FCPA Compliance and Ethics Blog

April 14, 2014

The HP FCPA Settlement

FCPA SettlementLast week the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) jointly announced the conclusion of a Foreign Corrupt Practices Act (FCPA) enforcement action against Hewlett-Packard Company (HP). In the settlement, HP agreed to pay $108MM in fines, penalties and disgorgements for criminal and civil acts. To say that it was one of the more perplexing FCPA settlements would seem to be an understatement. While some will read the settlement documents and see conduct which did not merit such a high total amount of fines and penalties, I am not from that camp.

The tale of this sordid affair of bribery and corruption occurred over 3 continents with multiple countries involved, evidencing an entire breakdown in company internal controls and a complete lack of a culture of compliance. Yet the settlement documents make great pains to emphasize that few employees were actually involved in the nefarious conduct. How bad was the conduct? Think right up there with BizJet because we had bags of cash delivered to a Polish government official. (But unlike BizJet, the Board of Directors did not approve the bribery scheme and it was not taken across the border.) For the Russian deal, it was shopped through several countries with multiple levels of company review, which did not seem to work or care much about anything except getting the deal done. For Mexico, they just seemed to get a free pass where the contract description for the agent who paid the bribe was “influencer fee”.

Finally, as most readers might remember, HP did not self-report this misconduct to the DOJ or SEC. Apparently, the story of HP’s bribery by its German subsidiary to gain a contract in Russia was broken by the Wall Street Journal (WSJ) article in April 15, 2010. The next day, the DOJ and SEC announced they were investigating the allegations of bribery. However, HP was made aware of the allegations by its German subsidiary in December 2009, when German authorities raided HP’s offices in Munich and arrested one HP Germany executive and two former employees. Yet HP never self-reported. Not exactly the poster child for self-disclosure for any company going forward.

Of course HP’s public response at the time indicated its attitude, when a HP spokesperson was quoted in the WSJ article as saying “This is an investigation of alleged conduct that occurred almost seven years ago, largely by employees no longer with HP. We are cooperating fully with the German and Russian authorities and will continue to conduct our own internal investigation.”

More befuddlement comes from the reported facts around HP Germany. As noted by the WSJ report, one, then current, HP executive was arrested and two former employees were arrested in connection with the investigation by German authorities. There is no mention of them in any of the settlement documents. The WSJ article also reported that investigation-related documents submitted to a German court showed that German prosecutors were “looking into whether H-P executives funneled the suspected bribes through a network of shell companies and accounts in places including Britain, Austria, Switzerland, the British Virgin Islands, Belize, New Zealand, the Baltic nations of Latvia and Lithuania, and the states of Delaware and Wyoming”. While some of these countries were mentioned in the settlement documents there was no mentions of DOJ or SEC investigations into Wyoming, Belize, the British Virgin Islands or New Zealand.

What are we to make of the criminal fines levied against the Russian and Polish subsidiaries of HP? The Polish subsidiary pled guilty to a two count Criminal Information consisting of (1) violating the FCPA’s internal control provisions; (2) violating the FCPA’s books and records provisions. The US Sentencing Guidelines suggested a fine range of $19MM to $38MM, the final fine was $15,450,244.

For the Russia deal, the Russian subsidiary pled guilty to a four count Criminal Information consisting of (1) conspiracy to violate the books and records provisions of the FCPA; (2) violating the FCPA’s anti-bribery provisions; (3) violating the FCPA’s internal control provisions; (4) violating the FCPA’s books and records provisions. The US Sentencing Guidelines suggested a fine range of $87MM to $174MM, yet the final fine was $58,772,250.

Finally, in Mexico HP’s subsidiary, according the to the SEC Press Release, “paid a consultant to help the company win a public IT contract worth approximately $6 million. At least $125,000 was funneled to a government official at the state-owned petroleum company with whom the consultant had connections. Although the consultant was not an approved deal partner and had not been subjected to the due diligence required under company policy, HP Mexico sales managers used a pass-through entity to pay inflated commissions to the consultant.” This was internally referred to by HP as an “influencer fee.” Pretty clear evidence of what it was to be used for, wouldn’t you say? Yet the DOJ did not to criminally prosecute the company’s Mexican subsidiary and entered into a Non-Prosecution Agreement (NPA), HP agreed to pay forfeiture in the amount of $2,527,750.

How did HP accomplish all of this? In a Press Release HP Executive Vice President and General Counsel John Schultz said, “The misconduct described in the settlement was limited to a small number of people who are no longer employed by the company. HP fully cooperated with both the Department of Justice and the Securities and Exchange Commission in the investigation of these matters and will continue to provide customers around the world with top quality products and services without interruption.”

As reported by the FCPA Professor, in his blog post entitled “HP And Related Entities Resolve $108 Million FCPA Enforcement Action”, the HP Russian subsidiary Plea Agreement gave the following factors for the reduction in the fine from the Sentencing Guideline range:

“(a) monetary assessments that HP has agreed to pay to the SEC and is expected to pay to law enforcement authorities in Germany relating to the same conduct at issue …; (b) HP Russia’s and HP’s cooperation has been, on the whole, extraordinary, including conducting an extensive internal investigation, voluntarily making U.S. and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the Department; (c) HP Russia and HP have engaged in extensive remediation, including by taking appropriate disciplinary action against culpable employees of HP and enhancing their internal accounting, reporting, and compliance functions; (d) HP has committed to continue enhancing its compliance program and internal accounting controls … (e) the misconduct identified … was largely undertaken by employees associated with HP Russia, which employed a small fraction of HP global workforce during the relevant period; (f) neither HP nor HP Russia has previously been subject of any criminal enforcement action by the Department or law enforcement authority in Russia or elsewhere; (g) HP Russia and HP have agreed to continue to cooperate with the Department and other U.S. and foreign law enforcement authorities, if requested by the Department …”

In the same blog post, the Professor reported the following reasons were stated for reduction in the final fine by HP’s Polish subsidiary’s:

“(a) HP Poland’s cooperation with the Department’s investigation; (b) HP Poland’s ultimate parent corporation, HP, has committed to maintain and continue enhancing its compliance program and internal accounting controls …; and (c) HP Poland and HP have agreed to continue with the Department and other U.S. and foreign law enforcement authorities in any ongoing investigation …”

We have witnessed companies, which have engaged in ‘extraordinary cooperation’ with the DOJ during the pendency of their FCPA investigations. BizJet is certainly one that comes to mind. Further, there are clear examples of companies, which extensively remediated during the pendancies of their FCPA investigations, from which they clearly benefited. Two prime examples are Parker Drilling, which not only received a financial penalty below the suggested range but also was not required to have a corporate monitor, while they had C-Suite involvement in its bribery scheme. Weatherford seeming came back from the brink during mid-investigation when they hired Billy Jacobson and turned around not only their attitude towards cooperation with the DOJ but also their efforts toward remediation.

Both of these companies are headquartered in Houston and both have been quite active on the conference circuit talking about their compliance programs so most compliance practitioners are aware that these companies are on the forefront of best practices. Perhaps HP is on some circuit doing that, somewhere. If so, kudos to them. If their remediation work led to a best practices compliance program for the company and their extraordinary cooperation led to the astonishing reduction in penalties to their entities, I certainly tip my cap to them. If their lawyers were great negotiators and made great presentations to the DOJ and SEC, all of which led to or contributed to the final results, a tip of the cap to them as well.

So what is the lesson to be learned for the compliance practitioner? Other than befuddlement, I am not sure. Congratulating HP and its counsel is not a lesson it is an action. If HP now has a best practices compliance program, I hope they will provide the compliance community with the lessons that they learned and incorporated into their compliance program, which allowed them to obtain the fines below the minimum suggested range. If they have incorporated some enhanced compliance components into their program I hope they will share those enhancements too.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 3, 2014

Life Cycle Management of Third Parties – Step 4 – The Contract

Five stepsThis post continues to outline what I believe are the five steps in the life cycle of third party management. Today I will look at Step 4, the contract. However, before we get to the contracting stage a word about what to do with Steps 1-3. You cannot simply obtain the information detailed in these first three steps; you must evaluate the information and show that you have used it in your process. If it is incomplete, it must be completed. If there are Red Flags, which have appeared, these Red Flags must be cleared or you must demonstrate how you will manage the risks identified. In others words you must Document, Document and Document that you have read, synthesized and evaluated the information garnered in Steps 1-3. As the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) continually remind us, a compliance program must be a living, evolving system and not simply a ‘Check-the-Box’ exercise.

After you have completed Steps 1-3 and then evaluated and documented your evaluation, you are ready to move onto to Step 4 – the contract. Obviously any commercial relationship should be governed by the terms and conditions of a written contract. Clearly your commercial terms should be set out in the contract. In the area of commercial terms the FCPA Guidance intones “Additional considerations include payment terms and how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business.” This means that you need to understand what the rate of commission is and whether it is reasonable for the services delivered. If the rate is too high, this could be indicia of corruption as high commission rates can create a pool of money to be used to pay bribes. If your company uses a distributor model in its sales side, then it needs to review the discount rates it provides to its distributors to ascertain that the discount rate it warranted.

In addition to the above analysis from the compliance perspective, you should incorporate compliance terms and conditions into your contracts with third parties. I would suggest that you begin with some type of compliance terms and conditions template, which can be used as a starting point for your negotiations. The advantages of such a template are several; they include: (1) the contract language is tested against real events; (2) the contract language assists the company in managing its compliance risks; (3) the contract language fits into a series of related contracts; (4) the contract language is straight-forward to administer and (5) the contract language helps to manage the expectations of both contracting parties regarding anti-bribery and anti-corruption.

What are the compliance terms and conditions that you should include in your commercial contracts with third parties? In the Panalpina Deferred Prosecution Agreement (DPA), Attachment C, Section 12 is found the following language, “Where necessary and appropriate, Panalpina will include standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anticorruption representations and undertakings relating to compliance with the anticorruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.” In the Johnson & Johnson (J&J) DPA, the same language as used in the Panalpina DPA is found in Attachment C, entitled “Corporate Compliance Program”. However, in Attachment D, entitled “Enhanced Compliance Obligations”, the following language is found: “Contracts with such third parties are to include appropriate FCPA compliance terms and conditions including; (i) representatives and undertakings of the third party to compliance; (ii) right to audit; and (iii) right to terminate.”

Mary Jones, in an article in this blog entitled “Panalpina’s World Wide Web”, suggested the following language be present in your compliance terms and conditions:

  • payment mechanisms that comply with this Manual, the FCPA [Foreign Corrupt Practices Act], the UKBA [UK Bribery Act] and other applicable anti-corruption and/or anti-bribery laws during the term of such contract;
  • the counterparty’s obligation to maintain accurate books and records in compliance with the Company’s Policy and Compliance Manual;
  • the counterparty’s obligation to certify on an annual basis that: (i) counterparty has not made, offered, or promised any payment or gift of money or anything of value, directly or indirectly, to any Government Official (or any other person or entity if UK Bribery Act applies) for the purpose of obtaining or retaining business or getting any improper business advantage; and (ii) counterparty has not engaged in any conduct or behavior prohibited by the Code of Conduct, Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law;
  • the Company’s right to audit the counterparty’s books and records, including, without limitation, any documentation relating to the counterparty’s interaction with any governmental entity (or any entity if UK Bribery Act applies) on behalf of the Company, and the counterparty’s obligation to cooperate fully with any such audit; and
  • remedies (including termination rights) for the failure of the counterparty to comply with the terms of the contract, the Code of Conduct, the Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law during the term of such contract.

Based on the foregoing experts and the research I have engaged in, I believe that compliance terms and conditions should be stated directly in the document, whether such document is a simple agency or consulting agreement or a joint venture (JV) with several formation documents. The compliance terms and conditions should include representations that in all undertakings the third party will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the company is a participant.

In addition to the above affirmative statements regarding conduct, a commercial contract with a third party should have the following compliance terms and conditions in it.

  • Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation.
  • Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of foreign business partner emails and bank accounts relating to your Company’s use of the foreign business partner.
  • Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further, such a finding will be the grounds for immediate cessation of all payments.
  • No Sub-Vendors (without approval): The foreign business partner must agree that it will not hire an agent, subcontractor or consultant without the Company’s prior written consent (to be based on adequate due diligence).
  • Audit Rights: An additional key element of a contract between a US Company and a foreign business partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training.
  • Acknowledgment: The foreign business partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws, which apply to either the foreign business partner or business relationship.
  • On-going Training: Require that the top management of the foreign business partner and all persons performing services on your behalf shall receive FCPA compliance training.
  • Annual Certification: Require an annual certification stating that the foreign business partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct.
  • Re-qualification: Require the foreign business partner re-qualify as a business partner at a regular interval of no greater than every three years.

Many will exclaim, “What an order, I can’t go through with it.” By this they mean that they do not believe that they will be able to get the third party to agree to such compliance terms and conditions. I have found that while it may not be easy, it is relatively simply to get a third party to agree to these, or similar, terms and conditions. One approach to take is that they are not negotiable. When faced with such a position on non-commercial terms many third parties will not fight such a position. There is some flexibility but the DOJ will require the minimum terms and conditions that it has suggested in the various Attachment Cs to the DPAs I have discussed. But the best position I have found is that if a third party agrees with these terms and conditions, they can then use that as a market differentiator from other third parties who have not gone through the life cycle management of a third party as this series has discussed.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 31, 2014

Life Cycle of Third Party Management – Step 1 Business Justification

Five stepsWith thanks to the Two Tough Cookies, I am back from a successful Spring Break college tour to universities in the state of Washington. My daughter and I had a great time, experienced some typical and untypical Seattle weather and met some very interesting folks on our trip. But I would have to say that one of my greatest joys as a father has been watching my daughter grow into a young woman as she navigated the college tour process with much aplomb.

This week I am going to present a series on my views of the life cycle of third party management under an anti-corruption (or anti-money laundering (AML) program for that matter) under the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. I have broken down the life cycle of third party management into five steps:

  1. Business Justification and Business Sponsor;
  2. Questionnaire to Third Party;
  3. Due Diligence on Third Party;
  4. Compliance Terms and Conditions, including payment terms; and
  5. Management and Oversight of Third Parties After Contract Signing.

Today I will begin with the business justification.

It really seems to me that it should be common sense that you should have a business justification to hire or use a third party. If that third party is in the sales chain of your international business it is important to understand why you need to have a particular third party represent your company. This concept is enshrined in the FCPA Guidance, which says, “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the ser­vices to be performed.”

The Internal Revenue Service (IRS) also considers a business justification to be an important part of any best practices anti-corruption compliance regime. Clarissa Balmaseda, a special agent in charge of IRS criminal investigation, speaking at the 2013 ACI Bootcamp in Houston, said that the lack of business justification could be a Red Flag, which could signify a possible indicia of corruption. With the Department of Justice (DOJ); Securities and Exchange Commission (SEC) and IRS all noting the importance of a business justification, it is clear that this is something you should incorporate into your compliance program.

But the business justification also provides your company the opportunity to help drive compliance into the fabric of your everyday operations. This is done by requiring the employee who prepares the business justification to be the Business Sponsor of that third party. The Business Sponsor can provide the most direct means of communication to the third party and can be the point of contact for compliance issues.

Tyco International takes this approach in its Seven Step Process for Third Party Qualification. Tyco breaks the first step into two parts, which include:

  1. Business Sponsor – Initially identify a business sponsor or primary contact for the third party within your company. This requires not only business unit buy-in but also business unit accountability for the business relationship or as Scott Moritz, a partner at Navigant and one of the architects of the Tyco Process, said “This puts the onus on each stakeholder.”
  2. Business Justification – The business unit must articulate a commercial reason to initiate or continue to work with the third party. You need to determine how this third party will fit into your company’s value chain and whether they will become a strategic partner or will they be involved in a one-off only transaction?

Further, at the same conference as IRS Agent Balmaseda spoke, another Chief Compliance Officer (CCO) of a major energy service company detailed his thoughts on his company’s 12 point evaluation process for reviewing, assessing, then contracting with and managing foreign business partners. Under Step 2, which he entitled, “Competence of foreign business partner”;he detailed a two-part analysis for his company. “It includes a review of the qualifications of the candidate for subject matter expertise and the resources to perform the services for which they are being considered. However, it also in includes an identification of the representative’s expected activities for your company.”  He also added, that under one of his company’s steps, which he monikered “Business justification for use of agent and reasonableness of compensation”, “you should begin the entire process by requiring the relevant business unit which desires to obtain the services of any foreign business partner to provide you with a business justification including current opportunities in territory, how the candidate was identified and why no currently existing foreign business relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.”

So what should go into your Business Justification? First and foremost is that you should craft a document, which works for both you as the compliance practitioner and the business folks in your company. There are some basic concepts that I think are important but you may want to modify my suggestions based on your own experiences.

You need the name and contact information for both the Business Sponsor and the proposed third party. You need to inquire into how the Business Sponsor came to know about the third party because it is a Red Flag if a customer or government representative points you towards a specific third party. You should inquire into what services the third party would perform for your company, the length of time and compensation rate for the third party. You will also need an explanation of why this particular third party should be used, as opposed to an existing or other third party, if such were considered. All of this information should be written down and then signed by the Business Sponsor.

Remember, the purpose of the Business Justification is to document the satisfactoriness of the business case to retain a third party. The Business Justification should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third party relationship is renewed. In the Tom Fox Mantra, this means Document, Document, and Document.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 21, 2014

The Destruction of Arthur Andersen and the Use of DPAs in FCPA Enforcement

Arthur AndersenThe debate over the efficiencies of Deferred Prosecution Agreements (DPAs) continued this week with additional criticism of their use. I have argued that DPAs are in a corporation’s interest because they can bring certainty to the conclusion of an enforcement action and allow it to make remedial changes and move forward. However yesterday I came across an article by Larry Katzen, a former partner at Arthur Andersen and author of “And You Thought Accountants were Boring – My Life Inside Arthur Andersen.” Katzen’s piece is entitled “A Business World Massacre – What Can Happen 
When Government Needs a Scapegoat” and it details the destruction of the firm after it’s guilty verdict surrounding the Enron scandal. Katzen articulates the human costs for the total wipeout of the firm and sets out clearly what can happen when a company goes to trial and sustains a guilty verdict. I received permission to reprint his article in full, which is below:

==============================================================================================================================================================================================================================

A Business World Massacre – What Can Happen 
When Government Needs a Scapegoat 

It remains one of the greatest travesties in the history of American business: In 2001, the 85,000 employees of one of the world’s largest accounting firms began losing their jobs in droves. Their employer had become tainted by its loose association with Enron Corp., a financial house of cards that was imploding and taking with it billions of dollars in employee pensions and shareholder investments.

In 2002, accounting firm Arthur Andersen was convicted of charges related to Enron’s fraudulent practices. The charges had nothing to do with the quality of their auditing – or any of Enron’s illicit practices. The conviction was appealed, and in 2005, the U.S. Supreme Court struck it down in a unanimous vote. But the damage had already been done.

To date, despite millions of records being subpoenaed, there is no evidence Arthur Andersen ever did anything wrong. Still, perceptions are everything: Most people are not aware that the accounting firm, which led the industry in establishing strict, high standards, became a government scapegoat.

When I speak to groups across the country, I ask the following questions. Below are the typical responses I receive – and the actual facts.

1.     What do you remember about Arthur Andersen? 

Typical Response: They were the ones that helped facilitate the Enron fraud. They deserved what they got.

Fact: Arthur Andersen was the largest and most prestigious firm in the country. It was considered the gold standard of the accounting profession by the business community.

2.     For what was Arthur Andersen indicted? 

Typical Response: They messed up the audit of Enron and signed off on false financial statements.

Fact: They were indicted for shredding documents. These documents were drafts and other items that do not support the final product. All accounting firms establish policies for routinely shredding such documents.

3.     How long was it between the Enron blowup and when Arthur Andersen went out of business? 

Typical Response: One to three years.

Fact: The largest accounting firm in the world was gone in 90 days.

4.     Was the indictment upheld? 

Typical Response: Yes, that is why they went out of business.

Fact: No. The Supreme Court overruled the lower court in a 9-0 decision, and came to the conclusion within weeks, making it one of their quickest decisions ever.

5.     How many people lost their jobs as a result of the false accusations? 

Typical Response: Have no idea, but the partners got what they deserved.

Fact: Eighty-five thousand people lost their jobs and only a few thousand were partners. Most were staff people and clericals who made modest sums of money.

6.     Who benefited from Arthur Andersen going out of business? 

Typical Response: Everyone – we finally got rid of those crooks and made a statement to the rest of business to operate ethically.

Facts: It was not the Arthur Andersen people; they lost their jobs. It was not the clients; they had to go through the stress and expense of finding a new auditing firm. It was not the business world in general: It now has fewer firms from which to choose and rates increased. It was their competitors who benefited – they got Andersen’s best people and clients and were able to increase their rates and profitability.

7.     What accounting firms now have ex Arthur Andersen partners playing leadership roles in their firms? 

Typical Response: None

Facts: The “big four,” all the large middle-tier firms and many small firms have former Arthur Andersen partners in leadership positions. Finally, many members of the new Public Accounting oversight Board (PCAOB), which oversees these firms, now have former Arthur Andersen people involved in reviewing the quality of these firms.

==============================================================================================================================================================================================================================

Was Arthur Andersen guilty of a crime? The jury said yes but the US Supreme Court said no. Were they a part of one of the biggest corporate frauds of all-time? Perhaps. Did Arthur Andersen make mistakes? Yes. Did the firm deserve to get wiped out as a result of document shredding? Are you kidding?

The destruction of Arthur Andersen is foremost on the mind of every General Counsel (GC), Chief Executive Officer (CEO) and Board of Director whose company is facing the decision of whether or not to fight in court any charges related to Foreign Corrupt Practices Act (FCPA) violations. Some have argued that DPAs pervert the course of justice but from where I sit, having seen Arthur Andersen destroyed before our collective eyes, the better practice is to enter into a DPA. Was it really in the interest of the Department of Justice (DOJ), or even the People of the United States, who after all the DOJ represent, to throw 85,000 people out of work for the document shredding engaged in by the firm’s Houston office?

Some commentators seem to argue that if a company violates the FCPA, they should get what they justly deserve. But does it serve any interest to wipeout an entire company? Finally, for those who want to tell company management to man up and go to trial, GCs, Chief Compliance Officer (CCO), Board members and others need to remember their legal obligations to their companies and shareholders and not be cowboys going to the last gunfight. Put another way, do you want to be the first GC, CCO, Board member or CEO who tells the DOJ that you are over-reaching and we are going to trial and lose everything like Arthur Andersen did?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 19, 2014

Miners Triumph and Opinion Release 14-01

Miners Win NCAAOn this date in 1966, the Texas Western University (now UTEP) Miners won the NCAA Basketball Championship, beating the University of Kentucky Wildcats. Now the first round has not even started by March 19, but it is not the date that made this event so noteworthy but the character of the teams. The Miners were the first team to start five African-Americans to win the NCAA championship. Adolph Rupp, who was making his final NCAA championship appearance that night after a long and storied career, coached the Wildcats. But on this night, the Miners clearly outplayed Rupp’s Wildcats, dominating them from the start to the finish.

I was thinking about the Miners and their triumph when I received a copy of the first Opinion Release of 2014, appropriately designated Opinion Release 14-01. In 14-01, the Department of Justice (DOJ) opined that paying a foreign government official for monies he was owed in the sale of a business interest that he owned prior to becoming a foreign government official would not be prosecuted as a Foreign Corrupt Practices Act (FCPA) violation. As intuitive as this decision might sound, there is, nevertheless, significant information for the compliance practitioner to take away from 14-01.

Background Facts

The Requestor had purchased Foreign Company A in 2007, from the Foreign Shareholder when he was a private citizen. To guarantee Foreign Shareholder’s participation, the parties’ agreement contained a five-year lock-in period that prohibited Foreign Shareholder from selling his interest prior to January 1, 2012. The Agreement did, however, allow Foreign Shareholder to leave Foreign Company A before the end of the five-year period if he were appointed to a minister level position or higher in the Foreign Country’s government.

In December 2011, Foreign Shareholder became a foreign government official under the FCPA when he was appointed to serve as a high-level official at Foreign Country’s central monetary and banking agency (“Foreign Agency”). Foreign Agency is responsible for bank and financial industry regulation and monetary policy. Upon his appointment, the Foreign Shareholder ceased to have any role or function at Foreign Company A, other than as a passive shareholder.

The now the foreign government official desired to sell his final interest in the company. However, under the formula for the repurchase of his interest, said interest was at zero value, primarily due to the financial crisis of 2008-9. Apparently the now foreign government official threatened to either sue or sell his interest to a third party and the Requestor decidedly did not want either eventuality. The parties agreed to another form of valuation and sought approval from the DOJ through its Opinion Release procedure regarding how to pay the now foreign government official under this new valuation.

Representations and Warranties by the Parties

The foreign government instrumentality involved did not regulate the Requestor but the Requestor has done business with said instrumentality in the past and would continue to do so. The now foreign government official informed the DOJ that he had not in the past “influenced or sought to influence, any decisions by Foreign Agency, Foreign Country’s government, or any third party with respect to” the entities in question and would not do so in the future. Additionally, the Requestor provided separate internal communications to the employees of the entity in question to the effect that their former owner was now a foreign government official and that “he is prohibited from participating in any discussion, consideration, or decision, or otherwise influencing any decision relating to the award of business” to the entity in question.

There were three additional representations, which I found significant, they were:

  • Requestor obtained a representation from now foreign government official that he has disclosed his ownership interest and the proposed sale of the shares in the entity in question to the relevant government authorities of Foreign Country and the relevant department at Foreign Agency, and the relevant government authorities have informed him that they approve or do not object to the sale of the shares.
  • Foreign Shareholder has warranted in writing that any payment to him to purchase the shares will be made to him solely as consideration for the shares, not in his official capacity or in exchange for any present or expected future official action.
  • The Requestor has received written assurance from local counsel in Foreign Country that the purchase of the shares is lawful in Foreign Country. 

DOJ Analysis

In its analysis, the DOJ focused on several factors. Initially, the DOJ noted that the commercial relationship began far before the individual at issue became a foreign government official. Further, even if the sales contract was not followed, because under it the foreign official would not have received fair value in the buy-out, the Requestor presented, “legitimate business considerations, prompted and justified the renegotiation of the buyout formula contained in the 2007 Agreement.” This justification was coupled with the new valuation set by “a leading, highly regarded, global accounting firm (the “Firm”) to determine the Shares’ value” and the apparent sharing of the entity’s financial information with the DOJ. The DOJ noted, “Requestor’s decision to engage the Firm to serve as the independent and binding arbiter of the value of the Shares provides additional assurance that the payment reflects the fair market value of the Shares, rather than an attempt to overpay Foreign Shareholder for a corrupt purpose. Neither Requestor nor Foreign Shareholder requested or obtained conditions or limitations on the valuation or the valuation formula prior to engaging the Firm, and the valuation was carried out strictly in accord with the terms of the engagement. There is no indication of either party requesting a minimum or specific valuation from the Firm or attempting to improperly influence the valuation.”

Equally important was the transparency involved. There was an “appropriate and meaningful disclosure of the parties’ relationship”. There was disclosure by the government official to his government of the relationship and pending sale. The “relevant government authorities of Foreign Country and the relevant department at Foreign Agency, and the relevant government authorities have informed him that they approve or do not object to the sale of the Shares.” Lastly, both the Requestor and the foreign government official involved had averred that he would not assist the US Company in obtaining or retaining business.

Discussion

For the compliance practitioner, there are several key points to consider. The first point is found in a footnote and it reads, “Following Requestor’s initial submission, the Department sent Requestor a letter seeking additional information on July 25, 2013. Requestor provided a partial response by letter on September 19, 2013, which was accompanied by significant backup documentation. Thereafter, the Department and counsel for Requestor had several follow up discussions to clarify certain issues. On February 13, 2014, Requestor provided a final submission that addressed the last outstanding issues raised by the Department.” This is the first time that I recall seeing a time line laid out in an Opinion Release. This gives a compliance practitioner some idea of the time frames involved in the process.

The second is the use of representations and warranties by the parties. In Opinion Release 13-01 a key component was an opinion from the Chief Legal Office of the foreign official’s country that the conduct in question would not violate that country’s laws. However in 14-01, the DOJ accepted representations that the foreign official in question would not pass on business in which he either had an interest or help the Relator to ‘obtain or retain’ business with the agency at which the foreign official now worked. This type of evidence is something that a company should now consider when designing protocols to satisfy issues similar to those presented in 14-01.

Next is the quality and quantity of payment(s) to be made to the now foreign official to cash him out and purchase his interest. Here the parties agreed to an independent valuation by an internationally recognized accounting firm. This provides some type of arms-length analysis. It also provides a market based approach to the payment issue so that there is evidence of true (or perhaps truer) market value, not some arbitrary number agreed to by the parties.

Finally, all the parties seemed to have documented everything. This clearly states to me the need for documentation, which can be reviewed and assessed by a regulator. As I often say the three most important things in FCPA compliance are: Document, Document and Document. I believe that Opinion Release 14-01 makes this point even clearer.This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 18, 2014

When to Bring in Investigative Counsel and Why

InvestigationsWhen should you bring in a true outsider to handle an internal investigation? What about specialized investigative counsel? Jim McGrath, who often writes about the need for specialized investigative counsel, has also pointed out on several occasions that having an independent eye on things is also a plus. However, rarely do we see both questions played out so publicly as is currently going on in the General Motors (G.M.) recall investigation. Indeed, Matthew Goldstein and Barry Meier discussed these  questions in Sunday New York Times (NYT) Business Section article by, entitled “G.M Calls the Lawyers”.

For those of you not familiar with G.M.’s problems, McGrath also wrote about them in his Internal Investigations Blog, in a post entitled “What Did GM Know and When Did They Know It?” McGrath describes the current issues as “the revelation that General Motors is the target of probes by Congress and by the National Highway Transportation Safety Administration over its handling of ignition switch defects in at least six of its popular automobiles. Failures in these switches may have resulted in as many as thirteen deaths and seemingly point to quality control failures at the automaker.” Others have estimated the death totals much higher for this defect. And, as McGrath notes, the key question is ‘what did GM know and when did they know it’?

Interestingly G.M. has hired two law firms to handle the investigation. One is King & Spalding, which handled much of the product liability litigation over the alleged defect and the second is Jenner & Block. In the NYT article, a prominent plaintiff’s lawyer, Lance Cooper, who fought GM and King & Spalding on this product liability litigation noted the obvious when he said, “They are part of the story.” By this he meant that “King & Spalding’s switch from a fierce defender of G.M. to a potential inquisitor into the company’s actions may also pose a conflict. For one, some of the firm’s lawyers may have to ask their own colleagues if they advised G.M. about whether to recall the vehicles at the time the Melton case was settled.”

More importantly for G.M., the retention of “outside counsel in these cases is part investigation, part public-relations gambit and part legal strategy. In most cases, the goal isn’t to publicly flog a company or its top executives, but rather to limit damage to an institution’s reputation or to contain the financial harm to shareholders of a publicly traded company. And it does so under the protection of the attorney-client privilege. From the point of view of the company, a well-done internal investigation can shape the accepted story of what happened — and produce findings that allow the company to negotiate for lower penalties from prosecutors or regulators down the road.” But, more importantly, to “achieve those ends, the law firms conducting the investigations must be viewed as forthright and uncompromised. In this respect, some critics have already questioned G.M.’s choices.”

The NYT quoted another lawyer, William McLucas, a partner at WilmerHale, who said, “If you are a firm that is generating substantial fees from a prospective corporate client, you may be able to come in and do a bang-up inquiry. But the perception is always going to be there; maybe you pulled your punches because there is a business relationship.” This is because if “companies want credibility with prosecutors and investors, it is generally not wise to use their regular law firms for internal inquiries.” Another expert, Charles Elson, a professor of finance at the University of Delaware who specializes in corporate governance, agreed, adding, “I would not have done it because of the optics. Public perception can be affected by using regular outside counsel.””

Adam G. Safwat, a former deputy chief of the fraud section in the Justice Department, said that the key is “Prosecutors expect an internal investigation to be an honest assessment of a company’s misdeeds or faults, “What you want to avoid is doing something that will make the prosecutor question the quality of integrity of the internal investigation.”” The aforementioned Jim McGrath was also interviewed for the article. He said, “A shrewd law firm that gets out in front of scandal can use that to its advantage in negotiating with authorities to lower penalties and sanctions. There is a great incentive to ferret out information so they can spin it.”

All of these concerns are equally valid in the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act investigation context. But they are layered upon the Fair Process Doctrine. This is because procedural fairness is one of the things that will bring credibility to your Compliance Program. This Doctrine generally recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. Considerable research has shown that people are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at through processes and procedures that are perceived as fair. Adhering to the Fair Process Doctrine in your Compliance Program is critical for you, as a compliance specialist or for your Compliance Department, to have credibility with the rest of the workforce.

In internal investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Further, those involved must have confidence that any internal investigation is treated seriously and objectively. I have recently written about several aspects of internal investigations, in order to emphasize how to handle internal whistleblower complaints in light of the Dodd-Frank implications. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

This fairness has several components. One would be the use of outside counsel, rather than in-house counsel to handle the investigation. Moreover, if a company uses a regular firm, it may be that other outside counsel should be brought in, particularly if the regular outside counsel has created or implemented key components that are being investigated. Further, if the company’s regular outside counsel has a large amount of business with the company, then that law firm may have a very vested interest in maintaining the status quo. Lastly, the investigation may require a level of specialization that in-house or regular outside counsel does not possess.

Living in Houston, this all played out in disastrous results during the Enron scandal. Near the end of Enron’s run, its regular outside counsel, Vinson & Elkins, investigated questionable accounting practices at Enron. As the NYT article noted, “The firm’s investigation is viewed as an utter failure or a corporate whitewash. The review essentially gave Enron a clean bill of health just months before it collapsed in one of the biggest accounting frauds of all time. In 2006, the law firm paid $30 million to Enron’s bankruptcy estate to resolve claims that its actions had contributed to the energy company’s demise.”

All of this means, your company needs to get it right in the hiring of outside counsel to handle an investigation. As McGrath wrote at the end of his blog, “the Jenner and King people will have to make like Howard Baker and ask what the president – or other ranking person with reporting authority to NHTSA – knew and when they knew it. Because the cover-up is usually worse than the underlying wrong and this one could cost GM $35 million and its reputation.” The NYT article ended with the following, “The best internal investigations are the ones that don’t receive much media attention. A company deals with a problem quickly, and if there’s something to report to authorities, the company tends to be treated leniently for its forthrightness.” Amen.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 12, 2014

FDR’s Fireside Chat and Risk Ranking of Third Parties Under the FCPA

FDR Fireside ChatOn this date in 1933, just eight days after he was inaugurated, President Franklin Roosevelt (FDR) gave his first Fireside Chat to the American public. FDR began his chat by stating, “I want to talk for a few minutes with the people of the United States about banking.” He went on to explain his recent decision to close the nation’s banks in order to stop a surge in mass withdrawals by panicked investors worried about possible bank failures. FDR had correctly assessed that the public had lost confidence in the US banking industry and, based on that assessment, he closed them in his famous Bank Holiday. In 1929, over 600 banks folded, the number by 1932 had increased to over 5100. But more than simply these bank failures was the perception that the US banking system was on the verge of collapse. FDR also announced that he was reopening the banks the next day. The US banking system has been secure since that time.

I thought about FDR’s ability to correctly assess the risk to the US banking system. As compliance programs mature, one of the things that companies struggle with is how to better assess third party risks so that the right resources can be delivered to manage these risks. In the most recent issue of Compliance Insider an article, entitled “Building a Risk-Scoring Methodology for Distributors and Resellers”, lays  out a decision making calculus which can assist a company to best utilize its resources to not only quantify a large number of third party risks, but manage those risks more efficiently.

The article notes that there are two main resources that a compliance practitioner will need to rate the risks of third parties. The first is information about the entity. This category of information can come from a number of sources including the third party itself, in the form of a questionnaire through  to various levels of due diligence. The second  resource is the people who use the information to make decisions.  As there is only a finite amount that you, the compliance practitioner, can find out about your third parties use the resources available as there is a substantial need to make the best use of that information. All of this must be balanced between spreading the decision making across a large number of people whilst ensuring that the decisions made are consistent. To assist in answering these issues, the article suggests a methodology “to help focus your controls and resources more efficiently”. 

1.          What is your aim? 

The initial step in any risk-scoring exercise is to clearly define what you are trying to achieve. The second part of clarifying the aim is to build an expectation and means of measurement so that you can assess the validity of your calculus. 

2.             Which information is relevant? 

Most generally, the main criteria are the location of the partner or where they will deliver the product or services, the type of service or product that the partner is providing and the value of that service. This initial analysis can help you to create a high, medium and low risk model. But other factors should be weighed which can provide a more sophisticated approach. Some of these factors include the following:

  • Are they new or existing partners?
  • Are they touching end-users?
  • Are they selling to government customers?
  • Do you have contracts with them?
  • Do they obtain licenses for selling products in that country on your behalf?
  • Do you provide market development funds to them? 

3.             Where can I find the information? 

This speaks to the heart of your due diligence process. Obviously a questionnaire forwarded to your potential third party is a starting point. However such information should be verified and cross-checked. Additional factors should be geographic risk, the value(s) of potential transactions and compensation to the third parties. Lastly is the traditional levels 2 and 3 due diligence.

4.             Consider the questions you will ask the third parties 

Here the author believes that an additional analysis of both the criteria required and the possible resources to garner datum to support the criteria should be considered. These considerations include:

  • Which is the most cost-effective source for the information?
  • What is the most accurate way of obtaining information?
  • Do you need to ask the question at all?
  • How should the questions be worded to ensure the greatest efficiency in getting to the required answer?
  • How do you write the questions to ensure the scores are usable?
  • Which questions and responses should be scored? 

5.             Are the responses accurate? 

Here is where ‘a second set of eyes’ is critical. The article suggests that “sanity checks to ensure that the answers respond to the question and that the responder seems to have understood the question – this is especially useful when the questions have been translated into other languages.” You should also endeavor to cross-check against other information known about the partner, with reviews by multiple persons in your organization. Finally, on the back you should build into your program audits and spot-checks to assess the accuracy and consistency of approvals.

6.             What does it all mean?

Now you have to start using the information. Recognizing that you may need to tinker with your system, it is important that you “design the overall process to allow changes to be made in the future, as you learn more about the results.”

7.             What happens next?

Now the time has arrived to score the results. After you determine who will make the decision and the path for review and escalation, if required, also you should consider the Tom Fox Mantra, Document, Document, and Document. In other words, how does the scoring and decision making process get documented in your organization?

8.             How will you carry out the review process? 

At this point, it is appropriate to consider whether you have met or are moving in the direction that you attempted to establish back in Step 1. You should consider:

  • Does your program accurately reflect the risks that you understood the partners posed?Is the final result of your process consistent?
  • Were decisions on the risk level made by the right people in your organization?
  • Were the necessary issues escalated to the right people?
  • Have the risks changed?
  • Can the process be changed, or has it been built into an inflexible technology or workflow? 

Once the review is complete any necessary changes should be communicated to the staff involved in the process to ensure they know how their role is impacted. The author ends with some reservations that you should expect to run into. These include:

  • don’t expect to use scoring to fully automate a process – the information available is generally not complete enough to provide an accurate model, so scoring is far better when used as a guide;
  • don’t assume you will get it right first time (or second) – it is important to have a clear understanding of what you are aiming at, and to build regular review into the program to recalibrate the scoring;
  • keep the process and scoring as simple as possible – most of the relevant risk-related information can be found in a few key criteria; and
  • your perception of risk will change when new information comes to light, so remember to document the decision-making process so that you can justify the final risk outcome. 

While FDR may have more intuitively known the real problem with the US banking system it was the perception that it was not solvent, you do not have to rely solely on your gut when making informed decisions about the Foreign Corrupt Practices Act (FCPA) risks that a third party may present to your company. For the Department of Justice (DOJ), I think the key is that you assess the risk and document that assessment. If you do so and a third party gets you into FCPA hot water, you have the best chance of coming out on the other side as well as the US banks did after their ‘holiday’ with FDR.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

February 20, 2014

C’Mon Man Or the End of the World?

Prepare End of the WorldIt’s the end of the world as we know it,

It’s the end of the world as we know it

It’s the end of the world as we know it, and I feel fine

 The above lyrics came from REM and they reflect how I generally feel about law firm and lawyer pronouncements about the Foreign Corrupt Practices Act (FCPA) enforcement because [SPOILER ALERT] I am a lawyer, I do practice law and I do work for a law firm, the venerable TomFoxLaw. The FCPA Professor regularly chides FCPA Inc. for their scaremongering tactics, usually monikered as ‘Client Alerts’. Mike Volkov is even more derisive when he calls them the FCPA Paparazzi and cites examples from his days in Big Law, where law firm marketing campaigns are centered around doomsday scenarios about soon-to-occur FCPA; UK Bribery Act; or [fill in the anti-corruption law here] prosecutions and enforcement actions. I usually take such law firm scaremonger and blathering’s to be about worth as much as the paper they are printed on. Indeed I chide the FCPA Professor and Monsieur Volkov for their protestations. In other words, I feel fine.

I am a proud card-carry member of FCPA Inc. because not only can I spell FCPA (and UKBA for that matter), I also make FCPA related pronouncements from time-to-time and practice law in the FCPA space. I think we generally do a pretty good job of getting information out there. But last week one missive occurred that not only met the above impugning adjectives but created a veritable tsunami of mis-information as it made its way from China to Europe and to the US that even I thought was beyond the pale. How absurd was it? So absurd that not only did the FCPA Professor and I agree about it, but we decided to post blogs about it today.

On February 5 a law firm client alert stated, “While the number of enforcement actions may decrease or hold steady, we can expect some “blockbuster” settlements in 2014 of matters that have long been under investigation.” Blockbuster…really? Do you think this law firm was implying that the Siemens record FCPA fine of $800MM, plus its equivalent $800MM fine in Germany, that’s a total of $1.6 bn for those of you keeping score at home, is seriously in danger of falling by the wayside in 2014? How about Halliburton’s comparatively paltry $579MM penalty? To be slapped aside like a green-skinned witch yelling, “I’m melting!” BAE coming in at No. 3 with a measly $400MM must be quaking it is British Wellington boots about now.

As inane as this comment was, the thing that attracted my attention was the tidal force wave by which this quote rode its way all the way to the US. By February 10th, this quote had morphed into the following, written in the South China Morning Post, “The United States is expected to impose “blockbuster” fines on companies bribing foreign officials this year, with China a likely target of US investigations, lawyers say. A report by US law firm WilmerHale predicts “blockbuster” settlements under the Foreign Corrupt Practices Act (FCPA). “US enforcement authorities have stated there are a number of very large settlements in the pipeline,” said Jay Holtmeier, a partner at WilmerHale. “Given the attention paid to China in recent years, it is a safe bet some of those large settlements will involve conduct in China.”” Two days later the full storm reached the shores of the US when this article was referenced in the Wall Street Journal’s (WSJ’s) Corruption Currents.

So now not only do we have ‘blockbuster’ FCPA settlements coming; we will have them coming out of China. Various marketing departments will use these statements as ‘authoritative’, yet another reason to purchase their company’s products or services.

There are plenty of great FCPA resources out there, which inform the compliance practitioner, or indeed the non-compliance specialist, about the costs of a FCPA enforcement action. But more importantly there is more than a wealth of free, at no cost, information about how to craft a compliance program with any anti-corruption law, which currently exists. There is the same amount of information about how to ‘do compliance’, once again free and available at no charge. Is it marketing? My answer is either yes or better yet; who cares? Good solid information is good solid information no matter what the motives behind putting it out there are.

But here is the problem with making such statements which newspapers then follow them up by brandishing them as even more dire predictions. Someone might actually believe it. Next Congress will want to investigate these ‘blockbuster’ settlements or, perhaps, why after it was reported that they were coming, the Department of Justice (DOJ) did not have any ‘blockbuster’ settlements in 2014?

I thought about writing this blog post around the tale of the Boy Who Cried Wolf but I realized there is always another law firm or lawyer out there will to say the end of the world is coming “this year”. But perhaps the better analogy is the ESPN segment entitled “C’Mon Man!” during which each color commentator will describe a play or series of plays that made them scratch their heads and say “C’Mon Man!” So while I generally feel fine about the information disseminated by and from FCPA Inc., my suggestion is that everyone just take a deep breath and consider such information for what it is worth.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

February 18, 2014

Board Investigations and the Curse of the Mummy’s Tomb – Part II

Board of DirectorsYesterday I began an exploration of a recent article in the Corporate Board magazine, entitled “Successful Board Investigations” by David Bayless and Tammy Albarrán, partners in the law firm of Covington & Burling LLP. In Part I, I reviewed the authors’ five key objectives, which they believe a board must pursue to ensure a successful investigation. Today, I will look at the authors’ seven considerations to facilitate a successful board investigation.

1.             Consider whether you need independent outside counsel

The authors consider that the appearance of partiality “undermines the objectivity and credibility of an investigation.” That means you should not use your regular counsel. The authors cite to the Securities and Exchange Commission (SEC) analysis of how independent board members truly are to explain the need for independent counsel. They state, “the SEC considers the following criteria when determining whether (and how much) to credit self-policing, self-reporting, remediation and cooperation” which will consist of the following factors:

  • Did management, the board or committees consisting solely of outside directors oversee the review?
  • Did company employees or outside persons perform the review?
  • If outside persons, have they done other work for the company?
  • If the review was conducted by outside counsel, had management previously engaged such counsel?
  • How long ago was the firm’s last representation of the company?
  • How often has the law firm represented the company?
  • How much in legal fees has the company paid the firm?

As Andre Agassi might say, ‘perception is reality’.

2.             Consider hiring an experienced “investigator” to lead the internal investigation

Noted internal investigation expert Jim McGrath has written and spoken about the need to utilize specialized counsel in any serious investigation. If a board is leading an investigation, I would submit by definition it is serious. The authors say that your investigation needs to lead by a lawyer with significant experience in conducting internal investigations; a strong background in criminal or SEC enforcement; and has substantive experience in the particular area of law at issue. The traits are needed so that your designated counsel will think like an investigator, not like an in-house lawyer or civil litigator.

3.             Consider the need to retain outside experts

In any Foreign Corrupt Practices Act (FCPA) or other anti-corruption investigation, there will be the need for a wider variety of subject matter experts (SME’s) than a compliance professional. The authors correctly recognize that “ if there are accounting issues, forensic accountants might be needed. In this day and age, an electronic discovery consultant is often required, and can be a cost effective option for gathering and processing electronic data for review.” These types of investigations will most probably be cross-border as well and this will require other varieties of expertise. The authors caution that, “The lowest bid may not necessar­ily be the best for a particular investigation. While cost is important, understand the limitations of each consultant and, with input from your investigator, determine which consultant best meets your goals.”

4.             Analyze potential conflicts of interest at the outside and during the investigation

The authors see two types of conflicts of interest that may come to light during an investigation. First is the one which comes up when the law firm or lawyers conducting the inves­tigation are those whose prior legal advice has some bearing on the matters being investigated because a company’s regular outside lawyers represent the company. During an internal investigation, however, the lawyers may be hired by, and represent, the board or its committee. The second occurs when a lawyer or law firm jointly represents the board and employees at the company as regulators have become increasingly concerned with joint representations. Moreover, “The trickier question is what to do when there simply is a risk that representing one client could limit the lawyers’ duties to the other.” So in these situations, joint representation may not be appropriate.

5.             Carefully evaluate Whistleblower allegations

With the advent of Sarbanes-Oxley (SOX) and Dodd-Frank, whistleblowers have become more important and taking their allegations seriously is paramount. This does not mean trying to find out who the whistleblowers might be to punish or stifle them, even if they are located outside the United States and therefore do not have protections under these laws. They can still get hefty bounties. The authors recognize that companies can come to grief when “companies run into problems when whistleblower allegations are discounted, if not outright dismissed, especially if the whistleblower has a history of causing trouble or is perceived as incompetent. When this type of whistleblower makes a claim, it is easy to presume ulterior motives.” While such motives might exist, it does not matter one iota when it comes to the investigation, as “Regulators are very wary of boards that do not satisfactorily evaluate a whistleblower’s complaint based on a perception of the whistleblower himself, as opposed to the substance of the complaint.”

6.             Request regular updates from outside counsel, without limiting the investigation

These types of investigations are long and very costly. They can easily spin out of cost control. But, by trying to manage these costs, a board might be perceived as placing improper limits on the investigation. The “goal is to strike the right balance between the cost of the investigation and its thoroughness and credibility.” To do so, the authors advise that flexibility is an important ingredient. A board can begin the project with an agreed upon initial scope of work and then “revisit the scope of work as the investigation progresses. If conduct is discovered that legitimately calls for expanding the scope of the investigation, then the board can revisit the issue at that point. Put another way, the scope of what to investigate is not a static, one-time decision. It can, and usually does, evolve.” By seeking regular updates and questioning counsel on what they are doing and why, directors can manage costs, while at the same time ensuring that the investigation is sufficiently thorough and credible.

7.             Consider whether an oral report at the conclusion of the investigation is sufficient

While there may be instances in which, due to complexity and the nature of allegations involved, a written report is necessary, the authors believe that there may be times when an oral report delivered to a board is better than a written report for “a written report may be easier to follow and appear to be the logical conclusion to an investigation, it is an expensive and time-consuming endeavor, and it comes with great risk.” The authors indicate three reasons for this position.

First, it is much easier to inadvertently waive the attorney-client privilege if a written report is created and in the wrong hands, such a written report may well create “a road map to a plaintiff” in any shareholder action. Second, once those findings and conclusions are written they may become “set in stone. If later information comes to light that impacts the report’s conclusions, altering the conclusions may undermine the credibility of the entire investigation. So, retaining flexibility to change the findings if further information is later learned is a real advantage of an oral report.” Third, and finally, “it takes time to prepare a well-written and thorough report. When an internal investigation must be conducted quickly, spending time to prepare a written report may not be an efficient use of time.” For all of these reasons, and perhaps others, an oral report presented to the board and documented in the Board of Director meeting minutes may be sufficient.

The authors conclude their piece by stating, “By keeping in mind the issues addressed above, the board will be better prepared for the investigation and readily able to exercise good judgment throughout the review. A well-conducted investigation by the board may spare the company further disruption and costs associated with follow-on investigations by the regulators, or at the very least minimize the company’s exposure.” I would only add that by following some of the prescriptions set out by Bayless and Albarrán your Board might also avoid the fate that befell Lord Carnarvon and the Curse of the Mummy’s Tomb.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

February 17, 2014

Board Investigations and the Curse of the Mummy’s Tomb – Part I

King TutOn this day in 1923, the tomb of King Tut was opened. It created a worldwide stir that has in many ways continued down into the 21st century. Clearly, the boy ruler influenced Steve Martin , (How’d you get so funky?, Funky Tut). Moreover, when the King Tut exhibit first toured the US in the 1970s, it sold out everywhere that it went. And, of course, there was the Curse of the Mummy’s Tomb, which led to some great Universal classic horror pictures. This curse may have killed the dig’s benefactor, Lord Carnarvon who died just months after entering the tomb in November 1923, but the archeologist who discovered King Tut, Howard Carter, seemingly outlived the curse, dying at the age of 64 on the eve of World War II.

I thought about the techniques employed by these two archeologists in the Curse of the Mummy’s Tomb when I read an article in the Corporate Board magazine, entitled “Successful Board Investigations” by David Bayless and Tammy Albarrán, partners in the law firm of Covington & Burling LLP. Why the Curse of the Mummy’s Tomb? It is because if a Board of Directors does not get an investigation which it handles right, the consequences can be quite severe. Over the next two posts I will explore the article by Bayless and Albarrán. Today in Part I, I will review the author’s five key objectives, which they believe a board must pursue to ensure a successful investigation. Tomorrow. in Part II, I will review the authors seven considerations to facilitate a successful board investigation.

The authors recognize that the vast majority of investigations will be handled or directed by in-house counsel. However, if and when such an investigation is needed, it is critical that it be handled with great care and skill. The authors note that “While this task is fraught with peril, there are a number of steps a board can take to ensure that the investigation accomplishes the board’s goals, which will enable it to make informed decisions, and withstands scrutiny by third parties” because it is this third party scrutiny, in the form of regulators, government officials, judges/arbitrators or plaintiffs’ counsel in shareholder actions, who will be reviewing any investigation commissioned by a Board of Directors. The authors believe that there are five key goals that any investigation led by a Board of Directors must meet. They are:

Thoroughness - The authors believe that one of the key, and most critical, questions that any regulator might pose is just how thorough is an investigation; to test whether they can rely on the facts discovered without having to repeat the investigation themselves. Regulators tend to be skeptical of investigations where limits are placed (expressly or otherwise) on the investigators, in terms of what is investigated, or how the investigation is conducted. This question can be an initial deal-killer particularly if the regulator involved views an investigation insufficiently thorough, its credibility is undermined. And, of course, it can lead to the dreaded ‘Where else’ question.

  • Objectivity - Here the authors write that any “investigation must follow the facts wherever they lead, regardless of the consequences. This includes how the findings may impact senior management or other company employees. An investigation seen as lacking objectivity will be viewed by outsiders as inadequate or deficient.” I would add that in addition to the objectivity requirement in the investigation, the same must be had with the investigators themselves. If a company uses its regular outside counsel, it may be viewed with some askance, particularly if the client is a high volume client of the law firm involved, either in dollar amounts or in number of matters handled by the firm.
  • Accuracy - As in any part of a best practices anti-corruption compliance program, the three most important things are Document, Document and Document. This means that the factual findings of an investigation must be well supported. For if the developed facts are not well supported, the authors believe that the investigation is “open to collateral attack by skeptical prosecutors and regulators. If that happens, the time and money spent on the internal investigation will have been wasted, because the government will end up conducting its own investigation of the same issues.” This is never good and your company may well lose what little credibility and good will that it may have engendered by self-reporting or self-investigating.
  • Timeliness - Certainly in the world of Foreign Corrupt Practices Act (FCPA) enforcement, an internal investigation should be done quickly. This has become even more necessary with the tight deadlines set under the Dodd-Frank Act Whistleblower provisions. But there are other considerations for a public company such as an impending Securities and Exchange Commission (SEC) quarterly or annual report that may need to be deferred absent as a timely resolution of the matter. Lastly, the Department of Justice (DOJ) or SEC may view delaying an investigation as simply a part of document spoliation. So timeliness is crucial.
  • Credibility - One of the realities of any FCPA investigation is that a Board of Directors led investigation is reviewed after the fact by not only skeptical third parties but also sometimes years after the initial events and investigation. So not only is there the opportunity for Monday-Morning Quarterbacking but quite a bit of post event analysis. So the authors believe that any Board of Directors led investigation “must be (and must be perceived as) credible as to what was done, how it was done, and who did it. Otherwise, the board’s work will have been for naught.”

To help manage these five issues the authors have seven tangible considerations they suggest that a Board of Directors follow to help make an investigation successful. Tomorrow I will review and scrutinize these seven considerations.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

Customized Rubric Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,201 other followers