FCPA Compliance and Ethics Blog

August 31, 2012

The Dog Bite Defense and Your FCPA Compliance Program

As most readers of this blog know, I am a recovering trial lawyer. I almost always acted as defense counsel for corporations in my trial lawyer career. In the trial lawyer world, there are four recognized defenses to any claim which are affectionately known as the “Dog Bite Defenses”. They are:

  1. My dog didn’t bite you.
  2. Even if my dog did bite you, it’s because you provoked him.
  3. Even if my dog did bite you, you really aren’t injured.
  4. My dog didn’t bite you because I don’t have a dog.

The fourth version of the Dog Bite defense is certainly an ‘all-in’ move. You had either (1) better be right or (2) have some big kahunas to make that argument to a jury with a straight face.

None of the cases I defended involved allegations of violations of the Foreign Corrupt Practices Act (FCPA) but some did involve corporate fraud. In an article entitled “Business Ethics and Moral Motivation: A Criminological Perspective” Joseph Heath took a look at the prevalence of white-collar crime in the discussions in business ethics. In his abstract he stated that “One of the effects that has been the development of a strong emphasis upon questions of moral motivation within the field. Often in business ethics, there is no real dispute about the content of our moral obligations, the question is rather how to motivate people to respect them. This is a question that has been studied quite extensively by criminologists as well, yet their research has had little impact on the reflections of business ethicists.” In this article, I attempt to show how a criminological perspective can help to illuminate some traditional questions in business ethics. I begin by explaining why criminologists reject three of the most popular folk theories of criminal motivation. I go on to discuss a more satisfactory theory, involving the so-called ‘‘techniques of neutralization,’’ and its implications for business ethics.

In a post entitled “A Criminological Perspective on Business Ethics” my fellow cyclist and blogging colleague Doug Cornelius reviewed Heath’s work. He noted that Heath began with the premise that the ethics scandals in the early years of the twenty-first century were not a business ethics failures but were really high-level, large-scale white collar crime. While the actions of the senior management of Enron, WorldCom and Adelphia were certainly illegal acts, these acts were probably surrounded by unethical conduct. However, the core actions all involved a failure to comply with the law.

What interested me about Heath’s article was that large corporations seem to generate a very steady stream of rather plausible (or plausible-sounding) excuses for misconduct. He believed that this “is the result of a confluence of factors: first, corporations are typically large, impersonal bureaucracies; second, the market allows individuals to act only on the basis of local information, leaving them in many cases unaware of the full consequences of their actions; third, widespread ideological hostility to government, and to regulation of the market in particular, results in diminished respect for the law; and finally, the fact that firms are engaged in adversarial (or competitive) interactions gives them broader license to adopt what would otherwise be regarded as anti-social strategies.” Doug summarized these in his post which I cite in their entirety:

Denial of responsibility

The offender claims that conditions of responsible agency were not met: it was unintentional; he was insane, he was provoked, he had ‘‘no choice’’ but to do it, it was all an accident, etc. In a company, an employee can blame his boss for telling him to do something wrong. The boss can pass the blame back down to the worker saying they acted independently.  The competitiveness of the marketplace and the workplace means that if one individual refuses to perform an illegal act, he may feel that he could simply be replaced by someone else who would.

Denial of injury

The offender seeks to minimize or deny the harm done. Most white collar criminals never meet or interact with those they harmed.  In many cases they wouldn’t even know how to find their victims.  “In these cases, there is potential confusion as to the identity of the individuals who are harmed by the criminal’s actions. In other cases, the mere fact that there is diffusion of the harm over a very large number of persons is appealed to as grounds for denial that anyone was injured by the person’s actions.”

Denial of the victim

The offender acknowledges the injury, but claims that the victim is unworthy of concern because he deserved it. The underpayment inequity is common. It’s hard to find an employee who believes that an enhancement of justice in society would require a reduction of his compensation package. On the other hand workers may feel under compensated, ignoring the difference between the ease with which they can be replaced that determines their wage rate, and their contribution to the company. It is really easy for workers to convince themselves that they are not stealing. Instead they believe they taking what they are owed, or they are punishing the company for treating employees poorly.

Condemnation of the condemners

The offender attempts to ‘‘turn back’’ the charges by impugning the motives of those who condemn his actions. The classic examples in corporate crime are the charges fired back at Eliot Spitzer during his time as Attorney General when he exposed a wide range of practices in the financial services industry. His political ambitions were often discussed side-by-side with his prosecutions.

Appeal to higher loyalties

The offender claims that the action was done out of obedience to some moral obligation that conflicted with the law. You often hear “I did it for my family.” The offender can see the company as a proxy and serve as an object of higher loyalty. One theory with Ken Lay and Jeffrey Skilling at Enron is that they misled investors for the sake of the company, insisting that it was a great company. There is also the more common business ethics excuse that it was done for profit and the benefit of the shareholders.

Everyone else is doing it

The mere fact that others are breaking the law is used to suggest that it is unreasonable for society to expect compliance. This is an excuse for all kinds of crime, but it is very common in a business context because of the competitiveness of the business environment.

Claim to entitlement

An offender claims he was acting ‘‘within his rights’’ and that the legal prohibition of his conduct constituted unjust or unnecessary interference. One of the big differences between corporate crime and street crime is how often white collar criminals deny the authority of the laws that they have broken. The argument is that the government should not regulate certain forms of private transactions.

Folk Tales of Moral Motivation

Heath argues that the focus on these techniques of neutralization is more effective in addressing business ethics and corporate crime than theories of “moral motivation.” The field of criminology has largely discredited those theories as folk tales. It’s not about character, greed, and values.

Another colleague has summarized these defenses along with some others that he has heard over the years into the following “Employee Defenses”. They certainly more fully expand on the Dog Bite defenses that I used, or rather, that I heard other defense lawyers were forced to use, in defending cases.

  1.  I didn’t do it
  2.  I didn’t do it, but that other guy did
  3.  I did it, but everyone else is doing it
  4.  I did it, but my supervisor knew about it
  5.  I did it, but my supervisor told me to do it
  6.  I did it, but there is no rule that says not to do it
  7.  I did it, but I did not know it was against the rules
  8.  I did it, but that particular rule doesn’t apply in this case
  9.  I did it, it was against the rules, but the rules are unreasonable
  10.  I did it, it was against the rules, but they have not been consistently enforced
  11.  I did it, its a reasonable rule, consistently enforced, but the penalty is too severe
  12.  I did it, but if I file a complaint, it’s retaliation if you enforce the reasonable and consistently applied rule
  13.  Who are you again?  (And back to #1)

What does all this mean for a compliance practitioner? First, it speaks to the need to be ever vigilant in your overall FCPA or UK Bribery Act compliance regime. You must work towards both the prevention and detection prongs of McNulty’s Maxims. The pack mentality is part of what makes a corporation succeed so you must make clear that there will be no tolerance for retaliation against whistleblowers (as in – they are not ‘team players’). Lastly, when you begin any internal investigation, you need to be prepared for these defenses; whether they are the straight-forward four Dog Bite defenses, Heath’s list of justifications as summarized by Cornelius or the 13 point formula of employee defenses.

So, while thinking of all this, Happy Labor Day!

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 30, 2012

Will the UK Let the Light of Day Shine Into Its Regulatory Process?

Should the regulators process be shrouded in mystery or should there be disclosure into the light of day? That is a question currently before authorities in London. As reported in the Financial Times (FT) column Inside Business, in a piece entitled “UK regulators must judge the right time to go public”, Brooke Masters reported that the UK Financial Services Authority (FSA) cannot provide the public details about a matter under investigation “until its internal decision maker, the Regulatory Decisions Committee, has heard the allegations and the defence of the accused and come down in favour of enforcement action.” There is currently legislation in front of Parliament which would allow a newly constituted financial regulatory agency, the Financial Conduct Authority, to go public with “warning notices” before a case gets to the Regulatory Decisions Committee. Masters cites advocates of this legislation who “say this would make the UK more like the US, where the Securities and Exchange Commission [SEC] can make public charges it has filed with a judge or administrative proceeding.” Apparently representatives of British banking interests are desperately fighting to keep such proceeds secret.

The Con

Master’s presents several arguments why regulatory investigations should remain secret. She quoted Lord Flight who claims that “allegations can blacken reputations and harm innocent investors.” He even pointed an accusatory finger at the head of the state of New York’s Department of Financial Services’ (DFS) Benjamin Lawsky who made allegations that Standard Chartered “hid $250 billion of transactions with Iran in breach of US sanctions, a charge that caused a one-day 16 per cent fall in the bank’s share price.” The bank insisted that they were “blindsided” by the allegations and indeed there were only $14 million in transactions which violated either US or New York state law. Of course we all now know that Standard Chartered also settled with the DFS for $340 million within days of these accusations being made public.

The Pro

Masters cites to un-named British Ministers who argue that “the public deserves to know when government regulators believe a major institution or prominent figure has committed wrongdoing. Further, timely announcements by the FSA or other appropriate regulators would “allow investors to move their money or protect themselves from similar misdeeds.” She poses the question of “Wouldn’t you want to know that a broker was facing charges of selling unsuitable investments before you – or even more pointedly, an elderly relative – gave him money?” Next she notes that “Quick enforcement also helps restore faith in the financial system. It is quite frankly a joke that nearly four years after HBOS failed, we still don’t know whether the FSA thinks anyone there did anything improper.”

Masters concludes her piece with a look at the SEC “Wells Notice” procedure, which is a private warning by the SEC to companies and individuals that the SEC wants to bring a case against them and this document invites the company or individual to respond directly to the SEC. This process allows the party or parties in question to respond or to work out a settlement. Masters believes that “the practice has worked well, especially for investors, who often get an early heads up about potential problems because most public companies disclose when they have received such a notice.” She believes that this interim step would be useful to give companies “a private right of reply before throwing open the doors.” But Masters makes clear her final position by concluding that she does not believe the UK government should “give in to the City’s efforts to keep the disciplinary process shrouded in mystery.” In other words, the light of day should shine into these dark crevices of nefarious activity.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 29, 2012

NYPD Community Policing as Model for Your FCPA Compliance Program

For those of you who do not know Scott Moritz, you should take an opportunity to do so. I first met Moritz (virtually) through his article in the FCPA Blog, entitled “Risk-Based Compliance”. In this post, Moritz looked at the language of Opinion Release 08-02 (the “Halliburton Opinion Release”) in the context of the risk based approach of which the Department of Justice (DOJ) approved Halliburton’s proposed acquisition of Expro. These risk based concepts were used by the UK Financial Services Authority (FSA) in its January, 2009, settlement with Aon. Moritz is a retired FBI special agent, with over 25 years of complex investigative, forensic accounting, regulatory compliance and law enforcement experience. He is now a Managing Director for Global Investigations & Compliance at Navigant Consulting.

I have had the opportunity to speak with Moritz on a couple of webinars, jointly author papers with him and hear him speak at leading Foreign Corrupt Practices Act (FCPA) conferences. I can assure you that he knows his stuff. Recently Moritz published yet another piece in his continuing education for the rest of us compliance practitioners in the area of risk based assessments. In an article entitled “Walking a Beat to Reduce Corruption”, Moritz analogized  “the concept of community policing that has been used to reduce crime in many major cities across the world” in his innovative approach of “a growing corporate culture of mutual transparency that is having a very positive effect on overall awareness regarding anti-corruption” for third party due diligence under both the FCPA and UK Bribery Act.

Moritz talked about community policing in the context of new thinking which holds that more “successful third-party anti-corruption programs depend upon effective two-way communication between the company and its third parties.” He advocates that companies “engage directly with third parties to build trust” and to communicate a company’s ethical values to both those third parties in its Sale and Supply Chains. The starting point for any trust is communications. He believes that for a compliance program to be truly effective, “it must create communication channels between compliance, its internal clients within the organization and the third parties whose actions could lead to corruption liability.” This communication should begin by making a company’s key employees, whose responsibilities include engagement with third parties i.e. business sponsors, “to the potential risks of these commercial relationships, how to recognize them, what they may mean in terms of their continuing compliance obligations and how to convey this information to the third parties in a way that is not construed to be offensive in any way.”

One of the most important roles of these business sponsors is to take the message of compliance to the company’s third party representatives. Many companies will have this first message be the company’s FCPA compliance questionnaire but Moritz advocates it is “the business sponsor’s responsibility to explain the company’s third-party anti-corruption program, the rationale behind it, to emphasize the mutual benefits of the relationship and to serve as the company liaison going forward. That initial conversation should also highlight the fact that the vast majority of such steps result in a strengthening of the relationship between the company and its third parties.”

This business sponsor should stress at least three key factors. The first is that the company lives by its anti-corruption values and those are embedded in its anti-corruption, FCPA Compliance Program and the questionnaire is a necessary part of that Compliance Program. Second, that your company’s Compliance Program is similar “to those in place at an increased number of organizations and it would be reasonable to expect it to be part of the process whenever their company engages with a global company.” Third, that by asking for what may seem as unusually sensitive information, it is not a lack of trust but that the request “actually signals the importance of the relationship and the company’s willingness to make a substantial investment in it to ensure that any issues that may be out there are put to rest at the outset thereby eliminating any future barriers to the relationship between the parties.” Concluding this section Moritz opines that by “Spending a fair amount of time setting the tone will provide a solid foundation for the relationship going forward.”

So how does this relate to a community policing program? At least as the theory is practiced by the New York Police Department (NYPD) it is based upon the precept of the “broken window theory” whereby if a window is allowed to be broken and stay broken it sends a signal that no one in the neighborhood cares about crime and this in turn leads to more crime. The NYPD took to having more foot patrols so that the officers could build trust in the neighborhoods which they were assigned, rather than driving around in squad cars. This signaled to the community that the police cared and many neighborhoods responded with actions, such as fixing broken windows, which showed they cared as well.

Moritz concludes his article by noting that “business sponsors act as the cops on your beat”. Just as community policing fosters two-way communication between the NYPD and the community; the business sponsor can effectively take the place of these police officers who are walking a beat in a community. The “business sponsors are on the front lines of your anti-corruption program building long-term relationships that are critically important components of your anti-corruption program and your commercial success as a whole.”

I found the Moritz piece quite interesting and continued his long line of thoughtful, best practices and leading edge commentary. I would add that a key is the business sponsor, your selection and training of this employee is a critical element. I commend the full Moritz piece to you.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 28, 2012

Leadership in the Compliance Department

One of the dynamic tensions in any corporate Compliance, or Legal, Department is when to lead by fiat and when to lead by consensus. I was reminded about that dichotomy when reading a recent article in the New York Times (NYT) Corner Office section, entitled “Before the Meeting Adjourns, Tell What You’ll Do Next”. In an interview by Adam Bryant with Bill Flemming, President of Skanska USA Building Inc., said that the former is “not leadership; that’s a boss.” Flemming used a quote from Russell Ewing to capture some of his thoughts on the difference: “A boss creates fear; a leader, confidence. A boss fixes blame; a leader corrects mistakes. A boss knows all; a leader asks questions. A boss makes work drudgery; a leader makes it interesting. A boss is interested in himself or herself; a leader is interested in the group.”

Flemming believes that organizations where the boss makes all the decisions are not as strong as those where the leaders listen and works with a team or person to come up with a solution. He explained that he did not want someone to simply announce a problem to me and expect him to solve it. Flemming articulated what he desires from an employee as follows: “You tell me what the problem is, you tell me what your proposed solution is, and I’ll give you feedback. I don’t always want to give you an answer on what to do. I want you to think about what your answer’s going to be. I’ll always have an opinion about something, but I want people to form their own opinions.”

Flemming believes that this technique is more powerful because if an employee is deeply immersed in the problem or the issue, that employee probably knows a lot more about it than Flemming is going to know. While a leader can provide some insights based on experience, and perhaps give a different view, most probably the employee who brought the issue will be more intimately involved with the issue. The employee will have thought through a resolution to the potential issue as well.

All of the above is driven by an interesting maxim that he works for the people under him. Or as Flemming was quoted, “First, I work for the people below me. They don’t work for me; I work for them.”  From this starting point, Flemming believes that teamwork is the key to good leadership. Business is “not an individual sport.”

Almost every lawyer I know has worked for, or perhaps with, a senior person who qualifies as a boss rather than a leader. I can certainly count a few bosses that I have worked for who were quite “dynamic” as bosses. However, I found that Flemming’s viewpoint not only helps bring consensus to any problem that you might face but also provides a personal commitment to his team and facilitates responsibility to others on the team. I think that these concepts could be very useful to the compliance practitioner whether working internally within the compliance department or with business unit personnel. If consensus can be reached on any important compliance related decision, it can certainly change the perception that a Compliance Department is “the Land of No” populated by “Dr. No.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 27, 2012

How Do You Change an Unhealthy Compliance Culture?

What is a healthy culture and how do you change an unhealthy culture? I have always thought that baseball was a simple game: you throw the ball; you hit the ball; you catch the ball. I had also thought that you could measure whether a baseball team had a healthy culture with a fairly easy-to-understand metric; that being wins and losses. For example: the more wins that your team has the better it should be, conversely the more losses your team has the worse it should be viewed. Based upon this fairly straightforward metric, I would have said that the Houston Astros did not play baseball very well in 2011, when they lost 106 games and won 56 games. I would have also said that they are an even worse team this year as they are on track to have an even shoddier season; their current trajectory is for 109 losses vs. 53 wins. All-in-all a pretty unhealthy baseball culture.

However, it turns out that my straightforward analysis of baseball culture is in fact too simple. As reported in the Houston Chronicle, team owner Jim Crane said “he believes sophisticated baseball fans are in tune with the team’s plans.” I would have thought that having not only the worst record in baseball and indeed the worst record in the history of the Houston franchise showed that the culture of baseball is not particularly good right now in Houston. However, it turns out that I simply have an “unsophisticated” view of how to approach the Astros culture and losing for the past three years and up to the next five years is the team’s culture plan. On a more positive note, in the same interview Crane said that the redesign of the Astros uniform that he has been so diligently working on has been submitted to Major League Baseball (MLB) for approval. So, if a winning baseball culture includes redesigned uniforms, it sounds like the Astros are the team for you.

I thought about the Astros culture of losing, my “unsophisticated” view of baseball and the Astros redesigned uniforms when reading a recent article by Andrew Hill in the Financial Times (FT), entitled “Lofty Aspirations”. Hill quoted Roger Steare, an expert on corporate leadership, values and ethics, who said that culture “describes the way human beings behave together – what they value and what they celebrate.” Hill posed the question of whether it is possible for government policy makers or regulators to shift the behaviors and values of scandal hit sectors of the business and if it is even desirable. Hill looked at the ongoing crisis in the financial services sector and found that it is so deep that regulators in the UK have “explored whether to intervene to influence corporate culture.” Hill cited a speech from 2010 by Hector Sants, then head of the Financial Services Authority (FSA) where he said that regulators can ask a Boards of Directors to provide agencies with “evidence of healthy culture, such as functional whistleblowing regimes, positive customer and employee engagement surveys, and a system for challenging “group think” at board level.” However, Sants also cautioned that “I don’t believe the regulator should be enforcing culture because it’s a contradiction in terms: if you enforce culture, you get a police state with compliance on the surface and subversion underneath.”

Hill argues that the best way to effect culture “is to combine strong leadership with the existing internal elements of a healthy corporate culture.” Further, for businesses which are “assailed by allegations of bad behavior is that, while it may take as long to create a good culture as it does to establish a good reputation, a strong set of values is usually harder to destroy unless the company is itself dismantled or taken over.” Hill went on to cite one example where a company Chief Executive Officer (CEO) had a strong “Lutheran philosophy” and the Chairman of the Board had a more creative tone. They certainly had a tension but this tension played out as constructive discussions at the highest levels of the company and did not allow for a shift too much in one direction or the other.

Hill recognizes that many CEOs want to create the type of company at which they wish to work. However, if they desire to make such changes they must communicate “from the start the values staff were expected to follow.” Nevertheless, Hill continued, “the message needs to be constantly reiterated, in person.” He also noted a “that a strong corporate culture will not on its own protect a company that has a bad strategy, poor governance or a weak business idea, let alone one that takes the wrong operational decisions.” Hill cited from the book “In Search of Excellence” where authors Tom Peters and Robert Waterman pointed out that “poorer-performing companies often have strong cultures, too, but dysfunctional ones. They are usually focused on internal politics rather than on the customer, or they focus on ‘the numbers’ rather than on the product and the people who make and sell it.”

All of this would seem to point, again and again, that a company’s values not only starts with tone-at-the-top but those values must be communicated again and again. Hill closed his article with a quote from Roger Steare, who said that he always asks the Directors that he consults with what is the purpose of their entity. “If they respond ‘To make a profit’, I know we’ve got a problem?” So how about the Astros and their culture? Do they have strong culture but are simply dysfunctional? Or do they need an intervention or structural change? Maybe all three…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 24, 2012

Upcoming Events

Filed under: FCPA,Michael Volkov,Stephen Martin — tfoxlaw @ 2:41 pm

I am excited to announce that I will participate in three upcoming event, with three of the most knowledgeable people I know in the FCPA space. Both events are sponsored by Kreller and they are both free.

Chicago-Sept. 11

On Tuesday, September 11 I will be at the University Club in Chicago with Stephen Martin, Managing Director of renowned Baker & McKenzie Compliance Consulting. Our topics will be:

  • Overviews of recent government enforcements
  • Recent Key FCPA & Anti-Corruption cases: what went wrong, red flags, lessons learned
  • Practical advice on establishing and maintaining a comprehensive compliance program

For more information and registration, click here.

San Diego-Sept 25

One Tuesday, September 25, I will be at the in San Diego Marriott Del Mar with Mike Volkov, partner in the firm of LeClair Ryan. Our topic will be Risk-Weighted Due Diligence.

For more information and registration, click here.

Houston-Oct. 10

On Wednesday, October 10, I will be joined again by Mike Volkov and Dan Chapman, the Chief Compliance Officer at Parker Drilling for a discussion of Conducting proper Due Diligence an art – not a science.

For more information and registration, click here.

I hope that you can join us for one of these events. I promise you it will be worth your while.

August 23, 2012

The FCPA Compliance Strategic Plan – Some Lessons for the Astros

The Houston Astros were swept this week by the St. Louis Cards and are now on a 7-43 run, the worst in the majors since 1943. On the upside, the entire starting nine fielded by the Astros’ on Thursday had only one player, outfielder Ben Francisco, making more than the league minimum (approximately $483,000) and their combined salary was about $4 million less than the one-year deal of $9.75 million that Cardinals starter Jake Westbrook has just signed. So our new Astros owner should have plenty of money for those new American League uniforms he has been secretly working on.

One of the things that my colleague Stephen Martin talks about is the need for strategic planning for your Foreign Corrupt Practices Act (FCPA) compliance program. He suggests a 1, 3 and 5 year strategic plan which you should utilize as a road map for your compliance program in these time frames. Equally important, as a former state and federal prosecutor, he believes that such a document would be an important item to produce to a prosecutor, who might be reviewing your compliance program in the event of a voluntary self-disclosure, a Dodd-Frank or other whistleblower event, which has led your company to receive a subpoena or letter of inquiry or an industry sweep. He believes that such a strategic plan could well lead to the development of credibility for your company and your compliance program in the event of one of the aforementioned eventualities.

I pondered over Stephen’s thought on the subject of a strategic plan recently when I heard the Houston Astros General Manager say that he was not sure what plan he has to make the Astros a winning if not relevant, team again. Basically he said it was a 1, 3 or 5 year plan, or perhaps something else, he just wasn’t sure. With those words of encouragement in mind it would appear that the Astros plan is the following: (1) Year One: Lose to a new set of teams as the Astros will move from the National League to the America League; (2) Year 3: Continue to lose; (3) Year 5: Be all you can be. How is that for a strategic plan?

With the above in mind I was interested to read an article in the Houston Business Journal, entitled “Strategic planning needs constant follow-up to be successful” by Bruce Rector. As with Martin he recognizes that while a strategic plan can serve as guide for your company going forward, it must actually be utilized to garner any use out of it. Rector notes that “if your company and management team have expended the time and resources to pull together a strategic plan, the next logical step is to follow up and keep things on track.” While Rector’s article is not aimed at the compliance arena, I believe that the steps he lays out, translate without difficulty, into steps a compliance officer can take to meet the suggestion laid out by Martin above.

  • Review the Goals of the Strategic Plan. This requires that you arrange a time for the Chief Compliance Officer (CCO) and team to review the goals of the Strategic Plan. Rector advises that to the extent possible this should be done in person. The CCO should lead a discussion of the Strategic Plan and determine how this goal in the Plan measures up to its implementation in your company.
  • Design an Execution Plan. Here Rector advises that the “Keep it Simple Sir” or KISS method is the best to move forward. This would suggest that for each compliance goal, there should be a simple and straight forward plan to ensure that the goal in question is being addressed. Rector notes that any “plan must be specific with clear tasking and deliverables and a definite timeline for delivery.”
  • Put Accountabilities in Place. In any plan of execution, there must be accountabilities attached to them. Simply having a time line is not enough. This means that the persons tasked with the responsibility of performing the tasks be clearly identified, by both the individual so tasked and the actual task they are assigned to complete. Accountability also includes a “follow-up mechanism to ensure that these vital goals are achieved.” This requires the CCO or other senior compliance department representative to put these in place and then mandate a report requirement on how the task assigned is being achieved.
  • Schedule the Next Review of the Plan. Most interestingly, Rector recommends a review of the foregoing process on a weekly basis. While noting that this may seem time consuming, he believes that once the group assigned with this responsibility gets “into the rhythm, it can go smoothly.” While I would not necessarily agree that weekly meetings are required, Rector does correctly note that such regularity allows any problems which may arise to be detected and corrected more quickly than if meetings are held at a less frequent basis.

Martin’s guidance that a FCPA strategic plan can be a key part of your overall compliance program is sound advice. However, simply developing a strategic plan is not enough. Rector concludes by stating that “Part of management’s responsibility is to continually reinforce the vision and goals of the company, as set forth in this plan.” This is particularly true in the compliance arena, where assessment and updating are critical to an ongoing best practices compliance program. If you follow the process laid out by Rector, you will put a mechanism in place to demonstrate your company’s commitment to compliance by following through on intentions as set forth in your strategic plan.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

What is Your Integrity Capital?

Compliance practitioners often hear that bribes must be paid in emerging markets to get anything done. Indeed a recent survey by CEB (formerly Corporate Executive Board) of more than 700,000 employees of multinationals around the world, discussed in a Harvard Business Review article, entitled “Greased Palms, Giant Headaches”, by Dan Currell and Tracy Davis Bradley reported that there was a large jump in the payments of bribes, providing or receiving improper gifts and failures to report conflicts of interest in the BRIC (Brazil, Russia, India and China) countries over developed countries. Is bribery really pervasive in those countries or is it simply the perception? On the other hand, as Andre Agassi was found to say “Perception is reality.” Certainly the story by the New York Times (NYT) about Wal-Mart in Mexico paying over $24 million to be the first big box retailer into the Mexican market may lead some credence to that perception. While the authors did not specifically address the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act, they did report that “bribery and corruption is the second leading category of unlawful activity by Western companies in emerging markets”.

However, Currell and Bradley focus their collective attention on the US corporate headquarters in their article. They note that “Our research suggests that one driver originates at headquarters-multinationals’ increasing growth imperative in emerging markets.” While it certainly is a recognized and valid long-term growth strategy to identify and develop new markets, the authors believe that companies are now thinking that they can “meet our targets by increasing revenues quickly in markets” like the BRIC countries. In other words, long-term strategic plans suddenly become “short-term necessities” and this change can increase “the pressure on local employees to make their numbers, tempting some to break the law.”

What is a company to do when short term goals cause pressure, pressure and more pressure for increased revenues? The authors acknowledge that a robust compliance program is a key component for protection against bribery and corruption by employees, but they believe that more is needed. They identify “Integrity Capital” as a key component to “lower levels of misconduct along with higher levels of reporting when employees do witness wrongdoing. Integrity capital is embedded in the culture, not instituted through controls, and it helps shape employee behavior, which could include offering a bribe or defrauding the company.” The authors identify the following as five factors of Integrity Capital:

  1. Management takes action when it becomes aware of misconduct. This means that companies “must insist on a swift response to complaints, unbiased investigations” and even “public hangings” of offenders.
  2. Employees are comfortable speaking up about misconduct and don’t fear retaliation. While this would seem to be self-evident, it is a sad fact that in many companies, whistleblowers are ostracized or even blamed for the conduct in question. Witness the initial response by Wal-Mart management in the 2005 time frame to allegations of corruption made by an employee with knowledge of the conduct. He was blamed for the conduct at issue. Even in the recent allegations brought to light with EADS, the whistleblowers were marginalized or worse by the company.
  3. Senior leaders and managers treat employees with respect. The authors believe that in addition to not mistreating whistleblowers, companies should “praise employees who have the courage to call out wrongdoing.”
  4. Managers hold employees accountable. Simply put, if an employee engages in bribery or corruption, they need to be disciplined or discharged. Allowing high revenue generators or high income generating territories or business units to avoid scrutiny and/or sanctions is a clear recipe to destroy the integrity of a compliance program.
  5. High levels of trust exist among colleagues. Your employees must believe that the company will take allegations seriously and will act on the information that they provide.

The authors conclude their article with three different concepts which they believe will minimize the occurrences of bribery and corruption within an organization. First, a company should use commonsense observation. If an emerging market shows success in “speeding things along”, such as regulatory approvals for the construction of bricks-and-mortar facilities, this made need to be looked at closer. Since regulatory approvals do not happen quickly in BRIC countries, it may be that the skids were greased with cash to pay bribes. The second is that a company must be proactive in seeking out and obtaining information from employees about allegations of bribery and corruption. The authors “advise companies to also proactively solicit information from frontline employees and to use surveys or online tools to guarantee anonymity” in reporting allegations of bribery and corruption. Lastly, the authors insist that companies have organization justice so that if there are credible reports of misconduct they are not swept under the rug.

Currell and Bradley provide interesting observations which can be used by a compliance professional to evaluate the sufficiency of their compliance program. Their thoughts on things to look for from an emerging market provide solid guidance on searching for potential red flags which might warrant further investigation from internal audit or a FCPA based compliance audit team. There are a number of practitioners and ethicists who talk about the need for ethics in any company culture to compliment a compliance program. The article by Currell and Bradley provides some of their guidance on what that may look like.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 22, 2012

The Face of Battle: Sir John Keegan and the Individual in Compliance

On August 2, Sir John Keegan died. He was one of the most influential military historians I have ever read or had the chance to hear speak in person. Keegan was knighted for massive output. In his August 3, 2012 obituary in the New York Times (NYT), David Binder noted that “Sir John’s body of work ranged across the centuries and continents and, as a whole, traced the evolution of warfare and its destructive technology while acknowledging its constraints: the terrors of combat and the psychological toll that soldiers have endured.” For Tip O’Neill, all politics was local, for Sir John Keegan, all military history was individual.

I, probably like most Americans, was introduced to Keegan through his seminal work “The Face of Battle” which launched his publishing career. The Historian J.H. Plumb called it “so creative, so original” and “a huge achievement.” Binder commented that “He examined three battles in the book: Agincourt in 1415, Waterloo in 1815 and the Somme in 1916…all involving the English. His tale was somber and compelling about what happens in the heat of battle, including the execution of prisoners.” Further, “the military historian, on whom, as he recounts the extinction of this brave effort or that, falls an awful lethargy, his typewriter keys tapping leadenly on the paper to drive the lines of print, like the waves of a Kitchener battalion failing to take its objective, more and more slowly toward the foot of the page.”

But for me, he drove home what battle was like for the ordinary soldier. I can still recall his descriptions of the English long bowmen and the French knights they decimated. In another book, entitled “The American Civil War”, he looked at the role of geography in conflict. Once again he approached the subject of military history in a new and fresh way that brought the subject alive to me while challenging me to reconsider the traditional great man view of military history.

I thought about Keegan’s focus on the everyman of battle today while participating in a webinar entitled “A Real-Time Solution to Managing Fraud and Corruption Risk” hosted by the company Oversight, they have a software product which allows continuous monitoring of data. One of the topics covered in the webinar was fraud and employees who commit fraud. Fellow presenter, Jeff Harfenist, who is a CPA, MBA and a Director with the Berkeley Research Group, emphasized that fraud almost always start small, with the participant or participants typically starting out small, then increasing in complexity and aggressiveness. The perpetrators will then often grow the fraud in magnitude, while sometimes increasing the number of participants. Unfortunately they will rarely cease on their own accord. In other words, the concepts Jeff talked about seemed to me to fit into Sir John’s analysis of the everyman of battle: what they did and how they did it.

Jeff further explained that data mining software, such as that by the event sponsor Oversight, coupled with advanced analytics and exception management capabilities added together with established forensic protocols and recognized investigative methods could provide real-time (or near real-time) detection in variety of areas. Some of these could include inefficiencies in purchasing, potentially anomalous transactions, high-risk relationships, compliance failures and circumvention of internal controls.

I often talk about McNulty’s Three Maxims of Compliance: (1) What did you do to prevent it? (2) What did you do to detect it? And (3) When you discovered it, what did you do to remedy it? Control monitoring moves an internal audit function from the second step, “detection”, to the first step “prevention” through the active, ongoing and real time process as it evaluates 100% of the transactions or associated target functions in real-time (or near real-time) which is highly automated and can be repeated on an as frequent basis as required. The continuous monitoring approach allows you to experience what the individuals in your company are doing on a real-time (or near real-time) basis down to the single transactional level on a repeated basis.

Listening to Jeff Harfenist speak, I thought about Sir John and his work. Just as you can learn and experience history by studying the individuals who participated in great events, your compliance program should be aimed at individuals to guide their ethical behavior based upon your company’s compliance regime. So think of Sir John Keegan’s work on the individual in battle in conjunction with what your compliance program is doing to prevent and detect fraud of individuals in your company.

=========================================================================================================================================================

If you were not able to attend the webinar, you can listen to it, while viewing the slides by clicking here.

=========================================================================================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 21, 2012

What Are Some of the Benefits of a Compliance Hotline?

Is your hotline working for you? The Securities and Exchange (SEC) Whistleblower line certainly appears to be working according to an article in the August issue of Compliance Week Magazine, entitled “Promoting Effective Us of the Compliance Hotline” by Columnist José Tabuena. In the article, Tabuena quotes SEC Deputy Director of Enforcement George Canellos, who related at a recent conference that “What’s really clear is quality of those tips has greatly improved and that market manipulation, dishonest accounting and potential violations of the Foreign Corrupt Practices Act (FCPA) are the most popular topics of whistleblower reports.”

In his article Tabuena gave an excellent example of the power of a hotline. He wrote about the case study of a company which had not integrated its IT function into its regular compliance and ethics training programs. As such there were zero calls into the hotline by employees from the IT department. This dynamic was changed and IT was integrated into the company’s regular compliance and ethics training. Thereafter, the hotline received several calls from IT department employees where there were two major areas of complaints. The first general area was that there were conflicts of interests between IT department managers, family members who were hired and perceptions of favoritism. The second generally revolved around allegations that certain company managers were manipulating data to maximize their bonuses.

The Favoritism Problem

The Human Resources (HR) department led an investigation that included questioning all IT managers about their direct reports and employees of their unit. The company determined that there was only one instance of a manger hiring a family member (a brother-in-law), but that person did not report to the manager and was in a different section of the IT organization. This finding made clear that there were misperceptions in the IT department, which affected the department morale. To remedy this all IT managers received training on appropriate employment practices, communications were also delivered to all IT employees explaining policies and practices regarding the hiring of family members. Most satisfyingly, Tabuena noted that during follow-up with callers to the helpline, the callers stated that the work environment in the IT department had noticeably improved. They also expressed gratitude that their questions were answered and that their issues were addressed. The callers felt their concerns were taken seriously when they saw the communications on hiring practices and upon having discussions with managers during staff meetings. Staff retention started improving in the department.

Manipulation of Data for Bonuses

The company used the hotline to obtain more information from the callers on “isolating the metrics and the managers in question. It was determined that the bonuses of a select few IT managers were indeed influenced by a questionable data source, which was controlled by a non-manager with minimal oversight and controls. Following interviews with the key individual and review of the data file (including forensic analysis), it was determined that one IT manager had misrepresented information provided to the staff person maintaining the data. Notably, this staff person also reported to this manager. As a result, the IT manager’s bonus compensation was inflated. He was subsequently terminated.

Basic Tenets of an Effective Hotline

Tabuena provided three lessons which he felt were demonstrated in his article.

  • First, a helpline is of no value if the workforce is not aware of it. Although a helpline was in place, it became apparent that a segment of the company had not been informed. It was hotline data that revealed this gap. By reviewing data segmented by region, department, incident classification, and other criteria, it became obvious in comparison to the rest of the organization that the IT department had not used the helpline.
  • Second, the ethics and compliance office obtained support from the Chief Information Officer (CIO) for making IT part of the helpline community and for designating a  liaison within the IT function. The support of department leadership likely influenced the success of the training and communications delivered by the ethics and compliance staff.
  • Third, the awareness of the helpline is not sufficient to ensure success. The company made sure that issues and allegations were addressed and investigated, as needed. Employees who choose not to report wrongdoing indicate a belief that nothing will be done anyway, so why take the risk? Employees also cite fear of retaliation as a reason for not reporting.

Tabuena’s article showed the power of a hotline. The company’s Compliance Department “established the credibility of the helpline as a resource to raise issues and report misconduct. The concerns regarding nepotism and conflicts of interest were taken seriously, and although the   violations were not as widespread as the calls indicated, the review went a long way to clear the air.” Equally important, the helpline proved to be a successful management tool as well. The company was able to manage potential compliance issues and improve employee morale.

============================================================================================

Interested in learning more about continuous monitoring in compliance. Join myself and Jeff Herfenest, Director of the Berkeley Research Group for a free webinar today at 1 PM CDT entitled, “Continuous Analysis:A Real-Time Solution to Managing Fraud and Corruption Risk” . Information and registration can be found by clicking here

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Next Page »

Blog at WordPress.com.