Utilizing the Corporate Secretary in your Ethics and Compliance Efforts

How can a Corporate Secretary enhance a company’s overall ethics and compliance efforts? Corporate Secretary Deputy Editor Aarti Maharaj recently explored these issues and others in an interview with Matt Lepore, Vice President and Chief Council for Corporate Assistant General Counsel at Pfizer, about his role in creating and promoting an ethical culture in the pharmaceuticals industry. Lepore has some interesting observations on how a Corporate Secretary could move a company’s compliance efforts forward within the context of this position.

Lepore said that his position at Pfizer gave him access to two groups. The first is the Board of Directors. In this role he works with and for the Pfizer Board of Directors to oversee the company’s compliance program. Lepore noted that Board of Directors regularly discusses ethics and compliance. Further he believes that the Pfizer Board sets the tone for the company that demands business be conducted in an ethical manner. He stated that the company is regulated by several different US and foreign governmental agencies and therefore must comply with a wide variety of ethical standards. One of his jobs as Corporate Secretary is to help ensure compliance with this wide variety of regimes.

The second group Lepore also works with is the company’s investors. In regard to this position, Lepore says that he works in partnership with Pfizer’s head of CSR. However, the investors regularly inquire into the company’s ethics and compliance and Lepore is the company point person in responding to such inquiries. Lepore said that working with these two different constituencies gives him the opportunity to both observe Pfizer’s ethics and compliance efforts from a high level viewpoint and to interact with those in compliance to determine answers to various inquiries. With these two constituencies he can bring up items regarding ethics and compliance which those performing the day-to-day work may not readily observe.

Maharaj also wrote about The Conference Board Center for Sustainability panel “The Corporate Social Responsibility Officer’s role in promoting an ethical corporate culture” in an article entitled “Experts say a corporate secretary can help change ethical culture”. The Moderator, David Vidal, Director, Center for Sustainability, noted that “The corporate secretary is a monitor both of and for the board.” This is because a Corporate Secretary sits “at the intersection of the company where they can change the marketplace. The Corporate Secretary has to be informed about sustainability ethics and provide updates to the board, including CEOs and others who do the recruiting.”

Vidal’s point echoed the concept raised by Lepore that the Corporate Secretary has several constituencies which he may work with and for. This can provide an opportunity to view a company’s ethics and compliance program and to help shape and direct it. The Corporate Secretary may be an excellent resource to the Chief Compliance Officer which may be under-utilized. It might be worth a cup of coffee or short meeting to see what the Corporate Secretary thinks about your ethics and compliance program or how they might be able to assist you in your efforts.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Is Your Business Toxic-in the FCPA Compliance Context

Is your business toxic? I do not mean that it had holds the type of sub-prime Collateral Debt Obligation assets which were so prominently mentioned in the press just a few years ago. I mean is your business so devoid of anything close to a best practices compliance program that you are not able to obtain loans, manage risk through insurance or other equally traditional business practices? Yesterday I wrote about the new types of insurance available for investigation of, and claims based upon, alleged violations of the Foreign Corrupt Practices Act (FCPA). This also included Directors and Officers liability coverage if such persons are made parties in a stock holder derivative action based upon violations of the FCPA. I also wrote about banks and other financial institutions which are now reviewing compliance programs to determine if they meet some type of minimum best practices. However, now the failure to have a minimum best practices compliance program in place may have a more drastic effect; it may deny you the ability to access your company’s value in the capital markets.

Reverse Mergers

There has been much written about Chinese companies engaging in reverse mergers to obtain access to US capital markets. Writing in forbes.com, in an article entitled “Chinese Reverse Merger Companies: The Auditor Angle”, Francine McKenna defined a reverse merger as “through such a transaction the private company becomes a SEC [Securities and Exchange Commission] reporting company with registered securities without filing a registration statement with the US SEC.” One of the cornerstones to the FCPA is that if a company is publicly listed it has a books and records requirement, which is enforced by the SEC. Any company which does not have a minimum best practices compliance program, including books and records which accurately reflect all transactions, have made themselves immediately liable under the FCPA if they become a US publicly listed company through a reverse merger.

Re-financing

If your company is going through traditional corporate refinancing in the next 18 months, you had better start to audit, or at a minimum assess your compliance program. Why? Because any bank or other financial institution that you go to will want to not only review your compliance program but may well want to review where that compliance program may be in terms of an overall assessment of the compliance risks that your company faces. Are you in the telecom business; pharmaceutical business; energy business or any other area that the Department of Justice (DOJ) or SEC has targeted for a FCPA review? You better have all your compliance ducks in a row and ready to turn over to the financing institution for review.

 Selling Your Business

Here is where your company may have risen (or sunk) to the level of toxic. If a company comes along and wants to purchase some or all of your business and they look under the FCPA compliance hood, what will they see? If there is no best practices compliance program in place they may well not take a second look. If you are a Private Equity company with a number of Portfolio Companies, what is the state of the compliance program in each Portfolio Company? If you have one of ten with a best practices compliance program, does that not “set the bar” for the minimum standard in all the other Portfolio Companies? While the DOJ has provided guidance in Opinion Release 08-02 and the Johnson & Johnson Deferred Prosecution Agreement (DPA) as to the steps an acquiring company can take to try and protect itself from successor liability under the FCPA, no lawyer can assure a client of complete absolution.

If you are simply a small business with a superior product or service and thereby well positioned to sell, what would be the price carve-out and/or indemnity which you would have to sign if you have less than a best practices compliance program? What if your compliance program cannot be assessed in the time available for pre-acquisition due diligence, would or should a company consider purchasing your business?

Yesterday I focused on some of the market developments which may drive implementation and enhancements of compliance program. Compliance programs may now be driven by the ultimate market factor of access to the value of your company. So we ask again is your company toxic because it has a less than best practices compliance program?

Ed. Note-to the Braves fans, you really could not have thought the 106-loss Astros would beat the Cards with the playoffs on the line. And congratulations to my wife’s favorite and Astros’ MVP, Hunter Pence (who just happens to play for the Phillies) for the game winning hit over the Braves. As to the Red Sox fans, I don’t know what to say, it is not as bad as Bill Buckner but it has to be up there with Buck (F-ing) Dent. I am glad you had a couple of titles last decade so salve the pain of this one.

=======================================================

Please join Mike Volkov, Stephen Martin, Jim Feltman and myself on Oct. 6 in NYC for a presentation on ” The Gathering Storm: Anti-Corruption Compliance for Private Equity and Hedge Funds”. The presentation is hosted by World Check and Ethisphere and the event is complimentary. More information and registration details can be found at http://ethisphere.site-ym.com/events/event_details.asp?id=179863. If you are in the NYC area I hope you can attend.

=======================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

 

The Baseball Playoffs Are About to Begin as the Markets Begin to Drive Compliance

Can you name the three teams who started out the baseball season 0-6? It was the Boston Red Sox, the Tampa Bay Rays and the Houston Astros. Now for extra credit can you name the two of three still playing today for a playoff berth? (Spoiler Alert: It is not the Astros). As baseball ends its 162 game season and with the playoffs just around the corner I thought this would be a good lead in to what may be one of the most significant changes in the calculus for compliance that has occurred over the past several years.

Representatives of the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have been speaking now for several years on why companies should implement or enhance their compliance programs in order to follow the requirements of the Foreign Corrupt Practices Act (FCPA) to avoid prosecution. For at least the past year this tone has changed into something similar to what Greg Andres said at the House Judiciary Committee hearing in June, that companies should not engage in bribery at all. (Just say no?)

Up until now, there is always one business person at a conference who says something along the lines of “Why should I spend $200,000 to $500,000 to implement a FCPA compliance solution when the chances of getting caught and sanctioned are quite low?” My immediate response is “Remember the Ford Pinto?” Recognizing there will always be the Neanderthal approach to compliance the usual compliance discussion is “what do I have to do to follow the law?” However, that discussion may well become “what do I have to continue to operate my company and transact business” all within the compliance context. I have recently seen this change in three areas: the integration of compliance into overall risk management and business financing.

Banks

Banks which provide traditional financing are now requesting and reviewing company compliance programs before providing financing. I was recently involved in a project where a company was completing a “straight forward” purchase of another entity. All members of the consortium of lenders requested and reviewed the purchasing entity’s compliance program as part of their due diligence before lending the money. However, this requirement by financing institutions is not simply limited to the financing of purchases, take-overs or other means of acquisitions. It also includes regular re-financing of entities. The existence and maintenance of robust compliance programs, whether FCPA; UK Bribery Act compliant  or based upon some other jurisdiction’s legal requirements, is now being written into the covenants required in financing or re-financing.

Insurance

Many have written about insurance for FCPA claims. For instance, the D&O E&O Monitor wrote about a product by the insurer Chartis which will provide insurance to a company to cover FCPA claims. This is certainly a type of insurance that companies should consider for their risk management portfolio, even if such coverage is limited to investigative costs only. One of the keys to obtaining such coverage is that the insurer must review a company’s compliance program. No compliance program (or substandard program) and the insurer will not provide the coverage. Additionally standard Directors and Officers insurance coverage may not apply if the Directors have not followed their responsibilities under the US Sentencing Guidelines or the various Deferred Prosecution Agreements which, over the past year, have set the standards for FCPA compliance best practices.

What does all of this mean? It means that FCPA compliance may have now moved from enforcement driven to market driven. This means that your company may not be able to access its value, through capital or financial markets, if it does not have a minimum best practices compliance program in place. How do you think that Chief Executive Officer (CEO), who will not allocate resources for a best practices compliance program, is going to feel when he cannot get financing to do a transaction; cannot refinance; or offload some risk via insurance? He may feel like a soon-to-be ex-CEO.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Lean Knowledge Principles: Application to the Compliance Program

In the October 2011 issue of Harvard Business Review is an article, entitled “Lean Knowledge Work”, where authors Bradley Staats and David Upton explore the issue of whether the lean knowledge principles derived from the Toyota Production System can be applied to knowledge work. While there is no one definition of ‘lean’ it has generally included “numerous approaches to improving operations, all based upon the same principles; relentless attention to detail, commitment to data-driven experimentation and charging workers with the ongoing task of increasing efficiency and eliminating waste in their jobs.”

The authors began by noting that most people in the business world believe that ‘knowledge’ based work does not lend itself to lean principles. The reason for this is that knowledge based work is not repetitive based and cannot be repetitively defined. The use of a knowledge based decision making calculus involves use of expertise and judgment, which as the authors put it, is “locked inside the worker’s head.” However, the authors posit that much knowledge based “can be articulated”. Moreover, many knowledge based activities have nothing to do with applying judgment but “can be streamlined to continually find and root out waste.” From my own corporate experience, such knowledge should be captured in a Knowledge Management (KM) system or the company risks losing such knowledge when senior employees retire or move on to other assignments. Under KM a base of knowledge should be available to a wide number of employees to draw upon and not be limited to being inside the head of a limited number of employees.

The authors draw upon six principles to make knowledge based organizations lean.  They are:

1.      Eliminate Waste

The authors point to several ‘wastes’ which are endemic to a knowledge based organization and can ‘eat up huge amounts of time.” These include printing documents, requesting information need to make decisions, setting up meetings and other routine administrative tasks. While recognizing that most employees in corporate America today do not have any administrative support to handle such tasks, the authors suggest that employees not focus simply on eliminating large, obvious forms of waste but focus on small waste which they termed “nickels [of waste] that no one has bothered to pick up.”

2.      Specify the Work

My corporate experience in a legal department is that very little knowledge is written down. Usually there is no attempt at anything resembling KM. However, the authors suggest that employees start with the repeatable parts of a process and codify them. You do not have to specify everything, but certain parts of a process could be specified and made available for others to learn from or draw upon in future work or transaction

 3.      Specify How Workers Should Communicate With One Another

The authors note that in a knowledge based system, ‘many problems are too big or too complex for one person to tackle” so that organizations may use teams to perform  knowledge based work. This can also be true in the compliance context where the Compliance Department may work with a Legal Department, an internal Compliance Champion, or external third parties going through a vetting process or others. When multiple parties are involved it is imperative that good communications be carried out throughout the entire process involved. The authors suggest three guidelines: (1) Define who should be communicating, how often and what should be communicated; (2) Create a shared understating of what is being communicated; and (3) Resolve any disagreements with facts, not opinions.

4.      Address Any Problems Which Arise Quickly and Directly

The authors advocate that if a problem crops up, it should be resolved by the employee who created it. This is because that person usually has a quicker and more expeditious solution. If such a person cannot do so, a team member should work on it or at least participate in the resolution. This would also hold true for the location where any problem arises. It should be resolved in that location. Lastly, do not let problems fester and grow. They should be resolved as soon as possible as they arise.

5.      Plan for an Incremental Journey

The authors suggest that you start small on your journey to lean; as you probably will not get it right the first time. Further you should write down your lessons learned in the process so you will have a record of what worked and what did not work so that at least you will not have to redo that part of the process. Moreover, the lean process implementation is not one set in stone. Be nimble and agile so that you can respond to opportunities to improve the process as they arise. Also remember that not every lean approach works for every knowledge based task or system. Lean focuses on the more repetitive work so spend your time and efforts there.

6.      Engage Your Managers

The authors believe that lean principles result from “bottom up improvement’. However, middle managers should be engaged with their teams, both through education on its benefits and with support throughout the project. Additionally and not surprisingly, senior managers must be long term champions for any such change. For employees to take innovation seriously, senior management must actively support the process. Such a sea-change will require man-power investment, training and monetary investment all of which senior management must actively support. There must be a clear, long term commitment from such senior management to the project.

This article presents a new way for many in a Compliance or Legal Department to think through the challenges of a compliance program, whether based on the Foreign Corrupt Practices Act (FCPA), the UK Bribery Act or both. I continually press that the top priority of a compliance program is to “document, document, document” all the while understanding that a compliance program is very much process driven. The lean approach can be used in many of the process steps where documentation is the key. The discretion and expertise brought to bear in compliance programs can then be overlaid on this system. In today’s economic reality, this approach can help a corporate compliance department deliver a more robust, yet more economical compliance product.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

How Cole Porter Informs the Debate: Ethical Compliance v. Legal Compliance

In an article in the October 2011 issue of the ACC Docket, entitled “Who Needs Business Ethics When You’ve Got the Law on our Side?”, author James Nortz explores the question, “What good is this business ethics crap when there’s a law for everything?” While perhaps phrased in a different manner, most lawyers were certainly trained in law school to focus on the question of whether something was ‘legal’ in performing an analysis of whether a client could engage in some action. Lawyers were generally not trained on whether a client should engage in some action. Nortz looks at some of the differences.

Nortz frames the question more along the lines of “let the law be your guide” and recognizes this approach has “a certain simple, minimalistic, free-market appeal, avoiding messy questions regarding whose sense of right and wrong will prevail.” Within the Foreign Corrupt Practices Act (FCPA) compliance world this approach can be shown by contrasting the examples of the requirements of the Us Sentencing Guidelines and the Department of Justice’s best practices compliance program as set out in various Deferred Prosecution Agreements (DPAs) over the past 14 months.

USSG’s 7 Elements of an Effective Compliance Program	Panalpina DPA Best Practices  Compliance Program
1. Standards and procedures to prevent and detect criminal conduct.	1. Clearly articulated and visible compliance program.
2. Leaders understand/oversee the compliance program to verify effectiveness and adequacy of support, specific individuals vested with implementation.	2. Sr. management’s strong and explicit visible support.
3. Deny leadership positions to people who have engaged in misconduct.	3. Develop and promulgate compliance standards and procedures governing gifts, hospitality, travel, etc.
4. Communicate standards and procedures of the compliance program and conduct effective training.	4. Risk assessment as basis for standard and procedures.
5. Monitor and audit, maintain reporting mechanism.	5. Annual review of program.
6. Provide incentives; discipline misconduct.	6. Assign responsibility to one or more senior corp. execs for implementation and oversight; directly reporting to the BOD; adequate level of autonomy and sufficient resources.
7. Respond quickly to allegations and modify program as required.	7. System of financial and accounting procedures.
	8. Effective communication and periodic training and certifications.
	9. System for guidance, confidential reporting and response.
	10. Disciplinary procedures.
	11. Agent and business partner due diligence.
	12. Agent and business partner agreements.
	13. Period review and testing of standards and procedures.

A review of the above shows additional detail in the Panalpina DPA best practices compliance program. Simply following the law in the FCPA context will not provide a company with the detail which a compliance program should sustain to adequately protect a company. Nortz also notes that an approach of “let the law be your guide” will also fail because “it implies, in the absence of a definitive rule that anything goes” (and here he is NOT referring to the Cole Porter revival.)

Nortz concludes by noting that a more rounded ethical approach will not only prevent more absurd results but provide for greatly employee productivity and more loyalty from third parties, whether those third parties are customers, agents or vendors. While noting what may seem like the obvious, that business professional must take ethical obligations into account, lawyers must remember that simply complying with legal compliance is not always sufficient.

————————————————————————————————–

Please join Mike Volkov, Stephen Martin, Jim Feltman and myself on Oct. 6 in NYC for a presentation on ” The Gathering Storm: Anti-Corruption Compliance for Private Equity and Hedge Funds”. The presentation is hosted by World Check and Ethisphere and the event is complimentary. More information and registration details can be found at http://ethisphere.site-ym.com/events/event_details.asp?id=179863. If you are in the NYC area I hope you can attend.

————————————————————————————————–

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Social Media Power-How it Impacts Your Compliance Program

In a September 26, 2011 article in Forbes magazine, entitled “Social Power and the Coming Corporate Revolution”, author David Kirkpatrick argues that the social media revolution has so empowered employees and customers that these groups will soon be calling the shots in companies and not management. He bases this on the use by these groups of social media to obtain and convey information. In the past, management traditionally controlled information and, in a top down hierarchy, would usually dole it out on a need-to-know basis and those who hoarded the information were more powerful within an organization. However, the power and speed of social media have taken this most powerful leverage out of the hands of management and relocated it. Kirkpatrick believes that business leaders now need to demonstrate “authenticity, fairness, transparency and good faith.” If the leaders do not do so, then employees may well come to distrust them, which can lead to disastrous results.

All of this is true of your compliance program but even more so for your compliance program. There has been much gnashing of teeth over the Whistleblower provisions of Dodd-Frank. Corporate America fought tooth and nail to prevent employees from whistleblowing to the Securities and Exchange Commission (SEC) without first going through the company internal whistleblower or reporting systems. Here companies missed the point entirely. If they have a reporting system which is perceived as fair, employees which have a valid compliant or compliance issue to report will do so through the system. The reason is that employees are not employed to discover and report to the US government compliance violations. They work at companies because they desire to be employees. Put more simply – people do not go to work to report compliance violations under Dodd-Frank and wait years to see if they get any money out of it.

In compliance conferences this year a new round of anecdotal stories are making the rounds regarding just how nefarious the Dodd-Frank whistleblower program has become. It goes something like this: an unnamed foreign employee, when faced with termination is alleged to have threated to go to the SEC to report a compliance violation unless he (or she) is paid off. I say, let them go to the SEC. If you have a real compliance problem, your company had better have a detection system in place which rings some bells somewhere in your company.

The key is to develop trust in your overall compliance program. For a US company with a large overseas workforce, trust does not simply happen by ramming a Foreign Corrupt Practices Act (FCPA) compliance program down the throats of its non-US workforce. Kirkpatrick notes that “Trust is developed by sharing vulnerabilities.” He quotes Don Hagel that trust comes not from “the top executive dictating about what needs to be done and when, it’s about providing individuals with the power to connect.” I would add that it also comes from listening to your employees. If employees think that they have a vested interest in the outcome, they will work much harder to make sure the company has success.”

Part of this idea of trust falls under the concept of the Fair Process Doctrine; that is, if employees think that the process is fair, they will be more willing to accept results which they do not necessarily like. Another part of trust is not treating employees like second class step-children. I can remember when a friend from my home town, who worked for a major oil company, told me that it was like being in the third grade. They wanted you at your desk at 8am in your uniform (i.e. coat and tie for men) and to stay there until the closing bell rang. The same mentality is now true for companies which ban the use of social media tools at work. Kirkpatrick quotes Clara Shih that “at least in America our job is such an important part of our identity that most people want to talk about it.” And they do on Facebook, LinkedIn and Twitter. In other words, employees will talk about your company anyway, whether you tell them they cannot do so at work or not.

All of this means that your compliance program should embrace the underlying thesis of Kirkpatrick’s article. A company needs to develop trust under this new dynamic. By developing this new dynamic, having employees who want the company to succeed, they are more likely not to engage in bribery and corruption but also to detect and report it. I think that McNutly’s maxims would apply here (1) What did you do to prevent it?; (2) What did you do to detect it?; and (3) What did you do to fix it? Just image that power of your compliance program if you had employees driving the answers to these three questions in conjunction with your policies and procedures.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

AML for the Compliance Practitioner: The KPMG 2011 Survey on Anti-Money Laundering

Dick Cassin, writing in his FCPA Blog, has consistently raised the issue of Anti-Money Laundering (AML) in the wider battle against bribery and corruption. He set out some of his thoughts in a post entitled “9/11 and the FCPA”. He also speaks regularly about AML laws as one component of the ongoing battle against world-wide terrorism since 9/11and how that relates to anti-bribery and anti-corruption compliance. I thought about Dick’s writing and ideas while I was reading the survey released yesterday by KPMG, entitled “Global Anti-Money Laundering Survey 2011”. While this survey focused on the banking industry, there were many issues identified that are applicable to the wider compliance field. The survey is one of the continuing releases by KPMG that gives insight into what compliance practitioners are thinking, some of the challenges that they face and provides a summary of best practices which anti-bribery and anti-corruption practitioners can incorporate into their company’s US Foreign Corrupt Practices Act (FCPA) and UK Bribery Act compliance programs.

The part of the survey which struck me as most applicable to the FCPA and Bribery Act compliance practitioner was ongoing monitoring. My ‘This Week in FCPA’ colleague, Howard Sklar, often speaks that he believes a compliance program must be nimble and agile enough to evaluate new risks as they arise or become known to a company. The KPMG survey noted that “This principle [ongoing monitoring] also applies to wider risk management arrangements. Ongoing risk assessment should include intelligence generated internally as well as externally, and a key source for this data is monitoring tools and activities.” Ryan Morgan, Anti-Corruption Specialist at World Compliance, spoke, at the ACI-FCPA Boot Camp held in Houston this past January, about the need to perform ongoing due diligence on parties on more than an annual basis.  This is because such due diligence is simply a snapshot of time going back from the date of the due diligence. Morgan made clear that 3 months, 6 months or 9 months into the future this snapshot might change.

Another reason to do ongoing monitoring relates to Dick Cassin’s work on the connection of compliance programs to anti-terrorism. To assist banks and other financial institutions in the fight against money laundering and terrorist financing KPMG suggests they undertake ‘ongoing monitoring’ of the business relationship with each customer. This ongoing monitoring has two components. First such institutions should monitor all of the transactions involving the customer to ensure that they fall within expectations. This concept has clear resonation in the FCPA compliance area under one of the well-recognized Red Flags regarding third party business partners. If a proposed foreign business partner does not have experience in your company’s field of expectation for the services or products your company offers, or the commission the foreign business partner sought, or has received, do not fall within a range of monetary expectations, these are viewed as ‘Red Flags’.

The second component of ‘ongoing monitoring’ would fall into the category of “Know Your Customer” or as it is known by its acronym ‘KYC’. KPMG notes that this second element of the ‘ongoing monitoring’ requirement is the need to keep relevant KYC data items up-to-date. Without up-to-date data, banks cannot understand their customers, nor screen a company’s principals effectively against sanctions lists. As Ryan Morgan noted in his ACI presentation many times it is difficult to obtain accurate information on officers, directors and related parties in the ownership chain of a foreign business partner because of the inherent inefficiencies in  a foreign governments corporate records filing systems. This means that the tools must be in place but those tools must also be utilized on a regular basis.

The KPMG survey is filled with much information for any banking compliance officer but also solid information for the anti-bribery and anti-corruption practitioner. I heartily recommend it to you for your consideration.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

UBS’s $2.3bn Lesson for a Compliance Oversight Review Committee

In an article in the Wall Street Journal (WSJ), dated September 17, 2011, entitled “Rogue Trading Lasted 3 Years”, reporters Carrick Mollenkamp, Paul Sonne and Deborah Ball contributed to an article which detailed “an early picture” of some of the “lapses inside one of the world’s largest banks” which allowed the alleged trading losses by Kweku Adoboli to take place. Adoboli’s alleged fraudulent activities “began as early as 2008” according to David Levy, a UK Fraud Prosecutor. The article went on to report that “UBS may paint a fuller picture of how its risk controls failed to prevent this big loss.”  However, the WSJ Law Blog reported, on September 19, 2011, that in its second quarter earnings call in June, UBS Chief Executive Officer (CEO) Oswald Gruebel said “We have to continue to manage risk tightly to make sure that the risk-reward balance is positive for our shareholders.” So perhaps their risk management was not run so tightly after all?

The management of risk is as important in the Foreign Corrupt Practices Act (FCPA) arena. (Well maybe not $2.3bn in alleged losses but still it is important.) Number Two in McNulty’s maxims is “What did you do to detect it?” meaning what systems did your company put in place to detect violations of your compliance program. Obviously appropriate internal controls are critical to such detection. As pointed out by the ‘Explainer’ column, in the September 16 edition of the online magazine Slate, in the context of a trading company such as UBS, “Every trader is allowed to take on a certain amount of risk, and if he wants to exceed that value he must get the permission of his supervisors.” However, a best practices compliance program should employ more than simply a books and records based internal controls and front line approval request.

In a best practices compliance program there should be frontline review and oversight by the Compliance Department. This would include the review of requests to engage agents and other foreign business representatives as well as management through the contracting process. It also includes management after the contract is signed. My colleague, and frequent contributor, Mary Shaddock Jones often uses her former experience as Chief Compliance Officer (CCO) at Global Industries as an example of post-contract execution management. She would routinely review agent’s requests for payment to test whether proper procedures were being followed.

However, I believe that best practices would suggest that there be more than frontline review of requests for payments from either agents or reimbursements from employees. There should be some type of oversight committee which can review on a quarterly, semi-annually or annual basis a company’s management of risk.

As far back as January, 2005, the Deferred Prosecution Agreement (DPA) entered into between the Department of Justice (DOJ) and the Monsanto Company provided for “the establishment and maintenance of a committee to supervise the review of (I) the retention of any agent, consultant, or other representative for purposes of business development or lobbying in a foreign jurisdiction”, or an Oversight Committee. The scope of this Oversight Committee is not fleshed out in the DPA. While many have focused on the Oversight Committee to monitor agents and other third party business representatives, the role of the Oversight Committee can be broader than simply agents and representatives. A major purpose of an Oversight Committee is to act as redundant backup to the books and records internal controls systems which are designed to detect violations of a company’s compliance program.

Who should be on an Oversight Committee?

The Monsanto DPA provides guidance on this point by stating “The majority of the committee shall be comprised of persons who are not subordinate to the most senior officer of the department or unit responsible for the relevant transaction;” this would indicate that senior management should be involved in the Oversight Committee. It would also indicate that more than one department should be represented on the Oversight Committee. This would include senior representatives from the Accounting (or Finance) Department, Compliance & Legal Departments and Business Unit Operations.

What Should the Oversight Committee Review?

There are a variety of approaches that an Oversight Committee can assume. It can dive down deeply ‘into the weeds’ for transactions which the company has identified as high risk. This can be the review of agents or other representatives in high risk areas or transactions in high risk countries. The Oversight Committee can use techniques such as continuous controls monitoring to identify any outliers of payments or other indicia of financial information which would warrant additional investigations. In addition to the above remedial review, the Oversight Committee should review all payments requested by agents and representatives to assure such payment is within the company guidelines and is warranted by the contractual relationship with the company. Lastly, the Oversight Committee should review company sales or business development requests to provide compensation and, as appropriate, reimbursement  for gifts, travel and entertainment of foreign governmental officials.

The oversight of Foreign Business Partners is one of the key mechanisms that a company can use to prevent and detect any violation of its own Code of Ethics and Compliance and the FCPA. The proper structure of the Oversight Committee and its full engagement with all aspects of a company’s relationship with a Foreign Business Partner is one of the areas that the DOJ will look for in a successful FCPA compliance program.

Conclusion

An Oversight Committee is a key tool which can be utilized by a company to manage its relationships its risk. The books and records component of internal controls is one level of prevention and detection. The review by a Compliance Department for requests for travel for and gifts and entertainment to foreign governmental officials is also an important step in the detection process. However, a compliance Oversight Committee is another step which I believe is a best practice and should be employed by US companies as an additional protection against any type of FCPA compliance and ethics violation “slipping through the cracks” to become a much larger problem down the road. Companies should use the rather unfortunate lesson of UBS and review the systems they have in place to detect risky conduct.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Delhi’s Battle Against Bribery: Compromise or Cop Out? (Part II) Examining The Intent Behind the Lokpal Bill

Ed. Note-today we conclude a two-part series by our colleague, Mary Shaddock Jones on corruption in India.

Yesterday I reported on an article published in Current Intelligence Magazine written by Eric Randolph entitled “Delhi’s Battle Against Bribery”.   As indicated, the state government of Delhi recently enacted a law designed to bring about changes to the pervasive corruption in India by addressing the demand side of the equation.  According to an article published in the Times of India newspaper by Ambika Pandit, the law named the “Right of Citizen to Time Bound Delivery of Services Act, 2011.  Delhittes are “now empowered to get compensation for delays in services rendered by 32 city departments and agencies.

My question is this:  Did the Delhi government just try to pacify the people demanding reforms or are is it really willing to make a serious attempt to reduce corruption by attacking the demand side of the equation?   There have been numerous articles written about the two “Lokpal Bills” floating through the Delhi government (“Jan Lokpal Bill”).  The original Lokpat Bill produced by the Delhi government was deemed way too inadequate- as it failed to allow the prosecution of some people in important positions.  As a result, the activist prepared their own bill that had more teeth in it.

From what I can tell, the” Right of Citizen to Time Bound Delivery of Services Act, 2011” is only a small part of the Lokpal package.  I thought one comment published in response to the passing of the “Right of Citizens” was especially poignant:

“Common People now have to pay double bribes. Instead of Terminating Corrupt Government Employee, they are asking for fines. That means Government is supporting Corruptions to increase their income! These Fines will be Recover from Common People. Common People have to pay for their Salary Cut. If Common People don’t pay their Fine then they will not Deliver their Service in Time. More harassment will increase. Termination of Service is the best Solution; otherwise Common People are in Great Danger.”

In many third world countries, civil servants are paid extremely low salaries.  In Nigeria, for instance, the accepted method of increasing the salaries was through the demand of small bribes in order to process paperwork.  The person who wrote the comment above in India obviously believes that the passage of the “Right of Citizens bill” will only exacerbate this problem in India.  It is a vicious cycle.

What the activists want in India is much bigger than what is reflected in the “Right of Citizens to Time Bound Delivery of Services Act, 2011.  Perhaps it is time for our government to put political pressure on countries which profess to want an end to corruption, but fail to enact strong legislation and enforcement of that legislation to bring about change.  We must, as individuals and as companies, continue to push for reforms from the demand side of the equation.  It is simple economics- “Supply = Demand”.  But unless the salaries of civil servants are addressed, people will continue to do what they believe is necessary to feed their family.  The type of money discussed in the “Right of Citizens to Time Bound Delivery of Services Act, 2011” isn’t going to make any civil servant rich.  It may simply compound the problem as predicted by the commentator above.

———————————————————————————————————————————————————————–

Mary Shaddock Jones, Attorney at Law and former Assistant General Counsel and Director of Compliance at Global Industries, Ltd. can be reached via email at  msjones@msjllc.com or via phone at 337-515-8527 .

———————————————————————————————————————————————————————-

This Week in FCPA, ep #17, is UP! wp.me/p1qOzv-23. Howard Sklar and I talk about News Corp, Alcatel (again), and more!

———————————————————————————————————————————————————————–

Please join Mike Volkov, Stephen Martin, Jim Feltman and myself on Oct. 6 in NYC for a presentation on ” The Gathering Storm: Anti-Corruption Compliance for Private Equity and Hedge Funds”. The presentation is hosted by World Check and Ethisphere and the event is complimentary. More information and registration details can be found at http://ethisphere.site-ym.com/events/event_details.asp?id=179863. If you are in the NYC area I hope you can attend.

———————————————————————————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. 

Delhi’s Battle Against Bribery: Compromise or Cop-Out? Part 1

Ed. Note-today we begin a two-part series by our colleague, Mary Shaddock Jones on corruption in India.

Current Intelligence Magazine published a story on September 15^th written by Eric Randolph entitled “Delhi’s Battle Against Bribery”.   The article succinctly described a situation found in many places in the world- the demand for small payments by low level governmental officials for services routinely requested by citizens in the state.

Mr. Randolph reports on a man named Arjun who lives in Delhi.  According to the article “When Arjun, a Delhi-based photographer, was attempting to relocate his family overseas earlier this year, he found himself breaking a cardinal rule he had set for himself. He had never paid a bribe in his life, but now he needed a ‘Letter of Good Conduct’ from the police that would allow him to apply for residency abroad, and it quickly became clear that this would not happen without money changing hands. “I’ve always refused to pay bribes in the past,” he said. “But every time I went to the police station, they would tell me that it would take a few more days. “We needed the letter in a hurry. There was no choice. In the end, I handed over 2,500 rupees (USD $52.54) before they would give me the letter.”

Mr. Randolph continued by stating that “this sort of low-level corruption is a ubiquitous part of daily life across India. Buying a house, getting a phone connection, applying for a passport – almost anything which involves a government office invariably requires a palm to be greased.”

The state government of Delhi enacted a law designed to bring about changes to the pervasive corruption in India by addressing the demand side of the equation.  According to an article published in the Times of India newspaper by Ambika Pandit, the law named the “Right of Citizen to Time Bound Delivery of Services Act, 2011.  Delhittes are “now empowered to get compensation for delays in services rendered by 32 city departments and agencies.

The new law sets limits such as 7 days for issuing a birth or death certificate, 21 days to register a vehicle, or 55 days to issue a restaurant license. An e-monitoring system has also been installed that will allow members of the public to monitor the progress of their applications. Officials will pay Rs.10 (USD $0 .21) per day when they exceed the limit, and repeat offenders will face disciplinary action.

According to the Times of India article, “The Act provides for on-the-spot compensation to be paid to citizens who have suffered delay in service. The erring official will be served a notice within 15 days. The official will be expected to either deposit the cost of delay within a week or submit a representation to the officer concerned on why the delay took place.  If the reason for delay is found valid, the competent officer can issue notices to other defaulting officials, if any. The aggrieved official will also have the right to appeal to an appellate authority.”

The Act calls for “appropriate administrative action” against officials who have more than 25 defaults in a year and an adverse entry in their service records. Efficient employees may get cash incentive not exceeding Rs 5,000. (USD $105.88)

Perhaps what is more interesting are the comments posted online in response to the Times of India article.  Here are a couple of the comments.  The names associated with each comment have been withheld for privacy purposes.

1. Wow., never thought such a day would come ..wonder if this is to stay and properly implemented !! However, good job Delhi !!
2. 55 days to give license to eating house? 21 for registration, 10 rupees a day!! They would have wasted money hiring more officials to manage this process! Worst thing is that Delhi & other states will look at this and INCREASE the average delay up to the “maximum”, in Karnataka, TN etc. it takes much less time.
3. Common People now have to pay double bribes. Instead of Terminating Corrupt Government Employee, they are asking for fines. That means Government is supporting Corruptions to increase their income! These Fines will be Recover from Common People. Common People have to pay for their Salary Cut. If Common People don’t pay their Fine then they will not Deliver their Service in Time. More harassment will increase. Termination of Service is the best Solution; otherwise Common People are in Great Danger.

According to both articles, the reforms occurred as a result of the actions of Anna Hazare.  “ Hazare, a Gandhian by belief, outlook and practice, has become the face of India’s fight against corruption. During his fast over the Lokpal Bill, Hazare, a quintessential traditional Indian by looks and mannerism, managed to inspire and mobilize the support of even the ultra-modern Indians – Indians for whom the word “social” only means having a profile on social networking sites. The “Anna Hazare fast” can be described as the first real “social networking movement” in India.

In my next post, I will provide you a short history of the Lokpal Bill and then analyze the comments reported above in light of the original intent behind Anna Hazare’s fast. Stay tuned.

———————————————————————————————————————————————————————–

Mary Shaddock Jones, Attorney at Law and former Assistant General Counsel and Director of Compliance at Global Industries, Ltd. can be reached via email at  msjones@msjllc.com or via phone at 337-515-8527 .

———————————————————————————————————————————————————————–

Please join Mike Volkov, Stephen Martin, Jim Feltman and myself on Oct. 6 in NYC for a presentation on ” The Gathering Storm: Anti-Corruption Compliance for Private Equity and Hedge Funds”. The presentation is hosted by World Check and Ethisphere and the event is complimentary. More information and registration details can be found at http://ethisphere.site-ym.com/events/event_details.asp?id=179863. If you are in the NYC area I hope you can attend.

———————————————————————————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.