How Do You Change to a Culture of Compliance? Go See The Twilight Zone Movie

As a compliance practitioner, how often have your heard something along the lines of “But we’ve always done it that way” or [my favorite] “That’s the way those people do business”? As a recovering trial lawyer, I spent the first 18 years of my career largely defending companies which were sued for catastrophic injury claims. From this vantage point, I saw the cost to corporations in the form of jury awards and insurance premiums that they paid for commercial general insurance coverage. A large part of it was due to the fact that safety was not mission critical to most of the companies that I represented.

However, this began to change in the late 1980s/early 1990s. Companies began to make clear, in a very public manner that safety was the No. 1 priority for them. One of the most public changes was at Exxon after the Exxon Valdez oil spill, where senior management made it clear that as closely as Exxon’s management watched costs, it also made clear to every worker that the one cardinal sin was skimping on safety. I recently saw an article, from a completely unrelated industry which made the same type of change, published in the online journal Slate, entitled “How tragedy on the set of the 1983 feature-length adaptation of The Twilight Zone changed the way movies are made”, where author Robert Weintraub reviewed the changes in movie-making safety after a horrific accident, on the set of the movie The Twilight Zone, led to the death of three actors.

The deaths occurred in a scene where the actor Vic Morrow was carrying two child actors to safety from a bombing raid. With cameras rolling, the helicopter which was bombing the children’s village was engulfed in fireballs forcing it down into a river where the actors waded. As a hundred or so people looked on, the right skid of the aircraft crushed 6-year-old actor Renee Chen. The helicopter then toppled over, and its main blade sliced through Morrow and 7-year-old actor Myca Dinh.

There were civil suits against the studio and the film’s director John Landis, which were all settled. However, Landis and three others were criminally charged for involuntary manslaughter where they were all found not guilty by a Los Angeles jury in 1985. As horrible as all of this was Weintraub found that “some good did come of it.” The movie making culture was changed in three significant ways in the industries approach to safety.

Movie Industry Response

The first change noted by Weintraub was in the industry’s attitude and approach to safety. At Warner Bros., Vice President John Silvia “convened a committee that created standards for every aspect of filmmaking, from gunfire to fixed-wing aircraft to smoke and pyrotechnics.” All the unions and guilds in the business were represented. The committee’s codicils were collected into a group of standards called Safety Bulletins. The studios then issued a manual to their employees based on the bulletins, known as the Injury and Illness Prevention Program. Every time there was a serious accident on a movie site, a New Safety Bulletin was issued.

Insurance Industry Response

The insurance industry made sure that safety provisions stuck, though the reason the insurance industry did so was market based. Weintraub noted that before disaster on The Twilight Zone movie set, insurance companies did not view the movie business as a source of profit. Because of the low level of safety on film sets, the likelihood of an accident and payout was just too high for carriers to make money. However, after the incident, the movie industry’s commitment to improving safety, along with increasing budgets, made Hollywood a better risk and therefore allowed greater profits to be made by insurers. With more affordable insurance rates to underwrite movie shoots, such liability insurance became a basic part of the movie-making business. But this meant that, in large part, the movie industry had to dance “to the insurance industry’s tune. The insurance companies want to know everything. They want your resume, the resumes of everyone participating. They want to see your licensing, a list of materials, the number of people working on each shot, the distance they will each be from the explosive, the number of fire extinguishers available on set. Then the fire department comes out to look at what you’re doing, and they have a long list of safety criteria to meet, too. It’s a pain in the butt, sure, but that’s the way it is.”

Risk Management

The Twilight Zone disaster also led to the creation of a Risk Management position for movie making. Weintraub quoted Chris Palmer, a risk management consultant who was a part of the original committee which created the safety standards, who said “The Twilight Zone accident created my job. It was a sea change in the movie industry. No one in risk management was ever on set before then.” Unlike the insurance industry, which helps companies manage risks through financial instruments, risk management attempts to avoid or at least control risk.

Risk managers like Palmer become involved in a film long before principal photography begins, scanning scripts for issues, starting with the location. Weintraub quoted Palmer again for the following, “If you want to shoot in the Caribbean during hurricane season,” Palmer says, “you’ve got a problem, unless you have a specific plan in place to protect the production.” Additionally, a risk manager such as Palmer can act as a safety valve, similar to an anonymous reporting line in a compliance program. One of Palmer’s jobs on a movie set is to step in when crew members want to play it safe but feel their careers would be in jeopardy if they spoke up. Palmer was quoted as saying “I can’t be terminated by the director or producer. … That takes the pressure off the crew because it can be intimidating to be the one to stand up and say ‘hold on.’”

I found the major point of the article to be that a company can change the way it does business. I personally observed the energy industry become more conscious about safety and introduce it into every level of a company’s DNA. Weintraub’s article made it clear that the movie industry also made a sea change of culture when it came to safety. So the next time you hear the mindless prattle of “But we’ve always done it that way” point them to the changes in safety over the past 20 years. And the next thing you should consider is going to the head of your company’s Safety Group to sit down and get some ideas on how to change your company’s compliance culture.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Internally Funding Your Compliance Program

Big banks are not doing too well these days in the compliance arena. From Barclay’s and the burgeoning LIBOR manipulation scandal; to HSBC and its money-laundering operations for drug cartels over the past several years; to the ongoing reckoning of JP Morgan and its $5 bn+ trading loss that it is still trying to extricate itself from several months after publicly announcing the loss, big banks seem to be more in the news these days for compliance failures rather than successes.

I saw an article in The Rector Factor section of the July 27 Houston Business Journal, entitled “Prepared company perspective for lenders, investors”, by columnist Bruce Rector that discussed some ideas that companies might draw upon when looking for financing. I thought it would be helpful for the compliance practitioner to use as a guide when putting together a budget, or other, request for funding a compliance initiative.

Rector wrote about the materials a company should put together and have ready when they are seeking financing from banks, investors or other financial institutions. He set out a list of information that a company should have prepared and be ready to present to such institutions because any entity or person who may provide funding is going to want to know some specific details about your company. He believes that management needs to anticipate such requirements and prepare in advance for it. He cautions not to wait until the last minute to put the information together or when you seek funding as “waiting until you need money is never the best time to go out and get it.” While you can be so mundane as to call this a “loan application” Rector believes that if you lay out the information in a coherent manner, it would allow an outsider to get some “perspective on the company”. Further, he believes that such information is actually “multipurpose and can be used to inspire and sell stakeholders – you, your bankers and investors, and your employees – on the business and its prospects” for your company. I have modified Rector’s recommendations for a ‘good application’ to steer them towards a Compliance Department.

• Executive Summary. This should be no more than three (3) pages and it should convey excitement and impact. It must spell out your compliance mission and clearly state the opportunities that are presented for your compliance group to not only further the goals of compliance with the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act but how these opportunities will result in increased earnings and profits.
• The Industry. Here is an opportunity for bench-marking within your industry. You should use credible research from recognized authorities or collect the information from your colleagues in other companies directly, if such information is available to you. You should focus on the size, growth and significance of compliance within your industry and the opportunities for growth within your company.
• The Company. Here you should walk the reader through how your compliance program has grown; this could include organic growth, detailing areas that you may have engaged in as best practices have evolved, and growth of your compliance regime through acquisitions. You should also share major victories and tie all of these into your company values as set out in your published Code of Conduct.
• Management and Ownership. Here is an opportunity for you to recognize the persons in your compliance organization. You should have an organizational chart, biographies of key personnel and anticipated hiring needs.
• Financial Information/Projections. Here you should create a three-year forecast using best, probable and worst-case scenarios for each year on a cash basis. In this section you should include historical return on investment (ROI) figures from prior initiatives, to the extent that you have any and end with a current balance sheet that will indicate and extend top and bottom-line growth for your compliance department.
• Purpose of the Investment. Here you need to be short, compelling and to the point. You should spell out precisely what you are asking for and reiterate what you will do with the funding.

My This Week in FCPA partner, Howard Sklar, often talks about the “internal marketing” of compliance. I believe that Rector’s suggestions in putting together information for financial investment would be a good way for a compliance practitioner to think about internally marketing compliance and internally seeking funding for compliance initiatives.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

FCPA and Bribery Act Hotlines: Staying Out of Hot Water with Other Jurisdictions

It is finally here. Today is the Opening Ceremony of the Games of the XXX Olympiad in London. The first Olympics I can remember watching were the 1964 Games in Tokyo. I was enthralled with watching the world’s greatest athletes compete and the boyhood joy about the Games still exists for me. And, for my money, the best sporting event will be held in world’s greatest city. It should be a great show for the next two weeks. They are a must watch for me and I hope that you will enjoy them as much as I intend to.

Today’s compliance thoughts relate to the Olympics in another way. I recently came across not only a must read article for the compliance practitioner but also a must save article. In the International Lawyer, Winter 2011*Volume 45*Number 4, I came across an excellent article, entitled “How to Launch and Operate a Legally-Compliant International Workplace Report Channel” or in Foreign Corrupt Practices Act (FCPA) parlance, a hotline. It was authored by Donald Dowling of the law firm of White and Case. Dowling provides a very useful guide to help navigate the challenges of setting up a multi-national whistleblower’s hotline, such as is required under the FCPA and UK Bribery Act. The majority of his article “analyzes the six categories of laws that can restrict whistleblower hotlines abroad, focusing on compliance.” You should obtain a copy of this article and keep it for reference in regards to your company’s hotlines. It is available on the White and Case website, by clicking here.

1.      Laws Mandating Whistleblower Procedures

This group of laws “comprises mandates that require setting up whistleblower hotlines in the first place.” This includes the US Sarbanes-Oxley (SOX) as well as other jurisdiction laws which generally protect whistleblowers from retaliation but do specifically require any hotlines be set up on a company wide basis. Dowling also found a couple of countries, Norway and Liberia, which require general receiving and processing of “public interest disclosures.”

2.      Laws Promoting Denunciations to Government Authorities

This category of laws generally related to legal requirements for the reporting of illegal acts to government authorities in two ways. First, these laws encourage whistleblowing to government which then compete with employer hotlines by enticing internal whistleblowers to divert denunciations from company compliance experts and over to outside law enforcers who indict white collar criminals. This first approach is found in Dodd-Frank, which offers bounties. Second, these “laws that require (as opposed merely to encourage) government denunciations rarely except corporate hotline sponsors. These laws therefore force hotline sponsors to divulge hotline allegations over to law enforcement.” This second approach is found in SOX which “requires an employer to offer internal hotline procedures”.

3.      Laws Restricting Hotlines Specifically

This category is exemplified by European data protection laws which act to restrict companies’ freedom to launch and operate reporting programs. Dowling believes that these laws are based upon the fact that Europeans “see hotlines as threatening privacy rights of denounced targets and witness”. Also this would seem to be in response to the totalitarian past from the World War II era. The author identifies what he termed “the four biggest hurdles” set up to frustrate hotlines in EU jurisdiction. They are “(1) restrictions against hotlines accepting anonymous denunciations; (2) limits on the universe of proportionate infractions on which a hotline accepts denunciations; (3) limits on who can use a hotline and be denounced by hotline; and (4) hotline registration requirements.

4.      Laws Prohibiting Whistleblower Retaliation

This category will be familiar to US compliance practitioners through the applications of US laws such as SOX, Dodd-Frank and numerous state whistleblower statutes. Additionally, the author lists numerous foreign jurisdictions which have such laws. But here he believes that the key is communication because in many countries and foreign jurisdictions, there is no tradition of protection of persons who make reports against superiors so that an “employer needs to overcome worker fear of reprisal for whistleblowing.”

5.      Laws Regulating Internal Investigations

Typically laws on internal investigation do not impact hotlines because a hotline is a “pre-investigation tool.” However, the author believes that No. 4 above, communication by the employer is critical to complying with laws that enact procedural safeguards for persons under investigation. Heavy-handed communications about a hotline could blow back against employers in claims by employees that “an employer rigged the investigation process.” So companies should ensure that communications about hotlines do not convey an “overzealous approach to complaint processing and investigations.”

6.      Laws Silent on, but Possibly Triggered By, Whistleblower Hotlines

Here the author recognizes that the title of this category “is necessarily vague and determining which laws fall into it is difficult.” Nevertheless, he writes that the most “likely candidates are data protection laws silent on hotlines and labor laws imposing negotiation duties and work rules.” Regarding the former, the author argues that hotlines are not databases but conduits for the transmittal of information. He acknowledges that EU data privacy laws reject this distinction and treat hotlines as if they were databases where information is stored. He does not identify other jurisdictions which yet take this aggressive approach but he believes this may become a trend. The labor law issue is also tricky and may turn on the interpretation of whether the institution of a hotline is viewed as substantive change in working conditions under a union-management labor agreement and therefore subject to collective bargaining.

In addition to all information I have only skimmed what is in the body of the text; the author also provides a handy chart which has the following headings:

Jurisdiction

Is the authority binding law?

Must confine hotline to certain topics only?

Are anonymous whistleblower calls ever OK?

Is outsourced (vs. in-house) hotline favored?

Must disclose hotline to data agency?

So just as the London Olympics is a must watch for me, this article is a must read and a must download for compliance practitioners.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The Role of a Board in Compliance and Ethics: How We Arrived and Where We Are Going

Yesterday, the Houston Astros traded Wandy Rodriguez, the last remaining member of the 2005 National League (NL) champs. The Astros have traded away their five ‘top’ players over the past three weeks, coincidently turning in a sterling 2-20 run. Whoever they got for their top talent sure has not helped very much. The Astros now sit in dead last place in wins and losses in the current Major League Baseball (MLB) standings at 34-64 with a .347 winning percentage. This translates into a 105 loss season, which is actually a one-win improvement over last season’s 106 losses. But our new owner keeps telling us he has a plan. It’s pretty obvious that it is to have the absolute lowest payroll so he can service his mountain of debt that he incurred from purchasing the team. And did I mention that the Astros are moving to the American League (AL) next year? At least then we will no longer be worst team in the National League…

I thought about my beloved Astros and what their Board of Directors might think about all of this; that is, if they had a Board of Directors. For instance, would a Board of Directors throw in the towel for being competitive in not only this season but for at least three more just to save some money? But the Astros do not have a Board, they only have an owner, so a special thanks to Jim Crane for not only selling out by agreeing to send up to the AL but for ending any chances of the Astros being in the playoffs anytime soon.

Fortunately US public companies do have a Board of Directors and these same Directors have a role in their company’s Foreign Corrupt Practices Act (FCPA) compliance program. Corpedia, in a recent White Paper entitled “The Importance of Board Oversight: The Role That Directors Play in an Organization’s Ethics and Compliance Program”, detailed why a Board of Directors has a role in a company’s FPCA compliance program and provided some guidance as to their views on what may constitute “appropriate Board oversight”.

Responsible Corporate Officer Doctrine

The duty began with the formulation of the Corporate Office Doctrine by the US Supreme Court. Under this Doctrine, officers and directors could be held liable under the following three conditions. First the person in question occupied a position of responsibility and authority in the corporation. Second the individual in question had the power to prevent the violation of law. Third, the person failed to do so. Although the Doctrine was originally narrowly focused, it has been expanded to other areas of the law such as the Sherman Act, securities laws and environmental laws.

Delaware State Court Cases

In the Caremark decision, the Delaware Court of Chancery held as a part of a Board’s duty of good faith, directors have an obligation to ensure that a corporate information and reporting system exists. This was followed up by the case of Stone v. Ritter for the proposition that “a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists.” Lastly, is the case of In re Walt Disney Company Derivative Litigation, from which can be drawn the principle that directors should follow the best practices in the area of ethics and compliance.

US Sentencing Guidelines

US Sentencing Guidelines and Department of Justice (DOJ) Prosecution Standards for guidance as to the obligations of a company’s Board regarding FCPA compliance. These began with the Sentencing Reform Act of 1984, which led to the first sentencing guidelines for corporations. These were modified and evolved under the 2004 Amendments to the Organizational Guidelines and the 2010 Amendments to the Sentencing Guidelines. Under these versions a Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. Additionally the DOJ has added guidance for the prosecution of corporations. In the DOJ US Attorneys’ Manual (2009) they posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program?; and (2) Are Directors provided information sufficient to enable the exercise of independent judgment?

What Constitutes Appropriate Board Oversight?

Corpedia ends its White Paper with suggestions about what types of information a Board of Directors should periodically receive. First and foremost are reports of “suspected misconduct and of the company’s responses to those allegations.” Next, Boards should be involved with the approval process for creation of or amendment to the company’s Code of Conduct and related policies. In addition to those areas, Corpedia suggests that a Board receive information on the following:

1. The structure and resourcing of the company’s compliance program and whether the Chief Compliance Officer (CCO) has sufficient authority to implement the program.
2. The structure of the company’s reporting system and the company’s policies regarding response to such misconduct.
3. The types of compliance training that employees receive.
4. The company’s risk assessment process and results and the methods developed by the company to prioritize and address the risks identified.
5. The audit program for the compliance program and investigation protocol for substantive violations.
6. The perception of whether the company has a culture of compliance, whether  employees fear retaliation for reporting violations and whether the employees believe that the company is truly committed to compliance.

The Corpedia White Paper provides a good review to understand the legal and statutory basis for a Board of Directors’ obligations under the FCPA. Too bad the Houston Astros did not have a similar group looking after the interests of the Astros stakeholders.

Errata-the Astros’ record over the past three weeks is 2-22 not 2-20.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Building Compliance Relationships in China

Today, the Games the XXX Olympiad will open with soccer matches (football for you non-Americans out there). On Friday London will officially take over from Beijing, host of the last Games. Even with the 2008 Games, many companies still find the Chinese market tough to crack both in business and in compliance. However, a recent article in the Summer 2012 edition of the MIT Sloan Management Review may help both business and compliance professionals in understanding some of the cultural differences in Western and Chinese practices.

In an article entitled “Building Effective Business Relationships in China” author Roy Chua explored some of the ways in which the ‘Chinese’ way of doing business is being Westernized and explained that non-Chinese executives must still work hard at building effective relationships with Chinese business partners. He came to these conclusions based upon six years of research, together with un-named colleagues, on trust, cultural psychology and business relationships in China. As a part of the specific research for his article, Chua interviewed 130 US managers and 203 Chinese managers.

The author posits that the central feature to a successful business relationship in China is trust. But he cautions that trust must be developed in two ways; from the head and the heart. He terms the first type of trust or ‘trust from the head’ as “cognitive trust’ which “emanates from the confidence that one has in a person’s accomplishment, skills and reliability.” The second type of trust or ‘trust from the heart’ is called “affective trust” and he believes that this “arises from feelings of emotional closeness, empathy and rapport.” The author cites the Chinese word for trust, which encompasses these two concepts, xin-ren. Xin refers to trust from the heart and Ren refers to an “assessment of the other’s reliability and capability.”

Trust from the Head

This part of a trust relationship will be familiar to Western executives and businessmen. It relates to “business needs and confidence” in your partner’s capability. The key here is to build value. One technique cited by the author is to build relationships by providing your partners with knowledge, or as he quoted one interviewee, “Once you show you can be helpful to them, I’ve noticed that people open up and trust you more.” This can be done in one-on-one relationships or by making presentations regularly at conferences and participating in industry activities. Chua cautions that this type of trust takes time and a Westerner may feel that they are being taken advantage of during the process.

Trust from the Heart

In this area, the author advises that there are several different techniques which Westerners can employ to build this type of trust. Obviously a key is to understand social etiquette and social custom. Chua states that this “deep knowledge can bridge the trust deficit by approximating the basis of common ties and values that individuals from the same culture enjoy.” He cites to the example of the Chinese tea culture as a good example. He believes that the ritual of tea drinking is becoming increasingly important in Chinese culture for business meetings but many of Chinese executives interviewed found that it was “difficult to share this experience with Westerners because they don’t think that Westerners can appreciate it.”

Chua also notes that use of the Chinese language is very important. If an executive can speak Chinese he or she will “have a powerful tool for navigating the culture.” He advises that Western executives should take advantage of any opportunity to learn the language but even if they cannot do so, you should have the best translator available when engaged in important discussions. I can attest to this final point, it is invaluable not only to have the language translated but to understand the nuances of what is not being said during contract negotiations.

Chua’s article provides some solid guidance which can be used by the compliance practitioner to help in building a culture of compliance in any Chinese business unit or with a Chinese business partner. First and foremost, is ‘boots-on-the-ground’. As a compliance practitioner you must go to China and begin to develop relationships to foster the type of culture that you want to have with your Chinese subsidiary, partner or business unit. Both the personal and the professional relationship should be developed, making clear your commitment to doing business in a compliant manner. As many Chinese will not openly question a superior, you should also plan to spend time outside the office, getting to know them, understanding their families, experiences and backgrounds. And last, but not least, is competence. Compliance is not “The Land of No” populated only by “Dr. No” and his progeny. Competence includes finding ways to do business in a compliant manner by working with the business unit members to accomplish this goal.

So as you sit back and enjoy the London Olympic Games you might consider the last Games in Beijing and how you might move your compliance program forward through greater trust in China.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

To The Moon and Back: Company Values from the Ground Up

On May 25, 1961 President John F. Kennedy told a special joint session of Congress: “I believe this nation should commit itself to achieving the goal, before this decade is out, of landing a man on the moon and returning him safely to Earth.” Forty three years ago, today, on July 24 that dream was accomplished when Apollo 11 which had landed Neil Armstrong and Buzz Aldrin on the moon on July 21, returned home safely. Even with the insanity of America in the late 60s, it was an event that we rejoiced in because it seemed to encompass our best values as a nation. New York Times (NYT) columnist Thomas Friedman, in an article on Sunday, July 22 entitled “The Launching Pad”, said that “Cape Canaveral was the launching pad for our one national moon shot. It was a hugely inspiring project that drove scientific research, innovation, education and manufacturing”. In short, the space program was a bold statement of our national values.

I thought about Friedman’s article and more sadly, Sally Ride, the first female astronaut in space, in relation to a recent article in the Corner Office section of the NYT, entitled “It’s Not About Me. It’s About Our Company Values”, where Adam Bryant reported on an interview with Cathy Choi, President of Bulbrite. Ms. Choi came to her current position in a usual manner; however this different route gave her some interesting ideas about her management style. I found her journey in the business world to be an interesting arc in the context of a compliance practitioner seeking to move the compliance program forward in his or her company.

Choi’s educational background is in mathematics and theater. After receiving her undergraduate degree she got an MBA from New York University and went to work for a “big accounting firm”. From there she went to work as a Personal Assistant to a Hollywood movie producer. The company she now runs, Bulbrite, a lighting maker and supply company, was founded by her father who gave her the opportunity to come in and run the company.

Take a Deep Breath

Choi wondered not only if she could ever walk in her father’s shoes but whether the company’s employees would accept her. The hardest thing was “walking into a set culture and trying to adapt to that culture, while still making an impression.” To help accomplish the transition, her father taught her to “take a deep breath” when she had an idea to change the company. By taking that deep breath, it provided an opportunity for thought and reflection. If the idea was good before she took the deep breath, it would still be good after it was more thoroughly considered.

It’s About the Company

One of the more interesting insights that Choi had regarding her transition to leadership from her father was to “build an intentional culture.” By this she made a “concerted effort to make the company the leader, not me or my dad.” She began by asking the employees what their personal values were and why they held them. She catalogued these values on a white board and began to note patterns; such values as integrity, team spirit and commitment to each other stood out. She developed these values into an acronym “BE BRITE” and the company uses this as its touchstone for alignment in company decisions such as hiring.

Start From the Ground Up

Choi said the next step was to come up with a group of accepted behaviors which supported the company’s value systems. Her role was to listen and be a facilitator. Choi did not take a leadership team offsite and come up with these values or behaviors, they all came from the employees, or as Choi put it “from the ground up.” She felt that by doing this it gave the company’s value structure, “a life of its own.” In other words, she made the values about the company and the company the values leader.

For the compliance practitioner sometimes the biggest challenge is not only to get senior management but the troops in the trenches to embrace compliance. That is why I found the message of Cathy Choi so useful. She came into an environment that was totally foreign to her coupled with the fact of being the owner’s daughter. Yet she was able to turn these potential negatives into positives by taking some very basic steps, such as taking a deep breath, engaging others and listening to what they had to say and building a value system from the ground up rather than imposing one from the top down. Her story is a powerful lesson of one way to get those troops in the trenches to buy into what the compliance department is selling.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Bradley Wiggins, the Tour de France and Internal Audit under the FCPA

Today is a great day for Brits everywhere. Not only did Bradley Wiggins become the first Brit to win the Tour de France but fellow Team Sky rider Christopher Froome came in second making it the first British 1-2 finish in the 99 year history of the Tour as well. Wiggins ended his masterful three weeks of cycling by leading in yet another Team Sky member, Mark Cavendish, the “Mann Manx”, to his fourth consecutive win on the final day of the Tour, down the Champs-Elysees. It was a fabulous finish to an incredible 20 stages of riding. So a tip of my cycling helmet to Mr. Wiggins and to all of Team Sky.

One question which I sometimes ask in conjunction with the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act is what are some of the specific questions that should be reviewed by auditors in an internal audit which focuses on bribery, corruption and fraud? Last October the US Public Company Accounting Oversight Board (PCAOB) issued “Staff Audit Practice Alert No. 8 Audit Risks in Certain Emerging Markets” (Staff Alert No. 8). While Staff Alert No. 8 “focuses on risks of misstatement due to fraud that auditors might encounter in audits of companies with operations in emerging markets” I found it to be a useful guide for auditors who are also tasked with anti-bribery and anti-corruption focused audits, particularly internal auditors who may be asked to review such practices in the ongoing internal audits. Staff Alert No. 8 begins with a list of “conditions and situations indicating a heightened fraud risk”, which I cite in full because it is an excellent list of Red Flags.

• Existence of two separate and different sets of financial books and records;
• Discrepancies between the company’s financial books and records and audit evidence obtained with respect to the existence and accuracy of cash balances, accounts receivable, and revenues;
• Auditor difficulties in confirming cash balances, including when requesting to visit the offices of the company’s bank, or questions about the authenticity of bank statements provided to the auditor;
• Auditors’ follow-up visits to bank offices indicating serious discrepancies between bank confirmations provided to the auditor and the bank’s actual records, such as previously undisclosed material borrowings and no record of or significant differences regarding certain transactions;
• Attempts by management to intercept or alter confirmation requests or responses;
• Irregularities in sales contracts, such as a company-specific seal affixed on the sales contract that does not belong to the purported customer named in the contract;
• Recognizing revenue from contracts or customers whose existence could not be corroborated;
• Recording sales of products shipped to warehouses or freight forwarders where no customer is identified;
• Undisclosed material facts surrounding acquisition transactions, sales transactions, and off-balance-sheet transactions with related parties;
• Recording of assets for which evidence of control, ownership, or title is either unclear or difficult to corroborate;
• Potential double counting of fixed assets;
• Recording of uncorroborated operating expenses for which the business purpose is unclear;
• Manipulation of the accounting records to mischaracterize or conceal payment of bribes or other improper payments;
• Significant unexplained discrepancies between amounts included in the financial statements in SEC filings and amounts included in financial reports to other regulators, such as local authorities;
• Use of personal-type bank accounts held in the name of corporate officers or employees instead of corporate-type bank accounts for company business; and
• Unusual delays by management in the production of routine documents requested by the auditor.

Staff Alert No. 8 makes clear that an auditor cannot accomplish a task unless he or she understands both the company and its environment. An auditor should have an understanding of the following:

• The relevant industry and regulatory factors, including the legal, and political environment, which may include matters such as:
  • The company’s significance in the regional or local economy and its level of influence over its industry, and regional or local government, and
  • Cultural norms in the business and regulatory environments;
• The company’s objectives, strategies, and related business risks; its organizational structure; and sources of funding of the company’s operations;
• The company’s significant investments, including equity method investments, joint ventures, and variable interest entities;
• The sources of the company’s earnings, including the relative profitability of key products and services; and
• The company’s key supplier and customer relationships.

From these factors, Staff Alert No. 8 advises that “incentives, pressures and opportunities” may lead to a heightened risk of corruption. Regarding incentives and pressures, the Staff Alert warns that companies which are looking to raise money for international markets may have an incentive to “manipulate financial statements rather than report poor results”. Providing a more detailed example the Staff Alert says that one technique used to accomplish such fraud would be consolidating the financial reports of a joint venture with a foreign state-owned enterprise, even if the company does not have a controlling interest in the partnership. Another example the Staff Report provides is the situation where a company repatriates large amounts of cash back to the US. Such foreign legal requirements can create a situation which could lead to bribery or corruption.

In the areas of opportunities, Staff Alert No. 8 focuses on weak internal controls as such deficiencies can provide opportunities for management or employees in such foreign jurisdictions to engage in bribery and corruption. In circumstances where a company is a dominant player in a geographic region, management might be able to dictate terms or conditions to local suppliers or customers, which might result in non-arm’s length transactions. Another example may well be where management could “pressure personnel of a local bank or other third parties to provide fraudulent information to the auditor.” Lastly, the PCAOB noted that there may be situations where employees are “not be willing to report instances of fraud for cultural reasons or fear of retribution from management” even where the company has a whistleblower program. The Staff Alert cautions that auditors should look for evidence of “undisclosed side agreements” and other evidence of collusion with third parties to “create false documentation to support fictitious transactions.”

Staff Alert No. 8 specifies that an auditor must exercise professional skepticism which requires an auditor to obtain and critically evaluate independent evidence from outside sources, rather than simply relying on “management representations about the company’s performance.” To accomplish this, the Staff Alert speaks to receipt of and review of independent confirmations and test and review revenue to ascertain that it is recognized correctly. Particular attention should be paid to transactions with related parties and to identify their materiality to financial statements.

I found Staff Alert No. 8 a very useful piece of guidance. Not only does it speak to the auditor looking at FCPA or Bribery Act issues but it is important for the compliance practitioner to understand what a regulator might expect to see. As most people you have heard me speak and know my FCPA and Bribery Act mantra is “Document Document Document”. This Staff Alert No. 8 lists what documentation a company should keep in order to help prove that it is doing business in compliance with these anti-bribery and anti-corruption laws.

So, congratulations, once more, to Bradley Wiggins. And for those of you cycling fans out there, seven of this year’s Tour de France stage winners will be riding in the London Olympics beginning this weekend. It should be great.

———————————————————————————————————————————————————————-

The FCPA Blog and ethiXbase are offering a cool deal to help dispell that summer heat wave by offering readers of the FCPA Blog a free download of the Anti-Corruption Compliance Benchmarking Survey. Normally valued at $295, the survey can be downloaded at no cost for a limited time with email registration here.

———————————————————————————————————————————————————————

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Halliburton Shareholder Derivative Action Settlement: Lessons for Enhancements to Your Compliance Program

In a story first reported in the Wall Street Journal (WSJ), entitled “Halliburton Says Court Approved Corruption Lawsuit Settlement”, Sam Rubenfeld reported that Halliburton has settled a shareholder derivative action which had been filed in state district court in Houston, Texas. The lawsuit, the consolidation of actions brought by two institutional shareholders and one individual shareholder against the company and its Board of Directors individually, had alleged that “the board’s failure to stop the activity caused the company to have to pay hundreds of millions of dollars in settlements and fines, and it damaged Halliburton’s reputation”.

The settlement is interesting for several reasons. Initially, it should be noted that Halliburton will not pay any damages but more than that, Rubenfeld reported that “the plaintiffs said in the settlement they faced “very steep hurdles” in establishing that the directors named in the suit were liable for the illegal activity, and that it was unlikely they would win damages “even closely approaching” what they sought in litigation”. In the settlement, Halliburton agreed to make changes to its corporate governance structure “including a clawback of compensation for board members who were involved in or approved the activity, beefing up its compliance program and strengthening the roles of its board members.” In other compliance areas, the company agreed to publish “newsletters and internal bulletins to include at least six articles per year addressing ethics and compliance issues.” Finally, Halliburton agreed that it’s “code of conduct has to be revised so as a layperson can understand it, and it has to be changed to specifically prohibit the use of bribes and kickbacks.”

I.                   Clawback Provisions

There were several specific provisions relating to clawbacks which may well now become standard provisions for officers and directors of companies going forward. They related to both monetary compensation and non-monetary compensation, such as stock. All the provisions turn on the following:

1. If an officer or director is named for “substantially participating in a significant violation of the law”;
2. And either a company investigation determines the officer’s or director’s conduct was “not indemnifiable”; OR
3. The officer or director “does not prevail at trial, enters into a plea arrangement…or otherwise admits to the violation in a legal proceeding.”
4. Then the clawback is triggered.

 II.                Greater Oversight of Compliance

The settlement specifies several steps the Audit Committee of the Board should take to enhance its role in the compliance function including holding more regular meetings and reporting to the full Board on issues relevant to compliance and risk management in general. The settlement also specified that a Management Compliance Committee shall be created and detailed investigation and reporting protocols for any “Significant Violation of any federal or state law”.

III.             Compliance Program Enhancements

Here the settlement specified that for employees working in high risk countries “who have job descriptions associated with business development and procurement activities [emphasis mine] they should have annual compliance training. The settlement also specified Halliburton to rewrite its Code of Business Conduct in plain English “so that it is written in a manner as is commonly understood by a layperson.” The Code of Business Conduct rewrite is to be expanded to make clear that foreign bribery and kickbacks are prohibited and will not use agents recommended by foreign governmental officials, unless such agents are screened through appropriate due diligence. As noted by Rubenfeld’s article Halliburton agreed to publish newsletters and provide email updates and intranet postings, which will address compliance at least six times per year. The company agreed to strive to maintain a ratio of one “Audit Service position for every 5,000 employees” and to certain restrictions in hiring a Chief Financial Officer (CFO).

In a section specified “To assure that its compliance program be deemed “effective” under the revised Federal Sentencing Guidelines” the company agreed to have a compliance program which would be designed to detect an offense “before discovery outside of the organization or before discovery was reasonably likely”. If there is a determination that such conduct occurs the company will take steps to prevent it from reoccurring. Halliburton agreed to take “reasonable steps to remedy the harm from criminal conduct”. Lastly, the Chief Compliance Officer (CCO) was given direct reporting authority to the Board and directed to report “no less than annually on the implementation and effectiveness of Halliburton’s compliance program.”

This settlement is a welcome addition for the compliance practitioner. First and foremost, the no payment of damages is a welcome change from such claims. Moreover, the enhancements agreed to by Halliburton give both compliance practitioners and company specific guidance on good corporate government practices in the compliance arena and specific ways to tie a compliance program to the US Federal Sentencing Guidelines.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Bastille Day and Recent Compliance Scandals: Where Will They End?

Saturday, July 14 was Bastille Day, the French national holiday which celebrates the storming of the Bastille prison during the early days of the French Revolution in 1789. Simply because a revolution does not succeed does not mean that it should not be celebrated and certainly the French people overthrowing centuries of royal rule for liberté, egalité and fraternité is an event to be recognized. I thought about what happened to the revolution of 1789 and its spiral downwards into the Terror of 1794 in looking back over the past two weeks of stunning revelations about corrupt practices behind three of the biggest scandals of recent note; the financial scandals involving the LIBOR manipulation by Barclay’s, the unraveling of the brokerage firm Peregrine Financial Group, Inc. and the money laundering violations admitted to by HSBC. The question that would seem to arise is will these three scandals end with the guillotine or a transition to transparency and the light of day with ethical cultures in embedded in these corporations?

In a July 17 article in the Financial Times (FT), entitled “Banks balance shifts towards the historical and ethical”, Patrick Jenkins wrote about HSBC and Barclay’s stating that “one thing is clear: the ethics of banking are broken. The question must now be: how can they be fixed?” Jenkins makes clear that while he does not question the personal integrity of the persons running those organizations, he notes that their tone-at-the-top was not up to snuff. He termed it “Too big to be trusted” because one of the reasons that he finds the ethical culture broken is that these organizations have simply gotten too big to adequately police themselves.

Jenkins identified three culprits for this problem. The first is “runaway acquisitions” where acquired companies are not integrated into the parent or acquiring organization. Second, he identifies a failure of corporate governance, in that Boards have failed to “challenge strategy and ask awkward questions.” Finally, he sees the remuneration model as one that has “long created incentives for dishonesty.”  Jenkins applauds British regulators’ push for “smaller cash bonuses, with long-term deferral” for senior management but believes that such trends need to be pushed down the corporate chain.

Writing in the July 17 Wall Street Journal (WSJ), in an article entitled “The Scandal Behind the Scandals”, Francesco Guerrera asked the following question: “Is this just a blip or are we at a breaking point that calls for a wholesale change in attitudes, and rules?” At least regarding the Peregrine Financial collapse he found that this scandal had undermined “the cornerstone of markets: trust between buyers and sellers.” And what of the regulators? Guerrera noted that “a few financial practitioners blamed regulators for failing to spot trouble.” Then, of course, there is Barclays’ former head Robert Diamond’s “everyone else is speeding defense” now coupled with the element that the regulators were in on it too. Guerrera’s penultimate paragraph noted the following “The financial industry and its political masters have to look forward, whether they like it or not.”  To end his piece Guerrera quoted an un-named banker who said “We are at a 1792 moment. Remember, the French Revolution was in 1789 but it took three years to proclaim a Republic.”

All of which brings us to HSBC. In dramatic testimony yesterday, before a Senate committee, as reported by Chris Matthews and David Bagley in a WSJ article, entitled “HSBC’s Compliance Chief to Step Down”, HSBC’s top anti-money-laundering (AML) executive announced he is stepping down for, among other reasons, “A yearlong investigation by the Senate Permanent Subcommittee on Investigations alleged HSBC’s U.S. bank became a conduit for money-launderers and potential terrorist financiers, and for the evasion of sanctions against Iran and other countries.” Additionally, a Senate report detailing the failures of HSBC found “The biggest problem was at HSBC’s Mexico branch, which moved billions of dollars of bulk cash through HSBC’s U.S. bank despite suspicions that client accounts were being used for laundering of drug cartel and other illicit funds. The Mexico bank had a committee overseeing compliance efforts, but many of its meetings were faked.” In short, there was actual knowledge that US laws were being broken and the bank was taking active steps to hide these facts. This is about as bad as it can get.

What about Bastille Day? Although the un-named banker quoted above was right, France did declare a Republic in 1792, it was only two short years until Robespierre initialed the Terror and the coming shouts of “off with their head”. In an article in the July/August issue of Foreign Affairs, entitled “Robespierre’s Rules for Radicals”, author Patrice Higonnet reviewed the recent book “Robespierre: A Revolutionary Life”. Higonnet ended the review with the following lesson from the file of Robespierre: Contrary to what they might wish, sometimes problems cannot be solved by simply cutting off someone’s head.

Banks, financial institutions and trading companies are being called to task for these deep systemic issues which have led to a corruption of ethics. As was previously noted in the FT, if bankers want to stop banker-bashing, they need to change their ethics themselves before someone else does it for them. It is clear that these institutions face a choice but only time will tell which road they take: will it mirror the road France took when it enacted an enlightened Republic or the road it took when the Terror reigned?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

FCPA Issue Management: An Illustrated Primer

I have previously written about the Open Compliance and Ethics Group (OCEG) Anti-Corruption Illustrated Series on Managing Corruption Risks and Third Party Anti-Corruption Due Diligence. Today I will review another in the Illustrated Series on Anti-Corruption Issue Management. This installation of the OCEG series is designed to assist companies to implement or refine an investigation process and to avoid some of the common problems that arise in when trying to identify, prioritize, investigate and resolve corruption.

I.                   Capture and Filter

A company should establish “multiple pathways” which will allow it to receive tips on potentially corrupt activity. Further, a company should monitor high risk activity and relationships based upon “identified factors including country, sales channel and third-party compliance data.” Some of these data sources could include continuous controls monitoring, controls violations which are noted, hotlines and informal intakes, third party or customer reports, audits, both internal and external, interviews, third party due diligence or media reports of other companies, locations, sales models or conduct.

These above mechanisms could raise a number of Red Flags which should be investigated more thoroughly. These Red Flags can include allegations of commercial bribery, customs and offset commitments, out of policy gifts, entertainment and travel, misreported accounting records, cash vendor disbursements and other high risk transactions, charitable giving and commission payments and unusually high or too-frequent facilitation payments.

Self-Assessment Questions

• Have we categorized types of conduct and areas of operations into threat-level categories as a part of our risk assessment process?
• Do we proactively monitor potential high-threat-level conduct and activities and provide multiple pathways for issue intake?
• Do we have contingency plans to manage issues that arise in each risk category including identified investigation teams, reporting requirements and escalation paths?

II.                Review

If any of your company mechanisms pick up or alert you to a Red Flag, the first thing you need to do is to secure your records to prevent the loss or destruction of any data and to try and preserve the attorney/client privilege to the extent possible. Next you should triage and assess the threat and rank it by risk level. The next step should be to determine your reporting obligations within the company. If you have a pre-existing contingency plan, you should report to those persons listed in the plan for the level of risk assessed. From this step you should execute a defined plan for the identified risk level and then refer the matter to the designated investigation and communication teams.

One thing that OCEG emphasizes is the need for high level oversight, whether that is a corporate Board of Directors or something akin to the Board of Trustees at college or university. Senior management and the Board of Directors need to be informed about potential issues of bribery and corruption early and should be kept abreast of the investigation as it progresses and “take a hands on approach to ensure protection of the organization and resolution of the issue.”

Self-Assessment Questions

• Do we have policies and procedures to secure evidence, protect privilege and bring in legal teams?
• Who is on our investigation team? From legal, internal audit, security, operations?
• Have we identified an authorized spokesperson and informed everyone about what may and may not be said, and by whom, about issues that have been identified or are being investigated?

III.             Resolution

Here the OCEG suggests a tri-parte approach. First, a company should investigate by collecting, reviewing and analyzing the evidence. Attention should be paid to issues which cannot be quickly resolved that may require re-assignment and notice to either senior management or the Board of Directors. Second, the company should execute a communications plan for management, employees and external stakeholders. This communications plan should keep the appropriate level of management informed on the change in status of any issue throughout the investigation. Lastly, the company should obtain an independent report and resolve any signals of systemic violations and ensure that any unlawful conduct has been terminated and appropriate disciplinary actions taken. This final step should present senior management with the requisite information to make business decisions about changes in business operations; the discipline/termination of employee/contractors/business partners.

Additionally, the company should define the legal strategy it will pursue if a violation is determined. Under the Foreign Corrupt Practices Act (FCPA) this could include an evaluation of whether the company should self-disclose to the Department of Justice (DOJ) and/or Securities and Exchange Commission (SEC).

Self-Assessment Questions

• Have all illegal practices been identified, stopped, and had controls revised or added?
• Do we have a communications plan and team that protects our reputation?
• Have we found systemic problems that require correction or deeper investigation?
• Are there potential violations of law that must be, or should be, disclosed and if so how quickly?
• Is the investigation report sufficiently independent and thorough to facilitate cooperation with prosecutors or regulators, and aid in defense of civil or criminal actions?

Finally, the company needs to be prepared to defend its reputation. OCEG suggests that the company identify those who will speak on the company’s behalf and to the extent possible have a consistent, controlled and truthful message.

Self-Assessment Questions

• Have we adequately briefed senior management and the board about strategic, financial, reputational impact of the case?
• Do the findings indicate gaps in company governance or culture that might require significant leadership changes?
• Do we need to revise business strategy, or terminate lines of business, withdraw from geographic regions or sever third party relationships?
• Will there be significant lost revenue and can we control it?                                                                                                                                        IV.              Continuous Improvement

The process should not stop at the conclusion of each issue resolution. OCEG suggests that a company conduct a root-cause analysis “including leadership weaknesses, culture issues and flaws in the performance of management activities and controls.” Patterns both in relationships and the aggregate should be analyzed and reviewed. Continuous controls monitoring should also be implemented.

OCEG continues its excellent illustrated series with this Primer on corruption issue management. It not only provides the compliance practitioner with a road map to follow but provides some very pointed questions that you can ask yourself to give a preliminary assessment of the state of your compliance program to detect and then respond to an issue. With the Dodd-Frank Whistleblower statute in full force, a quick directed response is mandatory to both comply with the law and to protect a company. I once again heartily recommend that you take a look at the OCEG series, as it will be well worth your time.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012