Listening in with the FCPA Professor: A Tale of Two Perceived Responses

This week I attended the Hanson Wade FCPA Compliance in the Oil and Gas Supply Chain conference here in Houston. Also attending, as well as presenting, was the FCPA Professor, Mike Koehler. The evening before the start of the conference I was lucky enough to attend an Astros game with the Professor. In between sharing stories of watching baseball growing up in either the Midwest or the South, we debated all manner, shape and form of the Foreign Corrupt Practices Act (FCPA). It was a great time and I learned quite a bit, even if it is that we can look at the same item and see two different things.

Have you ever experienced the phenomenon where two people can hear the same answer to a question yet discern that the speaker said two different things? Maybe it is just like déjà vu all over again because it happened to me yesterday while attending the Conference and today when I read the FCPA Professor.

As reported in the FCPA Professor Blog today, the Keynote Speaker was Todd Harrison Chief Counsel, Oversight and Investigations, Energy and Commerce Committee, US House. The FCPA Professor posed questions to him regarding successor liability, which Harrison had termed in his presentation as the Chamber of Commerce’s number one reform issue for the FCPA. In his blog post today, entitled “FCPA – A View From The Hill”, the Professor said that “Harrison said that this concern was hypothetical because as a “practical matter the DOJ has not been bringing prosecutions under this theory.” The Professor then followed up with “During the Q&A I asked him whether anyone on the Hill is actually reading the enforcement actions because recent DOJ or SEC enforcement actions based on successor liability theories include Alliance One, General Electric and Watts Water Technologies.” In response, the Professor said that “Harrison backtracked and said “no one has come to me about those particular cases” and that “none of these particular cases have become prominent on Capitol Hill.”

However, what I heard Harrison say between the quoted phrases “no one has come to me about those particular cases” and “none of these particular cases have become prominent on Capitol Hill”; was that “those fact patterns have not come up.” With this third phrase it did not sound like to me that Harrison backtracked at all but was explaining why the issue of successor liability had not been raised to his attention.

The reason that I do not think these fact patterns have come up in any discussion of successor liability is that they were either (1) outliers and not applicable as precedent to argue that the FCPA needs amendment with regard to successor liability or (2) the conduct which violated the FCPA continued after the acquisition was made by the companies continued after the acquisitions were concluded and therefore there were new and additional FCPA violations under their ownership.

In his blog post, the Professor linked to the three mentioned cases. In his article on the General Electric (GE) case, entitled “General Electric Settles Iraqi Oil For Food Matter”, he stated “The GE enforcement action, like other Iraqi Oil for Food enforcement actions with a few exceptions, does not allege FCPA anti-bribery violations presumably because the alleged payments were made directly to the Iraqi government or government ministries – not to specific “foreign officials” as prohibited by the FCPA’s anti-bribery provisions. The GE enforcement action is also an outlier of sorts in that it is merely a SEC enforcement action with no parallel DOJ enforcement action – a fact mentioned in GE’s press release…”

In the Alliance One case, the company was not prosecuted to criminal prosecution but the company received a Non-Prosecution Agreement (NPA). The final case, Watts Water purchased a Chinese company which was engaged in bribery and corruption and the conduct continued after the acquisition. In a FCPA mergers and acquisitions first Watts Water recently filed a malpractice claim against the law firm of Sidley Austin, which handled its pre-acquisition due diligence for the transaction in question, alleging that the law firm discovered the egregious conduct in the pre-acquisition due diligence, but failed to turn this information over to Watts Water. (Sidley Austin has yet to publicly respond to these allegations.)

So by looking at the substance of these three cases named by the Professor in his question to Harrison, what I heard in Harrison’s response that “those fact patterns have not come up” and that they were so far outside of the mainstream of FCPA enforcement actions that they were not brought up as examples of successor liability cases. But as I now understand, sometimes you can hear the same thing that another listener hears but perceive it in a different manner.

Happy Friday and a good weekend to all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

2012 First Half FCPA Enforcement Round-Up: Part II

In yesterday’s post we reviewed three of the most significant enforcement actions so far for 2012. In today’s post we conclude with the final three enforcement actions that I believe provide the best or most recent insights for the compliance practitioner.

IV.       Biomet

On March 26, 2012, both the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) announced the resolution of enforcement actions against Biomet Inc. a US entity which manufactures and sells global medical devices around the world. It is headquartered in Fort Wayne, Indiana. The Company admitted to a lengthy run of bribery and corruption of doctors to purchase its products and paid a criminal fine of $17.3MM to resolve charges brought by the DOJ. It also agreed with the SEC to settle civil charges by paying $5.5MM in disgorgement of profits and pre-judgment interest.

A.     Bribery and Corruption Facts

The Company engaged in an eight (8) year scheme to bribe and corrupt doctors in the countries of Argentina, Brazil and China to induce the physicians to purchase Biomet products. The SEC Complaint reported that “2000 to August 2008, Biomet Argentina employees paid bribes to doctors employed by publicly owned and operated hospitals in Argentina in exchange for sales of  Biomet’s medical device products. The doctors were paid approximately 15-20 percent of each sale.” In Brazil, the SEC Compliant reported that from 2001 until 2008, Biomet’s “Brazilian Distributor, paid bribes to doctors employed by publicly owned and operated hospitals to purchase Biomet’s implants. Brazilian Distributor paid the doctors bribes in the form of “commissions” of 10-20 percent of the value of the medical devices purchased.” In China, Biomet subsidiaries and its Chinese distributor paid from 5% up to 25% commissions to doctors for the sale of its products which were used during surgeries and also paid for Chinese surgeons to travel for training “including a substantial portion of the trip being devoted to sightseeing and other entertainment at Biomet’s expense.”

B.     Internal Audit Failures

The SEC Compliant reported that the Company’s Internal Audit was not only aware of the bribery program but discussed it in Memorandum to the Company’s home office, including the head of the Company’s Internal Audit Department. For instance in Argentina, the Company’s head of Internal Audit noted, as early as 2003, they “circulated an internal audit report on Argentina to Senior Vice President and others in Biomet in Indiana in which he stated, “[R]oyalties are paid to surgeons if requested. These are disclosed in the accounting records as commissions.” The Internal Audit report described the payments to surgeons, but only in the context of confirming that the amount paid to the surgeon was the amount recorded on the books.” However, the Company’s Internal Audit Department, took no steps to determine why royalties were paid to doctors or why the payments to the doctors were 15-20% of sales. Internal Audit did not obtain any evidence of services which the doctors might have performed entitling them to the payments. The SEC Complaint noted that Internal Audit “concluded that there were adequate controls in place to properly account for royalties paid to surgeons without any supporting documentation” and Internal Audit’s only recommendation was to change the journal entry from “commission expenses” to “royalties.”

The SEC Complaint also noted that “Biomet’s books and records did not reflect the true nature of those payments. The Company’s payments were improperly recorded as “commissions,” “royalties”, “consulting fees”, “other sales and marketing”, “scientific incentives”, “travel” and “entertainment.” The SEC Compliant concluded with the following “False documents were routinely created or accepted that concealed the improper payments.”

C.     Lessons Learned for Internal Audit

The SEC Complaint had some very clear guidance for the role of Internal Audit in detecting bribery and corruption in a best practices Foreign Corrupt Practices Act (FCPA) compliance program. First, if there are any types of commission payments being made, Internal Audit needs to review the documentation supporting why such payments are being made. A review of contracts or other legal requirements which may obligate a company to make such payments should be a basic undertaking in any internal audit. After an internal auditor has determined if commission payments are legally authorized, the internal auditor should review the evidence that such commission payments have been earned. Another role delineated in the SEC Complaint for Internal Audit is to correctly classify payments so that the books and records of the company accurately reflect them as expenses. As noted, the Director of Internal Audit instructed that bribes paid during clinical trials of the Company’s products should be reclassified as ‘expenses’.

Key Takeaway: This enforcement action lists the specific role of Internal Audit in a FCPA compliance program.

V. Morgan Stanley and Garth Peterson

This is the first instance of the public release of a Declination to Prosecute a company under the FCPA, where an employee agreed to an underlying FCPA violation. Morgan Stanley Managing Director Garth Peterson conspired with others to circumvent Morgan Stanley’s internal controls in order to transfer a multi-million dollar ownership interest in a Shanghai building to himself and a Chinese public official. Peterson encouraged Morgan Stanley to sell an interest in a Chinese real-estate deal to Shanghai Yongye Enterprise (Yongye) a state-owned and state-controlled entity through which Shanghai’s Luwan District managed its own property and facilitated outside investment. However, the DOJ declined to prosecute Morgan Stanley and noted in its Press Release, “After considering all the available facts and circumstances, including that Morgan Stanley constructed and maintained a system of internal controls, which provided reasonable assurances that its employees were not bribing government officials, the Department of Justice declined to bring any enforcement action against Morgan Stanley related to Peterson’s conduct. The company voluntarily disclosed this matter and has cooperated throughout the department’s investigation.”

A.     Declination to Prosecute

Both the DOJ and SEC went out of their way to praise the Morgan Stanley compliance program. This written praise demonstrated that not only do company’s receive credit from the DOJ for having a compliance program in place but also gave solid information as to why the DOJ declined to prosecute Morgan Stanley. In other words, it was a very public pronouncement of a declination to prosecute.

The SEC Complaint detailed the compliance program it had in place and how it directly related to Peterson.

(1) Morgan Stanley trained Peterson on anti-corruption policies and the FCPA at least seven times between 2002 and 2008.

(2) Morgan Stanley distributed to Peterson written training materials specifically addressing the FCPA.

(3) A Morgan Stanley compliance officer specifically informed Peterson in 2004 that employees of Yongye, a Chinese state-owned entity, were government officials for purposes of the FCPA.

(4) Peterson received from Morgan Stanley at least thirty five FCPA-compliance reminders.

(5) Morgan Stanley required Peterson on multiple occasions to certify his compliance with the FCPA.

(6) Morgan Stanley required each of its employees, including Peterson, annually to certify adherence to Morgan Stanley’s Code of Conduct.

(7) Morgan Stanley required its employees, including Peterson, annually to disclose their outside business interests.

(8) Morgan Stanley had policies to conduct due diligence on its foreign business partners, conducted due diligence on the Chinese Official and Yongye before initially conducting business with them, and generally imposed an approval process for payments made in the course of its real estate investments.

B.        Compliance Program as Compliance Defense

If it was not clear that a company receives credit for having a best practices compliance program it is now. Recognizing that a compliance program is not available as a formal affirmative defense, it is clear that Morgan Stanley was able to use not only their written compliance program, but its ongoing maintenance, communication and due diligence aspects to shield the employer from liability. The bottom line is what the DOJ and SEC representatives have been saying all along and that is that companies with best practices compliance programs receive credit in negotiating with the government.

Key Takeaway: The compliance defense is alive and well.

Key Takeaway II (for the DOJ): Publicize Declinations to Prosecute. It is solid information for the compliance practitioner to use and it will help companies do business in compliance with the FCPA.

VI. DS&S

Last, but certainly not least, we end our Top 6 of 2012, to date, with the Data Systems & Solutions LLC (DS&S) case.

A.     The Bribery Scheme

The bribery scheme involved payments made to officials at a state-owned nuclear power facility in Lithuania, named Ignalina Nuclear Power Plant (INPP). The payments were made to allow DS&S to obtain and retain business with INPP. The Information listed contracts awarded to DS&S in the amount of over $30MM from 1999 to 2004. Significantly, DS&S did not self-disclose this matter to the DOJ but only began an investigation after receiving a DOJ Subpoena for records.

The bribery scheme used by DS&S recycled about every known technique there is to pay bribes. The Information listed 51 instances of bribes paid or communications via email about the need to continue to pay bribes. The bribery scheme laid out in the Information reflected the following techniques used:

• Payment of bribes by Subcontractors to Officials on behalf of DS&S;
• Direct payment of bribes by DS&S into US bank accounts controlled by INPP Officials;
• Creation of fictional invoices from the Subcontractors to fund the bribes;
• Payment of above-market rates for services allegedly delivered by the Subcontractors so the excess monies could be used to fund bribes;
• Payment of salaries to INPP Officials while they were ‘employed’ by Subcontractor B;
• Providing travel and entertainment to Officials to Florida, where DS&S has no facilities and which travel and entertainment had no reasonable business purpose;

and last but not least…

• Purchase of a Cartier watch as a gift.

B.     The Discounted Fine

DS&S received a discount of 30% off the low end of the penalty range as calculated under the US Sentencing Guidelines, which specified a fine between $25MM down to $12.6MM. The ultimate fine paid by DS&S was only $8.82MM, which the Deferred Prosecution Agreement (DPA) states is “an approximately thirty-percent reduction off the bottom of the fine range…” In addition to its real-time internal investigation and extraordinary cooperation, the DPA reports that DS&S took the following extensive remediation steps:

• Termination of company officials and employees who were engaged in the bribery scheme;
• Dissolving the joint venture and then reorganizing and integrating the dissolved entity as a subsidiary of DS&S;
• Instituting a rigorous compliance program in this newly constituted subsidiary;
• Enhancing the company’s due diligence protocols for third-party agents and subcontractors;
• Chief Executive Officer (CEO) review and approval of the selection and retention of any third-party agent or subcontractor;
• Strengthening of company ethics and compliance policies;
• Appointment of a company Ethics Representative who reports directly to the CEO;
• The Ethics Representative provides regular reports to the Members Committee (the equivalent of a Board of Directors in a LLC); and
• A heightened review of most foreign transactions.

1. C.     Mergers & Acquisitions

There were two new additions are found on items 13 & 14 on Schedule C of the DPA that dealt with mergers and acquisitions (M&A). They draw from and build upon the prior Opinion Release 08-02 regarding Halliburton’s request for guidance during an attempted acquisition and the Johnson and Johnson (J&J) Enhanced Compliance Obligations which were incorporated into its DPA. The five keys under these new items are: (1) develop policies and procedures for M&A work prior to engaging in such transactions; (2) full FCPA audit of any acquired entities “as quickly as practicable”; (3) report any corrupt payments or inadequate internal controls it discovers in this process to the DOJ; (4) apply DS&S anti-corruption policies and procedures to the newly acquired entities; and (5) train any persons who might “present a corruption risk to DS&S” on the company’s policies and procedures and the law.

Key Takeaway: Minimum best practices evolve so you should stay abreast of them. IN the M&A arena, the DOJ continues to listen to comments on ‘buying a FCPA violation’ and provide guidance to manage the risk.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

2012 First Half FCPA Enforcement Round-Up: Part I

The first half of 2012 is reaching to a close and we have had several significant enforcement actions so far this year. So to commemorate all those June Bride and Bride-Grooms out there, including my parents who celebrate their 56^th wedding anniversary on June 30, I have put together a couple of posts reviewing my top 6 Foreign Corrupt Practices Act (FCPA) enforcement actions for the first 6 months of 2012. At this point I cannot see any clear trends but there are some key points that provide solid advice for the compliance practitioner going forward. In today’s blog, we take up the first three, in chronological order.

I.                   Aon

We begin with a Non-Prosecution Agreement (NPA) issued in the last week of 2011 where the insurance giant Aon received a NPA from the Department of Justice (DOJ) in settling enforcement actions against it by the DOJ and Securities and Exchange Commission (SEC). Aon agreed to total fines and penalties in an amount of $16.3 MM. This is in addition to a fine previously paid to the UK Financial Services Authority (FSA) in January, 2009, of £5.25 MM (approximately $8.2 MM at today’s exchange rate).

A.     Aon’s Remedial Actions Which Led to the NPA

The DOJ stated that it entered into the NPA based “in part, on the following factors: (a) Aon’s extraordinary cooperation with the Department and the U.S. Securities and Exchange Commission (“SEC”); (b) Aon’s timely and complete disclosure of the facts described in Appendix A as well as facts relating to Aon’s improper payments in Bangladesh, Bulgaria, Egypt, Indonesia, Myanmar, Panama, the United Arab Emirates and Vietnam that it discovered during its thorough investigation of its global operations; (c) the early and extensive remedial efforts undertaken by Aon, including the substantial improvements the company has made to its anti-corruption compliance procedures; (d) the prior financial penalty of £5.25 million paid to the United Kingdom’s Financial Services Authority (“FSA”) by Aon Limited, a U.K. subsidiary of Aon, in 2009, covering the conduct in, Bangladesh, Bulgaria, Indonesia, Myanmar, the United Arab Emirates and Vietnam; and (e) the FSA’s close and continuous supervisory oversight over Aon Limited.”

B.     Non-Bona Fide Travel and Educational Expenses

The primary activity for which Aon was sanctioned was a travel and education fund, initially designed to provide funds for foreign government employees involved with insurance to travel to educational conferences. However, the funds evolved into personal use for entertainment of the officials, their wives and families. In one instance, involving a fund in Costa Rica, travel was booked through a travel agency which was owned or managed by the Costa Rican officials who were entertained with monies from the educational and training funds.

C.     Books and Records

The largest portion of the Aon fine involved violations of the FCPA’s books and records requirements. The NPA noted, “With respect to the Costa Rican training funds, although Aon Limited maintained accounting records for the payments that it made from both the Brokerage Fund and the 3% Fund, these records did not accurately and fairly reflect, in reasonable detail, the purpose for which the expenses were incurred. A significant portion of the records associated with payments made through tourist agencies gave the name of the tourist agency with only generic descriptions such as “various airfares and hotel.” Additionally, to the extent that the accounting records did provide the location or purported educational seminar associated with travel expenses, in many instances they did not disclose or itemize the disproportionate amount of leisure and non-business related activities that were also included in the costs. In short, there was either no bona fide educational expense or not one which could be documented from Aon’s internal records.

Key Takeaway: You must completely document, document and document the basis of your expenditures. If there is no explanation, the assumption will be the payments are made for corrupt purposes.

II.                Smith & Nephew

The landscape of the FCPA world is littered with cases involving both agents and resellers, who are most clearly acting as representatives of the companies whose goods or services they sell in foreign countries. Many US businesses believe that the legal differences between agents/resellers and distributors insulate them from FCPA liability should the conduct of the distributor violate the Act. Under this same analysis, many US companies believe that the FCPA risk has also shifted from the US company to the foreign distributor. However, such belief is sorely miss-placed as was shown in the Smith & Nephew (SNN) enforcement action.

The FCPA violations revolved around a Greek distributor of SNN who paid bribes to Greek doctors so that they would purchase and use SNN products. SNN paid a monetary penalty of $16.8MM to the DOJ and $5.4MM to the SEC as a civil penalty, all for a total of $22.2MM in fines and penalties.

Entity Designation	Domicile of Entity	Commission Rate	Services Provided	Actual Services
Shell Company A	UK	40% of sales of Greek distributor	Marketing	Did not perform any services
Shell Company B	UK	26% of sales of Greek distributor	Marketing	None listed
Shell Company C	UK	35% of sales of Greek distributor	Marketing	Did not perform any true services

A quick review of the above chart shows the FCPA problems; very high commissions were paid with no actual services provided. Or as stated by the FCPA Professor, SNN “falsely recorded or otherwise accounted for the payments to the shell companies on its books and records as ‘marketing services’ in order to conceal the true nature of the payments in the consolidated books and records of S&N.”

Key Takeaway: If your company uses a distributor model in its sales chain, I would suggest that you review and reassess your pricing structure in light of this enforcement action.

III.             BizJet

In the bribery and corruption world, the facts of this enforcement action are about as bad as it can get. It was reported the senior company personnel had actual knowledge or approved of the payment of cash to bribe foreign governmental officials to obtain or retain business. There was also a deliberate attempt to hide the true nature of the payments. But even with these damaging facts, the company was able to receive a significant reduction on the low end of the fine range as suggested under the US Sentencing Guidelines. So how did the company achieve this?

A.     Bribery Scheme

In this case, the company made a number of corrupt payments which were characterized as “commission payments” and “referral fees” on their books and records. Payments were made from both international and bank accounts here in the United States. In other words, this was as clear a case of a pattern and practice of bribery, authorized by the highest levels of the company, paid through US banks and attempts to hide all of the above by mis-characterizing them in their books and records.

BizJet Bribery Box Score

BizJet Executive or Employee Named	Payment Made To	Amount of Payment	Others Involved
Sales Manager  A	Official 6	Cell Phone and $10K	Executive B and C
Sales Manager A	Official 3	$2K	Executive  B
Executive B, C and Sales Manager A	Official 2	$20K
Executive C	Official 2	$30K	Sales Manager A
Executive B	Mexican Federal Police Chief	$10K	Executive C and Sales Manager. A
Executive C	Official 5	$18K	Sales Manager A
Sales Manager A	Official 4	$50K
Sales Manager A	Mexican Federal Police	$176	Executive C
Sales Manager A	Official 4	$40K
Sales Manager A	Mexican Federal Police	$210K	Executive C
Sales Manager A	Official 5	$6K	Executive C
Executive C	Official 5	$22K

B. Reduction in Monetary Fine

I set out these facts in some detail to show the serious nature of enforcement action. However, the clear import is that a company can make a comeback in the face of very bad facts. The calculation of the fine, based upon the factors set out in the US Sentencing Guidelines, ranged between a low of $17.1MM to a high of $34.2MM. The final agreed upon monetary penalty was $11.8MM. This is obviously a significant reduction from the suggested low or high end, or as was noted by the FCPA Blog “BizJet’s reduction was 30% off the bottom of the fine range, and a whopping 65% off the top of the fine range.”

How did BizJet achieve this reduction and avoid an external monitor? As reported by the FCPA Professor, the following were factors:

(a) following discovery of the FCPA violations during the course of an internal audit of the implementation of enhanced compliance related to third-party consultants, BizJet initiated an internal investigation and voluntarily disclosed to the DOJ the misconduct …;

(b) BizJet’s cooperation has been extraordinary, including conducting an extensive internal investigation, voluntarily making US and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the DOJ;

(c) BizJet has engaged in extensive remediation, including terminating the officers and employees responsible for the corrupt payments, enhancing its due diligence protocol for third-party agents and consultants, and instituting heightened review of proposals and other transactional documents for all BizJet contracts;

(d) BizJet has committed to continue to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth in the” corporate compliance program set forth in an attachment to the DPA; and

(e) “BizJet has agreed to continue to cooperate with the DOJ in any ongoing investigation of the conduct of BizJet and its officers, directors, employees, agents, and consultants relating to violations of the FCPA.

C.        Reports to the DOJ

The company avoided an external monitor. However, it agreed that it would report “at no less that twelve-month intervals during the three year term” [of the DPA] to the DOJ on “remediation and implementation of the compliance program and internal controls, policies and procedures” which were listed in Attachment C to the DPA (the DOJ guidelines for a minimum best practices compliance program). The initial report was required to be delivered one year from the date of the DPA and would also include BizJet’s proposals “reasonably designed to improve BizJet’s internal controls, policies and procedures for ensuring compliance with the FCPA and other applicable anti-corruption laws.”

Key Takeaway: What you do after you discover the bribery and corruption will go a long way towards determining your penalty. No matter how bad the facts are, if you provide ‘extraordinary cooperation’ to the enforcement agencies, you can significantly reduce your final monetary penalty.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Real World Challenges under the FCPA and Bribery Act

Last week I wrote a fictional piece about some of the challenges that a company might face in complying with the Foreign Corrupt Practices Act (FCPA). Unfortunately some of the concepts I wrote about are faced by companies who do business in Africa, particularly in the extractive industries. The challenges were openly discussed by Manual Vicente, recently appointed as Angola’s Minister for Economic Co-ordination, in a recent Financial Times (FT) article, entitled “Man at centre of dash for African resources rejects corruption fears”, by Tom Burgis who interviewed Vicente. Vicente had previously been the head of the state-owned oil company Sonangol for 12 years. In this article Vicente addressed the criticism that the Angolan economic model “fuses personal and state interests in the hands of a small ruling class that brooks little dissent” through the required use by any international interest of a local partner to do business in Angola.

Vicente’s candor was certainly refreshing as he termed US and UK companies’ issues with hiring local partners under the FCPA and Bribery Act with the following, “It is their problem, they have to resolve it.” The reason that native Angolans are brought into such arrangement is that by requiring such local partners, it empowers “the locals” and yes he really did say “There is no corruption in that”. The US Company Cobalt International Energy drew US Department of Justice (DOJ) scrutiny when the FT revealed that Vicente “held previously concealed stakes in Nazaki Oil and Gάz (Nazaki), Cobalt’s local partner.” Even though he was the head of Sonangol at the time, Vicente said that he was “unaware that his investment company, Grupo Aquattro International, had a stake in Nazaki.” Vicente cured the problem by removing his ownership interest in Nazaki “after he realized this.”

Cobalt lawyer Michael Goldberg stated that the company had spoken with Vicente about this issue after they became aware of it and passed along the details of the conversation to “US agencies investigating the matter.” Goldberg stated that “Based on our investigation into the entire matter, including our most recent findings, Cobalt has not violated any US or Angolan laws.”

In addition to listing out some of the difficulties US and UK companies face doing business in Angola, reporter Burgis detailed the “alliance that Vicente has forged with suitors from the east” particularly the Chinese. Burgis noted that until recently, Vicente chaired an entity named “China Sonangol” which was a joint venture of Sonangol and a group of Chinese investors. Burgis also reported that the same group of Chinese investors owns the China International Fund which has a large number of contracts to build infrastructure in Angola. China Sonangol has also “amassed Angolan oil interests” and has even been granted minority stakes in oil exploration blocks awarded to US and UK entities.

Vicente maintains throughout the article that all of this work is to combat the poverty found in Angola. Burgis ends his article with the following statement by Vicente, “The government is really serious, engaged in combatting poverty. I am a Christian guy. It doesn’t work if you are OK and the people around have nothing to eat. You don’t feel comfortable.”

This FT article demonstrates the challenges facing any company attempting to comply with the FCPA or Bribery Act not only in Angola but in any country where a small group of elites have leadership roles in a wide number of areas in a country. There is certainly nothing askance in having a small group of trained technocrats running or leading a country’s industries. Further there is certainly nothing wrong with using the technical expertise of Western (or apparently even Eastern) companies to help improve the technical infrastructure of an under-developed country. But the model outlined in Burgis’ article, what Ricardo Soares de Oliveira was quoted as calling “the privatization of power” does seem to concentrate the power, if not the wealth in the hands of a small elite. Andy Spalding, among others, writes regularly on the FCPA from an economic angle so perhaps it might be time to analyze the law in the context of what is happening in places like Angola.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Breaking the Enigma Code: Creating a Functioning Compliance Culture

Sunday June 23^rd was the 100th anniversary of the birth of Alan Turing, a man regarded as one of the most influential mathematicians of the 20th Century. He is viewed as one of the pioneers of computer technology. However, he is probably best known for leading the British effort at Bletchley Park where the Germans top secret codes were broken during the Second World War (WWII), including the code they believed to be unbreakable, the Enigma Code. His work during WWII was completed before he was 35 years of age.

I thought about Turing and his success at a relatively young age whilst reading a ‘Corner Office’ article in the Sunday New York Times (NYT), entitled “Let Everyone Swim, But Just Make Sure You’re in the Pool”, by reporter Adam Bryant. In the article Bryant profiles Angie Hicks, one of the co-founders of Angie’s List and its current Chief Marketing Officer. Hicks had some interesting observations on leadership that I found applicable to creating a functional compliance effort within an organization, from compliance professionals to ethical leadership.

Make Sure You’re in the Pool

Hicks firmly believes that you have to give people a chance to succeed if you want your organization to grow. But such a focus means that you are going to fail sometimes. To use a football analogy, you usually don’t win by playing not to lose. People will make mistakes. Hicks believes that one of her roles as a leader is to give employees the confidence that if a mistake is made, she is the first to find out because her employees will come in and tell her without fear. Her group will test things and will sometimes make mistakes, but the point is that the mistakes are corrected. It sort of sounds like McNulty Maxim #3, “What did you do to remedy it?” So she lets her employees swim in the pool of new ideas and concepts but she stays within “arm’s length” so she can be there to grab them back if needed.

When in Doubt Talk to People

Hicks believes that you cannot over-communicate with your employees. Not only to praise and give employees feedback; but to develop that sense of trust which will lead to the types of communications outlined above. From the compliance perspective her views give rise to several thoughts. Remember the Morgan Stanley declination received in conjunction with the Garth Peterson Deferred Prosecution Agreement (DPA) for violations of the Foreign Corrupt Practices Act (FCPA) in China? Several of the facts set forth by the Department of Justice (DOJ) were the routine communications by Morgan Stanley’s compliance group to Peterson regarding the FCPA. These were as simple as email reminders and included other techniques such as an annual Acknowledgment by employees that they had not violated the FCPA and were aware of the company’s Code of Conduct.

Create the Right Culture

Bryant ended his piece by discussing with Hicks how she builds an effective culture. Hicks believes that it is important to get not only the right mix of people but that you should start with the right type of person for your company. In other words, if you want to have an ethical culture in a company, you should strive to hire people who begin with a desire to do business ethically. But the step in your company’s evolution is to not only encourage people to get involved but to get them involved. Think about the power of compliance if you involve the business unit folks in the design, implementation and ongoing practice of your company’s compliance program. They should not be by-standers; you need to have them involved in your compliance program.

So how does this relate to Alan Turing and compliance? Remember, he led the team that broke the Enigma Code. It was a team motivated and focused. It seems to me that he put many of the concepts that Angie Hicks uses at Angie’s List into practice. We should all celebrate the code-breakers of Bletchley Park and recognize that by aligning a company towards creating a functioning ethical culture, a company can move forward successfully.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Take the A Train to Find Your Compliance Team

Some organizations, such as the SCCE provide specialized training for compliance professionals. Others, such as Trace International, are beginning to offer such specialization and certification. My This Week in FCPA Colleague Howard Sklar wrote a great piece last year on who to call when you need some serious help for a Foreign Corrupt Practices Act (FCPA) issue, entitled “Getting Advice”, other than calling Ghostbusters it is the best single source for who you should call when the FCPA going gets tough.

However, as the compliance field evolves and matures, the need for more experienced compliance professionals continues to grow, there is the need to hire top notch compliance talent to do the day-to-day work of implementing, enhancing or running a compliance program. Where can you go if you want to hire some experienced compliance professionals to insert in your organization who can hit the ground running? I thought about that question when reading a book review of David Schiff’s “The Ellington Century” in a recent issue of the Times Literary Supplement. In this review, entitled “Sentimentals”, Stephen Brown noted that Ellington’s instrument was his band. While the Duke was very good at spotting talent, he was willing “to let it have its own voice, and more, to highlight and showcase it, and most importantly to involve it in the creative process.” When a musician came out of the Ellington Band, they had worked steadily with other great musicians and had learned from one of the greatest composers and arrangers of the past century.

How does that relate to finding some top notch compliance talent? It means there is no better place to look than people who have worked where compliance is under the microscope, usually because of a Department of Justice (DOJ) investigation or company which is under a Deferred Prosecution Agreement (DPA). In Houston one company that went through that process was BakerHughes. It’s Chief Compliance Officer (CCO), Jay Martin, is recognized as one of the leaders in our field not only here in Houston but across the country. The team Jay put together has now fanned out to become CCO’s at several other major companies here in Houston. Dan Chapman is the CCO at Parker Drilling, Brian Moffatt is the CCO at ENSCO, Rod Hardie is the CCO at Exterran and most recently Doug Walter was named as CCO at the newly formed company (albeit with a long and storied name) Phillips 66. There are probably others as well but I have worked or been on panels with each of the above folks and I can attest, they have all learned their compliance stuff and understand how to practice compliance.

Another place you can look is to law firms which have performed monitoring services. But here I would suggest that you look to the associate ranks for the lawyer who generally did the day-to-day spade work for the lead lawyer who had been appointed monitor. In my last corporate position, my company was under a Monitorship and we worked closely with the full team of lawyers in the law firm to implement, train and operate the company’s compliance program. Several of the former associates from the firm now hold prominent in-house positions and the experience they gained in their oversight roles was no doubt very instrumental in their current level of (compliance) experience.

The talent is out there. If you wanted a very good musician for a project, last century you could turn to an alumna of Ellington’s band. In the compliance arena, you can do no better than hiring someone who has been under the gun, so to speak, and worked for or with a company under significant DOJ scrutiny. So, sit back, listen to some great music by the Duke and ask around about who has gone through such an experience. If you want to populate your compliance team, it is a great way to do so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The DOJ Listens: the Evolution of FCPA Compliance in M&A

Earlier this week the US Department of Justice (DOJ) released a Deferred Prosecution Agreement (DPA) with the company Data Systems & Solutions (DS&S). I explored the factual allegations against DS&S and the highlights of the DPA in yesterday’s post. Today I want to discuss the DS&S DPA in the context of the DOJ’s evolution in thinking regarding what a company can do to protect itself under the Foreign Corrupt Practices Act (FCPA) when it purchases another entity or otherwise engages in mergers and acquisitions (M&A) work. In other words, forces the evolution of best practices.

Previously many compliance practitioners had based decisions in the M&A context on DOJ Opinion Release 08-02 (08-02), which related to Halliburton’s proposed acquisition of the UK entity, Expro. In the spring of 2011, the Johnson & Johnson (J&J) DPA changed the perception of compliance practitioners regarding what is required of a company in the M&A setting related to FCPA due diligence, both pre and post-acquisition. On June 18, the DOJ released the DS&S DPA which brought additional information to the compliance practitioner on what a company can do to protect itself in the context of M&A activity.

Opinion Release 08-02 began as a request from Halliburton to the DOJ from issues that arose in the pre-acquisition due diligence of the target company Expro. Halliburton had submitted a request to the DOJ specifically posing these three questions: (1) whether the proposed acquisition transaction itself would violate the FCPA; (2) whether, through the proposed acquisition of Target, Halliburton would “inherit” any FCPA liabilities of Target for pre-acquisition unlawful conduct; and (3) whether Halliburton would be held criminally liable for any post-acquisition unlawful conduct by Target prior to Halliburton’s completion of its FCPA and anti-corruption due diligence, where such conduct is identified and disclosed to the Department within 180 days of closing.

I.                   08-02 Conditions

 

Halliburton committed to the following conditions, if it was the successful bidder in the acquisition:

Within ten business days of the closing, Halliburton would present to the DOJ a comprehensive, risk-based FCPA and anti-corruption due diligence work plan which would address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. The Halliburton work plan committed to organizing the due diligence effort into high risk, medium risk, and lowest risk elements.

a)      Within 90 days of Closing. Halliburton would report to the DOJ the results of its high risk due diligence.

b)      Within 120 days of Closing. Halliburton would report to the DOJ the results to date of its medium risk due diligence.

c)      Within 180 days of Closing. Halliburton would report to the DOJ the results to date of its lowest risk due diligence.

d)     Within One Year of Closing. Halliburton committed full remediation of any issues which it discovered within one year of the closing of the transaction.

Many lawyers were heard to exclaim, “What an order, we cannot go through with it.” However,  we advised our clients not to be discouraged because 08-02 laid out a clear road map for dealing with some of the difficulties inherent in conducting sufficient pre-acquisition due diligence in the FCPA context. Indeed the DOJ concluded 08-02 by noting, “Assuming that Halliburton, in the judgment of the Department, satisfactorily implements the post-closing plan and remediation detailed above… the Department does not presently intend to take any enforcement action against Halliburton.”

II.                Johnson & Johnson “Enhanced Compliance Obligations”

Attachment D of the J&J DPA, entitled “Enhanced Compliance Obligations”, is a list of compliance obligations in which J&J agreed to undertake certain enhanced compliance obligations for at least the duration of its DPA beyond the minimum best practices also set out in the J&J DPA. With regard to the M&A context, J&J agreed to the following:

 

7. J&J will ensure that new business entities are only acquired after thorough FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. Where such anti-corruption due diligence is not practicable prior to acquisition of a new business for reasons beyond J&J’s control, or due to any applicable law, rule, or regulation, J&J will conduct FCPA and anti-corruption due diligence subsequent to the acquisition and report to the Department any corrupt payments, falsified books and records, or inadequate internal controls as required by … the Deferred Prosecution Agreement.

8. J&J will ensure that J&J’s policies and procedures regarding the anti-corruption laws and regulations apply as quickly as is practicable, but in any event no less than one year post-closing, to newly-acquired businesses, and will promptly, for those operating companies that are determined not to pose corruption risk, J&J will conduct periodic FCPA Audits, or will incorporate FCPA components into financial audits.

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to J&J, on the anticorruption laws and regulations and J&J’s related policies and procedures; and

b. Conduct an FCPA-specific audit of all newly-acquired businesses within 18 months of acquisition.

These enhanced obligations agreed to by J&J in the M&A context were less time sensitive than those agreed to by Halliburton in 08-02. In the J&J DPA, the company agreed to following time frames:

A.     18 Month – conduct a full FCPA audit of the acquired company.

B.     12 Month – introduce full anti-corruption compliance policies and procedures into the acquired company and train those persons and business representatives which “present corruption risk to J&J.”

So there is no longer a risk based approach as set out in 08-02 and the tight time frames are also relaxed. Once again we applaud the DOJ for setting out specific information for the compliance practitioner through the release of the J&J DPA. As many have decried 08-02 is a standard too difficult to satisfy in the real world of time constraints and budget cuts, the “Acquisition” component of the J&J DPA should provide those who have made this claim with some relief.

III.             DS&S

In the DS&S DPA there are two new items listed in the Corporate Compliance Program, attached as Schedule C to the DPA, rather than the standard 13 items we have seen in every DPA since at least November 2010. The new additions are found on items 13 & 14 on page C-6 of Schedule C and deal with mergers and acquisitions. They read in full:

13. DS&S will develop and implement policies and procedures for mergers and acquisitions requiring that DS&S conduct appropriate risk-based due diligence on potential new business entities, including appropriate FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. If DS&S discovers any corrupt payments or inadequate internal controls as part of its due diligence of newly acquired entities or entities merged with DS&S, it shall report such conduct to the Department as required in Appendix B of this Agreement.

 14. DS&S will ensure that DS&S’s policies and procedures regarding the anticorruption laws apply as quickly as is practicable to newly acquired businesses or entities merged with DS&S and will promptly:

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to DS&S, on the anti-corruption laws and DS&S’s policies and procedures regarding anticorruption laws.

b. Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.

 This language draws from and builds upon the prior Opinion Release 08-02 regarding Halliburton’s request for guidance and the J&J Enhanced Compliance Obligations incorporated into its DPA. While the DS&S DPA does note that it is specifically tailored as a solution to DS&S’s FCPA compliance issues, I believe that this is the type of guidance that a compliance practitioner can rely upon when advising his or her clients on what the DOJ expects during M&A activities.

FCPA M&A Box Score Summary

Time Frames	Halliburton 08-02	J&J	DS&S
FCPA Audit	High Risk Agents – 90 days Medium Risk Agents – 120 Days Low Risk Agents – 180 days	18 months to conduct full FCPA audit	As soon “as practicable”
Implement FCPA Compliance Program	Immediately upon closing	12 months	As soon “as practicable”
Training on FCPA Compliance Program	60 days to complete training for high risk employees, 90 days for all others	12 months to complete training	As soon “as practicable”

I believe that the DOJ does listen to the concerns of US companies about issues relating to FCPA enforcement, which is consistent with its duty to uphold that law. Last month we saw the issue of the Morgan Stanley declination in the context of the Garth Peterson FCPA prosecution. With the DS&S DPA, there is clearly more flexible language presented in the context of M&A work and potential liability for ‘buying a FCPA claim.’

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

DS&S DPA: Lessons Learned for the Compliance Practitioner

On Monday, June 18, the Department of Justice (DOJ) announced the resolution of a matter involving violations of the Foreign Corrupt Practices Act (FCPA) by Data Systems & Solutions LLC (DS&S), a US entity based in Virginia. The settlement resulted in the company agreeing to a two year and 7 day Deferred Prosecution Agreement (DPA). The case was interesting for a number of reasons and it has some significant lessons which the compliance practitioner can put into place in a corporate compliance program. The charges related to DS&S’s business included the design, installation and maintenance of instrumentation and controls systems at nuclear power plants, fossil fuel power plants and other critical infrastructure facilities. In reading the Criminal Information, I can only say that this was no one-off or rogue employee situation but this was a clear, sustained and well known bribery scheme that went on within the company.

I.                   The Criminal Information

The bribery scheme involved payments made to officials at a state-owned nuclear power facility in Lithuania, named Ignalina Nuclear Power Plant (INPP). The payments were made to allow DS&S to obtain and retain business with INPP. The Information listed contracts awarded to DS&S in the amount of over $30MM from 1999 to 2004. Significantly, DS&S did not self-disclose this matter to the DOJ but only began an investigation after receiving a DOJ Subpoena for records.

The Players Box Score

DS&S Officials	INPP Officials	Subcontractors
Exec A – VP of Marketing and Business Development (BD)	Official 1 – Deputy Head of Instrumentation and Controls Department	Subcontractor A – Simulation Technology Products and Services
	Official 2 – Head of Instrumentation and Controls Department	Subcontractor B – Beneficially owned by Official 1 and which employed INPP Officials
	Official 3 – Director General at INPP	Subcontractor C – Shell company used a funneling entity to pay bribes
	Official 4 – Head of International Projects at INPP
	Official 5 – Lead SW Engineer at INPP

The bribery scheme used by DS&S recycled about every known technique there is to pay bribes. The Information listed 51 instances of bribes paid or communications via email about the need to continue to pay bribes. The bribery scheme laid in the Information reflected the following techniques used by:

•       Payment of bribes by Subcontractors to Officials on behalf of DS&S;
•       Direct payment of bribes by DS&S into US bank accounts controlled by INPP Officials;
•       Creation of fictional invoices from the Subcontractors to fund the bribes;
•      Payment of above-market rates for services allegedly delivered by the Subcontractors so the excess monies could be used to fund bribes;
•      Payment of salaries to INPP Officials while they were ‘employed’ by Subcontractor B;
•       Providing travel and entertainment to Officials to Florida, where DS&S has no facilities and which travel and entertainment had no reasonable business purpose; and last but not least…
•      Purchase of a Cartier watch as a gift.

II.                The Deferred Prosecution Agreement

I set out these details with some specificity for two reasons. The first is that the Information is a must read for anyone in Internal Audit who reviews books and records. It gives you the precise types of Red Flags to look for. But secondly is the fact that DS&S received a discount of 30% off the low end of the penalty range as calculated under the US Sentencing Guidelines. The calculation as listed in the DPA is as follows:

Calculation of Fine Range:

Base Fine $10,500,000

Multipliers 1.20(min)/2.40(max)

Fine Range $12,600,000/$25,200,000

The ultimate fine paid by DS&S was only $8.82MM, which the DPA states is “an approximately thirty-percent reduction off the bottom of the fine range…” So for the compliance practitioner the question is what did DS&S do to get such a dramatic reduction? We know that one thing they did NOT do was self-report as the DPA notes that this case began as a DOJ investigation and DS&S received Subpoenas “in connection with the government’s investigation.” However, after this initial delivery of Subpoenas DS&S engaged a clear pattern of conduct which led directly to this 30% discount of the low end of the fine range. The DPA reports that DS&S took the following steps:

 

• Internal Investigation. DS&S initiated an internal investigation and provided real-time reports and updates of its investigation into the conduct described in the Information and Statement of Facts.
• Extraordinary Cooperation. DS&S’s cooperation has been extraordinary, including conducting an extensive, thorough, and swift internal investigation; providing to the Department searchable databases of documents downloaded from servers, computers, laptops, and other electronic devices; collecting, analyzing, and organizing voluminous evidence and information to provide to the DOJ in a comprehensive report; and responding promptly and fully to the DOJ’s requests.
• Extensive Remediation. The number of steps DS&S took in regard to remediation included the following:
  • Termination of company officials and employees who were engaged in the bribery scheme;
  • Dissolving the joint venture and then reorganizing and integrating the dissolved entity as a subsidiary of DS&S;
  • Instituting a rigorous compliance program in this newly constituted subsidiary;
  • Enhancing the company’s due diligence protocols for third-party agents and subcontractors;
  • Chief Executive Officer (CEO) review and approval of the selection and retention of any third-party agent or subcontractor;
  • Strengthening of company ethics and compliance policies;
  • Appointment of a company Ethics Representative who reports directly to the CEO;
  • The Ethics Representative provides regular reports to the Members Committee (the equivalent of a Board of Directors in a LLC); and
  • A heightened review of most foreign transactions.
  • Enhanced Compliance Program. More on this in the next section.
  • Continued Cooperation with DOJ. The company agreed to continue to cooperate with the Department in any ongoing investigation of the conduct of DS&S and its officers, directors, employees, agents, and subcontractors relating to violations of the FCPA and to fully cooperate with any other domestic or foreign law enforcement authority and investigations by Multilateral Development Banks.

III.             Enhanced Compliance Obligations

One of the interesting aspects of the DS&S DPA is that there are 15 points listed in the Corporate Compliance Program, attached as Schedule C to the DPA, rather than the standard 13 items we have seen in every DPA since at least November 2010. The new additions are found on items 13 & 14 on page C-6 of Schedule C and deal with mergers and acquisitions. They read in full:

13. DS&S will develop and implement policies and procedures for mergers and acquisitions requiring that DS&S conduct appropriate risk-based due diligence on potential new business entities, including appropriate FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. If DS&S discovers any corrupt payments or inadequate internal controls as part of its due diligence of newly acquired entities or entities merged with DS&S, it shall report such conduct to the Department as required in Appendix B of this Agreement.

14. DS&S will ensure that DS&S’s policies and procedures regarding the anticorruption laws apply as quickly as is practicable to newly acquired businesses or entities merged with DS&S and will promptly:

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to DS&S, on the anti-corruption laws and DS&S’s policies and procedures regarding anticorruption laws.

b. Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.

This language draws from and builds upon the prior Opinion Release 08-02 regarding Halliburton’s request for guidance during an attempted acquisition and the Johnson and Johnson (J&J) Enhanced Compliance Obligations which were incorporated into its DPA. While the DS&S DPA does note that it is specifically tailored as a solution to DS&S’s FCPA compliance issues, I believe that this is the type of guidance that a compliance practitioner can rely upon when advising his or her clients on what the DOJ expects during Mergers and Acquisitions (M&A). The five keys under these new items, 13 & 14 highlighted above, are: (1) develop policies and procedures for M&A work prior to engaging in such transactions; (2) full FCPA audit of any acquired entities “as quickly as practicable”; (3) report any corrupt payments or inadequate internal controls it discovers in this process to the DOJ; (4) apply DS&S anti-corruption policies and procedures to the newly acquired entities; and (5) train any persons who might “present a corruption risk to DS&S” on the company’s policies and procedures and the law.

IV.              Summary

The DS&S DPA provides some key points for the compliance practitioner. First and foremost, I believe that it demonstrates the reasonableness of the DOJ. The bribery scheme here was about as bad as it can get, short of suitcases of money carried by the CEO to pay bribes. The company did not self-report, yet received a significant reduction on the minimum level of fine. The specificity in the DPA allows a compliance practitioner to understand what type of conduct is required to not only avoid a much more significant monetary penalty but also a corporate monitor. Lastly, is the specific guidance on FCPA compliance in relation to M&A activities, to the extent that if anyone in the compliance arena did not understand what was required in the M&A context; this question would seem to be answered in the DS&S DPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Ethical Leadership: Leading a Company Conversation on Compliance

Ethical leadership is absolutely mandatory to have a successful compliance program, whether it is based upon the US Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act. Senior management must not only be committed to doing business in compliance with these laws but they must communicate these commitments down to the organization. But leadership is not limited only to senior management within an organization. Tone at the Top begets Tone in the Middle; which begets Tone at the Bottom. At each rung there is the need for compliance leadership. In an article in the June issue of the Harvard Business Review, entitled “Leadership is a Conversation”, authors Boris Groysberg and Michael Slind discuss how to improve employee engagement in today’s “flatter, more networked organizations.”

The authors posit that the issue of how leaders handle communications within their organizations is as important as the message. They believe that the process should be more dynamic and more nuanced and is a process that they term “conversational”. Building on this concept they suggest a model of leadership which they call “organizational conversation” which resembles ordinary person-to-person conversations. They believe that this model has several advantages, including that it allows a large company to function like a small one and it can enable leaders to “retain or recapture some of the qualities…that enable start-ups to out-perform better established rivals.” The authors have found four elements of organizational conversation which “reflect the essential attributes of an interpersonal conversation.” They are: intimacy, interactivity, inclusion and intentionality.

Intimacy: Getting Close

Here the authors appear to focus on two works: listening and authenticity. Recognizing that physical proximity may not always be feasible but emotional or mental proximity is required. They advise leaders to “step down from their corporate perches and then step up to the challenge of communicating personally and transparently with their people.” This technique shifts the focus of change from a top-down hierarchical model to a “bottom-up exchange of ideas.”

Interactivity: Promoting Dialogue

Interactivity should make a conversation open and more fluid. You can obtain this by talking with and not just talking to an employee. The purpose of interactivity builds upon the first prong of intimacy. The authors believe that efforts to close the gap between employees will founder if both tools are not in place along with institutional support which gives employees the freedom and courage to speak up. The authors believe that social media can be a useful tool to help foster such interactivity, but care must be taken to ensure that managers do not simply use social media as another megaphone. The authors suggest that more than just social media is required and that something extra is needed and that is social thinking.

Inclusion: Expanding Employees Roles

Following on intimacy is inclusion as intimacy should force a leader to get closer to employees while inclusion challenges the employee to play a greater role in the communication process. Inclusion expands on interactivity by enabling employees to put forward their ideas “rather than simply parrying the ideas that others present.” Clearly this is the prong that brings employee engagement into the communication process by calling on employees to “generate the content that makes up a company story.” Employees who become committed to a message can become the best brand ambassadors that a company can ever hope to have on its payroll.

Intentionality: Pursuing an Agenda

While the first three prongs of the authors’ model focuses on opening up the flow of communication, intentionality is designed to bring a measure of closure to the process. The goal here is to have voices merge into a single vision of what the company’s communication is for. In other words, the conversation should reflect a “shared agenda that aligns with the company’s strategic objectives” that will allow employees to “derive a strategically relevant action from the push and pull of discussion and debate.” The leaders role here is to “generate consent rather than commanding assent” for a strategic objective. The authors believe that this enables employees at the top; at the middle; and at the bottom to “gain a big-picture view of where their company stands” on any issue which has gone through the process.

The Box Score of Organizational Conversation

	Intimacy	Interactivity	Inclusion	Intentionality
Old Model: Corporate Communications	Information flow is primarily top down;Tone is formal and corporate	Messages are broadcast to employees;Print newsletters, memos and speeches	Top Execs create and control messaging;Employees are passive consumers of information	Communication is fragmented, reactive and ad hoc;Leaders use assertion to achieve strategic alignment
New Model Organizational Communications	Communication is personal and direct;Leaders value trust and authenticity	Leaders talk with employees, not to them;Organizational culture fosters back and forth, face-to-face interaction	Leaders relinquish a measure of control over content;Employees actively participate in organizational messaging	A clear agenda informs all communications;Leaders carefully explain the agenda to employees;Strategy emerges from a cross-organization conversations
What it means for employers and employees	Leaders emphasize listening to employees, rather than just speaking to them;Employees engage in a bottom-up exchange of ideas	Leaders use video and social media tools to facilitate two-way communication;Employees interact with colleagues through blogs and discussion forums	Leaders involve employees in telling the company story; Employees act as brand ambassadors and thought leaders	Leaders build their messaging around company strategy;Employees take part in creating strategy via specifically designed communication vehicles

Reading this article was a real eye-opener for me. I could not stop thinking about the possibilities for the compliance practitioner in using these techniques throughout an organization. Just think how employees might feel if senior management engaged them directly regarding compliance and how the company is going to do business ethically. As a compliance practitioner you can leverage this to seek more ideas from business unit folks on how to do compliance more efficiently and most probably with greater results for the company. Also imagine what it might do for employee moral if they thought that senior management “had their backs” when it came to being rewarded or even acknowledged for doing business the right way. The possibilities seem endless and you are only limited by your own imagination. But read the article, as I have only scratched the surface of the content that the authors have presented.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

A Modern [Fractured] Fairy Tale – Challenges under the FCPA in Africa

For anyone growing up in the 1960s one of the best TV cartoon shows was Rocky and Bullwinkle. As I grew older I came to appreciate the reason for this which was that the show was written for adults so that most of the satire was timeless. It still holds up today, especially if you understand the cultural references. There were other short segments, in addition to the main characters, one of which was entitled “Fractured Fairy Tales” featuring a satirical look at classic fairy tales. So with that inspiration in mind, today we present a fractured fairy tale of some of the challenges which face US companies doing business in Africa in complying with the Foreign Corrupt Practices (FCPA) or UK Bribery Act. In a later post, I will provide some guidance to the issues raised in today’s post.

Ed. Note. The following is a fictional tale and any resemblance to a person or persons living or dead is purely coincidental.

Hello. I wanted to clear up some misconceptions that you might have regarding doing business in my country. We are a small country population wise but we are rich in resources. It should not surprise you then to find out that the educated business elites of our country often work with and for our government’s interests. What is wrong with that? I am a patriot and I always look out for my country’s interests. If I get rich along the way, what is the harm? Surely there is no corruption in that?

Of course I have heard about the FCPA and the Bribery Act. But after all, they are your laws, not ours, so really they are your problem aren’t they? There is no corruption when you pump some of your profits back into the local economy is there? If there is how will my people ever overcome the great poverty we have endured? Do you want to keep us down economically? If I ask you to make a donation to a charity, which my wife runs, that is good for my country, what is wrong with me asking you to do that? It is also proper that I can help guide my wife in her decisions about where to spend the money donated. Surely there is no corruption in that?

I see nothing wrong in having a Swiss bank account. Everyone knows that Switzerland has the safest banking system in the world. Do you really believe that it is my fault I have made lots of money and that I have a desire to protect it from the ravages of inflation? I recently read about the people of Greece who are taking money out of their banking system and moving it to a more safe location. Surely there is no corruption in that? And what about your US Presidential Candidate, didn’t I read that once he and his wife had Swiss bank accounts? Why do you claim that it raises a “Red Flag” with me but not so with him?

I think it only decent and appropriate that you have a local business partner when dealing with my country. We want to empower our locals and the best way to do that is if you partner with local companies. Simply because I may happen to own an interest in the local business partner, is no reason not to do business with it. I am very serious in the fight against poverty for my country and I cannot think of a better way to do so than to have a local partner. Surely there is no corruption in that?

Yes, you sent a form for the local partner to fill out listing all of its owners, but it is not their fault that they don’t know who owns them; frankly they do not need to know. You really can’t expect me to know all of the businesses in which I own an interest in? There are just too many. Surely there is no corruption in that?

All I am asking you to do is to help my people. Do you want them to go hungry for the whole world to see? I don’t think that you do. That is why you should keep giving power and money to our local citizens. It is you taking our wealth; I see no reason why we should not benefit, even if it is for me and my friends. Surely there is no corruption in that?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012