September | 2014 | FCPA Compliance and Ethics Blog

September 30, 2014

Discipline and Rigor in Your Internal Controls

Filed under: Best Practices,Compliance,Compliance and Ethics,compliance programs,David Brooks,FCPA,Henry Mixon,Internal Controls,New York Times,Uncategorized — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, ethics and compliance, FCPA, New York Times, NYT

In a recent New York Times (NYT) Op-Ed by David Brooks, entitled “The Good Order”, he discussed how routine can lead to creativity. He cited to the example of three well-known authors whose habits included the following. “Maya Angelou would get up every morning at 5:30 and have coffee at 6. At 6:30, she would go off to a hotel room she kept — a small modest room with nothing but a bed, desk, Bible, dictionary, deck of cards and bottle of sherry. She would arrive at the room at 7 a.m. and write until 12:30 p.m. or 2 o’clock.” Another example was John Cheever, who “would get up, put on his only suit, ride the elevator in his apartment building down to a storage room in the basement. Then he’d take off his suit and sit in his boxers and write until noon. Then he’d put the suit back on and ride upstairs to lunch.” Finally, there was the example of Anthony Trollope, who “would arrive at his writing table at 5:30 each morning. His servant would bring him the same cup of coffee at the same time. He would write 250 words every 15 minutes for two and a half hours every day. If he finished a novel without writing his daily 2,500 words, he would immediately start a new novel to complete his word allotment.” Brooks thesis for his piece seemed to be summed up by a quote from Henry Miller (of all people), “I know that to sustain these true moments of insight, one has to be highly disciplined, lead a disciplined life.” Sort of gives a whole new meaning to the word ‘discipline’.

However moving back to somewhat salacious concepts, I thought about those words in the context of internal controls around a Foreign Corrupt Practices Act (FCPA) compliance program. Brooks’ thoughts on building and maintaining order inform today’s post. In the area of internal controls, I believe it is incumbent to consider not only the most obvious risk areas for your internal controls but also the universe of potential transactions within the operations of a particular company. Once again relying on my friend and internal controls expert Henry Mixon I queried him about some of the other types of internal controls a company should consider around gifts, travel, business courtesies and entertainment.

One area that companies need to be mindful of is corporate checks and wire transfers, in response to falsified supporting documentation, such as check requests, purchase orders, or vendor invoices. Here Mixon believes that the Delegation of Authority (DOA) is a critical internal control. So, for example a wire transfer of $X between company bank accounts in the US might require approval by the Finance Manager at the initiating location and one officer. However, a wire transfer of $X to the company’s bank account in Nigeria, could require approval by the Finance Manager, a knowledgeable person in the Compliance function, and one officer. The key is that the DOA should specify who must give the final approval for such an expense.

I asked Mixon about the situation where checks drawn on local bank accounts in locations outside the US “off books” bank accounts, commonly known as slush funds. Petty cash disbursements in locations outside the US – the unique control issues regarding locations outside the US will be discussed in a future podcast. Some petty cash funds outside the US have small balances but substantial throughput of transactions. In this instance, Mixon said that the DOA should address replenishment of petty cash funds in countries outside the US, as well as approval of expense reports for employees who work outside the US, including those who travel from the US to work outside US.

Another area for concern is travel, the reason for this being that a company’s corporate travel department and independent travel agencies can buy tickets, hotel rooms, etc., for non-employees. Mixon noted that internal controls might be needed to ensure policies are enforced when travel for non-employees can be purchased through a corporate travel department or through independent travel agencies. As was demonstrated with GlaxoSmithKline PLC (GSK) in China, a company must not discount the risk related to abuse of power internally and collusion with independent travel agencies. Mixon advises that you should implement procedures to ensure compliance with your company policies regarding payment of travel and related expenses for third parties, for not only visits to manufacturing or job sites but also any compliance restrictions that might be in place.

An area for fraud, corruption and corporate abuse has long been Procurement cards or “P Cards”. Mixon cautions that if your company uses procurement cards, assume this to be a very high-risk area, not just for FCPA but also for fraud risk generally. Banks have made a great selling job to corporations for the use of P-Cards to help to facilitate “cash management” but, more often than not, they can simply be a streamlined way to allow embezzlement and misbehavior to go undetected. Here a control objective should be put in place along the lines of a written policy and procedures defining the acceptable and unacceptable use of company Procurement Cards, required forms, required approvals, documentation and review requirements.

An interesting analogy that Mixon used is that misbehavior, like water, seeks its own level. Mixon explained that this meant if the pre-approval process and strong controls over expense reports prevent misbehavior, employees who wish to misbehave will seek other ways to do it where controls are not so strong. This means you should use your risk assessment process to help prioritize where controls are most needed. If your company prohibits gifts and any travel other than for the submitting employee from being included in the expense report, you should consider requiring instead a check request form be used, which, Mixon noted, would be subject to stringent controls. He added that in such cases a checklist should be completed and attached to the check request which includes questions and disclosures designed to flush out exactly what was provided in the way of a business class airline, pocket money, event tickets, side trips, leisure activities, spouses or other relatives who might be traveling and why the travel had business purpose. Such an internal control would allow for a more streamlined processing of expense reports and still elevates the gifts/travel items to the appropriate level of review and requires appropriate documentation.

I inquired as to why a Compliance Officer relies on the audit controls that are in place regarding gifts because in many companies, internal audits of expense reports are common. Mixon noted that it is important to keep in mind that, with respect to gifts, internal audits most often constitute, at best, a detect control, which only gives comfort for some historical period and is not necessarily representative of the controls in place to prevent future violations. So, it will be a false sense of security if a Compliance Officer relies on the internal audit of expense reports to be the control needed over violation of Gift policies.

I thought about one line in Brooks’ piece, which seemed to echo Mixon’s thoughts on internal controls, where Brooks wrote, “Building and maintaining order…requires toughness of mind and rigid discipline to properly serve your own work.” By having the rigor to institute and enforce the types of internal controls Mixon has identified, you can go a long way towards detecting and more importantly preventing a FCPA violation from occurring.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Leave a Comment

September 29, 2014

TNG Premiers and Internal Controls for Gifts in a Best Practices Compliance Program

Filed under: Best Practices,Compliance,Compliance and Ethics,compliance programs,FCPA,Gifts and Business Entertainment,Henry Mixon,Internal Controls — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, FCPA, Foreign Corrupt Practices Act, Henry Mixon, Internal Controls

This week, 27 years ago, Star Trek – The Next Generation (TNG) made its television debut. Rarely has there a follow up to a beloved original series (Star Trek – The Original Series (TOS)) that is equally treasured by fans. They say that your favorite Star Trek is the one you grew up with, so for me that is TOS and that will always be my most beloved Star Trek series, but for the younger generations TNG fills that bill. The series occurred some 70 years in the time after TOS so things were a bit different. One of the differences was on following the Prime Directive more rigorously. While Captain Kirk, who actually had a hand in drafting the Prime Directive, seemed to view it with situational ethics, Captain Picard was much more concerned about not violating it.

I thought about this evolution of the Prime Directive from TOS to TNG when considering what types of internal controls a compliance practitioner might consider in the area of gifts in a Foreign Corrupt Practices Act (FCPA) best practices compliance program. I have been continuing my exploration of internal controls with well-known expert Henry Mixon, Principal of Mixon-Consulting. Mixon believes that it would be reasonable to expect that internal controls over gifts would be designed to ensure that all gifts satisfy the criteria as defined and interpreted in Company policies. Generally speaking, these are fairly narrow, including a definition of the dollar limit, which must not be exceeded in order for gifts to be permissible, coupled with some subjective criteria such as the legality of the gifts for the recipient and whether the practice is customary within the country where the gift is delivered. The question I focus on is how to enforce the policies so that employees are not free to disregard them at will?

The Department of Justice (DOJ), in several enforcement actions and the FCPA Guidance has emphasized the importance of risk assessment and effective controls and building a program tailored to those risks. Many companies effectively minimize the risk of inappropriate gifts through stringent pre-approval requirements because a sufficiently robust and enforced pre-approval policy can reduce the number of gifts simply because of the headache of getting the pre-approval. This has the added benefit of ensuring enforcement of internal controls, largely because of the reduced volume of gifts being included in expense reports. Mixon cautions that in considering the effectiveness of controls, you must always keep in mind the most frequently used method for defeating an internal control, which is driven by a dollar amount criteria, is splitting the item into multiple parts in order to appear to stay under the limit and to avoid the defined approval authority based on the amount of the gift.

Mixon believes that the key analysis is whether there are controls in place to enforce the policies and whether those controls are documented. To help to answer this query, he posited that there are four issues to evaluate.

Is the correct level of person approving the payment / reimbursement for the gift?
Are there specific controls, including signoffs, to demonstrate that the gift had a proper business purpose?
Are the controls regarding gifts sufficiently preventative, rather than relying on detect controls?
If controls are not followed, is that failure detected by other internal controls or the compliance protocols?

While many compliance practitioners believe that employee expense reports are a sufficient internal control regarding gifts, because there are other ways in which a gift can be presented, there need to be other controls. Mixon believes that once your company policy on gifts has been finalized, the internal controls over expense reports fall into three basic areas: (1) The expense report format, including what information it requires; (2) Controls over the submitting employee and the preparation of the expense report; and (3) Controls to ensure the approvers do their review process properly.

Mixon believes the format itself of an expense report can go a long way toward prevention of violations of company policy. First it is important to have preprinted representations and certifications within the form because these can lead to “stop and think” type of controls, meaning the person submitting the expense report has to at least consider the information being submitted. The form can be signed without reading the preprinted representations, but if the employee and reviewers have been trained on how to review the expense report, it can be difficult to say later that the submitting employee did not understand what they were signing.

Mixon suggested two forms of representation, the Preparer’s representations and the Approver’s representations. The Preparer’s representations include ensuring that all items representing a proper business purpose comply with the company’s code of conduct, comply with local law and custom, and comply with all applicable company policies regarding FCPA compliance. The Approver’s representations ensure that all supporting documentation has been examined and that all documentation complies with applicable company policies, including the submission of original receipts. Further, the approver should certify that they have complied with all company policies regarding the review and approval of the expense report.

Mixon noted that some companies have two basic forms of expense reports. One is for situations in which all items pertain to US locations and do not involve any expenses incurred outside the US or for benefit of persons outside the US. The second is for items involving locations or persons outside the US. The international reporting form might have more stringent requirements and should provide for more detailed disclosures. It could require reporting, in a separate section of the expense report, all items that involve government officials, so that these items are not “buried” elsewhere in the expense report. Just as an added measure, the expense report includes a column where other expenses are reported which requires the submitter to check “Government Official YN?” this type of format should require sufficient disclosure of information regarding each item involving government officials. The next step in such an enhanced protocol would require a senior officer from the business unit to approve any reimbursements that meet certain criteria, for example, certain geographical areas or countries. Finally, such an enhanced representation could also include separate sections for each item requiring a description of the business purpose of meals, entertainment, names and business affiliation of all attendees, description of gifts and their business purpose, etc. A typical expense report requires this information to be on the receipt. Mixon believes that moving beyond simply requiring receipts and requiring such detail to be incorporated directly onto the expense reimbursement forms highlights the presence or absence of proper documentation much more readily. Mixon ended by noting it was incumbent to ensure reviewers sign off that each such item has documentation that required pre-approvals were obtained, if necessary.

While following the Prime Directive does not always lead to the result that the crew of TNG Enterprise desired; it did have the greater effect of allowing cultures and peoples to develop without interference. Internal controls around gifts can be used in a variety of ways in your best practices compliance program. They can certainly be used to detect an issue and perhaps even prevent an issue from becoming a full-blown FCPA violation, however, by using some of the techniques that Mixon has suggested you can move your compliance program to a proscriptive phase where you not only stop an issue from becoming a violation but through identification, you can move towards remediation as a part of your ongoing compliance efforts. Just as Star Trek’s Prime Directive had an ultimate purpose, if you can move your compliance program’s internal controls forward, you can help make them a part of your financial controls and thereby have a better run company.

© Thomas R. Fox, 2014

Comments (1)

September 26, 2014

West Side Story and GSK In China – Board Oversight and Tone in the Middle

Yesterday, I celebrated the anniversary of one of America’s cultural lows. But today, I am extremely pleased to open with exactly the opposite, that being one of America’s greatest gifts to the performing arts. For on this day in 1957, the musical West Side Story premiered on Broadway. There are so many facets to one of the great, even greatest, works of musical theater. Leonard Bernstein penned the score, Stephen Sondheim wrote the lyrics, Jerome Robbins choreographed the dance and the story was by Arthur Laurents, inspired by Romeo and Juliet.

There are many great songs, dances and moments in the play. Most of us (at least of my age) outside New York were introduced to the play via television where it ran for one showing in 1971. The show never toured until the 2000s. When I finally got to see the stage production I was absolutely blown away. I had never seen anything like and it and I will never forget the 5-counter point singing by Tony, Maria, Anita, Bernardo and the Sharks, and Riff and the Jets, as they all anticipate the events to come that night in the song Tonight’s Quintet. The show truly is one of America’s gems.

I thought about the continuing appeal of West Side Story as a musical and why the story continues to resonate with the American people when I continued to consider some of the lessons learned from the GlaxoSmithKline PLC (GSK) matter in China. Today’s areas for reflection should be the role of a company’s Board of Directors and the second is the ‘tone in the middle’. While we have not heard from the GSK Board on this case, it has become clear that the GSK Board was aware of both the anonymous whistleblower allegations and the release of the tape of the GSK China Country Manager and his girlfriend. One of the lessons learned from the GSK scandal is that a Board must absolutely take a more active oversight role not only when specific allegations of bribery and corruption are brought forward but also when companies are operating in high risk environments. Further how can a company move its message of doing business ethically and in compliance down the employee chain.

In a NACD Directorship article, entitled “Corruption in China and Elsewhere Demands Board Oversight”, authors Eric Zwisler and Dean Yoost noted that as “Boards are ultimately responsible for risk oversight” any Board of a company with operations in China “needs to have a clear understanding of its duties and responsibilities under the FCPA and other international laws, such as the U.K. Bribery Act”. Why should China be on the radar of Boards? The authors reported, “20 percent of FCPA enforcement actions in the past five years have involved business conduct in China. The reputational and economic ramifications of misinterpreting these duties and responsibilities can have a long-lasting impact on the economic and reputation of the company.”

The authors understand that corruption can be endemic in China. They wrote, “Local organizations in China are exceedingly adept at appearing compliant while hiding unacceptable business practices. The board should be aware that a well-crafted compliance program must be complemented with a thorough understanding of frontline business practices and constant auditing of actual practices, not just documentation.” Further, “the management cadence of monitoring and auditing should be visible to the board.” All of the foregoing would certainly apply to GSK and its China operations.

Moreover, the FCPA Guidance makes clear that resources and their allocation are an important part of any best practices compliance program. So if that risk is perceived to be high in a country such as China, the Board should follow the prescription in the Guidance, which states “the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”

To help achieve these goals, the authors suggested a list of questions that they believe every director should ask about a company’s business in China.

How is “tone at the top” established and communicated?
How are business practice risks assessed?
Are effective standards, policies and procedures in place to address these risks?
What procedures are in place to identify and mitigate fraud, theft, and corruption?
What local training is conducted on business practices and is it effective?
Are incentives provided to promote the correct behaviors?
How is the detection of improper behavior monitored and audited?
How is the effectiveness of the compliance program reviewed and initiated?
If a problem is identified, how is an independent and thorough investigation assured?

Third parties generally present the most risk under a Foreign Corrupt Practices Act (FCPA) compliance program and are believed (at least anecdotally) to comprise over 90 percent of reported FCPA cases, which subsequently involve the use of third-party intermediaries such as agents or consultants. But this is broader than simply third party agents because any business opportunity in China will require some type of business relationship.

One of the major failings of the GSK Board was that it apparently did not understand the actual business practices that the company was engaging in through its China business unit. While $500MM may not have been a material monetary figure for the Board to consider; the payment of such an amount to any third party or group of third parties, such as Chinese travel agencies, should have been raised to the Board. All of this leads me to believe that the GSK Board was not sufficiently engaged. While one might think a company which had received a $3bn fine and was under a Corporate Integrity Agreement (CIA) for its marketing sins might have sufficient Board attention; perhaps legal marketing had greater Board scrutiny than doing business in compliance with the FCPA or UK Bribery Act. The Board certainly did not seem to understand the potential financial and reputational impact of a bribery and corruption matter arising in China. Perhaps they do now but, for the rest of us, I think the clear lesson to be learned is that a Board must increase oversight of its China operations from the anti-corruption perspective.

GSK Chief Executive Officer (CEO) Sir Andrew Witty has certainly tried to say all of the right things during the GSK imbroglio on China. But did that message really get down into to the troops at GSK China? Moreover, did that message even get to middle management, such as the GSK leadership in China? Apparently not so, one of the lessons learned is moving the Olympian Pronouncements of Sir Andrew down to lower levels on his company. Just how important is “Tone at the Top”? Conversely, what does it say to middle management when upper management practices the age-old parental line of “Don’t do as I do; Do as I say”? In his article entitled, “Ethics and the Middle Manager: Creating “Tone in The Middle” Kirk O. Hanson, listed eight specific actions that top executives could engage in which demonstrate a company’s and their personnel’s commitment to ethics and compliance. The actions he listed were:

Top executives must themselves exhibit all the “tone at the top” behaviors, including acting ethically, talking frequently about the organization’s values and ethics, and supporting the organization’s and individual employee’s adherence to the values.
Top executives must explicitly ask middle managers what dilemmas arise in implementing the ethical commitments of the organization in the work of that group.
Top executives must give general guidance about how values apply to those specific dilemmas.
Top executives must explicitly delegate resolution of those dilemmas to the middle managers.
Top executives must make it clear to middle managers that their ethical performance is being watched as closely as their financial performance.
Top executives must make ethical competence and commitment of middle managers a part of their performance evaluation.
The organization must provide opportunities for middle managers to work with peers on resolving the hard cases.
Top executives must be available to the middle managers to discuss/coach/resolve the hardest cases.

What about at the bottom, as in remember those China unit employees who claimed they were owed bonuses because their bosses had instructed them to pay bribes? Well if your management instructs you to pay bribes that is a very different problem. But if your company’s issue is how to move the message of compliance down to the bottom, Dawn Lomer, Managing Editor at i-Sight Software, provided some concrete suggestions in an article in the SCCE magazine, entitled “An ethical corporate culture goes beyond the code”, where she wrote that that the unofficial message which a company sends to its employees “is just as powerful – if not more powerful – than any messages carried in the code of conduct.” Lomer suggested that a company use “unofficial channels” by which your company can convey and communicate its message regarding doing business in an ethical manner and “influence employee behavior across the board.” Her suggestions were:

Reward for Integrity – Lomer writes that the key is to reward employees for doing business in an ethical manner and that such an action “sends a powerful message without saying a word.”
The three-second ethics rule – It is important that senior management not only consistently drives home the message of doing business ethically but they should communicate that message in a short, clear values statement.
Environmental cues – Simply the idea that a company is providing oversight on doing business ethically can be enough to modify employee behavior.
Control the images – It is not all about winning but conducting business, as it should be done.
Align Messages – you should think about the totality of the messages that your company is sending out to its employees regarding doing business and make sure that all these messages are aligned in a way that makes clear your ethical corporate culture clear.

The GSK case will be in the public eye for many months to come. Both the UK Serious Fraud Office (SFO) and US authorities have open investigations into the company. Just as the five counter-point singing or the rooftop symphonic dance scene to the song America demonstrates the best of that art form; you can draw lessons from GSK’s miss-steps in China now for implementing or enhancing your anti-corruption compliance program going forward now.

And while you are ending your week of considering GSK and its lessons learned for your compliance program, crank up your speakers to 11 and listen to some five counter-point singing the movie version of the Tonight Quintet, by clicking here.

© Thomas R. Fox, 2014

Leave a Comment

September 25, 2014

Come On Get Happy – The Partridge Family and GSK’s Internal Investigation

Today we celebrate an anniversary of one of the all-time lows in the American cultural milieu; for on this date in 1970, the television show The Partridge Family appeared on the ABC Television network. Symbiotically created from the ashes of the television show The Monkees and the real-life family pop group The Cowsills; The Partridge Family starred, as its TV-mom, Oscar winning actress Shirley Jones and as her eldest TV son, and teenaged girl heartthrob, her real-life stepson David Cassidy. Proving once again that 1960s and 1970s television really was largely a cultural wasteland, the family romped and sang their way across a never-ending sunny southern California in multi-colored converted school bus. While the episodes themselves were as close to putrid as one can get, they did have better success with their lip-synced music from each episode. One song, I Think I Love You, reached No. 1 on the Billboard Pop Charts that year.

I thought about this strange convergence of history and culture (or perhaps the lack of culture) when considering more lessons learned from the GlaxoSmithKline PLC (GSK) corruption scandal. I was particularly focused on GSK’s response to at least two separate reports from an anonymous whistleblower (brilliantly self-monikered as GSK Whistleblower) of allegations of bribery and corruption going on in the company’s China business unit. One of the clear lessons from the GSK matter is that serious allegations of bribery and corruption require a serious corporate response. Not, as GSK appears to have done, in their best Inspector Clouseau imitation, not being able to find the nose on their face.

Further, and more nefariously, was GSK’s documented treatment of and history with internal whistleblowers. One can certainly remember GSK whistleblower Cheryl Eckard. A 2010 article in The Guardian by Graeme Wearden, entitled “GlaxoSmithKline whistleblower awarded $96m payout”, where he reported that Eckard was fired by the company “after repeatedly complaining to GSK’s management that some drugs made at Cidra were being produced in a non-sterile environment, that the factory’s water system was contaminated with micro-organisms, and that other medicines were being made in the wrong doses.” She later was awarded $96MM as her share of the settlement of a Federal Claims Act whistleblower lawsuit. Eckard was quoted as saying, “It’s difficult to survive this financially, emotionally, you lose all your friends, because all your friends are people you have at work. You really do have to understand that it’s a very difficult process but very well worth it.” So to think that GSK may simply have been SHOCKED, SHOCKED, that allegations of corruption were brought by an internal whistleblower may well be within the realm of accurate.

There would have seemed to have been plenty of evidence to let the company know that something askance was going on in its Chinese operations. The international press was certainly able to make that connection early on in the scandal. An article in the Financial Times (FT), entitled “China accuses GSK of bribery” by Kathrin Hille and John Aglionby, reported “GSK said it had conducted an internal four-month investigation after a tip-off that staff had bribed doctors to issue prescriptions for its drugs. The internal inquiry found no evidence of wrongdoing, it said.” Indeed after the release of information from the Chinese government, GSK said it was the first it had heard of the investigation. In a prepared statement, quoted in the FT, GSK said ““We continuously monitor our businesses to ensure they meet our strict compliance procedures – we have done this in China and found no evidence of bribery or corruption of doctors or government officials.” However, if evidence of such activity is provided we will act swiftly on it.”

Laurie Burkitt, reporting in the Wall Street Journal (WSJ) in an article entitled “China Accuses Glaxo of Bribes”, wrote that “Emails and documents reviewed by the Journal discuss a marketing strategy for Botox that targeted 48 doctors and planned to reward them with either a percentage of the cash value of the prescription or educational credits, based on the number of prescriptions the doctors made. The strategy was called “Vasily,” borrowing its name from Vasily Zaytsev, a noted Russian sniper during World War II, according to a 2013 PowerPoint presentation reviewed by the Journal.” Burkitt reported in her article that “A Glaxo spokesman has said the company probed the Vasily program and “[the] investigation has found that while the proposal didn’t contain anything untoward, the program was never implemented.”” From my experience, if you have a bribery scheme that has its own code name, even if you never implemented that scheme, it probably means that the propensity for such is pervasive throughout the system.

I have often written about the need for a company to have an investigative protocol in place so that it is not making up its process in the face of a crisis. However the GSK matter does not appear to be that situation. It would not have mattered what investigation protocol that GSK followed, it would seem they were determined not to find any evidence of bribery and corruption in their China business unit. So the situation is more likely that GSK should have brought in a competent investigation expert law firm to head up their investigation in the face of this anonymous whistleblower’s allegations.

In an ACC Docket article, entitled “Risks and Rewards of an Independent Investigation”, authors James McGrath and David Hildebrandt discuss the use of specialized outside counsel to lead an independent internal investigation as compliance and ethics best practices. This is based upon the US Sentencing Guidelines, under which a scoring system is utilized to determine what a final sentence should be for a criminal act. Factors taken into account include the type of offense involved and the severity of the said offense, as well as the harm produced. Additional points are either added or subtracted for mitigating factors. One of the mitigating factors can be whether an organization had an effective compliance and ethics program. McGrath and Hildebrandt argue that a company must have a robust internal investigation.

McGrath and Hildebrandt take this analysis a step further in urging that a company, when faced with an issue such as an alleged Foreign Corrupt Practices Act (FCPA) violation, should engage specialized counsel to perform the investigation. There were three reasons for this suggestion. The first is that the Department of Justice (DOJ) would look towards the independence and impartiality of such investigations as one of its factors in favor of declining or deferring enforcement. If in-house counsel were heading up the investigation, the DOJ might well deem the investigative results “less than trustworthy”.

Matthew Goldstein and Barry Meier discussed the need for independence from the company being investigated in an article the New York Times (NYT) about the General Motors (GM) internal investigation entitled “G.M Calls the Lawyers”. They quoted William McLucas, a partner at WilmerHale, who said, “If you are a firm that is generating substantial fees from a prospective corporate client, you may be able to come in and do a bang-up inquiry. But the perception is always going to be there; maybe you pulled your punches because there is a business relationship.” This is because if “companies want credibility with prosecutors and investors, it is generally not wise to use their regular law firms for internal inquiries.” Another expert, Charles Elson, a professor of finance at the University of Delaware who specializes in corporate governance, agreed adding, “I would not have done it because of the optics. Public perception can be affected by using regular outside counsel.””

Adam G. Safwat, a former deputy chief of the fraud section in the Justice Department, said that the key is “Prosecutors expect an internal investigation to be an honest assessment of a company’s misdeeds or faults, “What you want to avoid is doing something that will make the prosecutor question the quality of integrity of the internal investigation.”” Also quoted was Internal Investigations Blog editor, Jim McGrath who said, “A shrewd law firm that gets out in front of scandal can use that to its advantage in negotiating with authorities to lower penalties and sanctions. There is a great incentive to ferret out information so they can spin it.”

The GSK experience in China will inform compliance practitioners for years to come with the company’s plethora of miss-steps. Perhaps one day the company will become as successful as The Partridge Family and they can open their annual meeting with The Partridge Family Theme – Come On Get Happy!

© Thomas R. Fox, 2014

Comments (2)

September 24, 2014

Lessons from GSK in China – Internal Controls, Auditing and Monitoring

One of the great things about writing your own blog is that sometimes you can get going on a subject and just explore it. While I think I might sometimes get carried away when I delve into a topic, I certainly learn much while doing so. This week appears to be such a situation where in studying and researching the GlaxoSmithKline PLC (GSK); I find that the case has much more to inform the compliance practitioner. So I am going to try and tie together some of the major lessons learned from the GSK Chinese enforcement action for the remainder of the week and present to you how such lessons might assist you in designing, implementing or upgrading a best practices compliance program. Today I want to look at internal controls, auditing and monitoring.

One of the questions that GSK will have to face during the next few years of bribery and corruption investigations is how an allegedly massive bribery and corruption scheme occurred in its Chinese operations? The numbers went upwards of $500MM, which coincidentally was the amount of the fine levied by the Chinese court on GSK. It is not as if the Chinese medical market is not well known for its propensity towards corruption, as prosecutions of the Foreign Corrupt Practices Act (FCPA) are littered with the names of US companies which came to corruption grief in China. GSK itself seemed to be aware of the corruption risks in China. In a Reuters article, entitled “How GlaxoSmithKline missed red flags in China”, Ben Hirschler reported that the company had “more compliance officers in China than in any country bar the United States”. Further, the company conducted “up to 20 internal audits in China a year, including an extensive 4-month probe earlier in 2013.” GSK even had PricewaterhouseCoopers (PwC) as its outside auditor in China. Nevertheless, he noted, “GSK bosses were blindsided by police allegations of massive corruption involving travel agencies used to funnel bribes to doctors and officials.”

Internal Controls

Where were the appropriate internal controls? You might think that a company as large as GSK and one that had gone through the ringer of a prior Department of Justice (DOJ) investigation resulting in charges for off-label marketing and an attendant Corporate Integrity Agreement (CIA) might have such controls in place. It was not as if the types of bribery schemes in China were not well known. In an article in the Financial Times (FT), entitled “Bribery built into the fabric of Chinese healthcare system”, reporters Jamil Anderlini and Tom Mitchell wrote about the ‘nuts and bolts’ of how bribery occurs in the health care industry in China. The authors quoted Shaun Rein, a Shanghai-based consultant and author of “The End of Cheap China”, for the following “This is a systemic problem and foreign pharmaceutical companies are in a conundrum. If they want to grow in China they have to give bribes. It’s not a choice because officials in health ministry, hospital administrators and doctors demand it.”

Their article discussed the two primary methods of paying bribes in China: the direct incentives and indirect incentives method. Anderlini and Mitchell reported, “The 2012 annual reports of half a dozen listed Chinese pharmaceutical companies reveal the companies paid out enormous sums in “sales expenses”, including travel costs and fees for sales meetings, marketing “business development” and “other expenses”. Most of the largest expenses were “travel costs or meeting fees and the expenses of the companies’ sales teams were, in every case, several multiples of the net profits each company earned last year.””

It would be reasonable to expect that internal controls over gifts would be designed to ensure that all gifts satisfy the required criteria, as defined and interpreted in Company policies. It should fall to a Compliance Officer to finalize and approve a definition of permissible and non-permissible gifts, travel and entertainment and internal controls will follow from such definition or criteria set by the company. These criteria would include the amount of the spend, localized down into increased risk such the higher risk recognized in China. Within this context, noted internal controls expert Henry Mixon has suggested the following specific controls. (1) Is the correct level of person approving the payment / reimbursement? (2) Are there specific controls (and signoffs) that the gift had proper business purpose? (3) Are the controls regarding gifts sufficiently preventative, rather than relying on detect controls? (4) If controls are not followed, is that failure detected?

Auditing Lessons Learned

Following Mixon’s point 4 above, what can or should be a company’s response if one country’s gifts, travel and entertainment expenses were kept ‘off the books’? This is where internal audit or outside auditors are critical. Hirschler quoted an un-named source for the following, ““You’d look at invoices and expenses, and it would all look legitimate,” said a senior executive at one top accountancy firm. The problem with fraud – if it is good fraud – is it is well hidden, and when there is collusion high up then it is very difficult to detect.”” Jeremy Gordon, director of China Business Services was quoted as saying “There is a disconnect between the global decision makers and the guys running things on the ground. It’s about initially identifying red flags and then searching for specifics.”

There are legitimate reasons to hold medical conferences, such as to make physicians aware of products and the latest advances in medicine, however, this legitimate purpose can easily be corrupted. Hirschler quoted Paul Gillis, author of the China Accounting Blog, for the following “Travel agencies are used like ATMs in China to distribute out illegal payments. Any company that does not have their internal audit department all over travel agency spending is negligent.” Based on this, GSK’s auditors should have looked more closely on marketing expenses and more particularly, the monies spent on travel agencies. Hirschler wrote, “They [un-named auditing experts] say that one red flag was the number of checks being written to travel agencies for sending doctors to medical conferences, although this may have been blurred by the fact that CME accounts for a huge part of drug industry marketing.”

Another issue for auditing is materiality. If GSK’s internal auditors had not been trained that there is no materiality standard under the FCPA, they may have simply skipped past a large number of payments made that were under a company’s governance procedure for elevated review of expenses. Further, if more than one auditor was involved with more than one travel agency, they may not have been able to connect the dots regarding the totality of payments made to one travel agency.

Ongoing Monitoring

A final lesson learned for today is monitoring. As Stephen Martin often says, many compliance practitioners confuse auditing with monitoring. Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region, or market sector during a particular timeframe in order to uncover and/or evaluate certain risks.

Here I want to focus on two types of ongoing monitoring. The first is relationship monitoring, performed by companies such Boston-based Catelas, through software products. It was reported in a Wall Street Journal (WSJ) article, entitled “Glaxo Probes Tactics Used to Market Botox in China”, that internal GSK emails showed the company’s China sales staff were instructed by local managers to use their personal email addresses to discuss marketing strategies related to Botox. The Catelas software imports and analyzes communications data, like email, IM, telephony and SMTP log files from systems such as Microsoft Exchange Servers and Lotus Notes. The software then leverages social network analysis and behavioral science algorithms to analyze this communications data. These interactions are used to uncover and display the networks that exist within companies and between the employees of companies. Additionally, relationships between employees and external parties such as private webmail users, competitors and other parties can be uncovered.

The second type of monitoring is transaction monitoring. Generally speaking, transaction monitoring involves review of large amounts of data. The analysis can be compared against an established norm which is derived either against a businesses’ own standard or an accepted industry standard. If a payment, distribution or other financial payment made is outside an established norm, thus creating a red flag that can be tagged for further investigation.

GSK’s failure in these three areas now seems self-evident. However, the company’s foibles can be useful for the compliance practitioner in assessing where their company might be in these same areas. Moreover, as within any anti-corruption enforcement action, you can bet your bottom dollar that the regulators will be assessing best practices going forward based upon some or all of GSK’s miss-steps going forward.

© Thomas R. Fox, 2014

Leave a Comment

September 23, 2014

Billy the Kid Begins and the GSK China Verdict

Filed under: Best Practices,Bribery Act,China,compliance programs,Compliance Week,Corruption in China,FCPA,Financial Times,GlaxoSmithKline,Matt Kelly — tfoxlaw @ 6:26 am
Tags: best practices, Bribery Act, compliance, compliance programs, FCPA, FT, GSK

According to This Day in History, 139 years ago today, Billy the Kid was arrested for the first time, for theft. Billy the Kid was believed to have been born in New York City and was later taken out west by his mother. He was arrested on September 23, 1875 when he was found in possession of clothing and firearms that had been stolen from a Chinese laundry owner. Two days after he was placed in jail, the teenager escaped up the jailhouse chimney. From that point on Billy the Kid was a fugitive. He later broke out of jail and roamed the American West, eventually earning a reputation as an outlaw and murderer, allegedly committing 21 murders.

I thought about the start of Billy the Kid’s outlaw career and more particularly how it ended as I was thinking through some of the issues surrounding the GlaxoSmithKline PLC (GSK) bribery conviction in China last week. For instance, did GSK obtain a negotiated settlement with the Chinese government when it was announced that the company pled guilty to bribery and corruption and was fined almost $500MM by a Chinese court? Further, what lessons can be drawn from the GSK matter for companies operating in China and the compliance practitioner going forward? Today, I want to explore the lessons that a company might be able to draw from the GSK matter.

I think the first lesson to draw is that the Chinese government will focus more on companies than on individuals. Andrew Ward, Patti Waldmeir and Caroline Binham, writing in a Financial Times (FT) article, entitled “Pain from graft scandal likely to linger”, quoted Mak Yuen Teen, a corporate governance expert at the National University of Singapore for the following, “By handing suspended sentences rather than jail terms to Mark Reilly, GSK’s former head of China, and four of his top lieutenants, the court in Hunan province was holding the company more accountable than the individuals.”

However other commentators said, “GSK got off more lightly than expected for bribing doctors to prescribe its drugs.” The article went on to note, “People close to the situation denied that the outcome amounted to a negotiated settlement. But Bing Shaowen, a Chinese pharmaceuticals analyst, said it was likely that GSK made commitments on research and development investment and drug pricing to avoid more draconian treatment. A further FT article by Andrew Ward, Patti Waldmeir and Caroline Binham, entitled “GSK closes a chapter with £300m fine but story likely to run on”, cited Dan Roules, an anti-corruption expert at the Shanghai firm Squire Sanders, who said that he had expected the penalty to be harsher. Roules was quoted as saying “The fact that GSK co-operated with the authorities would have made a difference.” The article went on to say that Roules “pointed to GSK’s statement on Friday pledging to become “a model for reform in China’s healthcare industry” by “supporting China’s scientific development” and increasing access to its products “through pricing flexibility”.”

What about reputational damage leading to a drop in the value of stock? The market had an interesting take on the GSK conviction, it yawned. Moreover, as noted in the FT Lex Column “The stock market was never bothered. The shares moved little when the investigation, and then the fine, were disclosed.” Why did the market have such a reaction? The Lex Column said that one of the reasons might be that the “China may be too small to matter much for now” to the company.

Another lesson is one that Matt Kelly, editor of Compliance Week, wrote about in the context of the ongoing National Football League (NFL) scandal, in an article entitled “The NFL’s True Problem: Misplaced Priorities Trumping Ethics & Compliance”, when he said that a company must align its “core values with its core priorities.” GSK moved towards doing that throughout the last year, during the investigation into the bribery and corruption scandal in China. Although the Chief Executive Officer (CEO) of GSK, Sir Andrew Witty, has been a champion for ethical reform in both the company and greater pharmaceutical industry, the FT reporters noted that the China corruption scandal, coupled with “smaller-scale corruption allegations in the Middle East and Poland, has raised fresh questions about ethical standards and compliance.” If Witty wants to move GSK forward, he must strive to align the company’s business priorities with his (and the company’s) stated ethical values.

Which brings us to some of the successes that GSK has created in the wake of the bribery and corruption scandal. These successes are instructive for the compliance practitioner because they present concrete steps that the compliance practitioner can do to help facilitate such change. As reported by Katie Thomas, in a New York Times (NYT) article entitled “Glaxo to Stop Paying Doctors To Boost Drugs”, one change that GSK has instituted is that it will no longer pay doctors to promote its products and will stop tying compensation of sales representatives to the number of prescriptions doctors write, which were two common pharmaceutical sales practices that have been criticized as troublesome conflicts of interest. While this practice has gone on for many, many years it had been prohibited in the United States through a pharmaceutical industry-imposed ethics code but is still used in other countries outside the US.

In addition to this ban on paying doctors to speak favorably about its products at conferences, GSK will also change its compensation structure so that it will no longer compensate sales representatives based on the number of prescriptions that physicians write, a standard practice that some have said pushed pharmaceutical sales officials to inappropriately promote drugs to doctors. Now GSK pays its sales representatives based on their technical knowledge, the quality of service they provided to clients to improve patient care, and the company’s business performance.

In addition to the obvious conflict of interest, which apparently is an industry wide conflict because multiple companies have engaged in these tactics, there is also clearly the opportunity for abuse leading to allegations of illegal bribery and corruption. Indeed one of the key bribery schemes alleged to have been used by GSK in China was to pay doctors, hospital administrators and other government officials, bonuses based upon the amount of GSK pharmaceutical products, which they may have prescribed to patients. But with this new program in place, perhaps GSK may have “removed the incentive to do anything inappropriate.”

This new compensation and marketing program by GSK demonstrates that companies can make substantive changes in compensation, which promote not only better compliance but also promote better business relationships. A company spokesman interviewed the NYT piece noted that the changes GSK will make abroad had already been made in the US and because of these changes, “the experience in the United states had been positive and had improved relationships with doctors and medical institutions.”

In addition to these changes in compensation and marketing, Ward/Waldmeir/Binham, reported that GSK announced it would strive to be “a model for reform in China’s healthcare industry” by “supporting China’s scientific development” and increasing access to its products “through pricing flexibility”. They further stated “Rival companies will now be watching nervously to see whether more enforcement action takes place in a sector where inducements for prescribing drugs have long been an important source of income for poorly paid Chinese medics,” which is probably not going to be a return the wild west of bribery and corruption that occurred over the past few years in China. Bing Shaowen was quoted as saying that the GSK matter “is a very historic case for the Chinese pharmaceutical industry. It means that strict compliance will become the routine and the previous drug marketing and sales methods must be abolished.”

Whatever you might think of the GSK result, the company certainly ended its legal journey better in China than Billy the Kid did in New Mexico. But the company still faces real work to rebuild its reputation in China. Moreover, it still faces legal scrutiny for its conduct in the UK under the Bribery Act and the US under the Foreign Corrupt Practices Acct (FCPA). So stay tuned…

© Thomas R. Fox, 2014

Leave a Comment

September 22, 2014

GSK Convicted – We are really, really sorry we paid bribes (and got caught)

Filed under: China,Corruption in China,FCPA,Financial Times,GlaxoSmithKline — tfoxlaw @ 12:01 am
Tags: FCPA, GSK

“GSK plc sincerely apologies to the Chinese patients, doctors and hospitals, and the Chinese Government and the Chinese people.”

With those words, the British pharmaceutical giant GlaxoSmithKline (GSK) PLC was convicted in a secret trial in a court in the Hunan province of China for bribery and corruption related to its Chinese business unit. The amount of the fine was approximately $491MM. This fine was the largest levied on a western company for bribery and corruption in China. Moreover, if it had been in the United States for a violation of the Foreign Corrupt Practices Act (FCPA), it would have come in as the third highest fine of all-time, behind those of Siemens and Halliburton. In a Financial Times (FT) article, entitled “GSK hit with record $490m China fine for bribing doctors”, reporters Andrew Ward and Patti Waldmeir noted that the fine is “equal to the Rmb 3bn in bribers that Chinese investigators said had been paid by GSK.”

Many of us had wondered when the GSK investigation in China would end and we all found about the trial when it was announced in the newspapers last week. It certainly showed that the quality of justice in China is quite different than in the west. While it is not entirely clear how long the trial lasted, it appeared that it was in the same range as the one-day trial given to Peter Humphrey and his wife last month, when they were both found guilty for violating China’s privacy laws. In an article in the New York Times (NYT), entitled “Glaxo Fined $500 Million By China”, Keith Bradsher and Chris Buckley reported, “Chinese authorities accused Glaxo of bribing hospitals and doctors, channeling illicit kickbacks through travel agencies and pharmaceutical industry associations — a scheme that brought the company higher drug prices and illegal revenue of more than $150 million. In a rare move, authorities also prosecuted the foreign-born executive who ran Glaxo’s Chinese unit.” Moreover, GSK China’s country manager, Mark Reilly and four other in-country executives were each convicted with potential sentences of up to four years in prison. The NYT noted, “the sentences were suspended, allowing the defendants to avoid incarceration if they stay out of trouble, according to Xinhua. The verdict indicated that Mr. Reilly could be promptly deported. The report said they had pleaded guilty and would not appeal.”

A Wall Street Journal (WSJ) article, entitled “Meet the Glaxo Executives Convicted in China”, detailed the five GSK executives’ crimes and sentences, the summary is as follows:

Mark Reilly: GSK’s former China chief. He was sentenced to prison for three years with a four-year suspension. He was also the victim of an illicit recording of he and his girlfriend with the sex tape delivered to GSK management in London.
Zhang Guowei: GSK China’s former HR Director, who was sentenced to three years in prison with a three-year suspension. Chinese state media said he admitted that the company has used many bribery schemes to ensure the sales of high price drugs to Chinese consumers.
Liang Hong: Former GSK China’s vice president and operations manager. He was sentenced to two years in prison with a three-year suspension. On Chinese state-controlled television he said he gave bribes to government officials, hospital administrators and doctors via travel agencies to pave the way for drug sales.
Zhao Hongyan: GSK China’s former legal-affairs director. Ms. Zhao was sentenced to two years in prison with a two-year suspension. On state-controlled television Ms. Zhao said she destroyed evidence relating to bribery to avoid punishment.
Huang Hong: Huang was a GSK China’s business-development manager. She was sentenced three years in prison with a four-year suspension. The WSJ article reported that she was accused of giving and taking bribes; and informed Chinese officials that GSK China used funds labeled for public relations uses to maintain relationships with “major clients,” who she said were hospital administrators.

The suspension of the sentences was highly significant. The FT article quoted from the trial court that the sentences had resulted directly because “they confessed the facts truthfully and were considered to have given themselves up.” The WSJ article reported that the court also took into account that GSK China country manager Mark Reilly had “voluntarily returned to China, assisted in the investigation and confessed…and had “truthfully recounted the crimes of his employer.”” Also they were in stark contrast to the three-year and two-year sentences handed down to Humphreys and his wife respectively last month. There was no word from GSK, however, on whether it would terminate some or all of the convicted executives.

GSK itself made several interesting statements about the bribery allegations and conclusions of the trial court. The FT article quoted Sir Andrew Witt, GSK Chief Executive for the following, “Reaching a conclusion in the investigation of our Chinese Business is important, but this has been a deeply disappointing matter for GSK. We have and will continue to learn from this. GSK has been in China for close to a hundred years, and we remain fully committed to the country and its people.” The company went further in statements. In addition to the quote above, GSK was quoted in the NYT article as saying, “that it “fully accepts the facts and evidence of the investigation, and the verdict of the Chinese judicial authorities.”” The FT article further said that GSK also said “it had “co-operated fully with the authorities and has taken steps to comprehensively rectify the issues identified at the operations of GSK China.””

These statements of contrition are quite a distance from the place where GSK started last summer when the bribery allegations broke when the company tried to use the ‘rogue employee(s)’ defense, when it said that the bribery and corruption involved only a “few rogue Chinese-born employees” that were “outside our systems of controls” Oops.

The NYT went on to say report that GSK also said, “that the court, the Changsha Intermediate People’s Court, had found the company guilty only of bribing nongovernmental personnel.” This is significant because the bribery of a government official (defined as such in China and not under the FCPA) is a much more serious crime in China. The British Embassy in China also weighed in, at least slightly, with the following statement, “We note the verdict in this case. We have continually called for a just conclusion in the case in accordance with Chinese law. It would be wrong to comment while the case remains open to appeal.”

So the GSK corruption scandal in China ended with no more explosive revelations. Or did it? I will explore where the company may stand and what it all means for the compliance practitioner going forward over the next few blog posts.

Leave a Comment

September 19, 2014

Internal Controls, COSO and FCPA Compliance: Interview with Henry Mixon

Filed under: Best Practices,Compliance,compliance programs,FCPA,Henry Mixon,Internal Controls — tfoxlaw @ 12:01 am

Ed. Note-today I continue my interviews of thought leaders in the compliance space. Today I visit with Henry Mixon, a noted internal controls expert.

Where did you grow up? I grew up in Birmingham Alabama.
Where did you go to college and how did that help inform your professional career? I graduated from the University of Alabama in 1967. While in college, I was President of Beta Alpha Psi, the accounting honorary fraternity. In that capacity I had the opportunity to meet many business leaders. Those contacts helped shape my professional goals. I also believe I received my degree from one of the top accounting programs in the US at the time, so my technical background and campus experiences in extracurricular activities also helped shape my professional goals. I also attended law school evening classes at Samford University, while working full time as a CPA. That legal training definitely helped in my career.

You were in the US Army, retiring as a Captain. Where were you posted and what was your service experience?I received a commission through the ROTC program at the University of Alabama. I began active duty in January 1968 at Ft. Campbell, Kentucky. I was programmed in my active duty orders to go to Vietnam as a Psychological Warfare Officer, being in country January 1969. But, the Army being what it was then, I never received my orders. So, I took the advice of the Colonel I reported to: “If the Army wants you to go somewhere, it will tell you.” I stayed at Ft Campbell for the rest of my active duty.
What has been your professional experience? I was with Arthur Young & Company (now E&Y) for 25 years, retiring as an Audit Partner. I worked in the National Office in New York City, the Birmingham Office, and the Salt Lake City office (where I was partner in charge of the Audit Department). I then joined Transco in Houston as Vice President of Internal Audit. I also served for a time as Corporate Controller for Transco. After Transco was acquired by The Williams Companies, I shifted to a fraud-related career. I became a Certified Fraud Examiner. My career experience then included Jefferson Wells International as National Director of Forensic Services, UHY Advisers as a Principal in Litigation Services, and Morgan Garris Consulting as Managing Director. A few years ago, I formed Mixon Consulting Inc., which specializes in internal controls, fraud investigation, and forensic accounting.
How long have you been working on internal controls? As an audit partner, my focus was always more on internal controls than on technical accounting. I always believed that a company’s financial statements could be correct only if the company had effective internal controls. My fraud investigation work is driven by the internal control premise. To find a fraud perpetrator, you must be able to hypothesize how the fraud was committed and then figure out how control weaknesses allowed the fraud to occur. So, my entire career I have been an internal control person. It was only after I began fraud related work that I really got the training and experience in “thinking like a perpetrator.” That is the only way you can be successful. That ability and experience has served well in evaluating and designing FCPA-related controls because, in order to design a control, you must first be able to identify the actions the control should prevent. I have found that even many experienced CFO’s and Controllers do not have that ability.
Do the new COSO standards really change much or could they be characterized as fine-tuning? I believe the 2013 update was to take into account the changes in the business environment. So, it was fine tuning. The overwhelming majority of respondents preferred to retain the same basic framework as the original model. However, certain new sub-objectives were added. For example, one new sub-objective is that an internal control framework will not be considered effective unless it takes into account compliance with laws and regulations, such as FCPA. That acknowledgment is, I believe, very significant when designing a system of effective controls for FCPA purposes, because the original framework was geared more towards what are called “GAAP” controls — those designed to result in accurate financial statements.7. How can people get in touch with you. Please contact me at hmixon@mixon-consulting.com.

Mixon and I are currently in the midst of a podcast series on internal controls in a FCPA compliance program. You can head over to my podcast site, the FCPA Compliance and Ethics Report for the following podcasts:

Episode 85-What Are Internal Controls?, Part I

Episode 87-What Are Internal Controls, Part II

Episode 88-Internal Controls for Third Parties, Part I

Internal Controls for Third Parties, Part II-to be posted on Sept. 19.

Leave a Comment

September 17, 2014

Bad News Barnes and China’s Overseas Efforts to Fight Corruption

Filed under: Bribery Act,Corruption in China,FCPA,Financial Times — tfoxlaw @ 8:56 pm

Marvin ‘Bad News’ Barnes died last week. Barnes probably summed up the state of professional basketball more than any one person in the 1970s. He was enigmatic, supremely talented, defiantly self-indulgent, fell prey to drugs and alcohol and lost everything. He exploded onto the national scene in 1973 with a Providence team who went to the Final Four and then went on to play for one of the most unique collection of basketball talents ever assembled; the aptly named St. Louis Spirits in the old American Basketball Association (ABA). After the folding of the ABA, he played for Boston, Detroit, Buffalo and San Diego in the National Basketball Association (NBA). In his obituary in the New York Times (NYT), entitled “Marvin Barnes, Enigmatic Basketball Player, Dies at 62”, reporter Bruce Weber quoted former Spirits owner Donald Schupak, from a 1976 interview where he said of Barnes, “He’s a nice guy, a sweet guy, everybody likes him. He’s just totally unreliable. He’s probably in the top five players talent-wise. In terms of value to the team, he’s probably in the bottom 10 percent.” My personal favorite Bad News Barnes story was the time he showed up for a Pistons game in the middle of the first quarter, dressed in his game jersey and a full length mink coat, eating some French Fries, claiming he had ‘overslept’. Bad news indeed.

I thought about Bad News Barnes whilst reading some recent Financial Times (FT) articles about China’s fight against corruption. They were “China takes its anti-corruption battle to foreign shores” and “China bribe cases pose test for west as suspects flee” both by Jamil Anderlini. I thought they posed some interesting questions for anti-compliance practitioners, law enforcement officials who enforce anti-corruption laws and the anti-corruption commentariatti out there.

The problem of corruption in China is both well known and well documented, as is the ongoing anti-corruption campaign. In the former article, Anderlini says, “The US-based group Global Financial Integrity estimates illegal flows out of China amounted to $2.83tn [that is Trillion] between 2005 and 2011. The article details that China is carrying the fight against anti-corruption outside the boundaries of the country to seek those persons who may have been the recipients of corrupt payments and have fled the country.” He wrote, “Communist party officials have launched an investigation into assets and individuals based in New Zealand.” The effort, code named “Fox Hunt 2014” (you have to love that moniker), is being run by the Communist Party’s “Central Commission for Discipline Inspection [CCDI], a shadowy organization with a controversial human rights record”. It has set a dedicated office to “investigate allegedly corrupt officials who have absconded or sent relatives and assets abroad.”

In the later article, Anderlini wrote that CCDI status is as the “extralegal body that answers only to the Communist party leadership and has the power to indefinitely detain any of the country’s 86m party members without trial and without access to legal representation. It is often accused of torture, inhumane treatment of suspects and politically motivated investigations, according to human rights groups.” Moreover, some believe this pursuit raises difficult questions for western democracies. Anderlini quoted one un-named diplomat for the following, “Our countries don’t want to be seen as havens where corrupt officials can flee to with their ill-gotten gains but there are serious questions facing any democratically elected government about how far they can co-operate with China’s authoritarian system.” Further, unlike the US, many countries ban the death penalty, which is still legal in China for those Communist Party and government officials who are convicted of accepting bribes. Finally is the issue of the CCDI and the Chinese judicial system. Anderlini said, “Even when cases have been transferred by the CCDI to China’s formal legal system, there are serious questions about judicial independence because the courts ultimately answer to the party hierarchy.”

For some of these reasons and perhaps others, “China does not have extradition treaties with any western democracies although it does have agreements with 38 countries and has repatriated 730 people suspected of “major economic crimes” since 2008, according to state media.” The Chinese government hopes it will “catch more fugitives in countries such as Canada, Australia and the US – the three most popular destinations for allegedly corrupt officials, according to Chinese state media.” Finally, Anderlini noted that multiple “Beijing-based diplomats from several western countries, including the UK, say China has applied growing pressure in recent months in an attempt to secure their help for investigations in their countries.”

Anderlini reported that some people in New Zealand have been made uncomfortable with all of this. He said, “the New Zealand public remains deeply sceptical of closer ties with the authoritarian Chinese government.” Moreover, “In the case of New Zealand, the overwhelming importance of the economic relationship has made at least some people argue for closer co-operation with Beijing in tackling the flow of illicit funds and fugitives from China.” He also quoted Russel Norman, co-leader of New Zealand’s Green Party, who believes “The NZ Police, Ministry of Foreign Affairs and Trade and Prime Minister’s office need to tell the public of New Zealand what, if any, access we are willing to allow the Chinese Communist party to New Zealand residents. Allowing this to happen would be like giving the KGB access to expatriate Russian citizens during the cold war.”

What should the response of western governments be regarding the efforts of the Chinese government to fight internal corruption? Should western governments, such as here in the US, cooperate with the Chinese government in requests for documents, other evidence or interviews? Can the US or other western governments expect reciprocity from the Chinese in a Foreign Corrupt Practices Act (FCPA) or UK Bribery Act investigation if they do not give the same courtesy to Chinese prosecutors? Should the fact that China has harsher penalties for accepting bribes, even up to the death penalty, preclude western governments from cooperating with the Chinese officials. (Please note such argument would not apply in the great state of Texas, where the death penalty most surely does still exist.) What about the CCDI, the “extralegal body” which is heading up this investigation? Should western countries be required to evaluate who is enforcing the Chinese laws on the books against corruption? Can or should you compare the CCDI with the KGB? If you are going to evaluate that body, does it logically lead to an evaluation of the entire Chinese legal system? Finally, if western governments believe that bribery and corruption are insidious matters that require responses, should they care whether an extrajudicial organ of the Chinese Communist Party is involved? All I can conclude is Bad News indeed for those Chinese officials who the CCDI is after, no matter where they might have fled.

Leave a Comment

Use of Influence in the Compliance Function

Filed under: Best Practices,Chief Compliance Officer,Compliance,Compliance and Ethics,Compliance and Ethics Institute,Human Resources,Internal Audit,Roy Snell,SCCE — tfoxlaw @ 5:40 am
Tags: CCO, compliance, compliance programs

One of the challenges for any Chief Compliance Officer (CCO) is how to influence the conduct and actions in a corporate environment, particularly as compliance is viewed as non-revenue generating and usually does not exist simply to protect the company, which is how the legal department is often viewed. Folks like myself who came into compliance from the legal function tend to think of a top-down approach where compliance is centralized at the corporate officer, usually in the United States. But because the role is very different than that of a General Counsel (GC), a CCO needs to bring another skill set to bear to do his or her job. In a session at the SCCE 2014 Compliance and Ethics Institute, SCCE Chief Executive Officer (CEO) Roy Snell and Jenny O’Brien, CCO at United Health Care, talked about the techniques that a CCO can use to influence decision making in a company in order to do business in compliance and ethically.

Snell began the session with some basic questions about why there are positions such as a CCO and why there is a compliance function within an organization. After all, departments like legal and internal audit have existed in business organizations for up to at least a few hundred years. He posed two questions that I found interesting “Why are we here?” and “What did those who came before us to fail to do?” He listed some of the scandals from the late 90s and early 00s such as Enron, WorldCom, HealthSouth, Adelphia and others where he believed that the problems, which led to the disintegration of these organizations, were well known within the companies themselves. So the situation was not that people did not find the problems, the issue was that the people inside these organizations did not fix the problems. Snell believed that the persons who could and would have stood up to raise questions or say this should stop lacked some skill or ability to influence others to make the right decision. He concluded that such business and ethical collapses were a failure of influence.

This led into his presentation with O’Brien about techniques for a CCO to employ to help influence decision-making within an organization. They labeled them as the “Seven Steps of Influence” and they are as follows:

Collaboration. O’Brien emphasized that as a CCO you need to know your company’s business. If you are new to an organization she said you must take time to learn the business. You should sit in on sales meetings and, when appropriate, you should go out on sales call. Channeling her inner Atticus Finch, she characterized this as walking in the shoes of the business leaders you are assisting. By doing so, you will not only understand the products and services that your company offers but also the challenges that your business development team will face out in the world.
Here O’Brien emphasized that she has to work constantly at active listening, which is listening, thinking and then speaking, and not just jump into the middle of a conversation, talk to people in a manner that will address their concerns. When you do speak you should be prepared to make the case for the compliance proposition that you are trying to get across. She noted that as a CCO or compliance practitioner, you should strive to be relevant in every interaction you have with your senior management peers. O’Brien said that sometimes it means speaking up at meetings or other forums but sometimes it means listening. You should try to develop a rapport with your business team and this rapport can lead to trust building.
Relationships. Snell opened his remarks on this topic by intoning that by relationships he did not mean inter-personal relationships. He believes that it is mainly through relationships with other functions in an organization that a CCO or compliance practitioner can best bring influence to bear. It all begins with building trust with others within your organization. Invest time to find others in your organization that you want to work and with those with whom you desire to build relationships. Snell believes that some of the more key relationships that a CCO or compliance practitioner can develop are with the audit function, the legal department, Human Resources, IT and corporate communications. Snell said that when one of these groups offered to help him move the ball forward in compliance he always viewed it as a positive and wanted to work with these and other corporate groups. He did not view it as a turf war at all. The only thing that he said he requested were the terms of working together. Of those, he said the most important was that if another group in the company took on some project related to compliance, such an internal audit, that the group finish whatever they take on.
Humility. O’Brien believes that humility is important because it empowers. Moreover, it can empower others to expand the circle of influence and get others in a corporation to influence an ever-expanding circle on behalf of compliance. The CCO does not need center stage. She reiterated her belief that business units should solve compliance issues, as compliance is really just another business process. Further, through such influence where you can get the business unit resources to solve a compliance problem, you will hold down the costs of the compliance function. She ended by noting that it is not about being right but about moving the compliance ball forward in the right direction.
Negotiation. Here Snell said that negotiation should not be about the dichotomy of winning and losing an argument or debate. A CCO should strive to redefine what a win might look like or what a win might consist of for a business unit employee. He said that when faced with such a confrontation, he would try to determine what both sides wanted then give them something else in addition to what they thought they wanted. He provided the example of a CCO quietly listening and when the room is just right and all the participants are worn out, you, as the compliance practitioner, throw out an idea where the apparent loser in the argument receives even more than they thought they were asking for in the requesting. A CCO can be considered a mediator not just simply an enforcer or Dr. No from the Land of No. He ended by saying that as a compliance practitioner you need to learn the art of compromise.
Triple ‘C’. What do the three C’s stand for? Calm, cool and collected. O’Brien believes that all company employees, up and down the chain, are watching the CCO. For this reason, she said that as a compliance practitioner you should be poker faced. To this end she keeps the sign “Keep Calm and Carry On” in her office. She believes that the Triple C’s are important because organizations look to the CCO to solve complex issues with simple solutions. When faced with a compliance issue or an obstacle you should endeavor to keep everything on an even keel and never let them see you sweat.
Credibility. The final of the seven pillars was that the CCO role needs to be adequately scoped and that the accountabilities need to be clearly defined. Put another way, what is your job scope as the CCO and what is the function of the compliance department? What is your accountability to decide the resolution to an issue? Snell agreed with O’Brien that there should be business unit ownership for every issue that comes into the compliance department. Yet, as a CCO, you must demonstrate your value as a non-revenue function. This may require you to get out of your office and put on a PR campaign for compliance. Finally, Snell ended by saying that a CCO needs to guard their independence in job function and reporting. You must make clear that you will have independent reporting up to the Board or Audit Committee of the Board.

Snell concluded by reminding us all that influencing is not a one-time activity. It is ongoing. Tying back to his original question of why the compliance function exists in the quantum it does today, he said that he believes a CCO or compliance practitioner exists to help influence a company to build a better business environment by acting more ethically and responsibility. By moving the ball forward in this manner, it may well lead to a country’s economy to be trusted which could well lead to greater economic development.

Leave a Comment

FCPA Compliance and Ethics Blog

September 30, 2014

Discipline and Rigor in Your Internal Controls

September 29, 2014

TNG Premiers and Internal Controls for Gifts in a Best Practices Compliance Program

September 26, 2014

West Side Story and GSK In China – Board Oversight and Tone in the Middle

September 25, 2014

Come On Get Happy – The Partridge Family and GSK’s Internal Investigation

September 24, 2014

Lessons from GSK in China – Internal Controls, Auditing and Monitoring

September 23, 2014

Billy the Kid Begins and the GSK China Verdict

September 22, 2014

GSK Convicted – We are really, really sorry we paid bribes (and got caught)

September 19, 2014

Internal Controls, COSO and FCPA Compliance: Interview with Henry Mixon

September 17, 2014

Bad News Barnes and China’s Overseas Efforts to Fight Corruption

Use of Influence in the Compliance Function

January

Blogroll

Pages

Admin

Read by Email

Recent Posts from FCPA Compliance and Ethics Report: FCPA Compliance and Ethics Report

Episode 240-Bill Coffin on Compliance Week 2016

Episode 239-Jonathan Armstong On EU Privacy Shield

Episode 238-John Allen on HR Touch Points in Compliance

Episode 237-Steve McCalmont on the Avior Risk Management Platform

Episode 236-Adam Turteltaub and SCCE CCO Survey