FCPA Compliance and Ethics Blog

April 24, 2014

Gifts, Travel and Entertainment under the FCPA – Part III

Travel and GiftsNow that we have reviewed all of the public record pronouncements from the Department of Justice (DOJ) and Securities and Exchange Commission (SEC), this post will try and suggest what you might need in your Foreign Corrupt Practices Act (FCPA) compliance policy and attendant procedures regarding gifts, travel and entertainment. Most generally, every company has three levels of written standards and controls around its compliance function. The first is its Code of Conduct, which every company should have to express its ethical principles. I assume your company has a Code of Conduct but if you are reading this blog post and you do not have a Code of Conduct, call me. The second is its standards and policies, which every company should use to build upon the foundation of the Code of Conduct and articulate Code-based policies, which should cover such issues as bribery, corruption and accounting practices. The third, and final component, is procedures, which every company should have to ensure that enabling procedures are implemented to confirm those policies are implemented, followed and enforced.

Rebecca Walker, writing in the Society for Corporate Compliance and Ethics Complete Compliance Manual [Second Edition], in an article entitled “Gifts and Entertainment Compliance”,said written policies around gifts, travel and entertainment typically contain the following elements:

  • An introduction explaining why gifts and entertainment are acceptable and why it is important to place limits on them;
  • A discussion of the types of gifts and entertainment that are acceptable (e.g., commonly accepted business courtesies);
  • A discussion of the types of gifts and entertainment that are unacceptable (e.g., cash);
  • Dollar limits and approval requirements;
  • More stringent rules applicable to employees in particular functions, as appropriate;
  • A mention or discussion of different rules applicable to government officials; and
  • References to other policies.

Mike Volkov, in a blog post entitled “Safe Harbors and Gifts, Meals, Travel, and Entertainment Expenses”, gave these general guidelines about gifts:

  1. Given openly and transparently;
  2. Properly recorded in the company’s books and records;
  3. Motivated to express esteem or gratitude (and not corrupt intent); and
  4. Permitted under local law.

About travel he had the following insights:

  1. Do not select the foreign officials to participate in the event, or use a systematic evaluation to identify appropriate officials to attend;
  2. Pay all costs directly to vendors and do not put “cash” in the pockets of any foreign officials attending an event (as an advance or for reimbursement);
  3. Ensure that stipends are reasonable estimates of expected costs and do not provide any additional compensation or money to foreign officials;
  4. Ensure that payments are transparent and accurately reflected in company books and records;
  5. Do not condition payments on any specific action by foreign official; and
  6. Obtain written confirmation payments do not violate local law.

Below are some of my thoughts about what should go into your gifts, travel and entertainment policy.

A.     Gifts

  • The gift should be provided as a token of esteem, courtesy or in return for hospitality.
  • The gift should be of nominal value but in no case greater than $500.
  • No gifts in cash.
  • The gift shall be permitted under both local law and the guidelines of the employer/governmental agency.
  • The gift should be a value which is customary for the country involved and appropriate for the occasion.
  • The gift should be for official use rather than personal use.
  • The gift should showcase the company’s products or contain the company logo.
  • The gift should be presented openly with complete transparency.
  • The expense for the gift should be correctly recorded on the company’s books and records.

B.     Entertainment

There are no Opinion Releases on the threshold that a Company can establish as a value for entertainment. I am comfortable that such a value can go up to $500 in an appropriate circumstance. However this must be tempered with clear guidelines incorporated into the business expenditure component of a FCPA compliance policy, which should include the following:

  • A reasonable balance must exist for bona fide business entertainment during an official business trip.
  • All business entertainment expenses must be reasonable.
  • The business entertainment expenses must be permitted under (1) local law and (2) customer guidelines.
  • The business entertainment expense must be commensurate with local custom and practice.
  • The business entertainment expense must avoid the appearance of impropriety.
  • The business entertainment expense must be supported by appropriate documentation and properly recorded on the company’s book and records.

C.     Travel

  • Any reimbursement for air fare will be for economy class. However, you may be able to make exceptions for senior government officials, extremely long haul flights, or where you are contractually mandated to pay for business class travel.
  • Do not select the particular officials who will travel. That decision will be made solely by the foreign government.
  • Only host the designated officials and not their spouses or family members.
  • Pay all costs directly to the service providers; in the event that an expense requires reimbursement, you may do so, up to a modest daily minimum (e.g., $35), upon presentation of a written receipt.
  • Any souvenirs you provide the visiting officials should reflect the business and/or logo and would be of nominal value, e.g., shirts or tote bags.
  • Apart from the expenses identified above, do not compensate the foreign government or the officials for their visit, do not fund, organize, or host any other entertainment, side trips, or leisure activities for the officials, or provide the officials with any stipend or spending money.
  • The training costs and expenses will be only those necessary and reasonable to educate the visiting officials about the operation of your company.

The incorporation of these concepts into a FCPA compliance policy is a good first step towards preventing potential FCPA violations from arising, but it must be emphasized that they are only a first step. They must be coupled with active training of all personnel, not only on the policy and procedures, but also on the corporate and individual consequences that may arise if the FCPA is violated regarding gifts, travel and entertainment. Lastly, it is imperative that all such gifts, travel and entertainment be properly recorded, as required by the books and records component of the FCPA.

I view one of the key reasons for the attendant procedure of implanting the company policy around gifts, travel and entertainment is to allow oversight by a second set of eyes. Process validation requires oversight of compliance with gifts and entertainment policies is important to ensuring consistency in policy enforcement. This helps to ensure that there is the perception of fairness in this area, particularly if there must be discipline administered. Nothing is worse for an organization if, say, a salesman from the US is disciplined via a warning letter for cheating on his expense account whereas salesmen in Brazil are fired for the same offense.

Mike Volkov, in another blog post entitled “Creating a Framework for Reviewing Gifts, Meals, Travel and Entertainment Expenses”, said that he believes “There are three basic requirements for making the review process more efficient.” They include:

  1. Prospective standards – Companies need to adopt and enforce a prospective policy which carves out standards for the review and approval of such expenditures. The policy has to be clear on the standards and the procedures to be followed.
  2. Documentation – Companies have to document the process, maintain records, and audit the process. Without documentation, the policy is doomed to fail, and provides no protection when government prosecutors conduct an investigation.
  3. Advice of Counsel – Outside counsel should be used to review and approve any close calls. The run-of-the-mill situations can be handled by the policy. In close cases, outside counsel should review the matter, provide a short memo analyzing and approving the expenditure. The memo should be added to the file and available to auditors and the government if needed.

The final point from Walker, Volkov and myself is that whatever policy and procedures you set up and utilize, they should be designed for your company. The FCPA Guidance speaks to a well-thought out and designed system for any compliance risk and gifts, travel and entertainment is no different. Further, you must not only train but monitor and audit on your gifts, travel and entertainment. As this is one of the top areas that employees generate monies from their employers it is one of the top areas for fraud and hence corruption. And finally, Document, Document and Document.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 23, 2014

Gifts, Travel and Entertainment Under the FCPA – Part II

Travel and GiftsEd. Note – I know yesterday I said this would be a two-part series but as usual I got carried away so it has become a three part series. Today I review the Opinion Releases and Enforcement Actions dealing with gifts, travel and entertainment.

A. Opinion Releases

  1. Gifts

In the early 1980s the Department of Justice (DOJ) issued three Opinion Releases related to gifts under the Foreign Corrupt Practices Act (FCPA). While these Opinion Releases are clearly dated, they do remain instructive. In Opinion Release 82-01, the DOJ approved the gift of cheese samples made to Mexican governmental officials, made by the Department of Agriculture of the State of Missouri to promote the state of Missouri’s agricultural products. However the value of the cheese to be presented was not included. In Opinion Release 81-02, the DOJ approved a gift from the Iowa Beef Packers, Inc. to officials of the Soviet Ministry of Foreign Trade of its packaged beef products. The total value of all the samples presented was estimated to be less than $2,000 and the Iowa Beef Packers, Inc. averred that the individual sample packages would not exceed $250 in value. In Opinion Release 81-01, Bechtel sought approval to use the SGV Group to solicit business on behalf of Bechtel and Bechtel had proposed to reimburse the SGV Group for gift expenses incurred in this business solicitation. The DOJ approved gifts to be given by SGV in the amount of $500.00.

  1. Travel and Lodging for Governmental Officials

 Prior to the FCPA Guidance, the DOJ issued three Opinion Releases which offered guidance to companies considering whether, and if so how, to incur travel and lodging expenses for government officials. These facts provided strong guidance for any company that seeks to bring such governmental officials to the US for a legitimate business purpose. In Opinion Release 07-01, the Company was desired to cover the domestic expenses for a trip to the US for a six-person delegation of the government of an Asian country for an educational and promotional tour of one of the requestor’s US operations sites. In the Release the representations made to the DOJ were as follows:

  • A legal opinion from an established US law firm, with offices in the foreign country, stating that the payment of expenses by the US Company for the travel of the foreign governmental representatives did not violate the laws of the country involved;
  • The US Company did not select the foreign governmental officials who would come to the US for the training program;
  • The delegates who came to the US did not have direct authority over the decisions relating to the US Company’s products or services;
  • The US Company would not pay the expenses of anyone other than the selected officials;
  • The officials would not receive any entertainment, other than room and board from the US Company;
  • All expenses incurred by the US Company would be accurately reflected in this Company’s books and records.

In Opinion Release 07-02 the Company desired to pay certain domestic expenses for a trip within the US by approximately six junior to mid-level officials of a foreign government for an educational program at the Requestor’s US headquarters prior to the delegates attendance at an annual six-week long internship program for foreign insurance regulators sponsored by the National Association of Insurance Commissioners (NAIC). In the Release the representations made to the DOJ were as follows:

  • The US Company would not pay the travel expenses or fees for participation in the NAIC program.
  • The US Company had no “non-routine” business in front of the foreign governmental agency.
  • The routine business it did have before the foreign governmental agency was guided by administrative rules with identified standards.
  • The US Company would not select the delegates for the training program.
  • The US Company would only host the delegates and not their families.
  • The US Company would pay all costs incurred directly to the US service providers and only a modest daily minimum to the foreign governmental officials based upon a properly presented receipt.
  • Any souvenirs presented would be of modest value, with the US Company’s logo.
  • There would be one four-hour sightseeing trip in the city where the US Company is located.
  • The total expenses of the trip are reasonable for such a trip and the training which would be provided at the home offices of the US Company.

Lastly, is Opinion Release 12-02, in which the Requestors, 19 non-profit adoption agencies located in the US, asked the DOJ about bringing certain foreign governmental officials involved in the foreign country’s adoption process to the US. All the foreign governmental officials were involved in the process of allowing children from their country go through the adoption process with the US non-profits involved. The trips to the US would be for two days of meetings. The purpose of the visit would be to demonstrate the Requestors’ work to the government officials so that the officials can see how adopted children from the foreign country had adjusted to life in the US and to help the Requestors learn how they can provide that information to the foreign country’s government with appropriate information during the adoption process. The Requestors would allow the government officials to meet with the Requestors’ employees and to inspect the Requestors’ offices and case files from previous adoptions. The foreign country’s government officials would also meet with families who had adopted children from their country and learn more about the Requestors’ work.

The Requestors stated that they would pay for the following:

  • Business class airfare on international portions of flights for ministers, members of the legislature, and the director of the Orphanage Agency; coach airfare for international portions of flights for all other government officials; and coach airfare for domestic portions of flights for all government officials;
  • Two or three nights hotel stay at a business-class hotel;
  • Meals during the officials’ stays; and
  • Transportation between agencies and local transportation.

What can one glean from these three Opinion Releases? Based upon them, it would seem that a US company could bring foreign officials into the US for legitimate business purposes. A key component is that the guidelines are clearly articulated in a compliance policy. Based upon these Releases the following should be incorporated into a compliance policy regarding travel and lodging:

  • Any reimbursement for air fare will be for economy class, unless it is a long haul international flight, high ranking foreign officials or those entitled to travel business class by contract.
  • Do not select the particular officials who will travel. That decision will be made solely by the foreign government.
  • Only host the designated officials and not their spouses or family members.
  • Pay all costs directly to the service providers; in the event that an expense requires reimbursement, you may do so, up to a modest daily minimum (e.g., $35), upon presentation of a written receipt.
  • Any souvenirs you provide the visiting officials should reflect the business and/or logo and would be of nominal value, e.g., shirts or tote bags.
  • Apart from the expenses identified above, do not compensate the foreign government or the officials for their visit, do not fund, organize, or host any other entertainment, side trips, or leisure activities for the officials, or provide the officials with any stipend or spending money.
  • The training costs and expenses will be only those necessary and reasonable to educate the visiting officials about the operation of your company.

Incorporation of these concepts into a compliance program is a good first step towards preventing any FCPA violations from arising, but it must be emphasized that they are only a first step. These guidelines must be coupled with active training of all personnel, not only on the compliance policy, but also on the corporate and individual consequences that may arise if the FCPA is violated regarding gifts and entertainment. Lastly, it is imperative that all such gifts and entertainment are properly recorded, as required by the books and records component of the FCPA.

B. Enforcement Actions

Mike Volkov refers to the FCPA Paparazzi when he talks about those FCPA practitioners who confuse FCPA information with FCPA scare tactics and manipulate legal reasoning and practical advice with “marketing” using fear as opposed to reliable and accurate information. In a recent blog post, entitled “The So-Called Re-Emergence of Gifts, Meals and Entertainment as a Compliance Problem” Volkov bemoaned recent FCPA Paparazzi client alerts which said that the DOJ was now gunning after companies for FCPA transgressions in this area.

But one point Volkov raised for consideration by the compliance practitioner was the overall management of these risks. He asked the following questions: “Who is responsible for approving expenditures? What controls are in place for ensuring that money is used for proper purposes? How are these expenditures monitored? Who watches the person responsible for controlling the money and what controls are in place to monitor their behavior?” All good questions, and all questions that the compliance function should be able to answer going forward.

While there were three of enforcement actions in 2013 and one in 2014 where gifts, travel and entertainment were discussed. In only one of the four such enforcement actions were gifts, travel and entertainment discussed, where over a period of 15 months these actions were the primary cause of the violation. That matter was the Diebold enforcement action. In all others, HP, Weatherford and Stryker, the gifts, travel and entertainment matters were all ancillary to the primary illegal conduct at issue. This is consistent with DOJ enforcement of the FCPA so Volkov rights notes, the FCPA Paparazzi are howling at the moon once again.

Travel and Entertainment Enforcement Expense Box Score

Company Trip Locations Trip Costs & Perks Company Facilities Present
Lucent Technologies DisneyWorld, Hawaii, Las Vegas, Grand Canyon, Niagara Falls, Universal Studios, NYC $10 million in trips for 1000 Chinese governmental officials, including $34,000 for five days of sightseeing None of the travel destinations
Ingersoll-Rand Trip to Florence after trip to company facility in Vignate, Italy $1000 ‘pocket money’ per attendee Facilities in Vignate but not in Florence
Metcaf & Eddy First trip – Boston, Washington, D.C., Chicago and Orlando. Second trip – Paris, Boston and San Diego. First Class Travel and trip expenses for Egyptian governmental official and his family. Cash payments prior to trips of 150% of estimated daily expenses. Wakefield Mass., not in Washington DC, Chicago, Paris or DisneyWorld
Titan Corporation Reference in company books and records of $20,000 for promotional travel expenses. Not clear if ever funded (Remember a promise to pay equals making a payment under the FCPA)
UTStarcom Hawaii, Las Vegas and NYC Up to $7 million on gifts and all expense paid trips to US No company offices present in any of the travel destinations
Diebold Europe, with stays in:

  • Paris,
  • Amsterdam,
  • Florence,
  • Rome

In the US with visits to:

  • Disneyland,
  • Grand Canyon,
  • Napa Valley,
  • Las Vegas
$1.6MM to employees of Chinese state-owned banks; $175K to employees of Indonesian state-owned banks No company offices present in any of the travel destinations
Weatherford
  • Trip to Germany for the World Cup
  • Honeymoon for Sonatrach official’s daughter
  • Trip to Saudi Arabia for religious holiday
Payment of $24,000 in cash advance for Algerian government officials visiting Houston No legitimate business purpose for any of the business travel
Stryker NYC and Aruba $7000 for Polish gov official and wife No company offices present in any of the travel destinations
HP Las Vegas $35,000 in travel expenses paid for Polish gov official No company offices present in any of the travel destinations

Tomorrow we will tie it all together for you.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 14, 2014

The HP FCPA Settlement

FCPA SettlementLast week the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) jointly announced the conclusion of a Foreign Corrupt Practices Act (FCPA) enforcement action against Hewlett-Packard Company (HP). In the settlement, HP agreed to pay $108MM in fines, penalties and disgorgements for criminal and civil acts. To say that it was one of the more perplexing FCPA settlements would seem to be an understatement. While some will read the settlement documents and see conduct which did not merit such a high total amount of fines and penalties, I am not from that camp.

The tale of this sordid affair of bribery and corruption occurred over 3 continents with multiple countries involved, evidencing an entire breakdown in company internal controls and a complete lack of a culture of compliance. Yet the settlement documents make great pains to emphasize that few employees were actually involved in the nefarious conduct. How bad was the conduct? Think right up there with BizJet because we had bags of cash delivered to a Polish government official. (But unlike BizJet, the Board of Directors did not approve the bribery scheme and it was not taken across the border.) For the Russian deal, it was shopped through several countries with multiple levels of company review, which did not seem to work or care much about anything except getting the deal done. For Mexico, they just seemed to get a free pass where the contract description for the agent who paid the bribe was “influencer fee”.

Finally, as most readers might remember, HP did not self-report this misconduct to the DOJ or SEC. Apparently, the story of HP’s bribery by its German subsidiary to gain a contract in Russia was broken by the Wall Street Journal (WSJ) article in April 15, 2010. The next day, the DOJ and SEC announced they were investigating the allegations of bribery. However, HP was made aware of the allegations by its German subsidiary in December 2009, when German authorities raided HP’s offices in Munich and arrested one HP Germany executive and two former employees. Yet HP never self-reported. Not exactly the poster child for self-disclosure for any company going forward.

Of course HP’s public response at the time indicated its attitude, when a HP spokesperson was quoted in the WSJ article as saying “This is an investigation of alleged conduct that occurred almost seven years ago, largely by employees no longer with HP. We are cooperating fully with the German and Russian authorities and will continue to conduct our own internal investigation.”

More befuddlement comes from the reported facts around HP Germany. As noted by the WSJ report, one, then current, HP executive was arrested and two former employees were arrested in connection with the investigation by German authorities. There is no mention of them in any of the settlement documents. The WSJ article also reported that investigation-related documents submitted to a German court showed that German prosecutors were “looking into whether H-P executives funneled the suspected bribes through a network of shell companies and accounts in places including Britain, Austria, Switzerland, the British Virgin Islands, Belize, New Zealand, the Baltic nations of Latvia and Lithuania, and the states of Delaware and Wyoming”. While some of these countries were mentioned in the settlement documents there was no mentions of DOJ or SEC investigations into Wyoming, Belize, the British Virgin Islands or New Zealand.

What are we to make of the criminal fines levied against the Russian and Polish subsidiaries of HP? The Polish subsidiary pled guilty to a two count Criminal Information consisting of (1) violating the FCPA’s internal control provisions; (2) violating the FCPA’s books and records provisions. The US Sentencing Guidelines suggested a fine range of $19MM to $38MM, the final fine was $15,450,244.

For the Russia deal, the Russian subsidiary pled guilty to a four count Criminal Information consisting of (1) conspiracy to violate the books and records provisions of the FCPA; (2) violating the FCPA’s anti-bribery provisions; (3) violating the FCPA’s internal control provisions; (4) violating the FCPA’s books and records provisions. The US Sentencing Guidelines suggested a fine range of $87MM to $174MM, yet the final fine was $58,772,250.

Finally, in Mexico HP’s subsidiary, according the to the SEC Press Release, “paid a consultant to help the company win a public IT contract worth approximately $6 million. At least $125,000 was funneled to a government official at the state-owned petroleum company with whom the consultant had connections. Although the consultant was not an approved deal partner and had not been subjected to the due diligence required under company policy, HP Mexico sales managers used a pass-through entity to pay inflated commissions to the consultant.” This was internally referred to by HP as an “influencer fee.” Pretty clear evidence of what it was to be used for, wouldn’t you say? Yet the DOJ did not to criminally prosecute the company’s Mexican subsidiary and entered into a Non-Prosecution Agreement (NPA), HP agreed to pay forfeiture in the amount of $2,527,750.

How did HP accomplish all of this? In a Press Release HP Executive Vice President and General Counsel John Schultz said, “The misconduct described in the settlement was limited to a small number of people who are no longer employed by the company. HP fully cooperated with both the Department of Justice and the Securities and Exchange Commission in the investigation of these matters and will continue to provide customers around the world with top quality products and services without interruption.”

As reported by the FCPA Professor, in his blog post entitled “HP And Related Entities Resolve $108 Million FCPA Enforcement Action”, the HP Russian subsidiary Plea Agreement gave the following factors for the reduction in the fine from the Sentencing Guideline range:

“(a) monetary assessments that HP has agreed to pay to the SEC and is expected to pay to law enforcement authorities in Germany relating to the same conduct at issue …; (b) HP Russia’s and HP’s cooperation has been, on the whole, extraordinary, including conducting an extensive internal investigation, voluntarily making U.S. and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the Department; (c) HP Russia and HP have engaged in extensive remediation, including by taking appropriate disciplinary action against culpable employees of HP and enhancing their internal accounting, reporting, and compliance functions; (d) HP has committed to continue enhancing its compliance program and internal accounting controls … (e) the misconduct identified … was largely undertaken by employees associated with HP Russia, which employed a small fraction of HP global workforce during the relevant period; (f) neither HP nor HP Russia has previously been subject of any criminal enforcement action by the Department or law enforcement authority in Russia or elsewhere; (g) HP Russia and HP have agreed to continue to cooperate with the Department and other U.S. and foreign law enforcement authorities, if requested by the Department …”

In the same blog post, the Professor reported the following reasons were stated for reduction in the final fine by HP’s Polish subsidiary’s:

“(a) HP Poland’s cooperation with the Department’s investigation; (b) HP Poland’s ultimate parent corporation, HP, has committed to maintain and continue enhancing its compliance program and internal accounting controls …; and (c) HP Poland and HP have agreed to continue with the Department and other U.S. and foreign law enforcement authorities in any ongoing investigation …”

We have witnessed companies, which have engaged in ‘extraordinary cooperation’ with the DOJ during the pendency of their FCPA investigations. BizJet is certainly one that comes to mind. Further, there are clear examples of companies, which extensively remediated during the pendancies of their FCPA investigations, from which they clearly benefited. Two prime examples are Parker Drilling, which not only received a financial penalty below the suggested range but also was not required to have a corporate monitor, while they had C-Suite involvement in its bribery scheme. Weatherford seeming came back from the brink during mid-investigation when they hired Billy Jacobson and turned around not only their attitude towards cooperation with the DOJ but also their efforts toward remediation.

Both of these companies are headquartered in Houston and both have been quite active on the conference circuit talking about their compliance programs so most compliance practitioners are aware that these companies are on the forefront of best practices. Perhaps HP is on some circuit doing that, somewhere. If so, kudos to them. If their remediation work led to a best practices compliance program for the company and their extraordinary cooperation led to the astonishing reduction in penalties to their entities, I certainly tip my cap to them. If their lawyers were great negotiators and made great presentations to the DOJ and SEC, all of which led to or contributed to the final results, a tip of the cap to them as well.

So what is the lesson to be learned for the compliance practitioner? Other than befuddlement, I am not sure. Congratulating HP and its counsel is not a lesson it is an action. If HP now has a best practices compliance program, I hope they will provide the compliance community with the lessons that they learned and incorporated into their compliance program, which allowed them to obtain the fines below the minimum suggested range. If they have incorporated some enhanced compliance components into their program I hope they will share those enhancements too.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 3, 2014

Life Cycle Management of Third Parties – Step 4 – The Contract

Five stepsThis post continues to outline what I believe are the five steps in the life cycle of third party management. Today I will look at Step 4, the contract. However, before we get to the contracting stage a word about what to do with Steps 1-3. You cannot simply obtain the information detailed in these first three steps; you must evaluate the information and show that you have used it in your process. If it is incomplete, it must be completed. If there are Red Flags, which have appeared, these Red Flags must be cleared or you must demonstrate how you will manage the risks identified. In others words you must Document, Document and Document that you have read, synthesized and evaluated the information garnered in Steps 1-3. As the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) continually remind us, a compliance program must be a living, evolving system and not simply a ‘Check-the-Box’ exercise.

After you have completed Steps 1-3 and then evaluated and documented your evaluation, you are ready to move onto to Step 4 – the contract. Obviously any commercial relationship should be governed by the terms and conditions of a written contract. Clearly your commercial terms should be set out in the contract. In the area of commercial terms the FCPA Guidance intones “Additional considerations include payment terms and how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business.” This means that you need to understand what the rate of commission is and whether it is reasonable for the services delivered. If the rate is too high, this could be indicia of corruption as high commission rates can create a pool of money to be used to pay bribes. If your company uses a distributor model in its sales side, then it needs to review the discount rates it provides to its distributors to ascertain that the discount rate it warranted.

In addition to the above analysis from the compliance perspective, you should incorporate compliance terms and conditions into your contracts with third parties. I would suggest that you begin with some type of compliance terms and conditions template, which can be used as a starting point for your negotiations. The advantages of such a template are several; they include: (1) the contract language is tested against real events; (2) the contract language assists the company in managing its compliance risks; (3) the contract language fits into a series of related contracts; (4) the contract language is straight-forward to administer and (5) the contract language helps to manage the expectations of both contracting parties regarding anti-bribery and anti-corruption.

What are the compliance terms and conditions that you should include in your commercial contracts with third parties? In the Panalpina Deferred Prosecution Agreement (DPA), Attachment C, Section 12 is found the following language, “Where necessary and appropriate, Panalpina will include standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anticorruption representations and undertakings relating to compliance with the anticorruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.” In the Johnson & Johnson (J&J) DPA, the same language as used in the Panalpina DPA is found in Attachment C, entitled “Corporate Compliance Program”. However, in Attachment D, entitled “Enhanced Compliance Obligations”, the following language is found: “Contracts with such third parties are to include appropriate FCPA compliance terms and conditions including; (i) representatives and undertakings of the third party to compliance; (ii) right to audit; and (iii) right to terminate.”

Mary Jones, in an article in this blog entitled “Panalpina’s World Wide Web”, suggested the following language be present in your compliance terms and conditions:

  • payment mechanisms that comply with this Manual, the FCPA [Foreign Corrupt Practices Act], the UKBA [UK Bribery Act] and other applicable anti-corruption and/or anti-bribery laws during the term of such contract;
  • the counterparty’s obligation to maintain accurate books and records in compliance with the Company’s Policy and Compliance Manual;
  • the counterparty’s obligation to certify on an annual basis that: (i) counterparty has not made, offered, or promised any payment or gift of money or anything of value, directly or indirectly, to any Government Official (or any other person or entity if UK Bribery Act applies) for the purpose of obtaining or retaining business or getting any improper business advantage; and (ii) counterparty has not engaged in any conduct or behavior prohibited by the Code of Conduct, Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law;
  • the Company’s right to audit the counterparty’s books and records, including, without limitation, any documentation relating to the counterparty’s interaction with any governmental entity (or any entity if UK Bribery Act applies) on behalf of the Company, and the counterparty’s obligation to cooperate fully with any such audit; and
  • remedies (including termination rights) for the failure of the counterparty to comply with the terms of the contract, the Code of Conduct, the Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law during the term of such contract.

Based on the foregoing experts and the research I have engaged in, I believe that compliance terms and conditions should be stated directly in the document, whether such document is a simple agency or consulting agreement or a joint venture (JV) with several formation documents. The compliance terms and conditions should include representations that in all undertakings the third party will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the company is a participant.

In addition to the above affirmative statements regarding conduct, a commercial contract with a third party should have the following compliance terms and conditions in it.

  • Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation.
  • Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of foreign business partner emails and bank accounts relating to your Company’s use of the foreign business partner.
  • Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further, such a finding will be the grounds for immediate cessation of all payments.
  • No Sub-Vendors (without approval): The foreign business partner must agree that it will not hire an agent, subcontractor or consultant without the Company’s prior written consent (to be based on adequate due diligence).
  • Audit Rights: An additional key element of a contract between a US Company and a foreign business partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training.
  • Acknowledgment: The foreign business partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws, which apply to either the foreign business partner or business relationship.
  • On-going Training: Require that the top management of the foreign business partner and all persons performing services on your behalf shall receive FCPA compliance training.
  • Annual Certification: Require an annual certification stating that the foreign business partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct.
  • Re-qualification: Require the foreign business partner re-qualify as a business partner at a regular interval of no greater than every three years.

Many will exclaim, “What an order, I can’t go through with it.” By this they mean that they do not believe that they will be able to get the third party to agree to such compliance terms and conditions. I have found that while it may not be easy, it is relatively simply to get a third party to agree to these, or similar, terms and conditions. One approach to take is that they are not negotiable. When faced with such a position on non-commercial terms many third parties will not fight such a position. There is some flexibility but the DOJ will require the minimum terms and conditions that it has suggested in the various Attachment Cs to the DPAs I have discussed. But the best position I have found is that if a third party agrees with these terms and conditions, they can then use that as a market differentiator from other third parties who have not gone through the life cycle management of a third party as this series has discussed.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 31, 2014

Life Cycle of Third Party Management – Step 1 Business Justification

Five stepsWith thanks to the Two Tough Cookies, I am back from a successful Spring Break college tour to universities in the state of Washington. My daughter and I had a great time, experienced some typical and untypical Seattle weather and met some very interesting folks on our trip. But I would have to say that one of my greatest joys as a father has been watching my daughter grow into a young woman as she navigated the college tour process with much aplomb.

This week I am going to present a series on my views of the life cycle of third party management under an anti-corruption (or anti-money laundering (AML) program for that matter) under the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. I have broken down the life cycle of third party management into five steps:

  1. Business Justification and Business Sponsor;
  2. Questionnaire to Third Party;
  3. Due Diligence on Third Party;
  4. Compliance Terms and Conditions, including payment terms; and
  5. Management and Oversight of Third Parties After Contract Signing.

Today I will begin with the business justification.

It really seems to me that it should be common sense that you should have a business justification to hire or use a third party. If that third party is in the sales chain of your international business it is important to understand why you need to have a particular third party represent your company. This concept is enshrined in the FCPA Guidance, which says, “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the ser­vices to be performed.”

The Internal Revenue Service (IRS) also considers a business justification to be an important part of any best practices anti-corruption compliance regime. Clarissa Balmaseda, a special agent in charge of IRS criminal investigation, speaking at the 2013 ACI Bootcamp in Houston, said that the lack of business justification could be a Red Flag, which could signify a possible indicia of corruption. With the Department of Justice (DOJ); Securities and Exchange Commission (SEC) and IRS all noting the importance of a business justification, it is clear that this is something you should incorporate into your compliance program.

But the business justification also provides your company the opportunity to help drive compliance into the fabric of your everyday operations. This is done by requiring the employee who prepares the business justification to be the Business Sponsor of that third party. The Business Sponsor can provide the most direct means of communication to the third party and can be the point of contact for compliance issues.

Tyco International takes this approach in its Seven Step Process for Third Party Qualification. Tyco breaks the first step into two parts, which include:

  1. Business Sponsor – Initially identify a business sponsor or primary contact for the third party within your company. This requires not only business unit buy-in but also business unit accountability for the business relationship or as Scott Moritz, a partner at Navigant and one of the architects of the Tyco Process, said “This puts the onus on each stakeholder.”
  2. Business Justification – The business unit must articulate a commercial reason to initiate or continue to work with the third party. You need to determine how this third party will fit into your company’s value chain and whether they will become a strategic partner or will they be involved in a one-off only transaction?

Further, at the same conference as IRS Agent Balmaseda spoke, another Chief Compliance Officer (CCO) of a major energy service company detailed his thoughts on his company’s 12 point evaluation process for reviewing, assessing, then contracting with and managing foreign business partners. Under Step 2, which he entitled, “Competence of foreign business partner”;he detailed a two-part analysis for his company. “It includes a review of the qualifications of the candidate for subject matter expertise and the resources to perform the services for which they are being considered. However, it also in includes an identification of the representative’s expected activities for your company.”  He also added, that under one of his company’s steps, which he monikered “Business justification for use of agent and reasonableness of compensation”, “you should begin the entire process by requiring the relevant business unit which desires to obtain the services of any foreign business partner to provide you with a business justification including current opportunities in territory, how the candidate was identified and why no currently existing foreign business relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.”

So what should go into your Business Justification? First and foremost is that you should craft a document, which works for both you as the compliance practitioner and the business folks in your company. There are some basic concepts that I think are important but you may want to modify my suggestions based on your own experiences.

You need the name and contact information for both the Business Sponsor and the proposed third party. You need to inquire into how the Business Sponsor came to know about the third party because it is a Red Flag if a customer or government representative points you towards a specific third party. You should inquire into what services the third party would perform for your company, the length of time and compensation rate for the third party. You will also need an explanation of why this particular third party should be used, as opposed to an existing or other third party, if such were considered. All of this information should be written down and then signed by the Business Sponsor.

Remember, the purpose of the Business Justification is to document the satisfactoriness of the business case to retain a third party. The Business Justification should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third party relationship is renewed. In the Tom Fox Mantra, this means Document, Document, and Document.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 21, 2014

The Destruction of Arthur Andersen and the Use of DPAs in FCPA Enforcement

Arthur AndersenThe debate over the efficiencies of Deferred Prosecution Agreements (DPAs) continued this week with additional criticism of their use. I have argued that DPAs are in a corporation’s interest because they can bring certainty to the conclusion of an enforcement action and allow it to make remedial changes and move forward. However yesterday I came across an article by Larry Katzen, a former partner at Arthur Andersen and author of “And You Thought Accountants were Boring – My Life Inside Arthur Andersen.” Katzen’s piece is entitled “A Business World Massacre – What Can Happen 
When Government Needs a Scapegoat” and it details the destruction of the firm after it’s guilty verdict surrounding the Enron scandal. Katzen articulates the human costs for the total wipeout of the firm and sets out clearly what can happen when a company goes to trial and sustains a guilty verdict. I received permission to reprint his article in full, which is below:

==============================================================================================================================================================================================================================

A Business World Massacre – What Can Happen 
When Government Needs a Scapegoat 

It remains one of the greatest travesties in the history of American business: In 2001, the 85,000 employees of one of the world’s largest accounting firms began losing their jobs in droves. Their employer had become tainted by its loose association with Enron Corp., a financial house of cards that was imploding and taking with it billions of dollars in employee pensions and shareholder investments.

In 2002, accounting firm Arthur Andersen was convicted of charges related to Enron’s fraudulent practices. The charges had nothing to do with the quality of their auditing – or any of Enron’s illicit practices. The conviction was appealed, and in 2005, the U.S. Supreme Court struck it down in a unanimous vote. But the damage had already been done.

To date, despite millions of records being subpoenaed, there is no evidence Arthur Andersen ever did anything wrong. Still, perceptions are everything: Most people are not aware that the accounting firm, which led the industry in establishing strict, high standards, became a government scapegoat.

When I speak to groups across the country, I ask the following questions. Below are the typical responses I receive – and the actual facts.

1.     What do you remember about Arthur Andersen? 

Typical Response: They were the ones that helped facilitate the Enron fraud. They deserved what they got.

Fact: Arthur Andersen was the largest and most prestigious firm in the country. It was considered the gold standard of the accounting profession by the business community.

2.     For what was Arthur Andersen indicted? 

Typical Response: They messed up the audit of Enron and signed off on false financial statements.

Fact: They were indicted for shredding documents. These documents were drafts and other items that do not support the final product. All accounting firms establish policies for routinely shredding such documents.

3.     How long was it between the Enron blowup and when Arthur Andersen went out of business? 

Typical Response: One to three years.

Fact: The largest accounting firm in the world was gone in 90 days.

4.     Was the indictment upheld? 

Typical Response: Yes, that is why they went out of business.

Fact: No. The Supreme Court overruled the lower court in a 9-0 decision, and came to the conclusion within weeks, making it one of their quickest decisions ever.

5.     How many people lost their jobs as a result of the false accusations? 

Typical Response: Have no idea, but the partners got what they deserved.

Fact: Eighty-five thousand people lost their jobs and only a few thousand were partners. Most were staff people and clericals who made modest sums of money.

6.     Who benefited from Arthur Andersen going out of business? 

Typical Response: Everyone – we finally got rid of those crooks and made a statement to the rest of business to operate ethically.

Facts: It was not the Arthur Andersen people; they lost their jobs. It was not the clients; they had to go through the stress and expense of finding a new auditing firm. It was not the business world in general: It now has fewer firms from which to choose and rates increased. It was their competitors who benefited – they got Andersen’s best people and clients and were able to increase their rates and profitability.

7.     What accounting firms now have ex Arthur Andersen partners playing leadership roles in their firms? 

Typical Response: None

Facts: The “big four,” all the large middle-tier firms and many small firms have former Arthur Andersen partners in leadership positions. Finally, many members of the new Public Accounting oversight Board (PCAOB), which oversees these firms, now have former Arthur Andersen people involved in reviewing the quality of these firms.

==============================================================================================================================================================================================================================

Was Arthur Andersen guilty of a crime? The jury said yes but the US Supreme Court said no. Were they a part of one of the biggest corporate frauds of all-time? Perhaps. Did Arthur Andersen make mistakes? Yes. Did the firm deserve to get wiped out as a result of document shredding? Are you kidding?

The destruction of Arthur Andersen is foremost on the mind of every General Counsel (GC), Chief Executive Officer (CEO) and Board of Director whose company is facing the decision of whether or not to fight in court any charges related to Foreign Corrupt Practices Act (FCPA) violations. Some have argued that DPAs pervert the course of justice but from where I sit, having seen Arthur Andersen destroyed before our collective eyes, the better practice is to enter into a DPA. Was it really in the interest of the Department of Justice (DOJ), or even the People of the United States, who after all the DOJ represent, to throw 85,000 people out of work for the document shredding engaged in by the firm’s Houston office?

Some commentators seem to argue that if a company violates the FCPA, they should get what they justly deserve. But does it serve any interest to wipeout an entire company? Finally, for those who want to tell company management to man up and go to trial, GCs, Chief Compliance Officer (CCO), Board members and others need to remember their legal obligations to their companies and shareholders and not be cowboys going to the last gunfight. Put another way, do you want to be the first GC, CCO, Board member or CEO who tells the DOJ that you are over-reaching and we are going to trial and lose everything like Arthur Andersen did?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 19, 2014

Miners Triumph and Opinion Release 14-01

Miners Win NCAAOn this date in 1966, the Texas Western University (now UTEP) Miners won the NCAA Basketball Championship, beating the University of Kentucky Wildcats. Now the first round has not even started by March 19, but it is not the date that made this event so noteworthy but the character of the teams. The Miners were the first team to start five African-Americans to win the NCAA championship. Adolph Rupp, who was making his final NCAA championship appearance that night after a long and storied career, coached the Wildcats. But on this night, the Miners clearly outplayed Rupp’s Wildcats, dominating them from the start to the finish.

I was thinking about the Miners and their triumph when I received a copy of the first Opinion Release of 2014, appropriately designated Opinion Release 14-01. In 14-01, the Department of Justice (DOJ) opined that paying a foreign government official for monies he was owed in the sale of a business interest that he owned prior to becoming a foreign government official would not be prosecuted as a Foreign Corrupt Practices Act (FCPA) violation. As intuitive as this decision might sound, there is, nevertheless, significant information for the compliance practitioner to take away from 14-01.

Background Facts

The Requestor had purchased Foreign Company A in 2007, from the Foreign Shareholder when he was a private citizen. To guarantee Foreign Shareholder’s participation, the parties’ agreement contained a five-year lock-in period that prohibited Foreign Shareholder from selling his interest prior to January 1, 2012. The Agreement did, however, allow Foreign Shareholder to leave Foreign Company A before the end of the five-year period if he were appointed to a minister level position or higher in the Foreign Country’s government.

In December 2011, Foreign Shareholder became a foreign government official under the FCPA when he was appointed to serve as a high-level official at Foreign Country’s central monetary and banking agency (“Foreign Agency”). Foreign Agency is responsible for bank and financial industry regulation and monetary policy. Upon his appointment, the Foreign Shareholder ceased to have any role or function at Foreign Company A, other than as a passive shareholder.

The now the foreign government official desired to sell his final interest in the company. However, under the formula for the repurchase of his interest, said interest was at zero value, primarily due to the financial crisis of 2008-9. Apparently the now foreign government official threatened to either sue or sell his interest to a third party and the Requestor decidedly did not want either eventuality. The parties agreed to another form of valuation and sought approval from the DOJ through its Opinion Release procedure regarding how to pay the now foreign government official under this new valuation.

Representations and Warranties by the Parties

The foreign government instrumentality involved did not regulate the Requestor but the Requestor has done business with said instrumentality in the past and would continue to do so. The now foreign government official informed the DOJ that he had not in the past “influenced or sought to influence, any decisions by Foreign Agency, Foreign Country’s government, or any third party with respect to” the entities in question and would not do so in the future. Additionally, the Requestor provided separate internal communications to the employees of the entity in question to the effect that their former owner was now a foreign government official and that “he is prohibited from participating in any discussion, consideration, or decision, or otherwise influencing any decision relating to the award of business” to the entity in question.

There were three additional representations, which I found significant, they were:

  • Requestor obtained a representation from now foreign government official that he has disclosed his ownership interest and the proposed sale of the shares in the entity in question to the relevant government authorities of Foreign Country and the relevant department at Foreign Agency, and the relevant government authorities have informed him that they approve or do not object to the sale of the shares.
  • Foreign Shareholder has warranted in writing that any payment to him to purchase the shares will be made to him solely as consideration for the shares, not in his official capacity or in exchange for any present or expected future official action.
  • The Requestor has received written assurance from local counsel in Foreign Country that the purchase of the shares is lawful in Foreign Country. 

DOJ Analysis

In its analysis, the DOJ focused on several factors. Initially, the DOJ noted that the commercial relationship began far before the individual at issue became a foreign government official. Further, even if the sales contract was not followed, because under it the foreign official would not have received fair value in the buy-out, the Requestor presented, “legitimate business considerations, prompted and justified the renegotiation of the buyout formula contained in the 2007 Agreement.” This justification was coupled with the new valuation set by “a leading, highly regarded, global accounting firm (the “Firm”) to determine the Shares’ value” and the apparent sharing of the entity’s financial information with the DOJ. The DOJ noted, “Requestor’s decision to engage the Firm to serve as the independent and binding arbiter of the value of the Shares provides additional assurance that the payment reflects the fair market value of the Shares, rather than an attempt to overpay Foreign Shareholder for a corrupt purpose. Neither Requestor nor Foreign Shareholder requested or obtained conditions or limitations on the valuation or the valuation formula prior to engaging the Firm, and the valuation was carried out strictly in accord with the terms of the engagement. There is no indication of either party requesting a minimum or specific valuation from the Firm or attempting to improperly influence the valuation.”

Equally important was the transparency involved. There was an “appropriate and meaningful disclosure of the parties’ relationship”. There was disclosure by the government official to his government of the relationship and pending sale. The “relevant government authorities of Foreign Country and the relevant department at Foreign Agency, and the relevant government authorities have informed him that they approve or do not object to the sale of the Shares.” Lastly, both the Requestor and the foreign government official involved had averred that he would not assist the US Company in obtaining or retaining business.

Discussion

For the compliance practitioner, there are several key points to consider. The first point is found in a footnote and it reads, “Following Requestor’s initial submission, the Department sent Requestor a letter seeking additional information on July 25, 2013. Requestor provided a partial response by letter on September 19, 2013, which was accompanied by significant backup documentation. Thereafter, the Department and counsel for Requestor had several follow up discussions to clarify certain issues. On February 13, 2014, Requestor provided a final submission that addressed the last outstanding issues raised by the Department.” This is the first time that I recall seeing a time line laid out in an Opinion Release. This gives a compliance practitioner some idea of the time frames involved in the process.

The second is the use of representations and warranties by the parties. In Opinion Release 13-01 a key component was an opinion from the Chief Legal Office of the foreign official’s country that the conduct in question would not violate that country’s laws. However in 14-01, the DOJ accepted representations that the foreign official in question would not pass on business in which he either had an interest or help the Relator to ‘obtain or retain’ business with the agency at which the foreign official now worked. This type of evidence is something that a company should now consider when designing protocols to satisfy issues similar to those presented in 14-01.

Next is the quality and quantity of payment(s) to be made to the now foreign official to cash him out and purchase his interest. Here the parties agreed to an independent valuation by an internationally recognized accounting firm. This provides some type of arms-length analysis. It also provides a market based approach to the payment issue so that there is evidence of true (or perhaps truer) market value, not some arbitrary number agreed to by the parties.

Finally, all the parties seemed to have documented everything. This clearly states to me the need for documentation, which can be reviewed and assessed by a regulator. As I often say the three most important things in FCPA compliance are: Document, Document and Document. I believe that Opinion Release 14-01 makes this point even clearer.This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 18, 2014

When to Bring in Investigative Counsel and Why

InvestigationsWhen should you bring in a true outsider to handle an internal investigation? What about specialized investigative counsel? Jim McGrath, who often writes about the need for specialized investigative counsel, has also pointed out on several occasions that having an independent eye on things is also a plus. However, rarely do we see both questions played out so publicly as is currently going on in the General Motors (G.M.) recall investigation. Indeed, Matthew Goldstein and Barry Meier discussed these  questions in Sunday New York Times (NYT) Business Section article by, entitled “G.M Calls the Lawyers”.

For those of you not familiar with G.M.’s problems, McGrath also wrote about them in his Internal Investigations Blog, in a post entitled “What Did GM Know and When Did They Know It?” McGrath describes the current issues as “the revelation that General Motors is the target of probes by Congress and by the National Highway Transportation Safety Administration over its handling of ignition switch defects in at least six of its popular automobiles. Failures in these switches may have resulted in as many as thirteen deaths and seemingly point to quality control failures at the automaker.” Others have estimated the death totals much higher for this defect. And, as McGrath notes, the key question is ‘what did GM know and when did they know it’?

Interestingly G.M. has hired two law firms to handle the investigation. One is King & Spalding, which handled much of the product liability litigation over the alleged defect and the second is Jenner & Block. In the NYT article, a prominent plaintiff’s lawyer, Lance Cooper, who fought GM and King & Spalding on this product liability litigation noted the obvious when he said, “They are part of the story.” By this he meant that “King & Spalding’s switch from a fierce defender of G.M. to a potential inquisitor into the company’s actions may also pose a conflict. For one, some of the firm’s lawyers may have to ask their own colleagues if they advised G.M. about whether to recall the vehicles at the time the Melton case was settled.”

More importantly for G.M., the retention of “outside counsel in these cases is part investigation, part public-relations gambit and part legal strategy. In most cases, the goal isn’t to publicly flog a company or its top executives, but rather to limit damage to an institution’s reputation or to contain the financial harm to shareholders of a publicly traded company. And it does so under the protection of the attorney-client privilege. From the point of view of the company, a well-done internal investigation can shape the accepted story of what happened — and produce findings that allow the company to negotiate for lower penalties from prosecutors or regulators down the road.” But, more importantly, to “achieve those ends, the law firms conducting the investigations must be viewed as forthright and uncompromised. In this respect, some critics have already questioned G.M.’s choices.”

The NYT quoted another lawyer, William McLucas, a partner at WilmerHale, who said, “If you are a firm that is generating substantial fees from a prospective corporate client, you may be able to come in and do a bang-up inquiry. But the perception is always going to be there; maybe you pulled your punches because there is a business relationship.” This is because if “companies want credibility with prosecutors and investors, it is generally not wise to use their regular law firms for internal inquiries.” Another expert, Charles Elson, a professor of finance at the University of Delaware who specializes in corporate governance, agreed, adding, “I would not have done it because of the optics. Public perception can be affected by using regular outside counsel.””

Adam G. Safwat, a former deputy chief of the fraud section in the Justice Department, said that the key is “Prosecutors expect an internal investigation to be an honest assessment of a company’s misdeeds or faults, “What you want to avoid is doing something that will make the prosecutor question the quality of integrity of the internal investigation.”” The aforementioned Jim McGrath was also interviewed for the article. He said, “A shrewd law firm that gets out in front of scandal can use that to its advantage in negotiating with authorities to lower penalties and sanctions. There is a great incentive to ferret out information so they can spin it.”

All of these concerns are equally valid in the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act investigation context. But they are layered upon the Fair Process Doctrine. This is because procedural fairness is one of the things that will bring credibility to your Compliance Program. This Doctrine generally recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. Considerable research has shown that people are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at through processes and procedures that are perceived as fair. Adhering to the Fair Process Doctrine in your Compliance Program is critical for you, as a compliance specialist or for your Compliance Department, to have credibility with the rest of the workforce.

In internal investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Further, those involved must have confidence that any internal investigation is treated seriously and objectively. I have recently written about several aspects of internal investigations, in order to emphasize how to handle internal whistleblower complaints in light of the Dodd-Frank implications. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

This fairness has several components. One would be the use of outside counsel, rather than in-house counsel to handle the investigation. Moreover, if a company uses a regular firm, it may be that other outside counsel should be brought in, particularly if the regular outside counsel has created or implemented key components that are being investigated. Further, if the company’s regular outside counsel has a large amount of business with the company, then that law firm may have a very vested interest in maintaining the status quo. Lastly, the investigation may require a level of specialization that in-house or regular outside counsel does not possess.

Living in Houston, this all played out in disastrous results during the Enron scandal. Near the end of Enron’s run, its regular outside counsel, Vinson & Elkins, investigated questionable accounting practices at Enron. As the NYT article noted, “The firm’s investigation is viewed as an utter failure or a corporate whitewash. The review essentially gave Enron a clean bill of health just months before it collapsed in one of the biggest accounting frauds of all time. In 2006, the law firm paid $30 million to Enron’s bankruptcy estate to resolve claims that its actions had contributed to the energy company’s demise.”

All of this means, your company needs to get it right in the hiring of outside counsel to handle an investigation. As McGrath wrote at the end of his blog, “the Jenner and King people will have to make like Howard Baker and ask what the president – or other ranking person with reporting authority to NHTSA – knew and when they knew it. Because the cover-up is usually worse than the underlying wrong and this one could cost GM $35 million and its reputation.” The NYT article ended with the following, “The best internal investigations are the ones that don’t receive much media attention. A company deals with a problem quickly, and if there’s something to report to authorities, the company tends to be treated leniently for its forthrightness.” Amen.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 12, 2014

FDR’s Fireside Chat and Risk Ranking of Third Parties Under the FCPA

FDR Fireside ChatOn this date in 1933, just eight days after he was inaugurated, President Franklin Roosevelt (FDR) gave his first Fireside Chat to the American public. FDR began his chat by stating, “I want to talk for a few minutes with the people of the United States about banking.” He went on to explain his recent decision to close the nation’s banks in order to stop a surge in mass withdrawals by panicked investors worried about possible bank failures. FDR had correctly assessed that the public had lost confidence in the US banking industry and, based on that assessment, he closed them in his famous Bank Holiday. In 1929, over 600 banks folded, the number by 1932 had increased to over 5100. But more than simply these bank failures was the perception that the US banking system was on the verge of collapse. FDR also announced that he was reopening the banks the next day. The US banking system has been secure since that time.

I thought about FDR’s ability to correctly assess the risk to the US banking system. As compliance programs mature, one of the things that companies struggle with is how to better assess third party risks so that the right resources can be delivered to manage these risks. In the most recent issue of Compliance Insider an article, entitled “Building a Risk-Scoring Methodology for Distributors and Resellers”, lays  out a decision making calculus which can assist a company to best utilize its resources to not only quantify a large number of third party risks, but manage those risks more efficiently.

The article notes that there are two main resources that a compliance practitioner will need to rate the risks of third parties. The first is information about the entity. This category of information can come from a number of sources including the third party itself, in the form of a questionnaire through  to various levels of due diligence. The second  resource is the people who use the information to make decisions.  As there is only a finite amount that you, the compliance practitioner, can find out about your third parties use the resources available as there is a substantial need to make the best use of that information. All of this must be balanced between spreading the decision making across a large number of people whilst ensuring that the decisions made are consistent. To assist in answering these issues, the article suggests a methodology “to help focus your controls and resources more efficiently”. 

1.          What is your aim? 

The initial step in any risk-scoring exercise is to clearly define what you are trying to achieve. The second part of clarifying the aim is to build an expectation and means of measurement so that you can assess the validity of your calculus. 

2.             Which information is relevant? 

Most generally, the main criteria are the location of the partner or where they will deliver the product or services, the type of service or product that the partner is providing and the value of that service. This initial analysis can help you to create a high, medium and low risk model. But other factors should be weighed which can provide a more sophisticated approach. Some of these factors include the following:

  • Are they new or existing partners?
  • Are they touching end-users?
  • Are they selling to government customers?
  • Do you have contracts with them?
  • Do they obtain licenses for selling products in that country on your behalf?
  • Do you provide market development funds to them? 

3.             Where can I find the information? 

This speaks to the heart of your due diligence process. Obviously a questionnaire forwarded to your potential third party is a starting point. However such information should be verified and cross-checked. Additional factors should be geographic risk, the value(s) of potential transactions and compensation to the third parties. Lastly is the traditional levels 2 and 3 due diligence.

4.             Consider the questions you will ask the third parties 

Here the author believes that an additional analysis of both the criteria required and the possible resources to garner datum to support the criteria should be considered. These considerations include:

  • Which is the most cost-effective source for the information?
  • What is the most accurate way of obtaining information?
  • Do you need to ask the question at all?
  • How should the questions be worded to ensure the greatest efficiency in getting to the required answer?
  • How do you write the questions to ensure the scores are usable?
  • Which questions and responses should be scored? 

5.             Are the responses accurate? 

Here is where ‘a second set of eyes’ is critical. The article suggests that “sanity checks to ensure that the answers respond to the question and that the responder seems to have understood the question – this is especially useful when the questions have been translated into other languages.” You should also endeavor to cross-check against other information known about the partner, with reviews by multiple persons in your organization. Finally, on the back you should build into your program audits and spot-checks to assess the accuracy and consistency of approvals.

6.             What does it all mean?

Now you have to start using the information. Recognizing that you may need to tinker with your system, it is important that you “design the overall process to allow changes to be made in the future, as you learn more about the results.”

7.             What happens next?

Now the time has arrived to score the results. After you determine who will make the decision and the path for review and escalation, if required, also you should consider the Tom Fox Mantra, Document, Document, and Document. In other words, how does the scoring and decision making process get documented in your organization?

8.             How will you carry out the review process? 

At this point, it is appropriate to consider whether you have met or are moving in the direction that you attempted to establish back in Step 1. You should consider:

  • Does your program accurately reflect the risks that you understood the partners posed?Is the final result of your process consistent?
  • Were decisions on the risk level made by the right people in your organization?
  • Were the necessary issues escalated to the right people?
  • Have the risks changed?
  • Can the process be changed, or has it been built into an inflexible technology or workflow? 

Once the review is complete any necessary changes should be communicated to the staff involved in the process to ensure they know how their role is impacted. The author ends with some reservations that you should expect to run into. These include:

  • don’t expect to use scoring to fully automate a process – the information available is generally not complete enough to provide an accurate model, so scoring is far better when used as a guide;
  • don’t assume you will get it right first time (or second) – it is important to have a clear understanding of what you are aiming at, and to build regular review into the program to recalibrate the scoring;
  • keep the process and scoring as simple as possible – most of the relevant risk-related information can be found in a few key criteria; and
  • your perception of risk will change when new information comes to light, so remember to document the decision-making process so that you can justify the final risk outcome. 

While FDR may have more intuitively known the real problem with the US banking system it was the perception that it was not solvent, you do not have to rely solely on your gut when making informed decisions about the Foreign Corrupt Practices Act (FCPA) risks that a third party may present to your company. For the Department of Justice (DOJ), I think the key is that you assess the risk and document that assessment. If you do so and a third party gets you into FCPA hot water, you have the best chance of coming out on the other side as well as the US banks did after their ‘holiday’ with FDR.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

February 20, 2014

C’Mon Man Or the End of the World?

Prepare End of the WorldIt’s the end of the world as we know it,

It’s the end of the world as we know it

It’s the end of the world as we know it, and I feel fine

 The above lyrics came from REM and they reflect how I generally feel about law firm and lawyer pronouncements about the Foreign Corrupt Practices Act (FCPA) enforcement because [SPOILER ALERT] I am a lawyer, I do practice law and I do work for a law firm, the venerable TomFoxLaw. The FCPA Professor regularly chides FCPA Inc. for their scaremongering tactics, usually monikered as ‘Client Alerts’. Mike Volkov is even more derisive when he calls them the FCPA Paparazzi and cites examples from his days in Big Law, where law firm marketing campaigns are centered around doomsday scenarios about soon-to-occur FCPA; UK Bribery Act; or [fill in the anti-corruption law here] prosecutions and enforcement actions. I usually take such law firm scaremonger and blathering’s to be about worth as much as the paper they are printed on. Indeed I chide the FCPA Professor and Monsieur Volkov for their protestations. In other words, I feel fine.

I am a proud card-carry member of FCPA Inc. because not only can I spell FCPA (and UKBA for that matter), I also make FCPA related pronouncements from time-to-time and practice law in the FCPA space. I think we generally do a pretty good job of getting information out there. But last week one missive occurred that not only met the above impugning adjectives but created a veritable tsunami of mis-information as it made its way from China to Europe and to the US that even I thought was beyond the pale. How absurd was it? So absurd that not only did the FCPA Professor and I agree about it, but we decided to post blogs about it today.

On February 5 a law firm client alert stated, “While the number of enforcement actions may decrease or hold steady, we can expect some “blockbuster” settlements in 2014 of matters that have long been under investigation.” Blockbuster…really? Do you think this law firm was implying that the Siemens record FCPA fine of $800MM, plus its equivalent $800MM fine in Germany, that’s a total of $1.6 bn for those of you keeping score at home, is seriously in danger of falling by the wayside in 2014? How about Halliburton’s comparatively paltry $579MM penalty? To be slapped aside like a green-skinned witch yelling, “I’m melting!” BAE coming in at No. 3 with a measly $400MM must be quaking it is British Wellington boots about now.

As inane as this comment was, the thing that attracted my attention was the tidal force wave by which this quote rode its way all the way to the US. By February 10th, this quote had morphed into the following, written in the South China Morning Post, “The United States is expected to impose “blockbuster” fines on companies bribing foreign officials this year, with China a likely target of US investigations, lawyers say. A report by US law firm WilmerHale predicts “blockbuster” settlements under the Foreign Corrupt Practices Act (FCPA). “US enforcement authorities have stated there are a number of very large settlements in the pipeline,” said Jay Holtmeier, a partner at WilmerHale. “Given the attention paid to China in recent years, it is a safe bet some of those large settlements will involve conduct in China.”” Two days later the full storm reached the shores of the US when this article was referenced in the Wall Street Journal’s (WSJ’s) Corruption Currents.

So now not only do we have ‘blockbuster’ FCPA settlements coming; we will have them coming out of China. Various marketing departments will use these statements as ‘authoritative’, yet another reason to purchase their company’s products or services.

There are plenty of great FCPA resources out there, which inform the compliance practitioner, or indeed the non-compliance specialist, about the costs of a FCPA enforcement action. But more importantly there is more than a wealth of free, at no cost, information about how to craft a compliance program with any anti-corruption law, which currently exists. There is the same amount of information about how to ‘do compliance’, once again free and available at no charge. Is it marketing? My answer is either yes or better yet; who cares? Good solid information is good solid information no matter what the motives behind putting it out there are.

But here is the problem with making such statements which newspapers then follow them up by brandishing them as even more dire predictions. Someone might actually believe it. Next Congress will want to investigate these ‘blockbuster’ settlements or, perhaps, why after it was reported that they were coming, the Department of Justice (DOJ) did not have any ‘blockbuster’ settlements in 2014?

I thought about writing this blog post around the tale of the Boy Who Cried Wolf but I realized there is always another law firm or lawyer out there will to say the end of the world is coming “this year”. But perhaps the better analogy is the ESPN segment entitled “C’Mon Man!” during which each color commentator will describe a play or series of plays that made them scratch their heads and say “C’Mon Man!” So while I generally feel fine about the information disseminated by and from FCPA Inc., my suggestion is that everyone just take a deep breath and consider such information for what it is worth.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

Customized Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,229 other followers