FCPA Compliance and Ethics Blog

October 16, 2012

John Brown’s Raid and Building Trust in Compliance Programs

October 16th is the anniversary of John Brown’s Raid on Harper’s Ferry. For those of you not familiar with this episode of American history, abolitionist John Brown led a raid on the US Arsenal at Harper’s Ferry, Virginia, the raid was intended to foment an armed slave revolt in 1859. Brown’s raid was defeated by a detachment of US Marines led by Col. Robert E. Lee. Brown was wounded in the recapture of the Arsenal and he was tried by the state of Virginia for treason and murder and was found guilty on November 2nd. Brown went to the gallows on December 2nd, 1859. Before his execution, he handed his guard a slip of paper that read, “I, John Brown, am now quite certain that the crimes of this guilty land will never be purged away but with blood.” It was a prophetic statement indeed.

I thought about Brown’s radical attempt to destroy slavery in the context of one of the Keynote Speakers at this week at the Society of Corporate Compliance and Ethics (SCCE) 2012 Annual Conference, which I attended. Stephen Cohen, Associate Director, Division of Enforcement of the Securities and Exchange Commission (SEC), provided remarks to our convention over lunch on Monday. He began by emphasizing that we are “all in this together” in seeking to prevent illegal conduct before it occurs. His presentation consisted of three over-arching themes: (1) The importance of a good compliance program; (2) Hallmarks of a good whistleblower program; and  (3) Some examples of bad or inadequate compliance programs.

Regarding the importance of a good compliance and ethics program, Cohen noted that “good ethics is good business”. Moreover, if a company simply creates the impression that it does not concern itself with compliance and ethics, there is usually reputational damage in the fallout. He specifically noted that in any SEC enforcement action, the Commission will give credit to a company for a robust compliance program. The cooperation tools available to the SEC, in enforcement actions, are reserved only for those companies that display robust compliance programs. He cautioned that, as with all regulators, the SEC will be skeptical of claims that a company has a robust compliance program without the documentation to back it up. He said that “deeds, not words make an effective compliance program.” A level of trust is important in dealing with regulators and if you cannot back up in documentation the claims you make about your compliance program, you may well lose the trust of regulators.

I found Cohen’s remarks around whistleblowers and whistleblower programs most interesting. Initially he noted that whistleblower programs compliment compliance programs as the purpose of a whistleblower program is to compliment rather than supplant compliance programs. He also noted that there are incentives to entice company employees to first go to the company internal reporting line rather than directly to the SEC Whistleblower program because employees can obtain a greater bounty if they go to the company first.

Cohen also said that company’s now have to “compete for the trust” of their employees. I would have to say this is very different than anything I have ever experienced at a law firm or company. Maybe it is due to the fact that I have worked in a ‘Right-to-Work’ state all my professional career where you can be fired for “good reason, bad reason or no reason at all” but I have never worked for a company that made any pretense of trying to win the trust of its employees. The situation was actually the opposite, the employee had to win the trust of the company and it was a very ‘my way or the highway’ culture where it was made clear to you that you were lucky to simply have a job. Of course, maybe that is why Foreign Corrupt Practices Act (FCPA) prosecutions have hammered the energy industry and why Houston is the epicenter of the FCPA world of enforcement.

Cohen provided some warning signs for a compliance program. He said that it is a clear red flag if a company is “pushing the envelope of legal and ethical compliances”. He cautioned companies to stay in the middle of the field and not try and go right up to the line of unethical conduct. The warning sign he noted was what he termed “technical compliance” and which he defined as those compliance programs which are overly technical but seem to defy common sense. Next he cautioned against lack of empowerment to the Chief Compliance Officer (CCO), particularly in the context where he or she does not have access to the Board of Directors and they do not hear from the compliance professional due to lack of access. He ended this section of his remarks by saying that it is the job of the compliance professional to “be skeptical” and if one is not, it will hurt the overall compliance effort.

Cohen rounded out his remarks with some examples of good practices. The first is the flip side of point 3 above; that is proper governance. The Board of Directors must not only obtain the proper information but it must assure that the compliance group within the company has sufficient resources to fulfill its task. Interestingly, he noted that the SEC is now meeting individually with Directors to establish the above. Cohen also noted that a company should provide both incentives for good, ethical behavior and penalties for those who do not follow a company’s compliance program. Next he said that there should be ongoing risk assessments and management or remediation of the risks determined. This led into his next point that companies must proactively keep pace with evolving best practices through not only risk assessments but keeping abreast of the latest developments in the compliance arena. Lastly, he emphasized that there must be a mechanism which allows employees to anonymously raise internal complaints, in other words, a hotline. Conjunctive to an internal, anonymous reporting system, companies must assure that there is a 100% no reprisal policy for employees, who in good faith, make internal complaints.

So what of John Brown and his raid on Harper’s Ferry? Although the raid failed, it inflamed sectional tensions and raised the stakes for the 1860 presidential election. Brown’s raid helped make any further accommodation between the North and South nearly impossible and thus became an important impetus of the Civil War. In other words, it destroyed trust. It seemed to me that Cohen’s remarks were really about building trust; trust between companies and regulators and between companies and their employees. If such trust exists then maybe, as Cohen remarked at the beginning of his talk, we will “all in this together”.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The Battle of Hastings and Diversity – How to Integrate It Into Your Compliance Culture

Sunday, October 14th was the anniversary of the Battle of Hastings, in 1066. In addition to being the last time there was a successful invasion of Britain, several other positive things came from this most historic event for English-speaking people. An article in the Telegraph, entitled “In everything we say, there is an echo of 1066”, writer Alan Massie said that “the most enduring legacy is also the richest: our wonderful hybrid language and the golden treasury that is English literature.” He went on to state that “Without the Norman Conquest, Shakespeare would not have been Shakespeare, because his language would have resembled 16th-century German or Dutch. He would never have written a phrase like “the multitudinous seas incarnadine”. Our language often loses vitality if it moves too far from the Anglo-Saxon and is overweighed by Latinate words, but much of its richness and scope derives from its dual inheritance. “Shall I compare thee to a summer’s day?  / Thou art more lovely and more temperate.”

I thought about Massie’s article when reading this past Sunday’s New York Times (NYT) Corner Office section in which reporter Adam Bryant interviewed Hilton Worldwide President and Chief Executive Officer (CEO) Christopher Nassetta, in an article entitled “On a Busy Road, a Company Needs Guardrails”. For all you compliance practitioners who work at large multi-national companies with employee numbers between 50,000 to 100,000; you should think about the compliance challenge at Hilton, which has over 300,000 employees worldwide. Nassetta said that one of the things he found when he initially took the position was that “I discovered when I joined the company five years ago is that we had a lot of segments of the company that operated very independently, and we had massive amounts of duplication and fragmentation. We needed alignment. We needed people to understand who we were, what we stood for and the key priorities of the company. And we needed them, once they understood that, to get their oars in the water and head in a common direction.” Nassetta traveled all over the world and met with employees. He believed that Hilton employees had good values but that as many times as he asked what the company values were, he got as many different answers. There were so many different value formulations that he “stopped counting when I got to 30 different value statements at our offices.” Nassetta viewed his job, as the CEO, was “to create the right culture, set the tone, the high-level strategy.” To accomplish this in the company Nassetta set up teams around the world to look at their value statements and “boil them down.” They then took all of the formulations and derived 6, which they stated as follows:

  • H for hospitality
  • I for integrity
  • L for leadership
  • T for teamwork
  • O for ownership
  • N for now.

He felt by using the Hilton name as the acronym for the company’s values, it could be reinforced every time the name was used. In other words, it drove these values down into the company’s DNA by continual reinforcement. While acknowledging that repeating can lead to value fatigue, Nassetta felt like he and the company could not say it enough. He stated, “in my case, there are 300,000 people who need to hear it, and I can’t say it enough. So what might sound mundane and like old news to me isn’t for a lot of other people. That is an important lesson I learned as I worked in bigger organizations.”

Nassetta’s message drove home to me that a company cannot only integrate a wide variety of compliance values into its culture but more so, that the message needs to be repeated. I thought about the Morgan Stanley declination which was released in May. As a part of the Department of Justice (DOJ) release they noted that Morgan Stanley had done the following for the employee Garth Peterson, who pled guilty to violations of the Foreign Corrupt Practices Act (FCPA): The Securities and Exchange Commission (SEC) Complaint detailed the compliance program Morgan Stanley had in place and how it directly related to Peterson. The Compliant specified:

(1) Morgan Stanley trained Peterson on anti-corruption policies and the FCPA at least seven times between 2002 and 2008. In addition to other live and web based training, Peterson participated in a teleconference training conducted by Morgan Stanley’s Global Head of Litigation and Global Head of Morgan Stanley’s Anti-Corruption Group in June 2006.

(2) Morgan Stanley distributed to Peterson written training materials specifically addressing the FCPA, which Peterson maintained in his office.

(3) A Morgan Stanley compliance officer specifically informed Peterson in 2004 that employees of Yongye, a Chinese state-owned entity, were government officials for purposes of the FCPA.

(4) Peterson received from Morgan Stanley at least thirty five FCPA-compliance reminders. These reminders included FCPA-specific distributions; circulations and reminders of Morgan Stanley’s Code of Conduct, which included policies that directly addressed the FCPA; various reminders concerning Morgan Stanley’s policies on gift-giving and entertainment; the circulation of Morgan Stanley’s Global Anti-Bribery Policy; guidance on the engagement of consultants; and policies addressing specific high-risk events, including the Beijing Olympics.

(5) Morgan Stanley required Peterson on multiple occasions to certify his compliance with the FCPA. These written certifications were maintained in Peterson’s permanent employment record.

(6) Morgan Stanley required each of its employees, including Peterson, annually to certify adherence to Morgan Stanley’s Code of Conduct, which included a portion specifically addressing corruption risks and activities that would violate the FCPA.

(7) Morgan Stanley required its employees, including Peterson, annually to disclose their outside business interests. In other words, Morgan Stanley continued to drive home the message of compliance during the tenure of Peterson’s employment with the company.

Further, when the DOJ came calling, Morgan Stanley was able to prove to the DOJ’s satisfaction that the company had indeed done what it had claimed because the documentation was available to present to the DOJ. So just as Nassetta continues to preach the HILTON values of the company, Morgan Stanley was providing direct information to Peterson on his responsibilities under the FCPA. Nassetta said one other thing that struck me as important in his interview. He said, “One simple philosophy I have as a leader of a big organization is to have really steady hands on the wheel. In a tumultuous world, with so many things going on around you, you have to know who you are, what you stand for and where you are going, and keep everyone pointed in the same direction and have the discipline to stick with it.”

From this I understand that if you know your values and have the discipline to stick with them during turbulent times, these values will protect you. I think that Morgan Stanley shows that training on the FCPA, certification by its employees to abide by it, training on their Code of Conduct or Business Ethics, including conflicts of interest and annual certifications; can go a long way towards protecting a company in the event of a FCPA investigation. And please do not forget those email compliance reminders, the DOJ specifically pointed out that Morgan Stanley sent Peterson 35 email reminders about the FCPA over 7 years. Even with my trial lawyer math, that is only 5 per year.

Massie in his article about what the Battle of Hasting meant for Britain wrote, “So, if you were to begin by asking, in Monty Python style, “what have the Normans ever done for us?” you might first reply that the most enduring consequence of the Conquest is the richness of the English language, with its Anglo-Saxon base and Franco-Latin superstructure. This mixture gives us a huge vocabulary, and many words with essentially the same meaning, yet a different shade of emphasis: fatherly and paternal, for example.” This richness came from diversity. The values of the Hilton Corporation came from the values of its 300,000 employees. The richness is out there and one of your jobs as a compliance practitioner is to use that diversity to create a compliance program that works for your entire company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Blog at WordPress.com.