FCPA Compliance and Ethics Blog

September 30, 2010

Getting Your Arms Around FCPA Due Diligence

The task of where to begin a full compliance and ethics program can often times appear quite daunting. Most US companies fully understand the need to comply with the Foreign Corrupt Practices Act (FCPA). However most companies are not created out of new cloth but are ongoing enterprises with a fully up and running business in place. They need to bring resources to bear to comply with the FCPA while continuing to do business. This can be particularly true in the area of performing due diligence on foreign business partners or vendors in the supply chain. Many companies understand the need for a robust due diligence program to investigation third parties, but have struggled with how to create an inventory to define the basis of risk of each foreign business partner and thereby perform the requisite due diligence required under the FCPA. 

In a recent Compliance Week webcast entitled “Getting Unstuck, Tactics for Defining and Executing Systematic, Risk-Based Third Party Due Diligence for FCPA Compliance”, Diana Lutz, Managing Director and Chief Compliance Officer of the Steele Foundation discussed mechanisms to utilize to assist an enterprise setting parameters to perform due diligence on foreign business partners such as agents, resellers, distributors, joint venture partners and any other such entities which might represent a US based company internationally. Her presentation presented concrete steps to take to allow businesses to ‘get their arms and heads around’ what they need to do and how to go about doing it in this area. 

The initial step was to conduct a risk inventory. This could be accomplished via a programmatic approach or via a forensic approach. The programmatic approach uses an overall roadmap to lead the assessment. It stresses a consistent and systematic linear approach which tends to identify and exclude low levels of risk. The forensic approach focuses on assessment at the individual third party level. However this approach can not only be more costly but allows a processor to manipulate certain information which could result in false result. 

Lutz suggested that a risk-based approach afforded not only consistency but is also “predictable and cost effective.” Such an approach would allow the visibility a company would need focus its due diligence resources. After an initial identification of the categories of third parties by such means as business segment, company or geographic region; there should be a weight and assessment of the level of exposure. Thereafter one should define the risk thresholds and the due diligence which should be applied to each risk level. All of this information would then allow a full risk matrix to be created and from such matrix, resources could be marshaled to perform an appropriate level of due diligence on foreign business partners. 

Using these steps, a company can establish the foreign business partners it needs and desires to perform due diligence on in a rational and reasonable manner. The mechanisms which Lutz outlined in the Steele webinar are useful tools for the Compliance Professional or Corporate Legal Department employee to demonstrate to management the ‘how’ of the mechanism of accomplishing this task in an ongoing FCPA compliance program. 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

September 28, 2010

FCPA Compliance Contract Template

Filed under: compliance programs,FCPA — tfoxlaw @ 6:43 pm
Tags: ,

Speaking at the Seventh Annual IQPC Advanced Contracts Risks Management for Oil and Gas Conference, Don Butler, General Counsel, Seneca Resources discussed contract templates and the use of these documents in transactional work. The concepts which Mr. Butler discussed are applicable when drafting templates which include language related to Foreign Corrupt Practices Act (FCPA) contractual terms. 

He began his presentation by noting that by use of the word ‘template’ he meant that it was a form of contract drafted by his company for use in certain transactions. It was designed to be more than just a starting point for negotiations. The template has several benefits for Seneca which, as he related, include: (1) the language is tested against real events; (2) the language assists the company in managing its risks; (3) the language fits into a series of related contracts; (4) the language is straight-forward to administer and (5) the language helps to manage the expectations of both contracting parties. 

The contracting concepts are equally applicable to contracts which a company, subject to the FCPA or UK Bribery Act, would enter into with a  foreign business partner such as an agent, distributor, reseller, joint venture partner or any other person or entity which might represent a US or UK business internationally. Such templates must have compliance obligations stated directly in the document, whether such document is a simple agency or consulting agreement or a joint venture with several formation documents. The FCPA compliance language should include representations that in all undertakings the foreign business partner will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the Company is a participant. 

In addition to the above affirmative statements regarding conduct, a FCPA template contract should have the following compliance terms and conditions in a foreign business partner contract. 

  • Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation.
  • Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of foreign business partner emails and bank accounts relating to your Company’s use of the foreign business partner.
  • Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further such a finding will be the grounds for immediate cessation of all payments.
  • No Sub-Vendors (without approval): The foreign business partner must agree that it will not hire an agent, subcontractor or consultant without the Company’s prior written consent (to be based on adequate due diligence).
  • Audit Rights: An additional key element of a contract between a US Company and a foreign business partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training.
  • Acknowledgment: The foreign business partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws which apply to either the foreign business partner or business relationship.
  • On-going Training: Require that the top management of the foreign business partner and all persons performing services on your behalf shall receive FCPA compliance training.
  • Annual Certification: Require an annual certification stating that the foreign business partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct.
  • Re-qualification: Require the foreign business partner re-qualify as a business partner at a regular interval of no greater than every three years.  

Traditional contracting techniques are a useful tool in the FCPA contracting area. By having such template language, a company can put forward the compliance terms and conditions which will not only communicate the foreign business partner’s FCPA compliance obligations but also protect a business, to the highest degree possible, through risk shifting-clauses. 

So what is in your FCPA contract template? 

To see a video of Mr. Butler’s presentation, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

FCPA Investigations – Now Call First?

Ed. Note-today we are pleased to host a guest posting by our colleague James McGrath

At the Compliance Week 2010 Annual Conference one of the issues discussed by Assistant Attorney General, for the Criminal Division of the US Department of Justice, Lanny Breuer, was what the Department of Justice (DOJ) might consider as an “effective compliance and ethics program” under the Foreign Corrupt Practices Act (FCPA) if an FCPA violation occurs and a company’s compliance program comes under scrutiny from the Criminal Division of the DOJ. Breuer noted that the most effective type of compliance program is one that “prevents fraud and corruption in the first place but when such compliance program has not done so, there are defined policies in place to “quickly detect, fix and report the [FCPA] violations.” 

Mr. Breuer’s call for defined compliance and ethics policies to “quickly detect, fix and report the [FCPA] violations” preceded his suggestion that “[a] corporation should seriously consider seeking the government’s input on the front end of its internal investigation.”  From an investigations perspective, this “call first” game plan presents immediate business and legal concerns. 

While the goal of both the government and corporate citizens under the USSG is self-policing, the pursuit of that objective has heretofore been initiated and controlled at the outset by companies themselves.  For example, a hotline call comes in alleging misconduct: Company X evaluates the substance of the claim, and if deemed credible, initiates an internal investigation in line with a robust compliance and ethics program.  If the assertion is serious and sensitive enough, Company X entrusts the inquiry to in-house or outside counsel.  This is specifically done to protect the existence and yield of the investigation through application of the attorney-client privilege and work-product doctrine.  

The foregoing protections are advisable and well within the long-protected rights of the corporation.  See: Upjohn Co. v. United States, 449 U.S. 383 (1981).  And they serve two vital purposes.  After all, a poker player does not show his hand to his opponents until called and a moviegoer does not yell fire in a crowded theater without seeing flames. 

The DOJ’s shift to a “call first” policy is seismic and defeats both of the foregoing tenets.  If a company involves the government in the investigation process from the outset, its hand is tipped and, there can be no assertion of attorney-client privilege and the work-product doctrine protection in subsequent reviews or in litigation. In addition and once DOJ is involved, its knowledge of Company X’s alleged problem becomes part of the public domain and subject to disclosure to the investing public on a schedule of the government’s own making. 

As a result, while following Mr. Breuer’s suggestion may be advisable for a given company in a given situation, the pitfalls of a blanketed adherence to this recommendation should be carefully considered by the business, compliance, and legal functions of every corporation. 

© James McGrath 

James McGrath is the managing partner of McGrath & Grace, Ltd., a law firm that specializes in conducting independent corporate internal investigations for companies across the United States and around the world.

September 26, 2010

The Six Principles of a Best Practices Anti-Corruption Program Under the UK Bribery Act Guidance-Part III

Filed under: Bribery Act,compliance programs,FCPA — tfoxlaw @ 7:36 pm
Tags: , ,

Last week the United Kingdom’s Ministry of Justice released its “Consultation on guidance about commercial organisations preventing bribery (section 9 of the Bribery Act 2010)”. The stated purpose of this document is to provide guidance, as required under section 9 of the Act, to “support businesses in determining the sorts of bribery prevention measures they can put in place.” Businesses covered by the UK Bribery Act can be convicted of a criminal offence if they fail to prevent bribery on their behalf. However, the Act provides that if the organization can show that it has adequate bribery prevention procedures in place, such “adequate procedures” are a defense to a prosecution. 

The Consultation lists “Six Principles for Bribery Prevention” which the Ministry of Justice believes are good international practices for such adequate procedures and is designed to assist businesses in determining what bribery prevention procedures they can put in place. In prior postings, we reviewed Principles 1 through 4. In this final posting, we will provide a review of Principles 5 and 6. 

Initially it should be noted that the Six Principles are designed to be result oriented and to allow a flexible approach to ethics and compliance. US practitioners will observe this is in contrast to the US approach, which is much more rules based. The UK approach is to allow each company to tailor its policies and procedures so that they are proportionate to the nature, scale and complexity of its activities. Clearly there is a huge variety of circumstances; small and medium sized organizations will, for example, face different challenges compared to large multi-national enterprises. As a result, the detail of how each company addresses these principles will vary, but the outcome should always be robust with effective anti-bribery systems and controls. 

PRINCIPLE 5: Effective implementation

 The commercial organisation effectively implements its anti-bribery policies and procedures and ensures they are embedded throughout the organisation. This process ensures that the development of polices and procedures reflects the practical business issues that an organisation’s management and workforce face when seeking to conduct business without bribery.

 

The Consultation makes clear that appropriate anti-bribery and anti-corruption policies and procedures will vary enormously depending on the nature of the business, the assessment of risk and the nature of its operational and support functions. However, there must be effective implementation if these anti-bribery and anti-corruption policies and procedures are to be successful. The Consultation provides specific steps implementation strategies that companies should consider when bringing their anti-bribery and anti-corruption commitments “to life.”  

As with other corporate programs, anti-bribery and anti-corruption policies and procedures cannot manage the risks if left in a file or on a shelf, they need to be implemented through the allocation of roles and responsibilities and by setting milestones for delivery and review. Put another way, companies are required to do more than just passively “have” anti-bribery and anti-corruption policies and procedures; they must actively “do” anti-bribery and anti-corruption.

Implementation

To accomplish this Principle, companies should establish an execution strategy that clearly sets out how anti-bribery and anti-corruption policies and procedures are to be implemented across the company’s various groups and functions. Such detail would include some or all of the following steps. 

  • Designation of who will be responsible for the anti-bribery and anti-corruption policies and procedures implementation;
  • A determination of how the anti-bribery and anti-corruption policies and procedures will be communicated internally and externally;
  • Provisions for the nature of training, whether live, online or a combination of both and how it will be rolled out;
  • Who will report to top management and the quantity and quality of information which should be presented to a company’s Board of Directors.
  • The  extent to which external auditing processes will be engaged;
  • The specific arrangements for monitoring compliance;
  • The timescale of implementation;
  • A clear articulation of the penalties for breaches of agreed policies and procedures; and
  • An established time table for reviews and assessments, suggested at no less than biennially.  

Internal Communication  

With regards to internal communications, the Consultation provides procedures for the best practices on how businesses should communicate anti-bribery policies and procedures to relevant staff, and the need for bribery prevention training. If training is necessary, it could cover the bribery risks the organization is exposed to as well as the organization’s anti-bribery policies and procedures. It should also be tailored for different functions within the organization. Interestingly, noted within the internal communication section, the Consultation remarks that companies should consider offering, or even requiring, the participation of business partners in anti-bribery training courses. 

External Communication

 Companies should use external communication to promote better implementation of policies and procedures as well as providing support for business partners and employees seeking to implement the said polices and procedures. External communication can range from the provision of information on the organization’s web-site to direct face-to-face communication with key players at meetings. Messages could include an indication that employees will be subject to robust internal sanctions (in addition to any criminal justice outcome if criminal offences are committed) if they accept bribes and that corrupt vendors risk being removed from the list of approved suppliers. 

PRINCIPLE 6 Monitoring and review  

The commercial organisation institutes monitoring and review mechanisms to ensure compliance with relevant policies and procedures and identifies any issues as they arise. The organisation implements improvements where appropriate.

 

Anti-bribery and anti-corruption policies must be viewed as dynamic and not static. This concern will require companies to perform ongoing monitoring of their compliance programs and adapting to changing circumstances, possibly in response to any incidents involving bribery and corruption, in order to remain effective. Although the time period for such ongoing monitoring and review is (or is not?) presented in the Consultation; it does provides several examples which companies may wish to consider when following this Principle of ongoing monitoring and review of  procedures. 

Internal monitoring and review mechanisms

The guiding tenet of this Principle would appear to be a determination of the internal checks and balances needed to monitor and review anti-bribery policies. 

In smaller organizations, this might include effective financial and auditing controls that identify potential and actual irregularities, combined perhaps with a means by which the views and comments of employees and key business partners are incorporated into the continuing improvement of anti-bribery policies. 

However for larger businesses this might include financial monitoring, bribery reporting and incident investigations. There should also be a requirement to report the results of such reviews to the Audit Committee, the Board of Directors or equivalent body. In turn, the Audit Committee, Board, or equivalent body, may wish to make an independent assessment of the adequacy of anti-bribery policies and disclose their findings and recommendations for improvement in the company’s Annual Report to shareholders.

Companies should also determine appropriate ways of identifying when a review of bribery risk, and the corresponding policies and procedures, is necessary; ensuring that if, for example, external events like government changes, corruption convictions, or negative press reports occur, an appropriate compliance response is triggered. It would be prudent for Companies to consult the publications of relevant trade bodies or regulators that could highlight examples of good or bad practice. Organizations should also ensure that their procedures take account of external methods of issue identification and reporting as a result of the statutory requirements applying to their supporting institutions, for example money laundering regulations reporting by accountants and solicitors. 

Transparency

Transparency is an important anti-bribery tool. Secrecy within a business and the failure to disclose important information about specific projects can facilitate the payment, receipt and concealment of bribes. Given the challenges posed by distance and unfamiliarity with overseas customs and regulations, businesses may wish to consider how to monitor the implementation of anti-bribery procedures in overseas offices and business partners. 

External verification

The senior management of higher risk and larger organizations may wish to consider whether to commission external verification or assurance of the effectiveness of anti-bribery and anti-corruption policies, or to seek membership of one of the independently-verified anti-bribery code group or organization monitored by industrial sector associations or multilateral bodies. An independent review can be helpful in providing companies undergoing structural change, or entering new markets, with an insight into the strengths and weaknesses of its anti-bribery policies and procedures and in identifying areas for improvement. Such independent analysis would also enhance a company’s credibility with business partners or restore market confidence following the discovery of a bribery incident, help meet the requirements of both voluntary or industry initiatives and any future pre-qualification requirements. 

Although the recently published UK guidance only deals with the UK Bribery Act requirements it is important to note that because of the long arm jurisdiction of the act many companies subject to the Foreign Corrupt Practices Act (FCPA) will also be subject to the UK Bribery Act. So it may be necessary to build on top of existing FCPA policies to ensure they are compliant with the new UK Bribery Act. 

All organizations will need to trigger the requirement to comply with the UK law if they wish to  “carry on business” in the UK. The UK Government has provided a very useful tool for any company which desires to measure its current compliance and ethics program. This type of guidance is quite welcome. It should be studied closely by any Compliance Professional or Law Department employee to assist in setting up a best practice anti-bribery and anti-corruption program. 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. 

© Thomas R. Fox, 2010

September 23, 2010

The Six Principles of a Best Practices Anti-Corruption Program Under the UK Bribery Act Guidance-Part II

Filed under: Bribery Act,compliance programs — tfoxlaw @ 8:34 pm
Tags: ,

Last week the United Kingdom’s Ministry of Justice released its “Consultation on guidance about commercial organisations preventing bribery (section 9 of the Bribery Act 2010)”. The stated purpose of this document is to provide guidance, as required under section 9 of the Act, to “support businesses in determining the sorts of bribery prevention measures they can put in place.” Businesses covered by the UK Bribery Act can be convicted of a criminal offence if they fail to prevent bribery on their behalf. However, the Act provides that if the organization can show that it has adequate bribery prevention procedures in place, such “adequate procedures” are a defense to a prosecution. 

The Consultation lists “Six Principles for Bribery Prevention” which the Ministry of Justice believes are good international practices for such adequate procedures and is designed to assist businesses in determining what bribery prevention procedures they can put in place. In our previous posting we reviewed Principles 1 and 2, in this posting we will provide a review of Principles 3 and 4 and the final  posting will focus on Principles 5  and 6. 

Initially it should be noted that the Six Principles are designed to be result oriented and to allow a flexible approach to ethics and compliance. US practitioners will observe this is in contrast to the US approach, which is much more rules based. The UK approach is to allow each company to tailor its policies and procedures so that they are proportionate to the nature, scale and complexity of its activities. Clearly there is a huge variety of circumstances; small and medium sized organizations will, for example, face different challenges compared to large multi-national enterprises. As a result, the detail of how each company addresses these principles will vary, but the outcome should always be robust with effective anti-bribery systems and controls. 

PRINCIPLE 3 – Due diligence 

The commercial organisation has due diligence polices and procedures which cover all parties to a business relationship, including the organisation’s supply chain, agents and intermediaries, all forms of joint venture and similar relationships and all markets in which the commercial organisation does business.

 Companies will need to know who they are doing business with if their risk assessment and mitigation are to be effective. The particular types of due diligence listed below are examples of enquiries that can help identify bribery risks associated with a particular business relationship and will enable the organization to take appropriate preventive measures. 

Location – Enquiries about the risk of bribery in a particular country in which an organization is seeking a business relationship, the types of bribery most commonly encountered and any information about the preventive actions which are most effective. Organizations may wish, for example, to be advised of relevant civil, administrative and criminal law and the existence of any procedures for reporting bribery to the relevant local authorities. 

Business opportunity – Enquiries about the risks that a particular business opportunity raises, for example establishing whether the project is to be undertaken at market prices, or has a defined legitimate objective and specification. 

Business partners – Enquiries to establish whether individuals or other organizations involved in key decisions, such as intermediaries, consortium or joint venture partners, contractors or suppliers, have a reputation for bribery and whether anyone associated with them is being investigated, prosecuted, or has been convicted or debarred for bribery or related offences. Organizations may also wish consider the risks associated with politically exposed persons where the proposed business relationship involves, or is linked to, a prominent public office holder. 

Organizations may wish to ensure that enquiries are made of partners’ internal anti-corruption measures.

PRINCIPLE 4: Clear, Practical and Accessible Policies and Procedures

 The commercial organisation’s policies and procedures to prevent bribery being committed on its behalf are clear, practical, accessible and enforceable. Policies and procedures take account of the roles of the whole work force from the owners or board of directors to all employees, and all people and entities over which the commercial organisation has control.

 After a company performs a thorough risk assessment and follows up with any required due diligence, it should be in a better position to develop effective bribery prevention policies and procedures. To the extent feasible, businesses should draw from the expertise of its work force to develop appropriate policy and procedure documentation,   as such actions can serve to secure buy-in from those who will be responsible for applying them.  

Policy and Procedure Documentation  

Companies should evaluate just how comprehensive, clear, practical and accessible its anti-bribery and anti-corruption policy and procedures documentation is to all employees and to other appropriate,  relevant persons and entities over which it has control. Such anti-bribery and anti-corruption policy and procedures documentation could include:

  1. A clear prohibition of all forms of bribery including a strategy for building this prohibition into the decision making processes of the business.
  2.  Specific guidance on making, directly or indirectly, political and charitable contributions, gifts, and appropriate levels and manner of provision of bona fide hospitality or promotional expenses to ensure that the purposes of such expenditure are ethically sound and transparent.
  3. Provide to the business advice on relevant laws and regulations.
  4. Detail guidance on what action should be taken when faced with blackmail or extortion, including a clear escalation process.
  5. A specific statement of the company’s level of commitment to the UK law on employment law protection for whistle-blowers and an explanation of the process for such internal reporting of bribery or corruption.
  6. Businesses should endeavor to provide information on anti-bribery and on anti-corruption programs relevant to the industry in which they sit.
  7. Companies should issue a Code of Conduct, which sets out expected standards of behavior and which can form part of the employment contract.  

Support and Operational procedures with the Organization 

Businesses should also consider how their existing internal company procedures can be used for bribery and corruption prevention. For example, financial and auditing controls, disciplinary procedures, performance appraisals, and selection criteria can act as an effective bribery deterrent. Other prevention procedures may include modification of sales incentives to give credit for orders refused where bribery is suspected; and “speak up” programs  to allow any employee to report allegations of bribery or breaches of corporate anti-bribery policies in a safe and confidential manner. 

Managers may wish to consider the resistance to bribery of particularly vulnerable operational areas such as procurement and supply chain management mechanisms and address any issues they have identified. 

Management of incidents of bribery  

Businesses should also consider putting in place procedures to deal with incidents of bribery, should one arise, in a prompt, consistent and appropriate manner. This could include designating a senior manager to oversee the company’s response. The business will need to decide whether to refer the matter to law enforcement agencies. There may need to be oversight of the sanctions process and a communications strategy to reassure investors, employees, customers, business partners and others possibly exposed to consequences from the incident. 

The Guidance on Principles 3 and 4 are designed to give businesses the information they need in order to implement  what they have learned through their risk assessments. The specific guidance set forth in the Consultation can be used by any compliance and ethics professional to properly assess and manage third parties and the nuts and bolts of how to create policies and procedures for an entire organization. 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. 

© Thomas R. Fox, 2010

September 22, 2010

The Six Principles of a Best Practices Anti-Corruption Program Under the UK Bribery Act Guidance-Part I

Filed under: Bribery Act,compliance programs,FCPA — tfoxlaw @ 8:38 pm
Tags: , ,

Last week the United Kingdom’s Ministry of Justice released its “Consultation on guidance about commercial organisations preventing bribery (section 9 of the Bribery Act 2010)”. The stated purpose of this document is to provide guidance, as required under section 9 of the Act, to “support businesses in determining the sorts of bribery prevention measures they can put in place.” Businesses covered by the UK Bribery Act can be convicted of a criminal offence if they fail to prevent bribery on their behalf. However, the Act provides that if the organization can show that it has adequate bribery prevention procedures in place, such “adequate procedures” are a defense to a prosecution. 

The Consultation lists “Six Principles for Bribery Prevention” which the Ministry of Justice believes are good international practices for such adequate procedures and is designed to assist businesses in determining what bribery prevention procedures they can put in place. In this posting, we will provide a review of Principles 1 and 2. In subsequent postings we will review the remaining four Principles.

Initially it should be noted that the Six Principles are designed to be result oriented and to allow a flexible approach to ethics and compliance. US practitioners will observe this is in contrast to the US approach, which is much more rules based. The UK approach is to allow each company to tailor its policies and procedures so that they are proportionate to the nature, scale and complexity of its activities. Clearly there is a huge variety of circumstances; small and medium sized organizations will, for example, face different challenges compared to large multi-national enterprises. As a result, the detail of how each company addresses these principles will vary, but the outcome should always be robust with effective anti-bribery systems and controls. 

PRINCIPLE 1: Risk Assessment  

The commercial organisation regularly and comprehensively assesses the nature and extent of the risks relating to bribery to which it is exposed.

 The foundation of understanding the corruption risks which a business can face is the keystone of any compliance and ethics program. Bribery and corruption risks evolve over time therefore a company’s approach to risk assessment must also grow. While the type of risk assessment procedures can vary greatly from industry-to-industry and company-to-company depending on such factors as the size of a company, its customers, markets and suppliers, there are certain risk factors, noted below, which a company should consider for a risk assessment procedure. 

A. Expertise-as an initial assessment, a company must determine whether it has the in-house expertise to conduct an appropriate risk assessment or whether external professional consultants should be employed to do so. 

B. Underlying data-each company must choose the most reliable data to form the basis of the risk assessment. Types of data could include annual audit reports, internal investigation reports, focus groups and staff/client/customer complaints; and by analyzing publicly available information on corruption issues in particular sectors or overseas markets and jurisdictions.

C. Key bribery risks 

1.         Internal Risk – this could include deficiencies in

  • employee knowledge of a company’s business profile and understanding of associated bribery and corruption risks;
  • employee training or skills sets; and
  • the company’s compensation structure or lack of clarity in the policy on gifts, entertaining and travel expenses.  

2.         Country risk – this type of risk could include: (a) perceived high levels of corruption as highlighted by corruption league tables published by reputable Non-Governmental Organizations such as Transparency International; (b) factors such as absence of anti-bribery legislation and implementation and a perceived lack of capacity of the government, media, local business community and civil society to effectively promote transparent procurement and investment policies; and (c) a culture which does not punish those who seeks bribes or make other extortion attempts.   

3.         Transaction Risk – this could entail items such as transactions involving charitable or political contributions, the obtaining of licenses and permits, public procurement, high value or projects with many contractors or involvement of intermediaries or agents. 

4.         Partnership risks – this risk could include those involving foreign business partners located in higher-risk jurisdictions, associations with prominent public office holders, insufficient knowledge or transparency of third party processes and controls. 

After the appropriate Risk Assessment, as guided by Principle 1, a company should look to Principles 2 to 6 on how the risk assessment will inform the development, implementation and maintenance of effective anti-bribery policies and procedures. The UK Government is clear that a static Risk Assessment is insufficient, therefore as a business evolves, or external circumstances change, a company will need to ensure that it is devoting sufficient resources to the assessment and mitigation of bribery and corruption risks as they emerge. For example, a small or medium sized company which enters a new market in a part of the world in which it has not done business before and therefore uses intermediaries and agents, may not be able to rely on anti-bribery policies designed for domestic purposes. 

PRINCIPLE 2: Top level commitment 

The top level management of a commercial organisation (be it a board of directors, the owners or any other equivalent body or person) are committed to preventing bribery. They establish a culture within the organisation in which bribery is never acceptable. They take steps to ensure that the organisation’s policy to operate without bribery is clearly communicated to all levels of management, the workforce and any relevant external actors.

This is the classic “Tone at the Top” requirement. Top leadership must commit, in word and deed, to a zero tolerance towards bribery and corruption, or to paraphrase the Dallas Cowboys former coach Jimmy Johnson “You can talk the talk, but you gotta walk the walk”. Those persons at the top of any business are in the best position to foster a culture of integrity where bribery is unacceptable within the organization. Effective leadership in bribery prevention will take a variety of forms depending on the circumstances in which an organization does business, but, by way of example, the kinds of leadership procedures that may be effective include:

  1. Releasing a statement of commitment to counter corruption in all parts of the company. Such a statement should include commitments to carry out business fairly, honestly and openly.
  2. Adopting a zero tolerance policy towards bribery and corruption and publicly announcing the consequences of engaging in such prohibited behavior for employees and management.
  3. Extending this proscription to all business partners through anti-bribery and corruption terms and conditions in each contract with said business partners.
  4. Lastly, and very interestingly, this Principle would require companies to avoid doing business with others who do not commit to doing business without bribery. This requirement would mandate that a top-level statement may be made public and communicated to subsidiaries and business partners.  

In addition to these factors listed above, there must be a clear commitment against bribery in a company’s management structure and, as such, this commitment must be embedded into a company a culture of compliance. This should include such things as the personal involvement of top-level managers in developing a code of conduct or ensuring anti-bribery and anti-corruption policies are published and communicated to employees, subsidiaries and business partners.  Maintenance of a clear top-level commitment to anti-bribery policies may be assisted by the appointment of a senior manager to oversee the development of an anti-bribery program and to ensure its effective implementation throughout a business. 

The UK Government has provided a very useful tool for any company which desires to measure its current compliance and ethics program. While this Consultation only deals with the UK Bribery Act’s requirements, it could also be a valuable and welcome tool for companies subject to the US Foreign Corrupt Practices Act (FCPA) in measuring their FCPA compliance policy. The information presented in the Consultation may well form  the best practices in the arena of anti-bribery and anti-corruption compliance programs. US companies can and should use this Consultation as a guidepost for not only their US FCPA-centric compliance programs but to enhance the program for any UK subsidiary that will be governed by the UK Bribery Act.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

 

September 20, 2010

UK Bribery Act Guidance Released

Last week the United Kingdom’s Ministry of Justice released its “Consultation on guidance about commercial organisations preventing bribery (section 9 of the Bribery Act 2010)”. The stated purpose of this document is to provide guidance, as required under section 9 of the Act, to “support businesses in determining the sorts of bribery prevention measures they can put in place.” Businesses covered by the UK Bribery Act can be convicted of a criminal offence if they fail to prevent bribery on their behalf. However, the Act provides that if the organization can show that it has adequate bribery prevention procedures in place, such “adequate procedures” are a defense to a prosecution.

The Consultation lists “Six Principles for Bribery Prevention” which the Ministry of Justice believes are good international practices for such adequate procedures and is designed to assist businesses in determining what bribery prevention procedures they can put in place. In this posting, we will provide a general review of the Six Principles and in subsequent postings we will drill down to provide more detail as to what is required, or at least suggested, as an adequate procedure for each specific principle.

The Six Principles for Bribery Prevention are as follows:

1. Risk Assessmentthis is about knowing and keeping up to date with the bribery risks you face in your sector and market. This means that a company must have adequately trained personnel performing ongoing assessments. Such a program cannot be static but must be dynamic as bribery risks will evolve over time.

2. Top level commitmentthis concerns establishing a culture across the organisation in which bribery is unacceptable. If your business is small or medium sized this may not require much sophistication but the theme is making the message clear, unambiguous and regularly made to all staff and business partners. This is the classic “Tone at the Top” requirement. Top leadership must commit, in word and deed, to a zero tolerance towards bribery and corruption. Interestingly, this commitment must also extend to avoid doing business with companies which do not make this commitment.

3. Due diligencethis is about knowing who you do business with; knowing why, when and to whom you are releasing funds and seeking reciprocal anti-bribery agreements ; and being in a position to feel confident that business relationships are transparent and ethical. Businesses must know who they are doing business with if they are to accurately assess and manage their risks; appropriate due diligence must be performed to allow a business to not only assess its compliance risks but to properly manage them.

4. Clear, Practical and Accessible Policies and Proceduresthis concerns applying them to everyone you employ and business partners under your effective control and covering all relevant risks such as political and charitable contributions, gifts and hospitality, promotional expenses, and responding to demands for facilitation demands or when an allegation of bribery comes to light. Businesses should create clear written instructions to document not only what will not be tolerated, but also provide guidance on relevant laws and how to do business ethically. This should include direction on actions employees are to take when faced with blackmail or extortion. Interestingly, this requirement extends to “other people and entities over which a business has control.”

5. Effective implementation – this is about going beyond ‘paper compliance’ to embedding anti-bribery in your organization’s internal controls, recruitment and remuneration policies, operations, communications and training on practical business issues. While noting that policy implementation will “vary enormously” from organization to organization and will depend on the nature of a particular business, companies will need to bring their compliance and ethics programs “to life”. This would include areas such as training, internal and external communications and using all the tools available to a business; including internet, intranet, email, posters, employee and company-wide meetings and other forms of communication.

6. Monitoring and reviewthis relates to auditing and financial controls that are sensitive to bribery and are transparent, considering how regularly you need to review your policies and procedures, and whether external verification would help. This principle requires that an anti-corruption program be dynamic and ever adapting to incorporate changing circumstances, it must not simply be a paper program. It should also include the internal checks and balances a company needs to have in place to adequately review and monitor compliance and ethics policies. Furthermore this requires Board of Director oversight, full transparency and external verification.

The Consultation states that it does not provide “particular procedures” but that these Six Principles of Bribery Prevention are to be a flexible guide to deciding the specific procedures that any business might use to prevent corruption and bribery. The paper notes that “Whether procedures are adequate can only be determined by the particular circumstances of a case”. Nevertheless, the Consultation is a very useful tool for any company which desires to measure its current compliance and ethics program. While this Consultation only deals with the UK Bribery Act’s requirements, it could also be a valuable and welcome tool for companies subject to the US Foreign Corrupt Practices Act (FCPA) in measuring their FCPA compliance policy.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

September 17, 2010

What is your FCPA Investigation Protocol?

Speaking at the IQPC 2010 Internal and Regulatory Investigations in Oil and Gas Conference, Dominic Sheils, Compliance Counsel for John Wood Group PLC, and James W. Noe, Senior Vice President, General Counsel and Compliance Officer for Hercules Offshore, Inc., discussed two different approaches to internal investigation protocols and how these different approaches work for their respective companies. The presentations of Sheils and Noe highlighted the different approaches taken by many companies in the United States and abroad when dealing with the issue of whether to have a written procedure outlining the steps to be taken when a claim which may constitute a bribery or corruption is reported to the company.

Compliance Counsel Dominic Sheils indicated that the John Wood Group has a detailed written procedure for handling any such complaint or allegation of bribery or corruption, regardless of the means through which it is communicated. The mechanism could include the internal company hot-line, anonymous tips, or a report directly from the business unit involved. In the John Wood Group the decision on whether or not to investigate is made by the internal Compliance Department, with possible consultation with the Audit Committee of the Board of Directors. The head of the business unit in which the claim arose is notified that such an allegation has been made and that the Compliance Department will be handling the matter on a go-forward basis.

The John Wood Group uses this detailed written procedure to ensure there is complete transparency on the rights and obligations of all parties once an allegation is made. This allows the Compliance Department to have not only the flexibility but also the responsibility to deal with such matters. The Compliance Department believes that this mandated responsibility gives it the role in which it can best assess and then make a decision on how to manage the matter.

The previous approach is contrasted by that of Hercules Offshore, Inc. General Counsel James Noe stated that Hercules has no written protocol for the handling of investigations of allegations of corruption or bribery. He initially noted that he, as General Counsel, makes the final decision on whether a matter is to be investigated. He believes that it is important for the General Counsel to maintain maximum flexibility to deal with the issues involved around any such allegations.

Mr. Noe stated that each investigation depends on the underlying facts presented. He is concerned that if there is a written protocol mandating the procedure it might impinge on the flexibility of the company to proceed. He used the phrase “Sometimes small streams can become big rivers”, indicating that when a matter is thoroughly investigated flexibility is required. Additionally, at Hercules, there is no set person(s) or personnel who are required to be notified when bribery and corruption allegations are put forward. The scope of the decision on to whom and how to make the notification can be influenced by a myriad of factors including statutorily mandated reporting requirements of US public companies, so no one protocol can respond to every scenario.

Both John Wood Group and Hercules Offshore, Inc. have robust Foreign Corrupt Practices Act (FCPA) compliance and ethics programs. Their respective compliance programs differ on the mechanism by which the decisions on investigation protocols and notification are to be made, after an allegation of bribery and corruption comes forward. However both these company’s have made their approaches work for them.

To see a video of their presentation, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

September 13, 2010

How to Turn a Season Around

 One of the more enjoyable aspects of a baseball season is its length. The fortunes of a team can ebb and flow over the course of a 162 games season. So even if a team starts out abysmally, it can pick things up over the course of the spring and summer and give some hope to the team in September and perhaps even into the next year. With this in mind, we posted the question in an April post as to who would have the better season, the Houston Astros, who started the season at 0-8, or Hewlett-Packard (HP) which, at that time, had announced that it was under an investigation for alleged Foreign Corrupt Practices Act (FCPA) violations regarding the sale of computer hardware in Russia. I’m happy to report that after an anemic start the Astros have played .500 ball, going 71-71 and even have one of the better records in the National League since the All-Star Game. However, the season may not be going along in such an upbeat manner for HP. 

As reported on Friday in the Wall Street Journal (WSJ), the HP bribery probe has widened and HP, itself, has announced that investigators have “now expanded their investigations beyond that particular transaction.” This original investigation pertained to an investigation of allegations that HP, through a German subsidiary, paid bribes to certain Russian officials to secure a contract to deliver hardware into Russia. The contract was estimated to be worth approximately $44.5 million and the alleged bribes paid were approximately $10.9 million. In a 10-Q filing made with the Securities and Exchange Commission (SEC) last week, HP stated that the investigation has now expanded into transactions “in Russia and in the Commonwealth of Independent States sub region dating back to 2000.” The WSJ noted that US public companies, such as HP, are only required to report FCPA investigations in SEC filings if they “are material for investors.”

The announcement of an expanded FCPA investigation comes on the heels of HP’s much publicized ouster of (former) CEO Mark Hurd over issues relating to an allegation of sexual harassment and expense report issues. This public spectacle has become even messier as HP has now brought suit against Hurd to prevent him from violating a Non-Compete Agreement by going to work for his new employer Oracle and to prevent Hurd from releasing any confidential information to Oracle in his new position as President and a member of the Board of Directors at Oracle.

 However, just as the Astros appear to have changed the momentum of their season by making striking changes in their line-up and by trading two of their older veterans, Roy Oswald and Lance Berkman, for younger players, HP might use all of their recent events to improve its FCPA compliance and ethics outlook and we have previously opined that the departure of Mark Hurd might present HP with an opportunity to re-emphasize its “Tone at the Top”. The 10-Q filing might now present HP with an opportunity to evaluate its overall FCPA compliance and ethics policies, procedures and training programs. As reported by the WSJ in April,  the transaction which led to these FCPA investigations was discovered through an external audit by German tax authorities who noted its suspicious nature. Indeed, one of the witnesses in the investigation of the underlying transaction stated of the deal “It didn’t make sense…” HP may now wish to thoroughly investigate internally, and with the assistance of outside experts, the effectiveness of its internal monitoring and reporting procedures.

Just as mid-course corrections during a baseball season can show positive benefits later in the season, such actions can also show positive benefits throughout the course of an FCPA investigation and enforcement action. As we recently noted in the recent Department of Justice (DOJ) and SEC announcement of the settlement of the Alliance One and Universal Corporation FCPA enforcement actions, company’s can take specific steps during the course of an investigation to reduce their overall liability for FCPA violations by taking specific steps.

 So simply because a team starts out at 0-8 there may be a way to turn things around. If the Astros go 13-6 the rest of September they will finish the season over .500. The question we have for HP is whether it will make any mid-course corrections in its FCPA compliance and ethics program to help it during this most challenging of seasons?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. 

© Thomas R. Fox, 2010

September 8, 2010

So…When Does Compliance and Ethics No Longer Matter?

Filed under: compliance programs — tfoxlaw @ 3:03 pm
Tags: , , ,

In a post yesterday on TheAtlantic.com, Daniel Indiviglio posed the question “Does Hurd’s New Oracle Gig Prove Business Ethics Don’t Matter?” Indiviglio noted that while Mark Hurd’s missteps at H-P may have been “incredibly dumb”; the decisions he made which led to his ouster did not relate to his business acumen. Indiviglio quoted Bloomberg to explain the value that Oracle must have seen in hiring Hurd:

At H-P, Hurd more than tripled profit by cutting costs and expanding beyond the company’s core business of computers and printers. He oversaw an acquisition spree of more than $20 billion, letting the company branch out into services, networking equipment and smart phones. Oracle, which also has bulked up through takeovers, would draw on Hurd’s background blending software and hardware as it expands into server sales.

Indiviglio noted that it would appear that Oracle “thinks Hurd’s talent for business-making trumps his poor [ethical] decision-making elsewhere.” While recognizing that in certain professional service businesses, such as auditing, integrity is everything; conversely in other types of businesses where profit motives may not be connected to good ethics, an emphasis on integrity may not jeopardize business as much and as “long as poor decisions don’t compromise profit, they [business ethics] will eventually be forgotten.”

We have previously discussed the importance of “Tone at the Top” and our colleague Lindsay Walker has guest blogged on the subject in “Integrating Ethics and Compliance into the Entire Organization”. We both believe that a Company’s ethics and compliance culture are set by the very top levels of management. The reason is that this is the very ‘tone’ which company employees pick up on and use as the basis of their de facto guidance about what one can and cannot do; instead of following a written Code of Ethics. In most industries there is [almost] always an apocryphal ethics story along the lines of ‘In some unknown country an un-named Regional Manager is alleged to have said the following: “If I violate the Code of Ethics, I may or may not get caught. If I violate the Code of Ethics and get caught, I may or may not be disciplined. But if I miss my numbers for two consecutive quarters I will be terminated.” ‘

In the Foreign Corrupt Practices Act (FCPA) compliance world, we wonder what the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) would think about a company which had such an attitude regarding compliance. Both the DOJ and SEC also appear to believe that a Company’s ethics and compliance culture are set by the very top levels of management as the US Sentencing Guidelines read, in part, “High-level personnel and substantial authority personnel of the organization shall … promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” The DOJ has also cited to the Organization for Economic Co-operation and Development (OECD) Good Practice Guidance on Internal Controls, Ethics, and Compliance as a guide to best practices in the compliance arena. The OECD lists 12 specific guidelines for companies to utilize as a basis to construct an effective compliance program. The list includes at least two points that seem to bear weight on this issue. They are:

1. A culture of compliance with the appropriate “tone at the top”.

* * *

3. It must be the duty of every employee to observe a company’s compliance program.

So take some time to think about the message you believe Oracle is sending to its employees by hiring Mark Hurd?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

Next Page »

Blog at WordPress.com.