FCPA Compliance and Ethics Blog

June 16, 2014

Watergate is Not Just a Hotel – Corporate Suitors for Alstom

Watergate ComplexToday is the anniversary of an event that can truly be said to have changed the world; although certainly not in the manner intended by its planners, sponsors or participants. Today is the anniversary of the 1972 Watergate Break-In. How much of the world has changed because of this event? We certainly would not have had Jimmy Carter as the US President and most probably would not have had the Foreign Corrupt Practices Act (FCPA) passed into law during his administration. Would Ronald Reagan have become President four years earlier in 1976 rather than 1980? Who knows, but, if yes, would the Soviet Union have collapsed sooner under the weight of his military buildup? What about the fall of the Shah and the taking of the US hostages, think Reagan would have had a more ‘robust’ response than Carter? All tantalizing questions for those interested in the great What Ifs of history.

Over the weekend, I read that the long shuttered Watergate complex is scheduled to be torn down to make way for a more modern office edifice in its most desirable of Washington DC locations. This reminded me of one of my favorite Watergate era slogans “And Watergate was not just a hotel!” Indeed it was not just a building, rather an entire mindset of a presidency that went seriously off the rails.

Interestingly I found a parallel to this slogan when reading about the overtures by General Electric (GE), then Siemens and also Mitsubishi Heavy Industries to purchase some or all of the French company Alstom. These offers are in spite of Alstom’s very public current anti-corruption issues, in several countries. Mike Volkov, in a blog post entitled “Alstom: The Next Poster Child for Anti-Corruption Enforcement”, said “In our FCPA world, we have a new poster child for blundering – Alstom. The handwriting is on the wall – as time goes on, the Justice Department is building a bigger and bigger FCPA case against Alstom. One of my favorite Dylan lyrics applies with full force – “You don’t need a weatherman to know which way the wind blows.” Further, “Clearly we have a case where the client company just does not understand what is going on, nor does senior leadership have the ability or desire to respond and fix the problems. Instead, Alstom’s failure to act and respond reflects the lack of any ethical culture. That in a nutshell is probably 90 percent of the reason that a culture of bribery took over the company.” Pretty strong stuff.

Four senior executives have been charged for FCPA violations around one project. The FCPA Professor reported, “The conduct at issue concerned the Tarahan coal-fired steam power plant project in Indonesia.” All were charged around the same set of facts. They are alleged to have paid bribes to officials in Indonesia, including a member of Indonesian Parliament and high-ranking members of Perusahaan Listrik Negara (PLN), the state-owned and state-controlled electricity company, in exchange for those officials’ assistance in securing a contract for the company to provide power-related services for the citizens of Indonesia, known as the Tarahan project.” Two of the four Alstom executives have pled guilty to FCPA violations.

Over the weekend, the Financial Times (FT) reported, in an article by Caroline Binham, entitled “UK prosecutors press on with Alstom probe”, that the Serious Fraud Office (SFO) has been given permission by the UK attorney-general to prosecute both the company and former employees for allegations of overseas bribery. The SFO “has also notified seven individuals but is considering whether to prosecute them after they were interviewed with the assistance of French authorities, people familiar with the investigation told the Financial Times…Among those who received letters from the SFO are the company’s former senior vice-president of ethics and compliance, Jean-Daniel Lainé, and three Britons who formerly held senior management positions: Graham Hall, Robert Hallett and Nicholas Reynolds.” All of the individuals identified in the FT article do not appear to have been a part of the Indonesia power project, which appears to form the basis of the FCPA charges here in the US.

So why such high level suitors for a company of which Volkov has opined, “It is an important reminder of how bad a company’s culture can become and the consequences of embracing a culture of lawlessness versus a culture of ethics and integrity.” What about all that ‘Springing Liability’ for which both Siemens and GE might be liable for if they are successful in purchasing some or all of Alstom that the US Chamber of Commerce and others rail about? I think that the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) answered these questions in the FCPA Guidance when they stated, “companies that conduct effective FCPA due diligence on their acquisition targets are able to evaluate more accurately each target’s value and negotiate for the costs of the bribery to be borne by the target. In addition, such actions demonstrate to DOJ and SEC a company’s commitment to compliance and are taken into account when evaluating any potential enforcement action.” But pre-acquisition work is only one part of the equation, as the FCPA Guidance goes on to state, “FCPA due diligence, however, is normally only a portion of the compliance process for mergers and acquisitions. DOJ and SEC evaluate whether the acquiring company promptly incorporated the acquired company into all of its internal controls, including its compliance program.Companies should consider training new employees, reevaluating third parties under company standards, and, where appropriate, conducting audits on new business units.”

One thing that GE and Siemens have in common are world-class compliance programs. Siemens was the subject of the highest FCPA fine ever at $800MM back in 2008. Since that time, it has successfully concluded a robust monitorship under the terms of its Deferred Prosecution Agreement (DPA). Siemens compliance representatives regularly speak at compliance related events and discuss not only the company’s commitment to anti-corruption compliance but they also detail how compliance is done at Siemens. GE is well known for having its compliance folks regularly speak at conferences about the details of its compliance regime. In other words, both companies’ have very public robust compliance regimes in place and most probably follow, at a minimum, the parameters set out in the FCPA Guidance.

Just as “And Watergate is not just a hotel!”; Springing Liability is not a warranted fear under the FCPA. The FCPA Guidance makes clear the steps a company should engage in under the FCPA to avoid liability in a mergers and acquisition (M&A) context. The steps are not only relatively straightforward; they are good business steps to take. If you do not know what you are looking to acquire, it is certainly hard to evaluate it properly and then to integrate it efficiently.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. 

© Thomas R. Fox, 2014

The Magna Carta and Scrutiny of Your Compliance Program

Magna CartaYesterday, June 15 was Father’s Day so for all us fathers out there, it was our day and I hope that you enjoyed and cherished it. It was also the anniversary of what I believe was one of the greatest achievements in Anglo jurisprudence, the signing of the Magna Carta, by King John and the Barons who opposed his tyranny. In 1215, the barons rose up in rebellion against the King’s abuse of feudal law and custom. The legal document drafted up for King John, required him to make specific guarantees of the rights and privileges of his barons and the freedom of the church.

On June 15, 1215, King John met the Barons at Runnymede on the Thames and set his seal to the Articles of the Barons, which after minor revision was formally issued as the Magna Carta. I have visited the field at Runnymeade where the Magna Carta was signed. Next year will be the 1100th anniversary of the signing of this document. For me, the Magna Carta is symbol of the sovereignty of the rule of law over the King. Its grant was of fundamental importance to the constitutional development of England and to the rest of the common law world such as the United States.

I thought about how King John was forced to sign the Magna Carta, clearly against his will, when I read an article in the May issue of the Harvard Business Review (HBR), entitled “How to Outsmart Activist Investors”, by Bill George and Jay W. Lorsch. While the article focuses on steps a company can take before an activist shareholder buys into a company and demands changes, I thought the process of preparation that the authors listed as something that a Chief Compliance Officer (CCO) should consider in his or her company’s compliance program.

The authors lay out the problem faced by company’s as follows, “Their game is simple: They buy stocks they view as undervalued and pressure management to do things they believe will raise the value, such as giving more cash back to shareholders or shedding divisions that they think are driving down the stock price. With increasing frequency they get deeply involved in governance—demanding board seats, replacing CEOs, and advocating specific business strategies.” They proposed a six-step process that allows a company to be ready for such an attack. However, I saw these six-steps as delineations a CCO could institute which would prepare a compliance program for a wide range of reviews, including audits, reviews by government regulators, queries by Board members or other high ranking company officials who may want to know more about a compliance program on a quick basis. So I have adapted the authors’ six steps to advise the CCO on how to be ready for such an event or perhaps a myriad of others.

Have a Clear Strategic Focus and Stick to It

In their article, the authors pointed to PepsiCo’s move to it’s “Performance with Purpose, a strategy targeting three growth areas: (1) “good for you” products, including Quaker Oats and Gatorade; (2) product innovations; and (3) emerging markets. Part of the idea was to fund the substantial investments—including acquisitions—required to build these categories with the cash flow from PepsiCo’s core business. PepsiCo did precisely that, acquiring a number of food and beverage companies in emerging economies such as Brazil, India, Russia, and Ukraine.” For the compliance practitioner, I think it means you need to stick to your guns and move your program forward. It does not mean that you will not hit road bumps along the way but if you have something like Stephen Martin’s suggestion for a 1 – 3 – 5 year program in writing and are following it, you can reject calls for major mid-course changes. 

Analyze Your Business as an Activist Would

In their article, the authors said, “CEOs need to ensure that their boards understand the tactics of activist investors and have a game plan for responding. That means analyzing both how the activists might try to increase short-term shareholder value—through spin-offs and divestitures or financial engineering such as stock buybacks and increased debt—and the company’s possible vulnerabilities in strategy and capital structure. Specific examples from other companies can help.” For the compliance practitioner, I believe this means you need to keep abreast of the most current information available on the Foreign Corrupt Practices Act (FCPA) or other types of anti-corruption compliance. While the 2012 FCPA Guidance still provides some of the best articulation of what the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) believe constitute an effective compliance program, you should still monitor enforcement actions and other information. So if your company is in the tech space, the March HP enforcement action is something you should review to determine if any of HP’s compliance failures might have implications for your company.

Have Your External Advisers Lined Up in Advance and Familiar with Your Company

The authors believe that to fight such proxy challenges “both management and the board must have external advisers whose guidance they can rely on.” However, for the compliance practitioner, it means that you have taken steps to assess and verify the efficacy of your compliance program. Certainly you can benchmark your program against others in your industry but also having third parties assess, benchmark and verify your compliance program can be an excellent way to show where your program stands if someone comes looking at it.

Build Board Chemistry

Obviously when fighting an activist investor, Board cohesion is paramount. The authors note, “Activist investors are often out to divide a target company’s board. To address the issues they raise in an objective and constructive manner, directors need the unity that comes from years of building board chemistry. That chemistry is enhanced through repeated engagement on important issues, weathering crises together, and candid dialogue with the CEO. The latter requires a high degree of transparency from the CEO and a willingness to share even the most sensitive information involved in decision making. To cope with an activist’s challenges, directors must be fully committed to the company and its long-term objectives.” But the same is true for a CCO. Having Board support is imperative to any long-term success for a compliance program. It is up to you to develop the relationships and provide timely information so that there are no surprises, or as few surprises as possible, in the area of compliance.

Perform in the Short Run Against Declared Goals

Just as “the best defense against an activist investor is consistent performance that realizes the company’s stated goals; anything else makes the company vulnerable”, I believe that a compliance program should also measure itself against stated goals. The FCPA Guidance makes clear that a compliance program begins with a risk assessment. The reason is not only to use the risk assessment to determine where your compliance program might stand but also to create a road map for future enhancements. It is also important to set realistic expectations. Overly ambitious compliance goals, which ultimately fall short can trip up a CCO and make a program vulnerable to criticisms.

Don’t Dismiss Activist Ideas Out of Hand

The authors note “Most activist investors are smart, motivated people who often notice things that boards and managers overlook. It is generally worth listening to their recommendations and implementing the ones that make sense.” For the CCO or compliance practitioner, I have long advocated listening to the business units to help see what works and what does not work. This does not mean a compliance program can only be followed when feasible, but it may require compliance program flexibility to allow it to not only measure and assess risk but to adequately manage compliance risk.

Doing What’s Best for All Your Shareholders

The authors believe “One of a board’s most important roles is to ensure that the company stays true to the mission and values that have made it successful. In recent years several activist fund managers with no industry experience have come to corporations with proposals for radical, unproven course changes. Sometimes major changes are needed, but companies that allow outside activists to implement them without full and careful consideration risk losing the commitment and engagement of their employees and customers.” Similarly, a CCO or compliance professional needs “to work to ensure the long-term viability of the company’s [compliance] mission and strategy.”

Whether you are a lawyer or not, I believe that the Magna Carta is one of the most significant legal documents in the history of Anglo jurisprudence. Even if King John signed it at the point of a knife to his throat, or not, it became one of the foundation documents for English and, later, American law. But another lesson one may draw from it was that King John was not prepared when his Barons revolted against him. The HBR article provides a clear path for the compliance practitioner to follow to prepare for excess, outside, unwanted or other scrutiny.

===============================================================================================================================================================================================================================================

M&AM&A UNDER THE FCPA

If you are interested in learning about mergers and acquisitions under the FCPA I am involved in to upcoming events designed to give you the most up-to-date advice on this area of compliance. Both events are sponsored by The Network. The first event is a webinar entitled appropriately enough, “Mergers and Acquisitions Under the FCPA” and is scheduled for  Tuesday, June 17th, 2014 TIME: 2:00 pm EDT. For registration and additional information click here. On Tuesday, June 24th the always popular Tom Fox/Stephen Martin roadshow travels to Denver where I will speak live on Merger and Acquisitions Under the FCPA and Stephen will talk about risk assessments under the FCPA. For information on the Denver event, click here

WORLD CUP REVIEW

World Cup 2014I am putting on a four part podcast series on the World Cup, detailing issues of bribery and corruption, together with an ongoing discussion of Team USA and this year’s tournament. I am joined by Mike Brown, the Managing Director of Infortal. You can check out Part I by clicking here of the series where we discuss bribery of referees in the lead up to the 2010 World Cup held in South Africa and FIFA’s response. Mike and I then review Team USA and it’s draw in Group G-the Group of Death. I hope that you will check out this series and enjoy it as much as Mike and I enjoy recording the episodes. Also remember, my podcast, the FCPA Compliance and Ethics Report is available for download at no charge on iTunes so you can listen to Part I on your commute to work. So sign up for the podcast from WordPress or iTunes and enjoy our series.

==============================================================================================================================================================================================================================================

 

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2014

June 13, 2014

King of the Mug Shots-Interview with Kevin LaCroix, Founder and Editor of the D&O Diary

???????????????????????????????Ed.Note-today we continue with our profile of thought leaders. Today we profile Kevin LaCroix, Founder and Editor of the D&O Diary, which for my money is one of the the best resources regarding Directors and Liability insurance issues available in the blogosphere. 

1.         Where did you grow up and what were your interests as a youngster? 

I grew up in Fairfax, Virginia, a suburb of Washington, D.C. We had a small house and a large family – I am the fifth of six children. Growing under those conditions helped foster independence, resilience and self-reliance. For obvious reasons, we spent most of our time outside. I am astonished how freely and how far we roamed as children. It was a different world then. As a young child, I developed a lifelong affinity for bicycle riding. In the summer of 1969, when I was 13 years old, I suffered a serious injury to my right foot. I spent the entire summer in bed, reading. It was during that summer that I developed a lifelong interest in historical literature, particularly biographies. Prior to that time, I had not been a particularly diligent student, but my attitude began to change after that. I went on to attend Fairfax High School, where I was fortunate to have several excellent teachers, including a Geometry teacher who convinced me that I could learn anything I decided to try to learn. Surprisingly, given the foot injury, I went on to run track and play soccer in high school. As I said, my upbringing fostered resilience.

2.         Where did you go to college and what experiences there led to your current profession? 

I was extremely fortunate to have been able to attend the University of Virginia, which was then and remains now an absolutely terrific place. It was, for me, just the right mix of serious academics and active socializing. After I arrived, I looked around and figured out that the best undergraduate department was the English Department, so I decided to become an English major (which in retrospect was a remarkably wise way to choose a major). I enjoyed every class I took in college. There may be other students who have gotten as much out of college as I did, but nobody has ever gotten more out of it than me.

While at UVa, I was able to study creative writing with John Casey (who went on to win a National Book Award) and with James Alan McPherson (who won the Pulitzer Prize for fiction while I was taking his class). The extent to which I write well at all now is owing to those classes – my many faults as a writer are of course exclusively my own doing. Casey and McPherson are both law school graduates and both encouraged me to consider law school. I might have found my way to law school eventually anyway, but their encouragement gave me confidence to pursue the opportunity.

I wound up attending the University of Michigan Law School, where I spent what may have been the best three years of my life. I loved law school. I loved my classes, I loved my professors, I loved my classmates (in one case, literally – my wife was a classmate), I loved the townie bar on Packard Street, I loved running in the Arboretum, I loved going to Michigan football games, I loved sitting in the reading room at the Law School, I loved the Lawyers’ Club dining room, I loved the big old house we lived in on Monroe Street. In the end, I may or may not have been meant to be a lawyer but I definitely excelled at being a law student. (I am not hinting that I got the highest grades, because I didn’t. I am just suggesting that I had the best time in law school.)

3.         What led you to begin the D&O Diary? 

In the spring of 2006, I started a new phase of my career, as a wholesale insurance broker. I had run an insurance underwriting operation for the prior ten years, but now I was trying something entirely different. It was tough at first. I didn’t have any clients to start with and the phone wasn’t ringing. To keep myself occupied, I deciding to write some professionally related articles. Out of simple curiosity, I started playing around with the Blogger application on Google.

I once heard someone say that starting a blog is about as difficult as making urine. So before I even knew what I was doing, I had created a blog. I had no plan at first or really even the slightest idea what I was doing and I certainly had no idea that the blog would become what, now eight years later, it has become.

It has turned out to be the most rewarding thing I have ever done in my career. Nothing I have done professionally has provided me with as much satisfaction. Since starting the blog, and as a result of having the blog, I have been able to travel around the world and it has been so amazing to me that wherever I go – from Boston to Barcelona to Berlin to Beijing and from Seattle to Stockholm to Singapore – I meet people who tell me how much they enjoy my blog.

True story – when I was in Singapore a couple of years ago, a women came up to me at an industry event, introduced herself, told me she was from Mauritius, and asked if she could get a picture with me on her iPhone. I asked her why in the world she wanted my picture, and she said “Because you’re the D&O Diary guy! You’re world famous!” As I said to my wife when I returned home, if someone from Mauritius tells you that you’re world famous, by definition that means you’re world famous. To which my wife replied, “That’s nice dear. Take out the trash, please. “

4.         I love your ‘Mug shot’ series? Where did you come up with the idea and what are some of the highlights of the series? 

About a year ago, I read an article in the New Yorker about Henry Blodgett’s website, Business Insider.  The article made me think a lot about the Internet as a publishing medium. In the article, Blodgett talked about how important it is for a website to connect with its readers. This observation set of a tumble of different thoughts, at the end of which out came the idea for the D&O Diary mugs. I couldn’t possibly reproduce the thought process that led to the idea, but the basic concept was to try to do something to make my readers feel like they are part of the blog. If I gave them a mug and asked them to send back a picture of themselves with the mug, and then published the pictures, then readers would feel connected to the blog.

I guessed that some readers might be interested but I never anticipated how great the interest would be. I went through 288 mugs in no time at all. I would have liked to have sent out even more mugs – the demand for many more mugs was certainly there. But my wife put her foot down. She was taking care of the shipping and it was incredibly time consuming for her. Also, a very large percentage of the mug requests came from overseas, and I hadn’t really thought about how expensive it is to ship things overseas. We spent several thousand dollars on shipping. Sadly, many of the mugs sent overseas were damaged in transit.

Overall, though, the project was an immense success. I was continuously amazed at the places people would take the mugs in order to get just the right mug shot. I had readers send in pictures with their mugs from inside the U.S. Supreme Court, at the Wailing Wall, on the Old Course at St. Andrews and in jungle covered ruins in Cambodia. People sent in pictures that were taken from mountain tops, in vineyards, on safari, in the snow, in the sunshine, at sea, on vacation, at work, and even from their back porch. (My most recent mug shot post, which has links back to all of the prior posts, can be found here.)

I had people send in pictures taken in Moscow, Beijing, New Delhi, Rotterdam, Shanghai, Paris, London, Montreal, South Africa, Hong Kong, Scotland, Warsaw, Toronto, Jerusalem, Sydney, Cambodia, and Bermuda, as well as at the Grand Canyon, the Baseball and Hockey Halls of Fame, Fenway Park, Mesa Verde National Park, in Napa Valley, at the No. 2 Course at Pinehurst, on Wall Street, at the America’s Cup races in San Francisco Bay, at the original Cheers bar in Boston, at the Naval Academy, at Stanford, in the Press Room at the White House, with their dogs, with their kids, with elephants and zebras, and always with the D&O Diary mug in the picture. I even published one picture of a mug that arrived in Shanghai in pieces.

I liked all of the pictures readers sent in, but I would have to say my favorite, simply on the score of most unusual, was the one taken at the veterinarian artificial insemination clinic at Stephen F Austin State University in Nacogdoches, Texas. The picture was taken with the mug in the foreground while an insemination procedure was underway in the background.  Yep, I didn’t expect that one.

 5.        What issues might you see from your perspective regarding D&O insurance regarding the FCPA going forward? 

Foreign Corrupt Practices Act and anti-bribery enforcement generally has been an area of concern in the D&O insurance arena for some time now. The issue is not the massive fines and penalties that companies get hit with, as those amounts typically are not covered by D&O insurance. The issue has more to do with the costs of investigation and defense, as well as the possibility of follow-on civil litigation.

There are a number of factors that will affect the extent to which coverage is available for investigative costs and defense expenses under a D&O insurance policy. Among other things, it will be important whether or not the company involved is a private company or a public company, as the types of policy form used for the two different kinds of companies provide significantly different entity coverage. Other issues that will affect the availability of coverage include the stage of the investigation; to the extent D&O insurance policies provide coverage for investigative costs at all, it is usually restricted to formal investigations. (Some modern forms now also provide coverage for individuals for pre-claim inquiries.) Another issue that will affect the availability of coverage for investigative costs is the identity of the investigative target. If the target is just the company itself, it will be more difficult to establish coverage for the investigative costs, as many policies restrict investigative cost coverage for the corporate entity.

Where the D&O Insurance can be a much more significant is if the FCPA enforcement action or investigation triggers a follow-on civil lawsuit. As I have noted frequently on my blog (most recently here), though there is no private right of action under the FCPA, it has become an increasingly common phenomenon after an FCPA investigation or enforcement action is disclosed for investors to file a lawsuit against the company’s officers and directors. These lawsuits typically take the form either of a securities class action lawsuit (an example of which is discussed here) or shareholders derivative lawsuits (as discussed here and here). These lawsuits are not always successful for the plaintiffs, yet the plaintiffs’ lawyers continue to pursue these kinds of claims.

These types of follow-on lawsuits represent the very kind of exposures for which companies purchase D&O insurance; at a minimum, the insurance permits the company and its executives to defend themselves from these kinds of claims. I expect these kinds of claims to be an increasingly significant part of the D&O claims environment for some time to come, particularly as anti-bribery regulatory and enforcement authorities outside of the U.S. step up their activities.

===============================================================================================================================================================================================================================================

M&A UNDER THE FCPA

If you are interested in learning about mergers and acquisitions under the FCPA I am involved in to upcoming events designed to give you the most up-to-date advice on this area of compliance. Both events are sponsored by The Network. The first event is a webinar entitled appropriately enough, “Mergers and Acquisitions Under the FCPA” and is scheduled for  Tuesday, June 17th, 2014 TIME: 2:00 pm EDT. For registration and additional information click here. On Tuesday, June 24th the always popular Tom Fox/Stephen Martin roadshow travels to Denver where I will speak live on Merger and Acquisitions Under the FCPA and Stephen will talk about risk assessments under the FCPA. For information on the Denver event, click here

WORLD CUP REVIEW

I am putting on a four part podcast series on the World Cup, detailing issues of bribery and corruption, together with an ongoing discussion of Team USA and this year’s tournament. I am joined by Mike Brown, the Managing Director of Infortal. You can check out Part I by clicking here of the series where we discuss bribery of referees in the lead up to the 2010 World Cup held in South Africa and FIFA’s response. Mike and I then review Team USA and it’s draw in Group g-the Group of Death. I hope that you will check out this series and enjoy it as much as Mike and I enjoy recording the episodes. Also remember, my podcast, the FCPA Compliance and Ethics Report is available for download at no charge on iTunes so you can listen to Part I on your commute to work. So sign up for the podcast from WordPress or iTunes and enjoy our series.

==============================================================================================================================================================================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

June 2, 2014

The Mann Gulch Fire and How Far Down the Chain Do You Need to Go?

Young Men and FireRobert Sallee died last week. A smoke jumper, he was the last survivor of the Mann Gulch Fire, one of the worst disasters in the history of the US Forest Service. Sallee’s story and that of the Mann Gulch Fire was detailed in Norman Maclean’s posthumously published book, Young Men and Fire. There are only a handful of books I have ever read that drove me to tears and this was one of them. It was that powerful to me.

As reported in Sallee’s obituary in the New York Times (NYT), “In 1978, both Mr. Rumsey [one of two other survivors out of 15 men] and Mr. Sallee went back to Mann Gulch with Mr. Maclean, whose detailed account of their recollections and their court testimony fails to unravel precisely what happened; rather, it succeeds in illustrating the terror of being caught in such a monstrous natural maelstrom. Mr. Maclean wrote: “Sallee talks so often about everything happening in a matter of seconds after he and Rumsey left Dodge’s fire that at first it seems just a manner of speaking. But if you combine the known facts with your imagination and are a mountain climber and try to accompany Rumsey and Sallee to the top, you will know that to have lived you had to be young and tough and lucky.””

Sallee was only 17, and not yet a high school graduate, at the time of the Mann Gulch Fire; he had only just finished his fire service training course. The Mann Gulch jump was his first as a smoke jumper. The Forest Services was “accused of insufficiently preparing the smoke jumpers and sending them into Mann Gulch recklessly.” One of the Forest Service’s responses was to increase its research into fire behavior and also “to develop new training techniques and better safety measures for its firefighters.” As you might be able to ascertain from my lengthy discussion Maclean’s book and the event itself, I am still moved by the story of the Mann Gulch Fire. When I was growing up I thought smoke jumpers were about the bravest men I had ever heard of, parachuting into the wilderness to fight wildfires.

What are the lessons for the compliance practitioner? As with many such events, it is to evaluate factors from the risk perspective. One of the questions I am often asked is how far down the chain a company must go in managing its third party relationships? While a black book legal answer is that you are responsible for all your third parties down the chain under the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act; the practical reality is that a company cannot manage all of its direct relationships and those direct relationship sub-relationships. They are too far down the chain and too remote to effectively control.

Jan Farley, the Chief Compliance Officer (CCO) at Dresser-Rand, has said that it is important for compliance officers, not to stretch your compliance program so thin that you try and cover everything; so that you miss the larger FCPA or UK Bribery Act risks that your company faces. I believe Jan’s comments also echo something that I believe is clear from the Guidance: Don’t focus on the small stuff. Indeed the Guidance states, “Thus, it is difficult to envision any scenario in which the provision of cups of coffee, taxi fare, or company promotional items of nominal value would ever evidence corrupt intent, and neither DOJ nor SEC has ever pursued an investigation on the basis of such conduct.” In other words, do not waste your compliance time, resource or energy around these small issues. However, if these small issues are a part of a larger systemic or long standing course of conduct that violates the FCPA then the Department of Justice (DOJ) may well look into these issues. You will want to show the DOJ you are focusing on the “big stuff”.

The Guidance also makes clear that each company should assess and manage its risks. The Guidance specifically notes that small and medium-size enterprises likely will have different risk profiles and therefore different attendant compliance programs than large multi-national corporations. Moreover, this is something that the DOJ and Securities and Exchange Commission (SEC) take into account when evaluating a company’s compliance program in any FCPA investigation. This is why a “Check-the-Box” approach is not only disfavored by the DOJ, but, at the end of the day, it is also ineffectual. It is because each compliance program should be tailored to the enterprise’s own specific needs, risks, and challenges.

One of the approaches which I thought made a lot of sense in this area was comes from a presentation made by Randy Corley, Executive Vice President (EVP), Global Compliance Officer at Edelmen Inc., where he describes a a five-step process for his evaluation of third parties. I found his questions to be very relevant when considering how far down the chain a company must go.

Step 1: How Much is Enough? Here your goal is to have a realistic process so that it can be effectively managed and still be of sufficient value for the business unit decision makers, who have the ultimate responsibility over the company’s third parties.

Step 2: How Deep Do We Dig? Here I think the question you should consider is how many tiers down you must go in managing your third parties? Clearly you should manage all direct counter-parties in the sales chain and those considered high-risk in the supply chain. Further, in the sales chain, I think you need to know directly if your business representatives are sub-contracting down your business representation, at least through one tier. On the supply chain, if a high-risk truly is a high-risk for bribery and corruption under your internal evaluation system, you should also consider digging down one tier. 

Step 3: What Do You Need To Know? While with your first tier relationships you may scope your review depending on your internal risk assessment and attendant risk ranking, your data collection down the chain may not need to be as robust. For counter-parties further down the chain than tier 2, a list of actual and beneficial owners, coupled with commitments to follow relevant anti-corruption legislation is needed. Such commitments should be secured through each tier’s contract with its counter-parties.

Step 4: What Did We Learn? If there is any information from which Red Flags appear, they must be cleared. If additional information is needed or points clarified, now is the time to do it and not wait until later in the process. Here I would rely on Jan Farley’s proscription not to stretch your compliance program too thin. Focus your training, communication and management on your direct counter-parties and communicate to them that your company expects them to manage their relationships with their direct counter-parties, which would include the clearing of any Red Flags that may have appeared.

Step 5: Then What? After you have made your decision you still need to manage the relationship. This will entail continuing compliance communications with your direct counter-parties on an ongoing basis. Preferably your business unit sponsor will do this but as the compliance practitioner, you should also be mindful of checking in from time-to-time with your third parties. As your compliance program matures, you also reach the point where you will need to consider auditing of your third parties from the compliance perspective. Finally, do not forget the three most important things about your FCPA compliance program: “Document, Document and Document” the entire process.

Fortunately, we in compliance do not deal with life or death situations like those th smoke jumpers faced. . But that does not diminish the lessons we can derive from experiences from the practice of safety and evaluation of risk. In the area of third parties, consider what risks you face in both your sales and supply chain. If there is a key player several tiers down the line who creates or builds a key component or delivers a critical service, you may want to put more management around that relationship from the compliance perspective. For anything below a tier 2; you may be able to manage your risks through having your direct tier 1 counter-party take the lead in managing such compliance risks. But make sure that the expectation is communicated to your direct counter-party so that if the government comes knocking you can show that not only did you contractually obligate your direct counter-party to do so but that you provided them the tools and training to do so. Finally, you will need to be able to show that your direct counter-party did so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 29, 2014

May Flowers for GSK? The Corruption Investigation Deepens

Chelsea Flower ShowApril showers bring May flowers, at least that is the old truism. One place it is decidedly correct is at the RHS Chelsea Flower Show, which began its run as one of the, if not the greatest, annual flower shows in the world in May 1862. The event draws some 157,000 people during its five-day run each May. The event has royal patronage and there is always a large contingent of royalty who visit the show.

Unfortunately one group of Englishmen and women who will not be stopping by to ‘smell the roses’ this year are those from the increasingly embattled UK company GlaxoSmithKline PLC (GSK). Yesterday the UK Serious Fraud Office (SFO) announced that it had “opened a criminal investigation into the commercial practices of GlaxoSmithKline plc and its subsidiaries.” To top off this bouquet of May flowers from the SFO, in the same Press Release the SFO said, “Whistleblowers are valuable sources of information to the SFO in its cases. We welcome approaches from anyone with inside information on all our cases including this one – we can be contacted through our secure and confidential reporting channel, which can be accessed via the SFO website.” It then proceeded to provide the SFO’s secure reporting website.

In an article in the New York Times (NYT), entitled “GlaxoSmithKline Under Investigation by Serious Fraud Office”, Chad Bray reported that the SFO “is investigating Glaxo’s business activities in “multiple jurisdictions,” according to a person familiar with the investigation who was not authorized to speak publicly.” As most readers will recall, “Chinese authorities have been investigating the drugmaker’s business practices related to payments to doctors and other health care professionals since last year and questions have been raised in recent months about the company’s practices in Iraq and Poland.”

James Titcomb, reporting in The Telegraph, in an article entitled “SFO opens criminal investigation into GlaxoSmithKline”, went further when he noted that GSK has been in contact with the SFO “in recent months in the wake of claims that it funnelled hundreds of millions of pounds to doctors and officials in countries around the globe to boost sales of its drugs.” Moreover, “Chinese police have accused the company of dispensing 3bn yuan (£285m) in bribes under the leadership Mark Reilly, the former head of its Chinese business. Authorities in the country say the bribes resulted in billions of pounds in “illegal revenue” for the company.”

On the Chinese side of the investigation, the NYT article reported that during the month of May, “Chinese authorities accused Mark Reilly, the former head of Glaxo’s operations in China, of ordering employees to bribe doctors and other hospital staff to use the drug maker’s products, resulting in more than $150 million in illegal revenue. Two other Chinese-born Glaxo executives were also charged in the matter.”

When news of the Chinese investigation broke last summer, GSK claimed that “Certain senior executives of GSK China who know our systems well, appear to have acted outside of our processes and controls which breaches Chinese law,” Glaxo said in July, after meeting with the Chinese authorities. “We have zero tolerance for any behavior of this nature.” [Read: Rogue Employees] However it appears the Chinese authorities have not fallen for this age-old attempt at corporate misdirection. But Andrew Ward, reporting in a Financial Times (FT) article entitled “SFO opens criminal inquiry into GSK, said that the Chinese authorities had engaged in a “ten-month investigation” which had identified 46 current or former GSK employees as “suspects”. Rogue indeed.

Where might the US Department of Justice (DOJ) or Securities and Exchange Commission (SEC) be on these issues? Clearly, these would seem to be areas of at least inquiry under the US Foreign Corrupt Practices Act (FCPA), but consider the following about GSK, in July of 2012 GSK pled guilty and paid $3 billion to resolve fraud allegations and failure to report safety data in what the DOJ called the “largest health care fraud settlement in U.S. history” according to its press release. The DOJ press release went on to state “GSK agreed to plead guilty and to pay $3 billion to resolve its criminal and civil liability arising from the company’s unlawful promotion of certain prescription drugs, its failure to report certain safety data, and its civil liability for alleged false price reporting practices.” The press release noted that the resolution was the largest health care fraud settlement in US history and the largest payment ever by a drug company for legal violations.

You would think that any company that has paid $3 billion in fines and penalties for fraudulent actions would take all steps possible not to engage in bribery and corruption. Indeed as part of the settlement GSK agreed to a Corporate Integrity Agreement (CIA). This CIA not only applied to the specific pharmaceutical regulations that GSK violated but all of the GSK compliance obligations, including the FCPA.

In addition to requiring a full and complete compliance program, the CIA specified that the company would have a Compliance Committee, inclusive of the Compliance Officer and other members of senior management necessary to meet the requirements of this CIA, whose job was to oversee full implementation of the CIA and all compliance functions at the company. These additional functions required Deputy Compliance Officers for each commercial business unit, Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified. Further, there was detail down to specifically state that all compliance obligations applied to “contractors, subcontractors, agents and other persons (including, but not limited to, third party vendors)”. So while GSK may have separate FCPA liability to be investigated by the DOJ; it may be more of an issue that the company could be in violation of its CIA.

GSK has of course averred that it is fully cooperating with all of the various investigations into its alleged bribery and corruption. Further, as reported in Ward’s FT article, “GSK said it was “committed to operating its business to the highest ethical standards”. The company had “previously denied any systemic problem with corruption and said the latest Chinese allegations were “deeply concerning to us and contrary to the values of GSK”.”

So I guess the GSK team probably missed the Chelsea Flower Show this year. ON the other hand, maybe they might be like former BP President Tony Hayward, who during the first few of weeks of the worst oil spill in the history of the world ever, went yachting…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 28, 2014

What Does an Effective Compliance Program Look Like? – The Regulators Perspective

Compliance ProgramWhat does an effective compliance program look like? Is it one that follows the Ten Hallmarks of an Effective Compliance Program as set out in the 2012 FCPA Guidance? How about one that uses the Six Principals of Adequate Procedures relating to the UK Bribery Act as its guideposts? Or should a company follow the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance? More importantly, for anti-corruption enforcement under the Foreign Corrupt Practices Act (FCPA), what does the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) look for when assessing a compliance program?

Over the years, we have heard various formulations of inquiries that regulators might use when reviewing a compliance program. While not exactly a review of a compliance protocol, one of my favorites is what I call McNulty’s Maxims or the three questions that former United States Deputy Attorney General, and  Baker & McKenzie LLP partner, Paul McNulty said were three general areas of inquiry the he would assess regarding an enforcement action when he was at the DOJ. They are: first: “What did you do to stay out of trouble?” second: “What did you do when you found out?” and third: “What remedial action did you take?”

Paul’s former partner at Baker & McKenzie, Stephen Martin, who still runs Baker & McKenzie Compliance Consulting LLC, said that an inquiry he might make was along the lines of the following. First he would ask someone who came in before the DOJ what the company’s annual compliance budget was for the past year. If the answer started with something like, “We did all we could with what we had ($100K, $200K, name the figure), he would then ask, “How much was the corporate budget for Post-It Notes last year?” The answer was always in the 7-figure range. His next question would then be, “Which is more business critical for your company; complying with the FCPA or Post-It Notes?” Unfortunately, it has been Martin’s experience that most companies spent far more on the Post-It Notes than they were willing to invest into their compliance program.

Last week at Compliance Week 2014, Andrew Ceresney, Director of the Division of Enforcement of the SEC, gave one of the Keynote Addresses. In his remarks he talked about the importance that the SEC is putting into compliance. He said “I start from the premise that the companies that have done well in avoiding significant regulatory issues typically have prioritized legal and compliance issues, and developed a strong culture of compliance across their business lines and throughout the management chain. This is something I observed firsthand while in private practice and have come to fully appreciate from my perch at the SEC.”

But, more importantly, he said that he has “found that you can predict a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company’s legal and compliance departments in the firm.” He then went on to detail some rather straightforward questions that he believes can show just how much a company is committed to having a robust compliance regime.

  • Are legal and compliance personnel included in critical meetings?
  • Are their views typically sought and followed?
  • Do legal and compliance officers report to the CEO and have significant visibility with the board?
  • Are the legal and compliance departments viewed as an important partner in the business and not simply as support functions or a cost center?

Beyond simply going into the DOJ or SEC and claiming that your company is very ethical and does business in compliance with the FCPA, how can a company demonstrate the above? This is where the Tom Fox Mantra of Document, Document and Document comes into play. No matter how much input the compliance function has into the above suggested inquiries if the inputs are not documented, it is if they did not exist. So for meetings, you should keep attendance sheets or notations. A compliance representative can put a short, three to four sentence memo into the file about the recommendations and the response thereto. If the compliance department advise was not followed, there should be a business reason documented for the decision. Moreover, if there is a rejection of the compliance function advise and the course of action leads to some type of FCPA issue, it may well be assumed the company knew or should have known that the course of action taken could reasonably lead to a FCPA issue if not full blown violation. As to the issues of compliance visibility at the Board level, once again the documentation of any presentation and their substance can provide evidence to answer the query in the affirmative. But the key to all of these questions is if there is documentation to prove the assertions that they actually occurred.

Near the end of his presentation, Cerensey said that “Far too often, the answer to these questions is no, and the absence of real legal and compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues. When I was in private practice, I always could detect a significant difference between companies that prioritized legal and compliance and those that did not. When legal and compliance were not equal partners in the business, and were not consulted as a matter of course, problems were inevitable.”

McNulty’s Maxims, Martin’s question on budget and now Cerensey’s questions all provide significant guideposts to how regulators think about FCPA compliance programs. For me, I think the point is that companies which actually Do Compliance are easy to spot. For all the gnashing of teeth about how hard it is to comply with what the DOJ and SEC want to see in FCPA compliance, when the true focus can be distilled into whether a company actually does compliance as opposed to saying how ethical they are, I think it simplifies the inquiry and the issues senior management and a Board of Directors really needs to pay attention to.

For a copy of the full text of Director Cerensey’s remarks, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 23, 2014

Trip To Annapolis and Teaching Leadership

Naval AcademyMonday is Memorial Day and is the day wherein the men and women who died while serving in the United States Armed Forces are remembered. The holiday is celebrated every year on the final Monday of May. The first recorded Memorial was held on May 1, 1865 in Charleston, South Carolina to commemorate the soldiers who died in the Civil War. By the 20th century, Memorial Day had been extended to honor all Americans who have died while in the military service.

I thought about Memorial Day when I toured the US Naval Academy this week. This is also Commissioning Week for graduating seniors who will become officers in the Navy or Marine Corps this coming Saturday. One of the buildings that I toured was the US Naval Academy Museum. The mission of the Naval Academy Museum is to collect, preserve, and exhibit the artifacts and art that are the physical heritage of the US Navy and the Naval Academy in order to instill in Midshipmen a knowledge of the history and heritage of the Navy and the Naval Academy and to supplement the instruction of all academic departments of the Academy, as well as to demonstrate to the public the contributions of Academy graduates to the military services and to the Nation. And to motivate in young people a desire to become part of the Brigade of Midshipmen and to begin a career of service to their Nation.

The Museum is many ways a teaching museum. One of the courses taught directly in classrooms in the building is on leadership. Of course, the curriculum teaches the overriding theme of the Naval Academy, which is Duty Honor Loyalty, but it goes beyond this to a moral and ethical dimension to its leadership classes. The firm belief at the Academy is that leadership can be taught through the modeling from prior leaders.

I thought about this concept of modeling leadership in the context of compliance. One area that is not focused on too often in company-sponsored training is that of leadership. Moreover, while many business leaders receive substantial training on the technical aspects of doing business, they rarely receive training or are even assessed on leadership attributes to do business ethically and in compliance with laws such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. It occurred to me that if the US Naval Academy can teach leadership, this is something that US businesses could also teach.

While you are pondering this question, I hope that you might think about all the men and women who have gave their lives so that we might live in freedom and are honored this and every Memorial Day. While in Annapolis I had another reminder of their sacrifice. While having some lunch at Chick and Ruth’s, the owner came over the PA and asked us all to stand and say The Pledge of Allegiance. He said the reason that he made the request was “because we could stand and say it.” I realized that we are honoring those people who made ultimate sacrifice.

Happy Memorial Day to all but I would ask that you take a moment to thank all those we honor for this holiday and to honor the men and women of the US Naval Academy who will be commissioned this weekend and will serve us all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 22, 2014

On the Oregon Trail and Expectations in an Investigation Protocol

Oregon TrailOn this day in 1843, a massive wagon train, made up of 1,000 settlers and 1,000 head of cattle, set off down the Oregon Trail from Independence, Missouri. Known as the “Great Emigration,” the expedition came two years after the first modest party of settlers made the long, overland journey to Oregon. The Great Immigration followed the Sante Fe Trail for some 40 miles and then turned northwest to the Platte River, which it followed along its northern route to Fort Laramie, Wyoming. From there, it traveled on to the Rocky Mountains, which it passed through by way of the broad, level South Pass that led to the basin of the Colorado River. The travelers then went southwest to Fort Bridger, northwest across a divide to Fort Hall on the Snake River, and on to Fort Boise, where they gained supplies for the difficult journey over the Blue Mountains and into Oregon. The Great Emigration finally arrived in October of that year and the participants had completed the 2,000-mile journey from Independence in five months.

This week at Compliance Week 2014, I moderated a panel entitled Investigations Gone Global, Not Haywire. One of the panelists, Stephen Donovan, Chief Ethics and Compliance Officer, International Paper Company, said that one of his key reasons for setting out an investigation protocol was more than simply having a plan or guideline in place so that there would be consistency in investigations. The other key reason was to set expectations for all persons who might be involved in the investigation. The participants in the Great Emigration had a route to follow but that was about it. When it came to expectations, I think there were very little except hardship and the hope for a better future.

I think that one of the key lessons to be drawn from the ongoing Wal-Mart Foreign Corrupt Practices Act (FCPA) matter is that back in the 2006 time frame, when the corporate office was made aware of allegations of bribery and corruption regarding its Mexican subsidiary, the corporate office either did not have an investigation protocol in place, or perhaps even worse, it had one and disregarded it when the allegations bubbled up to Bentonville. But if the expectations had been set up beforehand, perhaps there would have been action taken to resolve the matter during that time frame and not later.

I have heard Jackie Trevino, Senior Manager, Corporate Compliance at Fluor Corporation, present the Fluor investigation protocol which consists of the following five steps (1) Opening and Categorizing the Case; (2) Planning the Investigation; (3) Executing the Investigation Plan; (4) Determining Appropriate Follow-Up; and (5) Closing the Case. I recognize that if a case of significant bribery or corruption is uncovered that there may be more or additional steps that you may need to take. However if you follow this basic protocol, you should be able to work through most investigations, in a clear, concise and cost effective manner. Furthermore, you should have a report at the end of the day which can stand up to later scrutiny if a regulator comes looking. Finally, you will be able to document, document, and document, not only the steps you took but why and the outcome obtained. But, as Donovan noted, it also sets the expectations of all involved.

Step 1: Opening and Categorizing the Case. Under this first step, you should categorize the ethics and compliance violation. You should notify the relevant individuals, including those on your investigation team and any senior management members under your notification protocols. After notification, you should assemble your investigation team for preliminary meetings and assessments. Step 1 should be accomplished in one to three days after the allegation comes into compliance, either through your reporting structure or other means.

Step 2: Planning the Investigation. After assembling your investigation team, you should determine the required investigation tasks. These would include document review and interviews. If hard drives need to be copied or documents put on hold or sequestered in any way, or relationships need to be analyzed through relationship software programs or key word search programs, this should also be planned out at this time. These tasks should be integrated into a written investigation or work plan so that the entire process going forward is documented. Also if there is a variation from the written investigation plan, such variation should be documented and an explanation provided as to why there was such a variation. Lastly, if international travel is involved this should also be considered and planned for as part of this step. Step 2 should be accomplished within another one to three days.

Step 3: Executing the Investigation Plan. During the course of this step the investigation should be completed. I would urge that the interviews not be effected until all documents are reviewed and ready for use in said interviews. Care should be taken to ensure that an appropriate Upjohn warning is issued and that the interviewee clearly understands that whoever is performing the interview represents the company and not the person being interviewed, whether they are the target of the investigation or not. The appropriate steps should also be taken to preserve the attorney-client privilege and attorney work product assertions. Step 3 should be accomplished within one to two weeks.

Step 4: Determining Appropriate Follow-Up. At this step the preliminary investigation should be completed and you are ready to move into the final phases. In some investigations, it is relatively easy to determine when the work is essentially complete. For example, if the allegation is both specific and narrow, and the investigation reveals a compelling and benign explanation for the conduct alleged, then the investigation typically is complete and you are ready to convene the investigation team and the relevant business unit representatives. This group would decide on the appropriate disciplinary steps or other actions to take. Step 4 should be completed in one day to one week.

It must be cautioned that at this step, if there are findings of specific or discrete allegations of corruption and bribery, a decision must be made as how to handle such findings going forward.

Step 5: Closing the Case. Under this final step, you should communicate the investigation results to the stakeholders and the case report should be completed. Everything done in the above steps should be documented and stored, either electronically or in hard copy form together. Step 5 should be completed in one day to one week.

With the growing number of reports to the Securities and Exchange Commission (SEC) Whistleblower program under Dodd-Frank, companies are under increasing pressure to get up and running quickly on any claim of bribery and corruption that is brought forward. By using an investigation protocol, you will have a ready-made process in place to start from. If your company does not have such a protocol I would suggest that you tailor this process to fit the needs of your company. It will help set the expectations of everyone involved.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

May 15, 2014

Nolan Ryan’s First No-Hitter and Checking In On the FCPA Professor

LearnAs the Houston Astros continue their journey into complete non-relevance, both to myself and the greater southeast Texas TV watching audience, today we celebrate one of the Astros greatest players, Nolan Ryan. On this day, 41 years ago, Ryan pitched the first of his seven No-Hitters. Ryan played with the Astros from 1980-1988. Of course the idiocy of current Astros management did not begin with the current owner, as the team basically cut Ryan in 1988, saying that he was “washed up” at the tender age of 41. He simply went on to play for the Texas Rangers for another six years, where he only went on to pitch No-Hitters six and seven and record another 1000 strikeouts.

While I cannot determine at this point if the FCPA Professor will have a similarly sterling 26 year career that Ryan accomplished, he recently has done a couple of things that I certainly believe continue to demonstrate his All-Star work in the fields of law and compliance. As clearly denominated by his moniker, the FCPA Professor, he teaches law with a specialization in the arena of the Foreign Corrupt Practices Act (FCPA). While myself and others bemoan to him that he needs to get out on the speaking circuit so that we can hear more of this critique and analysis of FCPA enforcement and to learn from him, I was interested to see he is correcting this by leading his first FCPA Institute this summer over two days, July 16 and 17. The event will be held in Milwaukee and hosted by the law firm of Foley and Lardner.

The Professor’s stated goal in leading this first Institute is “to develop and enhance fundamental skills relevant to the FCPA and FCPA compliance in a stimulating and professional environment with a focus on learning. Information at the FCPA Institute is presented in an integrated and cohesive way by an expert instructor with FCPA practice and teaching experience.” Some of the topics, which will be covered, include the following:

  • An informed understanding of why the FCPA became a law and what it seeks to accomplish;
  • A comprehensive understanding of the FCPA’s anti-bribery and books and records and internal controls provisions and related enforcement theories;
  • Various realties of the global marketplace which often give rise to FCPA scrutiny;
  • The typical origins of FCPA enforcement actions including the prominence of corporate voluntary disclosures;
  • The “three buckets” of FCPA financial exposure and how settlement amounts in an actual FCPA enforcement action are typically not the most expensive aspect of FCPA scrutiny and enforcement;
  • Facts and figures relevant to corporate and individual FCPA enforcement actions including how corporate settlement amounts are calculated;
  • How FCPA scrutiny and enforcement can result in related foreign law enforcement investigations as well as other negative business effects from market capitalization issues, to merger and acquisition activity, to FCPA related civil suits; and
  • Practical and provocative reasons for the general increase in FCPA enforcement.

In other words, it is what you have come to expect from the FCPA Professor; well-thought out reasoned analysis, practical knowledge and learning, and provocative thinking and assessment. For more information on the FCPA Institute, click here.

However, as I will not be able to attend the Professor’s FCPA Institute since I will be hosting my daughter’s annual summer trek to the heat and humidity of Houston, I was equally pleased to see another offering by the FCPA Professor which comes out this summer and indeed it appears in book stores next month. It is his long awaited volume, entitled The Foreign Corrupt Practices Act in a New Era, where the Professor takes a look at the FCPA’s new era of enforcement and confronts the FCPA statutory text, legislative history, judicial decisions, enforcement agency guidance, and resolved FCPA enforcement actions. The contents include the following: Prologue Introduction and Overview; Chapter 1. Before the New Era: The Story of the FCPA and Its Early Enforcement; Chapter 2. FCPA Foundational Knowledge; Chapter 3. The FCPA’s Anti-Bribery Provisions; Chapter 4. The FCPA’s Books and Records and Internal Controls Provisions; Chapter 5. FCPA Enforcement; Chapter 6. Reasons for the Increase in FCPA Enforcement; Chapter 7. The FCPA’s Long Tentacles; Chapter 8. FCPA Compliance and Best Practices; Chapter 9. FCPA Reform; and Conclusion. Of course there is a handy Index as well.

The Professor has some early high praise for his work including the following kudos:

From Michael Mukasey, Former U.S. Attorney General, says “Professor Mike Koehler has brought to this volume the clear-eyed perspective that has made his FCPA Professor website the most authoritative source for those seeking to understand and apply the FCPA. This is a uniquely useful book, laying out systematically the history and rationale of the FCPA, as well as its evolution into a structure governed as much by lore as by law. It will be valuable both to those who counsel international corporations, whether in connection with immediate crises or long-term strategies; and to those who contemplate what the FCPA has become, and how it can be improved.”

From Daniel Chow, Associate Dean for International and Graduate Programs, The Ohio State University Michael E. Moritz College of Law, USA, says of the book “This is the single most comprehensive academic treatment of the Foreign Corrupt Practices available. Professor Koehler’s book will become the authoritative standard for the field. The book not only treats the history of the FCPA, but analyzes the statute’s elements in detail, discusses current cases, and makes proposals for reforms where the current law is deficient. The book is written in a clear, accessible style and I will use it often as a resource for my own scholarly work.”

From Richard Alderman, Former Director of the UK Serious Fraud Office, states “An excellent and thought-provoking book by a great expert. Backed up by rigorous analysis of cases, Professor Koehler constantly challenges those involved in anti-corruption work by asking the question “why?” He puts forward many constructive and well-argued suggestions for improvements that need to be considered. I have learned a lot from Professor Koehler over the years and I can thoroughly recommend this book.”

And from Tom Fox – “if the FCPA Professor writes about it you need to read it. While you may disagree with him, your FCPA perspective and experience will be enriched by the exercise.”

So if you are like me and cannot make it up to Milwaukee in July, go to Amazon.com and pre-order a copy of the FCPA Professor’s book, which is scheduled to ship next month. To order click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 24, 2014

Gifts, Travel and Entertainment under the FCPA – Part III

Travel and GiftsNow that we have reviewed all of the public record pronouncements from the Department of Justice (DOJ) and Securities and Exchange Commission (SEC), this post will try and suggest what you might need in your Foreign Corrupt Practices Act (FCPA) compliance policy and attendant procedures regarding gifts, travel and entertainment. Most generally, every company has three levels of written standards and controls around its compliance function. The first is its Code of Conduct, which every company should have to express its ethical principles. I assume your company has a Code of Conduct but if you are reading this blog post and you do not have a Code of Conduct, call me. The second is its standards and policies, which every company should use to build upon the foundation of the Code of Conduct and articulate Code-based policies, which should cover such issues as bribery, corruption and accounting practices. The third, and final component, is procedures, which every company should have to ensure that enabling procedures are implemented to confirm those policies are implemented, followed and enforced.

Rebecca Walker, writing in the Society for Corporate Compliance and Ethics Complete Compliance Manual [Second Edition], in an article entitled “Gifts and Entertainment Compliance”,said written policies around gifts, travel and entertainment typically contain the following elements:

  • An introduction explaining why gifts and entertainment are acceptable and why it is important to place limits on them;
  • A discussion of the types of gifts and entertainment that are acceptable (e.g., commonly accepted business courtesies);
  • A discussion of the types of gifts and entertainment that are unacceptable (e.g., cash);
  • Dollar limits and approval requirements;
  • More stringent rules applicable to employees in particular functions, as appropriate;
  • A mention or discussion of different rules applicable to government officials; and
  • References to other policies.

Mike Volkov, in a blog post entitled “Safe Harbors and Gifts, Meals, Travel, and Entertainment Expenses”, gave these general guidelines about gifts:

  1. Given openly and transparently;
  2. Properly recorded in the company’s books and records;
  3. Motivated to express esteem or gratitude (and not corrupt intent); and
  4. Permitted under local law.

About travel he had the following insights:

  1. Do not select the foreign officials to participate in the event, or use a systematic evaluation to identify appropriate officials to attend;
  2. Pay all costs directly to vendors and do not put “cash” in the pockets of any foreign officials attending an event (as an advance or for reimbursement);
  3. Ensure that stipends are reasonable estimates of expected costs and do not provide any additional compensation or money to foreign officials;
  4. Ensure that payments are transparent and accurately reflected in company books and records;
  5. Do not condition payments on any specific action by foreign official; and
  6. Obtain written confirmation payments do not violate local law.

Below are some of my thoughts about what should go into your gifts, travel and entertainment policy.

A.     Gifts

  • The gift should be provided as a token of esteem, courtesy or in return for hospitality.
  • The gift should be of nominal value but in no case greater than $500.
  • No gifts in cash.
  • The gift shall be permitted under both local law and the guidelines of the employer/governmental agency.
  • The gift should be a value which is customary for the country involved and appropriate for the occasion.
  • The gift should be for official use rather than personal use.
  • The gift should showcase the company’s products or contain the company logo.
  • The gift should be presented openly with complete transparency.
  • The expense for the gift should be correctly recorded on the company’s books and records.

B.     Entertainment

There are no Opinion Releases on the threshold that a Company can establish as a value for entertainment. I am comfortable that such a value can go up to $500 in an appropriate circumstance. However this must be tempered with clear guidelines incorporated into the business expenditure component of a FCPA compliance policy, which should include the following:

  • A reasonable balance must exist for bona fide business entertainment during an official business trip.
  • All business entertainment expenses must be reasonable.
  • The business entertainment expenses must be permitted under (1) local law and (2) customer guidelines.
  • The business entertainment expense must be commensurate with local custom and practice.
  • The business entertainment expense must avoid the appearance of impropriety.
  • The business entertainment expense must be supported by appropriate documentation and properly recorded on the company’s book and records.

C.     Travel

  • Any reimbursement for air fare will be for economy class. However, you may be able to make exceptions for senior government officials, extremely long haul flights, or where you are contractually mandated to pay for business class travel.
  • Do not select the particular officials who will travel. That decision will be made solely by the foreign government.
  • Only host the designated officials and not their spouses or family members.
  • Pay all costs directly to the service providers; in the event that an expense requires reimbursement, you may do so, up to a modest daily minimum (e.g., $35), upon presentation of a written receipt.
  • Any souvenirs you provide the visiting officials should reflect the business and/or logo and would be of nominal value, e.g., shirts or tote bags.
  • Apart from the expenses identified above, do not compensate the foreign government or the officials for their visit, do not fund, organize, or host any other entertainment, side trips, or leisure activities for the officials, or provide the officials with any stipend or spending money.
  • The training costs and expenses will be only those necessary and reasonable to educate the visiting officials about the operation of your company.

The incorporation of these concepts into a FCPA compliance policy is a good first step towards preventing potential FCPA violations from arising, but it must be emphasized that they are only a first step. They must be coupled with active training of all personnel, not only on the policy and procedures, but also on the corporate and individual consequences that may arise if the FCPA is violated regarding gifts, travel and entertainment. Lastly, it is imperative that all such gifts, travel and entertainment be properly recorded, as required by the books and records component of the FCPA.

I view one of the key reasons for the attendant procedure of implanting the company policy around gifts, travel and entertainment is to allow oversight by a second set of eyes. Process validation requires oversight of compliance with gifts and entertainment policies is important to ensuring consistency in policy enforcement. This helps to ensure that there is the perception of fairness in this area, particularly if there must be discipline administered. Nothing is worse for an organization if, say, a salesman from the US is disciplined via a warning letter for cheating on his expense account whereas salesmen in Brazil are fired for the same offense.

Mike Volkov, in another blog post entitled “Creating a Framework for Reviewing Gifts, Meals, Travel and Entertainment Expenses”, said that he believes “There are three basic requirements for making the review process more efficient.” They include:

  1. Prospective standards – Companies need to adopt and enforce a prospective policy which carves out standards for the review and approval of such expenditures. The policy has to be clear on the standards and the procedures to be followed.
  2. Documentation – Companies have to document the process, maintain records, and audit the process. Without documentation, the policy is doomed to fail, and provides no protection when government prosecutors conduct an investigation.
  3. Advice of Counsel – Outside counsel should be used to review and approve any close calls. The run-of-the-mill situations can be handled by the policy. In close cases, outside counsel should review the matter, provide a short memo analyzing and approving the expenditure. The memo should be added to the file and available to auditors and the government if needed.

The final point from Walker, Volkov and myself is that whatever policy and procedures you set up and utilize, they should be designed for your company. The FCPA Guidance speaks to a well-thought out and designed system for any compliance risk and gifts, travel and entertainment is no different. Further, you must not only train but monitor and audit on your gifts, travel and entertainment. As this is one of the top areas that employees generate monies from their employers it is one of the top areas for fraud and hence corruption. And finally, Document, Document and Document.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,537 other followers