Use of Forensic Accounting to Avoid a Compliance Meltdown

On this date in 1979, the worst accident in the history of the US nuclear power industry began when a pressure valve in the Unit-2 reactor at Three Mile Island fails to close. Cooling water, contaminated with radiation, drained from the open valve into adjoining buildings, and the core began to dangerously overheat. While plant workers were exposed to unhealthy levels of radiation, no one outside Three Mile Island had their health adversely affected by the accident. Nonetheless, the incident greatly eroded the public’s faith in nuclear power. In the more than two decades since the accident at Three Mile Island, not a single new nuclear power plant has been ordered in the United States.

One of the recognized aspects of a best practices compliance program is auditing. In many ways, auditing is thought of as one of the ways to avoid a compliance meltdown. However, in a recent article in the Texas Lawyer, entitled “How Forensic Accountants Differ from Auditors”, author Elizabeth M. Junell discussed how a forensic accountant can assist an in-house lawyer in a manner of different ways than auditors from a company’s internal audit function. I found that her article had some interesting points for the compliance practitioner.

Junell says that forensic accountants collect and analyze accounting and internal-controls evidence. They use this information to produce a fact-based report that can inform the decision-making process in inquiries, investigations and dispute resolution. The by-products of a forensic accountant’s work can include remediation strategies to help a company mitigate and remedy procedural or internal-controls gaps that allowed the underlying issue to occur. Inquiries into accounting and internal controls raise a host of technical issues requiring specialized knowledge that forensic accountants are uniquely positioned to provide. Junell contrasts these areas with that of internal audit, which she believes more often looks at process to determine if it has been adhered to in a procedure. This leads to internal auditors examining evidence to determine whether people followed prescribed processes or internal controls; this occurs, for example, in an operational Sarbanes-Oxley (SOX) or Foreign Corrupt Practices Act (FCPA) compliance audit.

Junell writes that forensic accounting differs from auditing in both its objective and skill sets. The objective of a forensic accounting assignment is to collect, analyze and report on the evidence or facts surrounding a particular act that often has litigious, fraudulent or criminal implications. Auditors also collect and analyze evidence, but an independent auditor’s objective is to attest to the credibility of assertions that are under examination, such as the material accuracy of financial statements for which the audited company’s management is responsible. However, she argues that a key role of the forensic accountant is to identify a concern and to notify company management about the issue or issues discovered.

From there Junell believes that management should determine if further investigation is warranted. If further investigation is decided upon by management, then Junell considers that “this is where objective shifts and one of the forensic accountant’s strongest skills comes in: an investigative mind that drives him or her to answer questions about what occurred, when and how it happened, and who was involved.” She expects that, at times, a forensic accountant will be required to gather facts about why an event may have occurred so that they look for answers to such questions or for other red flags in the evidence.

One of the discussions that I found interesting in her article was how a compliance practitioner might use a forensic accountant. On the initial level, a decision should be made about whether a forensic accountant should be retained as an outside consultant or hired as an employee. Junell articulates that if such professional is brought in as an employee, the position should sit in the legal department rather than the company’s internal audit department. She recognizes that in the past, many companies have used existing internal auditors to do forensic accounting work as a way to reduce costs and because the perceived similarities in the skill set and work product. She believes that this view is becoming outdated and that more companies are placing the forensic accountant position into the legal and compliance department because of the legal implications surrounding the work. Further, by placing the forensic accountant in the compliance department, it allows the maintenance of an objective approach to any assignment, since, as Junell believes, “he or she will not be governed by management or influenced by potential biases within” a company.

Lastly is the issue of privilege. If a forensic accountant is assigned to the internal audit group, you can kiss away even the chance of claiming privilege. Junell argues that by assigning the forensic accountant to the legal and compliance department one might have “more privilege protection than assigning him or her to internal audit or another department.”

I found Junell’s article to have some interesting points about how a compliance practitioner and compliance department can use a forensic accountant to help create a best practices program. It might be something that you would like to consider for your compliance regime. The lesson from Three Mile Island is not that it just might keep you from having a compliance meltdown but that since that time, think about the number of nuclear plants which have been built.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Amway’s Lessons in China: How to Weather the Compliance Storm

One of the questions often presented to the compliance practitioner is what to do in a foreign culture to make your program relevant and, more importantly, followed. Even if you have a well-established compliance program in other areas of the globe, moving into new or different regions can present new and different challenges. For instance, if your company has never done business in the Far East or in China, many of the cultural differences in those regions can present challenges for the implementation of a Foreign Corrupt Practices Act (FCPA) compliance program. I thought about those challenges when I read a recent article in the Harvard Business Review (HBR), entitled “Amway’s President on Reinventing the Business to Succeed in China”, by Doug DeVos, President and co-Chief Executive Officer (CEO) of Amway.

For those of you who do not know, Amway has a long running successful sales model based on door-to-door sales by independent salespersons; this direct sales model has been used by the company since the 1960s. Amway entered the Chinese market in 1995 but found that it was locked out of the market in 1998, when the Chinese government outlawed the direct sales model for Western companies. The Chinese government made this change because it believed that some direct sales models were simply scam artists, taking advantage of the Chinese peoples’ desire for all things Western. This would have appeared to sound the death knell for Amway in China as the company had never built or operated out of fixed retail outlets. The story of how Amway overcame this change in Chinese law and eventually prospered financially has some interesting insights for the compliance practitioners.

Lesson One: Understand the Market, Economics, Politics and People

Amway did not believe that the Chinese government would withdraw its legal permission to engage in direct sales. It viewed the Chinese actions as an extreme over-reaction to a relatively small problem. Further, the company believed it had shown its commitment to the Chinese market both to the Chinese people and the government. But the key in the company’s understanding came in its response in losing its license.

Senior management in the US were counseled by the head of Amway China to stay the course when she advised the company “not to lose sight of the opportunity” which presented itself to the company in China. Amway should work with the Chinese government to “create good direct selling legislation”. Relying on an old Chinese proverb (are there any new Chinese proverbs?) “If you are patient in a moment of anger, you will escape a hundred days of sorrows” the company did the spade work with the Chinese government and with its local senior management to enact reforms which set the stage for Amway’s growth in China.

Compliance Lesson: Key your eye on the compliance ball.

Lesson Two: Remain True to Your Mission and Purpose

While this concept would seem to be sacrosanct to a compliance practitioner, there may well be lots of factors driving a company’s actions in new markets, particularly when a company’s financial investment is on the line. For Amway, this meant that the company had to ask some hard business questions about itself. The question that the company eventually had to answer dealt with its core value: was it a direct sales organization only or was it a “company providing a business opportunity based on core values of partnership, integrity, and personal responsibility?” Amway decided it was the latter.

Based on this realization of its core values, the company decided not only to work with the Chinese government to create new laws to protect buyers from unscrupulous direct sellers but to do something the company had never done, create physical stores; market to them and set up suppliers to deliver products in a new and different manner. It had to set up a new distributor compensation system to begin to do brand advertising. In short, it had to learn to do business a new way but did so in a manner that it believed was consistent with its core values because once again the long term focus was on the opportunity that the Chinese market presented to the company.

Compliance Lesson: You can engage in a new business model if your core compliance and ethical values are in place.

Lesson Three: Being an Honorable Corporate Citizen

The biggest thing that Amway was able to develop was trust. This had to begin with developing a trusting relationship with the Chinese government so that Amway could prove itself to the government officials with whom it was interacting. But trust has another component; it is that you are in for the long term and you are in China to stay. The company needed to demonstrate that it “would be a long-term honorable corporate citizen in China.”

For their part, Chinese government officials listened to Amway’s ideas about how create a business environment which would benefit both Western companies with direct sales approaches and the Chinese need to protect its citizens from unscrupulous operators. But through this trust relationship, the appropriate government officials began to understand that Amway wanted to “create a mutually beneficial opportunity.” It all paid off for Amway when in late 2005, legislation was passed which allowed Western companies to engage in direct sales in China and Amway received a license in 2006.

Compliance Lesson: Not only do you have to engage in the compliance talk the talk, but you must walk the compliance walk.

Lesson Four: Stay the Course

This lesson involves how important it is to build a business by taking the long term view. The Amway view is that you must take a long term view even if it feels like you are taking a step backward at times. The Amway experience is that you can be humble without being weak. While the rules for doing business may be unique in China, the Amway experience shows that if you keep your eye on the ball for the long-term, you can overcome many substantial obstacles.

It turned out that Amway derived many advantages from their experiences in China. They developed a new and different business model, which there were able to take to other areas in the world. But perhaps the biggest change was that Amway admitted it had to change the way it had done business for over 40 years and that this change could be accomplished. But the company did so by focusing on what it needed to do to accomplish what it wanted to do.

Compliance Lesson: Your compliance program is a core part of any successful international business and integration of it into your overall business planning will pay off by making your company a better business at the end of the day.

While the Amway experience in China relates to sales, the concepts that the company used and were articulated in the HBR article provide some interesting lessons for the compliance practitioner. If you move your compliance program into a new region, listen to your local folks, take the long view and stay true to your core compliance principles. If you do this, you may well be able to install a compliance program that not only works for you but in the new territory that you are opening it into.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

McNulty’s Maxim No. 3 and Response to Allegations of Bribery

In a Wall Street Journal (WSJ) article by Chris Matthews, Joe Palazzolo and Shira Ovide, entitled “U.S. Probes Microsoft Bribery Allegations”, they reported that the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) were investigating “kickback allegations made by a former Microsoft representative in China, as well as the company’s relationship with certain resellers and consultants in Romania and Italy”. A whistleblower alleged that an executive of Microsoft’s China subsidiary had told the whistleblower “to offer kickbacks to Chinese officials in return for signing off on software contracts”. Additionally, they reported that “investigators are also reviewing whether Microsoft had a role in allegations that resellers offered bribes to secure software deals with Romania’s Ministry of Communications”.

Interestingly, as reported by Chris Matthews in a WSJ post in Corruption Currents, entitled “Microsoft Responds to FCPA Allegations”, Microsoft publicly responded to the reports. Matthews reported that Deputy General Counsel (GC) John Frank wrote in a blog post “As our company has grown and expanded around the world, one of the things that has been constant has been our commitment to the highest legal and ethical standards wherever we do business”. Frank also said that “The matters raised in the Wall Street Journal are important, and it is appropriate that both Microsoft and the government review them.”

Commenting on this situation with Microsoft, Alexandra Wrage, President of Trace International, wrote an article on Forbes.com, entitled “Microsoft And The Rising Federal Scrutiny Of Bribery”, where she said, “All of this should not be discouraging to companies worried about complying with anti-bribery laws. Strong compliance programs, even those that fail to prevent all forms of bribery, do provide protection from liability. “[A] company’s failure to prevent every single violation does not necessarily mean that a particular company’s compliance program was not generally effective,” write the DOJ and SEC in their recently published Resource Guide to the FCPA. “[The] DOJ and SEC…do not hold companies to a standard of perfection,” the Guide continues. This may not be enough to guarantee corporate compliance officers a full night’s rest, but it should provide some comfort.”

Wrage also noted that the Microsoft investigation underscores that fact that with any company that does business internationally you cannot watch all the people, or indeed all the third parties, all the time and that violations of anti-corruption laws such as the FCPA or anti-bribery laws, such as the UK Bribery Act, are a constant risk in worldwide business operations. She believes that Microsoft, by all accounts, would appear a robust anti-bribery compliance program. She understands that Microsoft’s Standards of  Business Conduct intones a strict policy against bribes, quoting it for the following:

“Microsoft prohibits corruption of government officials and the payments of bribes or kickbacks of any kind, whether in dealings with public officials or individuals in the private sector. Microsoft is committed to observing the standards of conduct set forth in the United States Foreign Corrupt Practices Act and the applicable anti-corruption and anti-money laundering laws of the countries in which we operate.”

The company also requires all outside vendors to read and comply with the Microsoft Vendor Code of Conduct, which also prohibits incentives such as kickbacks or bribes.

But, as she says, for a large multinational like Microsoft, which has offices in more than 100 countries, it does not always mean that thousands of business partners all across the globe will be compliant all of the time. Indeed, as admitted by Microsoft Deputy GC Frank in his blog post, “In a company of our size, allegations of this nature will be made from time to time. It is also possible there will sometimes be individual employees or business partners who violate our policies and break the law. In a community of 98,000 people and 640,000 partners, it isn’t possible to say there will never be wrongdoing.”

I think the final quote from Frank above, points to the specific usefulness of the Guidance, which states, “In the end, if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately.” These three clauses point to Paul McNulty’s three maxims but the Microsoft response points to McNulty Maxim No. 3, “What did you do about it?

I have asked Paul what he meant by this which he broke down into two parts. The first part is did you investigate it thoroughly and did you remediate those factors which led to the underlying issue? As reported by Matthews, Palazzolo and Ovide “The allegations in China were also the subject of a 10-month internal investigation that Microsoft concluded in 2010, according to people briefed on the internal investigation. The probe, conducted by an outside law firm, found no evidence of wrongdoing, these people said.” As noted above, DOJ and SEC lawyers are now looking at these allegations, as well as those issues in Romania and Italy.

The second part is what remediation did you do? At this point it is not clear what remediation, if any, will be appropriate so we may have to leave that prong open at this time. However, there is one other matter brought up by the Guidance that is certainly raised in the context of this Microsoft matter that should be looked at. It is government involvement. One of the nine factors listed in the US Sentencing Guidelines state, “the corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents”. Further, the Guidance makes clear throughout that a company benefits from self-disclosing and cooperating with the government. While it is not clear if Microsoft self-disclosed anything back in 2010 when it conducted its internal investigation, it does appear that it is cooperating with the DOJ and SEC at this time.

While several commentators have pointed to this Microsoft matter as an example of how difficult it might be to do business in full compliance with the US Foreign Corrupt Practices Act (FCPA) all the time, I draw a different lesson from this matter. I believe that an aggressive approach to McNulty Maxim No. 3 shows that it is not about how hard it is to do business internationally, or that the FCPA is too difficult to follow; but it is the strength of your compliance program and your response to allegations which should be the determinative factor for compliance. I think McNulty’s advice was good when I initially heard and I think it is good now. Moreover, it is a part of the FCPA Guidance which shows it is not just how McNulty might think through these issues but how the DOJ and SEC do so as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Don’t Spread Your Compliance Program Too Thin

“You do not want to be spread too thin”. When I heard that phrase a light bulb went off inside my head. It was uttered to me by Jan Farley, the Chief Compliance Officer (CCO) of Dresser-Rand. I asked Jan what he meant by the phrase and he explained that you cannot stretch your compliance program so thin that you try and cover everything; so that you miss the larger Foreign Corrupt Practices Act (FCPA) or UK Bribery Act risks that your company faces. I thought about Jan’s phrase in the context of the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance. I have written that under the FCPA Guidance companies should have carefully designed and well thought out compliance programs.

If your company’s sales model is to use third parties, that is probably your highest risk, then prioritize your time and compliance budget on managing that risk, initially before you move on to other compliance risks. Conversely, if your sales model is to use employees, then put your time and effort into managing that risk, through training and monitoring employees regarding their interactions with foreign officials. Do not spend your time, budget and energy on managing the risk of low to no-risk parties and issues. There is no substitute for carefully thinking through your company’s risk profile.

Jan is one of several current CCOs in Houston who began their compliance department careers at Baker Hughes working for Jay Martin. Prior to joining Dresser-Rand, he was the Senior Ethics and Compliance Counsel – Eastern Hemisphere for Baker Hughes stationed in London, England. During Jan’s tenure at Baker Hughes it paid the then largest fine ever for FCPA violations ($44MM in 2007).  Baker Hughes was under a very robust Deferred Prosecution Agreement (DPA) and a Corporate Monitor and expended a significant amount of time, money and effort on its compliance program. This experience gave Jan an in-depth view of the issues in implementing and working with a FCPA compliance program in the corporate setting.

Jan’s comments also echo something that I believe is clear from the Guidance: Don’t focus on the small stuff. Indeed the Guidance states, “Thus, it is difficult to envision any scenario in which the provision of cups of coffee, taxi fare, or company promotional items of nominal value would ever evidence corrupt intent, and neither DOJ nor SEC has ever pursued an investigation on the basis of such conduct.” In other words, do not waste your compliance time, resource or energy around these small issues. However, if these small issues are a part of a larger systemic or long standing course of conduct that violates the FCPA, then the DOJ may well look into these issues. You will want to show the DOJ you are focusing on the “big stuff”.

The Guidance also makes clear that each company should assess its risks and manage its risks. The Guidance specifically notes that small and medium-size enterprises likely will have different risk profiles and therefore different attendant compliance programs than large multi-national corporations. Moreover, this is something that the DOJ and SEC take into account when evaluating a company’s compliance program in any FCPA investigation. This is why a “Check-the-Box” approach is not only disfavored by the DOJ, but, at the end of the day, it is also ineffectual. It is because each compliance program should be tailored to the enterprise’s own specific needs, risks, and challenges.

In addition to being one of the many experienced compliance practitioners in Houston, Jan also speaks at various compliance conferences and events. He is doing so at the upcoming Hanson Wade Oil & Gas Supply Chain Conference in Houston from April 29 to May 2. Jan was recently interviewed in connection with the event.

Over the last year what changes have you seen with regard to FCPA implementation and enforcement action by the government?

Over the last year I haven’t seen any really big changes, but a steady course of enforcement of the laws and regulations. Of course, one of the big stories is the allegations against Wal-Mart out of Mexico. From that you can see how an issue raised in one country can call into question the potential for issues in other countries, and so you have a kind of knock-on effect and an expanded search for issues elsewhere.

Another big item this past year was the Department of Justice and SEC guidance issued in November. It is a very good consolidation of the information and views that have developed over the course of time. I think it is very beneficial to have and you should read and study it if you work in compliance.

A lot of people are also talking about the Department of Justice declination against pursuing any criminal penalties against Morgan Stanley. The DOJ acknowledged what a good anti-corruption program that Morgan Stanley had in place. I think that was the first time that had been specifically mentioned as a factor for declining to prosecute.

How has recent enforcement action and regulatory focus highlighted the need for an effective compliance program?

The enforcement actions over the last five or six years has been pretty steady. I think it’s clear that it’s not something that’s going to decrease any time soon. There is a steady focus in pursuing enforcement actions because the government is obtaining a lot of money from it and so that enables them to have the resources to keep pursuing these actions. So it will continue to be extremely important to have an effective compliance program.

What are the main challenges you face when it comes to remaining compliant?

I think giving the proper training and education to your employees and business partners regarding the importance of compliance with anti-corruption laws, and communicating the program to a diverse workforce across the world, whilst keeping the message fresh is a major challenge. In order to meet this challenge you’ve got to work to make the policies as simple and straightforward as they can be. Importantly, you want to be able to communicate those policies in the local language to be sure that they’re understood by your employees and business partners.

Also, it’s very important to have proper internal controls. You want to make sure that you’re closely reading your internal audit reports that your company is getting in the various countries. You can look to see what implications the reports have for your compliance program. And you want to make sure that internal audit is auditing for potential compliance issues.

I found Jan’s thoughts on don’t spread your compliance program too thin to be an excellent insight into how to assess and then manage the compliance risks that your company faces. His ideas echo the FCPA Guidance and put into words one of the very strong messages that is made clear throughout the Guidance. Take a look at your company’s risks and do not scatter your compliance resources everywhere or too thinly.

============================================================================================

For full details on the Hanson Wade 3rd Annual Oil & Gas Supply Chain Conference, click here. Readers of this blog are entitled to a discount on the registration charge. So use the code FOXLAW13 when registering.

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Money, Money, Money

I tried. I really tried. I tried not to rant about the Houston Astros during Spring Training, because as they say ‘hope springs eternal’ as all teams are tied at this point in the season (0-0). So when the Astros announced they were considering moving their Triple-A affiliate from Oklahoma City to The Woodlands, a town just north of Houston, I did not write a post which complained that such a move would bring competition to an already existing Triple-A team in Houston, the aforementioned Houston Astros.

The Astros owner Jim Crane was interviewed by Brian Costa for a Wall Street Journal (WSJ) article, entitled “Houston School of Economics”, which Costa ended with the following quotes from Crane, “I didn’t make $100 million by making a lot of dumb mistakes,” and “We’re not going to get everything right, but we’re going to get a lot right”; I did not write asking what part they were going to “get a lot right” about this year.

Crane had another interesting quote in the WSJ piece, “It doesn’t bother me that people want us to spend more money,” Crane said. “But it’s not their money. This is a private company, even though it’s got a public flair to it. If they want to write a check for 10 million bucks, they can give me a call.” How about that for dedication to your fan base, “a public flair to it”; I did not write an article asking that maybe the fact that the Astros play in a publicly funded stadium might have something to do with it.

But this week, Peter Gammons, one of the most respected baseball writers around tweeted his thoughts on the Astros; I could not take it anymore. Gammons tweeted the following three tweets:

Tweet 1: If I’m an ALE or ALC owner, Houston’s plan to have no payroll, lose, get the 1-2 pick 4 years in a row and still steal revenue-sharing $

Tweet 2: –may guarantee 3 teams in the AL West win 90 games and make the playoffs, and spit on the integrity of the sport. Fellow big market teams who

Tweet 3: have payrolls under $40M should 1.not get revenue-sharing and 2. be out of the protected pick business. Rewarding trying to lose is wrong.

Chip Bailey writing in the Blogsite Ultimate Astros, in a piece entitled “For $10 million, you can get your two cents in with Astros”, had the following observation, “that kind of comment will only stir the pot further with conspiracy theories about the possible back-room deal to lower the sale price and move the team to the American League. It will only confirm to some that Crane is in it for the money. And it will undoubtedly support the idea that Crane will continue to strip the organization, never spend money and be content with a Royals or Pirates approach. I can hear the comments before they’re written and almost predict the adjectives, adverbs and other unprintable words. The fact that the Astros will have a historically low payroll while doubling their TV revenues over 2013 will only stoke the volatile fires further.”

So I guess that with his $25MM payroll and his $80MM from the Astros television network contract, Brother Crane sure will not be losing any money. What about the fans? Well, we may see a team finally break the 1962 Mets record for ultimate futility by losing more that the Mets record of 120 losses in a season. Do not think that the Astros are penny pinching just on the team, as the service inside the stadium rivals that of their overall payroll. From the first game of the 2012 season when I bought two hot dogs and the hot dog buns had clearly been left over from the 2011 season; to the last game where the first two hamburgers my wife bought were inedible (she finally gave up and bought chicken tenders); the service at Minute Maid Park rivaled a team which had two consecutive 100 loss seasons.

What do we fans get out of this great deal? Apparently for $10MM we could get some input. Beyond that we do get to see the New York Yankees, Boston Red Sox, Texas Rangers and other winning teams that are willing to spend money. Of course with Albert Pujols playing for our new division rival, the Anaheim Angels, perhaps we can see him send some more towering home runs out of the park,. Finally, we will get to see the best AAA roster the Astros can muster. Of course one thing we will NOT see are ticket prices commensurate with the quality of the products on the field and in the stadium.

So the compliance angle here? I once worked for a company which was under a Deferred Prosecution Agreement (DPA) for its prior Foreign Corrupt Practices Act (FCPA) violations. The DPA was quite robust and one of the things the company decided was that if a vendor or customer had engaged in conduct which violated the FCPA and had not remediated the situation; my company did not want to engage in business with them. My company only wanted to do business with other ethical companies. While most folks think that as long as the color of your money is green (or color appropriate for your jurisdiction) they will do business with you and your company. But not my employer; in other words, reputation can matter in the business world, around bribery and corruption.

So what does this mean for the reputation of the Astros? The Vegas betting line for the over/under in Astros losses this year is 115 and if I were a betting man, I would certainly take the over.

———————————————————————————————————————————————————————-

Ed. Note-The original post identified The Woodlands as a town within the incorporated limits of Houston. It is a town just north of Houston.

———————————————————————————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

What To Do If Your Gut Says It’s Wrong: Lessons from Project Alpha

I often write about what can happen to companies who run afoul of the Foreign Corrupt Practices Act (FCPA). Usually enforcement actions focus on companies and not individuals. However, as is often pointed out by commentators other than Mitt Romney, corporations are not humans but consist of people. It is individuals who engage in conduct that violates the FCPA, just as it is individuals who engage in conduct which violates other US securities laws.

I was reminded of this in an article by Loren Steffy, of the Houston Chronicle, entitled “She offers cautionary tale for corporate employees”. In this article Steffy writes about Helen Sharkey, who worked for Dynegy Inc, a Houston company which was involved in energy trading and gas transportation. Sharkey was an accountant who worked on an assignment known as Project Alpha, which Steffy wrote was “a $300 million scheme that inflated Dynegy’s cash flow.”

In an interview with Steffy she told him that she was the lowest of seven employees assigned to the project. According to the Securities and Exchange Commission (SEC) Sharkey and others disregarded the company’s external auditor’s advice that certain forms of risk-hedging involving derivative instruments, such as commodity price swaps and interest rate swaps, would defeat Dynegy’s goal of accounting for Alpha as an ordinary operating contract and require recording it as a financing. As reported by Steffy, “If the banks didn’t have risk, it meant the deal was a loan and required different accounting treatment.”

While the Enron Corporation is the poster child for corporate fraud in Houston, three Dynegy employees went to jail over Project Alpha: Sharkey; Gene Foster, who was Dynegy’s Vice President of Taxation during the relevant period; and Jamie Olis, who was Dynegy’s Senior Director, Tax Planning and International. Foster received a sentence of 15 months in jail. Olis, who went to trial, received a whopping sentence of 24 years by the trial judge, although this was later reduced to six years.

What did Sharkey think about the deal at the time? As quoted by Steffy, “Did I feel in my gut that it was wrong? Absolutely. Did I think it was illegal? No way.” Unfortunately Sharkey did not apparently have a mechanism that she could use to raise this concern that was in her gut.

What are some of the lessons that current compliance practitioners can draw from Sharkey, Dynegy and Project Alpha?

Hotlines

One of the results from the actions that companies like Dynegy, Enron and others was the passage of Sarbanes-Oxley (SOX). SOX required publicly traded companies to set up anonymous hotlines to allow employees to report company wrong-doing. This is enshrined in the FCPA world as one of the Ten Hallmarks of an Effective Compliance Program as set out in the Department of Justice (DOJ)/ SEC FCPA Guidance. Under the section entitled “Confidential Reporting and Internal Investigation”, it states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation. Companies may employ, for example, anonymous hotlines or ombudsmen.”

Generally, employees tend to trust hotlines maintained by third parties more than they do internally maintained systems. By submitting reports through an external hotline there is a perceived extra layer of anonymity and impartiality compared to a system developed in-house. This is because there can be a fear of retaliation by employees. This fear can destroy the effectiveness of the internal reporting process and poison the corporate culture. The hotline must be seen to offer the highest levels of protection and anonymity. To encourage employee participation, the hotline should allow them to bring their concerns directly to someone outside their immediate chain of command or workplace environment – especially when the complaint concerns an immediate superior. A third party provider is also more likely to bring specialist expertise that’s difficult to match within the organization.

Failure to Escalate

In almost every circumstance where a significant FCPA compliance violation has arisen, if the issue had been reported or at least sent up the chain for consideration, there is a good chance that the incident would not have exploded into a full FCPA compliance violation. Matthew King, Group Head of Internal Audit at HSBC, calls this concept “escalation” and he believes that one of the more key features of any successful compliance program is to escalate compliance concerns up the chain for consideration and/or resolution.

This means that in almost every circumstance regarding a compliance issue he had been involved with, at some point a situation arose where an employee did not report a situation or event up to an appropriate level for additional review. This failure to escalate leads to the issue not reaching the right people in the company for review/action/resolution and the issue later becomes more difficult and more expensive to deal with in the company. A company needs to have a culture in place to not only allow escalation but to actively encourage escalation. This requires that both a structure and process for this must exist. Then the company must train, train and train all of its employees. Lastly, while a whistleblower process or hotlines are necessary these should not be viewed as the only systems which allow an employee to escalate a concern.

The starkest example of which I am aware of this failure to escalate in the FCPA arena is the Hewlett-Packard (HP) matter involving its German subsidiary and allegation of bribery to receive a contract for the sale of hardware into Russia. The Wall Street Journal (WSJ) has reported that at least one witness has said that the transactions in question were internally approved by HP through its then existing, contract approval process. That witness, Dieter Brunner, a contract employee who was working as an accountant on the group that approved the transaction, said in an interview that he was surprised when, as a temporary employee of HP, he first saw an invoice from an agent in 2004. “It didn’t make sense,” because there was no apparent reason for HP to pay such big sums to accounts controlled by small-businesses, Mr. Brunner said. He then proceeded to say he processed the transactions anyway because he was the most junior employee handling the file, “I assumed the deal was OK, because senior officials also signed off on the paperwork”.

Training

Why is training of employees regarding a hotline and the ability to escalate important in the context of an anti-corruption/anti-bribery compliance program? Training is recognized as one of the points in the Ten Hallmarks of an Effective Compliance Program and one of the elements under the US Sentencing Guideline’s Seven Elements of an Effective Compliance Program. It is also recognized in Principle 5 of the Six Principles of an Adequate Procedures compliance program as set out by the UK Ministry of Justice (MOJ). Lastly, it is recognized by the OECD in its 13 Good Practices for Internal Controls, Ethics and Compliance.

In the case of HP, think what position the company might be in today if Brunner had been trained on the company’s system for internally reporting compliance issues? If Brunner had escalated his concern that the payment to the agent “didn’t make sense” perhaps HP would not have been under investigation by governmental authorities in Germany and Russia. In the United States, both the DOJ and SEC have announced they are investigating the transaction, for potential FCPA violations. Further, HP is now investigating other international operations to ascertain if other commissions paid involved similar allegations of bribery and corruption as those in this German subsidiary’s transaction.

Dénouement

Steffy penultimate paragraph states, “her story lends insight into one of the most enduring questions that linger from a decade ago – how corrupt corporate cultures encouraged so many who considered themselves law-abiding citizens, to commit crimes, often without realizing it.” One of the things that I emphasize in training to employees is that if their guts turns in knots, the hair on the back of their neck stands up or if something doesn’t smell right, just raise your hand. You don’t have to know the ins and outs of the FCPA, but if something does not feel right, raise your hand and get the matter to someone who does know the ins and outs of the FCPA and who can thoroughly investigate the issue that you do not feel right about. If you do not do so, you may end up like Sharkey and, as Steffy writes as the final sentence of his piece, “The one time she wavered became a mistake she’ll regret the rest of her life.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

The Death of Pennoyer v. Neff and the Requirements for Minimum Contacts under the FCPA

The bane of every first year law student, at least in Civil Procedure, is Pennoyer v. Neff. This is because (1) it is usually studied very early in the semester; (2) is viewed as the first true introduction to how strikingly convoluted legal issues can be; and (3) has the most turgid legal writing from the 19^th century imaginable to attempt to read and understand. Fortunately for all of us, in a case called International Shoe v. Washington, the US Supreme Court overturned Pennoyer and held that if a person is not present with in the forum, then he (or she) must have such minimum contacts with the forum that the maintenance of the action must not offend traditional notions of fair play and substantial justice. Courts have named these two tests (1) the minimum contact analysis and (2) the reasonableness inquiry. Last month there were two cases involving the Foreign Corrupt Practices Act (FCPA), which discussed just how far enforcement of the FCPA can go, using the minimum contacts and reasonableness tests.

The first case was SEC v. Schraub, where the Securities and Exchange Commission (SEC) brought an enforcement action against three executives of Magyar Telekom, Plc. As set out in an article in the D&O Diary, entitled “Foreign-Domiciled Individuals and the FCPA’s Reach”, this case followed on after the Magyar Telekom FCPA enforcement action. It involved an enforcement proceeding against three Magyar executives. The SEC alleged that the three authorized payments to an intermediary, knowing the payments would be forwarded to government officials. The SEC also alleged that the individuals made false statements to the company’s auditors by signing representations that the company’s books and records were accurate. All three executives are Hungarian citizens and residents. The three moved to dismiss the SEC’s complaint, arguing that the US lacked personal jurisdiction over them. This case was before Judge Richard Sullivan.

The second case was SEC v. Sharef, a case following out the Siemens FCPA matter. In this case the SEC filed an enforcement action against several Siemens executives in connection with alleged bribery activities in Argentina. One of the defendants, Herbert Steffen, moved to dismiss contending that the court lacked personal jurisdiction over him. Steffen, a German citizen, had been Chief Executive Officer (CEO) of Siemens Argentina twice before his retirement in 2003. This case was before Judge Shira Scheindlin, the same judge who presided over the Frederick Bourke case.

The cases came to different results based upon different underlying facts. But the key to remember is the International Shoe test, minimum contacts and reasonableness.

I.                   Straub

1. Minimum Contacts

As cited by the FCPA Professor in his post, entitled “Motion To Dismiss Denied In Former Magyar Telekom Exec’s Case”, Judge Sullivan said:

“[T]he Defendants here allegedly engaged in conduct that was designed to violate United States securities regulations and was thus necessarily directed toward the United States, even if not principally directed there.  […] [D]uring and before the time of the alleged violations, both Magyar’s and Deutsche Telekom’s securities were publicly traded through ADRs listed on the NYSE and were registered with the SEC […] Because these companies made regular quarterly and annual consolidated filings during that time, Defendants knew or had reason to know that any false or misleading financial reports would be given to prospective American purchasers of those securities.”

Therefore, it is not only that Magyar traded securities through ADRs listed on the NYSE that satisfies the minimum contacts standard but also that Defendants allegedly engaged in a cover-up through their statements to Magyar’s auditors knowing that the company traded ADRs on an American exchange, and that prospective purchasers would likely be influenced by any false financial statements and filings. The court thus has little trouble inferring from the SEC’s detailed allegations that, even if Defendants’ alleged primary intent was not to cause a tangible injury in the United States, it was nonetheless their intent, which is sufficient to confer jurisdiction.

2.     Reasonableness

Judge Sullivan stated that while it might not be convenient for Defendants to defend this action in the United States, Defendants have not made a particular showing that the burden on them would be “severe” or “gravely difficult.” The SEC noted that there was no alternative forum available for the US government and this required that the US bring a FCPA action against Defendants in federal courts in the US or the  Defendants could potentially evade liability altogether. Additionally, because this case was brought under federal law, the judicial system has a strong federal interest in resolving this issue here. The Court found that the exercise of personal jurisdiction over Defendants was “not unreasonable.”

II.                Sharef

1. Minimum Contacts

In a post, entitled ““Far Too Attenuated” – Judge Grants Herbert Steffen’s Motion To Dismiss In SEC FCPA Enforcement Action”, the FCPA Professor cited to Judge Scheindlin regarding this prong of the jurisdictional test. Judge Scheindlin said that the defendants must have “followed a course of conduct directed at … the jurisdiction of a given sovereign, so that the sovereign has the power to subject the defendant to judgment concerning the conduct.  The effects in the United States must ‘occur as a direct and foreseeable result of the conduct outside the territory’ and defendant ‘must know, or have good reason to know, that his conduct will have effects in the [forum] seeking to assert jurisdiction over him.”

The SEC allegations against Steffen were premised on Steffen’s role in encouraging another defendant to authorize bribes to Argentine officials that ultimately resulted in falsified filings. Thereafter his only actions were “limited to participation in a phone call initiated by Sharef from the United States in connection with the bribery scheme, and that in the first half of 2003, defendants including Steffen ‘urged Sharef to meet the demands [of Argentine officials] and make the additional payments.’”

She found that Steffen’s actions were “far too attenuated from the resulting harm to establish minimum contacts. Steffen was brought into the alleged scheme based solely on his connections with Argentine officials.” There was no allegation Steffen authorized the bribes nor was there any allegation that he directed, ordered or even had awareness of the cover ups that occurred at SBS much less that he had any involvement in the falsification of SEC filings in furtherance of those cover ups.

The FCPA Professor quoted Judge Scheindlin for the following “If this Court were to hold that Steffen’s support for the bribery scheme satisfied the minimum contacts analysis, even though he neither authorized the bribe, nor directed the cover up, much less played any role in the falsified filings, minimum contacts would be boundless. Illegal corporate action almost always requires cover ups, which to be successful must be reflected in financial statements. Thus, under the SEC’s theory, every participant in illegal action taken by a foreign company subject to U.S. securities laws would be subject to the jurisdiction of U.S. courts no matter how attenuated their connection with the falsified financial statements. This would be akin to a tort-like foreseeability requirement, which has long been held to be insufficient. The allegations against Steffen fall far short of the requirement that he ‘follow a course of conduct directed … the jurisdiction of a given sovereign, so that the sovereign has the power to subject the defendant to judgment concerning that conduct. Absent any alleged role in the cover ups themselves, let alone any role in preparing false financial statements the exercise of jurisdiction here exceeds the limits of due process, as articulated by the Supreme Court and the Second Circuit.’”

1. Reasonableness

Judge Scheindlin took a different tact on the reasonableness prong. She found that Steffen’s lack of geographic ties to the US, his age, his poor proficiency in English, and the forum’s diminished interest in adjudicating the matter, all weigh against personal jurisdiction. This would place a heavy burden on this seventy-four year old defendant to journey to the US to defend against this suit. As the SEC and the Department of Justice (DOJ) have already obtained comprehensive remedies against Siemens and Germany has resolved an action against Steffen individually, she believed that the “SEC’s interest in ensuring that this type of conduct does not go unpublished will not be furthered by continuing the suit against Steffen, in light of his age, the burden to defend this suit, and the previous adjudications.”

III.             Jurisdictional Box Score

Case	SEC v. Straub, et al	SEC v. Sharef, et al
Defendants	Elek Straub, Andras Balogh and Tamas Morvai	Herbert Steffens
Judge	Richard Sullivan	Shira Schendlin
Underlying FCPA Case	Magyar Telekom, Plc	Siemens AG
Analysis – Minimum Contacts	Made false statements to company auditors. Knowing that company securities traded on American exchange Prospective purchasers would likely be influenced by false financial filings.	No evidence proffered defendant had directed, ordered or had awareness of bribes. No evidence that he was involved in falsification of financial records
Analysis – Reasonableness	SEC could not seek redress outside US US government has strong interest in hearing matter	Defendant had lack of geographic ties to US Age of Steffens – 76 Country of his domicile has resolved action against him individually

These two cases are very fact specific. However, they also set some clear parameters as to whether and how a FCPA enforcement action can be brought against individual foreign defendants. The difference between the two cases would appear to be affirmative actions by the three Magyar Telekom employees in providing false information in the reporting of financial information which is made public to companies listed in the US. This may well set a bar to future actions against foreign nationals under the FCPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Interview with the Founder-Maurice Gilbert of Conselium and Corporate Compliance Insights

1.         Where did you grow up and what were your interests as a youngster?

I grew up in Detroit, Michigan, and my interests as a youth centered on playing competitive tennis. My dream was to make it on the Pro tour.  My other interest was listening to Motown music:  Marvin Gay, Supremes, Temptations, etc.

2.         Where did you go to college and what experiences there led to your current profession?

I went to Eastern Michigan University; I studied sociology and general business. I also played on the tennis team.  On summer breaks I taught tennis at camps and tennis clubs.  What eventually lead me to the executive search business were primarily two things: first, my knowledge of business, having spent 20 years in corporate America with the likes of GE, and second, my desire to coach and mentor professionals with their career. I remembered how gratifying it was teaching tennis and helping with a person’s development.  In short, I took my passion for coaching and applied it in the business setting I became familiar with.

3.         Can you explain the philosophy of Conselium and what do you believe makes it stand out from similar firms?

When our clients engage us they usually are already experiencing exposure to risk by not having the appropriate hire on board.   That means there’s a level of urgency about filling a position. For us, exceptional customer service means putting our client first and responding to that urgency.  We work weekends, holidays — whatever it takes to meet or exceed expectations.

Another unique factor that contributes to our success is that we have developed our brand by specializing in a very narrow niche: our focus is placing Compliance Officers and Legal Counsel in highly regulated environments. The narrower your focus, the more you set yourself up as subject matter experts. We have even developed our brand on a global footprint due to our specialization.  I recommend anyone interested in the subject of branding read “The 22 Immutable Laws of Branding” by Al Ries.

The third thing I think that makes our search firm unique is the development of Corporate Compliance Insights. Having this online publication has afforded us an opportunity to expand the network of the search business while developing relationships with Compliance and Legal professionals throughout the world. CCI gives compliance experts a place to come together every day to share ideas and opinions.  It keeps all of us on top of the issues that are important in this niche, and it gives Conselium access to the best and the brightest.

4.         What led you to start Corporate Compliance Insights and what do you hope to bring to the compliance community through this resource?

We decided to develop the publication because we met several GRC professionals like you with a wealth of information who needed a platform to share ideas and showcase their knowledge.  CCI has really exceeded our expectations, which for us reinforces that there was a void in this space.  As we look to the future, we see CCI as a leader in providing rich content for useful/practical solutions to fellow GRC practitioners, an aggregator of GRC events and an aggregator of GRC jobs.  We also have a vision of building a CCI community that facilitates greater interaction among our readers, because we sense there’s a desire in the compliance community to have regular, meaningful dialogue about issues and best practices.

5.         With your dual roles at Conselium and CCI, where do you see the compliance field going in 2013 and beyond?

The compliance field is still in the “toddler” stage, and there is still much to be done.  I am a real proponent of education; specifically the Compliance Officers have to educate management about the benefits of having a robust ethical & compliant (E & C) environment.  There is information available that having a robust E & C actually contributes to the bottom line.   Think about it: a solid program attracts employees, vendors, investors, customers, etc.  It’s just good for business.  We must do a better job at educating so that more compliance officers have a seat at the “C” suite.  Having a Compliance Officer report to the General Counsel or other management executive and not directly to the Board has the potential for significant conflicts of interest.

So what I am saying is there is significant opportunity to grow our profession provided we are vigilant in educating those around us.   Speaking of education, there are some universities that provide some undergrad courses on ethics/compliance.  We at CCI have developed a relationship with the HAAS School at UC Berkeley in helping their visibility with an Executive Ethics & Compliance Program.  It is the hope of the HAAS program to get sufficient interest to create a graduate program in Ethics & Compliance.   We do need a feeder system from our universities much the way we have law schools and other graduate programs that provide young professionals with the basics before entering the workforce.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

An Oscar Winner for Compliance

Ben Affleck has certainly had his share of ups and downs in his professional career. He shared an Oscar for Best Original Screenplay for Good Will Hunting with his fellow Bostonian buddy Matt Damon at age 25. Thereafter things were not always at that same height for him professionally. He had a very public affair and engagement to Jennifer Lopez, in which there were jointly knows as ‘Bennifer’ which ended when the engagement was broken off. He appeared in some movies that, how can one best put it, were somewhat less than Oscar worthy, Gigli and Surviving Christmas come to mind. But once again proving that F. Scott Fitzgerald’s adage that “There are no second acts in American lives” is not, and perhaps never was, true Affleck was awarded this year’s Oscar award for Best Picture for his work as the Director on Argo.

In a recent article in the Houston Business Journal (HBJ), entitled “Business lessons from an Academy Award winner”, Harvey Mackay wrote about some of the lessons that he drew from Affleck’s professional journey. Affleck’s lessons provide some interesting perspectives for the compliance practitioner. When accepting the Oscar, Affleck said “I never thought I would be back here, but I am because of so many wonderful people who extended themselves to me, who had nothing to benefit from it.” From this statement Mackay drew the lesson of the importance of networking and mentoring. Mackay wrote that “Over the years he has reached out to a lot of people in Hollywood who helped him learn the movie business and advance his career. Members of the Academy were able and willing to help him, even though he wasn’t necessarily in a position to reciprocate.”

As a compliance practitioner, the importance of networking and mentoring cannot be overstated. Not only is it important in assisting to advance your own career but also your professional grown. In my own blogging and social media career I have been fortunate to have several mentors; Dick Cassin, the FCPA Professor and Francine McKenna being three prominent ones. But more than simply having such personal mentors, compliance professionals need to turn to others in our profession for professional guidance and support. Almost everyone I have approached for help, guidance or advice has given it to me freely, without even a hint of any desire for reciprocation.

One of the ways you can do so is to set up an informal compliance roundtable in your city or community. By this I mean an informal group, without dues or fees that can get together and discuss matters of mutual interest. Together with Mike Snyder, of Donovan Watkins, and Dan Chapman we have recently started one here in Houston. Last week I spoke at one such group for compliance professionals in Singapore. But the key to making such a group work is that everything said is off the record and stays within the four walls of the room. In these events, compliance practitioners can ask very detailed, fact specific questions and draw upon a wide variety of sources for guidance. All one really needs is a facilitator to throw out one question and see where it goes from there. So if you do not have such a group in your city, town or community my suggestion would be for you to send an email around and see who might be interested. I think that you will find it can be a great way to network and either find or be a mentor to other compliance practitioners.

The second business lesson that Affleck gave during his Oscar acceptance speech was that “You have to work harder than you think you possibly can.” I was in private practice for 20 years. One of the boneheaded things I always thought was that lawyers went in-house so they would not have to work so much. Boy did I get that wrong. If you work for an international company you know that time zones are basically meaningless. Five PM in China is Five AM in the US. I also heard several in-house lawyers tell me that they went to work for a company for lifestyle reasons. While that may have been true, they found out what I found out, that in-house lawyers work very long and very hard.

In almost every compliance group I have ever known, there are never enough resources. If that is the situation you face, try and find a way to do more with less. There are several other departments in your company which may be able to help in the goal for your company to do business in a manner compliant with your Code of Conduct and the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act. One department which you can work with is Human Resources (HR). HR can also be used to ‘connect the dots’ in many divergent elements in a company’s FCPA compliance and ethics program. The roles include training, employee evaluation and succession planning, hotlines and investigations and background screenings. By asking HR to expand their traditional function to include the FCPA compliance and ethics function, you can move towards a goal of a more complete compliance program, while not significantly increasing costs. Additionally, by asking HR to include these roles, it will drive home the message of compliance to all levels and functions within a company and help to make such behavior will become a part of a company’s DNA.

The third business lesson is one that Affleck closed his Oscar acceptance speech with and as Mackay noted “possibly the most important”. He quoted that Affleck said, “It doesn’t matter how you get knocked down in life because that’s going to happen. All that matters is that you gotta get up.” For the compliance practitioner, I would say this means that even with a robust compliance program in place, you will still have issues arises because there is no compliance which can assure 100% compliance, 100% of the time. Just as Affleck said that “you gotta get up”; in many ways if you do have a compliance issue arise, what matters is how you handle it.

In the context of Paul McNutly’s three maxims regarding any compliance issue; he said there were three questions he would ask when he was Deputy Attorney General. They were: (1) What did you do to prevent it?; (2) What did you find when you looked into it?; and (3) What did you do when you found out about it? But in large part, he focused on Maxim 3. So, in addition to a thorough investigation and reporting, the key is what did your company do to remedy the issue in question? Did you discipline those employees or third parties involved in the conduct at issue? Did you remedy any defect in your compliance program which may have allowed the issue to arise? Did you expand your compliance program to handle future issues? Did you train employees based on the issue or other high risk factors? The point follows Affleck’s last statement, “you gotta up”. How you respond as your company’s compliance representative may well be a significant factor in determining your final result with the Department of Justice (DOJ) or Securities and Exchange Commission (SEC).

Ben Affleck’s Oscar win was certainly a validation for someone who fell from great heights early in his career. While most of us may not scale to such heights early in our career, or perhaps ever, the tools, techniques and work ethic that Affleck used so that he once again could give an Oscar acceptance speech are some of the same tools that you can use as a compliance practitioner for your own career, to better and advance yourself professionally and to help your company through any compliance issues that may arise during your tenure in a compliance group. They are good words for you to think about going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Moving Compliance through an Organization

We often talk about tone at the top. But in many ways it is tone further down the organization which is more important for this is where the rubber hits the road and compliance is done on a day to day basis. I recently saw a couple of articles in the March/April Issue of the SCCE Magazine which discussed the “How-To” of compliance. They drove home several excellent ideas on specific steps that the compliance practitioner can use to move the compliance discussion from simply a tone from senior management that we will do business the right way down into middle and lower levels of the company where most of the business gets done.

The first article entitled “Success: You hit the target you aim at” is by Frank Navran . In this article, one of the things that Navran discussed was expanding on the “How-To” of making change in ethics and compliance occurs throughout the organization. He listed seven steps which he believed can not only make change happen but can make it stick as well.

1. Position, philosophy and belief. Interestingly, Navran begins not with a top down item but a bottom up approach. He believes that an “organization’s and senior leadership’s positions can typically be improved, supplemented, and/or modified with input from employees and other stakeholders.” Further, once all company stakeholders, both up and down the chain, have inputted into the organization’s core beliefs, they will become “integral to the identity of an organization.”
2. Formal organizational systems. Navran believes that formal systems are needed to guide everyone’s “day-to-day behaviors” in an organization. Without these formal structures in place, even the most robust informal system for doing business in an ethical and compliant manner can be “demolished by one or two serious infractions.”
3. Informal leadership systems. Navran nails this concept by stating the “Informal leadership is not about what we say. Rather it is about what we do.”
4. Measures, rewards and sanctions. Navran notes that typically what we measure is what you get. This makes it imperative that ethical standards are communicated as clearly as the “objective outcomes that are the more conventional measures of success.” It is equally important that the sanctions for non-ethical or non-compliant behavior be levied and such conduct not allowed to continue.
5. Communications and education strategy. It matters not only what we say but how we say it. Navran emphasizes that “If we want our commitment to ethics to be credible, then it has to be reflected in both our words and actions. It has to be mirrored in what we teach, both formally and by example.”
6. Response to critical events. Navran believes that the most important indicia “in determining what others believe to be our priorities is how we behave in response to a critical event. What we do when the stakes are high, time is short, and the pressure is on reveals our priorities and our principles.” So when the pressure is on and the whole world is watching, if leaders act according to their stated vows of doing business ethically and in compliance, this will send a strong signal to the rest of the company. And, simply put, if they do not employees will understand their true values.
7. Hidden agendas. If employees believe that leaders have a hidden agenda, they lose credibility as a leader. Navran thinks that it is important that the “perceived motives and agendas are consistent with how we behave and what we say, expect, or require of others.”

Navran ended his story with an interesting parable, that of the “wrong rock”. In this story, a manager asks you to perform a task, which is to go outside and get a rock. You do so. When you return, the manager says that you did not get the rock he wanted. Navran derives from this tale, that “If you know the goal and the associated success criteria, it is easier to succeed the first time.” So if doing business in an ethical and compliant manner is your goal, it will help employees if you provide to them the values you wish them to hold through your own actions.

The second article which caught my eye was authored by Shelley Aul and Christina Reese and is entitled “Your board is engaged, but what about management?” In this article, the authors discuss some of the questions presented at a session at the SCCE 2012 Annual Conference. In this session, they asked the following questions, “what about your organization’s “mood in the middle” and “buzz at the bottom”?” They listed some of the successes they heard from the conference attendees for engagement of all employees in compliance and ethics. The suggestions included:

1.      Create an Ethical leadership award – Award management and employees for going above and beyond expectations.

2.      Host an internal ethics and compliance conference – Have your company host an in-person or virtual conference with management where they learn about ethics and compliance topics that are important to them and their roles.

3.      Create ethics and compliance liaisons/champions/networks – Identify employees from across your organization who can act as an extension to your program. The representatives can be leveraged to share information with employees and they can relate information back to you to help improve the program.

4.      Create ethics and compliance targets and goals – Implement an ethics and compliance component into performance reviews and bonus goals for all employees.

5.      Sponsor Ethics and Compliance Week – Work with management to participate in a companywide Ethics and Compliance Week.

6.      Leverage internal company e-newsletters – Add a “Compliance Corner” to an already existing management-only e-newsletter. In doing so, you can provide information and scenarios to discuss in their department/team meetings, without having to create an additional email.

7.      Create Management toolkits – Develop a toolkit with ethics and compliance resources that management can easily use. Post the toolkit in an online portal and keep it updated when things change.

8.      Meet with new hires – A compliance department representative should meet one-on-one with new hires or newly promoted managers. Explain to them your role, the resources available to them and follow-up with them periodically. The compliance function should develop such relationships early.

9.      Develop peer-to-peer recognition programs – Proactively seek employees who are doing what’s right by asking them to nominate coworkers who have helped them in their jobs. Have management locally recognize those who are selected.

10.  Train the trainers – Train your management to cascade training by having them train their staff on ethics and compliance-related matters.

Both of these articles lay out some excellent, practical ideas that the compliance practitioner can put to use or use to measure a compliance program against. If you are not a member of SCCE, you should join, the reason being is that the information it makes available to the compliance practitioner makes it one of the best value compliance resources on the market.

———————————————————————————————————————————————————————-

Compliance Week needs your help! Compliance Week and Kroll Advisory have teamed up to undertake a major survey on corporate anti-corruption programs, and are asking compliance executives to participate. The survey itself—the 2013 ‘Global Anti-Bribery Benchmarking Report’—can be found here:

http://surveys.harveyresearch.com/se.ashx?s=0D146E2D11F8D225

The survey should take no more than 20 minutes to complete. It asks about the bribery risks you have, procedures you use to train employees and vet third parties, the size of  your compliance team, and more. Rest assured, all submissions will be secure and anonymous. The deadline to submit information is end of business on Friday, March 15.

Results of the survey will first be presented at the Compliance Week 2013 annual conference in Washington, May 20-22 (www.ComplianceWeek.com/conference), and later published in a special supplement of the Compliance Week magazine.

Anyone with questions can contact Compliance Week editor Matt Kelly at mkelly@complianceweek.com.

———————————————————————————————————————————————————————

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013