IRS Joins FCPA Enforcement

At the recent ACI FCPA Boot camp, held in Houston, there was an interesting new angle presented in the enforcement panel. Clarissa Balmaseda, a special agent in charge of Internal Revenue Service (IRS) criminal investigation, joined Nathaniel B. Edmonds, Assistant Chief from the US Department of Justice’s (DOJ) Fraud Section – Criminal Division, and Jason Rose, Senior Attorney, FCPA Specialization Unit, a representative from the Securities and Exchange Commission (SEC), in discussing the most current Foreign Corrupt Practices Act (FCPA) enforcement trends. This was the first time I had seen an IRS agent participate in a FCPA conference on behalf of the US government.

So what does the IRS bring to a FCPA investigation? Edmonds stated that the IRS has skills and experience in looking at financial patterns and tracing money. He noted that usually FCPA violations are tied to other legal violations, for example money-laundering or fraud, and that the IRS can comb through financial records to find patterns in payments. He also stated that the IRS has significant experience in investigating corporate shell structures which can be part of an ongoing criminal attempt to obtain bribes and then conceal the location of the money.

Agent Balmaseda stated that the IRS would be looking into financial statements for mis-characterization of bribe payments, specifically focusing on tax returns. Similarly, the IRS would also investigate to determine if companies were amending their financial statement filings, including tax returns, to correct such mis-characterizations after disclosure of any such payments. She later added that the same type of analysis would be applied to any monies which were initially mis-characterized on a company’s books and records, such as gifts, travel, entertainment or charitable contributions.

Agent Balmaseda also discussed some of the red flags the IRS will be looking for in any FCPA investigation in which their assistance is requested. These red flags may include the following:

1. Timing of contract award – Vis-à-vis payment to an agent at, or near, the award of a contract may indicate that monies paid to an agent are being used to pay a bribe.
2. Amount of contract – Check if contract is increased during its term. If there is no corresponding business justification, this may be evidence of corruption.
3. How was a payment made and to whom? – This analysis will look that the methods of payment and delivery.
4. Employee expense reports – While most investigations focus on payments to agents, the IRS may well look more closely at employee expense reports to see if any overall patterns are developing which might indicate corrupt payments are being made elsewhere.
5. The importance of a strong company Internal Audit investigative team – Here Agent Balmaseda emphasized that during a company’s internal investigation it is important to speak with the business unit controller because they decide how payments are categorized. She also emphasized that tax filings and their amendments are important.

The addition of the IRS to any FCPA investigation brings additional specialization and sophistication to the government’s effort. Agent Balmaseda’s remarks provide a company with clear guidance on the types of analysis that the IRS can, and will, perform. Companies should use this information and begin to perform these types of investigations internally before the government comes knocking. Lastly, a corporate tax return may provide fertile grounds for an investigation. Companies which now perform an internal investigation but do not self-report may find themselves in deeper trouble.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Apollo 1 and a Compliance Dozen – How to Design a Program for Foreign Business Partners

Friday, January 27 was the 45^th anniversary of the Apollo 1 disaster. As reported by Brian Vastag, in an article in the Washington Post entitled “45 years after America’s first space tragedy, lessons linger”, it was a “launchpad fire which killed three NASA astronauts during testing of the then-new Apollo capsule. Reviews found that the early design of the craft was fatally flawed. Faulty wiring probably sparked the blaze that killed Roger Chaffee, Gus Grissom and Ed White. Among other problems, engineers saved weight by filling the capsule with pure, low-pressure oxygen instead of air, which is 80 percent inert nitrogen.”

One of the clear pieces of guidance from the Department of Justice (DOJ) is that a ‘tick-the-box’ compliance program is not only insufficient; it will not protect a company if a Foreign Corrupt Practices Act (FCPA) violation is discovered. However, many compliance practitioners do not know what should be analyzed regarding foreign business partners. I recently attended the ACI FCPA Boot Camp in Houston, home of the Johnson Space Center. One of the presentations dealt with how to design an overall program to evaluate, contract with, and manage foreign business partners. Furthermore, the presentation focused on how to assess the information obtained through the due diligence process. The presenters discussed a 12 point evaluation process for reviewing, assessing, then contracting with and managing foreign business partners. The steps are as follows:

1. Consider reputation for corruption in the country. You clearly need to review information from governmental organizations, such as the US Department of Commerce and State. A widely used source is from non-governmental organizations, such as Transparency International. Additionally, there are private sources such as World Check’s Country Check and the FCPA Database that you can use to review and determine a country’s overall reputation for corruption.
2. Competence of foreign business partner. This is a two-part analysis. It includes a review of the qualifications of the candidate for subject matter expertise and the resources to perform the services for which they are being considered. However, it also in includes an identification of the representative’s expected activities for your company.
3. Determine the integrity of the foreign business partner. There are several different methods that can and should be employed for this inquiry. Initially there should be an internal point of contact with the potential foreign business representative who can be used to obtain documents and financial, commercial and compliance references. After obtaining this initial information, you should review US and non-US restricted party lists and other media/internet searches. Next you should, at a minimum, obtain comments back from all references and if needed interview these references. Lastly, you should consider conducting an interview with the candidate. This can be done in house or through a company which specializes in investigations.
4. Identify relationships between agent and foreign governmental official. This inquiry requires a detailed review of the ownership and officers/directors and key employees of the foreign business partner. You will need to obtain and review entity information and documentation. If this is in a foreign language you will need to have it translated. One last point here is that you may now need  to look at customers as well to ascertain past and present relationships with government agencies.
5. Business justification for use of agent and reasonableness of compensation. Here you should begin the entire process by requiring the relevant business unit which desires to obtain the services of any foreign business partner to provide you with a business justification including current opportunities in territory, how the candidate was identified and why no currently existing foreign business relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.
6. Ensure that answers provided by the representative or business partner to due diligence questions are accurate and complete. This is the old Ronald Reagan maxim of ‘trust but verify’. You must verify information received from the prospective foreign business partner with interviews of business references and background searches.
7. Ensure compliance with local laws. This means that both the relationship that you envision is legal within the foreign jurisdiction and that the foreign business partner will comply with all local laws.
8. Integrate FCPA contract safeguards. You will need to incorporate the DOJ required language, listed in its 13 point minimum best practices compliance program. These compliance terms and conditions are found in Attachment C of all Deferred Prosecution Agreements (DPAs), entered into by the DOJ since at least November, 2010.
9. Provide for continuing oversight. After you have performed your due diligence, evaluated it and then entered into the contract for services, now the real work begins. You must manage that relationship. I suggest that you do so through a business unit sponsor for all foreign business partners. Such person must be assigned to and be responsible for ensuring continuing oversight of the foreign business partner.
10. Maintenance of books and records. This requirement also has two parts. Clearly your company must maintain appropriate internal controls over all its foreign business partners but your foreign business partner must also maintain such accurate records. I would go further to add that you should audit these records to ensure compliance.
11. Seek guidance from DOJ. As I mentioned above there are several different resources available to the compliance practitioner for information relating to foreign business partners. These include the minimum best practices as set forth in Attachment C to each DPA; DOJ Opinion Releases; Securities and Exchange (SEC) enforcement actions. Also remember your company can avail itself of the Opinion Release procedure and request guidance from the DOJ via that mechanism.
12. Use consistent standards and common sense. You should not check your common sense at the door when you become a compliance officer. The surest way to get into trouble is by ignoring your own internal warning signs. If a relationship feels bad to you, or something does not quite ‘smell right’ about a proposed foreign business partner, listen to that sensation. It may be a situation where more due diligence is required or a situation where you should walk away. Additionally, you should use consistent terms and conditions across industries and services, such as with customs brokers and freight forwarders.

The Apollo 1 tragedy still haunts NASA today. Vastag noted that “The tragedy is still etched on NASA’s collective psyche.” One NASA veteran, Travis Thompson, worries that the commercial companies which now lead most of American’s space efforts “have not absorbed the prime lesson of Apollo 1 — that bad design begets tragedy.” The 12 point program set out above will help your company to work through any issues with foreign business partners and by following it, you may well prevent your company from having its own compliance failure.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Why How We Do Anything Means Everything

Ed. Note-I read the following post in the January 24 edition of Doug Cornelius’ Compliance Building. I was so impressed with the article that asked Doug if I could repost it in its entirety, which he graciously allowed me to do. 

An acquaintance in the compliance field sent me a copy of Dov Seidman’s How and I let it sit around  for months. (My “To Read” stack has grown very tall.)  I assumed How was vanity book and would rattle on and on about Seidman’s company: LRN. I recently moved and my “To Read” stack was tumbled around in a plain cardboard box.  How resurfaced in the stack and I noticed the forward was by President Bill Clinton. That was enough to catch my eye.

Seidman spends the first half of the book talking about transparency, trust, reputation, and the new inter-connected world. He does a fine job with these topics, but I’ve seen them handled better elsewhere. The second half of the book, which focuses more on Seidman’s philosophy of business, is when the book becomes more valuable.

Seidman highlights an empirical study about reputation using eBay’s seller reputation information. Chrysanthos Dellarocas used eBay as an experiment. In a study selling the same product, in the same way, through eBay sellers with different levels in the site’s reputation scores, the researchers found a measurable difference in price. A seller with a high reputation on average would get a measurable price premium over a seller who did not.

As you might expect, the book is full of stories as examples. One that really caught my eye was the description of four factories as examples of four types of corporate culture. The factories are to be toured and the measuring stick is the use of hard hats. At the first factory, one of lawlessness and anarchy, the factory tour guide does not offer hard hats to the visitors and many workers are seen without hard hats. At the second factory, an example of blind obedience, all workers wear hard hats and the tour guide says everyone has to wear one or they get fired. The tour guide admits that he doesn’t know why he needs to wear it or why the boss also makes him wear blue pants.

The third factory is the next step up the corporate culture ladder as an example of informed acquiescence. Hard hats are there for everyone with big signs saying everyone must wear one. But when one member of the tour group asks to be excused from wearing one, the tour guide scampers off trying to find a higher-up to approve the lack of a hard hat.

At the top of the corporate culture is the fourth factory, an example of Seidman’s self-governance. The tour guide insists that everyone wears a hard hat and when that same member of the tour group asks to be excused the tour guide says no. “I take personal responsibility for what happens to you. I don’t want to offend you, and you can call my boss or the owner if you like, but I believe your safety and the safety of everyone are paramount. “

The how of culture is broken into five parts: how we know, how we behave, how we relate, how we recognize, and how we pursue.

One common theme in the book is an indictment of a rules-based culture. Rules-makers “chase human ingenuity, which races along generally complying with the rules while blithely creating new behaviors that exist outside of them.” The example that caught my eye was the clerk who insisted on wearing ties with cartoon characters. His bosses fought him and finally insisted that he obey the rules on permissible neckwear. The clerk acquiesced and showed up the next day with Tasmanian Devil suspenders.

Ultimately, a rules-based governance focuses on the things you can’t do, while a values-based governance focuses on what is desirable.

This ends up with Seidman’s Leadership Framework. I think that is better left for more to readers of the book.

If this sounds interesting to you, I ended up with a second copy of How. Rahter than have it sitting on my bookshelf, I want to share it with one of my readers. If you are interested, leave a comment on this blog post or send an email to compliancebuilding@gmail.com. I’ll pick a winner on February 1.

============================================================================================Episode 28 of This Week in FCPA is out. Howard and I continue our 2012 discussions of all things FCPA and compliance including the SFO remedy in the Mabey and Johnson enforcement action and the O’Shea acquittal.

———————————————————————————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The editor can be reached at tfox@tfoxlaw.com.

Conduit to Compliance or First Line of Defense – the Local Compliance Point Person

As compliance programs mature, it is becoming increasing clear that one size does not fit all. Moreover, there may be several different approaches to creating the most effective compliance program for your organization. This past week I attended the ACI FCPA Boot Camp in Houston. Many of the presentations dealt programs, procedures and process companies had developed specifically for the compliance issues they have faced around the globe. One of these was in a session entitled “Compliance Programs 2.0” where one of the subjects discussed was who to embed as a local compliance representative in an international business unit.

On this discussion panel were two lawyers, Rick Chapman, Assistant General Counsel at Halliburton and John Lewis, Sr. Managing Counsel – Compliance Global Anti-Bribery Counsel, they presented two distinct views on utilizing local compliance point persons in their company’s respective international anti-corruption and anti-bribery efforts. I found that each company’s approach had merit and that they are both models which you can review to determine which might be best suited for implementation in your organization.

Conduit

Rick Chapman described the structure that Halliburton utilizes as a conduit to the compliance department. The local compliance resource is generally not an attorney or in the company’s Legal Department. The employee is a local business unit employee who Halliburton embeds within the compliance function. Initially the compliance group will identify a person who can handle this role and will then  provide them with specialized compliance training.

Mr. Chapman remarked that two of the main roles of the LCAs are to provide compliance training to other employees in the business unit and also to listen to the compliance concerns of Halliburton employees on the ground. As the local eyes and ears of the compliance group, they can bring day-to-day concerns back to the home office for review and assessment. In this manner they are viewed as a conduit to the compliance group, headquartered in Houston.

First Line

John Lewis contrasted the Halliburton conduit approach with that of Coca-Cola regarding local compliance resources. Coca-Cola utilizes regional counsel from the Legal Department to act as “Legal Ethics Officers (LEOs).” While these LEOs are lawyers, Mr. Lewis made clear that they are employed in the Legal Department and not in the local business unit. In their role, LEOs have authority to make preliminary compliance assessments regarding day-to-day compliance issues. The company views them as the first line of compliance.

Mr. Lewis said that one of the key reasons that the company takes this approach is in dealing with foreign governmental officials. LEOs have authority to make contact directly with foreign government officials and present the company’s position on compliance issues. He stated that this brings one additional level of review and assessment to the company’s compliance regime and that this could be important if a regulator reviewed any decision made by the company in the context of the Foreign Corrupt Practices Act (FCAP), UK Bribery Act or other anti-corruption laws.

I found both of these methods to create and utilize a local compliance representative creative and economically efficient. They are systems to help embed the concept of compliance within the local and international culture of an operation. By utilizing such resources, whether they be in the “conduit” format or the “first line of defense” format, I believe that a company can drive home, on a daily basis, how to conduct business ethically and within the parameters of anti-corruption laws.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Improving Compliance Performance in Your Supply Chain

One of the areas moving towards being incorporated into a best practices compliance program is that of the supply chain. While many companies have focused significant compliance program effort towards the sales chain, the supply chain is now viewed as an area which requires compliance scrutiny. One of the questions I routinely hear is how to endow vendors in your supply chain with the same urgency of compliance initiative that is present in your company. I recently read an article, in the winter 2012 issue of the MIT Sloan Management Review, which provided some guidance on this issue. It also has wider implications for improving compliance not only in the supply chain but also in the sales chain arena of your company. The article is authored by Erica Plambeck, Hau Lee and Pamela Yatsko and is entitled “Improving Environmental Performance in your Chinese Supply Chain.”

The authors break their analysis down into two general areas. The first is “Getting to Know Your Supply Chain” and the second is “Act on Knowledge from Improved Chinese Transparency”.

Getting to Know Your Supply Chain

In this section, the authors suggest five activities which can help your company to foster identification and visibility of compliance into your supply chain.

1. Provide incentives for identifying, disclosing and addressing problems. The authors note that many companies will audit suppliers, which they term “the checklist approach” but that such an approach does little to change behavior. The authors believe that incentivizing suppliers to do business in a more compliant manner will yield more significant compliance performance.
2. Collaborate with NGOs to facilitate compliance education and monitoring. You should encourage suppliers to work with non-governmental organizations (NGOs) in the anti-corruption area so that your suppliers will take greater responsibility towards compliance. This can be done by working with TRACE International, Transparency International or a NGO which works towards a global business ethic of anti-corruption and anti-bribery.
3. Make use of changing governmental attitudes towards corruption. Just as the Chinese government has changed its tune on environmental issues, it has recently done so regarding anti-corruption. This change can be used as a signal to Chinese companies of the need for increased awareness and importance.
4. Work with multi-brand forums to standardize compliance audits. This is an interesting concept which would allow a supplier to receive a compliance audit which could then be used as a reference point in the compliance due diligence portion of your supplier approval process.
5. Encourage anti-corruption transparency as an efficiency tool. While many believe that transparency means additional costs and slows down a sales or production cycle, many have found the opposite to be true. Companies which operate with greater compliance transparency not only do so more efficiently but also in a more cost effective manner.

Act on Knowledge from Your Supply Chain

With visibility into the five areas identified above, your company is now poised to improve performance. Once again, the authors are focusing on improving environmental performance, but I believe that their seven listed action steps work in the compliance arena as well; they are as follows:

1. Encourage training of compliance professionals. US companies can work towards training Chinese compliance professionals at their home companies. I realize that many out there will proclaim that such training cannot be done but several US companies provide such training to their third party business partners.
2. Put skin in the game. Prospects for the greatest compliance improvements and conducting business in an ethical manner come from locations where both the US Company and Chinese supplier have a stake in the outcome. Not only is training a key, as noted above, but insert a compliance component into the financial of the relationship. Also work with the Chinese company to improve its compliance function through audits and assessments.
3. Learn from your suppliers and facilitate learning among your suppliers. US companies need to confront directly the cultural differences between both cultures. Additionally, a successful compliance program does not simply ram a US law, here the Foreign Corrupt Practices Act (FCPA), down the throats of local suppliers. Learn the nuances of local culture regarding gifts and entertainment from your suppliers and incorporate that knowledge into your training.
4. Collaborate with other US companies to drive change across suppliers. Work with industry groups to mandate that any supplier conducts business in an ethical manner.
5. Build collaborative training centers. This will not require your company to violate the Sherman Anti-Trust Act. Be a leader in your company and set up collaborative learning or training centers for compliance. Just as compliance is the most open business function within the US business community in terms of sharing best practices, use this compliance community to lead to ethical business in local suppliers.
6. Use your suppliers to train Tier 2 suppliers. This is a key component of the authors’ thesis. You should be able use your direct suppliers to train their suppliers. By creating such multi-stakeholder approaches, the DNA of compliance will be driven further down the supply chain.
7. Tailor programs to local realities. Similar to step 3 above, you must tailor your message to your local audience. This includes your message roll out. Your compliance program roll out must take into account both human resources constraints and other local conditions while providing incentives to suppliers to take ownership of compliance.

This program may not be easy. However, the authors have provided a framework from which you can design an overall approach to inculcating compliance in your supply chain. I believe it portends a growing trend towards partnering with your business relationships to ensure compliance with not only international anti-corruption and anti-bribery regimes, such as the FCPA and UK Bribery Act, but also local anti-corruption laws. The article is well worth a look.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

How Charles Ponzi Can Inform Your Compliance Program

Yesterday, I used some of the wisdom from current CIA Director General David Petraeus to suggest how senior management might move forward with a compliance program. Today I will use a very different individual to help inform your third party due diligence, Charles Ponzi.

My colleague Tracy Coenen writes an invaluable blog entitled The Fraud Files Blog. She consistently writes about detecting fraud in all its forms. In a recent post,entitled “Ponzi Scheme and Investment Fraud Red Flags”, Tracy identified many Red Flags which might come up if you performed some due diligence on a Ponzi scheme or persons promoting it. In her blog post, she listed “some red flags about the “investment” you’re considering that might indicate it is a Ponzi scheme” and they are as follows:

• Promoters are not registered to sell investments (Consider doing a background check through Financial Industry Regulatory Authority (FINRA) if the promoter is U.S. based.);
• Promoters have a history of being investigated and/or disciplined for actions related to investments (Google is your best friend for this one.);
• Promoters and/or founders of the business/investment have criminal, bankruptcy, or civil court histories that are troubling (Use PACER to search all federal court records for a nominal fee. State courts generally have their own online systems, and access to them is growing daily.);
• Difficulty in verifying whether there is a legitimate business behind the investment (Again, Google is your friend!);
• Groundbreaking “new technology” or other special (but super-secret) methods or assets, which are going to take the world by storm and be the greatest thing since sliced bread;
• Complicated alleged business model that prevents an experienced investor from understanding how money is really made;
• The alleged performance of the company is suspiciously higher than competitors or companies in related industries;
• No objective third-party information can be found about the company;
• Elaborate explanations for why the business cannot be verified;
• Unusually high rates of return offered on the investments (Note that this one is the most common across all Ponzi schemes.);
• Returns on investment are guaranteed (Not to be confused with an annuity from a reputable company with a guarantee in the contract.);
• Promoter downplays the amount of risk investors will be exposed to, often  using phrases such as “a sure thing”;
• Reluctance to provide documentation supporting claims being made about the investment and the business behind it;
• Address of the “business” is a mail drop location, virtual office, or small private office that couldn’t possibly hold a business the size that is being claimed (Google Maps is very helpful for this one.);
• Few (if any) employees in the operation other than the founder and/or promoter;
• Background of the principals of the business is mismatched with what the business does (Use Google to find out what kinds of jobs they held previously, and compare it to what they’re supposedly doing now.); and
• Company’s alleged success is related to a recent announcement of some sort, rather than historical financial results (This one is even worse if the information in the announcement can’t be verified, and it appears to just be a PR stunt for the benefit of potential investors.).

One of the things that struck me in reading Tracy’s list of Ponzi scheme Red Flags is how closely they mirror those which may appear in a Foreign Corrupt Practices Act (FCPA) or UK Bribery Act due diligence investigation. Additionally the Red Flags would seem to organize themselves into four general areas:

1. Something seems out of the ordinary.
2. Reluctance of party to supply information/difficulty of verifying information.
3. The scheme is not verifiable by data, only anecdotally.
4. Mismatch in business experience with the product or services offered.

In due diligence training, I always tell people to listen to their guts, or if the hair on the back of their neck stands up, pay attention. Not listening to your internal warning system can lead your company down a path that it may well not desire to travel. Red Flags are so called for a reason and if they are raised they must be sufficiently clear. Tracy Coenen’s list of Red Flags for Ponzi schemes is one which any corporate compliance officer should take to heart.

Tracy Coenen, CPA, CFF  has also written a useful book for helping companies and individuals detect fraud and Ponzi schemes and investment frauds entitled, “Expert Fraud Investigation: A Step-by-Step Guide.” She can be reached via email at tracy@sequenceinc.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

General Petraeus and Four Tasks to Inform Your Compliance Program

Most senior corporate officers are firmly behind their company’s compliance programs, whether based upon the Foreign Corrupt Practices Act (FCPA); the UK Bribery Act or some other anti-corruption or anti-bribery regime. They often ask me what specifically they can do to assist in moving their company’s compliance program forward. I thought about this question while reading a book review by Max Boot, in the January 21-22 edition of the Wall Street Journal (WSJ), of “All In: The Education of General David Petraeus” authored by Paula Broadwell, with Vernon Loeb. The book itself is an account of General Petraeus’s life story coupled “with an insider’s look at the general’s year in command in Afghanistan.”

From the perspective of the compliance practitioner, the thing that I found of interest was the discussion of four tasks that General Petraeus believes that leaders must perform. After listing these four tasks out, the authors go on to demonstrate  how General Petraeus applied this approach to such basic tasks as crafting rules on the use of force designed to strike a balance between being aggressive without causing unnecessary civilian casualties. The four tasks are:

1. A leader must get “the big ideas right”;
2. A leader must communicate those “big ideas”;
3. A leader must oversee “the implementation of those big ideas”; and
4. A leader must capture “best practices and lessons” and cycle them “back through the system to help refine the big ideas.”

So how can your senior management use General Petraeus’ four tasks to move towards a best practices compliance program?

Get the Big Ideas Right

The Big Idea here is compliance is good business. One only needs to look at the current debate to amend the FCPA to understand that it can be simple. At the House Judiciary Committee hearing last June, Department of Justice (DOJ) representative Greg Andres said it is quite easy to avoid FCPA liability; simply do not engage in bribery. That is certainly a big idea and one that senior management can lead the way.

Communicate the Big Ideas

Once senior management is committed to a big idea, such as the company will not engage in bribery or other forms of corruption to do business, senior management must communicate this message. Here a variety of forms of communications can be used; email, video messages, presenting at annual sales and leadership conferences or any other medium. Remember you, as the compliance officer, are only limited by your imagination on how to communicate this idea.

Oversee Implementation of the Big Ideas

Here General Petraeus suggests that senior management must take an active involvement in any program implementation or significant enhancement. This does not mean that senior management could or even should be down into the details of compliance program implementation or enhancement. However, it does mean that senior management needs to stay abreast of progress and assist, if required, to untangle strategic bottlenecks within the company.

Capture Best Practices and Lessons and Cycle Back

This fourth task is one that has clearly been discussed by Lanny Breuer and other DOJ representatives at compliance conferences over the past 2+ years. In any minimum best practices compliance program, there should be an annual assessment. The lessons learned from this annual assessment should be cycled back through your compliance program to allow continual refinement of the big idea that your company will not engage in corruption or bribery to obtain business.

General Petraeus’ four tasks outline an excellent manner for senior management to organize its approach to anti-corruption and anti-bribery compliance programs. As a compliance officer, you can present this mechanism to senior management as an approach to think through and manage its role in your compliance program. It is well worth a look.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Another Nigerian Bribery Scandal Settlement and the NL MVP Award

Tomorrow Ryan Braun will accept the National League MVP Award. He will accept this award for having a superlative 2012 season; which, as reported by MLB.com, included a “Batting Average of .332 with 33 home runs and 111 RBIs while leading the Brewers to the NL Central title.” He will also accept this MVP Award while “facing a 50-game suspension after testing positive for elevated levels of testosterone late last season.”  Braun has appealed this suspension and the matter is currently in the appeals process.

The above came to mind as I read recent blog posts by the FCPA Professor and the FCPA Blog, that there is a new entry into the Nigerian-Bonney Island Bribery Scandal. That entrant is the Japanese trading company, Marubeni Corporation, which the Department of Justice announced it had settled an enforcement action with this past week. As reported by the FCPA Professor, Marubeni was retained by the joint venture, TSKJ, “to help it obtain and retain business in Nigeria, including by offering to pay and paying bribes to Nigerian government officials.”

Pursuant to the Deferred Prosecution Agreement, Marubeni agreed to pay a penalty of $54.6 million.  Marubeni was paid over $51 million for its services by TSJK so its overall penalty is assessed at slightly more than it received for services it rendered. As noted by the FCPA Professor, “ the advisory Sentencing Guidelines range for the charges at issue was $54.6 million – $109.2 million– a rare instance in which the fine amount is within the guidelines range.”

With this recent enforcement action we present the following updated Nigerian Bribery Scandal Box Score, new and improved with both Corporate and Individual Divisions:

                       SETTLEMENT BOX SCORE

Entity or Person	Division	Fine, Penalty and Disgorgement of Profits
Halliburton + KBR	Corporate	$579 Million
Snamprogetti & ENI	Corporate	$365 Million
Technip	Corporate	$338 Million
JGC	Corporate	$244 Million
Marubeni	Corporate	$54.6 Million
Corporate SubTotal		$1.58 Billion
Jeffery Tessler	Individual	$147 Million
Wojciech Chodan	Individual	$700,000
Jack Stanley	Individual	(not yet determined)
Individual SubTotal		$147.7 Million
Total (to-date)		$1.72 Billion

So for those of you keeping score at home, there have been fines, penalties and profit disgorgement of over $1.72 billion. All of this for bribes paid on, by, or on behalf of TSJK. This JV won four contracts, worth more than $6 billion, from the Nigeria government between 1995 and 2004 to build LNG facilities on Bonny Island.

This total settlement figure does not include any potential costs going forward such as reduction of credit ratings, the payment of legal fees and any forensic accounting fees during the pendency of the DPA. The costs listed above do not include the total cost paid by Marubeni for its internal company investigation into this matter. However, based upon the reported fees to date paid by the other defendants, these investigation fees will surely be in the tens of millions of US$. Additionally the above Box Score does not take into account any fines or penalties paid by the defendants to the Nigerian government.

So what is the difference between Marubeni and Ryan Braun? It appears he can accept his MVP Award. Stay tuned for the results of his appeal and whether he can keep his MVP Award. Or as the English might say, “watch this space.” Good Friday to all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 © Thomas R. Fox, 2012

Anticipating Ripples in the Pond

It is January 19, 2012. What is the significance of this date? Pitchers and catchers report to Spring Training in one month! It is a time of year that even 2011’s worst team in baseball, the 106-loss Houston Astros have a chance to succeed in the upcoming baseball season. Do I have unrealistic expectations or is it just wishful thinking? I prefer the phrase ‘hope springs eternal, especially in Spring Training.” I pondered my love of baseball, especially during Spring Training, whilst reading an article in the January/February edition of the SCCE Magazine, in an article entitled “Rock in the pond ethics” by Frank Bucaro.

Bucaro’s article is based around the concept that “Decision making is like throwing a rock in a pond. No matter how big or small the rock is, water is displaced.” His thesis is that it is better to consider the ripple effects of your decision making before throwing that rock into your company’s ethics pond. If you do not do so you can easily run the risk of not only having unintended consequences occur but consequences for which you may have no response for, yet be held accountable for in your company. So to help navigate this, he provides five bases to touch before making such a decision.

1. When a decision needs to be made, hold the rock, hold and then hold it longer. In other word, preparation prevents poor performance. To the best that you can do so, do not pull the trigger on the decision until you know what the consequences will be and that you can deal with those you know and be prepared for the unforeseen consequences.
2. 2.      Do not let your emotions dictate when to throw that rock. Ask a trusted colleague for some time and explain the situation. Not only does this bring communal wisdom into your decision making process but it slows down the process to let any excess emotionalism burn off. A good rule of thumb – sleep on it before throwing the rock.
3. Sometimes you need to put the rock down. It is not always wrong to put the rock down and obtain additional information and data. Be careful that you do not fall into catharsis but if you need to put the rock down, do not be afraid to do so.
4. The bigger the rock, the bigger the ripples. A big splash means simply that, your decision will have many ripples and may well splash back on you. But trust your instincts. If your gut says something to you, you had best listen to it.
5. Know what your values are before a decision is made. What are the three most important things about your company’s ethical culture? Values, Values and Values. Know what your values are before you throw that rock. If your decision is values based (assuming you have the right values); both you and your company should be in a good place.

Will the Bucaro five points guarantee a 100% correct decision each and every time? No, they will not, but it will put you in position to anticipate the issues and be prepared for the consequences of your actions.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

10 Global Compliance Trends for 2012

Many commentators looked back at the events of 2011 in the compliance arena and have looked forward into 2012. However, most of the commentators in the United States focused on the US Foreign Corrupt Practices Act for both their retrospective and Great Carnac tea leaf readings. This lack of international focus is rectified in the January, 2012 issue of the Compliance Week Magazine, in an article entitled, “Ten Global Compliance Trends to Watch in 2012” by Neil Baker. The issues presented on the list are matters which any compliance professional from a US company, which has international operations should review and be prepared to face.

1. Britain loses its voice in Europe. The author believes that Britain’s veto of France and Germany’s plans to bring closer governance of EU members will reduce the UK influence in compliance matters. He believes that this may lead to more Euro-centric regulatory zeal against US-style capitalism.
2. Tougher corporate governance rules. The author believes that the European Commission will adopt more detailed regulations on how companies should constitute their Boards of Directors, make decisions and manage risk generally.
3. Big 4 challenged? Baker believes that 2012 may be the end of the Big Four accounting firms domination of the international audit market. He believes that some firms may be split up and all firms will no longer be able to offer audit and consulting services.
4. Stricter data protection. Companies will face new rules on how they “capture, store and use personal information.” Levels of encryption may well need to be increased but most ominously, companies will be required to “notify regulators and member of the public if they discover a data breach.”
5. Bribery Act gets tested. Baker quotes my This Week in FCPA colleague Howard Sklar for the following, “Compliance Officers now have to ensure that rules are adhered to” [regarding the Bribery Act]. Or as Howard might also say, “At 12 months, take the over.”
6. Fair competition enforcement up. Baker believes that businesses’ anti-competitive behaviors became more pronounced due to the global recession. Now regulators are catching up to these behaviors and he anticipates greater enforcement.
7. Executive pay scrutiny continues. Baker believes that the UK government will “introduce new regulations on [executive] remuneration in 2012.” This legislation could include requiring shareholder vote and approval of executive compensation.
8. Japan gets governance. Independent Directors come to Japan Inc. Baker believes so but I have to disagree with him on this prediction. (See Olympus)
9. IT security more complex. The increase in the use of personal computing devices and persons working from home, will lead to significant data security headaches. Baker quotes Andy Fisher that “unless it is managed it will create a compliance time bomb.”
10. Cloud computing becomes the norm. The increase in cloud computing can lead to questions regarding which countries laws control data security; the home country of the company or the country where the data is stored.

This list that Baker has put together clearly portends greater compliance convergence. A Compliance Officer well versed in anti-corruption legislation across the world will have a myriad of laws to navigate to keep his company on the right side of anti-corruption laws. However, the Compliance Officer may well have a broader remit in 2012. Baker ends his piece with this cheery note, “There’s never a good time for a company to suffer a compliance failure, but 2012 would be a particularly bad time.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012