assessed” by the business unit. This is more than simply having a seat at the table; it is being a part of and contributing to the commercial strategy.

Value

Companies operating in this pathway use compliance to “create tangible and identifiable value.” But to do so requires a true corporate commitment because business unit managers will need to have a strong understanding of anti-corruption compliance and how it can be tailored to generate value for the company. The CCO, and indeed the entire compliance function, must see itself “as a key stakeholder in helping the company to increase its return on investment” and should see itself in helping to create value for the company. Usually this comes about in two ways. The first is by using compliance to lower costs of doing business, particularly through third parties. Here you can think of reducing the number of vendors who perform the same services or provide the same products to you by appropriate management of your third party compliance program. The second way is by using compliance to increase revenues.

Transformation

In this final pathway, a company will incorporate compliance directly into its business model. While the authors note that few companies have been able to move this far in the legal arena, those who have done so possess a rare and valuable “capability that can provide a competitive advantage that is difficult for a business rival to imitate.” One of the keys to making this transformation is that not only is compliance integrated within “the company’s various value-chain activities; it is also linked with the value chains of important external partners as part of the larger business ecosystem.” This pathway is only available to companies with the most mature compliance function and most usually when compliance is combined with “the business model and core competencies of the company.”

Clearly there is no ‘one size fits all’ approach to compliance strategies. However if your compliance program has maturity and senior management can operate with their eyes open, they will see that while the first three strategies focus on managing risk, the final two are targeted towards generating business opportunities or least have compliance as a part of the team doing so. As compliance practitioners move into the CCO 2.0 role that I have advocated, these pathways can provide you with a tangible starting point to educate senior management on what compliance can bring to the (business) table.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 20, 2014

Compliance Lessons From Mom

John HansonEd. Note-the below post was on the site, thefraudguy.com, which is hosted by John Hanson. I found it so moving I asked John if I could repost on my site, which he graciously allowed me to do. 

——————————————————————————————————————————————–

If you were wondering whether or not I had dropped off the face of the earth for the last six weeks, you guessed right.  October of 2014 was a month that, along with September 2001, I would love to utterly erase from my memory.

My mother, who had been so courageously battling cancer for the last five years, lost the battle on October 17, 2014.  Despite a contractor catching my house on fire and a kidney stone suddenly showing up, I was able to get to Bristol, VA and be with my mom before her passing.  I remained in Bristol to support my dad and help with all of the funeral arrangements.  After the funeral, I packed their house up and moved dad up to Fredericksburg, VA with my family.

As I reflected on my mom’s life and lessons, there were a few in particular that I find relevant to the work I do today, particularly in the area of compliance and ethics.  My mom was raised in a second generation Italian family in extreme poverty in New Orleans.  I recall hearing stories of how she slept together with her sister and brother in a small room where they had to take turns staying awake to keep the rats off of them.

Despite the obstacles, mom appreciated the value of hard & honest work, education, and selfless service.  Working various jobs, she put herself through nursing school and began what became a forty-one year long career as a nurse.   Mom’s nursing accomplishments were of no comparison with Nobel Prize winners and will never be remembered outside of the small circles of those whom they affected, but they are nonetheless as profound and meaningful, both to those affected and to those who might see in her life and work the impact and role of a positive high ethical tone and commitment to always doing what was right and in the best interests of her “customers” – her patients.

My mom always stressed the importance of honesty and showed me the benefits of it every time I owned up to something I did wrong as a child.  As long as I was honest about my mistakes, the punishment was appropriately reduced.  Thank God – or I would still be in “time-out” some forty years later!   That is a lesson I have carried all my life and am trying hard to pass on to my children, as well as those with whom I work.

Positive ethical tone within an organization begins with honesty.  And ends with dishonesty.

An effective compliance & ethics program will include on-going education and training.  While my mom worked hard to put herself through school to become a nurse, she never stopped her education there.  Over the course of her career as a nurse, she took on many new challenges/specialties, some of which she did pioneering work in.  The lesson is that education never stops.  We never stop learning and we always have room to learn more, regardless of where we are now in our lives and careers.  Compliance training IS on-going education.  It is not checking a box.

Being a nurse is among the most altruistic jobs one might have.  Caring for those who, in many instances, can’t care for themselves.  Helping them with the most humbling and/or simple tasks – many tasks that even family might shy away from.  Not losing sight of their human dignity and treating them with respect, even as they lost respect for themselves.  My mom was always a champion of the patients, even when being so was not always in the financial best interests of the hospital or kindly looked upon by her superiors.  As best as I know, mom never had to deal with any “corporate” fraud issues as a nurse/employee, but she certainly had her share of ethical issues.  Sometimes described as a “firecracker” when it came to advocating for her patients, I am sure mom upset her share of hospital superiors of lesser ethical constitution over the years.

It’s a great lesson for us.  By placing greater value on what we do and doing things right (rather than on where our stock price is), we find a more fulfilling and long-lasting success.  When someone acts unethically or engages in some sort of misconduct, we have to speak up – until somebody listens.

I recall with both joy and sadness a little boy named Stephen, who was a cancer patient under my mom’s care in a pediatric intensive care unit.  I was living far away at the time, working as an FBI Agent.  In caring for Stephen, my mom had learned that he had dreamed of one day becoming an FBI Agent and so she asked that I might visit him when I next came to town – in fact, she made certain to remind me of it MANY times as I planned my next visit!

When I got to town, my mom made sure that the hospital was my very first stop.  She also insisted that I wear a suit – my official FBI Agent “uniform.”   After Stephen’s chemo treatment(s) that day, she rolled him in a wheelchair to a private little waiting area where she had asked me to wait.  Stephen was probably about ten years old and his cancer was terminal – in its latest stage.   It was obvious that this child had suffered much and long, and was still in pain.  He didn’t have a single hair on his head and maybe weighed forty pounds in all his clothes.  Yet when my mom introduced me as her FBI Agent son, he lit up like a Christmas tree.  My mom and Stephen’s mom left briefly, so that we could have our “top secret debriefing.”  I let him hold by badge and credentials, let him see my handcuffs and the gun holstered on my hip, and answered every question he could muster the strength to ask – and many that I knew he would ask if he could.

When our time was over, I gave Stephen an official FBI t-shirt, a junior FBI Agent badge, some FBI pens, and other little things that I can’t even remember – though they meant the world to him.  I learned a couple months later that Stephen had passed and that he had specifically requested that he be buried in that FBI t-shirt that I gave him.  To this day I can’t think about that without tearing up.

This is just one example of how my mom took the time to listen to her “customers” and to appropriately do more for them than what just her job required.   She got no honors, medals, promotions, mentions or bonuses for this – and that was fine by her.  The joy brought to Stephen was priceless.

I’ll miss you mom.  Thanks for all you did for me and for everyone you touched.  I hope I can pass on the lessons I learned from you to my children as well as you passed them on to me.  I also hope that I might follow your example(s) with the same humble obscurity as you sought and that I might touch just one tenth of the number of lives that you did.

Tell Stephen hello for me.

October 22, 2014

Right to Retire Or Termination: Remediation of Leadership To Foster Compliance

Fall of RomeMany historians have long given 476 AD as the date of the fall of the Roman Empire. Further, it was from this date forward that Europe began its long slide into the abyss, which came to be known as the Dark Age. However, this view was challenged in 1971 by Peter Brown, with the publication of his seminal work “The World of Late Antiquity”. One of the precepts of Brown’s work was to reinterpret the 3rd to 8th centuries not as simply a decline of the greatness that had been achieved in the heydays of the Roman Empire, but more on their own terms. It was in the year of 476 AD that the last Roman Emperor, Romulus Augustulus, left the capital of Rome in disgrace. However as Brown noted, he was not murdered or even thrown out but allowed to retire to his country estates, sent there by the conquers of the western half of the Roman Empire, the Goths. Not much conquering going on if a ruler is allowed to ‘retire’, it was certainly a replacement but not quite the picture of marauding barbarians at the gate.

I thought about this anomaly of retirement by a leader in the context where a company or other entity might be going through investigations for corruption and non-compliance with such laws as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Yesterday I wrote about three recent articles and what they showed about a company’s oversight of its foreign subsidiaries. Today I want to use these same articles to explore what a company’s response and even responsibility should be to remediate leadership under which the corruption occurs. The first was an article in the New York Times (NYT), entitled, “Another Scandal Hits Citigroup’s Moneymaking Mexican Division” by Michael Corkery and Jessica Silver-Greenberg. Their article spoke about the continuing travails of Citigroup’s Mexican subsidiary Banamex. Back in February, the company reported “a $400 million fraud involving the politically connected, but financially troubled, oil services firm Oceanografía.”

This has led Citigroup to ever so delicately try to oust the leader of its Mexico operations, Mr. Medina-Mora, by encouraging him to retire. While Citigroup did terminate 12 individuals around the Oceanografía scandal earlier in the year, it has not changed the employment status of the head of the Mexico business unit. This may be changing as the article said, “In a delicate dance, Citigroup is encouraging its Mexico chairman, Manuel Medina-Mora, 64, to retire, according to four people briefed on the matter. The bank has been quietly laying the groundwork for his departure, which could come by early next year, the people said. Still, Mr. Medina-Mora’s business acumen and connections to the country’s ruling elite have made him critical to the bank’s success in Mexico. Citigroup and its chairman, Michael E. O’Neill, cannot afford to alienate Mr. Medina-Mora and risk jeopardizing those relationships, these people said.”

Should Mr. Medina-Mora be allowed to retire? Should he even be required to retire? What about the ‘mints money’ aspect of the Mexican operations for Citigroup? Was any of that money minted through violations of the FCPA or other laws? What will the Department of Justice (DOJ) think of Citigroup’s response or perhaps even its attitude towards this very profitable business unit and Citigroup’s oversight, lax or other?

Does a company have to terminate employees who engage in corruption? Or can it allow senior executives to gracefully retire into the night with full pension and other golden parachute benefits intact? What if a company official “purposely manipulated appointment data, covered up problems, retaliated against whistle-blowers or who was involved in malfeasance that harmed veterans must be fired, rather than allowed to slip out the back door with a pension.” Or engaged in the following conduct, “had steered business toward her lover and to a favored contractor, then tried to “assassinate” the character of a colleague who attempted to stop the practice.” Finally, what if yet another company official directed company employees to “delete hundreds of appointments from records” during the pendency of an investigation?

All of the above quotes came from a second NYT article about a very different subject. In the piece, entitled “After Hospital Scandal, V.A. Official Jump Ship”, Dave Phillips reported that two of the four VA Administration executives who engaged in the above conduct and were selected for termination, had resigned before they could be formally terminated. The article reported that the VA “had no legal authority to stop” the employees from resigning. Current VA Secretary Robert McDonald was quoted in the article as saying, “It’s also very common in the private sector. When I was head of Procter & Gamble, it happened all the time, and it’s not a bad thing — it saves us time and rules out the possibility that these people could win an appeal and stick around.” Plus, he said, their records reflect that they were targeted for termination. “They can’t just go get a job at another agency,” Mr. McDonald said. “There will be nowhere to hide.”

The third article was in the Wall Street Journal (WSJ) and entitled, “GM Says Top Lawyer to Step Down”. In this piece, reporters John D. Stroll and Joseph B. White, with contributions from Chris Matthews and Joann Lublin, reported that General Motors (GM) General Counsel (GC) Michael Millikin will retire early next year. Milliken is famously the GC who claimed not to know what was going on in his own legal department around the group’s settlements of product liability claims of faulty ignition switches. Milliken claimed he was kept “in the dark” by his own lieutenants about the safety issues involved with this group of litigation. Does Milliken have any responsibility for the failures of GM around this safety issue? What does his apparent graceful retirement say about the corporate culture of GM and its desire to actually change anything in the light of its ongoing travails? Of course one might cynically point to GM’s failure to even have a Chief Ethics and Compliance Officer as evidence of the company’s attitude towards compliance and ethics. (I wonder how that might look to the DOJ/Securities and Exchange Commission (SEC) if GM goes under any FCPA scrutiny?)

With Citigroup, the Department of Veterans Affairs and GM, we have three separate excuses for companies (and a Cabinet level department) not disciplining top employees for ethical and/or compliance failures. At Citigroup, the excuse is apparently that it does not want to rock the boat from a top producing foreign subsidiary by terminating the head of the subsidiary under investigation. At the Department of Veterans Affairs, the excuse seems to be they can go ahead and resign because we prefer to get rid of them that way. At GM, it is not clear why the GC who claimed not to know what was going on in even his own law department can ride off into the sunset with nary a contrary word in sight. Millikin’s conduct would seem to be the product of a larger cultural issue at GM.

I thought about how the DOJ might look at these situations for companies if a FCPA claim were involved. Even with McDonald’s observations about what happened when he was with Procter & Gamble; does a company show something less than commitment to having a culture of compliance if it allows an employee to retire? What does it say about Citigroup and its culture given the current dance it is having with its head of the Mexico unit? What about GM and its Sgt. Schultz of a GC and his ‘I was in the dark posture’? As stated by Mike Volkov, in his post entitled “Goodbye Mr. Millikin: GM’s Continuing Culture Challenges”, GM does under appear to understand the situation it finds itself in currently over its failures. He wrote, “GM still does not understand the significance of its governance failure…GM should have taken dramatic and affirmative steps to create a new culture – resources and new initiatives should be launched to rid GM of its current culture and replace it with a new speak up culture. It is a daunting task in such a large company but it has to be done. Until GM wakes up, missteps and failures will continue.” One might say the same for Citigroup and the Department of Veterans Affairs as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

October 21, 2014

Carlton Fisk, The Homer and Oversight of a Profitable Subsidiary

Fisk HomerToday we celebrate one of the great moments in World Series history. At approximately at 12:34 AM on this date in 1975, Carlton Fisk came to bat at the bottom of the 12th, in Game 6 of the World Series between the Boston Red Sox and Cincinnati Reds. He hit a pitch down the left field line. He stood at the plate, bouncing up and down and flailing at the ball as though he was helping an airplane land on a dark runway. “I was just wishing and hoping,” he said at a ceremony some years later. “Maybe, by doing it, you know, you ask something of somebody with a higher power. I like to think that if I didn’t wave, it would have gone foul.” Whether or not the waving was responsible, the ball bounced off of the bright-yellow foul pole above the Green Monster for a home run. Fenway’s organist played the Hallelujah Chorus from Handel’s Messiah while Fisk rounded the bases. One for the ages indeed as it appeared the Baseball Gods might finally be smiling on the Red Sox nation. Alas, they lost the next game and it was not to be for another 30 years.

I thought about Fisk’s homer and the ultimate heartbreak of Red Sox nation once again in 1975 when I read about several recent issues involving corruption and corporate responsibility for oversight, or perhaps more appropriately, the lack thereof. The first was an article in the New York Times (NYT), entitled “Another Scandal Hits Citigroup’s Moneymaking Mexican Division”, by Michael Corkery and Jessica Silver-Greenberg. Their article spoke about the continuing travails of Citigroup’s Mexican subsidiary Banamex. Back in February, the company revealed “a $400 million fraud involving the politically connected, but financially troubled, oil services firm Oceanografía.”

However, company investigators have unearthed another problem at the Mexico unit. The article reported “An internal investigation, begun by Citigroup in July, found evidence that the security unit was overcharging vendors and may have been taking kickbacks, a person briefed on the investigation said. The internal inquiry also found shell companies that had been set up to look like vendors and receive payments from the Banamex unit.” In a statement reported in the piece, Citigroup’s Chief Executive Officer (CEO) Michael L. Corbat “called the conduct of the individuals in the security unit ‘appalling’”.

What I found most interesting in the article was the response of Citigroup and what its implications might mean for the compliance practitioner, particularly one whose company is under scrutiny for a Foreign Corrupt Practices Act (FCPA) violation by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). The NYT piece made clear that the Mexico unit is so profitable that it figuratively “mints money” for the company. Moreover, “despite the latest headline-grabbing turmoil at Banamex, Citigroup does not want to cede any ground in Mexico where it dominates a large portion of the retail market.”

What is the responsibility for a US corporate parent when a foreign subsidiary ‘mints money’ for the company? Should the corporate parent pay closer attention to make sure the subsidiary is doing business in compliance with the FCPA and other relevant laws? In the past few posts, I have discussed some of the specific internal controls a compliance practitioner might consider for a company’s international operations. One of the problems Citigroup is facing with the conduct of its Mexico subsidiary is the company’s concern of “lax controls and oversight”. Moreover, there is concern that some part of the ongoing troubles in the Mexico unit relates to its head, Manuel Medina-Mora. Citigroup Chairman Michael O’Neill, was said to have “privately expressed concerns to board members that Mr. Medina-Mora, who is also co-president of the parent company, has not always relayed problems in the region to executives at the bank’s headquarters on Park Avenue, according to the people briefed on the matter. Instead of looping in executives in New York, Mr. Medina-Mora has at times chosen to handle the issues himself.”

How much oversight should a parent corporation have over a subsidiary? At a basic level it would seem that oversight should be enough to prevent and detect illegal conduct. Clearly, a Chief Compliance Officer (CCO) should be considering the entity-wide internal controls for a company. Under the FCPA accounting provisions, issuers can be held liable for the conduct of their foreign subsidiaries, even though the improper conduct occurred outside of the US. The scope of liability is based on the issuer’s incorporation of the subsidiary’s financial statements in its own records and SEC filings.

While a CCO should expect (and the DOJ & SEC for that matter) that internal controls at locations outside the US are of the same effectiveness as internal controls in US business units and at the US corporate office; unfortunately, that might not always be the case. It is often the case that corporate level internal controls are stronger than those in foreign business units. The Citigroup situation with its Mexican subsidiary would seem to be a clear example of the oft-cited reason that many companies were built through acquisitions, resulting in many business units (both in and outside the US) having completely different accounting and internal control systems than US corporate office. There is often a tendency to leave acquired companies in the state in which they were acquired, rather than trying to integrate their controls and conform them to those of current business units. After all, the reason for the acquisition was the profitability of the acquired company and nobody wants to be accused of negatively impacting profitability, especially one that ‘mints money’.

The second example is one a bit closer to home and it is that of the General Motors (GM) legal department. In an article in the Wall Street Journal (WSJ) entitled “GM Says Top Lawyer to Step Down”, John D. Stroll and Joseph B. White, with contributions from Christopher Matthews and Joann S. Lublin, reported that GM General Counsel (GC) Michael Millikin will retire early next year. Millikin was criticized after the GM internal investigation found that he ran the GM legal department in such a hands off manner that he did not know about his legal department’s own settlements for product liability claims involving faulty ignition switches until February of this year. His defense was that his own lawyers “left him in the dark” even though there was evidence that he had been repeatedly warned, “GM could face punitive damage awards related to its failure to address the safety defect.” Missouri Senator Claire McCaskill summed up sentiment about Milliken with her statement “This is either gross negligence or gross incompetence.” In other words if you are a GC or CCO you had better know what is going on in your own department. What would it say about a CCO who did not know that compliance department members were dealing with violations of the FCPA without informing him or her? It would say that the CCO failed to exercise leadership and oversight.

And while you are watching things closely, you may want to check out a clip of Carlton Fisk’s famous homer by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 26, 2014

West Side Story and GSK In China – Board Oversight and Tone in the Middle

West Side Story IIYesterday, I celebrated the anniversary of one of America’s cultural lows. But today, I am extremely pleased to open with exactly the opposite, that being one of America’s greatest gifts to the performing arts. For on this day in 1957, the musical West Side Story premiered on Broadway. There are so many facets to one of the great, even greatest, works of musical theater. Leonard Bernstein penned the score, Stephen Sondheim wrote the lyrics, Jerome Robbins choreographed the dance and the story was by Arthur Laurents, inspired by Romeo and Juliet.

There are many great songs, dances and moments in the play. Most of us (at least of my age) outside New York were introduced to the play via television where it ran for one showing in 1971. The show never toured until the 2000s. When I finally got to see the stage production I was absolutely blown away. I had never seen anything like and it and I will never forget the 5-counter point singing by Tony, Maria, Anita, Bernardo and the Sharks, and Riff and the Jets, as they all anticipate the events to come that night in the song Tonight’s Quintet. The show truly is one of America’s gems.

I thought about the continuing appeal of West Side Story as a musical and why the story continues to resonate with the American people when I continued to consider some of the lessons learned from the GlaxoSmithKline PLC (GSK) matter in China. Today’s areas for reflection should be the role of a company’s Board of Directors and the second is the ‘tone in the middle’. While we have not heard from the GSK Board on this case, it has become clear that the GSK Board was aware of both the anonymous whistleblower allegations and the release of the tape of the GSK China Country Manager and his girlfriend. One of the lessons learned from the GSK scandal is that a Board must absolutely take a more active oversight role not only when specific allegations of bribery and corruption are brought forward but also when companies are operating in high risk environments. Further how can a company move its message of doing business ethically and in compliance down the employee chain.

In a NACD Directorship article, entitled “Corruption in China and Elsewhere Demands Board Oversight”, authors Eric Zwisler and Dean Yoost noted that as “Boards are ultimately responsible for risk oversight” any Board of a company with operations in China “needs to have a clear understanding of its duties and responsibilities under the FCPA and other international laws, such as the U.K. Bribery Act”. Why should China be on the radar of Boards? The authors reported, “20 percent of FCPA enforcement actions in the past five years have involved business conduct in China. The reputational and economic ramifications of misinterpreting these duties and responsibilities can have a long-lasting impact on the economic and reputation of the company.”

The authors understand that corruption can be endemic in China. They wrote, “Local organizations in China are exceedingly adept at appearing compliant while hiding unacceptable business practices. The board should be aware that a well-crafted compliance program must be complemented with a thorough understanding of frontline business practices and constant auditing of actual practices, not just documentation.” Further, “the management cadence of monitoring and auditing should be visible to the board.” All of the foregoing would certainly apply to GSK and its China operations.

Moreover, the FCPA Guidance makes clear that resources and their allocation are an important part of any best practices compliance program. So if that risk is perceived to be high in a country such as China, the Board should follow the prescription in the Guidance, which states “the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”

To help achieve these goals, the authors suggested a list of questions that they believe every director should ask about a company’s business in China.

  • How is “tone at the top” established and communicated?
  • How are business practice risks assessed?
  • Are effective standards, policies and procedures in place to address these risks?
  • What procedures are in place to identify and mitigate fraud, theft, and corruption?
  • What local training is conducted on business practices and is it effective?
  • Are incentives provided to promote the correct behaviors?
  • How is the detection of improper behavior monitored and audited?
  • How is the effectiveness of the compliance program reviewed and initiated?
  • If a problem is identified, how is an independent and thorough investigation assured?

Third parties generally present the most risk under a Foreign Corrupt Practices Act (FCPA) compliance program and are believed (at least anecdotally) to comprise over 90 percent of reported FCPA cases, which subsequently involve the use of third-party intermediaries such as agents or consultants. But this is broader than simply third party agents because any business opportunity in China will require some type of business relationship.

One of the major failings of the GSK Board was that it apparently did not understand the actual business practices that the company was engaging in through its China business unit. While $500MM may not have been a material monetary figure for the Board to consider; the payment of such an amount to any third party or group of third parties, such as Chinese travel agencies, should have been raised to the Board. All of this leads me to believe that the GSK Board was not sufficiently engaged. While one might think a company which had received a $3bn fine and was under a Corporate Integrity Agreement (CIA) for its marketing sins might have sufficient Board attention; perhaps legal marketing had greater Board scrutiny than doing business in compliance with the FCPA or UK Bribery Act. The Board certainly did not seem to understand the potential financial and reputational impact of a bribery and corruption matter arising in China. Perhaps they do now but, for the rest of us, I think the clear lesson to be learned is that a Board must increase oversight of its China operations from the anti-corruption perspective.

GSK Chief Executive Officer (CEO) Sir Andrew Witty has certainly tried to say all of the right things during the GSK imbroglio on China. But did that message really get down into to the troops at GSK China? Moreover, did that message even get to middle management, such as the GSK leadership in China? Apparently not so, one of the lessons learned is moving the Olympian Pronouncements of Sir Andrew down to lower levels on his company. Just how important is “Tone at the Top”? Conversely, what does it say to middle management when upper management practices the age-old parental line of “Don’t do as I do; Do as I say”? In his article entitled, “Ethics and the Middle Manager: Creating “Tone in The Middle” Kirk O. Hanson, listed eight specific actions that top executives could engage in which demonstrate a company’s and their personnel’s commitment to ethics and compliance. The actions he listed were:

  1. Top executives must themselves exhibit all the “tone at the top” behaviors, including acting ethically, talking frequently about the organization’s values and ethics, and supporting the organization’s and individual employee’s adherence to the values.
  2. Top executives must explicitly ask middle managers what dilemmas arise in implementing the ethical commitments of the organization in the work of that group.
  3. Top executives must give general guidance about how values apply to those specific dilemmas.
  4. Top executives must explicitly delegate resolution of those dilemmas to the middle managers.
  5. Top executives must make it clear to middle managers that their ethical performance is being watched as closely as their financial performance.
  6. Top executives must make ethical competence and commitment of middle managers a part of their performance evaluation.
  7. The organization must provide opportunities for middle managers to work with peers on resolving the hard cases.
  8. Top executives must be available to the middle managers to discuss/coach/resolve the hardest cases.

What about at the bottom, as in remember those China unit employees who claimed they were owed bonuses because their bosses had instructed them to pay bribes? Well if your management instructs you to pay bribes that is a very different problem. But if your company’s issue is how to move the message of compliance down to the bottom, Dawn Lomer, Managing Editor at i-Sight Software, provided some concrete suggestions in an article in the SCCE magazine, entitled “An ethical corporate culture goes beyond the code”, where she wrote that that the unofficial message which a company sends to its employees “is just as powerful – if not more powerful – than any messages carried in the code of conduct.” Lomer suggested that a company use “unofficial channels” by which your company can convey and communicate its message regarding doing business in an ethical manner and “influence employee behavior across the board.” Her suggestions were:

  1. Reward for Integrity - Lomer writes that the key is to reward employees for doing business in an ethical manner and that such an action “sends a powerful message without saying a word.”
  2. The three-second ethics rule – It is important that senior management not only consistently drives home the message of doing business ethically but they should communicate that message in a short, clear values statement.
  3. Environmental cues – Simply the idea that a company is providing oversight on doing business ethically can be enough to modify employee behavior.
  4. Control the images – It is not all about winning but conducting business, as it should be done.
  5. Align Messages – you should think about the totality of the messages that your company is sending out to its employees regarding doing business and make sure that all these messages are aligned in a way that makes clear your ethical corporate culture clear. 

The GSK case will be in the public eye for many months to come. Both the UK Serious Fraud Office (SFO) and US authorities have open investigations into the company. Just as the five counter-point singing or the rooftop symphonic dance scene to the song America demonstrates the best of that art form; you can draw lessons from GSK’s miss-steps in China now for implementing or enhancing your anti-corruption compliance program going forward now.

And while you are ending your week of considering GSK and its lessons learned for your compliance program, crank up your speakers to 11 and listen to some five counter-point singing the movie version of the Tonight Quintet, by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 2, 2014

Spin Sucks-Communications Tips for the Compliance Professional

Spin SucksOne of my favorite social media acquaintances is Gini Dietrich, the founder and Chief Executive Officer (CEO) of Arment Dietrich Inc. Not only does she bring one of the freshest voices to what might arguably be called ‘one of the world’s oldest professions’, that being Public Relations (PR) (she identified a 1800 BCE PR campaign), she is a top notch cyclist and an über Chicago Bears fan. Earlier this year she released her book Spin Sucks. While the book is obviously aimed at the PR, it provides a wealth of information, which the compliance professional can also use.

As you might guess from the title of the book, Gini believes that if you “Lie or spin the truth you will be found out,” and that folks will “take you to task” for doing so. More than just your reputation will suffer; you will lose the ability to have credibility going forward. Her thesis is that today, “while media strategy is an important part of a communications program, there are many other tactics used in a cohesive strategy: content, email marketing, social media, crisis and reputation management, events, social advertising, investor relations, lobbying, regulatory work, and more.” That sounds like a good prescription for a compliance practitioner to consider in the communication function of a best practices compliance program.

The book is broken down into 10 chapters and for the compliance professional, I want to focus on Chapter 7 – Your Customers Control the Brand. Here Dietrich focuses on a company’s customers because they, in many ways, hold or control the brand. And, as a company, your brand is really all you have. I think this is very true for the compliance practitioner and is not something which is discussed or recognized enough of the time. Dietrich provides seven points that she believes can help shape the perception of your brand. I have adapted them for the compliance professional.

  1. Be Vigilant. Dietrich says this issue warrants “Not just repeating your brand message over and over again, but in monitoring and listening to conversations happening online about you.” While a company may not have as many employees communicating about the compliance function online, the point is nonetheless well taken. You should listen to concerns about your compliance program. Listen through the hotline, at training sessions and any other time you get the chance. I like the way Gini puts it, “Harness that information [and] be vigilant about paying attention”.
  2. Be Honest. Yes your mother, and Gini’s mother, was right, Honesty is the Best Policy. Dietrich says, “Keep people updated. Communicate the ups and downs. When you’re honest about the issues, challenges, or concerns, there isn’t a story to tell. It might be painful at first, but the pain won’t last as long as it would if you lie or attempt to sweep the problem under the rug.” Think about General Motors and its attempts to hide the ignition switch problems, where would the company be if it had been honest about the problem?
  3. Be Open. Dietrich nails the issue on this point when she start off, “This one is so hard. It’s difficult for human beings to keep open minds about many things.” As a lawyer, I would say that can be exponentially true for my juris docum But at the end of the day, the compliance program is not the legal department; it is a function designed to prevent, detect and remediate problems, not just to say NO. Paraphrasing Dietrich, if you show a willingness to talk about issues, and even change your policies based on feedback, you’ll create the most loyal employees.
  4. Be Active. Here Dietrich focuses not on the busy work of being on all types of social media but using such mechanisms to engage your customer base. For the compliance professional first and foremost is to get out of the corporate office and into the field. Let people meet you, get to know you and listen to their concerns. Incorporate their ideas and feedback into your compliance program going forward.
  5. Be Consistent. Gini talks about consistency in messaging because “if you aren’t consistent, how can you expect your customers to know who you are?” For the compliance professional, I would submit that this prong anticipates issues broader than simply communications. I often discuss the Fair Process Doctrine and how that is so important in administering your compliance program. One of the keys to this doctrine is consistency. The consistency of your actions should follow the consistency of your message.
  6. Be Creative. I often say that lawyers and compliance professionals are only limited by their imaginations. This is certainly true in the field of media relations. Here Dietrich suggests tackling a problem head on. In the compliance arena it might mean using a compliance misstep as a lesson learned. For instance, after the Walmart corruption scandal was broken in the New York Times, many companies incorporated the examples that arose of what is and, more importantly, what is not a facilitation payment into their training.
  7. Be Proud. Dietrich states, “Once you figure out your vision-what you want to achieve, who you want to be when you grow up-post it everywhere.” She suggests several mechanisms to make employees proud of your brand and I would submit that you could also do this in the compliance arena. You can create plaques or recognition awards for employees who shine through in compliance. She ends this section with the following, “Be proud of what you are doing and don’t be afraid to tell the world about it.” This is another message that I do not think gets enough play by compliance professionals. We bring real value to our companies and our work is something to be proud of. It should be celebrated.

Dietrich writes in a conversational style that is easy to read and digest. I found her book had some great pointers about communication, which could be very helpful to the compliance practitioner, in addition to the media relation specialist. You can purchase a copy by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 31, 2014

Lessons Learned from the Beautiful Game: Compliance, FIFA and the World Cup

World Cup e-BookThe 2014 World Cup is over and in the books. It was a great tournament for probably everyone across the globe but the host nation of Brazil. While there are many lessons to be learned from this event, the lead up to and events of this year’s World Cup provide some interesting insights for the compliance practitioner. I have collected some of my writings on FIFA, the World Cup and the world of the ‘Beautiful Game’ in one volume, entitled, “Lessons Learned from the Beautiful Game: Compliance, FIFA and the World Cup”. It is now out and available from amazon.com in Kindle e-reader format.

In this short volume I take a look at some for the following topics.

  • FIFA and its selection process for the 2022 World Cup in Qatar.
  • Performing due diligence and World Cup bids.
  • Referee Professionalism as an anti-corruption tool
  • What are some of the consequences for failure to set a proper tone-at-the-top.
  • Leadership lessons from managers of some of the world’s top soccer clubs.
  • Lessons learned from both compliance successes and failures.

I am sure that you will find this e-Book gives you some ideas for your anti-corruption compliance program, no matter which FIFA country you might practice compliance in. Finally, you cannot beat the price, as it is only $3.99. You can order a copy by going to amazon.com or by simply clicking here.

July 29, 2014

Bringing It All Home, the Two Tough Cookies Wrap It Up For You, Part II

Tales from the CryptNote-I asked the Two Tough Cookies if they could put together a series of blog posts wrapping up the lessons they have seen and learned and written about in their series of Tales from the Crypt. They graciously put together a series of posts on the seven elements of an effective compliance program from their 10 tales of Business Conduct. Today, Part II of a Three Part Series…

3. Exercise Due Diligence to Avoid Delegation of Authority to Unethical Individuals

This one is tough, especially in global organizations. In many countries, you simply cannot run a background check, as criminal records are not public. In others, you can run them, but the criminal offense must be related to the job to exclude the candidate from being hired.   In yet others, you can run them, but you can’t use them due to overly strict privacy rules. Then there’s the matter of cost relating to doing all this due diligence. The best thing you can do is determine the following:

  • First, is your business subject to a potential FCPA violation? If you are not “at risk” of public corruption because you are not engaging at any level with foreign government officials, then half the battle is won. Of course, you still run the risk of commercial corruption (bribes, kick backs, etc. with trading partners), but at least the spectre of government sanctions is not looming so large over you.
  • If you are “at risk” of an FCPA violation (you have interaction with govt. officials, including customs) have you developed a robust due diligence program, based on some corruption index to determine the level of due diligence required for your staff, your trading partners?
  • Have you identified your red flags thoroughly to spot anomalies in your business that would signal a deeper view is recommended?
  • Do you have staff to conduct the due diligence, or a vendor to do it on your behalf?
  • Are background checks run on everyone, or just certain individuals, or certain risk areas?
  • Have you taken a hard look at your gift policies to determine whether or not there are glaring holes that could give rise to inappropriate influence in business dealings?
  • Have you taken cultural considerations under advisement in your gift policies? Are they more stringent, or lax, compared to the US? Are the gift policies in Russia different than the gift policies in the US, because someone convinced someone else that you just can’t get things done without greasing a palm here or there?
  • Do you have a formal committee reviewing all charitable contributions, or, are ‘charitable contributions” acceptable as “facilitation” to get non-discretionary government functions moving along? Does your organization allow “facilitation payments” – if so, you better take a second, third, fourth look….

The point I’d like to emphasize here is that even companies that make it on the “World’s Most Ethical Companies” list also make it to the DOJ’s investigation list for foreign corruption, or violation of embargoes, sanctions, and the like. People interpret rules when the rules change, depending on the country. People then make mistakes in favor of what makes business sense to them, in their country, in their environment. You just have to make sure you’ve done what’s reasonable to prevent those mistakes.

  1. Communicate and Educate Employees on Compliance and Ethics Programs

Here’s where the tone from the top, middle and bottom are key to your culture. This is probably the most important thing you want to measure. I am fond of saying 90% of a good ethics & compliance program is communication, and 10% is actions/deeds. While deeds do speak louder than words, it’s the communications – what you say, how you say it, what you mean by it, your intent – that frames up the actions of others.     So you want to measure

  • Are the messages the same, the deeper you get into the organization? Is the understanding of the messages cascading from above the same the further down you go? Easy enough to measure with post-learning survey tools. Give all top, middle, and lower management the same “meeting in a box” and see if the understanding after delivery is the same. Reminds me of that campfire game, where the story starts at one end of the circle, and is completely different by the time the last person hears the tale. Your objective, of course, is to ensure that every person in the corporate audience hears the same message, and has the same take-aways, no matter who is telling the tale.
  • What kind of audience do you have? Does everyone have access to a computer, or do you have the challenge of manufacturing workers, with multiple languages and facilities to manage, and no technical means of reaching them? Have you done what’s necessary to ensure your training and communications mechanisms address every type of audience, or are pockets left out of the mix?
  • What learning aids do you have to help with understanding the code of conduct? Are the examples you use for harassment appropriate for your audience? Do you have a team of global reviewers who will not only preview your training, but offer suggestions on how to localize it to make it appropriate, meaningful and relevant to the teams they serve? If so, do they look at all communications pieces, or only certain ones? If only certain ones, which ones? And why?
  • Are there any leaders who go above and beyond when you launch your annual or quarterly training? I had an Asian business President who made sure he took the course the first day it was launched, and then sent a message to his leadership team about what he learned from the course, and what he wanted them to take away to their teams after they took the course. All of his team had the course done within the first month. I wanted to clone the guy, I swear!

I’m also reminded of mandatory harassment training I gave in Brazil one year. I relied upon the canned on-line training to help with my meeting amongst management, who all spoke English well. I was planning on asking them to cascade the messages to their teams while I was there, but they pointed out that the training was a farce. Women, they told me, wanted wolf calls lobbed in their direction in Brazil – it was not only culturally acceptable, but encouraged. This was substantiated by the several women in the room. Check. Fortunately, I had other examples at the ready to use for a facilitated session, which I vetted with the women on the team prior to delivery. Lesson learned? Make sure your ethics & compliance steering committee has global membership, and are willing to preview your training and communications prior to launch to ensure cultural relevance. If you don’t do this, your ethics & compliance program will be perceived as a joke. Not a desirable outcome, I would say….

  1. Monitor and Audit Compliance and Ethics Programs for Effectiveness

So, how do you measure a non-event? I often ponder…. The challenge in highly ethical organizations is that you have, at first blush, very little to measure. If everyone’s doing a good job, how do you measure effectiveness. Is it because you have a great program that you have absolutely no calls on the hotline? Or is it that everyone is trembling in fear of retaliation the reason for no calls to the hotline? Hmmm.

Some of the things you can measure include

  • Indicators and ‘yardsticks’ – do you crawl, walk, or run to goals?
  • Do you seek periodic stakeholder feedback (including E&C council input)
  • What kind of documentation do you collect – trend analyses of HelpLine metrics, feedback on program enhancements as they are implemented, feedback on training and communications
  • Do you routinely conduct a “Lessons Learned” exercise after substantiated hotline calls?
  • Does your HR team engage in site assessments when a location, facility, or team seems to have a lot of issues that arise from a single manager or set of team leaders?
  • How often are your Code, policies, procedures updated and reviewed?   Are they tested for readability and understanding? Are they just published, or is training introduced for new policies as they are issued?
  • Do you conduct risk assessments and/or change training or communications based on perceived risk areas?
  1. Ensure Consistent Enforcement and Discipline of Violations

Does your organization allow for mistakes? Many will say they do, but when the rubber meets the road, you will find that they can be unforgiving for some transgressions, and unbelievably forgiving for others…. You will want to measure

  • Whether or not there appears to be wiggle room when folks stray. Deeds in this aspect do speak louder than words.
  • Are roles and responsibilities clearly defined, with escalation clauses when things go wrong?
  • Does your organization communicate when things go wrong as well as when things go right? I know one organization that struggled mightily when I suggested we let everyone know what actions we took for certain code violations. The attorneys were all worried that someone would sue, of course, but in the end, integrity prevailed. We were able to sanitize the situations in such a way to communicate what had been done, and what discipline was taken, without anyone learning personal details. Importantly, it drew a virtual line in the sand by publicizing transgression and discipline, so that people knew boundaries. Of course, this was after years of me observing that discipline seemed to be discretionary within the organization, and as a result, trust in management “doing right” was eroding significantly. It didn’t hurt that my observations were followed by multiple hotline calls saying the same thing… but it should never get to that point, should it?

Also measure whether or not policies and communications:

  • Encourage reporting
  • Identify resources to raise concerns
  • Prohibit retaliation for good faith concerns
  • Identifies management as the primary resource for issues or concerns
  • The average timeline to resolve complaints
  • Whether or not you benchmark reports that express fear of retaliation or unwillingness to consult with management first. This is tough to do, unless you build it in to your hotline reporting mechanism as a “customer service” function at the end of every call or report, actively soliciting this very feedback when a report is made.
  1. Respond Appropriately to Incidents and Take Steps to Prevent Future Incidents

So, you are at the point where you have confidence you have the right policies and procedures in place to keep yourselves honest. But in case someone didn’t get the memo of “expected behavior” you have to make sure you respond appropriately, and take steps to avoid future missteps. One organization I worked at realized the culture of an acquired subsidiary was so awful that it opted to sell it off rather than try to fix it. They had other issues in the larger organization, but they knew a bad deal when they saw it, and took steps to rid themselves of an untenable position. Another organization I worked at kept throwing money at a subsidiary, when it probably would have been better to toss in the towel. Different organization, different results, neither perfect, but it fit them as they saw things.

When gauging the culture of your organization, some things you want to look at are the rewards and sanctions for behavior:

Positive rewards:

  • Retention of employment
  • Recognition
  • Appreciation
  • Commendation
  • Monetary or stock reward

Negative sanctions:

  • Termination or Suspension
  • Demotion
  • Probation
  • Appraisal comments/warnings
  • Reduction in compensation or bonus

You also want to measure your Performance Appraisal Systems, and look to see whether or not they include sections on:

  • Demonstrated Ethics and values in workplace conduct
  • Good communication skills
  • Building trust with stakeholders
  • Being fair or equitable
  • Maintaining a high level of quality or integrity in decision-making
  • Reporting Concerns
  • Empowering subordinates to reporting concerns
  • Training and development initiatives for the team

Tomorrow the Two Tough Cookies sum it all up…

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The authors, their affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Authors give their permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the authors.

 

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,880 other followers