FCPA Compliance and Ethics Blog

April 15, 2011

15 (FCPA) Blogs Sites to Check Out on April 15

For some time now I have wanted to write about who I read and why, so in honor of April 15, I thought it might be a good idea to list 15 favorite blog sites. Below is a list of my favorites and as this blog provides my spin on all things related to the Foreign Corrupt Practices Act (FCPA) arena here we go…

The First Blog I Read Each Day

FCPA Blog/FCPA Professor – I know I said “the” first but it is always one of these two, depending on how early in the morning it is and where the mouse pointer ends up when I make the first click. But regardless of which I read first, here is why they are the first.

FCPA Blog – Richard Cassin is the ‘Dean’ of FCPA bloggers. If you want to know what is going on in the FCPA, or wider compliance world on a once, twice or thrice times daily basis, this is the blog for you. In addition to Dick’s own posts, he gets the crème-de-la-crème of the world’s anti-bribery and anti-corruption writers to send in posts. If the FCPA Blog didn’t exist, someone would have to create it and fortunately for us Dick has done so.

FCPA Professor – Professor Mike Koehler on all things ‘legal’ in the FCPA world. If you want to know the latest Department of Justice (DOJ), Securities and Exchange Commission (SEC), federal court or anything else FCPA-thinking, from the law perspective, this is the blog for you. Always insightful, and provocative, if you want to hone your Socratic method, parry and thrust via email with the Professor. I guarantee you will learn quite a bit, I know I have.

After I get through these I tweet about them so everyone else can enjoy their collective wit and wisdom then it’s off to the following sites…

Corporate Compliance Insights – A collection of all things compliance, with a starting rotation and bullpen of great authors and contributors. But more than simply blogs, it has job postings, career advice and a broad list of resources for the compliance practitioner. And here’s the best part-it’s all free. Maurice Gilbert and his team have put together an outstanding compliance resource.

Open Air Blog – How can one best describe Howard Sklar’s blogging; withering, skewering, contrarian; he describes himself as “a crusty, irascible curmudgeon.” Here’s how I would describe Howard – one of the best compliance practitioners and commentators around. His insights are great and he uses the right touch of humor and real-world examples to get his point across. His blog is great and a ton of fun to read so saddle up and enjoy the (compliance) ride.

Corruptions Currents – From the Wall Street Journal, Sam Rubenfeld and Joe Palazzollo blog all-day on all things related to the anti-corruption world; FCPA, AML, Whistleblowers, Sanctions and General Anti-Corruption are all covered in this blog. Both journalists were jointly named by Ethisphere as one of the 100 most influential folks in the anti-corruption world. Great coverage, great insight AND it’s from the Wall Street Journal.

From across the pond…

thebriberyact.com – If you only have one resource for all things UK Bribery Act related, you could not find a better site. Barry Vitou and Richard Kovalevsky have put together that rarest of all blog sites, one that covers an entire subject in-depth, with both practical insight and analysis. Their interviews of the relevant players allow all compliance practitioners to develop insight into what the top UK regulatory officials are thinking about on the Bribery Act.

From North of the Border…

i-sight investigation blog – Lindsey Khan provides excellent insight on a wide variety of compliance topics. As with most advice we Americans receive from our Canadian cousins, her blogging is direct with practical guidance on how to navigate compliance challenges. She often provides Templates with her blogging to give you specific guidance on the ‘how to’ of compliance. So get thee to the Great White North and check out i-sight.com

The Business Ethics Blog – Chris MacDonald teaches Philosophy, including business ethics, at Saint Mary’s University and fortunately for the rest of us, he blogs. If you believe either “a) that corporations have a god-given right to accumulate as much capital as possible without regard for who gets hurt along the way; or b) that all corporations, and all people who work for them, are inherently evil, you will probably be irritated by [his] blog.” However, the rest of us can learn quite a bit from this thought provoking blog.

For Export Control…

International Trade Law News – My favorite site for all things trade compliance. Fellow UT Longhorn Doug Jacobsen has put together a great site for export controls, sanctions, customs law, FCPA, antidumping and other international trade issues. He touches on the FCPA from time-to-time but he is “The Man” for me to catch up with all issues relating to export control.

Subscription Required – Sorry but you have to pay to read these great blogs…

Compliance Week Blogs – Matt Kelly has put together a plethora of all-star bloggers for his publication Compliance Week. Bruce Carton on the SEC; Melissa Aguilar on Regulatory Developments; Tammy Whitehouse on Accounting and Auditing; Neil Baker with his Global Perspectives; Jaclyn Jaeger with the Scuttlebutt and the Man, Matt Kelly himself. Any of these bloggers would be worth a solo listing but to have them on one site is fantastic.

JustAnti-Corruption – Editor Mary Jacoby and Reporter Chris Matthews blog throughout the day on anti-corruption and anti-bribery issues from a DC perspective. Both are great journalists and both have first-class sources. It puts information to us out in the provinces (as in ‘Outside the Beltway’) on what the DOJ is doing and thinking on all things FCPA.

Aggregators-they put it all together for you.

MyCorporateResouce-Nick Montgomery is the hardest working man I know of in the blogosphere world. He manages to post literally hundreds of blogs each day, all focused for the in-house corporate lawyer. He has a specific FCPA site, which is found in the Client Memos, International Trade Sub Menu, Foreign Corrupt Practices Act. He posts blogs from Blue Chip law firms so the information is well, blue chip. It is a fabulous resource for all things an in-house counsel would need to know and a wonderful FCPA resource.

Law Agents-this site announces that “With over 1,400 subscriptions by users, lawgents.com is the internet’s largest free law related news and blog aggregator.” How is that for an opening line. Best of all, its free and you can join, post or just use as a resource.

New Kids on the Block – Note I didn’t say young but these two guys have recently started blogging and from what I know of them, their stuff will be high quality.

Internal Investigations Blog – Cleveland attorney Jim McGrath focuses on all aspects of investigations relating to anti-corruption, anti-bribery, corporate fraud and employee-related theft. His blog is broader than simply the FCPA but just imagine the results of L’Affaire Renault if that company had read Jim’s blog before firing the soon to be multi-millionaire ex-employees.

White Collar Defense and Compliance – and finally… Mike Volkov has started up his own blog. For anyone who has heard Mike speak or read any of his Client Alerts you know this guy knows his stuff. I often wonder how he puts out so much material and manages to practice law, but he does and we, and the greater compliance world, are better for it. So check him out, as in now.

So that is my 15 ‘faves’ list. If you are not on it, please don’t take it personally, I’m sure that I read your blog and tweet about you.
So while you sit and contemplate my 15 favorites remember its April 15th and if you haven’t done your taxes yet…get that extension filed…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2011

April 14, 2011

FCPA Compliance: Documentation Is a Key

Paul McNulty, former United States Deputy Attorney General has provided perspective that there are three general areas of inquiry the Department of Justice (DOJ) would assess regarding an enforcement action. First: “What did you do to stay out of trouble? Second: “What did you do when you found out?” and Third: “What remedial action did you take?” He also discusses that as a key component, a company must document its overall compliance efforts.

Former federal prosecutor Stephen Martin, currently the General Counsel of Corpedia, discusses the key component of documentation when he and I speak across the country on current compliance best practices in our World-Check sponsored Foreign Corrupt Practices Act (FCPA) events. To respond to any of these inquiries a company must document what it does for its compliance efforts. However, more than simply the ability to document the results of your company’s compliance efforts is the ability of a company to quickly and efficiently respond to a prosecutor’s request for information in a timely manner.

We recently wrote about the proactive use of the results of your compliance program, as advocated by William Athanas in his article “Demonstrating “Systemic Success” in FCPA Compliance: Identifying and Maintaining Evidence to Respond to Government Investigations . . . Before They Begin.” From this article I derived three key take a ways; which are document, document and then document. If your compliance program does not document its successes there is simply no evidence that it has succeeded. In addition to providing to your company support to put forward to the DOJ, it is the only manner in which to gage the overall effectiveness of your compliance program. Put another way, if you don’t document it, you cannot measure it and if you cannot measure it, you cannot refine it.

One of the mechanisms to help both in your documentation and delivery of this documentation is audit analytics. ACL Services, in a White Paper entitled “Don’t Get Bitten by the FCPA”, advocated the use of audit analytics to assist in creating and accessing the necessary documentation to enable your company to continue to compare and update its compliance program and provides a readily assessable written record to present to any DOJ official.

Another company, Visual Risk IQ, has a software product which performs continuous controls monitoring involving the monitoring of data. This system will enable your company to not only record and analyze a large amount of financial information but will allow you to readily document whether any payments are outside of any established norm. This established norm can be derived from against a businesses’ own standard or an accepted industry standard. Therefore if a payment, distribution or other financial payment, or remuneration into a foreign business partner is outside an established norm, thus creating a Red Flag, such information can be tagged for further investigation and such record is documented and readily accessible.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

April 13, 2011

Compliance Convergence: Know Who You Are Doing Business With

The compliance world is ever expanding and a corporation’s response to compliance must be ever more sophisticated. Noted Compliance Expert Howard Sklar, author of the Open Air Blog, has spoken of “compliance convergence” or the merging of control programs such as anti-bribery and anti-corruption, with anti-money laundering, and export control. If a Company does not know with whom it is doing business, any of these three areas can put a company at risk for various forms of illegal conduct. This post will review these three areas and explain how each area must be thoroughly vetted to keep companies out of regulatory scrutiny.

A. FCPA Due Diligence and PEPs
The risks of not knowing the background of international vendors or business partners include: (1) Unwittingly doing business with Politically Exposed Persons (PEPs), subjecting such relationships to risk assessment is a cornerstone of any Foreign Corrupt Practices Act (FCPA) compliance program; (2) Not knowing the ownership and management behind these international vendors increases the risk of being defrauded by ‘tender rigging’ or purchasing fraud and will make it easier for criminals to steal your intellectual property (IP); and (3) Being associated with criminals who are seeking an entry point into the global financial system towards processing the proceeds of their crimes.

What is a PEP and what does PEP compliance entail? PEPs are past and current officeholders, or individuals who are, or were, formerly entrusted with high level public functions in a foreign country. Examples of these positions of trust and power include senior politicians, heads of state or government, senior judicial or military officials, important officials of political parties as well as senior executives of state-owned enterprises. It is not just the primary officeholder that businesses need to assess for PEP risk, but their family and business networks as well. With all of this in mind some of the basic pieces of information to cover when a company might begin the due diligence process would include:
1.               Are any of the leaders of the company (beneficial owners or senior management) government officials, or related to government officials?
2.               Do any of the leaders of the company have relationships with foreign governmental officials? If so what is the nature of the relationship. This must also include family members of the company’s leadership.
3.               Do any of the principals or beneficial owners have any prior history of bribery or other crimes? If yes what information is available on such matters?
4.               How did your company initially become aware of the third party? Is this referral source related to any governmental officials?
5.               Is anyone from senior management, or are the beneficial owners, on the Specially Designated Nationals (SDN), PEP, denied  parties list or any other relevant list?

This list is not exhaustive but it gives a sense of some of the some things which should be investigated in the due diligence process regarding individuals. The key is verification, the more you independently verify, the stronger your diligence and after verification, the most important thing is documentation, documentation, and then documentation.
B. Anti-Money Laundering
In the post-9/11 era, Anti-Money Laundering (AML) legislation and compliance with AML requirements have become key focus areas for banks, law firms, asset management firms, auditors and similar regulated service providers. However, AML has been broadened and is now no longer limited to such institutions. It can become a part of a Company’s overall compliance program investigation and research.

Money laundering is conduct designed to disguise the proceeds of criminal activity, which, to clarify,  includes all offenses punishable under the laws of a particular country. These consist of making illegal or improper payments to Government Officials; the misappropriation, theft or embezzlement of public funds by any party as well as, by, or for the benefit of Government Officials; paying kickbacks to employees of private companies’ creating a scheme to defraud third parties; and, in the United States, misusing the mails (whether it is the US mail, private or commercial couriers) and the wires in interstate or international commerce. Money laundering can arise when there is an effort to evade reporting requirements by engaging in a series of funds transfers that individually are below the amount requiring disclosure. Funds may also be laundered by transfers among bank accounts or through the purchase of apparently legitimate assets and, even though they have been “laundered”, these funds still represent the proceeds of criminal activity, and knowingly receiving, transferring, transporting, retaining, using, or hiding such criminal proceeds is illegal.

Any company may be a target for persons or entities who want to make the proceeds of criminal activity appear to be legitimate. For example, companies that offer to do business with a Company may be “fronts” for money laundering or other criminal activity. Similarly, agents, customers or other parties may seek to have a Company wire their fees to jurisdictions other than the ones in which they reside to avoid the laws and requirements of their home country. It is, therefore, essential for a Company to “know” the parties with whom it conducts business and perform the due diligence required by the plethora of US laws on FCPA, AML and export control.

How does anti-money laundering compliance and FCPA compliance converge? Writing in the FCPA Blog, Richard Cassin noted in regards to Jeffrey Tesler, one-time middleman for KBR and its partners in the TSKJ consortium,  who agreed to forfeit $148,964,568.67. It is the largest-ever FCPA-related forfeiture order against an individual; however, this amount did not end Cassin’s inquiry, as he posed the following question:
The forfeiture order raises questions that haven’t yet been answered in court. What are all of the sources of Tesler’s cash? Who besides Tesler may have held beneficial interests in the bank accounts — such as Nigerian or other government officials? And did the banks holding the accounts do any due diligence to know Tesler and the source of his funds?

Cassin detailed the long list of banks from which the almost $149MM was to be forfeited. Should banks now determine the ownership-beneficial, or otherwise, of these funds? If so what is the mechanism for them to do so?

C. Export Control Laws
Every country has export control laws and regulations. Just as a Company must comply with all applicable export control laws and regulations in their own country; a Company must also comply with all applicable export control laws in the country of origin of the products, including, in some instances, the components contained within these products and technologies they are exporting; and all applicable international sanctions that may not be directly addressed in national law (e.g., United Nations sanctions programs). Witness the recent sanctions entered into by the US, UN and EU regarding trade with Libya.

What are some of the lists that a company must check for each overseas transaction? They include the US Department of State’s International Traffic in Arms Regulations (ITAR), which control the export and re-export of military products and technologies. The ITAR site contains a list compiled by the State Department of parties who are barred from participating directly or indirectly in the export of defense articles, including technical data or in the furnishing of defense services for which a license or approval is required by ITAR.

The Bureau of Information and Security (BIS) has two lists which a Company must review. These include the Denied Party List which provides a list of individuals and entities that have been denied export privileges. Any dealings with a party on this list that would violate the terms of its denial order are prohibited. The Unverified List provides a list of parties where BIS has been unable to verify the end use in prior transactions. The presence of a party on this list in a transaction is a “red flag” that should be resolved before proceeding with the transaction.

The Treasury Department, Office of Foreign Assets Control (OFAC) has regulations which may prohibit a transaction if a party on this list is involved. These lists can include both the SDN list and the General Order 3 to Part 736 (page 9) which sets out the general order which imposes a license requirement for exports and re-exports of all items subject to the EAR where the transaction involves a party named in the order.

It should be clear that both risk and compliance are converging. Your company should review its compliance program in these three areas to determine if any of its business relationships are on any of the lists set out in this article. Not only does it make business sense but it may keep you out of regulatory scrutiny, or if your company is reviewed by regulators, then your company should have appropriate documentation in place to demonstrate the thoroughness of your vetting process.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

April 12, 2011

Johnson & Johnson DPA-Part II: Compliance Program Best Practices

Yesterday we reviewed the background facts of the Johnson & Johnson (J&J) Deferred Prosecution Agreement (DPA) and the issue of self-reporting. In this posting we will review some of specific compliance program best practices which Johnson & Johnson agreed to implement.

I. Attachment C

As with other DPA’s entered into by the Department of Justice (DOJ) since, at least, last summer, Attachment C to the DPA sets out the minimum best practice Foreign Corrupt Practices Act (FCPA) compliance program. Attachment C lists nine factors, set out below, which Johnson & Johnson agreed to implement or modify their existing compliance program:

1. A clearly articulated corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable counterparts (collectively, the “anticorruption laws”).

2. Promulgation of compliance standards and procedures designed to reduce the prospect of violations of the anticorruption laws and J&J’s compliance code. These standards and procedures shall apply to all directors, officers, and employees and, where necessary and appropriate, outside parties acting on behalf of J&J in a foreign jurisdiction, including but not limited to, agents, consultants, representatives, distributors, teaming partners, and joint venture partners (collectively, “agents and business partners”);

3. The assignment of responsibility to one or more senior corporate executives of J&J for the implementation and oversight of compliance with policies, standards, and procedures regarding the anticorruption laws. Such corporate official(s) shall have the authority to report matters directly to J&J’s Board of Directors or any appropriate committee of the Board of Directors;

4. Mechanisms designed to ensure that the policies, standards, and procedures of J&J regarding the anticorruption laws are effectively communicated to all directors, officers, employees, and, where appropriate, agents and business partners. These mechanisms shall include: (a) periodic training for all directors, officers, and employees, and, where necessary and appropriate, agents and business partners; and (b) annual certifications by all such directors, officers, and employees, and, where necessary and appropriate, agents, and business partners, certifying compliance with the training requirements;

5. An effective system for reporting suspected criminal conduct and/or violations of the compliance policies, standards, and procedures regarding the anticorruption laws for directors, officers, employees, and, where necessary and appropriate, agents and business partners;

6. Appropriate disciplinary procedures to address, among other things, violations of the anticorruption laws and J&J’s compliance code by J&J’s directors, officers, and employees;

7. Appropriate due diligence requirements pertaining to the retention and oversight of agents and business partners;

8. Standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anti-corruption representations and undertakings relating to compliance with the anti-corruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anticorruption laws, and regulations or representations and undertakings related to such matters; and

9. Periodic testing of the compliance code, standards, and procedures designed to evaluate their effectiveness in detecting and reducing violations of anticorruption laws and J&J’s compliance code.

II.     Attachment D-Enhanced Compliance Obligations

The nine points will not be unfamiliar to the FCPA compliance practitioner. These points are recognized to be in most ‘good to best’ compliance programs. However, the Johnson &  Johnson DPA goes much further by adding an Attachment D, entitled “Enhanced Compliance Obligations” which is designed to be in addition to, and to build upon, the commitments made by Johnson & Johnson in Attachment C. These enhanced obligations include the following:

  1. Compliance Department – A senior executive will serve as the Chief Compliance Officer (CCO) and shall report to the Audit Committee of the Board. There shall be heads of compliance within each business sector and corporate function. There shall be a Global Compliance Leadership Team which reports to the CCO.
  2. Gifts, Hospitality and Travel – Gifts are limited to those in “modest” value and appropriate under the circumstances. Hospitality and travel is limited to reasonably priced meals, accommodations and incidental expenses and should be a part of education programs, training, business meetings or conferences. Hospitality and travel are limited to the officials not others.
  3. Complaints and Reports – In addition to maintaining a mechanism for making reports, the company shall create a “Sensitive Issue Triage Committee” to review and respond to any such FCPA issues as may arise.
  4. Risk Assessments and Audits – The company will conduct risk assessment in markets where it has customers who are foreign governments. The company will annually conduct FCPA audits for a minimum of five operating companies who are in high risk markets and after the initial audit every three years for any such operating entity. These audits shall include, at a minimum: (1) onsite visits by auditors and where appropriate legal and compliance personnel; (2) review of payments to health care providers; (3) creation of action plans from these audits; and (4) review of the books and records of distributors and agents.
  5. Acquisitions – To the extent possible, conduct a pre-acquisition FCPA audit of any acquisition target and after acquisition a full FCPA audit within 18 months and training of all relevant personnel and business representatives within one year of acquisition.
  6. Relationships with Third Parties – The company shall conduct a thorough due diligence of all third party representatives including: (1) a review of the qualifications and business reputation of the third party; (2) written rationale for the use of the third party; and (3) a review of the FCPA risk areas. Due diligence is to be conducted by a local business and compliance representative and elevated for review if Red Flags appear or as appropriate. Contracts with such third parties are to include appropriate FCPA compliance terms and conditions including; (i) representatives and undertakings of the third party to compliance; (ii) right to audit; and (iii) right to terminate.
  7. Training – Annual training to all directors, officers and employees who could “present corruption risk” to the company. The company shall provide enhanced and more in-depth training to those involved in company sponsored FCPA audits or those on the company acquisition team. Last, the company shall provide training to “relevant third parties acting on the companies behalf” at least every three years.
  8. Annual Certifications – The company shall implement a system of certifications from “each of J&J’s corporate-level functions, divisions, and business units in each foreign country confirming that their local standard operating procedures adequately implement J&J’s anticorruption policies and procedures, including training requirements, and that they are not aware of any FCPA or other corruption issues that have not already been reported to corporate compliance.”

This Attachment D “Enhanced Compliance Obligations” is an excellent road map for the FCPA practitioner in which to establish, enhance, or simply review a FCPA compliance program. The Johnson & Johnson DPA demonstrates that a company’s commitment to ongoing FCPA remediation and program enhancement will help it reduce its overall FCPA liability in a case with facts as bad as those presented in this matter. We commend the DOJ for presenting such detailed information for those in the compliance field and hope that they will learn from the lessons of Johnson & Johnson.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

April 11, 2011

Johnson & Johnson DPA-Part I: Self-Disclosure Reduces Fine

On April 8, 2011, the Wall Street Journal (WSJ) reported that Johnson & Johnson settled certain charges related to violations of the Foreign Corrupt Practices Act (FCPA) with the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). The settlement was in the mechanism of a Deferred Prosecution Agreement (DPA). Over the next two postings we will be reviewing this DPA and its implications for the FCPA compliance practitioner. In this posting we will review the allegations of criminal misconduct and the issue of self-reporting. In the second posting we will review some of specific compliance program best practices which Johnson & Johnson agreed to implement.

The FCPA Blog reported that the company agreed to “pay a $21.4 million penalty to resolve criminal FCPA charges with the DOJ and $48.6 million in disgorgement and prejudgment interest to settle the SEC’s civil charges.” Additionally, as reported in the FCPA Blog, [the Johnson & Johnson subsidiary] “DePuy International Limited settled corruption charges brought by the Serious Fraud Office [in the United Kingdom]. The company was ordered by the High Court to pay £4.8 million in a civil recovery action.” So for those of you keeping score at home, Johnson & Johnson agreed to pay fines and penalties in the total amount of $77 million. For those of you scoring through the FCPA Blog, this settlement vaults the company to the FCPA Blog’s vaunted Top Ten FCPA settlements of all-time list, displacing ABB Ltd., at Number 10.

The DPA between Johnson & Johnson and the DOJ is very instructive for all FCPA practitioners and provides a wealth of information on not only the specific facts of the case, but information on what the DOJ is currently viewing as the best practices of a FCPA compliance program and conduct which Johnson & Johnson engaged in during the investigative process which led to a dramatic reduction in the overall fine and penalty assessed against the company.

I. The Allegations

As reported in the New York Times, Johnson & Johnson had engaged in a wide ranging effort to bribe doctors in Greece through “an elaborate scheme to pay about 20 percent of the price of the company’s devices to Greek surgeons.” The Times article went on to report that “The company also paid bribes to Polish doctors and administrators who served on hospital committees that made purchasing decisions for medical equipment. Some of the bribes included paying for travel arrangements for doctors to attend medical conferences, a common practice throughout the industry. The company also bribed doctors in Romania who prescribed the company’s drugs. The Times article reported that Robert Khuzami, director of the SEC’s division of enforcement, said that the company had attempted to hide these illegal transactions “using sham contracts, off-shore companies and slush funds to cover its tracks.”

In addition to these admissions of FCPA violations, Johnson & Johnson also admitted in its DPA that it had paid kickbacks to the Iraqi regime of Saddam Hussein under a United Nations oil-for-food program. These kickbacks were in the form of price overcharging and then remitting this overcharge back to the (then) Iraqi government.

II. To Self Disclose or Not Self-Disclose-It Should No Longer Be a Question

The question often arises as to whether a company should self-disclose to the DOJ or not. Over the past couple of years this has been a significant debate in the FCPA world. This debate arose long before the Dodd-Frank Whistle-Blower legislation so we will leave the discussion on the implications of that issue for another day. Over the past couple of years, we have seen companies take different approaches to self-disclosure. For instance Avon self-disclosed shortly after it received an internal whistle-blower report of alleged FPCA violations in its China operations. Hewlett-Packard (HP) apparently did not self-disclose to the DOJ or SEC any alleged possible FCPA violations emanating from its German subsidiary and those agencies did not publicly announce they were investigation HP for FCPA violations until after the WSJ broke the story.

FCPA practitioners have repeatedly asked the DOJ for specific guidance as to what will be the tangible results of self-disclosure. In the Johnson & Johnson DPA this question is clearly answered. Listed under the section “Relevant Considerations” one of the reasons the DOJ entered into the DPA is the following:

  1. J&J voluntarily and timely disclosed the majority of the misconduct described in the [Criminal] Information and Statement of Facts;

So the self-disclosure was one of the reasons that the DOJ entered into the DPA, however, and perhaps more importantly, the self-disclosure brought to Johnson & Johnson a monetary benefit with a tangible reduction in its overall fine and penalty. The DPA reported a reduction by 5 points of the company’s overall Culpability Score with the following:

(g)(1) The organization, prior to an imminent threat of disclosure or government investigation, within a reasonably prompt time after becoming aware of the offense, reported the offense, fully cooperated, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct;  -5

It is not possible to determine from the DPA how much of the reduction was attributable to the self-disclosure and how much was attributed to the conduct thereafter. However, this precise language makes clear that the DOJ places a real value on such self-disclosures and companies should take this as a clear sign that, at the end of the day, it will be better for them to self-disclose.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

April 8, 2011

JGC Deferred Prosecution Agreement: Cooperation with DOJ Still Key

I had not, at least in recent years, thought I would be able to say that the Houston Astros have a better record this late in the season than the Boston Red Sox. But at least as of yesterday, now 1-5 Astros no longer share the worst record in baseball, which now belongs to the Red Sox and Tampa Bay Rays, both with a 0-6 starts. So baseball fans, you had best put on your seat belt for it could well be a bumpy ride this season.

All of which brings us to the JGC settlement this week with the Department of Justice (DOJ) regarding the Nigerian Bribery Scandal. JGC agreed to enter into a Deferred Prosecution Agreement (DPA) and agreed to pay a fine of $218 million. This settlement closes out the FCPA chapter (corporate division) on the Scandal where the DOJ obtained fines and penalties in the range of $1.5 Billion. The DPA itself had a couple of interesting features.

The first is that JGC (apparently) did not cooperate with the DOJ as well or as thoroughly as other companies have done in the FCPA investigation. JGC received a -1 credit for reduction in its overall Culpability Score for “clearly demonstrated recognition and affirmative acceptance of responsibility for criminal conduct”. Readers will note that this is the same score received by Alcatel-Lucent in its DPA and the estimated costs to Alcatel-Lucent for this perceived lack of recognition and acceptance ranged between $20MM to $10MM, which ‘only’ paid a monetary penalty of $92MM. Contrast this score with that received by Maxwell Technologies, -5 reduction in its overall Culpability Score for its “Voluntary Disclosure, Cooperation and Acceptance. The clear message here is that full cooperation will bring down a company’s fine and in a very significant amount.

 The next items of interest are that JGC agreed to implement (1) a system of internal controls and (2) a rigorous anti-corruption compliance code consistent with the FCPA, Japanese anti-corruption laws and other applicable anti-corruption laws. This language sounds like the company needs to start at the beginning to create such an anti-corruption program. Attachment C of the DPA fleshes out the specifics of the compliance program the DOJ recommends for JGC.

Last is that instead of a Corporate Monitor, JGC agreed to an “Independent Compliance Consultant, who is to “evaluate JGC’s corporate compliance program with respect to the FCPA, Japanese laws implementing the OECD convention…and other relevant anti-corruption laws. The interesting thing here is that while this position is termed “Independent Compliance Consultant” it really sounds like a Corporate Monitor as the DOJ has the right to choose the candidate, from those proposed by JGC.

 Once again the DOJ has clearly informed the compliance community that cooperation in the investigation and enforcement process can pay dividends in terms of a lower fine. I hope companies are getting the message.

For a copy of the JGC Deferred Prosecution Agreement, click here.

For a copy of the JGC Criminal Information, click here.
 This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

April 7, 2011

A Modern Fairy Tale: The Company Which Cried Wolf or Lessons Learned from L’Affaire Renault

Once upon a time there was a boy who went to the town square and cried “The Wolf is coming to steal our secrets!” The townspeople all gathered ‘round and asked him how he knew this. “A person named NoMan told me,” he declared. But there was more, as the boy told the now rapt townsfolk “And he said if you give me some money to help pay his ‘expenses’, I can find out when and how the Wolf  will steal our secrets.” As this town was in France, they immediately gave the boy €450,000 (or €700,000 depending on the version of the fairy tale) and he and the money were never seen again.

I. The Tale

Most people in the compliance world have by now heard about L’Affaire Renault. As reported  extensively in the Wall Street Journal (WSJ), the affair became public in January of this year, when Renault fired three top officials for allegedly selling secret information regarding the company’s electric car program. These allegations were based upon information which came from an unknown informant who claimed that the three terminated officials had large Swiss bank accounts funded by monies which came from the sale of this information. This unknown informant was paid for his information, by two Renault security department employees, and then allegedly onto another party, who eventually passed along some or all of the Renault payment to the informant.

If all of this sounds confusing, well it is. The inquiry began last August with an anonymous letter to company officials stating that one of the now terminated employees was overheard “negotiating a bribe”. By December, the company’s security department had “assembled elements pointing to the existence of bank accounts in Switzerland and Liechtenstein.” The accused employees were terminated in January, 2011. On March 14, the WSJ reported that “state prosecutor Jean-Claude Marin on Monday said his investigation showed that the three didn’t have bank accounts in those countries.” On March 15, the WSJ reported that the Chief Executive Officer (CEO) of the French car maker Renault apologized on national television for the wrongful termination of three company officials for improper allegations of industrial espionage. In addition to this apology, he offered to meet the men and propose that they rejoin the company. They also would be offered compensation, “taking into account the serious hurt that they and their families have suffered…” This case (and the introductory fairy tale) presents several very large ‘Lessons Learned’ for any company which engages in an anti-corruption, anti-bribery or fraud investigation and then disciplines or terminates employees based upon the investigation.

II. The Moral

Look Before You Leap

Our colleague, Lindsey Khan wrote about Fraud Investigation Preparation in a two part series posted on her blog isight.com. Over this two part series, she reviewed author Stephen Pednealut’s book, “Anatomy of a Fraud Investigation”, in which he outlined the steps a company should take when preparing for a fraud investigation. Imagine where Renault might be if they had read Lindsey’s blog. I digress to say you should bookmark and read Lindsey’s blog as she regularly writes on investigations and even provides an investigation template on a complimentary basis.

The first thing to emphasize is that a company cannot over-prepare for such an investigation. With this in mind, here are seven steps he suggested a company should take before they begin a fraud investigation:

1. Timing. If the target(s) know you are on to them, they will have absconded so make this initial determination.

2. Strategize. Figure out who needs to be involved in the investigation and meet as soon as possible to explore options and discuss how they will move forward with the investigation, as each one differs based on the goals, circumstances and people involved.

3. Review laws, policies and other documents. Obtain everything of significance before you start the investigation and then secure it.

4. Available information. If your company uses outside investigators, make certain that they understand company structure, infrastructure and relationships.

5. Whistleblower protection and confidentiality. Although this information or source may need protection, the identity must be known and verified.

6. Lock down evidence. Physical and electronic evidence need to be gathered and secured as soon as possible.

7. Resource allocation. Make sure your company has the tools you need to gather evidence and label it properly for storage.

You Leapt, Now What?

Your actions after you have followed Pedneault’s seven preparation steps will be equally, if not more important. First and foremost your investigation must be thorough. In other words, if the key part of the allegation is that bribes were being funneled into a Swiss bank account, your company had better make certain this information is correct before you go and make that public pronouncement. You should endeavor to make certain that your company CEO does not, as reported in the WSJ, proclaim the statement made by the CEO of Renault when he said publicly “that the company had evidence against them” regarding the existence of foreign bank accounts. Over two months after this public statement, neither Renault nor the French Prosecutor’s Office had discovered such evidence to back up this allegation.

Keep A Sense of Balance

Attorney Stephen Pearlman, quoted in the WSJ, noted that a company must approach any such allegations “with a real sense of balance” and not “over-react.” Mr. Pearlman said he recently had a client who received an anonymous tip on some alleged wrongdoing and wanted to act before the investigation was done. “I told them, ‘You’ve got to take a deep breath, don’t overreact” he recalled.

Robert Fatovic, the chief legal officer at Ryder System Inc., also quoted in the WSJ, said “Renault is the poster child for why you want to approach these situations with a sense of balance, and not have people rush to judgment.”  Fatovic also noted that “By ending an investigation prematurely, you run the risk of a frivolous issue going public too soon.” Or having your CEO go on national television and personally apologize to those wrongfully accused.

Get Some Serious Advice

So how does a company tread through this minefield? If there are serious allegations made concerning employees engaging in criminal conduct a serious response is required. The first thing to do is hire some seriously good lawyers to handle the investigation. These lawyers need to have independence from the company so do not call your regular corporate counsel.  Do not send down Internal Audit or HR to take a look at things and report back. Attorney Jim McGrath, writing in Internal Investigations Blog, drives this point home by stating, “Despite the fact that using specialized investigation counsel is a best practice that is worth the money, one of the more difficult things is convincing decision-makers of the same… The Renault scandal reiterates the need of companies of all sizes to go outside to specialized counsel for sensitive inquiries.”

The hiring of outside counsel is also important because you will most probably have to deal with a government. If the investigation does reveal actionable conduct and you are in the US, your company will need legal counsel who is most probably an ex-Department of Justice prosecutor or ex-US Attorney to get your company through that process. Even if there is a finding of no criminal activity, you will need very competent and very credible counsel to explain the investigation protocol and its results to the government. If you are in the UK you need to hire someone with credible Serious Fraud Office- type experience or an ex-Crown Prosecutor. If you are in France, well you are in France.

There is a very good list of attorneys who specialize in the FCPA provided by my colleague Howard Sklar in his blog entitled “Getting Advice”. He knows the folks he listed personally and tells you their strengths. It is a great resource and now would be an excellent time to use it.

Don’t Pay Bounties to Unknown Persons for Unsubstantiated Rumors

A very troubling aspect of this case is the payment for the information. The payment itself has reportedly ranged from a high of €700,000 to €450,000 down to €250,000. It is not clear as to the timing of this payment but apparently the payment was handled by two security department employees, who handed it over to a third person, not the informant, who resided in Algeria. This third party in Algeria now cannot be located and the WSJ reported that initially “an employee in the security unit refused to disclose to Renault who ultimately received the money…” Reuters has reported that French criminal justice officials are now investigating the two security department employees regarding whom this anonymous source was and where the money went. The WSJ later reported that this employee, who has been in custody for a couple of weeks, has finally named this anonymous source.

Many US companies are worried about the impact of the Dodd-Frank Whistleblower provisions. However, a clear difference is that Dodd-Frank requires substantiated securities violation, as in an admission by a company, settlement agreement or judicial finding, for payment of any bounty rewards. In L’Affaire Renault, the company apparently paid a bounty to an unknown source, for unsubstantiated information, which did not result in any criminal finding or even a civil wrong. Whatever your company does DO NOT PAY BOUNTIES TO PERSONS UNKNOWN.

The moral of the fairy tale that started our piece and L’Affaire Renault is that your company needs to get it right. The costs for not doing so are simply too great.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

April 6, 2011

The Role of an Oversight Committee in FCPA Compliance

We believe that there are four stages a company needs to traverse in it relationship with a Foreign Business Partner.  We define them as (1) Business Justification for a Foreign Business Partner; (2) Background and Due Diligence Investigation of the proposed Foreign Business Partner; (3) Evaluation of the Due Diligence and engagement with appropriate contractual terms and conditions; and (4) Management of the Foreign Business Partner after the contract is signed. This article will discuss the concept of a Foreign Business Partner Review and Oversight Committee in Step 4, the management of a Foreign Business Partner.

This concept appears to have found favor with the Department of Justice (DOJ), through its use in a Deferred Prosecution Agreement (DPA) with the Monsanto Corporation. The DOJ provided some guidance on the continuing obligation to monitor Foreign Business Partners. In the Monsanto DPA, the DOJ agreed, after the initial due diligence and appropriate review were completed on Foreign Business Partners, for Monsanto to implement certain post contract execution procedures. These requirements, placed upon Monsanto, can be used as guidelines as to what the DOJ will look for from other US companies who have entered into relationships with Foreign Business Partners; especially in the area of ongoing monitoring of the Foreign Business Partner.

In January, 2005, the Monsanto Company entered into a DPA for violating the Foreign Corrupt Practices Act (FCPA) in connection with an illegal payment of $50,000 to a senior Indonesian Ministry of Environment official, and the false certification of the bribe as “consultant fees” in the company’s books and records. In Appendix B to the DPA, Monsanto agreed to, among other things, “the establishment and maintenance of a committee to supervise the review of (I) the retention of any agent, consultant, or other representative for purposes of business development or lobbying in a foreign jurisdiction”, or an Oversight Committee. It should be noted that Monsanto successfully completed the terms of its DPA and was discharged from further obligations under it in 2008.

The scope of this Oversight Committee is not fleshed out in the DPA. However, it is suggested that a company should incorporate both a pre-execution function and a post-execution management function in overseeing the full relationship with the Foreign Business Partner. While this oversight would most necessarily focus on FCPA compliance, there should also be a commercial component to this function.

Who Should be on the Oversight Committee?

The Monsanto DPA provides guidance on this point by stating “The majority of the committee shall be comprised of persons who are not subordinate to the most senior officer of the department or unit responsible for the relevant transaction;” this would indicate that senior management should be involved in the Oversight Committee. It would also indicate that more than one department should be represented on the Oversight Committee. This would include senior representatives from the Accounting (or Finance) Department, Compliance & Legal Departments and Business Unit Operations.

What Should the Oversight Committee Review?

The Oversight Committee should review all documents relating the full panoply of a Foreign Business Partner’s relationship with a US company. This would begin with a review of any initial requests to engage a new Foreign Business Partner. The information presented to the Oversight Committee would include the Business Unit’s request to engage the Foreign Business Partner, the costs and benefits. The next step would be to review the due diligence and all background investigative materials on the prospective Foreign Business Partner.

The Oversight Committee should receive copies of, and approve, all due diligence and background investigative materials before a contract is executed with a Foreign Business Partner. Particular attention should be paid to the form of the contract. If there are deviations from the company’s standard form of agreement, with regard to the FCPA compliance issues, there should be a full explanation by the Foreign Business Partner or Business Unit. The Oversight Committee should determine if the company is taking on any unwarranted FCPA compliance risk if non-standard FCPA compliance terms and conditions are used.

After the commercial relationship has begun the Oversight Committee should monitor this relationship on no less than an annual basis.  (We still disagree with our colleague Howard Sklar on audits.) This annual audit should include a review of remedial due diligence investigations on the Foreign Business Partner with at least a minimum of a Level One Due Diligence and higher levels of Due Diligence based upon an appropriate risk rating. There should be an evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the Foreign Business Partners. All FCPA compliance training should be reviewed and certifications confirmed. The Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance.  As with all things FCPA the three most important words here are Document, Document, Document. If you cannot produce documentary evidence to the DOJ of your annual review and its findings, it is of no use to your company.

In addition to the above remedial review, the Oversight Committee should review all payments requested by the Foreign Business Partner to assure such payment is within the company guidelines and is warranted by the contractual relationship with the Foreign Business Partner. Lastly, the Oversight Committee should review any request to provide the Foreign Business Partner any type of non-monetary compensation and, as appropriate, approve such requests.

The oversight of Foreign Business Partners is one of the key tools that a company can use to prevent and detect any violation of its own Code of Ethics and Compliance and the FCPA. The proper structure of the Oversight Committee and its full engagement with all aspects of a company’s relationship with a Foreign Business Partner is one of the areas that the DOJ will look for in a successful FCPA compliance program.

Conclusion

An Oversight Committee is a key tool which can be utilized by a company to manage its relationships with its Foreign Business Partners. Its use has been commented upon favorably by the DOJ through its citation in the Monsanto DPA. An Oversight Committee does not replace any of the other key components of an effective FCPA compliance program but it does provide an additional level of protection, back-up and transparency for all deals with a Foreign Business Partner. It should be employed by US companies as an additional protection against any type of FCPA compliance and ethics violation “slipping through the cracks” to become a much larger problem down the road.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

April 5, 2011

UK Bribery Act Guidance: the Six Principles of a Non-Skewered Compliance Program

The UK Bribery Act guidance is out and the reaction has been across the board. Here is just a sampling of it. Mike Volkov, in the FCPA Blog brought up Yogi Berra by noting, “If you don’t know where you are going, you might wind up someplace else.” He used this quote to lead into a piece entitled, “Life after Guidance: No Change”. This complimentary use of an American icon, whose use of the English (American version) language is legendary stands in contrast to Bill Waite, a founder of The Risk Advisory Group, also writing in the FCPA Blog, went further and termed the guidance “questionable”.  Jim McGrath, writing in his Internal Investigations Blog, says that companies subject to the Bribery Act had better “put on a (crash) helmet” for it may well be a bumpy ride. Even the Wall Street Journal got into the act, with an article entitled, “Britain Backpedals on Bribery Act.”

However all of these pundits pale next to the skewering given the Guidance by our colleague Howard Sklar, who is working through the Case Studies on his OpenAir Blog. They make for great reading by the way, so head on over to the Open Air Blog with a tall “cool one” and watch him skewer the Case Studies and then enjoy “Bar-Be-Que Case Studies ala Howard”. You should note that Howard has promised that “I’m going to write my own version of the Guidance. The guidance as it should have been written.” That, my friends will be well worth the wait.

However we do not feel that the Guidance deserves quite so harsh a judgment and indeed welcome the Guidance. The reason is that we welcome any interpretation of new legislative from one of the world’s strongest anti-bribery and anti-corruption regimes; as it puts into the hands of compliance professionals information on current best practices of an anti-bribery and anti-corruption program. We believe that the Guidance fulfills that mission. In this posting we will set out the Six Principles and in subsequent postings we will discuss each Principle in detail.

The Guidance provides valuable information on not only what the UK Ministry of Justice considers a best practices program but it is also a benchmark by which any US compliance practitioner can use to assess their company compliance program. Further they are not, as Lanny Breuer has suggested, “formulaic” but are intended to be “flexible and outcome focused.” With this in mind, we set out the Six Principles listed in the Guidance.

I. Proportionate Procedures-A company’s procedures to prevent bribery by persons associated with it should be proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organization’s activities. They are also clear, practical, accessible, effectively implemented and enforced.

II. Top-Level Commitment-the top-level management of a company, be it a board of directors, the owners or any other equivalent body or person must be committed to preventing bribery by persons associated with it. They foster a culture within the organization in which bribery is never acceptable.

III. Risk Assessment– a company should assess the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.

IV. Due Diligence-a company should apply due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organization, in order to mitigate identified bribery risks.

V. Communication (including training)-a company should seek to ensure that its anti-bribery and anti-corruption policies and procedures are embedded and understood throughout the organization through internal and external communication, including training, that is proportionate to the risks it faces.

VI. Monitoring and Review-a company should monitor and review its procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.

So there you have it. Is it useless, good only for a bar-be-que or make you want to put on a crash helmet? I hope not but even if it does, please stay tuned for out next couple of segments on the Guidance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

April 4, 2011

Berland on the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance

One of the three generally sourced cited as a benchmark of the elements of an effective compliance program is the Organization for Economic Co-operation and Development (OECD) Good Practice Guidance on Internal Controls, Ethics, and Compliance. In the June issue of the Society of Corporate Compliance and Ethics Magazine (SCCE) (Vol. 7 / No. 3) was an article by our colleague Russ Berland on these elements. Given the recently released Bribery Act Guidance referenced this document, we believed a review of these elements was appropriate.

Berland began with a background discussion of the genesis of the Working Group on Bribery in International Transactions Organization for the OECD and its development of the specific elements of a compliance program. In his article Berland, lists 12 specific instructions for companies to utilize as a basis to construct an effective compliance program upon. They are:

1. A culture of compliance with the appropriate “tone at the top”.
2. Clearly articulated and visible policy against bribery and corruption.
3. It must be the duty of every employee to company with a company’s anti-bribery program.
4. One or more senior officers in charge of the compliance program who must report directly to the Board or appropriate Board Committee.
5. Design the compliance program to prevent and detect bribery and corruption.
6. Make the program applicable to third party business partners.
7. Have a system of internal financial controls in place to ensure that bribery and corruption cannot be hidden.
8. Have periodic communications and training on the compliance program.
9. Provide positive support for employees to comply with the compliance program.
10. Consistently discipline employees for violations of the compliance program.
11. Provide guidance and advice for employees on the compliance program.
12. The compliance program should be periodically re-assessed and re-evaluated to take into account new developments.

Near the end of his article, Berland asks the question, will DOJ prosecutors find a company’s FCPA compliance program “effectively designed when it was based on the OECD guidance?” Much like Socrates (in that he knows the answer to his question), Berland responds “The answer should be yes.” We heartily agree and thank Russ for his much needed article providing specific guidance on what the OECD finds to be the elements of an effective compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

« Previous PageNext Page »

Blog at WordPress.com.