FCPA Compliance and Ethics Blog

November 26, 2014

Doing Business in India – Corruption Risks and Responses

IndiaRecently the US law firm of Foley and Lardner LLP and MZM Legal, Advocates & Legal Consultants in India jointly released a white paper, entitled “Anti-Bribery and Foreign Corrupt Practices Act Compliance Guide for U.S. Companies Doing Business in India”. For any compliance practitioner it is a welcome addition to country specific literature on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act and other anti-corruption legislation and includes a section on India’s anti-corruption laws and regulations.

FCPA Enforcement Actions for Conduct Centered in India

Under the FCPA, several notable US companies have been through enforcement actions related to conduct in India. Although not monikered as a ‘Box Score’ the authors do provide a handy chart which lists the companies involved, a description of the conduct and fine/penalty involved.

Company Description Disposition (in USD)
Pride International Payment made for favorable administrative judicial decision regarding customs issues $56.1 million
Tyco International German subsidiary paid third parties to secure contracts; payments recorded as commissions $26 million
Diageo Subsidiary made payments to government official responsible for purchase/authorization of Diageo’s products in India $16.4 million
Textron Subsidiaries paid foreign officials to secure contracts; characterized as commission and consulting fees $5.05 million
Oracle Corporation Oracle distributor allegedly created “slush” fund to pay third parties $2 million
Dow Chemical Company Payments made to India Central Insecticides Board to expedite registration of products $325,000

India Anti-Bribery/Anti-Corruption Laws 

The authors identify the principal anti-corruption legislation in India as the Prevention of Corruption Act, 1988 (PCA), which focuses on bribery of public servants. They go on to state, “Bribery under the PCA includes any “gratification” that a public servant receives other than his/her legal remuneration. Gratification constituting a bribe would include anything intended to motivate, influence, or reward a public servant for performing (or forbearing performance of) an official act, or for showing “favour or disfavour” to any person, or for rendering any service or disservice to a public servant.” However, there are other laws, in addition to the PCA, which govern such issues. These include “specific public servants’ Conduct Rules, which set specific guidelines on the value of gifts that may be accepted in furtherance of local or religious customs (where no reciprocal action is expected and where the public servant has no current or expected future official dealings with the gift giver). The guidelines for permissible gifts are based on the public servant’s rank and service classification and broadly range between 500 – 7,500 Rupees (approximately $8 – $120 U.S. dollars).”

Corruption Risks in India

Corruption risks in India are generally perceived to be high due to its “complex administrative and bureaucratic environment”. Similarly the FCPA Professor would say there are a high number of barriers to trade. Coming at it from a different direction, the Department of Justice (DOJ) would say the risk is high because of the number of licenses and permits required. More pruriently, I would say this leads to more folks having their collective hand out looking to speed things up. Indeed, in the recently released TRACE Matrix India comes in at 185th out of 197 countries listed, with a corruption score of 80, based largely on its score of 92 in the highest weighted category of “Interactions with Governments”.

a. Licenses and Permits

The authors identify that “a host of regulatory hurdles exists in India, including the need to obtain permits, licenses, and other regulatory approvals and to pay various application and registration fees. These types of low-level transactions provide opportunities for bribery. Payments made in such transactions — whether in cash or gifts — may appear minimal (by U.S. standards) and may seem harmless, but they can nonetheless result in violations of U.S. and/or India law.” They go on to list some “Examples of Problematic Conduct” around this issue they identify the following:

  • Paying (or providing some other benefit to) a customs official to bypass inspection or overlook incorrect or incomplete paperwork;
  • Paying a local tax regulator to overlook errors or inconsistencies in filings;
  • Paying an official to expedite the processing of a permit or license;
  • Paying a utilities provider to reduce billings; and
  • Paying a local health and safety regulator to overlook code violations.

b. Gifts, Travel and Entertainment

In the area of gifts, travel and entertainment, the authors state that “companies run the risk of triggering the FCPA and other anti-corruption laws if their marketing and entertainment expenditures cross a line into conduct that could be characterized as bribery or lends to the appearance of attempting to induce a breach of trust or impartiality on the part of the recipient…the various conduct rules for public servants in India establish specific guidelines for accepting gifts and hospitality, and, for some public servants, the maximum permissible gift value may be as low as 500 rupees ($8 U.S. dollars). Companies operating in India should thus familiarize themselves with these guidelines before providing even what may seem to be a modest gift or hospitality.” Some examples of problematic conduct identified is these areas are as follows:

  • Paying for extravagant meals, drinks, and entertainment in connection with a visit by a foreign official;
  • Paying for “side trips” so that foreign officials can visit tourist attractions (e.g., Walt Disney World, Las Vegas) while in the United States;
  • Providing per-diems or “pocket money” for foreign officials to use during a visit;
  • Paying for a foreign official’s spouse or family to accompany the foreign official on a trip; and
  • Providing foreign officials with excessive gifts for birthdays, weddings, holidays, or other events.

c. Third Parties

This is always recognized as the highest FCPA risk and in India it is no different. More importantly, it may be even greater in this country because “Navigating India’s extensive regulations and bureaucracy often requires U.S. companies to rely on third parties, such as agents, brokers, consultants, sales representatives, distributors, and other business partners…The PCA similarly criminalizes bribery through third parties as a direct violation by the third party and as an abetment violation by the company on whose behalf the bribe is being made.” The key is subject any third party to rigorous due diligence and closely manage the relationship after the contract is signed. If a Red Flag appears at any point in the third party lifecycle it should be evaluated and cleared. The authors provide a handy list of some examples of Red Flags regarding third parties when doing business in India. They include:

  • A third party is listed in databases reporting known corruption risks (e.g., World Bank List of Debarred Firms) or has been previously investigated for, charged with, or convicted of corruption or other ethics violations;
  • A foreign official has specifically requested that a certain third party be involved in the company’s transaction or business;
  • An agent or consultant holds himself out as someone with close connections to an important minister or minister’s aide;
  • A third party does not appear to have sufficient resources, real estate/infrastructure, or experience to perform the requested tasks;
  • A third party asks the company to provide it with unreasonably large discounts, excessive commissions, reimbursements, or contingency fees; and
  • A third party requests payment in an irregular or convoluted manner (e.g., cash, offshore bank account, payments to another company, over/under invoicing).

Managing Corruption Risk in India

In their concluding section, the authors relate solid risk management tools tailored to the Indian market. It all starts with robust standards and procedures. From there you should train not only your employees on what may be illegal conduct and how to resist requests for bribes but also your third parties. Annual certifications are an important tool for not only risk management but also communication about anti-corruption expectations. Your compliance program should devote the appropriate level of personnel and resources for your operations in India. Finally, a robust reporting mechanism is key but equally critical is your response after any information comes to light. It must be thoroughly investigated, quickly remedied and reported as appropriate.

The Foley & Lardner/MZM Legal white paper is a welcome addition to literature about country specific risks, remedies and responses. A copy of the full white paper can be obtained by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 25, 2014

How to Avoid a Mousetrap – Resource Reductions in Your Compliance Function

The MousetrapOn this day, 62 years ago, “The Mousetrap”, a murder-mystery written by Agatha Christie, opened at the Ambassadors Theatre in London. The crowd-pleasing whodunit has become the longest continuously running play in history, with more than 10 million people attending its more than 20,000 performances. The play opened with Sir Richard Attenborough and his wife, Sheila Sim, in the cast. To date, more than 300 actors and actresses have appeared in the roles of the eight characters. David Raven, who played “Major Metcalf” for 4,575 performances, is in the “Guinness Book of World Records” as the world’s most durable actor, while Nancy Seabrooke is noted as the world’s most patient understudy for 6,240 performances, or 15 years, as the substitute for “Mrs. Boyle.” The play is still going strong in London’s West End and at theaters across the world today.

The Mousetrap has survived the vicissitudes of one of the most fickle phenomenons known, the theater going public. Unfortunately, not all businesses can make the same claim to longevity, either in revenue sourcing or spending. For instance the energy industry is now facing a future with the price of oil at something currently around $80 per barrel. This has already led to proposed contraction in the energy services industry with the number 2 company, Halliburton Energy Services, buying the number 3 company, Baker Hughes. Halliburton has already announced they hope to achieve financial benefits through elimination of redundancies in the combined organizations.

Given this new thread of economics going through the energy industry, I wondered what it might all mean for a company’s compliance function? I thought about this question when I read a recent article in the Harvard Business Review (HBR), entitled “How Not to Cut Health Care Costs”, by Robert S. Kaplan and Derek A. Haas. Their article posited that many “cost-cutting initiatives actually lead to higher costs and lower-quality care.” This is because “Administrators typically look to reduce line-item expenses and increase the volume of patients seen.” But the authors opine that this is not the best way to cut costs or even deliver a superior health care service. They advocate, “Administrators, in collaboration with clinicians, should examine all the costs incurred over the care cycle for a medical condition. This will uncover multiple opportunities to benchmark, improve, and standardize processes in way that lower total costs and delver better care.”

Just as health care providers deliver services, so do compliance practitioners. This led me to view their article with the angle of a Chief Compliance Officer (CCO) or compliance practitioner that has been told to cut head count or resources. First, and foremost, is to keep in mind the direction provided in the FCPA Guidance, which is well thought out and considered, and will be viewed with a better eye by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) if they take a look at your compliance program after it has been cut. And, as with everything else that is Foreign Corrupt Practices Act (FCPA), UK Bribery Act or any other anti-corruption compliance program related, you must remember the most important aspect, that being Document, Document, and Document. Whatever you do, you should document that you have studied it, considered it and then articulated a reason for taking the steps you decided upon. This means you should take the authors advice and not simply reduce “line-item expenses on their P&L statements” but you should “consider the best mix of resources needed to deliver excellent [compliance] outcomes in an efficient manner.” To do so, the authors examine five cost cutting mistakes, which I will adapt for the compliance practitioner.

Mistake #1 – Cutting Back on Support Staff

Just as in the medical services-delivery world, the compliance arena support staff are a key component of a compliance program’s efficiency. Cutting such functions requires CCOs or others to spend more time on administrative matters and less on actually doing compliance. This can be up to ten times more costly for more senior compliance managers to perform such tasks than properly trained, efficient administrative staff. Arbitrary constraints or cuts in personnel spending, uninformed by the need to deliver high quality compliance outcomes can not only lead to a diminution in the compliance product but very dissatisfied internal compliance consumers.

Mistake #2 – Underinvestiging in Space and Equipment

While this is perhaps more self-evident in the health care services industry, I would argue that it applies to technology in the compliance arena. Underinvesting in technology can lead to a lowering of productivity for a company’s most expensive compliance resource; its compliance group. Further, once technology has been used in one area, the marginal cost to utilize it in a second area is often much lower than the initial cost. A case in point is translation services to translate your Code of Conduct, compliance policy and procedures into languages other than English. After the initial cost, the marginal cost for each update you make is considerably lower. Moreover, the authors point to the “folly of attempting to cut costs by holding down spending in isolated categories. More often than not, much higher costs soon show up in another category.” The key is to measure the costs of all resources used by the compliance function so that the appropriate trade-offs can be made. 

Mistake #3 – Focusing Narrowly on Procurement Prices

Often executives simply say that an overhead function, such as compliance, must “aim their reductions” at outside vendors. This may lead to more negotiations over suppliers’ pricings or attempts to negotiate high discounts. However the author’s note that this blanket approach often fails to take into account the precise mix of goods and services that a compliance department may use. Further, this gross approach focuses too narrowly on negotiating the price and fails to examine how the compliance function might actually consume goods and services from outside vendors. The authors note, “As a result, they miss potential large opportunities to lower spending.”

Mistake #4 – Maximizing Throughput

This mistake revolves around simply trying to get professionals to work faster. However, as with physicians, this mistake “is not sensitive to the impact of seemingly arbitrary standards on [compliance] outcomes.” Interesting what may be true is quite the opposite that a compliance function can receive greater overall productivity by spending more time with fewer problems. This is because by spending less time with problems up front, a compliance professional may be able to bring greater risk management techniques to bear, which can work to prevent or even proscribe a compliance issue rather than simply detecting it after something has occurred. The more time the compliance function can spend in counseling, monitoring or performing in-person training, the more benefits will be paid off from preventing compliance issues from becoming FCPA violative events.

Mistake #5 – Failing to Benchmark and Standardize

Benchmarking is recognized as a key tool of the compliance practitioner. However it is rarely thought of a cost-cutting tool or a cost-efficiency mechanism. Many compliance practitioners can only see the no ‘one-size-fits-all’ proscription which blocks them from seeing what other compliance practitioners might be doing to achieve similar results. If other companies can be used to determine a range of compliance techniques and strategies, perhaps they could also be consulting for the standardization of certain processes or procedures, which might lead to greater cost efficiencies. One constant about compliance is that there are no trade secrets in compliance. A constant about compliance professionals is that they will always share information on their program. Use the knowledge of others to help you deliver a compliance solution in a more cost-effective approach.

The compliance profession is maturing. Costs and inefficiencies can be the result of “mismatched capacity, fragmented delivery, suboptimal outcomes and inefficient use of technology.” In their penultimate paragraph the authors state, “The current practice of managing and cutting costs from a P&L statement does nothing to address those problems.” Unlike the theater version of The Mousetrap, compliance will experience ups and downs in funding similar to other corporate overhead functions. However, such pinch points might present opportunities for the compliance professional to review and assess a company’s compliance program and come up with ways to make it run more efficiently. For if it is true that there is no ‘one-size-fits-all’ approach to compliance; it is equally true that you are only limited by your imagination. But document how you got there and why and be prepared to defend how you identified your risk, coupled with your management of them.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

November 24, 2014

The FCPA Guidance: Still Going Strong at Two

Brithday TwoOne of the great things about Sunday afternoon is that Mike Volkov posts his Monday blog, when I usually have time to read it when I get the email notification that it is up. Yesterday he wished the Department of Justice’s (DOJ) and Securities and Exchange Commission’s (SEC) jointly released 2012 A Resource Guide to the U.S. Foreign Corrupt Practices Act (Guidance) a belated Happy 2nd Birthday and bemoaned the fact no one else had done so. Inspired, and somewhat chagrined by Volkov, I decided to blog today about a couple of the highlights from the FCPA Guidance.

I. The Ten Hallmarks of Effective Compliance Programs

As a ‘Nuts and Bolts’ guy I found the DOJ/SEC formulation of their thoughts on what might constitute a best practices compliance program, the most useful part. The Guidance cautions that there is no “one-size-fits-all” compliance program. It recognizes a variety of factors such as size, type of business, industry and risk profile a company should determine for its own needs regarding a Foreign Corrupt Practices Act (FCPA) compliance program. But the Guidance made clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

  1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states, “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
  2. Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. Importantly, the Guidance made clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model.
  3. Oversight, Autonomy, and Resources. This section began with a discussion on the assignment of a senior level executive to oversee and implement a company’s compliance program. Equally importantly, the compliance function must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Finally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall, the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
  4. Risk Assessment. The Guidance states, “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.” The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.”
  5. Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high-risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
  6. Incentives and Disciplinary Measures. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.”
  7. Third-Party Due Diligence and Payments. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
  8. Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
  9. Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
  1. Mergers and Acquisitions.Pre-Acquisition Due Diligence and Post-Acquisition Integration.Here the DOJ and SEC spell out their expectations in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information was not something on which most companies had previously focused. A company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

II. Declinations

Many commentators such The FCPA Professor, Mike Volkov, myself and others have advocated that the DOJ release information about Declinations because they are an excellent source of information for the compliance practitioner about the DOJ’s thinking on FCPA enforcement issues. Indeed I had written, “In an area like Foreign Corrupt Practice Act (FCPA) enforcement, where guiding case law is largely non-existent, compliance practitioners must rely on the actions and decisions of federal enforcement agencies for information. Such information is available in the form of enforcement actions, the release of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs), and hypothetical fact patterns presented to the Department of Justice (DOJ) through its Opinion Release procedure. But one highly valuable source of guidance has been kept from regulated entities and their counsels: DOJ and Securities and Exchange Commission (SEC) “declination” decisions, opinions which are drafted when the agencies decline to prosecute an individual or organization. A change is needed in this counterproductive policy. The release of substantive information on declinations would help foster greater compliance with the FCPA by providing practitioners with specific facts of circumstances where investigations did not result in an enforcement action.”

Whether the DOJ was answering any of the commentary, it hardly matters. But a significant section of the Guidance is dedicated specifically to six Declinations provided to companies which self-disclosed possible FCPA violations. The types of issues reported to the DOJ were as varied as mergers and acquisitions (M&A); actions by third parties on a company’s behalf which violated the FCPA; payments improperly made by company employees which were incorrectly characterized as facilitation payments; and illegal bribes paid out by a small group of company employees. From these Declinations, I derived the following points (1) The Company was alerted to possible corrupt conduct via its compliance program or internal controls. (2) Possible FCPA violations were self-reported or otherwise voluntarily disclosed to the DOJ/SEC. (3) The entities in question conducted a thorough internal investigation and shared the results with the DOJ/SEC. (4) The conduct violative of the FCPA was not pervasive and consisted of relatively small bribes or other corrupt payments. (5) The company took immediate corrective action against the person(s) engaging in the conduct. (6) Each company’s compliance program was expanded or enhanced and these enhancements were reflected in compliance training, internal process improvements and additional enhanced internal controls.

So here’s to the Guidance at the ripe of age of 2. Thanks for coming into all of our (compliance) lives. I have also held back the best for last; the Guidance is available for free on the DOJ website and you can download it by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 19, 2014

Chamber of Commerce: Corporations Form the Cornerstone of FCPA Compliance

CornerstoneRecently one of the most unlikely sources for praise of the Foreign Corrupt Practices Act (FCPA) came out to inform us all that corporations are the cornerstone of FCPA compliance and enforcement. You may be surprised to find out that it came from the US Chamber of Commerce. It did not come in the form of Congressional testimony in praise of the FCPA but in the Chamber’s Amicus Curie filing in a case currently being considered by the Texas Supreme Court. Regardless of the forum, the praise was just as strong and hopefully just as lasting.

The Texas Supreme Court recently held oral arguments in the appeal of Shell v. Writt. Unusually for a state supreme court case, it touches on the FCPA. The issue before the Court is whether Shell’s internal FCPA investigation is absolutely privileged from a defamation claim by persons named in the report as having violated the FCPA. Being as this is Texas, with a state supreme court just to the right of Attila the Hun, it is easy to determine what the outcome of the case will be, the company will win.

Procedurally, Writt, the plaintiff claiming defamation from Shell’s report of its internal investigation that it provided to the Department of Justice (DOJ), lost at the trial court on summary judgment. The trial court found that Shell had an absolute privilege because the report was turned over to a government agency investigating the matter. The court of appeals reversed this decision holding that because the internal investigation was voluntary, not mandatory, that only a conditional privilege existed and sent the matter back to the trial court for further proceedings. Shell appealed this court of appeals decision to the Texas Supreme Court.

Interestingly, the US Chamber of Commerce filed an amicus brief in the appeal to the Texas Supreme Court, supporting Shell. In its brief, the Chamber came out with full guns blazing in support of the FCPA and for full internal investigations and self-disclosure by companies. At the start of its brief, the Chamber comes out four square in support of the FCPA stating, “Since 1977, and especially over the last decade, the Foreign Corrupt Practices Act (“FCPA”) has played a very significant role in the federal regulation of multinational corporations. By punishing bribery and other illicit influence of foreign officials by U.S. companies, the statute seeks to improve the integrity of American businesses, promote market efficiency, and maintain the reputation of American democracy abroad.”

The Chamber noted the importance of the FCPA to both the US government and to US businesses. It stated, “Over the past decade, the FCPA has taken on renewed importance for both the U.S. government and American businesses.” As to the importance that the US government places on FCPA enforcement, the Chamber cited to the following, “DOJ officials have publicly stated that “enforcement of the FCPA is second only to fighting terrorism in terms of priority.”” Lastly, because of this focus, “FCPA compliance is now a main focus of concern for U.S. businesses.” Moreover, US companies are now ““light years ahead of where [they were] circa the mid-to-late 1990s,” with companies “implementing more rigorous and sophisticated compliance protocols,” including thorough internal investigations and candid self reporting.”

The Chamber did not stop there with its high praise of the FCPA and the importance of the FCPA and its enforcement for US businesses. The Chamber next turned to US businesses role in FCPA enforcement and compliance when it said, “the government has always relied upon businesses to cooperate with investigations and self-report any potential violations by corporate employees. “Federal enforcement authorities have consistently encouraged, if not as a practical matter demanded, that as to the FCPA companies voluntarily conduct internal investigations, disclose potential violations and cooperate with government investigations.” With their vast resources, individualized focus, and access to documents and witnesses, “companies are actually much better positioned to gather more information more quickly overseas than the Justice Department or the SEC.”” Perhaps channeling some of the criticisms of the recent General Motors (GM) and FIFA investigations, the Chamber recognizes that more than simply results must be shared with the DOJ when it stated, “The government requires that corporations provide not just information on violations that they are certain of, but rather any “relevant information and evidence,” as well as identification of “relevant actors inside and outside the company.””

The money line from the Chamber’s brief is the following, “Corporate cooperation, internal investigation, and self-reporting thus form the cornerstone of FCPA compliance and enforcement.” It could not be clearer from this statement the importance that a robust internal investigation protocol, coupled with self-disclosure bring to FCPA compliance. The FCPA Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken. Companies will want to consider taking “lessons learned” from any reported violations and the outcome of any resulting investigation to update their internal controls and compliance program and focus future training on such issues, as appropriate.”

Thus internal investigations coupled with self-reporting provide both companies and the US government towards the same goal; greater compliance with the FCPA because the Chamber recognizes that the FPCA plays a vital role in international business and corruption prevention and prosecution. The Chamber even cites, favorably, the Congressional logic for the enactment of the FCPA by stating, “Congress determined that such practices tarnish the image of American democracy abroad, impair confidence in American businesses, hamper the efficiency of the market, anger the citizens of otherwise friendly foreign nations, and, put simply, are “morally repugnant” and “bad business.”” Finally, the Chamber acknowledges the importance of the FCPA for both US and international investors; both in the US and for companies abroad by concluding, “The FCPA is a valuable statute that helps to reduce corruption and to reinforce public and investor confidence in the markets here and abroad.”

This brief lays out one of the strongest articulations of the power of the FCPA. I did not expect the Chamber to come out so forcefully in favor of what that many business types continually bemoan. The Chamber’s recognition that FCPA compliance and enforcement are cornerstones of the protection of US businesses; US business interests and investor confidence across the globe is a welcome addition to the FCPA dialogue.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 13, 2014

Atlanta Burns – the Bio-Rad FCPA Enforcement Action – Part III

Atlanta BurningOn this date in 1864, the Union Army phase of the destruction of Atlanta began. While most Southerners credit Union General William T. Sherman with the burning of Atlanta, it was, in reality, Confederate General John Bell Hood who ordered the burning of the armament works that started the destruction. Sherman merely finished it. But whoever started or finished it, the result was horrific for the city. By one estimate, nearly 40 percent of the city was ruined, leaving, as one commentator noted, “little but a smoking shell.” Unfortunately for the Confederacy, this is not the last we will hear about either General Sherman or General Hood.

The Bio-Rad Laboratories Inc. (Bio-Rad) Foreign Corrupt Practices Act (FCPA) enforcement action has provided a wealth of information and lessons to be learned by the compliance practitioner. In Parts I and II I reviewed the facts of the Bio-Rad enforcement action and the specified remedial steps that the company has agreed to take. Today, I want to mine the Deferred Prosecution Agreement (DPA), the company received from the Department of Justice (DOJ) and the Securities and Exchange Commission’s (SEC) Order Instituting Cease-and-Desist Proceedings (Order) and detail the specific internal controls that I think might have helped the company. (I will really try not to get carried away and have a Bio-Rad, Part IV but there is tons of great stuff in this one so there is no telling as I begin to write this post where I might end up.)

For many managers the default mode is to stay within silos and, as noted by Andrew Hill in his article in the Financial Times (FT) entitled “The default mode for managers needs a reset”, that such persons are “suspicious of ideas that are “not invented here.” This may lead them to becoming “detached from the purpose, and even values, of the company.” This can be particularly true of changes required by an anti-corruption compliance program which many business development types fear will change the status quo in a manner, which “puts at risk predictable, comfortable routines.”

Even with the three different bribery schemes used by Bio-Rad in three different countries, some general statements can be made. Obviously the use of a third party representative in Russia was fraudulent. However a robust system of internal controls might not have only detected such conduct but also prevented it if the Emerging Markets Regional Manager and/or any of the team under him knew that they would be checked by a second set of eyes on what they were doing.

I will focus on four areas of internal controls that were sorely missing from the company during its bribery scheme heyday:

  • Delegation of Authority (DOA)
  • Maintenance of the vendor master file
  • Contracts with agents
  • Movement of cash / currency.

Delegation of Authority 

Your DOA should reflect the impact of FCPA risk (transactions and geographic locations) to result in higher levels of approval for matters involving agents and for funds transfers and invoice payments to countries outside the US. If properly prepared and enforced, the DOA can be a powerful preventive tool for FCPA compliance, unfortunately this is not often the case as very often the DOA is prepared without much thought given to FCPA risks.

Properly utilized in a FCPA risk based process, the DOA takes into account the increased risk posed by certain types of transactions and by certain geographic locations. The DOA then provides for a higher level of scrutiny for higher risk transactions. This means that the DOA should specify who must give the final approval for engaging agents. Yet the DOA might distinguish between approval of vendor invoices for “routine” third party representatives and those from high-risk third party representatives, such as agents. Finally, the DOA should be integrated into the accounts payable processing system in a manner that ensures all high-risk vendor invoices receive the proper visibility. Identifying high-risk third party representatives can often be done within the vendor master file so payments to them are identified for appropriate approval BEFORE they are paid.

Vendor Master File

The vendor master file can be one of the most powerful PREVENTIVE control tools. This file should be structured so that each vendor can be identified not only by risk level but also by the date on which the vetting was completed and the vendor received final approval. Electronic controls should be in place to block payments to any vendor for which vetting has not been approved. Manual controls are needed over the submission, approval, and input of changes to the vendor master file. These controls include verification that all third party representatives have been approved before their information (and the vendor approval date) are input into the vendor master. Manual controls are also needed when “one time” third party representatives are submitted, when vendor name and/or vendor payment information changes are submitted.

Contracts with Third Party Representatives 

As demonstrated with the Bio-Rad enforcement action, contracts with agents are typically not integrated into an internal control system. They are left to operate on their own. Indeed in the case of Bio-Rad it is not clear if the compliance function had visibility into this process at all. However, to provide effective control, relevant terms of those contracts should be extracted and be made available to those who process and approve vendor invoices. This would also include a review of the commission rate for sales agents and the discount rate for distributors. To accomplish this, once the third party representatives are flagged as high-risk, and before any payments are made, the invoices are pulled for review and approval in accordance with the DOA. Such review would require that nonconforming service descriptions, commission rates, etc., must be approved not only by the original approver but also by the person so delegated in the DOA. This provides the necessary PREVENTIVE control to intercept questionable amounts before they are paid.

Disbursements of funds

All situations in which funds can be sent outside the US (accounts payable computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances, etc.,) should be reviewed from a FCPA risk standpoint. The goal is to identify the ways in which a country manager could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system. Controls need to be in place to prevent such activities. This would require that wire transfers outside the US have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA. Moreover, wire transfer requests going out of the US should always require dual approvals. Finally, wire transfer requests going outside the US should be required to include a description of proper business purpose and over certain level, there should be an additional review (yet another ‘second set of eyes’).

What about Hill and his default mode for managers to stay in their silos and never come out or allow change in their regions, such as was the case with the Bio-Rad Emerging Markets leadership team? This can occur in the compliance arena when the compliance function receives push back and is told the controls are too burdensome and also make operations less efficient. One of the areas available to a compliance professional is benchmarking from other company’s compliance experiences. However this can be expanded into solid presentations about why it is important to assess and mitigate FCPA risks using your corporate peers that have been the subject of a FCPA enforcement action. This is some of the best sources of information a compliance practitioner can avail his or herself of to provide good insight into why it was never expected that the company would be subject to FCPA enforcement and insight into the extreme disruption, cost, and anxiety which accompanied the enforcement actions.

Another key factor, as with all FCPA compliance initiatives, is ‘Tone at the Top’. This means that you should meet with and present the case for FCPA-focused internal controls to your company’s Executive Leadership Team (ELT), Audit Committee of the Board or other appropriate group of senior executives. The presentation should include, with examples, the importance of identifying and mitigating the FCPA and fraud risks. Some of these might include the following:

  • Illustrating the examples of how the controls can prevent bribery as well as many other types of occupational fraud;
  • Illustrating that the controls needed are all sound business controls, nothing exotic or out of the ordinary;
  • With proper control design, it may be possible to eliminate some existing detect controls in favor of more useful preventive controls or even prescriptive controls;
  • As a result of your business changes and resulting changes in assessed risks, it may be that some procedures now being performed are no longer needed and the resources can be shifted to more necessary controls; and
  • It may be possible to build in more electronic controls, which can replace existing manual controls.

As we end today’s post with Atlanta burning, Andrew Hill tearing down silos so that a company like Bio-Rad can put appropriate FPCA internal controls in place and arm the compliance practitioner with a wealth of information and lessons which can be applied to your own compliance program, all courtesy of Bio-Rad, I find that there is one more significant lesson to be taking away from this enforcement action, however I will save that for another day.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 12, 2014

John Doar and the Bio-Rad FCPA Enforcement Action – Part II

John DoarJohn Doar died yesterday. He was perhaps most famously known for his role as the House Judiciary Committee Chief Counsel during the investigation of and impeachment proceedings against then President Nixon. However, it was his role in the civil rights movement in the South that in large part inspired me to become a lawyer. He rode with the Freedom Riders in Alabama; walked with James Meredith so that he could register to attend the University of Mississippi, then stayed in the same dorm room with Meredith while the campus rioted; prosecuted the KKK in Mississippi after the murder of three civil rights workers in 1964; and marched for voting rights with Dr. King in Selma. My favorite John Doar story was retold in his obituary in the New York Times (NYT), where he stopped a riot in its tracks with the following ““My name is John Doar — D-O-A-R,” he shouted to the crowd. “I’m from the Justice Department, and anybody here knows what I stand for is right.” That qualified as a full-length speech from the laconic Mr. Doar. At his continued urging, the crowd slowly melted away.”” In my book, he is right up there with Atticus Finch.

In an earlier post, I reviewed the Bio-Rad Laboratories, Inc. (Bio-Rad) Foreign Corrupt Practices Act (FCPA) enforcement action from the perspective of the Non-Prosecution Agreement (NPA) the company was able to secure with the Department of Justice (DOJ). Today I want to review the bribery schemes that the company used to either internally fund the bribes or attempt to evade internal detection. Both the NPA and the Securities and Exchange Commission’s (SEC) Order Instituting Cease-and-Desist Proceedings (Order). The compliance practitioner can use these bribery schemes not only for FCPA training but also to see if any such schemes or their indicia may be present in your company.

Initially I need to discuss the corporate structure. It was apparently quite decentralized. According to the Order, “Bio-Rad’s international sales organization (“ISO”) oversees the company’s international sales operations; this includes all locations outside the United States and Canada. In 2009, the ISO consisted of four sub-divisions: (1) Western Europe; (2) Asia Pacific; (3) Japan; and (4) Emerging Markets. Each sub-division had a general manager, reporting to the vice-president of ISO. The Asia Pacific sub-division included Vietnam and Thailand. The Emerging Markets sub-division included Russia and other eastern European countries. Some countries within the sub-divisions had a country manager who reported to the ISO sub-division general manager.” Emerging markets is clearly a high-risk area for pharmaceutical companies. If your business development or sales organization has such a designation, I would suggest that you check and see if there are sufficient protections in place to at least raise any red flags, which might need further investigation.

However, it was more than the management structure of the business operations that was decentralized, the compliance function was similarly structured. The NPA stated, “BIO-RAD also decentralized its compliance program such that its international offices were responsible for ensuring adequate compliance with its business ethics policy and code of conduct.” This decentralization so defanged the company’s compliance program that it could not perform even the most basic functions of a compliance organization; no due diligence on third parties, indeed no management of third parties at all from the compliance perspective; no risk assessments were performed and, finally, the most damning was that the compliance function could not even ensure compliance with the company’s own business ethics policy.

The Russia Scheme

However the company used third party representatives to facilitate the bribery scheme. In addition to the lack of due diligence or usual steps that a compliance practitioner might put in place to manage third parties under the FCPA there were several other items of note which constitute lessons learned by the compliance practitioner. First and foremost was the commission rate paid to these third parties, that being between 15%-30%. This alone may well have been enough to demonstrate “a conscious disregard for the high probability that the Russian Agents were passing along at least a portion of their commissions to Russian government officials to obtain profitable public contracts for the sale of medical diagnostic equipment.” Further, the payments made to these agents were sent to countries outside Russia, where neither the alleged services were delivered nor where the agents were legally domiciled. Moreover, not only did these agents have no offices in Russia, they had no employees in Russia either.

Apparently there were contracts in place with these agents. The services these agents were specified to deliver included, “acquiring new business, creating and disseminating promotional materials to prospective customers, distributing and installing products and related equipment, and training customers.” But it really is hard to deliver services if you have no employees. Apparently there were times these agents did deliver something identified as “distribution services” for the commission rates between 15%-30%. However the estimated value of these services for the company was between 2%-2.5% of the total sales.

Another area of obvious concern should have been the pre-payment of commissions to these agents. Any time you pre-pay before a service is delivered (other than a retainer into a lawyer’s trust account) you can potentially run into trouble. But Bio-Rad took it a step further by making pre-payments before contracts with the ultimate buyer were negotiated. Any ideas where those pre-paid commissions might have gone? Another area was the amount of the commissions. They were just less than $200,000, which happened to be the authority level of the head of Bio-Rad’s Emerging Markets business unit. So there was no oversight or second set of eyes on these pre-payments because it was within the manager’s authority level. Finally, these pre-payments were actually forbidden under the contracts but they were made anyway.

The Vietnam Scheme 

The Vietnam Country Manager had contracting authority up to $100,000 and sales commissions up to $20,000. From 2005-2009 Bio-Rad apparently paid bribes directly to health care workers so they would purchase the company’s products. When it was pointed out to the Country Manager this was illegal, he simply moved to a distributor “at a deep discount, which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes…Between 2005 and the end of 2009, the Vietnam office made improper payments of $2.2 million to agents or distributors, which was funneled to Vietnamese government officials. These bribes, recorded as “commissions,” “advertising fees,” and “training fees,” generated gross sales revenues of $23.7 million to Bio-Rad Singapore.” 

The Thailand Scheme

In Thailand, it was an almost mundane bribery scheme involved compared to Russia and Vietnam. Bio-Rad acquired an interest in a Thai Joint Venture (JV) through an acquisition where it performed “very little due diligence” on the JV. Bio-Rad acquired a minority interest in the JV and it did not communicate directly with the JV’s distributors but only through the majority owners of the JV. The bribery scheme was funded through “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” The due diligence was so poor that Bio-Rad did not know that the prime third party sales representative for the JV were the same majority owners of the JV.

Tomorrow, I will discuss some of the internal controls that a company might employ to help prevent such a compliance failure as occurred at Bio-Rad.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 10, 2014

Gordon Lightfoot, the Edmund Fitzgerald and the Bio-Rad FCPA Settlement, Part I

Wreck of the Edmund FitzgeraldThis month there are two dates that are forever tied together in the annuals of maritime tragedies and great songwriters. November 10 is the 39th anniversary of the sinking of the Great Lakes freighter the SS Edmund Fitzgerald, who sank 17 miles from the entrance to Whitefish Bay on Lake Superior taking all 29 crewmembers to the bottom with her. Next Monday, November 17, is the 76th birthday of the Canadian singer-songwriter Gordon Lightfoot, who memorialized the tragedy in the song The Wreck of the Edmund Fitzgerald, which he released on the album Summertime Dream in 1976. The song went all the way to Number 2 on the charts. I can still hear Lightfoot’s haunting tale in my head to this day and for me, it was his greatest single.

Earlier this month, Bio-Rad Laboratories Inc. (Bio-Rad) concluded a multi-year Foreign Corrupt Practices Act (FCPA) investigation and enforcement action. It was notable for many reasons. First and foremost was the stunning bribery and corruption scheme that the company engaged in; multiple bribery schemes in multiple countries. Also notable were the results that the company achieved. While we do not yet know if there will be any individual prosecutions of this matter, the company received a Non-Prosecution Agreement (NPA) from the Department of Justice (DOJ) and a relatively small fine of $14.35MM for what clearly would appear to be criminal violations of the FCPA. Perhaps equally stunning is the amount of profit disgorgement that the company agreed to with the Securities and Exchange Commission (SEC), that amount being $40.7MM.

As with the Layne Christensen FCPA enforcement action from October, both settlement documents provide a wealth of very useful information for the compliance practitioner to use to not only help create a best practices compliance program, but also review your company’s compliance program to see if there might be areas of risk which need to be assessed or have greater compliance scrutiny. Over the next couple of blog posts I want to explore the Bio-Rad FCPA settlement, discuss some of the lessons learned for the compliance practitioner and explore what this settlement may unveil for future FCPA enforcement actions.

With his usual thoroughness, the FCPA Professor went into deep dive mode to lay out the underlying facts involved in this matter, in a post entitled “Bio-Rad Laboratories Agrees To Pay $55 Million To Resolve FCPA Enforcement Action”. According to the NPA, Bio-Rad had bribery schemes running in the following countries: Russia, Vietnam and Thailand. In Russia, persons identified as ‘Manager-1’ who was a high-level manager of the company’s Emerging Markets sales region and ‘Manager-2’ who worked for Manager-1 and was described as a high-level accounting manager of the company’s Emerging Markets sales region, engaged with ‘Agent-1’ paying him “a commission of 15-30% purportedly in exchange for various services outlined in the agency contracts, including acquiring new business by creating and disseminating promotional materials to prospective customers, installing Bio-Rad products and related equipment, training customers on the installation and the use of Bio-Rad products, and delivering Bio-Rad products.”

The commission rates were approved by Manager 1 and 2 even though they were both aware that Agent 1 did not and indeed could not perform the contracted services. Payments were made to a level of $200,000 or less because that was the spending authority of the managers, which did not require a higher level of company review. Both managers communicated with Agent 1 through multiple fraudulent email addresses to avoid detection by the company. Finally, Agent 1 had a 100% success rate in obtaining sales into Russia.

In Vietnam, the system was much simpler and even more directly corrupt. The Bio-Rad country manager was authorized to approve contracts up the amount of $100,000 and to pay sales commissions up to $20,000 without further review. This un-named country manager simply authorized cash payments to officials at state-owned hospitals to obtain or retain business for the company. When the country manager was finally challenged on this direct bribery scheme, he simply “proposed a solution that entailed employing a middleman to pay the bribes to the Vietnamese government officials as a means of insulating Bio-Rad from liability.” The bribery funds were created by giving these middlemen, named distributors, deep discounts “which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes.” These bribes were recorded on the company’s books and records as “commissions”, “advertising fees” and “training fees”.

In Thailand, the company acquired a 49% interest in a joint venture (JV) through acquisition. Initially I would note that there is no record that Bio-Rad either performed pre-acquisition due diligence or engaged in any post acquisition integration or remediation so that an ongoing bribery scheme which began under a previous company’s ownership continued after Bio-Rad took control of the Thailand JV. The bribery scheme involved paying an agent “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” Just to top it all off, the agent involved in the bribery scheme was Bio-Rad’s JV partner.

I would say that all of the above is very bad conduct. Yet, Bio-Rad was able to garner a NPA from the DOJ and a civil Cease and Desist Order from the SEC. How did they accomplish this? In the DOJ Press Release, it stated, “The department entered into a non-prosecution agreement with the company due, in large part, to Bio-Rad’s self-disclosure of the misconduct and full cooperation with the department’s investigation…In addition, Bio-Rad has engaged in significant remedial actions, including enhancing its anti-corruption compliance programs globally, improving internal controls and compliance functions, developing and implementing additional due diligence and contracting procedures for intermediaries, and conducting extensive anti-corruption training throughout the organization.”

For the compliance practitioner, yet once again the DOJ and SEC are sounding a LOUD and CLEAR message that even with very bad conduct, the systemic failure of internal controls and having a culture that turned a very blind eye at best to what was going on; you can make a comeback. Moreover, you can make such a spectacular comeback that does not even sustain a Deferred Prosecution Agreement (DPA) let alone have to accept a guilty plea. It all starts with putting a best practices compliance program in place and the DPA lists the steps that any company should consider in its compliance regime.

  1. High level commitment by providing visible support by senior management.
  2. An appropriate corporate policy around anti-corruption.
  3. Specific policies and procedures in the following areas: (a) gifts, (b) hospitality, entertainment and travel, (c) customer travel, (d) political contributions, (e) charitable donations and sponsorship, (f) facilitation payments and (g) solicitation and extortion.
  4. Appropriate internal controls to ensure transactions are authorized and properly recorded.
  5. A periodic risk-based review. In other words, a risk assessment. Policies and procedures need to be reviewed no less than annually and updated as appropriate.
  6. The compliance function should have proper Board oversight, independence to act and support within the organization.
  7. Compliance shall provide training on and guidance to the business units on its anti-corruption compliance program.
  8. There should be mechanisms for employees to report internally compliance issues of concern with no fear of retaliation.
  9. A company must maintain and provide “effective and reliable” processes and resources to responding to any raised issues.
  10. A company must use both incentives to encourage behavior and discipline of those employees who violate its compliance program.
  11. Third parties must be subjected to an appropriate due diligence based vetting process, have an appropriate contract and thereafter be managed going forward after the contract is signed.
  12. There should be a protocol for evaluation of any potential acquisitions or merger candidates and then appropriate review and remediation after any acquisition is complete.
  13. There should be ongoing monitoring and testing of the compliance program going forward.

At the conclusion of its NPA, Bio-Rad agreed to ongoing compliance reporting, at annual anniversaries of the date of the NPA by reporting to the DOJ the results of its remediation efforts over the past year. This is one of the most significantly overlooked positive aspects of any FCPA resolution. This allows the DOJ to have a continued view into the company’s compliance function. It is not an ongoing monitor but it does give the DOJ a transparent view into the company’s work towards the overall goal of putting a best practices compliance program in place and not simply stopping work when the settlement is signed. It keeps the company on its toes and allows the DOJ to continue to assess the company’s actions around anti-corruption compliance.

In the next blog post on Bio-Rad, I will review some of the specific bribery schemes that the company used and discuss how a compliance practitioner might use them for some lessons learned.

For a YouTube version of Gordon Lightfoot signing The Wreck of the Edmund Fitzgerald, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 7, 2014

Don’t Collapse in the Wind – Knowledge is Power

Tacoma Narrows BridgeOn November 7, 1940, high winds buffeted the Tacoma Narrows Bridge leading to its collapse. The first failure came at about 11 a.m., when concrete dropped from the road surface. Just minutes later, a 600-foot section of the bridge broke free. Subsequent investigations and testing revealed that when the bridge experienced strong winds from a certain direction, the frequency oscillations built up to such an extent that collapse was inevitable. For posterity, the collapse of the Bridge was captured on film.

I thought about this spectacular engineering failure when I read, yet again, commentary about representatives from the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) appearing at for-profit conferences to give presentations to attendees. Personally, I was shocked, simply shocked to find out that one has to pay to attend these events. Further, it appears that one or more of the companies running these events, ACI, Momentum, IQPC, HansonWade, among others, might actually be for-profit companies. It was intimated that one of the ways the conference providers enticed registrants to pay their fees was to provide a forum of lawyers practicing in the Foreign Corrupt Practices Act (FCPA) space, to whom representatives from the DOJ and SEC could speak. Now I am really, really really shocked to find that people actually pay to obtain knowledge.

Armed with the new piece of information that there is a marketplace where people actually pay to obtain information, I have decided to practice what I preach and perform a self-assessment to determine if I am part of this commerce in ideas. Unfortunately I have come to the understanding that not only do I participate in that marketplace but also I actually use information provided by representatives of the US government in my very own marketing and commerce. So with a nod to Adam Smith’s Invisible Hand of the Marketplace; I now fully self-disclose that I digest to what US government regulators say about the FCPA, repackage it and then (try) and make money from it. (I know you are probably as shocked, shocked as I was to discover this.)

Where can one go to find out information about the FCPA, its enforcement and how the DOJ and SEC view compliance programs? First and foremost is the FCPA Guidance, jointly issued by the DOJ and SEC back in 2012. It is still the best one volume resource on the government’s thinking on a wide range of issues relating to the FCPA. For a ‘Nuts and Bolts’ guy like me, it even has some suggested building blocks of FCPA compliance called the Ten Hallmarks of an Effective Compliance Program. Of course, such a treatise must cost thousands of dollars so that it is only available to a very select few. Oops, it is available for FREE on the DOJ website. Darn, as I planned to buy up all of the copies and then put on for pay seminars across the world as the only source of such knowledge.

Since the FCPA Guidance is available for free, perhaps I can corner the market on all known enforcement actions and Opinion Releases. I am sure that they will provide lots of good information such as what might constitute an effective compliance program, what are some of the actions that got companies into FCPA hot water and suggestions by the DOJ and SEC as to what might have constituted compliance failures. I have even heard that in Opinion Releases, the DOJ will pass upon fact patterns and indicate if they believe such facts might be prosecuted for FCPA violations. Double oops, as all of those are publicly available as well and for FREE. Double Darn.

OK, well if the FCPA Guidance is free and all the enforcement actions and Opinion Releases are available for free; maybe I can corner the market on court opinions, which discuss the FCPA. I am a lawyer and I bet all the other lawyers would pay me if I were the only person in the world who had access to them (or even better yet we were in China where the trials are held in secret-imagine that market!). I know there are only a handful of such cases but imagine the power I would have if only I knew about them. Why I could I put on seminars and pay people to attend. Triple oops, as I just found out that the court decisions are public record and available for FREE. Drat.

Well if all this information about the FCPA is available for free what can I do to make money? Hmm, maybe, just maybe, if I put information together from all of the above sources in a book people might be interested in buying it. What if I wrote multiple books? Do you think there might be a market for such written texts? I certainly hope so and to further entice you to join in this nefarious act of for-profit commerce, I invite you to check out my latest book, Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program, available at Compliance Week. Or perhaps you might want to purchase either of the other three printed or five eBooks I have written on FCPA compliance. But wait a minute, wouldn’t that mean I am making money off free government information? I guess I better self-disclose those facts and let the chips fall where they may. Hopefully Adam Smith will give me a declination of the Invisible Hand.

If no one will buy any of the books I have written, maybe they would attend training that I might put on. I could talk about all this free government information, put it in power points slides and other written materials and then charge people to get trained. I could even call it ‘FCPA Training’. Maybe I could go to other parts of the country and put on training, maybe in places where they might not have heard about all the free DOJ and SEC information. Of course, I would have to find such a place. But wait a minute, wouldn’t that mean I am making money off of free government information. I guess I better self-disclose that as well.

If no one will buy any books I write or go to training seminars that I might put on, I could always write a blog. Do you think anyone would pay to read a blog? Nah 

How about the following as a business strategy? I will tell people I am lawyer and I will give them legal advice on the FCPA. Of course to do so, I will have to use all of these free resources listed above and then charge clients for my legal services. Think there might be a market for that legal advice? I am not really sure so perhaps I should make a provisional self-disclosure that if any clients came to me for legal advice, I would charge them and hence engage in commerce. It would also allow me to apply to join that hallowed group, FCPA INC. whose members (1) practice law around the FCPA, (2) put on FCPA training, (3) write books on the FCPA and (4) generally pontificate on all things FCPA. Sounds like a great group to belong to, you think they will take me? If so I can’t wait to learn the secret handshake so I can proudly commune, in secret, with its members. Hopefully they will not haze pledges too badly, as I am way too old to survive another Pledge Week.

If you have not quite ascertained the point of today’s post, please consider the following – knowledge is power. If you want knowledge about the FCPA there are plenty of places you can look for free to obtain that knowledge. If you want to hear the DOJ or SEC’s most current thinking on FCPA related issues, you can also attend a (for-pay) FCPA conference. If so, I am sure I will see you there because I certainly value what they have to communicate to us. I also plan to continue to communicate it to you; sometimes even for profit. Long Live Adam Smith and his Invisible Hand! 

Always remember, a little knowledge can go a long way, even if you have to pay to garner it.

================================================================================================================================================================================================================================================

To further emphasize some of these articulations, I am pleased to announce that I will present some of my thoughts on the issue of internal controls in an effective compliance program, in a webinar hosted by The Network, next Tuesday, November 11 at 1 PM EST. For details and registration, click here.

On December 4, I will be making a live presentation on the recent trend for the DOJ and SEC to target internal controls in FCPA enforcement actions and the interplay with the COSO 2013 Update at a live event, hosted by The Network, in Houston. Baker and McKenzie partner Stephen Martin will be joining me and will discuss risk assessments in a best practices compliance program. For details and registration, click here.

And best of all both events are FREE, just like this video of the Tacoma Narrow Bridge collapsing.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 5, 2014

A Royal Fan Responds: Russ Berland on the SEC Financial Report for FY 2014

Russ Berland

Ed. Note-today we have a guest post from KC Royals fan and Stinson Leonard Street partner Russ Berland. 

As a Kansas City Royals fan, I would like to use this opportunity to congratulate the Royals on a great season and say to them, “Ya done good.”  Despite losing an extremely close seventh World Series game to a very able and talented San Francisco Giants team, which included a pitcher whose name and face will one day be memorialized in Cooperstown, this year has been a banner, or should I say, a pennant year for the boys in blue.

The SEC likewise would like to take a moment to be congratulated on their banner year in their annual enforcement preview of their Agency Financial Report.  So here goes … The SEC wants us to know that they are using creative means to find misconduct on their own and go after it, to hold people and corporations accountable,  and to pay and protect whistleblowers.  On October 16, the SEC put out its official preview of its upcoming Agency Financial Report for FY 2014.  The SEC’s fiscal year ends September 30, so this spans every enforcement action the SEC has taken since October 1, 2013.  The report has four major themes:

  1. The SEC is enforcing the law against people, not just companies. It takes people to commit misconduct on behalf of companies so those same people should be held accountable.  And if the SEC is counting on you to watch over companies and transactions you better take it seriously.  The SEC does and they will hold you accountable.  The preview made this point in showcasing its major enforcement actions against Fifth Third Bancorp and its former CFO, Diamond Foods Inc. and its former CEO and CFO, World Capital Market and its founder, and many, many others.  The most poignant example was the enforcement action against the Chairman of the Audit Committee of AgFeed Industries, Inc.  The SEC alleges that Ivan Gothner, the chairman of AgFeed’s audit committee received information that AgFeed’s Chinese operations were conducting accounting fraud and instead of taking a fellow director’s advice to “hire professional investigators guided by outside legal counsel,” he directed internal resources to assess the situation.  When that resulted in late and inadequate information, the SEC charged him “with violating or aiding and abetting violations of the anti-fraud, reporting, books and records, and internal controls provisions of the federal securities laws” and ” with making false statements to AgFeed’s outside auditors.”  Andrew Ceresney, Director of the SEC’s Division of Enforcement, called this “a cautionary tale of what happens when an audit committee chair fails to perform his gatekeeper function in the face of massive red flags.”
  2. Corporations must admit their actions. Last year, the SEC Chairman, Mary Jo White, announced that more companies must admit their wrongdoing in settlements.  The SEC’s Admissions Policy states that the companies may be required to admit their wrongdoing when there is “(1) misconduct that harmed large numbers of investors, or placed investors or the market at risk of potentially serious harm, (2) egregious intentional misconduct, or (3) when the defendant engaged in unlawful obstruction of the commission’s investigative processes.”  Now, the Preview adds two more categories to those required to make admissions: “[4] where an admission can send a particularly important message to the markets, or [5] where the wrongdoer poses a particular future threat to investors or the markets.”  For example, in the settlement with ConvergEx for misrepresenting its commissions to brokerage customers, ConvergEx was required to admit the facts stated by the SEC and admit that it had violated Securities Laws.  In one interesting twist, Wells Fargo Advisors LLC was forced to admit its wrongdoing when one of its brokers traded on non-public information about the sale of Burger King to a private equity firm. The “wrongdoing” that Wells Fargo Advisors admitted encompassed inadequate policies, inadequate coordination among internal groups tasked with policing insider trading and the compliance officer who should have spotted the insider trading missing it. This is an interesting view of what constitutes “egregious intentional misconduct.” The message seems to be that in order to settle a matter with the SEC without admitting or denying facts or legal conclusions, the defendant will need to prove they do not fit in one of the five listed categories.  It’s possible that the SEC forced Wells Fargo Advisors to admit it’s wrongdoing because it delayed production of relevant documents or because one of the documents that they turned over had been altered by the compliance officer herself.  Or perhaps they are sending “a particularly important message” to compliance officers that they need to be vigilant in doing their jobs.
  3. Whistleblowing Pays.  In FY2014, the SEC paid $35 million to 9 whistleblowers.  One of them received $30 million by him or herself.   Because the SEC rules protect the identity of whistleblowers, we don’t know who got paid.  But the SEC whistleblowing process has multiple stages, which include bringing original information or an original analysis of existing information to the SEC, having the SEC pursue that information leading to a prosecution, and successfully prosecuting or settling that matter with a recovery of over $1 million.  This takes  a long time from beginning to end.  Dodd Frank was passed in 2010.  The first REAL money ($14 million) was paid last year.  And now someone is getting $30 million.  The pipeline took a while to fill, but it is reaching a full state and we can probably expect to see a lot more whistleblower payments in the next few years.
  4. If you don’t come to us, we’ll find you. The SEC is using more and more data analytics on financial and trading activity to find wrongdoers.   According to the SEC, ” innovative use of data and analytical tools contributed to a very strong year for enforcement marked by cases that spanned the securities industry.”   Right now, they are telling us that they are using those techniques to look at filing deficiencies, hedge fund returns, and insider trading.  But we can anticipate they are looking at more than just those categories and we should expect to see more and more use of these techniques over broader areas in the coming years.  And, the SEC is telling us that they are also currently implementing and developing “next generation tools” to review market and other data for suspicious activity.

So, this Preview of the FY2014 Agency Financial Report suggests that the SEC should not be seen as sitting back and waiting for cases to come to them.  And when companies and people violate Securities Laws, the SEC will work hard to make sure that they each take accountability, either personally through fines and penalties or corporately, through admissions.   Like the Royals, the SEC would like us to know that they have had a banner year.

Berland can be reached at russ.berland@stinsonleonard.com. He was lead investigative counsel for Layne Christensen in its recently concluded FCPA enforcement action by the SEC. In my podcast, the FCPA Compliance and Ethics Report, Episode 104, I interview Berland on how the company was able to receive a declination from the DOJ. The Episode will post Thursday, Nov. 7.

October 31, 2014

The Great Pumpkin and the Alternative Universe

Pumpkin Patch 1For Halloween last year, I wrote a blog post where I derided Linus and his forlorn quest to have his pumpkin patch named the most sincere by the Great Pumpkin. In response I received this rather terse message from my colleague Doug Cornelius:

Are you trying to say that the Great Pumpkin is not real? 

Just wait ’til next year, Tom Fox. You’ll see! 

Next year at this same time, I’ll find a pumpkin patch that is real sincere! And I’ll sit in that pumpkin patch until the Great Pumpkin appears. He’ll rise out of that pumpkin patch and he’ll fly through the air with his bag of toys. 

The Great Pumpkin will appear! And I’ll be waiting for him! 

I’ll be there! I’ll be sitting there in that pumpkin patch… and I’ll see the Great Pumpkin. Just wait and see, Tom Fox. I’ll see that Great Pumpkin. 

I’ll SEE the Great Pumpkin! 

Just you wait, Tom Fox. 

If Doug Cornelius, who is always right about the Patriots and most everything else, sends me such a scathing note, I thought he must also be right about the Great Pumpkin as well. So this year, I am in the same running with Linus to have the most sincere pumpkin patch and the picture you see in the corner is one that I have adopted as my own. It certainly looks sincere to me.

I thought about my new-found wisdom, appreciation of the Great Pumpkin and the sincerity of my pumpkin patch when I read a recent article in the New York Times (NYT) DealB%k column, entitled “In Turnabout, Former Top Regulators Assail Wall Street Watchdogs”, by Jesse Eisinger, where he reported on his visit to an “alternative universe” populated by former top Department of Justice (DOJ) and Securities and Exchange Commission (SEC) officials who have all now joined the private sector and are white collar defense lawyers. This alternative universe was facilitated through the Bruce Carton’s recenetly held 2014 Securities Enforcement Forum, where the ‘Director’s Panel had the following luminaries: “Robert Khuzami, President Obama’s first enforcement director who now plies his trade at Kirkland & Ellis; Linda Chatman Thomspen, who served as the George W. Bush-era S.E.C. and now works for Davis Polk & Wardell; William R. McLucas, the long-serving agency enforcement director who is now at WilmerHale; and George S. Canellos, who just left the Obama S.E.C. for Milbank Tweed. (The well-known Stanley S. Sporkin, who served the agency in the 1970s, rounded the panel out.)” All had served as Directors of the SEC. Current SEC enforcement director Andrew Ceresney chaired this “alternative universe” panel.

Why was this an “alternative universe”? These former regulators complained that the SEC is being too tough on their clients and indeed other regulators are being unfair to large banks! As reported by Eisinger, “The conference turned into a free-for-all of high-powered and influential white-collar defense lawyers hammering regulators on how unfair they have been to their clients, some of America’s largest financial companies.” I am also certain that they were SHOCKED, SHOCKED to find that gambling occurred in Rick’s Café American.

What were some of the criticisms from this “alternative universe”? First and foremost was aggressive SEC enforcement specifically focused on the ‘broken windows’ theory to corporate crime. The panel’s luminaries “argued that the commission has focused too much on smaller infractions”. Too bad the Layne Christensen Foreign Corrupt Practices Act (FCPA) SEC enforcement action had not come out before this conference; imagine how much fun the panel would have with a $4 reference as the amount of a bribe payment to show nefarious conduct. Nothing speaks to sincerity like strictly enforcing the law.

The next criticism was over the SEC moving towards “administrative proceedings to push its cases”. Eisinger said, “The critics liken it to getting a hometown judge instead of putting cases to the test of judges and juries.” But he went on to note that these same banks require customers and others go to arbitration to resolve disputes and the arbitrators on these panels are usually ex-financial sector employees. Oops. I guess what is good for the goose is not good for the gander or as Eisinger said, “When the government does it, they scream foul.” I would certainly point out to the Great Pumpkin that it is certainly sincere to argue that you should receive better treatment than your customers.

The next series of complaints was leveled by Brad S. Karp, the chairman of Paul, Weiss, which centered on the fact that the banks had to navigate many different types of regulators such as the SEC, DOJ, state attorneys general, the New York state financial regulator and others. Boy that sure seems unfair, I mean banks are like the most sincere pumpkin patches around, they want to do business in all those locations but they do not seem to want oversight in all the places they do business. I wonder what these same defense lawyers would same about domestic enforcement of the FCPA and other countries enforcement of their own domestic anti-bribery/anti-corruption laws? For a hint they might want to purchase a copy of my eBook GSK in China. I guess the message here is that there are lots of very sincere pumpkin patches across the world and the Great Pumpkin really has a hard time figuring out which one is the most sincere. Santa Claus has a comparatively much easier job with simple Nice and Naughty lists.

Interestingly Karp also expounded on some of the defense tactics that he uses when the government comes knocking. “First, he pushes to move the charges to a subsidiary. Second, he tries to lower the charge. Third, he said, he focuses “on the powerful individuals in an organization” meaning that lawyers need to put top management first as they prepare a defense.” Does that sound like the results of any FCPA enforcement actions you might have read about lately? Certainly nothing but sincerity in those defense tactics.

However, you cannot argue with the results achieved by this star-studded cast of former government prosecutors in defense of their clients. Eisinger stated, “These strategies have been employed to glittering success. The guilty pleas and admissions have been largely by subsidiaries or been rendered toothless. Entities have admitted to charges that were narrow or unspecific and did not open them up to further private litigation. And, of course, no powerful individuals at any of the large, fine-paying companies have been criminally charged.” Once again, does that sound like the results of any FCPA enforcement actions you might have read about lately? Certainly nothing but sincerity in those defense results.

And finally for all those who decry the ‘revolving door’ of government prosecutors going out into the private sector and being too soft in defense of their clients because, you know, they used to enforce the same laws; Eisinger ended his piece with a dismantling of that argument. He wrote, “Former top officials, whose portraits mount the walls, weigh in on matters of enforcement. Now working for the private sector, they assail regulatory “overreach”…And given what they say in public imagine what goes on behind closed doors.” As a lawyer, I can proudly attest to that kind of sincerity, you sincerely represent the one who pays your bills!

As I near the end of this Halloween piece I fear I have come to the realization that my adopted pumpkin patch may not be the most sincere in the US, let alone the planet. I also fear that once again this year Linus may not be awarded with the one piece of recognition he so earnestly desires as well. I think that the Great Pumpkin will most probably find that the recent 2014 Securities Enforcement Forum where “The conference turned into a free-for-all of high-powered and influential white-collar defense laws hammering the regulators on how unfair they have been to their clients” is certainly the most “sincere” Pumpkin Patch on the planet this year. If you are sitting outside tonight you might well see the Great Pumpkin himself in this “alternative universe”.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,830 other followers