FCPA Compliance and Ethics Blog

March 30, 2010

Suspension of FCPA is NOT the Solution

Filed under: FCPA — tfoxlaw @ 5:57 am
Tags: , , , ,

Should enforcement of the Foreign Corrupt Practices Act (FCPA) be suspended for those US companies now working in Haiti? This topic has been in discussion for a few weeks. It began with a statement by Wall Street Journal editorial board member Mary Anastasia O’Grady in a piece entitled “Democrats and Haiti Telecom“. Ms. O’Grady cited “an American entrepreneur” for the quote “We did not bother with Haiti as the Foreign Corrupt Practices Act precludes legitimate U.S. entities from entering the Haitian market. Haiti is pure pay to play”.

This “pay to play” statement led George Mason University Professor Tyler Cowen, writing in the Marginal Revolution Blog, to write “one of the best ways to help Haiti” is to “pass a law stating that the Foreign Corrupt Practices Act does not apply to dealings in Haiti. As it stands right now, U.S. businesses are unwilling to take on this legal risk and the result is similar to an embargo. You can’t do business in Haiti without paying bribes”. Professor Cowen’s statement led Eric Lipman, writing in the Legal Blog Watch, followed this up with “[i]t should not be necessary to suspend enforcement of an anti-corruption law to enable U.S. companies to participate, but, realistically speaking, is it justified in this case to look the other way for a time?”.

Responding to the suggestion that FCPA enforcement should be suspended in Haiti, the FCPA Professor articulated three reasons the law should not be suspended in Haiti. First the FCPA applies only to foreign governmental officials so not all business dealings in Haiti are covered by the FCPA. Second, empirical evidence suggests that foreign investment will be high in countries should as Haiti if their markets are lucrative but Haiti’s is not. Third, is Haiti’s 2009 ranking in Transparency International’s Corruption Perceptions Index demonstrates that it is a country where corruption is rampant.

As the lead editorial in its Sunday, March 28 edition, the New York Times urged that Haiti “will need to sweep out the old, bad ways of doing things, not only those of the infamously corrupt and hapless government, but also of aid and development agencies, whose nurturing of Haiti has been a manifest failure for more than half a century”. The piece suggested the following ideas to further this goal: Transparency, Accountability and Effectiveness; Haitian Involvement, Self-Sufficiency; Tapping the Diaspora and De-centralization as some of the keys for a successful rebuilding of Haiti. These ideas applied to groups both inside the country and out. But it is clear that the Times did not suggest that cow-towing to a “pay to play state” by suspending the enforcement of the FCPA was a way to move forward.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

March 26, 2010

Nigerian Bribery Box Score

Filed under: FCPA,FCPABlog — tfoxlaw @ 2:47 pm
Tags: , , , ,

Opening Day of the Baseball season is fast approaching and perhaps it is time to give a baseball statistician’s view to the Nigerian bribery case. Yesterday, Rob Evans in The Guardian reported that a UK court ruled that UK citizen Jeffery Tesler should be extradited to the US to stand trial. District Judge Caroline Tubbs, sitting at Westminster magistrates’ court in London, rejected Tesler’s arguments to fight off the extradition attempt. Judge Tubbs found that American prosecutors had alleged the crimes had a “substantial connection” with the US. She said that the Americans had already convicted one of the companies in the consortium for its part in the decade-long bribery scheme and one of the key executives who organized the corrupt payments. The Guardian, furthermore, reported that Judge Tubbs also rejected Tesler’s argument that it would be “unjust and oppressive” to send him to America as prosecutors had taken a long time to charge him. Tesler had argued that he would no longer be able to get a fair trial in the US. However, the judge rejected this argument, pointing out that he was responsible for part of this delay, as he had hired lawyers to block prosecutors obtaining evidence from Switzerland.

One individual, former KBR CEO Jack Stanley has pleaded guilty to violation of the Foreign Corrupt Practices Act (FCPA) in connection with the matter. He was sentenced to 7 years in prison and is subject to ongoing cooperation with authorities on this issue.

KBR admitted that a consortium of which it was a member paid Nigerian officials at least $132 million in bribes for engineering, procurement and construction contracts awarded between 1995 and 2004 to build liquefied natural gas facilities on Bonny Island, Nigeria. The consortium was named TSJK and consisted of subsidiaries of the following entities: KBR (then owned by Halliburton); Technip, French company; ENI, an Italian company; and JGC, a Japanese company.

SETTLEMENT (or RESERVED FOR SETTLEMENT) BOX SCORE

Entity Fine, Penalty and Disgorgement of Profits (in $ millions) Amount Reserved for Resolution (app. in $ millions)
Halliburton (KBR) $579  
ENI                              $340
Technip                              $330
JGC                     None reported
Total $579                            $670

 So for those of you keeping score at home, there has been and could be fines, penalties and profit disgorgement of over $1.2 billion. This figure does not include the amount paid out by these corporations for attorneys’ fees, forensic investigative costs and other professional fees which can be only speculated as priceless.

This amount will most probably be paid to the US government but not to the Nigerian government, the country which is alleged to be the focus of the bribery. The FCPABlog has posed the question that “Some in Nigeria will no doubt ask why the penalty money should end up in the U.S. Treasury and not their country?”. One reason could be that there is no current Nigerian investigation into the matter. In February, MainJustice reported that the Nigerian Senate subcommittee tasked with conducting the inquiry into the bribery scandal announced it was shutting itself down, saying that under the US-Nigeria Mutual Legal Assistance treaty, it could not obtain records from American investigators relevant to the investigation. While it does seem odd to this commentator that Nigeria would end its investigation of so public a scandal, we would only conclude that Nigeria must have its own reasons for doing so.

All of this and Opening Day is less than 10 days away. We can hardly wait.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

March 14, 2010

The Only Defense: Adequate Procedures under the UK Bribery Bill

With wide cross-party support it is anticipated that the Bribery Bill will pass the House of Commons and become law by May, 2010. The Bribery Bill amends and repeals existing anti-bribery offences under the Public Bodies Corrupt Practices Act 1889, the Prevention of Corruption Act 1906 and the Prevention of Corruption Act 1916 and abolishes the UK common law offenses of bribery and embracery (bribery of jurors). This proposed legislation represents a long awaited simplification of the law on corruption and makes the UK compliant with its international obligations under the OECD. It will have a major impact on the way businesses connected to the UK manage their international business.

There is one affirmative defense listed in the Bribery Bill. The is the ‘adequate procedures’ defense. The Explanatory Notes to the Bribery Bill indicate that this narrow defense would allow a corporation to put forward credible evidence that it had adequate procedures in place to prevent persons associated from committing bribery offences. Although not explicit on the face of the Bill, in accordance with established case law, the standard of proof the defendant would need to discharge is the balance of probabilities. The legislation requires Secretary of State to publish guidance on procedures that relevant commercial organizations can put in place to prevent bribery by persons associated with their entity.

Other than this commentary, the Bill provides no further information on what might constitute ‘adequate procedures’ as a defense but the Government has signaled that it will work with the UK business community to provide appropriate guidance to this critical component of the Bribery Bill. The UK law firm KattenMuchin has indicated that they expect the Government will apply a test regarding the ‘adequate procedures’ defense “with regard to the size of the company, its business sector and the degree to which it operates in high risk markets.”

While it might only give general guidance, the United States Department of Justice has published its Sentencing Guidelines which provide a framework to construct an ethics and compliance program which will meet the strictures of the FCPA. Using the Sentencing Guidelines, Richard Cassin has written about an effective compliance program, in his excellent FCPABlog. He notes that the purpose of an “effective compliance program” is to prevent and detect criminal conduct. In his listing his suggestions for what constitutes an “effective compliance program” He suggested the following:

1. A Written Program. A company must have standards and procedures in place to prevent and detect criminal conduct.
2. Board Oversight. A public company’s Board of Directors must be knowledgeable about the content and operation of the compliance program and must exercise reasonable oversight of its implementation and effectiveness.
3. Responsible Persons. One or more individuals among a company’s high-level personnel must be assigned overall responsibility for the compliance program.
4. Operating and Reporting. One or more individuals must be delegated day-to-day operational responsibility for the compliance program. They must report periodically to high-level personnel on the effectiveness of the compliance program. The individuals must have adequate resources, appropriate authority, and direct access to the Board or Audit Committee.
5. Management’s Record of Compliance. A company must use reasonable efforts not to hire or retain personnel who have substantial authority and whom a company knows or should know through the exercise of due diligence have engaged in illegal activities or other conduct inconsistent with an effective compliance program.
6. Communicating and Training. A company must take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance program, to directors, officers, executives, managers, employees and agents — by conducting effective training programs and otherwise disseminating information appropriate to the individuals’ respective roles and responsibilities.
7. Monitoring and Evaluating; Anonymous Reporting. A company must take reasonable steps (a) to ensure that its compliance program is followed, including monitoring and auditing to detect criminal conduct, (b) to evaluate periodically the effectiveness of the compliance program and (c) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby a company’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.
8. Consistent Enforcement — Incentives and Discipline. A company’s compliance program must be promoted and enforced consistently throughout a company through appropriate (a) incentives to perform in accordance with the compliance program and (b) disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.
9. The Right Response. After criminal conduct has been detected, a company must take reasonable steps to respond appropriately and to prevent further similar criminal conduct, including making any necessary modifications to a company’s compliance program.
10. Assessing the Risk. A company must periodically assess the risk of criminal conduct and take appropriate steps to design, implement, or modify its compliance program to reduce the risk of criminal conduct identified through this process.

Once again the British Government has not provided any guidance was to what might constitute “adequate procedures” under the Bribery Bill. However procedures based upon some of all of the elements above would certainly be a good starting point for any UK corporation to put in place.

————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

March 9, 2010

Maintaining a Relationship with a Foreign Business Partner under the FCPA after the Contract is Signed – Monitor, Monitor, and then, Monitor

In previous blogs postings, we have shared our thoughts on other aspect of the Foreign Business Partner (foreign agents, reseller, distributors or any person/entity representing the company overseas) relationship including how to evaluate the Foreign Corrupt Practices Act (FCPA) compliance risk; how to perform due diligence on prospective Foreign Business Partners; how to internally evaluate the information obtained through such due diligence; and what compliance contract terms and conditions you should set for the Foreign Business Partners. In this posting, we will discuss the steps a US company must follow to implement a procedure to monitor the actions of a Foreign Business Partner going forward.

DPA Guidance

In its Deferred Prosecution Agreement (DPA) with the Monsanto Company for their FCPA violations, the Department of Justice (DOJ) provided some guidance on the continuing obligation to monitor Foreign Business Partners. In the Monsanto DPA, the DOJ agreed, after the initial due diligence and appropriate review were completed on Foreign Business Partners, for Monsanto to implement certain post contract procedures. These requirements to Monsanto can be used as guidelines as to what the DOJ will look for from other US companies who have entered into relationships with Foreign Business Partners; especially in the area of monitoring the foreign business partner.

A US company should, on a periodic basis of not less than every three years, conduct rigorous compliance audits of its operations with the foreign business partners. This monitoring would include, but not be limited to, detailed audits of the foreign business partner unit’s books and records, with specific attention to payments and commissions to agents, consultants, contractors, and subcontractors with responsibilities that include interactions with foreign officials and contributions to joint ventures. The compliance audit should include interviews with employees, consultants, agents, contractors, subcontractors and joint venture partners. Lastly, a review of the FCPA compliance training provided to the foreign business partner should be included.

Ongoing Oversight

In addition to the DOJ guidance provided in the Monsanto DPA, it is recommended that there be substantial involvement not only by the business unit most closely involved with the Foreign Business Partner, but also by Legal; Compliance and other departments which would assist in completing the functions as outlined by the Monsanto DPA. The most significant reason for maintaining a post-contract relationship is to ensure the business units remain engaged in the Foreign Business Partner process. This involvement can also include some of the following participation, the senior business Vice President for the region where the Foreign Business Partner operates should annually call upon the Foreign Business Partner, in-person, to review all of the prospective business proposals and concluded business transactions that the Foreign Business Partner has engaged in. This annual VP review must not take the place of a legal or compliance review but should focus on the relationship from the business perspective.

Managing the risk of a relationship with a foreign business partner is one of the most critical aspects of a FCPA compliance program. The documented risk for the potential violation of the FCPA by a foreign business partner to a US company is quite high. To engage a foreign business partner, in a manner that properly assesses and manages the risk to, and for, a US company, requires a committee of time, money and substantial effort. However, with a compliance based risk management procedure in place, the risk can be properly managed and a foreign business relationship can be successful for all parties.

This publication contains general information only and is based on the experiences and research of the Author. The Author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The Author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the Author. The Author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

March 4, 2010

Internal Review of a Proposed Foreign Business Partner

In prior blogs, we explored how to rank Foreign Business Partners so that you can begin an appropriate due diligence process. We also explored what you might wish to investigate during the due diligence process. A Foreign Business Partner Review Committee should be established which is tasked with reviewing all the investigative due diligence and the Business Unit’s case for partnering with the person or entity. The next area of review should of the proposed Foreign Business Partner’s ethics and compliance program. Such a program should have, at a minimum, the following elements of a Foreign Corrupt Practices Act (FCPA)-style compliance program in place.

• Your Foreign Business Partner should…
o have a restriction on facilitation payments, gifts, entertainment and travel;
o require proper accounting and invoicing;
o have policies that flow down to any sub-vendors under the Foreign Business Partner

If the Foreign Business Partner’s program does not meet your Company’s, or the FCPA, standards you should require the implementation of a program that will meet those suggested in the US Sentencing Guidelines so that it will meet Department of Justice (DOJ) approval.

The next area of review by the Foreign Business Partner Review Committee is the proposed contract with the Foreign Business Partner. The contract must have compliance obligations stated in the formation documents, whether it is a simple agency or consulting agreement or a joint venture with several formation documents. All formation agreements should include representations that in all undertakings the Foreign Business Partner will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, or candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the Company is a participant.

In addition to the above affirmative statement regarding conduct, you should have the following contractual clauses in your Foreign Business Partner contract.

• Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation.
• Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of Foreign Business Partner emails and bank accounts relating to your Company’s use of the Foreign Business Partner.
• Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further such a finding will be the grounds for immediate cessation of all payments.
• No Sub-Vendors (without approval): The Foreign Business Partner must agree that it will not hire an agent, subcontractor or consultant without the Company’s prior written consent (to be based on adequate due diligence).
• Audit Rights: An additional key element of a contract between a US Company and a Foreign Business Partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training.
• Acknowledgment: The Foreign Business Partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws which apply to either the Foreign Business Partner or business relationship.
• On-going Training: Require that the top management of the Foreign Business Partner and all persons performing services on your behalf shall receive FCPA compliance training.
• Annual Certification: Require an annual certification stating that the Foreign Business Partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct.
• Re-qualification: Require the Foreign Business Partner re-qualify as a business partner at a regular interval of no greater than every three years.

Engaging in due diligence of a proposed Foreign Business Partner is but one of the many steps required to approve a person or entity who will represent your Company overseas, thereby creating a FCPA exposure. However, there are additional steps which you should employ internally in the Foreign Business Partner review process, some of which have been discussed above. Strong compliance terms and conditions are critical for the management of the relationship going forward. The Foreign Business Partner Review Committee must certify that the appropriate terms and conditions are in place to protect against a FCPA compliance violation and, should one occur, your Company can extricate itself immediately from doing business with such a a Foreign Business Partner instead of vendor.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

March 1, 2010

RISK-BASED COMPLIANCE

A recent benchmarking survey of Third Party Codes of Conduct was conducted by the Society of Corporate Compliance and Ethics (SCCE) and reported on by Rebecca Walker. The findings indicated that a majority of companies with an otherwise robust compliance program do not extend this to third parties with which they conduct business. The findings revealed the following: 53% of companies do not disseminate their internal codes of conduct to third parties; only 26% require third parties to certify to their own codes; and just 17% of the respondents have any third party codes of conduct.

For those companies which now desire to evaluate their third party business partners for Foreign Corrupt Practices Act (FCPA) compliance, how, and perhaps where, do they begin? The approach that appears to be gaining the most traction both with regulators and learned commentators is to develop a risk based approach to FCPA compliance. There is no specific Department of Justice (DOJ) guidance on any one specific process for a risk based compliance system. However, there is sufficient guidance in other FCPA and analogous compliance areas, such that direction can be provided to US and foreign companies in this area.

Writing in the FCPABlog, Scott Moritz of Daylight Forensic & Advisory suggested that a risk-based approach based upon the regulatory programs in Anti-Money Laundering (AML) governance. In the AML areas, the concept is that certain parties, including vendors, represent a higher compliance risk than others. Geography, nexus to government officials, business type, method of payment and dollar volume – are all risk indicators.

This risk-based approach was commented upon, favorably by the DOJ, in Release Opinion 08-02. In this Release Opinion the DOJ reviewed and approved Halliburton’s proposed acquisition of the UK entity Expro. The DOJ spoke directly to a risk based approach by that Halliburton had agreed to provide the following:

. . . a comprehensive, risk-based FCPA and anti-corruption due diligence work plan which will address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. Such work plan will organize the due diligence effort into high risk, medium risk, and lowest risk elements.

This risk-based approach has also been accepted by UK’s Financial Services Authority (FSA) in its settlement of the enforcement action against the insurance giant AON earlier this year. As a part of the settlement AON agreed to the following:

AON…designed and implemented a global anti-corruption policy … limiting the use of third parties … whose only service to AON is assisting it in the obtaining and retaining of business solely through client introductions in countries where the risk of corrupt practices is anything other than low. These jurisdictions are defined by reference to an internationally accepted corruption perceptions index. Any use of third parties not prohibited by the policy must be reviewed and approved in accordance with global anti-corruption protocols.

How does a company implement this guidance? Scott Moritz suggests that key to any risk-based approach is “the strategic use of information technology, tracking and sorting the critical elements — including risk-ranking, as well as enhanced due diligence and ongoing monitoring of high-risk parties proportionate to their risk profiles.”

The uses of a risk based compliance system can be myriad. The Release Opinion 08-02 system was in response to an international acquisition. Such systems can also be used to rank and assist in the evaluation of business partners or supply chain vendors. But, however such a system is used, the clear import from the DOJ, FSA and learned commentators is that some type of rational system should be put in place and followed.

Blog at WordPress.com.