Controls to Prevent Violations of Anti-Bribery Laws

Ed. Note-I recently asked my colleague Henry Mixon CPA, if he could explain the differences regarding internal controls required under financial regulations such are Sarbanes-Oxley with internal controls required under anti-corruption laws such as the Foreign Corrupt Practices Act. The following is his explanation. 

Relying on Sarbanes-Oxley (SOX) and independent audits presents significant risk of internal controls not being effective to comply with anti-bribery laws. Company management often believes that, because they have independent auditors and because they are SOX compliant, they don’t need any additional focus regarding compliance with anti-bribery laws.  While independent audits and procedures required for SOX are useful, there are several reasons why focused attention needs to be paid to certain internal control objectives in order to have an effective anti-bribery compliance program.

1. The overriding concept is that effective internal controls do not automatically follow when Policy Statements are issued. Training employees regarding new policy requirements and obtaining their certification of understanding does not ensure compliance.  A specific focus is needed to ensure there are control procedures in place to ensure compliance with the policies.

2. SOX controls are, by definition, focused on financial reporting. They do not address many transaction level controls needed to prevent violations of Anti-Bribery laws.  Based on my experience assisting clients remediate internal controls to satisfy an independent monitor and the Department of Justice (DOJ), I have compiled a list of controls which should be considered on a risk basis to determine effective controls needed to prevent violations. Shown below are only a few of the control objectives which are needed in an effective Compliance Program which, for materiality or other reasons, are typically not in SOX (or independent audit) scope:

a. Controls to prevent payment of bribes using cash (petty cash funds and otherwise) and using manual checks to meet “emergency needs” processed outside the normal invoice approval system. A Corporate review of such transactions after the fact is not a sufficient control.  (In each Independent Monitor situation, there was a substantial focus on risks associated with petty cash funds and manual checks.)

b. Because bribes can be given by methods other than cash, controls over contractual relationships with third parties should be scrutinized. This includes contracts with agents, contracts to lease facilities / equipment, etc. For example, unauthorized use of Company assets / facilities, with or without compensation, can be a means to pay a bribe. Therefore, controls are needed over movement of inventory (such as shipments of inventory to non-customer locations and use of mobile fixed assets). For example: (1) controls are needed to ensure shipments of goods after they have been accepted and paid for result in appropriate compensation to the Company; (2) controls are needed to ensure Company vehicles are not “loaned” to unauthorized persons without adequate compensation to the Company.

c. Controls are needed over gifts, entertainment, hospitality, political contributions, and charitable contributions. For materiality reasons (see below), these controls are typically not included in SOX scope.

d. Enforcement of an effective Delegation of Authority (including the accounting controls for processing / approving vendor invoices, signing checks,) is typically not addressed in SOX scope but is a critical control from a Compliance perspective.  For example, when dual signatures are required, what is the control to ensure they are obtained? (Banks will pay checks with only one signature, even if two are required.) Another example, control should be in place to ensure document approvers actually review support for transactions they are approving, and these controls must be evidenced for the Compliance Program to be considered effective.

e. Use of offline processing and maintenance of key information related to vendors and disbursements (such as Excel spreadsheets which can impact payments to vendors or which track entertainment provided to third parties) presents risk.  Therefore, controls over the creation and maintenance of spreadsheets which “feed” the financial accounting process require evaluation.

f. Employment of “contract” employees, as well as permanent employees in foreign locations requires controls in the payroll processing to ensure the employees’ status as a current / former Government Official, or as a relative of a Government Official, is identified in pre-hire diligence and that effective oversight is established regarding the hours actually worked, the type of work performed, and the compensation paid.

g. The controls regarding creation / approval / unauthorized modification of Purchase Orders should be carefully evaluated, not just the focus on the three-way match.

h. Controls should be in place regarding maintenance of the vendor master file to ensure no vendors are paid unless there has been appropriate due diligence performed. Controls should be in place to prevent situations where the vendor has invoiced the company and wants to be paid, but the vendor’s name is not in the vendor master file as an approved vendor.  Having controls over changes to the vendor master is more effective than only having a policy that all vendors must be subject to diligence and pre-approval.

i. Having controls to ensure compliance with reimbursement to employees for travel and other business expenses is critical. Requiring a manager to initial an expense report does little to prevent unauthorized activities, unless there is evidence the approver actually looked at the substance of the requested reimbursement.

3. SOX and Generally Accepted Auditing Standards allow a scope definition which eliminates business locations / business units which are considered to be immaterial, as well as eliminating types of transactions / accounts not considered material for financial reporting purposes. Therefore relying on a SOX-acceptable universe of control assessment based on materiality increases the risk of violations occurring. Many of the instances of prosecution by the DOJ and by the SEC involved business locations considered immaterial for financial reporting (SOX) purposes. The DOJ and the SEC have been very specific that individually immaterial violations over time constitute a violation and that even improper recording of immaterial transactions determined to be bribes violates, respectively, the anti-bribery and Books and Records provisions of the FCPA.

Using a standard other than the traditional financial statement concept of materiality does not necessarily mean controls need to be more extensive.  Rather, the controls which are needed for an effective Compliance Program take into account the risk of violation (such as inherent corruption index and the inherent risk of certain types of transactions and business relationships) rather than the number of transactions or cumulative financial totals of transactions.  For example, controls in countries with a Corruption Perception Index (CPI) of 3 or less should be robust, regardless of volume of transactions. Doing business with agents and foreign business partners generally presents higher risk than with other third parties.  Transactions which may be immaterial for financial reporting purposes (petty cash disbursements, gifts, charitable contributions, etc.) may present significantly higher Compliance risk than their individual financial amounts might indicate.

4. SOX allows a significant portion of controls to be “detect” controls.  Anti-bribery laws require a specific focus on “preventive” controls. If improper payments are identified by “detect” controls which review disbursements and asset disposals after the fact, the identification of suspicious transactions only leads to a decision whether to self-report and how extensive (expensive) an internal investigation is needed to determine the company-wide magnitude of the issue.  Little has been done to prevent the improper activity.  (Accordingly, relying on a SOX approach will not meet the burden of proof necessary to satisfy the “prevent” requirements of the UK Bribery Act.)

5. The SOX approach does not take into account the high evidence standard which comes into play when there is a suspected Compliance violation. Certain types of controls should have more robust documentation from a Compliance perspective than from a “traditional” perspective.  The “evidence standard” issue is very significant when third party investigations are at hand. For example, an initial on a document means someone initialed the document. It does not define what the person did before initialing the document or the representations which are being made when the person initials a document.  Often such evidence is simply a matter of defining control procedures and of modifying approval blocks on forms.

============================================================================================

If you are going to be in Houston on December 7, myself, Mike Volkov and the Bribery Act guys, Richard Kovalevsky QC and Barry Vitou will be making their only US appearance this year. Mike and I will review some of the more significant enforcement matters of 2011 and discussion lessons which may be drawn from them. Richard and Barry will discuss the Bribery Act. Best of all the event is free and CLE will be provided. Event details and registration are found at http://events.r20.constantcontact.com/register/event?llr=myqi4pcab&oeidk=a07e55t5re06e78f1e3. I hope you can make it!

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. 

You Have a FCPA Compliance Strategic Plan – Now What Do You Do?

One of the things that my colleague Stephen Martin talks about is the need for strategic planning for your Foreign Corrupt Practices Act (FCPA) compliance program. He suggests a 1, 3 and 5 year strategic plan which you should utilize as a road map for your compliance program in these time frames. Equally important, as a former state and federal prosecutor, he believes that such a document would be an important item to produce to a prosecutor, who might be reviewing your compliance program in the event of a voluntary self-disclosure, a Dodd-Frank or other whistle-blower event, which has led your company to receive a subpoena or letter of inquiry or an industry sweep. He believes that such a strategic plan could well lead to the development of credibility for your company and your compliance program in the event of one of the aforementioned eventualities.

With the above in mind I was interested to read an article in a recent issue of the Houston Business Journal, entitled “Strategic planning needs constant follow-up to be successful” by Bruce Rector. In the article Rector sets out steps to assist in utilizing a strategic plan. As with Martin he recognizes that while a strategic plan can serve as guide for your company going forward, it must actually be utilized to garner any use out of it. Rector notes that “if your company and management team have expended the time and resources to pull together a strategic plan, the next logical step is to follow up and keep things on track.” While Rector’s article is not aimed at the compliance arena, I believe that the steps he lays out, translate without difficulty, into steps a compliance officer can take to meet the suggestion laid out by Martin above.

• Review the Goals of the Strategic Plan. This requires that you arrange a time for the Chief Compliance Officer (CCO) and team to review the goals of the Strategic Plan. Rector advises that to the extent possible this should be done in person. The CCO should lead a discussion of the Strategic Plan and determine how this goal in the Plan measures up to its implementation in your company.
• Design an Execution Plan. Here Rector advises that the “Keep it Simple Sir” or KISS method is the best to move forward. This would suggest that for each compliance goal, there should be a simple and straight forward plan to ensure that the goal in question is being addressed. Rector notes that any “plan must be specific with clear tasking and deliverables and a definite timeline for delivery.”
• Put Accountabilities in Place. In any plan of execution, there must be accountabilities attached to them. Simply having a time line is not enough. This means that the persons tasked with the responsibility of performing the tasks be clearly identified, by both the individual so tasked and the actual task they are assigned to complete. Accountability also includes a “follow-up mechanism to ensure that these vital goals are achieved.” This requires the CCO or other senior compliance department representative to put these in place and then mandate a report requirement on how the task assigned is being achieved.
• Schedule the Next Review of the Plan. Most interestingly, Rector recommends a review of the foregoing process on a weekly basis. While noting that this may seem time consuming, he believes that once the group assigned with this responsibility gets “into the rhythm, it can go smoothly.” While I would not necessarily agree that weekly meetings are required, Rector does correctly note that such regularity allows any problems which may arise to be detected and corrected more quickly than if meetings are held at a less frequent basis.

Martin’s guidance that a FCPA strategic plan can be a key part of your overall compliance program is sound advice. However, simply developing a strategic plan is not enough. Rector concludes by stating that “Part of management’s responsibility is to continually reinforce the vision and goals of the company, as set forth in this plan.” This is particularly true in the compliance arena, where assessment and updating are critical to an ongoing best practices compliance program. If you follow the process laid out by Rector, you will put a mechanism in place to demonstrate your company’s commitment to compliance by following through on intentions as set forth in your strategic plan.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

The Fight against Shell Corporations in the US

One of the critical areas in due diligence for foreign business partners is determining who are the true owners of an entity. Unfortunately this is not always possible to determine as many countries do not require the names, addresses and other identifying information of shell company owners or limited liability partners. Many people think of the Cayman Islands or other traditional tax havens when such issues arise.

However, a surprising number of allegedly low risk countries also have this problem. New Zealand is generally recognized as one of the lowest risk countries in the annual Transparency International Corruption Perceptions Index, nevertheless this rating may not be all it seems. In an article by Michael Field on the Stuff.co.nz website, entitled “NZ firms linked to money laundering”, Field reported that one individual was listed as a Director of over 300 New Zealand formed companies. Another person, listed as the Director of the New Zealand Company alleged to have been involved with the shipment of arms to North Korea, was “convicted of 75 breaches of the Companies Act for giving false addresses on registration forms”.

New Zealand is not be the only country with a low corruption perception which may not be completely accurate. In a Reuters article, entitled “Special Report: A little house of secrets on the Great Plains”, authors Kelly Carr and Brian Grow reported on one house in Cheyenne, Wyoming which the authors claim “serves as a little Cayman Island on the Great Plains” as it is home to the registration of over 2,000 entities. The article claims that Wyoming allows “the real owners of corporations to hide behind “nominee” officers and directors with no direct role in the business, often executives of the mass incorporator.” Carr and Grow also quote Jason Sharman, a professor at Griffith University in Nathan, Australia, who states that “Somalia has slightly higher standards [for business incorporation] than Wyoming and Nevada.”

One of the anomalies in the ongoing HP investigation, for alleged bribery and corruption violations in its German subsidiary, was the German authorities’ investigation of activities in and through the state of Wyoming. The article by Carr and Grow may help explain why the German authorities needed to investigate matters relating to Wyoming where the allegations were that bribes were paid by a HP German subsidiary for a sale into Russia.

However, perhaps there is legislation on the way to close this loophole in the US. In another Reuters article, entitled “House bill targets anonymous shell corporations”, Patrick Temple-West reports on US legislations, introduced in the House of Representatives, which would require stricter discloser laws. The author notes that “This is at least the third time lawmakers have considered proposals to crack down on shell company incorporation.” The legislation has bipartisan support, the bill was introduced by a Democrat in the House and jointly introduced by a Democrat and Republican in the Senate. It is reported to have “wide support by law enforcement” and support from the US Departments of Treasury and Justice.

So you ask who would be opposed to bringing the US standards for business incorporation up to that of at least Somalia. Temple-West reports that “Some state government group[s] remain opposed. In the past, resistance has also come from business groups and lawyers.” I am also somewhat chagrined to report that an organization that I belong to, the American Bar Association, has opposed prior legislation to provide greater discloser for shell companies. However, it is now reported to be “reviewing the latest bills.”

How does all of this relate due diligence as the US problem would not seem to impact a company covered by the Foreign Corrupt Practices Act (FCPA)? First of all, a company should know with whom they are doing business, and  more pointedly a US company which is subject to the UK Bribery Act needs to recognize that any agent, distributor or other type of representative here in the US, is a foreign entity under the Bribery Act and needs full due diligence. While the jurisdictional scope of the Bribery Act has yet to be fully fleshed out, such a US company needs to consider its due diligence here in the US and may need to strengthen its investigations and background checks on such parties to comply with the Bribery Act.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

An FCPA Exam – Selling Health Insurance in India

If you do not read the FCPA Professor on a daily basis, you should do so as he consistently posts about all things Foreign Corrupt Practices Act (FCPA), from the legal angle, far more often and better than any other of the FCPA commentaries. If you want to hone some legal FCPA points, you can do no better than to engage in some good Socratic dialogue with the Professor via email. I have often mused on how the Professor might obtain his final examination questions for his FCPA class exams. Given the ‘stranger than life’ real world FCPA matters that arise, almost weekly; it might be that he only needs to read the newspapers to get his questions.

So inspired by the FCPA Professor, I would like to have a FCPA exam for the readers of this blog. In this posting, I will set out the hypothetical question and in a subsequent post I will set out some proposed answers. As a law school professor once told me when I (meekly) sought an upward adjustment of my final grade, “Tom, there is no right or wrong answer to my exams, only incomplete ones and yours was not a complete answer.” With that in mind, there will be no right or wrong answers to the question I pose. Hopefully, the above disclaimer will keep me from failing my own exam. It also means that anyone who responds to all or part of the question raised below, will not receive a failing grade. I should also note that, all persons listed in this hypothetical are fictional.

You are the first Chief Compliance Officer (CCO) for a company which sells health insurance products to the consumer market. You were hired to get the company ready to go into the overseas market by setting up a FCPA compliance program. You have been on the job one month.

One lovely Monday morning, the Chief Executive Officer (CEO) calls you into his office and informs you of the following: his legal department has formed a joint venture in India, to sell health insurance policies, with an Indian company which specializes in making and selling cooking equipment to the Indian consumer market. At this point there is no value set for the joint venture but you may assume that it will be a multi-million dollar entity. As a show of good faith, the CEO has established the joint venture ownership, and Board of Directors, as a 50/50 partnership between both companies. The joint venture was formed in India and is governed by the laws of India.

The CEO has met several times with the CEO of the Indian joint venture partner, has looked him in the eye and knows he is a ‘straight shooter’ and someone he wants to do business with. To that end, the CEO of the Indian joint venture has assured him, due to his good relationship with various Indian governmental officials that he has met through his cooking equipment business, that he can get the joint venture through the byzantine Indian licensing process much quicker than some other person. He just needs the funding for the joint venture to come though as the licensing process cannot begin until the joint venture is formed.

The CEO envisions a sales force of employees, agents and other representatives of the joint venture  , banks and other financial institutions which will receive commissions based upon the sales. He is excited because a large market for the products will be a trifecta of Indian public employees; federal, state, regional and local government employees. In other words, a captive market that the Indian partner will set up to tap into. Your CEO believes that each sales representative for the joint venture will need a separate license to sell health insurance for the products to be offered by the joint venture but the CEO of the joint venture partner has assured you gaining the license will not be a problem.

There is a signing ceremony scheduled to conclude the joint venture in two weeks and your CEO is making a final presentation to your company’s Board of Directors next week. This will be the first Board meeting that you will attend and you will present to them your vision for FCPA compliance in the company going forward. Your CEO wants you to give your blessing to the Board of Directors for the joint venture at the Board meeting, from the compliance perspective.

Please discuss the FCPA issues that you can identify in the above hypothetical.

————————————————————————————————-

I hope that you and all of you loved ones have a Happy Thanksgiving!

Also Hook ‘Em Horns in their final battle against Texas A&M on Thanksgiving evening. 

————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

THE BRIBERY ACT. MUNIR PATEL AND WHAT YOU NEED TO KNOW ABOUT HIS DAY IN COURT.

Ed. Note-today we host a posting of UK Barrister James Vine. 

First of all, contrary to what some “experts” have been blaring today, he was NOT sentenced to six years for Bribery. (which may come as some comfort to a few suits out there!)
On Count 1, an offence under the Bribery Act, he was sentenced to three years imprisonment. He had pleaded guilty, and was told that had he fought the case, the sentence would have been between four and five years. The maximum is ten years.
He also pleaded guilty to Count 2 a common law offence of Misconduct in a Public Office. He was sentenced to six years to be served concurrently with Count 1. The maximum is life imprisonment.
As the Judge said “… this indictment represents misconduct which lasted for well over a year and involved at least 53 cases in which you manipulated the process in order to save offenders from the consequences of their offending.”
The full transcript of sentencing remarks is here:
http://www.judiciary.gov.uk/Resources/JCO/Documents/Judgments/munir-patel-sentencing-remarks.pdf

BUT…. and it’s a very big but, the sentence reflecting conduct lasting well over a year, can only have applied to Count 2, because Count 1 could only relate to bribes accepted after July 1st. In other words a comparatively small proportion of the time involved.
They ARE two separate offences. Accepting, or even asking for a bribe, is an offence in itself, even if he then did nothing.
What he did was to ask for and accept bribes, AND THEN go on to falsify the DVLA records by not entering details of motoring convictions which was his job. It could even be argued that he was lucky to have escaped a consecutive sentence.
What else? Well it is said that he was asking £500 a time to do this. 53 cases at £500 a time would mean about £26,000 in his back pocket. When police examined his bank accounts, (yes he paid the money into his bank….) they found credits of £96,000 unaccounted for. He earned about £25k per year.
So what does this all tell us?
On his own admission, to the court and on the secret video filmed by that bastion of rectitude, The Sun, he had been well at it for over a year.
http://www.bbc.co.uk/news/uk-england-london-15310150
The judge had this to say about the effect of his actions on the Judicial system: “By doing what you did, you created a danger not only to the integrity of the process but also to public confidence in it. A justice system in which officials are prepared to take bribes in order to allow offenders to escape the proper consequences of their offending is inherently corrupt and is one which deserves no public respect and which will attract none.”

This was far from a simple breach of trust, and cannot be judged in simple monetary terms against such cases.
SO…. if three years on a plea for a Bribery Act offence under Section 2 by a public servant is a guideline, then how much further up the scale will the suits have to crane their necks?
Only time will tell, but I leave you with two further thoughts.
IN the joint prosecution guidelines produced earlier this year by the SFO and the CPS (remember them?) they stated:
“The Act takes a robust approach to tackling commercial bribery, which is one of its principal objectives. The offences are not, however, limited to commercial bribery. There may be many examples outside the commercial sphere where individuals attempt to influence the application of rules, regulations and normal procedures. Examples would include attempts to influence decisions by local authorities, regulatory bodies or elected representatives on matters such as planning consent, school admission procedures or driving test”
So it isn’t just the suits who need to keep looking over their shoulders. The CPS are alive to lower level bribery too.
And finally, when can we expect to see 53 arrests and prosecutions for those who bribed Munir Patel?

James write and comments on the Bribery Act (among other topics) at thebungblog which he calls “A Lightheartedly Serious Look at  the Bribery Act 2010.” This post originally appeared in thebungblog at

http://thebungblog.wordpress.com/2011/08/29/official-government-declares-bribery-is-not-an-offence/

Don’t Get Lost in [FCPA] Translation

Ed. Note-today we have a guest post by Jay Rosen.

In late October, a colleague and I were having breakfast with Tom Fox in Houston. We were in town to participate in an FCPA event which we were hosting with Akin Gump and Deloitte. While we were trading war stories about past and ongoing investigations, Tom proposed the following scenario:

“You’ve just stepped off the tarmac in Beijing and you are speeding in a SUV to your client’s headquarters to begin collecting documents. What do you need to know before you walk through that door and what steps could you have taken ahead of time to prepare for that day?”

While the answer to his question could take many different angles (depending on your role in the investigation), my response was focused on best practices for managing the foreign language portion of a case. Clients often reach out to me for advice on managing translations for FCPA and white collar investigations, cross-border litigations and related matters. Though each translation matter posses its own unique set of challenges, the common denominator is “What is the most cost effective way to match the proper translation solution with the needs of this case?”

Many clients consider translation to be something they can handle in-house since:

• “Becky down the hall speaks Spanish”
• “I’ll use Google Translate”
• “The associates in our Paris office can handle this”
• “The forensic accountants in Beijing or the document reviewers in Shenzhen can translate this information on the fly.”

In certain circumstances, all of these options have some validity, but for a mission critical project where accuracy and deadlines are key, these are not typically the best choice.

FCPA matters demand a different level of sophistication and execution. By engaging a professional Language Service Provider (LSP) at the front end of your investigation, you can leverage filtering and translation solutions that will result in a more cost and time efficient language management process. These solutions include:

• Language Identification
• Foreign Language Key Word Search
• Machine Translation
• Summary Translations
• Human Translations

This method of filtering foreign language data utilizing technology solutions (Language Identification, Foreign Language Key Word Search and Machine Translation) ensures that you only translate those documents that are absolutely necessary. For example, in a recent Turkish FCPA matter, Merrill Brink’s filtering tools reduced the number of translated documents to 3,000 out of an initial universe of 1,000,000.

While it is tempting to employ the least costly solution, or utilize “boots on the ground” instead of hiring professional translators, the end result of this decision often requires professional translators (who should have started the process in the first place) being brought in to salvage the job and finish it correctly.

In circling back to our initial question — “What do you need to know before you walk through that door and what steps could you have taken ahead of time to prepare for that day?”

Any company with global operations, if they do not already have a trusted translation provider, must seek out a LSP with the capabilities to employ both technology and human translation solutions to minimize the ultimate number of words (pages) to be translated and to match the most cost effective level of translation with each individual stage of the investigation. This is important not only from an investigation and auditing perspective, but these same translation resources can be leveraged to localize compliance, training, eLearning and code of conduct content throughout the organization.

All of these tools should be utilized to reduce the amount of data that require full translation. Thus the only documents requiring full translations are those that must be presented to an official body (DOJ, SEC).

By knowing this information in advance, the team in the speeding SUV can concentrate on the job at hand — securing the location, collecting the data and interviewing employees. After all this information has been collected, and a LSP has been engaged, they can begin to leverage the above mentioned tools and filtering processes to match appropriate translation solutions to each step of the investigation , contain the costs of human translations and most importantly produce the highest quality translations from professional linguists.

Jay Rosen is a Vice President, Language Solutions at Merrill Brink International, based in Los Angeles, where he advises businesses and law firms on translation solutions for FCPA, Compliance, Code of Conduct and eLearning. He can be reached via email at jay.rosen@merrillcorp.com and via phone at 310-729-6746.

Two Important Words to Remember: Ethics Matters

Ed. Note-today we have a guest posting from our colleague north of the border-Lindsey Walker from i-sight.com 

Brand value and reputation can really take a beating when a company is faced with accusations of unethical behavior in the workplace. Information travels faster and is more accessible now than ever before, which makes “laying low” virtually impossible – just ask Tiger Woods. In the article “Ethics Branding” by Steve Brock, he focuses in on why workplace ethics are heavily connected to the power of your brand:

“Your brand is more than just a logo or tagline. It involves everything you do. Every touch point with customers affects their perspective of you, and thus your brand. Ethics matter because they are at the heart of your values. Values matter because they are at the heart of your brand.”

Ethics Matters

A company with a bad reputation will have a hard time holding onto customers and attracting top talent. Consumers care about ethics. Job seekers and potential candidates care about ethics too.

The results of a survey conducted by creative agency, 23red, help support the fact that consumers care about ethics. There were 1000 people interviewed for the survey and they were asked questions about brand ethics and how it affects their purchase decisions. During their research, the agency found that:

• “91% of consumers say brand behavior is an influential factor in making purchases.
• 74% would be interested in knowing more about the behavior of a company before buying.
• 60% say that awareness of “a company’s ethics – environmental record, sourcing, sustainable employment policies, etc, affects their decision making”.
• 53% say knowing that “the company donates a percentage of profits to charity and good causes” is influential when considering a purchase.
• 64% agree that companies should adopt a role in the well-being of communities and wider society.”

The findings are pretty eye-opening and certainly give companies something to think about. The findings also send a clear message that integrity and a commitment to ethics can be a great way to market a brand and communicate to the public.

Promoting Your Brand’s Ethics

Every company has a different reason for acting ethically. In Leon Kaye’s article “A New Era of Ethical Leadership?,” for Triple Pundit, Kaye writes:
“The reasons vary: a genuine concern for people and communities, the desire to avoid additional regulations, reducing costs while increasing revenues and of course, enhanced brand value and building trust with customers and stakeholders. That trust and brand value, however, can take years or decades to build, and in an instant can be washed away.”

When was the last time your company shared a story about its  ethics with the public? As Kaye mentioned, building goodwill can take time, but everyone has to start somewhere. As a business, if your main reason for acting ethically is to protect the public, wouldn’t you want to share that message? Let people know you value them, their health, their safety and everything else. Buy most importantly, back up your words with actions. People know when a company is bluffing and they won’t be afraid to call you out on it. If a company’s commitment to ethics, sustainability, safety, the environment, etc., is a deciding factor in a purchase decision, isn’t it time you started letting people know where you stand?

Lindsey Walker can be reached at LWalker@customerexpressions.com.

LEGAL ISSUES SURROUNDING SOCIAL MEDIA BACKGROUND CHECKS

Ed. Note-we are pleased to host a posting today from Michelle Sherman.

Agatha Christie had a novel take on invention being the mother of necessity.  She disagreed and said, “[I]nvention, in my opinion, arises directly from idleness, possibly also from laziness.  To save oneself trouble.”  She may have been onto something when you think about businesses that are turning to outside vendors to research employees and job candidates for them.  Whether or not these outside vendors are the best solution, however, remains to be seen.

1.  Companies Should Have An Internal Procedure For Researching Job Candidates And Employees On The Internet

We recommended in a January 2011 blog post, that businesses establish an internal procedure for making employment decisions based on Internet research, so they would not run afoul of state and federal laws that prohibit job discrimination based on protected factors.  See http://www.socialmedialawupdate.com, Social Media Research + Employment Decisions: May Be A Recipe For Litigation.  The protected factors include, for example:  (1) Race, color, national origin, religion and gender under Title VII of the Civil Rights Act of 1964; and (2) Sexual orientation, marital status, pregnancy, cancer, political affiliation, genetic characteristics, and gender identity under California law.  Most states have their own list of protected factors, which should be considered depending on where your company has employees.

Not surprisingly, the legal risks of making employment decisions using the Internet have become a real concern for businesses, especially when you consider that 54% of employers surveyed in 2011 acknowledged using the Internet to research job candidates.  The actual number of employers using the Internet is probably higher, and sometimes companies may not even be aware that their employees are researching job candidates and factoring that information into their evaluations.  This is yet another reason to establish an internal procedure for researching job candidates, and communicating your procedure to employees who are participating in the employment process.

There is nothing wrong with researching people on the Internet so long as it is done properly.  The Internet has a wealth of useful information, some of it intentionally posted by job applicants for employers to consider such as LinkedIn profiles.

With this “necessity” to do Internet searches properly, some businesses have turned to outside vendors to do the research for them, and, thereby, try to reduce their legal exposure and the administrative inconvenience of doing it themselves.  At least one of these vendors has received letters concerning its business practices from the Federal Trade Commission (“FTC”) and, more recently, two U.S. Senators.

2.  The Business Practices Of Outside Vendors That Provide Social Media Background Checks Are Being Examined For Compliance With Privacy And Intellectual Property Laws

On May 9, 2011, the staff of the FTC’s Division of Privacy and Identity Protection sent a “no action” letter to Social Intelligence Corporation (“Social Intelligence”), “an Internet and social media background screening service used by employers in pre-employment background screening.”  The FTC treated Social Intelligence as a consumer reporting agency “because it assembles or evaluates consumer report information that is furnished to third parties that use such information as a factor in establishing a consumer’s eligibility for employment.”  The FTC stated that the same rules that apply to consumer reporting agencies (such as the Fair Credit Reporting Act (“FCRA”)) apply equally in the social networking context.  These rules include the obligation to provide employees or applicants with notice of any adverse action taken on the basis of these reports.  Businesses should also be mindful of similar state consumer protection laws that may be applicable and may afford additional rights to employees and applicants (e.g. California Investigative Consumer Reporting Agencies Act).

The FTC concluded by stating that information provided by Social Intelligence about its policies and procedures for compliance with the FCRA appears not to warrant further action, but that its action “is not to be construed as a determination that a violation may not have occurred,” and that the FTC “reserves the right to take further action as the public interest may require.”  This FTC “no action” letter was reported fairly widely, and probably increased the comfort level of businesses that wanted to use an outside service for Internet background checks.

On September 19, 2011, Senators Richard Blumenthal (D-Conn) and Al Franken (D-Minn) sent a letter to Social Intelligence with 13 questions regarding whether the company is taking steps to ensure that the information it is gathering from social networks is accurate, whether the company is respecting the guidelines for how the websites and their users want the content used, and whether the company is protecting consumers’ right to online privacy.  The letter raises some legitimate concerns, and requests a prompt response from Social Intelligence to the questions presented.

3.  Legal Assurances That Your Company May Want To Seek If Using An Outside Vendor

Some of the questions also warrant due consideration on the part of businesses receiving reports from outside vendors about how much weight they want to give the information provided.  Further, what the business may want in the form of legal assurances from the outside vendor that no laws (e.g. FCRA, privacy, copyright, or other intellectual property laws) have been violated in gathering the information or providing screenshot copies of pages from social networking sites.

Some of the questions from the Senators which raise these concerns include, for example:

1.  “How does your company determine the accuracy of the information it provides to employers?”  [Social Intelligence is reportedly collecting social networking activity dating back 7 years, and, therefore, may capture something that was later removed, or was a “tag” post through a picture that the job candidate was not responsible for making public, and may have removed once it came to his attention.]

2.  “Is your company able to differentiate among applicants with common names?  How?”  [e.g. Have they researched the correct “Jane Smith” of the hundreds on Facebook since social security numbers or other specific identifying information is not useful on social networking sites as it is with the standard background check.]

3.  “Is the information that your company collects from social media websites like Facebook limited to information that can be seen by everyone, or does your company endeavor to access restricted information.”

4.  “The reports that your company prepares for employers contain screenshots of the sources of the information your company compiles…These websites are typically governed by terms of service agreements that prohibit the collection, dissemination, or sale of users’ content without the consent of the user and/or the website….. Your company’s business model seems to necessitate violating these agreements.  does your company operate in compliance with the agreements found on sites whose content your company compiles and sells?”

5.  There appears “to be significant violations of user’s intellectual property rights to control the use of the content that your company collects and sells.  …. These pictures [of the users], taken from sites like Flickr and Picasa, are often licensed by the owner for a narrow set of uses, such as noncommercial use only or a prohibition on derivative works.  Does your company obtain permission from the owners of these pictures to use, sell, or modify them?”

4.  Conclusion

Establishing an internal procedure for using the Internet to make employment decisions is one more piece of a sound ethics and compliance program that addresses how your company is using social media.  If using an outside vendor to perform social media background checks is part of that policy, you should assure yourself that the company is acting in compliance with the relevant laws.  Further, if your company does decide to use an outside vendor, the company should not assume that employees will forego their own Internet searches of job candidates unless they are specifically instructed to follow the company’s procedure.

Michelle Sherman is special counsel at Sheppard Mullin Richter & Hampton where she practices business litigation and consults with businesses on legal and regulatory compliance issues relating to social media and the Internet.  Michelle is the editor and contributing author to the law firm’s Social Media Law Update blog.

Transaction Monitoring: Fighting Corruption and Protecting National Security

In an article in the Tuesday Wall Street Journal (WSJ), entitled “More foreign banks probed for sanctions violations”, Brett Wolf reported that the New York County District Attorney’s Office will shortly announce additional enforcement actions against banks for sanctions violations regarding Iran and Syria. In a speech made on November 14, Manhattan District Attorney Cyrus Vance talked about payments made to persons associated with sanctioned countries as constituting a threat “to US national security.”

This reminded me of the ideas that my “This Week in FCPA” colleague Howard Sklar often speaks about; that being ‘compliance convergence.’ One of these areas where there is convergence with anti-corruption and anti-bribery compliance programs is anti-money laundering. While many persons discuss the techniques used in anti-money laundering as techniques which can or should be used in banking and other financial institutions’ compliance programs, there is one area which companies should adopt from anti-money laundering directly into their anti-corruption and anti-bribery compliance programs and that is transaction monitoring.

For some time now banks have been required to monitor transactions of Politically Exposed Persons (PEPs). Generally speaking this effort includes requiring banks to apply enhanced due diligence to bank accounts and transactions by PEPs; requiring financial institutions to assess and evaluate risk so that it can be more carefully managed; promoting transparency in all transactions and monitoring transactions which might be termed suspicious. This means more than single transaction monitoring and is a more sophisticated approach which allows cataloguing and cross-referencing transactions.

Banks begin with the need for enhanced due diligence that they can determine when dealing with a foreign governmental official. This due diligence must include procedures “reasonably designed to detect and report transactions that may involve the proceeds of foreign corruption.” Banks make some or all of the following list of inquiries: identify the stakeholder and any beneficial owners; from this identification, determine the PEP status; obtain employment information and evaluate for industry and sector risk of corruption; review the stakeholder’s country of residence and evaluate for level of corruption; check references; obtain information on immediate family members to determine PEP status; and make reasonable efforts to review public sources of information.

Although not couched in terms of the compliance lingo “Red Flag”, anti-money laundering requirements make clear that simply identifying a stakeholder as a PEP does not disqualify the candidate. It means that additional investigation must be performed. Therefore, if a PEP comes up in your Foreign Corrupt Practices Act (FCPA) compliance program due diligence investigation, as an owner of a Foreign Business Partner, additional investigation must be performed to determine the relationship of this governmental official; the transaction at issue;  and any potentials for conflicts-of-interest or self-dealing. The promotion of transparency requires actual knowledge of the parties who are involved in all transactions. In addition to identifying those owners and any beneficial parties as indicated above, care should be taken to identify any shell companies which a PEP might have ownership or interest in. This is a critical analysis which companies should take as part of their overall due diligence effort.

While many compliance programs do a good job of the above due diligence and attendant analysis; companies do not take the next step, that being transaction monitoring, and integrate it into their compliance function.

Generally the Treasury Department, or some other functional group in a company has a policy preventing payments to locations other than (1) where services are delivered or (2) the home country of the payee. However, this other functional department rarely works in concert with the Compliance or Legal Department, in terms of notifying other company groups of a suspicious payments or even providing documentation of such suspicious payments and storage of such information in a mutually accessible database. Contrasting this, situation most companies will have a policy regarding the retention and contracting with agents or other foreign business representatives or partners but how often are such policies found for vendors in the Supply Chain. The next step in this transaction monitoring process is monitor each transaction to determine if it is ‘suspicious’, that is the term generally recognized by banks in the anti-money laundering context. How many companies have systems in place to perform the same suspicious activity analysis in the normal course of transacting business? Further, there are software program and other tools which a company can utilize which will automate this monitoring process.

Wolf reported that Manhattan District Attorney Vance said that payments out of certain financial institutions had “stripped wire transfer payments of information that would have revealed that sanctioned parties were engaging in US dollar transactions.” How many companies could monitor that type of information for payments they may have made to vendors in the Supply Chain or agents in the Sales Chain for that matter? Near the end of his speech, Vance said that his office was “well positioned” to pursue such claims.

As banks and other financial institutions become more robust in their anti-money laundering programs, many nefarious individuals may move their activities to companies with less robust procedures and back-up systems to detect, record, store and share any such activity with the appropriate group within a company. This may well be the next US government target for inquiry.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

The SEC Whistleblower Program: A Game-Changer for FCPA Violations

Ed. Note-today we host a post by Jordan A. Thomas.

In August, the Securities and Exchange Commission (SEC) finalized and implemented a whistleblower program enacted under Dodd-Frank, which will dramatically alter the landscape for public and private companies alike. This program, and its first cousin, the SEC cooperation program, will have a game-changing impact on the detection, punishment and deterrence of violations of the Foreign Corrupt Practices Act (FCPA). Indeed, in the SEC’s November 2011 release highlighting enforcement activity over the fiscal year ending in September, the agency’s Foreign Corrupt Practices Act Unit, formed in 2009, recorded its first 20 FCPA enforcement actions in the fiscal year.

During my tenure as a senior attorney at the SEC, I played a leadership role in drafting the provisions of the whistleblower program and served as the first National Coordinator of the cooperation program. Both programs emerged as a response to the serial misconduct pervading the commercial marketplace.  And, importantly, both programs recognize that for law enforcement to be more proactive and effective in identifying unlawful conduct in domestic markets and abroad, it needs greater participation from the public at large.

While the private sector’s role in the broader enforcement context is an established part of American jurisprudence, that role has diminished in recent years.  Some of this can be attributed to recent court decisions that limit the role of private litigants in securities enforcement.  But another reason likely rests on the fact that coming forward to report misconduct has historically rendered the whistleblower persona-non-grata at best, and, worse, exposed to tremendous personal and professional risk.

In this way, the whistleblower program is revolutionary.  The program provides significant financial incentives (10-30% of the monetary sanctions collected) to whistleblowers providing original information about possible violations of the federal securities laws.  The new anti-retaliation protections are also robust, protecting qualified whistleblowers for up to 10 years, regardless of whether their good-faith reports are ultimately verified.  Additionally, whistleblowers may remain anonymous until they wish to receive their award – if they are represented by counsel.

The broad reach of these regulatory developments creates serious implications for business across the globe.  The reported misconduct may occur anywhere.  Any violation of US federal securities laws qualifies.  International organizations and individuals that do business or have personal contacts with the US can be subject to jurisdiction.  A whistleblower may be any individual or group of individuals, regardless of citizenship, that provides information not known to the SEC or solely derived from public sources.

Given that FCPA violations are both common and the subject of increased law enforcement focus, it is a safe bet that numerous FCPA enforcement actions will be initiated as a result of whistleblowers.  (This trend is certainly confirmed in my own law practice.)  Furthermore, since the monetary sanctions in this area are large and headline-grabbing, whistleblowers will have a greater incentive to come forward. Consider the record Siemens settlement in 2008, under which the company resolved FCPA charges for $1.6 billion in fines, penalties and disgorgement of profits, including $800 million to US authorities.  A qualified whistleblower, meeting the various eligibility requirements, could have received up to $240 million under the new SEC whistleblower program. 

This is an area of serious multi-agency scrutiny.  FCPA enforcement actions have doubled since 2009.  According to the SEC’s website, in the first half of 2011, ten different enforcement actions have reaped half a billion in penalties from blue-chip companies, including Johnson & Johnson and IBM.  Significantly, because many FCPA actions have parallel proceedings by DOJ, whistleblower awards, which extend to related actions, are likely to be even higher.

Illustrating the financial significance of the parallel proceedings for whistleblowers, in April 2011, the SEC announced a settlement with Johnson and Johnson to resolve charges that the global giant violated the FCPA by bribing public doctors in several European countries and paying kickbacks to Iraq to illegally obtain business.  J&J agreed to pay more than $48.6 million in disgorgement and prejudgment interest to settle the SEC’s charges and an additional $21.4 million to DOJ to settle criminal charges.

Also in April, the SEC and Comverse Technology, Inc. reached a settlement in connection with alleged FCPA violations. Comverse offered to pay approximately $1.6 million in disgorgement and prejudgment interest to the SEC and $1.2 million in criminal penalties to the Department of Justice.

In May 2011, the SEC entered into its first ever Deferred Prosecution Agreement (DPA) under the cooperation program with Tenaris S.A.  The investigation focused on allegations that the global manufacturer violated the FCPA by bribing Uzbekistan government officials during a bidding process to supply pipelines for transporting oil and natural gas.  Under the terms of the DPA, Tenaris must pay $5.4 million in disgorgement and prejudgment interests and an additional $3.5 million criminal penalty in a Non-Prosecution Agreement with the Justice Department.

As US enforcement bodies ante up their efforts and expand their reach, the trend is gaining traction in other jurisdictions.  The UK Bribery Act, finalized this past July, extends to any company with a UK office, employees who are UK citizens, or a company that provides services to a UK organization.  The fines are unlimited and the Act has a broad jurisdictional reach, affecting the majority of US public companies.  In addition, in October of this year, the UK Serious Fraud Office launched “SFO Confidential,” a hotline for insiders to report fraud and corruption.  This development marked a major shift in position because the Financial Services Authority has historically discouraged external reporting and does not guarantee confidentiality to whistleblowers.

These parallel developments in the UK signal a larger recognition that regulators need to think outside of geographic and investigative boundaries.  As both the FCPA and Bribery Act have extraterritorial reach, so too does the recognition that whistleblowers can and should play a key role in reporting such violations.

What’s a company to do?  Invest.

As business grows ever more global, expansion into emerging markets is an exciting and promising commercial reality.  But it is also rife with exposure.  Companies need to invest in transparency, invest in compliance and invest in their people.  Even companies with top-notch corporate compliance programs must be on their guard.  Given the significant retaliation protections and major financial incentives, whistleblowers will come forward to report FCPA violations.  People with original information should be encouraged to report internally, protected from retaliation when they do, and assured their reports will be properly addressed.

This is a bare minimum of corporate integrity.  In a world where FCPA enforcement actions are on the rise, and reputational damage can level a company, not meeting this bare minimum is a cost no company can afford.

=============================================================================================

Jordan A. Thomas is a partner with Labaton Sucharow and Chairs its Whistleblower Representation Practice.  He previously served as a senior attorney with the SEC and DOJ.   He can be reached via email at jthomas@labaton.com and via phone at 212-907-0836.

=============================================================================================

Episode 23 of This Week in FCPA is up. Check Howard Sklar and myself as we discuss the Lanny Breuer speech at the ACI National FCPA Conference, Olympus, the Bribery Act and more.