The NHL and Compliance: Some Thoughts From Alexandra Wrage On Doing Business Ethically

This past week I chaired the Beacon Events Corruption and Compliance – Asia Congress 2013 conference. One of the speakers was Alexandra Wrage, the founder and President of TRACE International, Inc (TRACE). If you have never heard Alexandra speak on anti-corruption, you have missed one of the most dynamic speakers in the industry. Alexandra is Canadian and, in our chats during the event, one of the things that we talked about was the National Hockey League (NHL) championship series between the Chicago Blackhawks and the Boston Bruins. Not only was the series the first championship between two of the Original Six teams since 1979 but the hockey was some of the finest and most exciting played in recent memory. Alexandra noted my somewhat forlorn use of the Houston Astros as a teacher in lessons around compliance and ethics. She also remarked that I had never discussed hockey in any of my blogs so she challenged me to use one of her homeland’s greatest gifts to mankind in a blog post. So here goes.

Last week the Chicago Blackhawks won the NHL’s championship, thereby securing the Stanley Cup, named after Lord Stanley former Governor General of Canada. The six-game series between the Blackhawks and the Boston Bruins was fabulous, in the deciding game, Game Six, the Blackhawks scored two goals in the final 90 seconds to not only erase a 2-1 deficit but win the game and bring the Cup back to Chicago. But here is the compliance angle, this most physical of all sports was played cleanly with no fighting, no cheap shots or dirty checks and no major penalties imposed on the players of either team. It was a great example that the game can be played the right way and done so at the highest level.

This translates into anti-corruption and anti-bribery in the business world as well because as Alexandra put it in her talk to the conference, entitled “Turning compliance into a tool and a strategic asset to drive company performance”, ethical principles are business advantages. She explained that by doing business ethically, not only does a company protect itself for the increasing international enforcement regimes that are being enacted but organizations can protect themselves in a myriad of other ways. If a company agrees to pay a bribe to obtain a contract, that is but one step that puts a company at risk during the entire process and relationship. As Wrage described, when you pay a bribe you are targeting your company for a relationship that can be endlessly changed. It becomes an endless pit of payments from which you cannot extricate yourself. Any government official who accepts a bribe has control over you and the amount that he or she can squeeze out of you going forward. You completely lose control of the negotiating process and indeed the entire contract because there is nothing that you have to enforce. A bribe, even if memorialized in writing, cannot be enforced in any court of law or other legal proceeding such as arbitration.

Wrage also talked about the hidden costs involved in any bribery scheme. An entire set of falsified documents must be created and even alternative corporation structures put in place to set the criminal structure to facilitate bribes. Company employees are not doing their regular jobs when they are engaging in such criminal actions. Indeed, if an employee is willing to engage in bribery, it does not take a long leap for that employee to turn to other criminal activities such as embezzlement. If there is money being syphoned off to pay bribes, it certainly can be routed into an employee’s individual bank account.

Wrage also explained why doing business ethically can benefit companies in the mergers and acquisitions (M&A) context. She talked about the off-cited example of eLandia, where the acquiring company basically had to write off an entire investment because it discovered that the entity purchased had a long running bribery scheme which artificially inflated the value of the company and post-acquisition, when the bribery scheme was stopped, the value plunged.

Wrage also noted that it is well-nigh impossible to get proper valuation on a potential acquisition target if bribery and corruption is occurring inside it. This is because if you take away the business generated from the bribery and corruption, what is the business worth? Put another way, what is your deal worth? Your inquiry needs to extend further than simply into the business as well. You need to understand any target’s sales model and understand how their business partners operate. Additionally, if their sales model is third parties, that is obviously your greatest risk.

Wrage’s thoughts echoed in many ways some of the discussion we saw in last year’s Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance, where for the first time, there was an extensive discussion about pre-acquisition due diligence, in addition to post-acquisition compliance integration, in the M&A context. The FCPA Guidance related that “most commonly, inadequate due diligence can allow a course of bribery to continue—with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability.” The FCPA Guidance listed several hypotheticals which discussed pre-acquisition due diligence and that by engaging in such efforts a company may well be able to shield itself from Foreign Corrupt Practices Act (FCPA) liability after the merger occurs.

The FCPA Guidance also presented a fact pattern in its discussions of Declinations to Prosecute (Declination) where a US company was acquiring a foreign entity which was not previously subject to the FCPA. In one example, a US company received its Declination based upon its extensive pre-acquisition due diligence which allowed it to identify and halt the corruption. As there was no continuing misconduct post-acquisition, the FCPA was not violated. The clear import is that if this pre-acquisition due diligence was not performed; a Declination may not be forthcoming.

The bottom line from Wrage is that compliance is good for business. She made clear that ethical principles are a business advantage and not a business disadvantage. Having a strong compliance program in place also builds moral among employees. Lastly, Wrage believes that doing business ethically also builds good reputation with customers. There are numerous stakeholders for any corporation. Wrage has been one of the leading lights to demonstrate that by doing business ethically, and in compliance with anti-corruption/anti-bribery laws like the FCPA and the UK Bribery Act, a company can satisfy many of those constituency simultaneously.

The Blackhawks and the Bruins showed that professional hockey can be played at the highest level without the extracurricular activity that mars so many of the regular season games. So, just as doing business ethically and in compliance with international anti-corruption regimes is good for business, playing great hockey within the rules makes for not only great hockey to watch but improves the entire NHL hockey.

And who says a Texan, or any other Southerner for that matter, cannot fully appreciate hockey?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

I Am Legend: Richard Matheson and Ethics in Your Compliance Program

Richard Matheson died on Sunday. I read his book “I Am Legend” when I was a very young teenager. It was my first real introduction into science fiction and I instantly became a fan of Matheson. It spoke to me about being an outsider and feeling completely out of place, as was the protagonist, who was played by Vincent Price in the 1964 movie version, The Last Man on Earth, by Charlton Heston in 1971 movie version, The Omega Man, and, finally, by Will Smith in the 2007 movie version, I Am Legend. For me, the book more forcefully drove home the ethical dilemma faced by the apparent sole survivor on earth, Robert Neville of an un-named catastrophe. There are others, who have been turned into zombie/vampires. Neville has to dispatch these other survivors while trying to find a cure to the disease which has affected them.

Matheson was also a prolific screenwriter as well, adapting his short story Duel, into Steven Spielberg’s first feature film the 1971’s broad-daylight murder-truck nightmare of the same title, which was the highest rated made-for-TV movie of all-time. Matheson also wrote the scripts for several Twilight Zone episodes as well scripts for other television shows ranging from Combat! to The Girl From U.N.C.L.E. to Star Trek.

I thought about Robert Neville’s ethical dilemma and Matheson’s explorations of ethics throughout his career when read an article in the Financial Times (FT) entitled “Is backdating an invoice so very wrong? A school tackles ethics”. In this article, Rebecca Knight reported on a class taught at New York University Stern School of Business by Jonathan Haidt, which “examines ethics through the lens of moral psychology.” Haidt was requested to teach the class by the Dean of the Stern School, Dr. Peter Blair Henry, after Haidt published his book, entitled “The Righteous Mind”, in which he argued that “people make moral decisions based on feelings, not reason” and even went so far to state that “Nobody is ever going to invent an ethics class that makes people behave ethically after they step out of the classroom.”

Perhaps challenged by this pronouncement, Haidt took up the task of designing an ethics class to teach students how to “design more ethical organisations.” One of the ways that Haidt suggests is to focus on “creating an incentives system that rewards long-term success over short-term performance.” This is certainly one of the things that the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance discussed in its Ten Hallmarks of an Effective Compliance Program, which said that the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern. Beyond financial incentives, some companies have highlighted compliance within their organizations by recognizing compliance professionals and internal audit staff. Others have made working in the company’s compliance organization a way to advance an employee’s career.”

Another of Haidt’s insights is that he believes that people tend to believe that they have their own moral compass, that they are “the captain of my own journey. But as a psychologist, I know that is not true.” He says this “not to absolve students of any personal responsibility but to help them develop a greater understanding of their own values and motives.” From this, Haidt teaches students to be aware of social situations which might influence them to act unethically, such as going along with a group’s decision or even completing a boss’s request to backdate invoice so that it appears in the company’s books previous quarter.

But the company also has responsibility in this area as well. One area might be to encourage a ‘Speak Up’ culture. So another Hallmark of an effective compliance program is to include a “mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation. Companies may employ, for example, anonymous hotlines or ombudsmen.”

Perhaps channeling his inner Richard Matheson, Haidt believes that “his students’ careers are like an epic ‘hero’s journey’ – one in which they will be severely tested and challenged.” Moreover, he tries to instill in his students to “recognize that there are societal forces impinging on them all the time and that in the long run ethical behavior and high professional standards do pay.” Organizations should realize this as well because compliance and ethics is more than simply complying with laws against corruption and bribery such as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act. By doing business in the right way, companies simply do better from a business perspective.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

The Rutgers Basketball Scandal – Some Questions for the Compliance Practitioner to Ask

The seemingly continuous saga of the Rutgers Athletic Department and the attendant fallout from the Mike Rice scandal has reappeared in the news recently. For those who do not remember this tale, it involved the head basketball coach who was videotaped physically abusing his players by hitting them, kicking them and throwing basketballs at them during practice. Of course he also verbally abused them as well. When asked about his coaching style by the Rutgers Athletic Director (AD) Tim Pernetti, Coach Rice admitted that he was “aggressive” or perhaps as Warren Zevon would say, “he’s just an excitable boy.” While I usually write about the lessons which a compliance practitioner can draw from an event or series of events, I will use the Rutgers basketball scandal to raise questions about how your compliance program might handle a claim of violations of a federal law such as the Foreign Corrupt Practices Act (FCPA) or internal company policy, such as a Code of Conduct.

I.                   The Investigation

According to Jim McGrath, writing in the Internal Investigations Blog, in an article entitled “Focus For Next Rutgers Investigation”, Lacey interviewed six players, one former player, a former player who transferred from Rutgers, all of Rice’s assistants and other support personnel in the basketball program, Coach Rice himself, Eric Murdock, AD Pernetti, and a sports psychologist whom AD Pernetti consulted earlier this year. In addition, he reviewed nearly 50 hours of videotaped practices – roughly half of all practice time – during the coach’s tenure. He also kept AD Pernetti abreast of the results of his investigation during the pendency of the investigation.

In the initial investigation, Lacey found that Coach Rice’s behavior violated Rutgers policy barring workplace violence: “In sum, [I] believe there is sufficient evidence to find that certain actions of Coach Rice did ‘cross the line’ of permissible conduct and that such actions constituted harassment or intimidation within Rutgers’ Policy, Section 60.1.13.” That policy is Rutgers’ Workplace Violence Policy, in which “behavior [that] would be interpreted by a reasonable person as being evidenced (sic) of intent to cause physical harm to individuals or property” is prohibited. Lacey also believed that Coach Rice engaged in misconduct, which could be reasonably determined “to embarrass and bring shame or disgrace to Rutgers in violation of Coach Rice’s employment with Rutgers.” Lastly, Lacey concluded that Rice violated other terms of his five-year contract that would pay him $700,000 for the 2013-14 season that were added after previous disciplinary issues came to AD Pernetti’s attention.

While Lacey found that Coach Rice “did engage in certain conduct that went beyond mere cursing, including occasions where [he] used coarse, inappropriate and insulting language during practices and workouts, verbally attacked players in a manner outside the bounds of proper coaching, shoved and grabbed players on multiple occasions and engaged in other boorish and immature behavior,” it did not violate additional university policies – including Rutgers’ anti-bullying policy – and that the coach’s conduct “did not create a ‘hostile work environment’ as that term is understood in connection with anti-discrimination and anti-harassment policies.”

Perhaps even more amazing, and a hint to the real purpose of the investigation and report, Lacey ended his report by stating, “Although couched in different terms, EM’s actual complaint is not for wrongful termination, but for AD Pernetti’s decision not to offer EM a new contract. AD Pernetti’s decision not to offer a new contract to EM was based on EM’s abandonment of his employment and his direct and deliberate insubordination, and was not based on any impermissible or retaliatory reason. Therefore, there was no violation of Rutgers’ CEPA policy.” So after all the work and interviews, the question remains as to what was the purpose of the investigation; to investigate the behavior of Coach Rice or give Rutgers cover in the whistleblower lawsuit claim of Murdock?

II.                Questions To Be Asked

As pointed out by McGrath, some troubling questions were raised by the release of the Lacey Report. For instance, what were the reasons for AD Pernetti’s action or inaction and that of other school administrators in the wake of the Lacey report? Did any Rutgers administrators violate university policies or their own contractual obligations in how they dealt with Coach Rice after the completion of the Lacey investigation? McGrath notes, not without some irony, that “Regardless of whether breaches of required conduct are found or not, Barchi’s acknowledgement in a press conference that – while he was fully briefed on Coach Rice’s actions and suspension – he had never seen the 30-minute video of his coach’s antics until last week, is particularly confounding. Citing a busy administrative schedule and the organizational need to rely upon the advice and counsel of underlings as a justification for not giving the evidence at least the once-over seems a poor excuse for his ignorance of the situation.”

To those questions posed by McGrath I would add some of the following:

A.     What is the role of Senior Management?

Whistleblower Murdock claims he sent 5 emails to the University President asking him to view the video. If something is so serious that it needs to get to the attention of the head of an organization, what should a subordinate do to get this attention? As President Barchi stated that as soon as he saw the video Coach Rice had to go, it begs the question of when should a General Counsel (GC), Chief Compliance Officer (CCO) or other employee engage a company president? What about the Board of Directors? If a President is too busy for you, is there a direct line to the Board for consultation?

B.     What is the role of your investigation?

An obvious starting point is to ask, “What is your investigation protocol?” A time of crisis is not the time to be writing out your investigation protocol or perhaps, even worse, revising it. We may never know what role the Interim GC played in determining the protocol or even looking to see if there was an investigation protocol. Some of the things that you need to consider are the following: Who reviews the results of your investigation? What is the role of an investigation? What is the scope of the investigation; is it to uncover the facts so the situation can be remedied; or is it to determine if you can be liable for taking remedial action?

Lastly, and this point is presented more starkly in the Rutgers scandal than in most commercial business situations I have seen, should the information be shared with a merger partner? Remember Rutgers was nearing the end of a yearlong process to join the Big Ten Conference. If this scandal had come out during the negotiations, would the Big Ten have continued to pursue Rutgers? More cynically, did all the publicity over the Rutgers scandal create more publicity about Rutgers joining the Big Ten and thereby increase brand awareness along the East Coast?

C.    When is a whistleblower an extortionist?

Another interesting facet of the Rutgers scandal is the claim that Murdock is actually trying to extort money out of Rutgers. It should be noted that Murdock did not surreptitiously videotape Coach Rice abusing his players. Murdock obtained Rutgers’ practice through Freedom of Records request from state of New Jersey and then edited the tapes down to the final version shown on ESPN, for which Rutgers officials roundly criticized him.

To bring a suit against Rutgers, a person must send a formal demand letter, which Murdock’s attorney did on or about December 26, 2012. Two weeks after his demand letter was rejected, Murdock leaked his video footage to ESPN. In April, New York Times (NYT) reporter Steve Eder, in an article entitled “F.B.I. Investigating Former Rutgers Assistant”, reported that the “F.B.I. is investigating whether the assistant at Rutgers who first voiced concerns about the abusive behavior of his boss, Mike Rice, tried to extort the university.” Conner Simpson, in another article in the Atlantic Wire entitled “The Rutgers Scandal Now Has an F.B.I. Extortion Investigation” asked, “How does leaking a video and getting your old boss fired amount to extortion, you ask?” He then said “Well, ESPN’S Don Van Natta Jr. reported Friday that Murdock wrote a letter to the school demanding $950,000 to settle his wrongful termination claims a month after he first showed Pernetti the video. Rutgers politely declined. Murdock filed a lawsuit against the school on Friday. So, uh.”

How many whistleblowers do you think Rutgers encouraged to come forward with this information before it became public? More importantly, how many whistleblowers do think will be encouraged to come forward in the future if they know that their fate will include a FBI investigation if they make a whistleblower claim and perhaps file a lawsuit?

A colleague of mine pointed out that I was very much in the milieu of ‘Monday Morning Quarter-backing’ with some of my criticisms of Rutgers. He correctly noted that decisions made in or near real time may look quite different many months or years down the road. On this point he is absolutely correct. So I think a key point from the Rutgers scandal is to document your reasoning and logic, in writing, before you assess any discipline or make any decisions so that months later you know exactly why those decisions were made. In other words, have a protocol in place and follow the protocol. If you change the protocol, document the reason that you do so. But sometimes you gut just knows something is really bad. One of those times is when your Chief Executive Officer (CEO) (or University President) says that within the first five minutes of reading a report (or seeing a video) they knew the person should be fired.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Baseball and Compliance: From the Astros to Juiced Balls in Japan

What do national pastimes teach us about ethics and compliance? I would argue plenty. While, for the most part, I have reserved myself from writing about the Houston Astros fraud upon their fans this season in claiming that (1) they are fielding a major league team and (2) are not trying to lose; one item reached me last week which went far beyond the pale, even for the Astros. So channeling my inner Howard Sklar, I will start with a mini-rant. The item I received was a text from the Astros organization, informing me that I could vote for all Astros starters to be placed on the Major League Baseball (MLB) All-Star team in less than 30 seconds. Are you kidding me, what are the chances of any of the Astros starters being voted onto the All-Star team? At this point, I don’t think any of the starters would make an AA, All-Star team, let alone a MLB All-Star team.

Fortunately not all MLB teams are quite so brazenly fraudulent. But in Japan, there is currently a baseball scandal brewing that seems to be more poised to impact the entire country. What is that scandal about? Juiced baseballs and their cover-up. In an article in the New York Times (NYT), entitled “As Baseballs Fly in Japan, Dispute Simmers”, reporter Ken Belson wrote about the current scandal in Japan, where Nippon Professional Baseball (NPB) decreed that the baseball should be juiced so that there would be more home runs. Belson reported that Japanese baseball owners were concerned about the drop in home runs over the past couple of seasons but could not come up with a consensus approach to deal with the issue. So they turned the matter over to the league which apparently decided the baseballs needed a little more ‘umph’. I do find the cultural differences fascinating that while American baseball certainly had its own baseball scandal around juicing, in the US it was players that were juiced and not the baseball.

While the league made this decision, it apparently did not tell anyone; not the owners, nor the players and most certainly not the fans. The scandal was deepened by the remarks of the league’s commissioner, Ryozo Kato, who originally had denied that the baseballs were juiced this season. Some two weeks later Kato backtracked from this statement, claiming that his staff had not informed him that the baseballs were juiced when he made this initial denial. Kato made this about face “when he revealed that the league secretly made its official ball livelier during the off-season, essentially because the previous version, introduced in 2011, led to an alarming drop in home runs.” Oops.

In addition to the shame and disgrace that Kato would seem to have brought upon himself, and Japanese baseball in general, I found the metaphor for Japanese business interesting. Belson noted that “The revelation has angered a nation tired of leaders who try to sweep bad news under the rug to, according to a popular euphemism, “avoid confusion.” In recent years, executives at Olympus, the camera and medical equipment maker that hid massive losses from shareholders, and Tokyo Electric Power Company, whose shattered nuclear reactors have endangered millions of people, have been pilloried after their transgressions were unearthed, to name two prominent examples.”

Tone Up and Down the Organization

So what can the Astros and this season teach us about compliance? First it all starts at the top and in Houston we have team owner Jim “I-made-a-$100MM-so-I-must-know-what-I-am-talking-about” Crane at the top. Clearly his tone has impacted the organization because it is sending out texts trying to get folks to vote team members onto the All-Star team. One of things that might be a requirement is that a player has an all-star season to be voted onto the team. So it’s more than simply tone-at-the-top, it is also ‘tone in the middle’ or more appropriately for the Astros, ‘tone-at-the-bottom’.

If the top of your organization claims that not only is everything OK but everything is moving in the right direction, this message will certainly move throughout your organization. But one of the catches to making such claims is that everything should be OK and your organization should be moving in the right direction. Trying to have the worst team possible so that you can get more money in revenue sharing is not the same as trying to win baseball games. So tone does matter and if the top of your organization says we are made up of All-Stars, when you have the worst record in the American League (AL), the bottom of your organization may well say it to. They would both be wrong.

Transparency

One of the more interesting points that Belson wrote about in his article was the lack of transparency in the league’s actions to juice the baseballs in Japan. He wrote that “Most fans would have accepted the new ball because high-scoring games are often popular. The players union, too, would have gone along with the change if it were part of a goal that both pitchers and batters could get behind, like introducing a new ball to help the national team.” If there had been transparency, it would not have been fraud upon everyone for Kato to stand up and say that the baseballs were no different when everyone else involved could tell something was very different. If you want to change the style of play by changing the equipment, tell everyone about the equipment change so that they can adjust their play.

In the compliance world, transparency solves many issues relating to the gifts, travel and entertainment. If you cannot provide these to a foreign government official or employee of a state owned enterprise, without transparency, then the gift travel or entertainment is probably inappropriate. The example that I give is if you can give a gift to someone in front of their co-workers, then that is transparency. If you have to send the gift to his or her home, that indicates a lack of transparency.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Some Thoughts on What Makes a Good CCO

There are several prominent commentators who frequently discuss the role a Chief Compliance Officer (CCO). One such commentator is Donna Boehme, who regularly writes articles, speaks about, and even tweets on this subject. But what type of mindset does a CCO need to be successful? What are some of the skills? I thought about those questions when I read three very different articles on unrelated topics recently.

I.                   A General Principle of Action

The first was found in this past week’s issue of the New Yorker Magazine, in a piece entitled “The Gift of Doubt”, where author Malcolm Gladwell reviewed the rather extraordinary life of Albert O. Hirschman, in the context of a new biography of Hirschman titled “Worldly Philosopher: The Odyssey of Albert O. Hirschman” by Jeremy Adelman. In Gladwell’s piece, he discussed one of Hirschman’s essays, which was entitled “The Principle of the Guiding Hand.” In this essay, Hirschman reviewed large commercial enterprises which did not turn out as designed but where Hirschman was impressed with the response to the crisis.

Gladwell wrote that Hirschman had studied the “Karnaphuli Paper Mills, in what was then East Pakistan. The mill was built to exploit the vast bamboo forests of the Chittagong Hill Tracts. But not long after the mill came online the bamboo unexpectedly flowered and then died, a phenomenon now known to recur every fifty years or so. Dead bamboo was useless for pulping; it fell apart as it was floated down the river. Because of ignorance and bad planning, a new, multimillion-dollar industrial plant was suddenly without the raw material it needed to function.” It was the mill’s response to the crisis which so impressed Hirschman. Gladwell reported that Hirschman noted that the mill owners “quickly found ways to bring in bamboo from villages throughout East Pakistan, building a new supply chain using the country’s many waterways. They started a research program to find faster-growing species of bamboo to replace the dead forests, and planted an experimental tract. They found other kinds of lumber that worked just as well. The result was that the plant was blessed with a far more diversified base of raw materials than had ever been imagined.”

From this, and other examples, Hirschman opined in his essay what he termed the “general principle of action.” He defined this principle as the following; “Creativity always comes as a surprise to us; therefore we can never count on it and we dare not believe in it until it has happened. In other words, we would not consciously engage upon tasks whose success clearly requires that creativity be forthcoming. Hence, the only way in which we can bring our creative resources fully into play is by misjudging the nature of the task, by presenting it to ourselves as more routine, simple, undemanding of genuine creativity than it will turn out to be.”

II.                Using Mindsets

I thought about Hirschman’s general principle of action as it might apply to a CCO when I read an article by Michael Maslanka in the June 10 issue of the Texas Lawyer, entitled “Seven Mindsets of Effective General Counsel”. I thought that Maslanka had some interesting insight into the mindset a CCO needs. So adapting Maslanka’s seven mindsets from his list of those required by a General Counsel (GC) to those required by an effective CCO, I submit the following for your consideration.

No. 1: All news is good news. What should you do during a Foreign Corrupt Practices Act (FCPA) enforcement action, when the Department of Justice (DOJ) lawyers suggest something that you might view as negative or not warranted? Maslanka suggests that you remember the maxim that “All news is good news, because then you know where you stand.” Further he suggests that you follow these prescripts:

• Observe: The DOJ gave us new requests for information, which gave us a chance to gauge their thinking.
• Orient: This closed off an option, but did others remain?
• Decide: Pick another option.
• Act: Do it. Repeat until resolution.

No. 2: Pick the hill you want to die on. Make a stand where it matters, not on a useless cul-de-sac. Effective CCOs create political capital, bank it with the C-level executives and make wise withdrawals. Don’t sweat the small stuff but more particularly do not ask senior management to sweat the small stuff.

No. 3: ABR: Always be re-framing. CCO’s can’t change the facts, but can change the story. Reframing can transform a potential violation of the FCPA into an opportunity to improve your company’s compliance program. It can awaken leaders to the need for manager training. Adopting an “always be reframing” mindset creates bias towards effective action, realistic optimism and caring candor.

No 4: Fight the fight, not the plan. A CCO should never get stuck on the original plan and should always deal with what is occurring now, in real time. Survival goes not to the fittest but to the most adaptable. An adaptability mindset propels a CCO ahead of a burgeoning crisis. It’s a fluid compliance and legal world out there, so “be prepared to surf the waves.”

No 5: A CCO is not a conscience for hire. When it all hits the fan and when someone must speak compliance truth to power, it is the CCO who does so. A CCO is not a mouthpiece but a voice of reason.

No 6: Generate options, lots of them. A CCO cannot direct executives to take actions; they can only guide them by producing options — the more, the better.

No. 7: “Am I adding value?” How does the CCO metric measure value? Effective CCOs understand that they work daily with those who have built a company and strive to sustain it. Adding compliance value is not a “No, you can’t do XYZ.” It’s not even a “Yes, but” mindset. It’s one of “Yes, and.”

III.             Listening

The final article was in the June 17 issue of the Texas Lawyer, by Joey Asher, entitled “Four Keys to Better Listening”. While Asher clearly believes that everyone can benefit by being a better listener, I think that this is particularly incumbent for a CCO.

Be genuinely interested. Asher believes that “There are no tips that will help you if you aren’t actually interested in the other person. The author Truman Capote was said to have been interested even in “boring” people. When stuck in a conversation with a bore, he would try to discover what makes the person so boring.” It is your attitude that makes a CCO a great listener.

Ask good questions. Here Asher quotes the intrepid interviewer Larry King who said, “The absolute best question in the whole world is “Why?” “Why did you choose to become a lawyer? Why does your business want to merge with a competitor? Why do have I have to hold the club this way? Why do you go by Joey instead of Joe? Why do you enjoy shopping? “Why” makes people think and reflect. It shows a depth of interest and requires a deeper answer.” Asher does understand that “there are many great questions that don’t start with “why.”” But his experience tells him that the best questions involve asking for an explanation or an opinion.

Be patient. Asher believes that a listener can hear very good information if you are willing to wait for it. He wrote about a story where he met a corporate psychologist at a cocktail party. This corporate psychologist told him “that his job was to screen high-level job candidates for major corporations to ensure that they’re not secretly racist.  “How can you tell if someone is a secret racist?” I asked. He explained that he asks the subject to talk about himself and his life. Over the course of long interviews (the interviews can last days) a pattern of racism will emerge.”

Have a good listening face. Asher concluded his piece with his belief that “learning to listen is important to me.” One of the ways he has done so is by looking not only interested in the people he is talking too but even fascinated with what they had to tell him. He actively tries not to be intimidating in any way while listening.

I am sure that there are other traits that will go into the makeup of an effective CCO. If you have some others, I hope that you will post them as comments to this article.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Oh Thank Heaven – The Saga of 7-Eleven and Franchising Under the FCPA

Earlier this week, Jim McGrath, writing in his Internal Investigations Blog, posted a blog entitled “Human Trafficking Concerns for 7-Eleven in Wake of Payroll Scam”. In this post McGrath reviewed the seizure of “fourteen 7-Eleven stores on Long Island and in Virginia while arresting nine owners and managers and seizing property – including five homes – after one of the largest criminal immigrant employment investigations ever conducted by the Justice and Homeland Security Departments.” He also reported that there is an ongoing investigation of “40 other 7-Eleven franchises in New York City.”

The allegations of human trafficking are bad enough. McGrath wrote that “the defendants found more than 50 illegal immigrants and gave them identities stolen from American citizens, including children and dead people. These employees then worked for as much as 100 hours a week, but were paid for a fraction of that time, and were forced to live in substandard housing owned by the operators of the convenience stores.” He also noted that while the stores may have been owned by franchisees, the parent company was also involved because it not only failed to detect the scheme but “processed the payroll and sent the wages to the employers for distribution.” I would also suspect the part of the franchisees’ fee back to the franchisor was based upon revenues so any reduction in cost could also inure back up the chain.

McGrath’s article got me to thinking about franchisor liability under the Foreign Corrupt Practices Act (FCPA). It has been a successful model in the US and now many corporations are looking at overseas expansion opportunities. Franchise law has become well developed across the US, with many states developing laws to protect the rights and obligations of both parties in a franchise agreement. According to an International Franchise Association survey of nearly 1,600 franchise systems in 2008 stated “nearly two-thirds (61 percent) of respondents currently franchise or operate in non-U.S. markets and three-fourths (74 percent) plan to begin international expansion efforts or accelerate their current ventures immediately.”

There are no reported FCPA enforcement actions regarding franchisors. However, the factors in a franchise relationship would appear to lead to clear FCPA responsibility of the franchisor for its overseas franchisee’s actions. Additionally, court interpretation of the FCPA has held that it is applicable where conduct, violative of the Act, is used “to obtain or retain business or secure an improper business advantage” which can cover almost any kind of advantage, including indirect monetary advantage even as nebulous as reputational advantage. As almost everyone knows, the FCPA prohibits payments to foreign officials to obtain or retain business or secure an improper business advantage. Nevertheless many US companies view franchisees as different from other types of more direct sales representatives, such as company sales representatives, agents, resellers or even joint venture partners, for the purposes of FCPA liability.

I believe that such an analysis is misguided as the Department of Justice (DOJ)  takes the position that a US company’s FCPA responsibilities extend to the conduct of a wide range of third parties, including the aforementioned company sales representatives, agents, resellers, joint venture partners and distributors. It does not take too great a leap of imagination to see that a franchise relationship could be contained within this interpretation. It does not take too many legal steps to see that a franchisee’s actions can impute FCPA liability to a US franchisor.

There are other factors, unique to the franchise relationship, which would point towards FCPA liability of the US franchisor. A US franchisor’s intent and the degree of control it exercises over its overseas franchisees’ operations are factors the DOJ/Securities and Exchange Commission (SEC) might consider in determining whether to pursue an FCPA case against a franchisor for bribes made by one of its foreign franchisees. It is always in the financial interest of a US franchisor for its franchisees to be successful businesses. Additionally, most US franchisors require its overseas franchisee’s to use the same company name for branding. Of course, not only the initial franchise fee but the franchisee’s monthly royalty payment roll up into the books and records of a franchisor so that might well catch the attention of the SEC if there is a FCPA books and records violation.

Victor Vital and Jessica Parker-Battle, writing in the Franchise Law Journal, Winter 2012 Issue, in an article entitled “Implications of the Foreign Corrupt Practices Act for International Franchising”, believe that a franchisor may not have direct involvement in conduct prohibited by the FCPA, there may not be the requisite corrupt intent required under the statute. However, I believe unless a franchisor has an adequate compliance program in place, a franchisor may well find itself in the shoes of Frederick Bourke and sustain a finding of conscious indifference.

How would all of this play out for a franchisor? As a franchisor moves into foreign markets there could well be the temptation to “grease the skids” and make payments or offer gifts to government officials, or their family members, to get the permits or permissions necessary to open and operate. In many countries, bribery is a common way of getting business done, and there can be tremendous pressure from local agents or franchisee candidates to follow regional customs and use bribes to become or remain competitive. Even if it is not the US franchisor’s own employees which engage in the FCPA violations, the US franchisor will still face the risk of an enforcement action if the franchisee’s employees engage in such conduct.

Most franchisors have thorough financial vetting requirements before allowing any person or business to become a franchisee. However, how many of these same businesses perform FCPA compliance due diligence on their prospective overseas franchises? How many US franchisors have FCPA compliance training programs? How many evaluate, on an ongoing basis, the FCPA compliance and program of their overseas franchisees? How many US franchisors have a compliance hotline or other reporting mechanism for any compliance violations made against their franchisees?

Vital and Parker-Battle suggest that franchisors conduct thorough research in both the foreign market they hope to enter and on their potential franchisees. The franchise agreement itself should have strong FCPA anti-corruption/anti-bribery language and any franchisee, and its key employees, should receive FCPA training. The franchisor also needs to have a compliance subject matter expert (SME) available for franchisees and they also suggest that the franchisor provide an anonymous reporting hotline for FCPA violations. They end some of their suggested practices for the franchisor with the following, “it would be prudent to pay particular attention and monitor those countries in areas where bribery or gifts are encouraged in business relations. In sum, franchisors must be diligent when entering a foreign market and make sure to use best practices routinely and consistently.”

This last point, about ongoing monitoring, ties into McGrath’s article on the problems which 7-Eleven may now face. It would appear that the franchisor/parent corporation did no ongoing monitoring of its franchisees on the employment status of the franchisees’ employees. One thing that the FCPA Guidance makes clear is that statements and hypothesis must be tested by reviewing the underlying data or transaction. As a compliance practitioner, you cannot take things at face value. Further, as the FCPA Guidance also made clear, everything starts with a risk assessment. So if you are a US franchisor, looking to expand overseas, one of the first things you should do is to perform a FCPA risk assessment and then use that risk assessment to implement a full FCPA compliance program within your company going forward. If you are a US franchisor which has international franchises but you have not previously reviewed your FCPA requirements, you should do so as soon as possible. If not, your FCPA exposure may be unlimited….

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

‘You Scratch My Back’ Leads to a Fine and Penalty

As the riders loped on by him he heard one call his name

If you want to save your soul from Hell a-riding on our range

Then cowboy change your ways today or with us you will ride

Trying to catch the Devil’s herd, across these endless skies

 

The above lyrics are the closing stanza to the song “Ghost Riders in the Sky”. I thought about the advice for the cowboy to change his ways to save his soul from Hell when I read in both the Financial Times (FT) and the Wall Street Journal (WSJ) reports that Deloitte LLP (Deloitte) agreed to a one-year suspension from soliciting new consulting work from financial institutions and agreed to pay a $10MM fine to the state of New York Department of Financial Services (DFS) for its role in the Standard Chartered Bank (StanChart) money laundering scandal. StanChart was fined $340MM by the DFS for allegations of money laundering and doing business with Iran, all in violation of US laws.

The FT article, entitled “Deloitte banned for StanChart ‘violations’”, by Kara Scannell, reported that this suspension and fine was the first against a consulting firm by the DFS. The DFS cited Deloitte for ““misconduct, violations of law and lack of autonomy” in its review of the anti-money laundering (AML) practices of Standard Chartered.” Indeed it its settlement with Standard Chartered, it was alleged that “Deloitte “aided” the bank’s deception in hiding transactions linked to Iran.” In one instance, the FT reported that “Deloitte removed a recommendation aimed at rooting out money laundering from a report filed with the state regulator. In an email cited in the settlement, a Deloitte partner said: “‘[W]e agreed’ to [StanChart]’s request because ‘this is too much and too politically sensitive for both [StanChart] and Deloitte. That is why I drafted the watered-down version’.”

However, the real problem was probably better articulated by Ben Lawsky, superintendent of the DFS, who the FT quoted as saying, “At times, the consulting industry has been infected by an ‘I’ll scratch your back if you scratch mine’ culture and stunning lack of independence.” The WSJ article, entitled “Deloitte Unit Gets One-Year Ban”, penned by reporters Shayndi Raice and Michael Rapoport, noted that in the DFS resolution “Deloitte also agreed to overhaul its internal safeguards and create new standards to increase its independence with respect to clients.” Deloitte itself was quoted in the FT article as saying “it looks forward to working constructively with DFS to establish best practices and procedures that are ultimately intended to become the industry standard for all independent consulting engagements under DFS’s supervision”.

The WSJ also reported that the DFS has been concerned for some time “that consultants who review, and help banks with, regulatory issues are potentially subject to conflicts of interest because they are hired and paid by the same banks whose work they are supposed to assess.” Apparently the DFS is looking to use Deloitte’s remediation as a “model to govern all consultants who do work for banks under the agency’s supervision.” This comes on the heels of the US Senate’s Banking, Housing and Urban Affairs Committee, Subcommittee on Financial Institutions and Consumer Affairs’ hearing this past April on the same issue. The hearing was entitled “Outsourcing Accountability? Examining the Role of Independent Consultants”. The hearing was adjourned with no resolution of legislation introduced as yet but Massachusetts’ junior Senator Elizabeth Warren is on the Subcommittee so I would not be surprised for something to come out of this issue.

The use of external consultants was also mentioned in a recent enforcement action under the Foreign Corrupt Practices Act (FCPA); that being the Parker Drilling Deferred Prosecution Agreement (DPA). In the DPA there were the following statements about an un-named US law firm and an un-named partner at said law firm, which were listed as an agent of Parker Drilling in connection with its FCPA issues in Nigeria.

1. The law firm was a US limited partnership, which provided legal advice to Parker Drilling for the issue involving the FCPA violation at issue. (Paragraph 10)
2. An unidentified “outside counsel” who provided this legal advice was a partner in the unidentified law firm. (Paragraph 11)
3. Parker Drilling entered into an agreement with a Nigerian Agent who would “act as a consultant to [Law Firm] to provide professional assistance resolving these issues in Nigeria.” (Paragraph 33)
4. Payment to the Nigerian Agent was made through the law firm, which received the Nigerian Agent’s invoice and then forwarded on to Parker Drilling for funding.
   “When the Nigerian Agent required funds, Parker Drilling transferred funds to Law Firm by wire, and Law Firm in turn forwarded those funds to Nigerian Agent by international wire. Nigerian Agent’s funding requests typically first went by email to the Law Firm and U.S. Outside Counsel and asked for currency transfers, often $100,000 or more at a time.” (Paragraph 34)
5. This U.S. Outside Counsel was identified as requesting money from Parker Drilling for entertainment of the Nigerian President (Paragraph 35a); requesting money for payment to the Nigerian State Security Service and Minister of Finance tied to “winning the concession” for Parker Drilling (Paragraph 35d); advised Parker Drilling that the Nigerian Agent in question “will need $100,000 in expense advances to cover various out of pocket expenses and social events” and that the Nigerian Agent’s expenses were running “about 4000 a day per person because of the entourage entertainment.” (Paragraph 35g); and, finally, he advised Parker Drilling that the Nigerian Agent “needs another $150,000 to accomplish his objective”. (Paragraph 35h)

What does all this mean for the compliance practitioner? First of all, it drives home the need to perform due diligence on all third party providers which will provide legal or regulatory services. If there is no underlying due diligence, there can be no understanding of the background of the service provider. The Deloitte StanChart actions, the US law firm and US lawyer identified in the Parker Drilling DPA set out a couple of issues for the consideration of a compliance practitioner in dealing with third party consultants. First and foremost, be on the watch for any third party who suggests anything illegal or that even comes up close to that line. It is clearly a red flag if a third party suggests any violation of the FCPA, AML regulations or the like. Similarly, any claim that ‘this is the way business is done in [fill in the country]’ should immediately raise a red flag. Anytime a required report is ‘watered down’ it is also a clear red flag. Lastly, if your US outside counsel suggests hiring a Nigerian agent to ‘facilitate’ any legal issues, remember the primary liability is on your company, even if you only accept that legal advice, or as the lyrics suggest “cowboy change your ways today or with us you will ride” into a large FCPA or AML settlement.

—————————————————————————————————————————————————————–

For the classic Johnny Cash version of the song, click here. For a more rocking version, check out this clip of The Outlaws by clicking here.

——————————————————————————————————————————————————————–

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

What is Board Responsibility For Compliance?

Ed. Note-this article was originally posted in the FCPA Professor.

The nightmare of every corporate director is to wake up to find out that the company of the Board he or she sits on is on the front page of the New York Times (NYT) for alleged illegal conduct. This nightmare came true for the Directors of Wal-Mart when the New York Times, in an article entitled “Vast Mexico Bribery Case Hushed Up by Wal-Mart After Top-Level Struggle”, alleged that Wal-Mart’s Mexican subsidiary had engaged in bribery of Mexican governmental officials and that the corporate headquarters in Bentonville, Arkansas, had covered up any investigations into these allegations.

Recently the NYT reported that shareholders were asking questions of the Wal-Mart Board regarding its response these allegations. In a story, entitled “More Dissent in a Store Over Wal-Mart Bribery Scandal”, Stephanie Clifford reported Wal-Mart shareholders are still asking questions of the Board regarding its role in the ongoing scandal. Some of these questions include “whether the company is holding current and former executives financially responsible for breaching company policies” and concerns about the company’s supply chain vendors. This shareholder dissatisfaction held several groups of large shareholders to indicate that they would vote against the company’s current Board of Directors at its annual shareholder meeting.

Clifford quoted from a report by Institutional Shareholder Services (ISS), a proxy advising firm, which said that investors have also complained about “being in the dark about the nature and extent of the alleged violations (and knowledge of them within the company)” and the company’s “timetable for completion of its investigation and disclosure of its results”. There were also questions raised about the remediation efforts of Wal-Mart. The ISS report went on to add that “Shareholders should vote against these directors to send a clear message to the board that such poor oversight does not come without repercussions.”

The publicity and costs to Wal-Mart have been well documented. The FCPA Professor has consistently stated that he views this scandal as largely a failure of corporate governance. In a post entitled, “Wal-Mart One Year Later” he said, “Corporate governance, or lack thereof, is what made the NY Times April 2012 remarkable.  This is the reason why Wal-Mart generated all the buzz it did a year ago this week and I’ve consistently held the view that the Wal-Mart story is a corporate governance sandwich with the FCPA as a mere condiment.” I thought about the Professor’s observations on this failure in light of Clifford’s article and wondered what the Board’s legal obligations might be.

I.                   Some Case Law

As to the specific role of ‘Best Practices’ in the area of general compliance and ethics, one can look to Delaware corporate law for guidance. The case of In Re Caremark International Inc. Derivative Litigation 698 A.2d 959 (Del.1996) was the first case to hold that a Board’s obligation “includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.” The Corporate Compliance Blog, in a post entitled “Caremark 101”, said that the Caremark case “addressed the board’s duty to oversee a corporation’s legal compliance efforts. As part of its duty to monitor, the Board must make good faith efforts to ensure that a corporation has adequate reporting and information systems. The opinion described this claim as “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment,” with liability attaching only for “a sustained or systematic failure to exercise oversight” or “[a]n utter failure to attempt to ensure a reporting and information system.”

In the case of Stone v. Ritter 911 A.2d 362, 370 (Del. 2006), the Supreme Court of Delaware expanded on the Caremark decision by establishing two important principles. First, the Court held that the Caremark standard is the appropriate standard for director duties with respect to corporate compliance issues. Second, the Court found that there is no duty of good faith that forms a basis, independent of the duties of care and loyalty, for director liability. Rather, Stone v. Ritter holds that the question of director liability turns on whether there is a “sustained or systematic failure of the board to exercise oversight – such as an utter failure to attempt to assure a reasonable information and reporting system exists.”

Andrew J. Demetriou and Jessica T. Olmon, writing in the ABA Health Esource blog, said that “This standard aims to protect shareholders by ensuring that corporations will adopt reasonable programs to deter, detect and address violations of law and corporate policy, while absolving the Board from liability for corporate conduct so long as it has exercised reasonable responsibility with respect to the adoption and maintenance of a compliance and reporting system. Although the standard protects the Board, consistent with most jurisprudence under the business judgment rule, it also requires that the Board follow through to address problems of which it has notice and this may include adopting modifications to its compliance program to address emerging risks.”

Lastly, I recently heard Jeff Kaplan discuss the oversight obligations of the Board regarding the compliance function. In addition to the above cases, he discussed the case of Louisiana Municipal Police Employees’ Retirement System et al. v. David Pyott, et al., 2012 WL 2087205 (Del. Ch. June 11, 2012) (rev’d on other grounds, No. 380, 2012, 2013 WL 1364695 (Del. Apr. 4, 2013), which was a shareholder action that went forward against a Board based upon a claim that the Board knew of compliance risk based on the company’s business plan. The Delaware Court pointed out the possibility that “The appearance of formal compliance cloaked the reality of noncompliance, and directors who understood the difference between legal off-label sales and illegal off-label marketing continued to approve and oversee business plans that depended on illegal activity.” Kaplan believes that this case more generally, supports the need for risk-based oversight by board.

II.                FCPA Guidance and US Sentencing Guidelines

A Board’s duty under the Foreign Corrupt Practices Act (FCPA) is well known. In the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance, under the Ten Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board. The first in Hallmark No. 1, entitled “Commitment from Senior Management and a Clearly Articulated Policy Against Corruption”, states “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3 entitled “Oversight, Autonomy and Resources”, where it discusses that the Chief Compliance Officer (CCO) should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The DOJ’s Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment?

Board failure to head this warning can lead to serious consequences. David Stuart, a senior attorney with Cravath, Swaine & Moore LLP, noted that FCPA compliance issues can lead to personal liability for directors, as both the SEC and DOJ have been “very vocal about their interest in identifying the highest-level individuals within the organization who are responsible for the tone, culture, or weak internal controls that may contribute to, or at least fail to prevent, bribery and corruption”. He added that based upon the SEC’s enforcement action against two senior executives at Nature’s Sunshine Products, “Under certain circumstances, I could see the SEC invoking the same provisions against audit committee members—for instance, for failing to oversee implementation of a compliance program to mitigate risk of bribery”. I would not be a far next step for the SEC to invoke the same provisions against audit committee members who do not actively exercise oversight of an ongoing compliance program.

There is one other issue regarding the Board and risk management, including FCPA risk management, which should be noted. It appears that the SEC desires Boards to take a more active role in overseeing the management of risk within a company. The SEC has promulgated Regulation SK 407 under which each company must make a disclosure regarding the Board’s role in risk oversight which “may enable investors to better evaluate whether the board is exercising appropriate oversight of risk.” If this disclosure is not made, it could be a securities law violation and subject the company, which fails to make it, to fines, penalties or profit disgorgement.

From the Delaware cases, I believe that a Board must not only have a corporate compliance program in place but actively oversee that function. Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask the tough questions. The specific obligations set out regarding the FCPA drive home these general legal obligations down to the specific level of the statute.

The Wal-Mart case has driven home the need for focused Board of Directors oversight of a company’s compliance program.  But it is more than simply having a compliance program in place. The Board must exercise appropriate oversight of the compliance program and indeed the compliance function. The Board needs to ask the hard questions and be fully informed of the company’s overall compliance strategy going forward. If the Wal-Mart Board had fulfilled its legal obligations regarding compliance, the company might not have found itself on the front page of the New York Times.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

How to Assess Suspicious Financial Activity

The banking world is littered with institutions that have paid astronomical fines for their failures around anti-money laundering (AML) legislation. Much has been written and said about these events. However one of the areas that has received perhaps less attention is the programs that banks and other financial institutions have set up to comply with the ever-growing increase in AML regulations. But just as crooks tend to follow the money, sophisticated lawbreakers, who tend to engage in crimes such as money-laundering will try and move their operations to business and industries with less robust protections around AML. That is why I found this month’s article by Carole Switzer, President of the Open Compliance and Ethics Group (OCEG), in the June issue of Compliance Week, entitled “The Battle to Balance Vigilance and Suspicion”, to be instructive for the anti-corruption/anti-bribery practitioner who typically focuses on Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance.

In the article Switzer makes clear that she believes that “the most effective AML programs are based on the understanding that financial institutions have an obligation to all of their stakeholders to remain vigilant about AML risks. Banks are not required to prove money laundering; rather they are required to strike the right balance in their vigilant reporting of suspicious activity.” She recognizes that “banks must file a suspicious activity report (SAR) when suspicious activity arises. What qualifies as a suspicion often is a difficult question—as is the determination of whether or not to file a SAR.” Yet Switzer also notes that “filing of too many (and/or incomplete) SARs can overwhelm regulatory agencies, reducing their ability to address genuine criminal activity” and that filing “too few SARs and a company can turn a blind eye to potential money laundering, opening itself and, in some cases, its top managers to significant penalties.” I would posit that the dynamic tension would appear for any company; whether financial institution or other commercial operation. Hence, I believe that Switzer’s thoughts can be used by a non-financial concern to help protect it from violation of US or UK AML laws.

As usual, Switzer has provided a road map to illustrate her thoughts, entitled “Suspicious Activity Investigation Lifecycle”. In the diagram Switzer notes that it is important to understand each step in the lifecycle, so that a company can exploit “opportunities for technology and automation”. Technology, coupled with the human element, which recognizes the signs of suspicious AML activity can help your company protect itself and “hear through the noise.” She counsels that the “focus is to identify suspicious activity and report it, not to prove criminality; law enforcement will take it from there, blending your information with information from other institutions before making a decision on how to proceed.” She lists the following four steps.

1.      Triage – Switzer believes that “understanding and managing your inbound alerts can be an intimidating task. High alert volume and false-positives can abound, often at a 50:1 ratio (False/True).” A company should also focus on automated solutions that allow you to invest human capital into exception cases. Finally, remember to consistently review and modify the system until your organization can hear through the noise.

2.      Investigation – As an investigation process can tax your resources, you should strive to ascertain that you are making the right inquiries documenting the process at every turn. Some of the questions that Switzer suggests you focus on include “Do you understand the context? Are your procedures applicable to the product used? How does the processing channel affect the investigation? What history does the customer or organization have with your institution? Are you truly investigating or just documenting?”

3.      Action – After you have ­finished conducting research, obtained an understanding of the suspicious activity, its context, and the implications, Switzer advocates that this is the time to react. She believes that it is important to have a protocol in place. Some of her suggestions include placing the party on a continued Watch List, or you could “kick off your Enhanced Due Diligence cycle, or offboard the customer altogether.” She notes that the key here is “expediently limiting risk and exposure and promptly notifying regulatory authorities.” To which I would add: document, document, and document.

4.      Feedback/Review – As with any process you need validation or ‘a second set of eyes.” Switzer proposes that you should review your actions and reports for accurateness. Some questions that you may wish to keep in mind are the following: “Was your investigation fruitful? What did you learn? Is our current process sound and comprehensive? Learning what you have done, how it has affected your risk profi­le, and how you have reacted is critical to ongoing success.” A rigorous system would “constantly challenge assumptions and work to refine the process. Evaluate how your customers, products, and business are changing, and develop new scenarios.”

Switzer notes some of the more common mistakes made include failure to document your compliance efforts and missing of key internal and external deadlines for reporting. She cautions against tipping off customers directly during the inquiry process or indirectly through sending questions to a third party which may convey such information. Finally, training is important so that any report which is generated is not of such poor quality, incomplete or overly vague as to be useless and miss important information.

As with other areas of compliance, there are best practices which are fairly well known. Switzer reminds us that your suspicious activity program should constantly challenge your ongoing assumptions and evaluate the accuracy of your program. You should regularly review and adjust thresholds amounts for such investigations and study new typologies. Tone at the top is key in the suspicious activity area of AML compliance so your company should create a culture of compliance, ensure the staff is aware and empowered to do the right thing. Your compliance program should incorporate ongoing monitoring and outcome analysis. Lastly, do not forget to train.

Most non-financial enterprises do not look at potential AML issues, certainly not as thoroughly as financial institutions. However, I believe that this may well be the next area that corrupt persons and parties will try to exploit from otherwise law-abiding entities. The time to prepare is sooner rather than later. Switzer has laid a protocol which you can implement and which can go a long way down the road to protecting your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Justin Rose and Barry Vitou-Two Winning Brits

Ed. Note-Yesterday, Justin Rose won the US Open, making him the first Englishman to win the Open since Tony Jacklin in 1970. So a big tip of the golf cap to Mr. Rose. In the field of anti-bribery and anti-corruption, the English are somewhat ahead of their golfing wins at the US Open. Barry Vitou, who together with Richard Kovalevsky QC, helps to shine a light on the UK Bribery Act, posted a piece on his recent remarks at the St. Petersburg International Law Forum. I asked Barry if I could repost his remarks on my site, which he graciously allowed me to do so.

———————————————————————————————————————————————————————-

Last week Barry attended and presented on a (large) at the St. Petersburg International Law Forum about corruption.

The St. Petersburg International Legal Forum is now an established premier fixture on the legal map in Russia.

There were various slots on corruption.  Ever topical on Wednesday the Russian media (this link is worth clicking through to see the raid) was full of the story about the arrest of the Russian CEO of Societe General Russia on suspicion of bribery (USD$1.5 million to allegedly favourably  alter the terms of a loan in Moscow).

At the Forum Barry presented on International developments (a quick run down on the continuing trend for anti-bribery law creation and enforcement), the UK Bribery Act (coming soon…eventually) and the practical aspects of compliance in a Russian context.

What do I mean by in a Russian context?

Russia’s capitalist economy is barely twenty years old.  You can’t make an omelette without scrambling some eggs and it’s fair to say a large number of eggs have been scrambled in Russia.

But you can’t fail to be inspired, as your walk around the streets of Moscow and St. Petersburg, by the progress which has been made in those twenty years.

It’s not perfect.  There’s still a long way to go.  But whichever way you look at it strides have been taken.

Back to the ‘Russian context’:

For Russian business on the one hand UK Bribery Act and FCPA seem distant.

Yes, there is long arm jurisdiction under both.  But in reality, non-Russian law enforcement will (in most cases) find it hard to enforce.  Getting evidence will be tough (probably even tougher than usual) and Russia’s constitution forbids the extradition of a Russian national to another country.

There is little or no chance of Russians being extradited in orange jumpsuits to face the music in the US.

And yet.

On the other hand, there are three compelling reasons why, in practice, Russians care a lot about anti-bribery and why, whenever we present there we do so to packed houses.

First, Russians don’t like corruption.  Contrary to popular belief Russians do not like having to bribe traffic cops, kindergarden teachers to get their kids in, the planning department to get the permits to refurbish their apartment or anything else for that matter.

No-one would be happier than Joe Blogski or John Doeski if corruption in Russia was a thing of the past.  It isn’t yet (but then corruption is alive and well in the West too).

Second, many Russian businesses want to operate on an international stage. This ranges from setting up shop in London or New York to Russian businesses doing IPO’s on the NYSE, NASDAQ or London Stock Exchange and everything in between.

But perhaps the most compelling of each of the three reasons at the moment is not a general desire to stamp out corruption, the threat of law enforcement or the lofty aspiration of setting up outside Russia.

Instead it is the more prosaic reality that many Russian businesses count western companies as their customers.  Increasingly those Western customers are seeking to impose their own (developing and in some cases ill thought out) anti-corruption compliance on Russian businesses (mindful of the problems third parties in risky places – and Russia is a risky place – can cause).

So Russian businesses, the Russian government and Russian citizens are very interested in anti-corruption.

After explaining that in Russia it was broadly impossible to fire someone suspected of bribery (they would need to be convicted by a criminal court) and that the only two reasons to sack someone were, basically, 1. if they were drunk at work or 2. seriously late, Anton Smirnov of Lovells said a journey of 1000 steps starts with just one step.

The chairman of the panel, the very smart Alevtina Kamelkova Russian & CIS General Counsel of Alcatel Lucent said it would be really helpful if CEO’s of Russian groups demonstrated tone from the top and participated in anti-corruption panels like those running at the Forum.

That would be good too.

But in our view Russia should not beat itself up and likewise the West should not beat Russia up, over its present stage of development.

In world terms the Russian economy is a baby.

Non-Russian labor laws are hardly perfect – but we’ve come across plenty of others with similar flaws from the UK to Asia and beyond when dealing with international internal investigations.

We would like to see some CEO’s of Western businesses taking the time to demonstrate real tone from the top and talk about anti-corruption on similar panels.  Imagine the message that would be sent if the CEO of a Fortune 500 (not under FCPA investigation) took the time…

We agree that every journey starts with just one step. Russia has begun its journey.