FCPA Compliance and Ethics Blog

March 31, 2015

Do Your Executives Have (Compensation) Skin in the Game?

Whymper and MatterhornThis year marks the 150th anniversary of the ascent of the most famous mountain in Europe, the Matterhorn. On Bastille Day, in 1865, four British climbers and three guides were the first climbers to reach the summit. In an article in the Financial Times (FT), entitled “In Whymper’s steps”, Edward Douglas wrote, “It was a defining moment in the history of mountaineering, arguably as pivotal as the first ascent of Everest. Before this calamity climbing was a quirky minority pastime and Zermatt an indigent and obscure village. All that changed on July 14, 1865. As locals cheerfully acknowledge, the Matterhorn disaster enthralled the public around the world and sparked an unprecedented tourist boom.”

The disaster had befallen the climbing team on its descent after having scaled the summit. The team was led by Edward Whymper. As they were coming back down, they were all tied together with rope. When one of the team slipped, he knocked over his guide and “their weight on the rope pulled off the next man…and a fourth climber as well.” Only expedition leader Whymper and two Swiss guides, a father and son duo from Zermott, survived the disaster when “they dug in and the rope tightened – then snapped – leaving them to watch in horror as the bodies of their companions cartwheeled thousands of feet down the mountain.” The depiction of the disaster by the French artist Gustave Doré captures for me the full horror of the tragedy.

Yesterday I wrote about the role of compensation in your best practices compliance program. Today I want to focus on the same issue but looking at senior management and compensation. I thought about this inter-connectedness of compensation in a compliance program, focusing up the corporate ladder when I read a recent article in the New York Times (NYT) by Gretchen Morgenson, in her Fair Game column, entitled “Ways to Put the Boss’s Skin In the Game”. Her piece dealt with a long-standing question about how to make senior executives more responsible for corporate malfeasance? Her article had some direct application to anti-corruption compliance programs such as those based on the US Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Morgenson said the issue was “Whenever a big corporation settles an enforcement matter with prosecutors, penalties levied in the case – and they can be enormous – are usually paid by the company’s shareholders. Yet the people who actually did the deeds or oversaw the operations rarely so much as open their wallets.”

She went on to explain that it is an economic phenomenon called “perverse incentive” which is one where “corporate executives are encouraged to take outsized risks because they can earn princely amounts from their actions. At the same time, they know that they rarely have to pay any fines or face other costly consequences from their actions.” To help remedy this situation, the idea has come to the fore about senior managers putting some ‘skin in the game’. Her article discussed three different sources for this initiative.

The first is a current proxy proposal in front of Citigroup shareholders which “would require that top executives at the company contribute a substantial portion of their compensation each year to a pool of money that would be available to pay penalties if legal violations were uncovered at the bank.” Further, “To ensure that the money would be available for a long enough period – investigations into wrongdoing take years to develop – the proposal would require that the executives keep their pay in the pool for 10 years.”

The second came from William Dudley, the President of the Federal Reserve Bank of New York, who made a similar suggestion in a speech last fall. His proscription involved a performance bond for the actions of bank executives. Morgenson quoted Dudley from his speech, “In the case of a large fine, the senior management and material risk takes would forfeit their performance bond. Not only would this deferred debt compensation discipline individual behavior and decision-making, but it would provide strong incentives for individuals to flag issues when problems develop.”

Morgenson reported on a third approach which was delineated in an article in the Michigan State Journal of Business and Securities Law by Greg Zipes, “a trial lawyer for the Office of the United States Trustee, the nation’s watchdog over the bankruptcy system, who also teaches at the New York University School for Professional Studies.” The article is entitled, “Ties that Bind: Codes of Conduct That Require Automatic Reductions to the Pay of Directors, Officers and Their Advisors for Failures of Corporate Governance”. Zipes proposal is to create a “contract to be signed by a company’s top executives that could be enforced after a significant corporate governance failure. Executives would agree to pay back 25 percent of their gross compensation for the three years before the beginning of improprieties. The agreement would be in effect whether or not the executives knew about the misdeeds inside their company.”

As you might guess, corporate leaders are somewhat less than thrilled at the prospect of being held accountable. Zipes was cited for the following, “Corporate executives are unlikely to sign such codes of conduct of their own volition.” Indeed Citibank went so far as to petition the Securities and Exchange Commission (SEC) “for permission to exclude the policy from its 2015 shareholder proxy.” But the SEC declined to do and at least Citibank shareholders will have the chance to vote on the proposal.

In the FCPA compliance context, these types of proposals seem to me to be exactly the type of response that a company or its Board of Directors should want to put in place. Moreover, they all have the benefit of a business solution to a legal problem. In an interview for her piece, Morgenson quoted Zipes as noting, “This idea doesn’t require regulation and its doesn’t require new laws. Executives can sign the binding code of conduct or not, but the idea is that the marketplace would reward those who do.” For those who might argue that senior executives can not or should not be responsible for the nefarious actions of other; they readily take credit for “positive corporate activities in which they had little role or knew nothing about.” Moreover, under Sarbanes-Oxley (SOX), corporate executives must make certain certifications about financial statement and reporting so there is currently some obligations along these lines.

Finally, perhaps shareholders will simply become tired of senior executives claiming they could not know what was happening in their businesses; have their fill of hearing about some rogue employee(s) who went off the rails by engaging in bribery and corruption to obtain or retain business; and not accept that leaders should not be held responsible.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 30, 2015

Compensation Incentives in a Best Practices Compliance Program

Compensation IncentivesOne of the areas that many companies have not paid as much attention to in their Foreign Corrupt Practices Act (FCPA) anti-corruption compliance programs is compensation. However the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have long made clear that they view incentives, rewarding those employees who do business in compliance with their employer’s compliance program, as one of the ways to reinforce the compliance program and the message of compliance. As far back as 2004, the then SEC Director of Enforcement, Stephen M. Cutler, said “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it.” The FCPA Guidance states the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance pro­gram, and rewards for ethics and compliance leadership.”

In a Harvard Business Review (HBR) article, entitled “The Right Way to Use Compensation, Mark Roberge, Chief Revenue Officer of HubSpot, wrote about his company’s design and redesign of its employee’s compensation system to help drive certain behaviors. The piece’s subtitle indicated how the company fared in this technique as it read, “To shift strategy, change how you pay your team.” Several interesting ideas were presented, which I thought could be applicable for the Chief Compliance Officer (CCO) or compliance practitioner when thinking about compensation as a mechanism in a best practices compliance program.

Obviously Roberge and HubSpot were focused on creating and retaining a customer base for a start-up company. However because the company was a start-up, I found many of their lessons to be applicable for the compliance practitioner. As your compliance program matures and your strategy shifts, “it’s critical that the employees who bring in the revenue-the sales force-understand and behave in ways that support the new strategy. The sales compensation system can help ventures achieve that compliance.” The prescription for you as the compliance practitioner is to revise the incentive system to focus your employees on the goals of your compliance program. This may mean that you need to change the incentives as the compliance programs matures; from installing the building blocks of compliance to burning anti-corruption compliance into the DNA of your company.

Roberge wrote that there were three key questions you should ask yourself in modifying your compensation incentive structure. First, is the change simple? Second, is the changed aligned with your company values? Third, is the effective on behavior immediate due to the change?


Your employees should not need “a spreadsheet to calculate their earnings.” This is because if “too many variables are included, they may become confused about which behaviors” you are rewarding. Keep the plan simple and even employee KISS, Keep it simple sir, when designing your program. If you do not do so, your employees might fall back on old behaviors that worked in the past. Roberge notes, “It should be extraordinarily clear which outcomes you are rewarding.”

The simplest way to incentive employees is to create metrics that they readily understand and are achievable in the context of the compliance program that you are trying to implement or enhance. This can start with attending Code of Conduct and compliance program training. Next might be a test to determine how much of that training was retained. It could be follow up, online training. It could mean instances of being a compliance champion in certain areas, whether with your employee base or third party sales force.


As the CCO or compliance practitioner, you need to posit the most important compliance goal your entity needs to achieve. From there you should determine how your compensation program can be aligned with that goal. Roberge cautions what the DOJ and SEC both seem to understand, that you should not “underestimate the power of your compensation plan.” You can tweak your compliance communication, be it training, compliance videos, compliance reminders or other forms of compliance messaging but it is incumbent to remember that “if the majority of your company’s revenue is generated by salespeople, properly aligning their compensation plan will have greater impact than anything else.”

The beauty of this alignment prong is that it works with your sales force throughout the entire sales channel. So if your sales channel is employee based then their direct compensation can be used for alignment. However such alignment also works with a third party sales force such as agents, representatives, channel ops partners and even distributors. Here Roberge had another suggestion regarding compensation that I thought had interesting concepts for third parties, the holdback or even clawback. This would come into place at some point in the future for these third parties who might meet certain compliance metrics that you design into your third party management program.


Finally, under immediacy, it is important that such structures be put in place “immediately” but in a way that incentives employees. Roberge believes that “any delay in the good (or bad) behavior and the related financial outcome will decrease the impact of the plan.” As a part of immediacy, I would add there must be sufficient communication with your employee or other third party sales base. Roberge suggested a town hall meeting or other similar event where you can communicate to a large number of people.

Even in the world of employee compensation incentives, there should be transparency. He cautioned that transparency does not mean the design of the incentive system is a “democratic process. It was critical that the salespeople did not confuse transparency and involvement with an invitation to selfishly design the plan around their own needs.” However, he did believe that the employee base “appreciated the openness, even when the changes were not favorable to their individual situations.” Finally, he concluded, “Because of this involvement, when a new plan was rolled out, the sales team would understand why the final structure was chosen.”

So just as Roberge, working with HubSpot as a start-up, learned through this experience “the power of a compensation plan to motivate salespeople not only to sell more but to act in ways that support a start-up’s evolving business model and overall strategy”; you can also use your compensation program as such an incentive. For the compliance practitioner one of the biggest reasons is to first change a company’s culture to make compliance more important but to then burn it into the fabric of your organization. But you must be able to evolve in your thinking and professionalism as a compliance practitioner to recognize the opportunities to change and then adapt your incentive program to make the doing of compliance part of your company’s everyday business process.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 27, 2015

Compliance Programs under the Brazilian Clean Companies Act

BrazilEd. Note-I recent asked Rafael Mendes Gomes if he could give my readers some information about the recent regulations issued by the Brazilian government around the Clean Companies Act. Both he and Vitor Lopes da Costa Cruz responded with today’s guest post. 

According to the World Bank, Brazil is the world’s seventh wealthiest economy, with a Gross Domestic Product (GDP) of US$ 2.253 trillion in 2012. On the other hand, Brazil is ranked 69th out of 175 countries in Transparency International’s 2014 Corruption Perception Index, and was recently shaken by investigations into a multi-billion dollar scandal involving the state controlled oil giant Petrobras, threatening to engulf the country’s most senior politicians—including its president. Brazil is also a signatory of the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions – the “OECD Convention”.

The OECD Convention entered into force in 1999, and the OECD’s Working Group conducts peer reviews to evaluate the implementation of the Convention and effective enforcement of measures to prevent, detect, investigate and prosecute bribery, but Brazil was one of the last signatories to pass a law focused on the supply side of the bribes: business organizations. Law 12.846/2013, often referred to as the Clean Companies Act, took effect on January 29th, 2014, and makes business organizations liable for illegal acts against national or foreign public administration, including bribery. An English translation of Law 12.846/2013 is available here.

The Clean Companies Act applies to any Brazilian business organization, company, foundation, association of persons or entities, formally organized or not, regardless of how they are organized or the corporate model they adopt, as well as foreign companies having office, branch, or representation in the Brazilian territory, even if informally and/or temporarily. The Act subjects companies to severe civil and administrative penalties and sanctions for bribing domestic or foreign government officials, and the fines can be of up to 20 percent of the company’s annual gross revenues.

In Article 7, VIII, the statute provides for that, in defining the penalties to be applied to an organization for violations of the statute, the enforcer will take into account the “existence of internal mechanisms and procedures of integrity, audit and incentive for the reporting of irregularities, as well as the effective enforcement of codes of ethics and codes of conduct within the organization” (free translation). The problem was that the statute did not provide guidance on what said mechanisms and procedures consisted of, or how much discount or credit would be granted to companies that have effective compliance programs in place. In the Sole Paragraph or Article 7, the statute sets forth that the criteria of evaluation of the compliance mechanisms and procedures were to be defined by Regulation to be issued by the Federal Executive Branch.

Finally, after over a year of the Clean Companies Act having entered into force, on March 18th, President Dilma Rousseff issued a Federal Decree (8.420/2015) regulating the statute, as a part of a series of anti-corruption measures to counter the increasing public opinion pressure against her administration. The Decree covers some of the crucial aspects of the Act, concerning the evaluation of compliance or corporate integrity programs, the administrative procedure for imposing corporate liability and assessing fines, and the rules regarding leniency agreements.

Of particular interest to companies doing business in Brazil is what the Decree sets forth that regulators and enforcers shall regard as the hallmarks of an effective compliance program, which guidelines are in our view closely aligned with international standards, mainly those provided by the FCPA Resource Guide and OECD’s Good Practice Guidance on Internal Controls, Ethics, and Compliance.

In this post we will focus on the available legal guidance in Brazil, regarding compliance programs, as provided for in the recently enacted Decree, outlining the hallmarks of a compliance program under Brazilian law:

  1. Tone at the Top, translated as the commitment from the top executives of the company, including members of the board, evidenced by the visible and unequivocal support to the compliance program.
  2. Ethics Code and written policies and procedures, enforced to all members in the organization, extended to third parties when applicable.
  3. Periodic Training regarding the organizations Compliance Program.
  4. Periodic Risk Assessment, aimed at making the necessary adjustments to the company’s compliance program.

As regards risk assessment, the Decree sets forth that the Brazilian Authorities shall consider the following when assessing the effectiveness of a Compliance Program, during an investigation:

  • The number of employees;
  • The complexity of the company’s internal hierarchy and the number of departments, governance bodies or sectors;
  • The use of third parties intermediaries as consultants or sales agents;
  • The industry or sector in which the company operates;
  • The countries in which it operates, directly or indirectly;
  • The level of interaction with the public sector and the importance of permits, licenses, and governmental approvals for its operations;
  • The amount and location of legal entities that form the economic group; and
  • Whether the company is regarded by law as a micro or small business.
  1. Accounting Records that comprehensively and accurately reflect the company’s transactions.
  2. Political Contributions. Transparency as regards donations and contributions to political campaigns, candidates and political parties
  3. Relationship with the Public Administration. Specific Proceedings around prevention of fraud or irregularities in public tenders, in the performance of public contracts, and in the interaction with the public sector (including tax collections and inspections, governmental authorizations, licenses, and permits).
  4. Compliance Officer: Independence, structure, and authority of the internal body responsible for implementing and enforcing the compliance program.
  5. Confidential Reporting Channels (hotline), widely advertised to the company’s employees and third parties, and mechanisms for the protection of whistleblowers acting in good faith.
  6. Disciplinary Action in case of violations and procedures to ensure the prompt interruption of the wrongful conduct or violation, and timely remediation of damages caused.
  7. Third Party Due Diligence for the hiring of third party intermediaries, such as consultants, vendors, contractors, suppliers, and service providers, and, if applicable, the monitoring of the intermediaries’ activities.
  8. M&A Due Diligence: M&A anti-corruption due diligence and risk assessment.
  9. Monitoring and Continuous Improvement. Constant monitoring of the compliance program, in order to ensure its continuous improvement.

Having the Federal Executive Branch provided guidelines and clarifications on critical aspects of the Clean Companies Act, by means of the Decree in review, defining parameters and criteria for application of the statute, companies now have a clearer picture of what is expected from them, how investigations are supposed to be conducted, and how cooperation will take place. It is also true that enforcers are now better equipped, at least from the legislation standpoint, to fight corporate bribery.

Now Brazil has the challenge to demonstrate effective enforcement of such laws.


Rafael Mendes Gomes is the partner in charge of compliance and anti-bribery at Chediak Advogados, with offices in São Paulo and Rio de Janeiro, Brazil. The firm offers legal assistance to both Brazilian and international clients across different industries and business sectors.


Vitor Lopes da Costa Cruz is a senior associate in the compliance and anti-bribery team at Chediak Advogados. He assists companies in the assessment, design, and implementation of compliance programs.


You can access Chediak Advogados Compliance and Anti-bribery web page here.

March 26, 2015

The Power of Positive Thinking

Tough CookieEd. Note-I am on Spring Break this week and the Two Tough Cookies graciously agreed to provide a week of guest posts.

Wrapping up this week’s communication series, I am reminded of my own personal flaws… and I can be my own worst enemy. Nothing you’ve read these past few days should be surprising to you, but I hope they have served as a reminder on some easy things you can do to improve your communications within your organization. You need to be a “trusted resource” within your organization to be an effective change agent. Even if you aren’t leading the change efforts, just reinforcing the concepts for your organizational leaders makes you an important part of the change underway. How you present yourself to the larger organization goes a long way to reinforcing your credentials as a “trusted resource” and gives you the staying power to ride the tide of change.

Take this short quiz, and recognize your thought patterns from your answers:

  • You’ve been dieting for a while and you just lost 10 pounds. You think:
    1. This diet is taking so long I’m never going to look good in that suit for my brother’s wedding
    2. I’m proud of the self-control I’ve had so far
  • You miss your flight, and have to wait for a later one. You think:
    1. No matter what I do, something always makes me late
    2. I should have looked at the gap between connecting flights and given myself more time to change gates
  • Work rolls out a new computer app for you to use, and you are still struggling to get the hang of it. You think:
    1. I’ll embarrass myself if I ask for help
    2. I’m going to ask for help with this

In all three scenarios above, answer B is “positive thinking” because they

  • Give credit for positive outcomes
  • Identify strengths that make success possible
  • “Failures” are “foot faults” and not a personal flaw

Answer A, on the other hand, demonstrates negative thinking because

  • Success is due to luck or external factors
  • Success is random and had nothing to do with hard work
  • There’s assumption of failure and not success, and
  • Failure comes as no surprise

Circling back to Appreciative Inquiry, we already know to focus on what success looks like to you and your organization. Emotional Intelligence has you presenting yourself in the most positive way possible through the use of understanding and working with your emotions, knowing that the power to control your reactions goes a long way to controlling the outcome of your interactions with others in the workplace. Both these disciplines focus on the positives, and the Power of Positive Thinking takes it to the next level. As Gandhi is quoted as saying:

Watch your thoughts, for they become your words… Watch your words, for they become your actions…. Watch your actions, for they become your habits… Watch your habits, for they become your values…. And understand your values, for they become your destiny.

Positive thinkers are better at coping with workplace challenges. They are more resilient, they look to be part of the solution and not the problem, are more likely to ask for help, and function better in a crisis. They also tend to have an increased capacity for joy, are kinder, and less likely to feel the negative effects of stress, because they focus on what they can change. As compliance professionals, we work in a world ripe with stress of all kinds.     So how does positive thinking help us cope with workplace challenges? Here’s an example that I hope you can derive some useful tips from….

I was faced with a situation in a manufacturing plant where one worker hated another with a vengeance, and the Helpline had multiple calls from her over the course of a couple weeks, precipitating an “intervention.” The HR manager, new to the plant (but not new to HR), had thrown his hands up and said “I can’t deal with these two!” so I offered to personally come, hear them out, and help him work through a solution.

We sat the two down in a joint session, and I set some simple ground rules. Each would get 10 minutes to “present” their case and “air” their concerns, with another 5 minutes to rebut once the other had finished talking. First instance of interruption would take a minute off their “air time,” second interruption, two minutes, third interruption would and so on. Both agreed to the terms, and I tossed a coin for who would go first. The first, who had “seniority” in the plant, argued her case, and insisted that the other be reassigned to second shift so she wouldn’t have to see her face every day. The other worker stated she’d been given a hard time since day one, and learned it was because the complainant wanted her friend (who worked second shift) to get the job on first shift instead so they could have more friend time together. She then told us that first shift was important to her, because her husband worked second shift, and this meant they didn’t have to worry about day care for their kids. What was critical was that neither party had a performance issue, nor an attendance issue. It was clear to both myself and the HR manager it simply a matter of the complainant wanting her friend to get the first shift slot instead.

We “recessed” before rebuttal, and I told the HR manager that I had an idea, if he wouldn’t mind me trying something. So, using the power of positive thinking, I invited the complainant to speak with us privately, to rebut what the other employee had to say. Giving us no new “evidence” of misbehavior, after she finished speaking the “dialogue” ensued as follows:

Q: So, you’re unhappy about Employee X working the day shift, correct?
A: Yes
Q: So, you want to have a different shift than Employee X, correct?
A: Yes
Q: And you are suggesting that we move Employee X to second shift, correct?
A: Yes
Q: Are you willing to pay for day care for Employee X’s kids while she works?
A: What?
Q: I asked, are you willing to pay for day care for Employee X to have her kids watched while she works second shift?
A: You crazy or what? That’s not my responsibility! That’s her problem!
Q: Okay, but it wasn’t her problem until you insisted we change her shift. We need help figuring out how to solve this new problem if we do as you ask. Ultimately, you want her to work a different shift than you, right? That’s what you want?
A: That’s right! So she needs to be moved to second shift!
Q: Or, you can be moved to second shift, right? I mean, that will do as you ask, won’t it? You don’t have any kids at home (focus on her “strength”), so it’s what will create the least hardship for everyone, isn’t it (focus on success)? She won’t have to get day care, you won’t have to pay for her day care (win-win), you’ll get to be with your friend, you’ll have what you want (another win-win), right? So, the way I see it we have three choices in front of us: 1) we leave things alone and you leave her alone (best choice), 2) we move her to second shift and you pay her day care (worst choice for complainant and definitely not what she anticipated), or 3) you move to second shift to be with your friend (unlikely, but “accountable” choice). What do you suggest we do from those three options? The choice is yours, all you have to do is tell us what you want us to do, and there’s really no wrong answer here from those three options (all options = success) ….

The silence in the room was deafening. The HR manager later pulled me aside and told me it took everything he had to keep a straight face, and he never in his life saw such an awestruck look on a factory worker’s face. He then thanked me for helping “document” the real issue, and giving him the insight to deal with that worker going forward. I was an instant hero for Employee X, too, as a result, and the HR manager confirmed that there were no more complaints coming from the complainant.

By simply shifting the focus of the problem a little bit, I “helped” the HR manager deal with the stressful complainant, and helped each focus on what they could change and resolve the conflict at work. By intervening on his behalf, I also took on the role of “bad cop” and he was able to preserve his “good cop” image at the plant while also successfully resolving the conflict. Further more, he was able to point to the experience any time other personal conflicts arose, and offered to bring me back anytime to work through the conflicts with the employees. No one took him up on the offer, and I still chuckle when I think back on that episode.

Our brains mimic what we see, so when we spread positivity, and show people alternative ways of thinking through problems, magic happens. I had fun with the exercise above, because it gave me the opportunity to show the complainant how her negative thinking was bringing everyone around her down, when the solution to her “problem” was really simple – I empowered her to think in terms of the hardships she was presenting to others (negativity) and gave her the tools to arrive at a positive outcome, if she was willing to take on some personal accountability in the process. Instead of thinking to myself “this woman is impossible to deal with” I thought instead “how can I empower her to solve this problem herself?” Another priceless leadership moment that I will take with me forever.

So how do you manage your thoughts to ensure positive outcomes? Like any leadership exercise, it’s a marathon, not a sprint. You have to be aware of what you’re doing (that’s where EQ comes in), and examine the triggers that send you into negativity. Change the critical thoughts into goals. Think about your values, and determine what it is you want to be. You don’t have to be positive all the time, nor should you – negative thinking can help you prepare, can also help you see the lighter side of things… It’s the yin to your yang, and helps you aim for balance. But practice your positivity, ask for help (go ahead, guys, ask for directions, it won’t hurt you), have a sense of humor, and enjoy yourself. And remember one thing if nothing else: You cannot be what you cannot see.

The Two Tough Cookies will be publishing a book of their tales shortly, under the title “You Can Not Be What You Can Not See” – look for it from Corporate Compliance Insights, coming soon. 

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. 

March 25, 2015

Emotional Intelligence and Mindfulness

Tough CookieEd. Note-I am on Spring Break this week. The Two Tough Cookies graciously agreed to once again provide a week of guest posts. 

Remember when I said many “leaders” either aren’t aware, or don’t care, to take a few extra precautions to communicate authentically and in a manner that is meaningful, relevant, and targeted for specific results? That’s where emotional intelligence plays a big part in how you communicate. First and foremost, understand the root origin of the word “Emotion” is “to motivate.” So consider the following: When asked, how do you respond to questions like “How are you” or “How’s Things?” If you answer anything other than “fine” or “great” (or any quirky response you might deploy to illicit a chuckle), know that your response will adversely impact your effectiveness and trust in the organization. People really don’t want to know how sick your kids are, or how awful your commute was. They don’t want facts. They want nice. Drawing from what we just wrote about Appreciative Inquiry, people with a high EQ understand the importance of positivity in getting results. You must understand how your emotional state drives your performance in terms of being effective, being “trusted” and being well-received by others. So learn well how to distance yourself a bit from your reaction “in the moment,” and pay attention to what emotion group your reactions tend to fall into: Pleasant (caring, upbeat, happy), Neutral (anticipation, real interest, surprise), or Unpleasant (anger, disgust, fear). Once you master this, you will be demonstrating effective levels of “Professional Intimacy.

The truth is, our emotions provide a wealth of information about our state of mind in any given situation. It’s our “feedback loop” which we can’t, and shouldn’t, ignore. That sinking pit in your stomach when advised of a pending issue is something that is hard-wired into your brain? You can try to hide your reservations about proceeding, but emotions show even in the most seasoned communicator – we each have our little ‘tells.’ Yale University even has developed a mood meter for your iPhone, and I frequently fondle a “Tensometer” that I have at my desk, a token given to me by a former HR colleague as a joke that tells me, much like a mood ring, if I am tense, or chilled out. I take immense satisfaction knowing that I register most often in the blue and green scales (chilled) and only rarely register in the black and red scales (freaked out). The very act of checking my mood would make me testy if it registered otherwise!

Our emotions serve to motivate us, yes indeed they do. Fight or flight responses are served up based on our emotions. Are we afraid (negative emotion) of the outcome? If so, we might go into avoidance mode (flight). If we are interested in something (neutral emotion) we might try to engage others to explore and learn more. If we are happy about something (like being told you just did a great job on a project), we will strive to repeat that performance (fight), because we like to feel good about ourselves (as we just demonstrated, AI focuses on the positive changes the “pleasant” emotions can elicit).

So what happens when we feel emotions? The brain has two minds – the emotional mind and the rational mind – and unfortunately for many of us (myself included, thanks to my “latin” heritage), the emotional mind responds more quickly than the rational mind. Emotional Intelligence is an exercise in impulse control in favor of the thinking/rational mind to ensure that we don’t allow the emotional mind to hijack the rational mind.  So slow down, step back, when you notice a strong impulse taking over. Pause, be mindful of the moment, take your time. Recognize the effects your emotions may have on your effectiveness as a leader and communicator. A common tip people recommend is to count to 10, but darn, that can be awkward in a meeting. Instead, reach for a glass of water, and take a long, slow draught. While you are swallowing, you can reset the pace of your beating heart, collect your thoughts and emotions, and formulate your response. And remember too – you cannot cry and drink at the same time (just try it, and I promise you won’t be disappointed). That trusty glass of water has saved me on many occasions, and I never go to a meeting without something to drink, just in case I have to check my emotions at the door.

EQ as a communication tool helps you develop the emotional and social skills to establish how well we

  • Perceive and express ourselves
  • Perceive others reactions to ourselves
  • Develop and maintain appropriate social relationships
  • Cope with challenges
  • And use emotional information in an effective and meaningful way.

When deployed successfully, EQ can aid you in self-perception – understanding your emotional triggers and developing coping skills to let the rational mind emerge triumphant. By doing so, you develop adaptive behaviors that aid you in properly expressing your emotions, develop and maintain better personal relationships, and make better decisions as a result. With a strong sense of identity, you begin to develop the tools to accept and respect yourself, which helps you appreciate perceived positives, as well as develop inner strength, self-assuredness, and self-confidence. And it will glow off of you…

Please don’t confuse emotional control with emotional intelligence, however. People with strong emotional control but without EQ often come across as uncaring, cold, unfeeling. Conversely, people with little emotional control come across as too “touchy feely,” or “unstable” or, my personal favorite, a “loose cannon.” Neither extreme make for leaders worth following when trying to effect a positive organizational shift in culture, because neither comes across as trustworthy or authentic. What’s prescribed is a balance of appropriate distance paired with professional intimacy.   People with a high EQ have mastered the art of instilling a sense of caring, while motivating others to act in ways that suit their purpose, never crossing the line of familiarity that breeds contempt.

Another trap to avoid at all costs is passive aggressiveness. I am ashamed to admit I have been guilty of it on many occasions, and didn’t even know it, until someone used the term describing someone else and I had the temerity to finally look it up. To my surprise, I saw myself described, writ large and crystal clear on the pages of Wikipedia. I was decidedly NOT guilty of passive resistance to expected work requirements, opposition, stubbornness, and negative attitudes in response to requirements for normal performance levels expected of others. Definitely not me. I am a renowned overachiever, and but for my one run-in at my previous employer, I have always received high performance ratings. What I was guilty of, however, was conflict avoidance, rarely saying what I truly felt whenever I felt a disservice had been done to me, or my colleagues. I had a hard time asking for what I felt was right, and as a result, did not come across as powerfully as I could have or should have, given my role. I have since learned my lesson that you can’t get what you want if you don’t ask for it, and there is a proper way to express your feelings and not alienate the world, but boy, it took me a LONG time to get there.

So how does one get started with EQ? There are gobs of resources on the internet – just search ‘emotional intelligence’ (with quotes to narrow your results), and you are on your way. Take this EQ test to determine your EQ at home. But while you are at it, I suggest you look at “mindfulness” as well, as an EQ companion primer to help you practice impulse control, which will serve you well when you want your rational mind to speak first.

Worksheet in Two Tough Cookies Guest Posts-Spring Break 2015

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. 

March 24, 2015

Appreciative Inquiry and Servant-Leadership

Filed under: Compliance,Compliance and Ethics,compliance programs — tfoxlaw @ 12:01 am

Tough CookieEd. Note-I am on Spring Break this week. The Two Tough Cookies graciously agreed to once again provide a week of guest posts. 

So, you have done your cultural assessment, you have identified gaps that need to be addressed in terms of change, and you’re ready to take action. The first tool we’ll explore with you is known as Appreciative Inquiry (AI). The basic premise for AI rests on a “glass half full” perspective, insofar as the basic assumption is that something is indeed working well, rather than approaching a change initiative from the perspective that something’s “broken” and needs to be fixed. This flies in the face of convention, as most managers are equipped to problem-solve, not look for opportunities to change by improving already functioning systems. In sum, AI operates on the deceptively simple premise that organizations grow in the direction in which they focus their attention – when you focus on the problems, the number and severity of problems increase. When you focus on ideals, achievements and best practices, these positive influencers tend to flourish, not the conflicts (more on the power of positive thinking in closing later this week).

Logically, when you get right down to it, people like to be told they are doing a good job, from the bottom organizational rung right up to the top, and in a learning environment, students generally do better overall when told about their successes – it makes them want to work that much harder to get more recognition for a job well done. Traditional problem-solving tends to focus people’s energy on what is not working well, and people can only do this for so long before they become demoralized and resigned to a dysfunctional state. It can also lead to a downward spiral of discussion, with participants often discussing, and displaying to others, their failings. This in turn can generate responses of blame, denial, defensiveness, and anger. Most people do not like to be told they have a problem, or worse yet, are the problem that needs fixing, and in most instances will resist acknowledging their contribution to the problem. This then sets the organization up for a culture of problem-centered improvement (“if it ain’t broke, don’t fix it”) with people waiting to take action until problems are identified or systems start to fail.

Appreciative Inquiry, on the other hand, gives change agents a way to identify, replicate, and magnify successes instead of focusing on what is broken and how to fix it. So what does AI look like from a cultural change initiative in a corporate environment? Let’s take your typical “continuous improvement” model. Continuous Improvement is an organizational approach to appreciative inquiry, recognizable as Toyota’s Lean Manufacturing, to GE’s Six Sigma.   But you don’t need to perform a Kaizan event to adopt appreciative inquiry for your organization’s culture change initiatives. What you do need, however, is a team of cross functional participants who are willing to spend an hour or so with you brainstorming to 1) recall past and present successes (small or insignificant as they may seem), 2) generate insights into why those events were successful, and 3) identify steps that can be used to reinforce and amplify what went well.

With a little bit of preparation, change agents can become quite adept at facilitating Appreciative Inquiry “interventions.” But it requires certain skills to be successful at it – you must be willing to adopt a new paradigm for change, one that steers away from problem solving, and leans towards championing successes. You must believe that words carry meaning that create reality. You must be also good at helping others to think in terms of the positive outcomes that have really worked (even if it doesn’t seem like there are many out there to choose from!), helping them sort the wheat (success) from the chaff (failure), and weaning them from a tendency to want to address the failures.   You don’t want to do the thinking for them, you want to trigger a thought process in them that will result in the “glass half full” perspective, which can be a daunting task indeed. You must also be a great listener, using your limited “talk time” to channeling the positives, and helping others identify even the small wins. There is an elegance to the concept of asking people to remind you about what went well in their work, one which helps and even encourages participants be heroes. When the discussions take an upward, positive spin towards recognition of even the smallest of wins, instead of a downward spiral of blame gaming, people will feel incented to be champions for removing barriers to change. Empowerment for change becomes the norm, and a servant-leadership culture will begin to emerge.

Since we are talking about a culture change, and not a process change, start simply – have the team identify their two best bosses they have ever worked for in their entire career. Make sure you have seasoned, senior leaders in the room, people who have been exposed to a variety of work styles throughout their careers. Ask them to list the attributes and behaviors those bosses exhibited. If you run out of time (and you probably will if you only have an hour and 10 participants), give the team homework and conduct a follow-up meeting, creating lists of character traits, leadership styles, and communication techniques employed by these successful bosses. Close out the follow-up session by asking the team to offer some conclusions about their experiences, and capture them carefully. This is the discovery phase of AI.

Send the team out with more homework, asking them to read a few key articles on organizations and people who had successfully adopted and enacted the principles of servant-leadership. Try to find these success stories in industries that are similar to your own, so that the message “If they could do it, so can we” will resonate. Then ask the participants to identify things they had done in the past year that aligned with the servant leadership principles they’ve read about. This is the Understanding Phase of AI, as the participants emerge with a foundational grasp that small and large acts of service are performed every day by virtually everyone in the group, and that they are at their best, and more importantly, feel better about themselves, when they are “serving” rather than “commanding.”

Then take another session to explore the questions of “how can we serve more” and “who else do we need to serve?” Ideas will flow, action plans will develop, and managers can (and should) volunteer to be accountable for results. This process will allow the team to amplify and reinforce 1) what went well, and 2) what will happen next at your organization to lead towards a positive change for the better. You will note, after time, willingness and ability to change as employees learn to recognize what’s working well, and the efforts being taken to reinforce and amplify those positive outcomes. The process can take painful turns throughout its lifecycle in your organization, but the objective should be to empower a culture of liberating and spirited dialogue rather than toxic finger-pointing.

By encouraging people to view their organization with the “glass half full” perspective, and make shared meaning of the answers as to why things worked well, and then act on those responses, AI is a very strong tool for organizational change. It supports organizational learning and development in some very important ways:

  • It helps folks perceive the need for change by the very act of inquiry (discovery)
  • It helps focus on the positive outcomes, and discourages derailment through negativity
  • When you align your discoveries with the organization’s purposes and principles, it translates words into vision, vision into action, and belief into reality. Words carry meaning that create reality…..

I deployed the use of Appreciative Inquiry at one organization I worked for as an emergency measure when an enterprising human resource professional decided to change the participants of the first women’s leadership committee meeting without telling me. Instead of inviting rising stars like I had asked, she invited well-established women leaders to the meeting. As chair of the Diversity Working Group for the organization, I felt compelled to act quickly to avoid the hiccup that was bound to happen, since the invitees clearly didn’t need help becoming ‘leaders’ and would fail to understand what the program’s objectives were without more. So I revised the agenda, and led the team through a discovery-phase Appreciative Inquiry session. The organization was male dominated, with only 10% of its leaders being female in midlevel management positions (even though nearly 50% of its employees were female), and not a single woman on the executive leadership team.

My line of inquiry was rather simple: I asked the participants to identify projects that they enjoyed working on in the organization, and why. I asked them to identify what made the project enjoyable, and asked them to consider “soft” data points (people) rather than hard data points (subject matter, problems tackled, resources allocated, etc.). From this initial session, I asked them to draw conclusions as to why it went well, factoring out all of the hard data, and only factoring in the soft data. To the last, the team identified 4 metrics to act upon: important people skills displayed by project participants, communication difficulties with the male leaders (a bit intimidating but doable if properly coached), the benefit of exposure to other functions and what they learned through the shared experiences, and the mentoring that they received during the projects they worked on. Voila! I said – That’s what our group needs to present to leadership – how to create more of that….

I was able to take this input back to the executive steering committee, and advise them that based on the input, we needed to address the needs of the women in terms of leadership skills building, communications coaching for active listening (for men) as well as confidence building (for women), job rotations or special projects that solicited participation across functional areas, and mentoring programs that would give women in the leadership pipeline much needed exposure to leaders across the enterprise. The experience gave the organization the data points to define the kind of organization we wanted to be with our “Diversity” initiative. It was also the single most important tool we used to define our Diversity “Vision,” articulate it for the broader organization, create an action plan around it, and deliver. Our first women’s leadership conference was a summit of that year’s exercise in AI that drew women from 30 different countries and across multiple functional areas, and was a huge success. It is also one of the most touching, memorable achievements in my entire career as a compliance professional, and it had absolutely nothing to do with catching bad guys, and everything to do with influencing change for the better.

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. 

March 23, 2015

Trust in the Balance

Tough CookieEd. Note-I am on Spring Break this week. The Two Tough Cookies graciously agreed to once again provide a week of guest posts. 

This tough Cookie is grateful to have been asked to submit some articles for Tom Fox while he visits with his daughter during Spring Break. When I pondered what would be an appropriate topic for the week, immediately ‘communication’ came to mind. After all, it seems that an utter lack of integrity in an organization is attributable, in large part, to what, and how, management communicates to the larger organization. So it is fitting to dwell on this topic for a little bit, but given I just spent the greater part of a week surrounded by the largest gathering of privacy professionals in the world, I thought I’d start with a very specific type of communication – confidential communications. It is the nature of confidentiality that emboldens people to speak up and be heard, such as through whistleblowing schemes. Posting anonymously has emboldened the Two Tough Cookies to share with you our Tales from the Crypt last spring and summer. The cloak of secrecy has its value insofar as it peels back the protective filters we ordinarily engage in our everyday communications, and allows us to speak freely without fear of retaliation. This freedom that confidentiality and privacy gives us is a powerful tool, that can be used for the better, or for the worse, depending on your intent.

The opening remarks at this gathering of privacy pros were given by two very prominent figures in the world of privacy. The first who spoke was Glenn Greenwald, journalist for The Guardian who blew the Edward Snowden story wide open. Mr. Greenwald’s talk focused on what hasn’t, and has, changed since the Snowden expose came to light. What hasn’t changed is the law, surprisingly enough. Many Americans believe we have a fundamental right to privacy, much like our first amendment right to free speech. But as Mr. Greenwald was quick to point out, Congress has not enacted one single piece of legislation to protect our personal privacy since Snowden’s expose. Yes, we have a hodgepodge of laws that protect certain types of information (mostly financial and/or health info), and most states (47 at last count) have enacted complementary laws to ensure they can swiftly act to protect its citizens in the event of a breach or what have you. But our constitution and our federal legislature is remarkably silent with respect to a citizen’s right to be left well alone. Wake up America. You most certainly do not have a right to privacy. In fact, there is a bill that just passed (March 14) in a closed door session of the Senate Committee on Intelligence that, if enacted, would serve as carte blanche authorization to search your on-line history across the nation … Notably missing from the Cybersecurity Information Sharing Act of 2015? Why, privacy protections for US citizens, of course!

Greenwald reminded us all of the immense personal sacrifice embraced by Snowden when he made the decision to blow the whistle on the US government. I am not here to defend him, just explain him in plain English. Call him a traitor, send him off to Gitmo, hate him, adore him, do what you must.   But like many whistleblowers before him, Snowden analyzed the situation, weighed the risk to his own personal freedom, and notwithstanding the overwhelming odds he’d be branded a criminal, he spoke up. He felt, simply put, betrayed by his country. The expectation of privacy which we all shared up to that point was a mere cloak of invisibility that would not withstand even the slightest scrutiny. The thought that innocent people could not happily surf the internet, or email, or enter into e-commerce, without someone watching their every move, did not sit well with Mr. Snowden. It was tantamount, in his mind, to a warrantless search with no probable cause. And for that, he was willing to rot in jail for the rest of his life to ensure that this “lawlessness” on the part of the US government was reined in, so to speak.

What has changed, according to Mr. Greenwald, is technology. Startled by the piercing blast of Snowden’s whistle, tech companies scrambled to close back doors, reinforce firewalls, patch vulnerabilities, and offer consumers free tools to encrypt anything and everything in response to one man’s cry. Snowden succeeded where many congressmen have failed. While we may not have a single uniform law to grant us that elusive right to privacy (yet), the tech companies have effectively (up to now) shuttered the lens of our government’s spying eyes with a liberal dose of encryption. That, however, may erode away if the full Congress passes the Cybersecurity Information Sharing Act of 2015.

I first understood the importance of encryption early on, and it was the number one reason I went to law school. I wanted to be a spy – or a counter spy. Whatever you want to call it, I wanted to catch bad guys, plain and simple. I was infected by the bug well before terrorism took root on US soil. It was, you could say, in my DNA. My grandfather had been an “intelligence officer” with the OSS during the 40’s and 50’s, monitoring the whereabouts of German “expatriots” in Latin America, using the cover of his father-in-law’s radio station to send coded messages back to the States. His brother, my great uncle, encrypted and decrypted messages sent and received by my grandfather, then moved over to the NSA when it was formed to eventually retire as a master cryptographer. My dad was in naval intelligence, as was my mother’s brother. I even wrote my upper level paper in law school on the implications of remote sensing on a citizen’s right to due process, and whether or not intelligence gleaned from such surveillance would be admissible in court without a search warrant (this was long before 9/11, when those satellites could only give you 3 meters resolution – today, it’s a far scarier prospect than many of us realize with satellite imaging resolution reduced to mere inches). But like many others, life got in the way of my career ambitions and I ended up on another path. I still get to go after bad guys, just not for my country.

The next speaker was an equally prominent figure, Professor Michael Sandel, who teaches Justice, Harvard University’s most popular course in its esteemed history. Sandel led his captive audience on a journey of discovery, exploring the morality of what I will term “compromised privacy.” Sandel probed for answers as to whether or not it was okay to bargain away pieces of your privacy in exchange for preferred pricing, or shared benefits. Why not exchange bits and bytes of data about yourself, if it’s going to customize your online experience “for the better” or perhaps get you deals you otherwise wouldn’t otherwise get? Or maybe use your data to enhance your health, improve your well-being? There were folks on both sides of the fence, until an audience member named Brad spoke up. Aside from being creepy, Brad pointed out that people change their behaviors when they know they are being observed, for better or for worse, and that not all change was necessarily good.

What came to mind as Brad and Professor Sandel were jockeying about was George Orwell’s 1984, with Big Brother watching every move of every citizen, who in turn suppressed every impulse to fit the expected norm. The premise of Brad’s position is that as people’s behaviors change, so do societal norms. These evolving norms can either serve to reinforce the moral compass, or erode it, dislodging our True North. It is beyond our capacity to foresee which direction compromised privacy will lead us, for the better, or for the worse. Given recent trends on social media, this Tough Cookie is decidedly of the mind that things are not looking for the better….

As leaders in corporate America, we too can influence the “social norm” of our organizations, as we are being observed daily by those we lead. Like the lesson to be drawn from Brad’s astute insight, we know we are being watched, and we know we should put filters on our communications. The truth is, many “leaders” either aren’t aware, or don’t care, to take a few extra precautions to communicate authentically and in a manner that is meaningful, relevant, and targeted for specific results. The Tough Cookie Tales from the Crypt have given you plenty of examples to prove that point. If you’ve taken the time to assess the culture of your organization, and have some data points that indicate there are some gaps that need filling, we suggest you go ahead and poke the bear. The goal, remember, is to influence your organization’s societal norms, and our hope is the tools and insights we’ll give in the next few postings will help you do so for the better.

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. 

March 20, 2015

Miss Marple Short Stories and SEC Enforcement of the FCPA, Part V – Final Thoughts

Agatha ChristieI conclude my week of exploration of Agatha Christie’s Miss Marple short stories and the Securities and Exchange Commission’s (SEC) enforcement of the Foreign Corrupt Practices Act (FCPA) by reviewing some of the new things I’ve learnt during this week of research. I learned that Christie made several social observations and revealed much about herself through these stories. She is very much constrained by the roles given to women in the early to mid-1920s, including the lack of a proper education. She also writes about some of the disdainful attitudes of people to an older woman. I found a number of inside jokes that Christie placed into the stories, even referring to the prevalence of detective fiction in print and on the stage at the time the stories were written. Finally is the fact that people make the mistake of not noticing her but that she is watching them and listening and that they will remain unaware of her presence for not too much longer.

In his recent blog post, entitled “Are You An FCPA Contender Or Pretender?”, the FCPA Professor suggested that if you want to practice in the area of FCPA compliance, you really should take the time to read some of the very few underlying sources and documents relating to the subject. After my week exploration of the SEC enforcement of the FCPA, I would note that you can learn quite a bit by heeding his advice.

Internal Controls

There was a trend, beginning in the fall of 2014 of SEC FCPA enforcement actions, where the Department of Justice (DOJ) either declined to prosecute the company or settled with the company via a Non-Prosecution Agreement (NPA). This led me to conclude that the SEC was ramping up its review and enforcement of the accounting provisions under the FCPA separate and apart from criminal side enforcement of the FCPA by the DOJ. Earlier this month, when Andrew Ceresney, the SEC Director, Division of Enforcement, spoke at CBI’s Pharmaceutical Compliance Congress in Washington DC he discussed the importance of internal controls in SEC enforcement. While his remarks were primarily directed “in the context of financial reporting” I believe they could be equally applicable in the FCPA compliance context.

Ceresney said, “What kinds of practice pointers for how to avoid these issues? Well, in cases we have brought, we see controls that were not carefully designed to match the business, or that were not updated as the business changed and grew. And we see that senior leadership was not asking the tough questions – and sometimes not even asking the easy questions. Senior management in some cases was just not engaged in any real discussion about the controls. As a result, employees did not properly focus on them and the firm and its shareholders are put at risk.” I think these statements, particularly taken in the context of his overall remarks, portend a greater focus on internal controls review and enforcement in the FCPA context.

Finally, in the area of internal controls, is the interplay of Sarbanes-Oxley (SOX) with FCPA enforcement and several sections of the Act that have FCPA implications. These include SOX §302 that requires the principle officers of a company to “take responsibility for and certify the integrity of these company’s financial reports on a quarterly basis.” Under SOX §404 companies must present annually their conclusion “regarding the effectiveness of the company’s internal controls over accounting.” Finally, SOX §802 prohibits “altering, destroying, mutilating, concealing or falsifying records, documents or tangible objects” with the intent to obstruct or influence a federal investigation, such as the FCPA.

Every public company is required to report on its internal controls. The SEC may well start mining those required, annual public disclosures for information on compliance internal controls. If the SEC finds a company’s report lacking and then after requesting further information, still finds a company’s response lacking, a company may be looking at strict liability and a financial penalty based on profit disgorgement as I lay out next.

Strict Liability

I have written about the coming of strict liability to the SEC enforcement of the FCPA’s accounting provisions, including books and records and internal controls. However, after having read, re-read and reviewed the FCPA and commentary, I now believe that a strict liability interpretation for enforcement of the FPCA is fully supported by the plain language of the Act itself. I come to this conclusion because there is no language in the text of the Act that ties the accounting provision requirements to any other operative violation of the statute. In other words, there is no language that says that an accounting provisions violation must be tied to an offer or payment of a bribe to obtain or retain business. While the FCPA does not specifically say that a company will be strictly liable for a violation of the accounting provisions, it is certainly not prohibited. Since violations of the accounting provisions as enforced by the SEC are civil violations only, I now believe that such a position is not prohibited by the Act.

Profit Disgorgement 

Similar to my views on strict liability for accounting violations, I have also come to believe that profit disgorgement is a remedy fully supported and available to the SEC in FCPA enforcement actions. This change was made by an un-related law, entitled The Penny Stock Reform Act of 1990, which amended the Securities Exchange Act of 1934 to: allow the SEC to (1) impose tiered civil money penalties pursuant to administrative findings of violations of the Act; (2) enter an order requiring an accounting and disgorgement; (3) issue cease and desist orders; and (4) issue temporary restraining orders. Profit disgorgement has generally been considered an equitable remedy. Sasah Kalb and Marc Alain Bohn, in their article “Disgorgement: The Devil You Don’t Know, wrote “As an equitable remedy, disgorgement is not intended as tool to punish, but as a vehicle for preventing unjust enrichment. The SEC is therefore only permitted to recover the approximate amount earned from the alleged illicit activities. Disgorging anything more would be considered punitive.”

In conjunction with this equitable nature for profit disgorgement, is the concept of proportionality. In the article by David C. Weiss, entitled “The Foreign Corrupt Practices Act, SEC Disgorgement of Profits and the Evolving International Bribery Regime: Weighing Proportionality, Retribution and Deterrence”, he wrote that regarding proportionality “punishment schemes fail a utilitarian test when the punishment exceeds, or threatens to exceed, the offense. Put another way, deterrence requires that a punishment be proportionate to the harm—allowing for some multiplier based on the likelihood of being caught. Punishments that are not proportionate are not justified under this utilitarian theory.”

Profit Disgorgement as a Remedy for Strict Liability

In this final section, I give my opinion as to where I think the next step of SEC enforcement may be headed. I think it will be a combination of the enforcement of the accounting provisions of the FCPA through a strict liability reading of them by the SEC to the remedy of profit disgorgement. Admittedly this opinion seems contrary to the equitable nature of the remedy of profit disgorgement. However the greater focus of SEC scrutiny and enforcement of the accounting provisions point me in that direction. While it is also true that profit disgorgement has traditionally required some specific ill-gotten gains; with the statutory authority provided by the Penny Stock Act to the SEC allows for disgorgement with no language around its equitable beginning, this may be enough for the SEC to make such an intellectual leap. Further, as noted by Kalb and Bohn, “Because calculations like these often prove difficult, courts tend to give the SEC considerable discretion in determining what constitutes an ill-gotten gain by requiring only a reasonable approximation of the profits which are causally connected to the violation.”

The final component is the lack of judicial review in FCPA enforcement actions. Every practitioner is aware of the absolute dearth of cases in this area. With the SEC moving towards more administrative actions, through the 2010 Dodd-Frank amendment that enables the SEC to collect civil penalties through administrative proceedings, there may not be many federal district court reviews going forward. Of course to have a federal district court review of a remedy, it generally takes the defendant to make some objection and companies seemingly do not wish to take on the SEC in any FCPA enforcement matter (or the DOJ for that matter). But even if there was a federal district review of a Cease and Desist Order filed before it, you almost never hear the court reject an agreed Order on the grounds that the remedy was too harsh or unwarranted.

I hope you have enjoyed and learned something this week unique to the SEC enforcement of the FCPA. I know I have both enjoyed reading many of the excellent commentators I have reviewed during my research. David Weiss, Marc Alain Bohn, Sasha Kalb, Russ Ryan and the FCPA Professor have all contributed significant legal work and thought leadership in this area that I have built some of my theories on so I thank them for their contributions. Another joy was reading Agatha Christie’s Miss Marple short stories. If you have a few evenings or some down time for spring break or summer vacation, I suggest you pick up the volume. It is just like visiting with an old friend on a dark and stormy night…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015



March 19, 2015

Ingots of Gold & SEC FCPA Enforcement – Communication – Part IV

Ingots of GoldToday I want to use the Christie’s story Ingots of Gold as an introduction to some of the regular communications that the Securities and Exchange Commission (SEC) representatives frequently provide in public forums, regarding their views on Foreign Corrupt Practices Act (FCPA) enforcement and, more importantly for the compliance practitioner, FCPA compliance. In this story, told by Miss Marple’s friend, he was spending a holiday in Cornwall with an acquaintance called John Newman. It involved a shipwreck and, as the title foretold, valuable cargo. After a stormy night Newman was missing but was later found bound and gagged in a ditch. It is revealed that Newman used this as ruse to cover his tracks from a theft of gold, which, of course, Miss Marple resolves when no one else can do so.

It was the language of this story that struck me. For as famous as Agatha Christie is for her puzzles, she had a great facility for language. At one point Miss Marple said, “You wouldn’t like my opinion, dear. Young people never do, I notice.” Later she describes the antagonist with the following, “his mind might run in strange, unrecognized channels”. Fortunately for the compliance community, one of the significant ways that the SEC communicates with compliance practitioners is through public speeches. We were recently treated to another such example when Andrew Ceresney, the SEC Director, Division of Enforcement, spoke at CBI’s Pharmaceutical Compliance Congress in Washington DC. Ceresney provided some clear guidelines for the compliance practitioner about what the SEC expects from companies in the area of FCPA compliance. More specifically he talked about some specific bribery schemes the SEC has seen in FCPA enforcement actions involving the pharmaceutical industry. These examples provided scenarios that any compliance practitioner in the pharmaceutical space can investigate for their organization.

Pharmaceutical Industry Bribery Schemes

Ceresney discussed ‘Pay-to-Prescribe’ bribery schemes where physicians and hospitals are paid bribes in “exchange for prescribing certain medication, or other products such as medical devices.” These schemes can involve payments of cash or other forms of non-cash benefits such as gifts, travel and entertainment. He described an example where a company “invited “high-prescribing doctors” in the Chinese government to club-like meetings that included extensive recreational and entertainment activities to reward doctors’ past product sales or prescriptions.” Another such scheme involved a running total of points for doctors who prescribed a company’s products, which could later be cashed in for items of value. Another involved a rebate of part of a hospitals overall purchase to certain doctors or hospital administrators.

Another form of bribery was seen where a company would direct charitable donations to the decision-makers “pet” charity. In a couple of FCPA enforcement actions, the charity had nothing to do with the pharmaceutical industry but in one case there was “a purported donation of nearly $200,000 to a public university to fund a laboratory that was the pet project of a public hospital doctor. In return, the doctor agreed to provide business to” the company in question. The point of all of these examples is that “that bribes come in many shapes and sizes, and those made under the guise of charitable giving are of particular risk in the pharmaceutical industry. So it is critical that we carefully scrutinize a wide range of unfair benefits to foreign officials when assessing compliance with the FCPA – whether it is cash, gifts, travel, entertainment, or charitable contributions.”

Compliance Programs

I certainly agree with Ceresney, only adding that I do not think you can say it too loud or too often, when he stated, “The best way for a company to avoid some of the violations that I have just described is a robust FCPA compliance program.” It all begins with a risk assessment so that you will understand what your company’s risks are and you can manage them accordingly through your compliance program. From there Ceresney said, “The best companies have adopted strong FCPA compliance programs that include compliance personnel, extensive policies and procedures, training, vendor reviews, due diligence on third-party agents, expense controls, escalation of red flags, and internal audits to review compliance.” He also specifically mentioned third parties, as they are still perceived to be the highest risk in any FCPA risk matrix. He stated, “To properly combat against these abuses, a compliance program must thoroughly vet its third-party agents to include an understanding of the business rationale for contracting with the agent. Appropriate expense controls must also be in place to ensure that payments to third-parties are legitimate business expenses and not being used to funnel bribes to foreign officials.”

Self-Reporting and Cooperation

Next Ceresney turned to self-reporting and cooperation. After initially noting that the current enforcement environment is greatly aided by self-reporting, he went on to explain why it is in a company’s interest to do so. Beyond the simple credit a company receives for self-reporting, by doing so “parties are positioned to also help themselves by aggressively policing their own conduct”. The SEC will also “continue to find ways to enhance our cooperation program to encourage issuers, regulated entities, and individuals to promptly report suspected misconduct. The Division has a wide spectrum of tools to facilitate and reward meaningful cooperation, from reduced charges and penalties, to non-prosecution or deferred prosecution agreements in instances of outstanding cooperation.” He ended this section of his remarks with a couple of thoughts that I believe succinctly provided the SEC’s position on self-reporting and cooperation. First he said “When I was a defense lawyer, I would explain to clients that by the time you become aware of the misconduct, there are only two things that you can do to improve your plight – remediate the misconduct and cooperate in the investigation.” He then ended with the following, “Companies that choose not to self-report are thus taking a huge gamble because if we learn of the misconduct through other means, including through a whistleblower, the result will be far worse. “

Internal Controls 

Ceresney had some interesting remarks around internal controls. He said they were in the “context of financial reporting”; however I found that they might well have significant implications for the compliance practitioner. I thought his money line was “Internal control problems have been prominently featured in recent enforcement cases we have brought in the financial reporting area, even in cases without accompanying charges of fraud.  This reflects our view that adequate internal controls are the building blocks for accurate financial reporting and can prevent fraudulent activity.” While the specified area of these remarks was around SOX §§302 and 404, I think this portends directly to internal controls under the FCPA.

He went on to state, “my key takeaway is that senior leadership of companies should place strong emphasis on the importance of designing and implementing strong internal controls. Senior officers need to ask questions about what they are being told about their internal controls – but perhaps more importantly, ask questions about the things that are not being reported to them. Dropping those occasional inquiries into conversations where they won’t be expected sends a powerful message that you want these issues to be on your employees’ minds. And what is needed is not just involvement from senior leadership but also from the audit committee. Instead of a check-the-box mentality, it is important to use careful thought at the outset to how controls should be designed in light of a firm’s business operations. This entails an up-front assessment of financial reporting risks, designing controls that address those risks, and ensuring that the resulting controls are well documented and communicated. And, as the company’s business evolves and changes, management must consider whether the existing internal controls are appropriate, or need to be enhanced or changed. Appropriate resources and attention also need to be devoted to monitoring those controls for effectiveness and making changes as needed.” Every time you see the words ‘financial’ simply substitute compliance and I think you will see where the SEC is headed in its internal controls enforcement of the FCPA.

Just as Agatha Christie communicated with her audience in ways broader than simply puzzles, through her great facility for delicious language, the SEC communicates in substantive ways with the compliance community through its speeches. You really do not have to read the tea leaves when you have such a clear message as was delivered by Ceresney at the CBI conference. Moreover, with all the sites that reported on it, talked about it and even linked to the printed text, you did not have to pay to attend. It is all there for you to read and to read for free.

For a copy of the text of Ceresney’s remarks, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015



March 18, 2015

The Blue Geranium – SEC Enforcement of the FCPA – Part III

Blue GeraniumIn Christie’s The Blue Geranium a difficult and cantankerous semi-invalid wife is looked after by a succession of nurses. They changed regularly, unable to cope with their patient, with one exception Nurse Copling who somehow managed the tantrums and complaints better than others of her calling. The wife had a predilection for fortunetellers and one announced that the wallpaper in the wife’s room was evil; pronouncing she should “Beware of the Full Moon. The Blue Primrose means warning; the Blue Hollyhock means danger; the Blue Geranium means death.” Four days later, one of the primroses in the pattern of the wallpaper in the wife’s room changed color to blue in the middle of the night, when there had been a full moon.

On the morning after the next full moon, the wife was found dead in her bed with only her smelling salts beside her. Once again Miss Marple has the solution remembering that potassium cyanide resembled smelling salts in odor. The wife took what she thought were smelling salts but was in reality potassium cyanide. The flowers on the wallpaper had been treated with litmus paper which the turned the geranium in question blue, which unmasked the killer.

I found this story to be an interesting way to introduce the topic of the Securities and Exchange Commission’s (SEC’s) damage remedies. While some are obvious, such as the fines and penalties which are listed in the text of the Foreign Corrupt Practices Act (FCPA), another one, that being profit disgorgement must be seen through the lens of multiple legislations.

Monetary Fines

The damages that are available to the SEC differ in some significant aspects from those available to the Department of Justice (DOJ) in its enforcement of the criminal side of the FCPA. According to the FCPA Guidance, “For violations of the anti-bribery provisions, cor­porations and other business entities are subject to a civil penalty of up to $16,000 per violation. Individuals, including officers, directors, stockholders, and agents of companies, are similarly subject to a civil penalty of up to $16,000 per violation, which may not be paid by their employer or principal. For violations of the accounting provisions, SEC may obtain a civil penalty not to exceed the greater of (a) the gross amount of the pecuniary gain to the defendant as a result of the violations or (b) a specified dollar limitation. The specified dollar limitations are based on the egregious­ness of the violation, ranging from $7,500 to $150,000 for an individual and $75,000 to $725,000 for a company.”

As straightforward as these monetary amounts may seem, the totals can become very large very quickly. As noted by Russ Ryan in a guest post on the FCPA Professor’s blog, entitled “Former SEC Enforcement Official Throws The Red Challenge Flag, the SEC significantly multiplied those amounts in a default judgment context against former Siemens executives by claiming that “four alleged bribes should be triple-counted as three separate securities law violations – once as a bribe, again as a books-and-records violation, and yet again as an internal-controls violation – thus artificially multiplying four violations to create twelve.” Further, under the specific books-and-records and internal-controls allegations “the SEC was super aggressive, taking the position that these classically non-fraud violations involved “reckless disregard” of a regulatory requirement, thus allowing the SEC to demand the maximum $60,000 per violation in “second-tier” penalties rather than the $6,000 per violation in the “first-tier” penalties ordinarily associated with non-fraud violations.”

Profit Disgorgement

In addition to the above statutory fines and penalties, “SEC can obtain the equitable relief of disgorgement of ill-gotten gains and pre-judgment interest and can also obtain civil money penalties pursuant to Sections 21(d)(3) and 32(c) of the Exchange Act. SEC may also seek ancillary relief (such as an accounting from a defendant). Pursuant to Section 21(d)(5), SEC also may seek, and any federal court may grant, any other equitable relief that may be appropriate or necessary for the benefit of investors, such as enhanced remedial measures or the retention of an independent compliance consultant or monitor.” These remedies can be sought in a federal district court of through the SEC administrative process.

As explained by Marc Alain Bohn, in a blog post on the FCPA Blog entitled “What Exactly is Disgorgement?” profit “Disgorgement is an equitable remedy authorized by the Securities Exchange Act of 1934 that is used to deprive wrong-doers of their ill-gotten gains and deter violations of federal securities law. The Act gives the SEC the authority to enter an order “requiring accounting and disgorgement,” including reasonable interest, as part of administrative or cease and desist proceedings”. In another article Bohn co-authored with Sasha Kalb, entitled “Disgorgement – the Devil You Don’t Know” published in Corporate Compliance Insights (CCI), they set out how such damages are calculated. They said, “In calculating disgorgement, the SEC is required to distinguish between legally and illegally obtained profits. The first step in such calculations is to identify the causal link between the unlawful activity and the profit to be disgorged. Once this causal link is established, the SEC may assert its right to disgorge illicit profits that stem from this wrong-doing. Because calculations like these often prove difficult, courts tend to give the SEC considerable discretion in determining what constitutes an ill-gotten gain by requiring only a reasonable approximation of the profits which are causally connected to the violation.”

However if you read the FCPA quite closely you will not find any language regarding profit disgorgement as a remedy. Nevertheless a simple reading of the statute does not limit our inquiry as to this remedy. In a Note, published in the University of Michigan Journal of International Law, entitled “The Foreign Corrupt Practices Act, SEC Disgorgement of Profits and the Evolving International Bribery Regime: Weighing Proportionality, Retribution and Deterrence”, author David C. Weiss explained the development of the remedy of profit disgorgement. As noted by Bohn, profit disgorgement was always available to the SEC from the very beginning of its existence, through the enabling legislation of 1934. But as explained by Weiss, in the completely unrelated legislation entitled The Penny Stock Reform Act of 1990, profit disgorgement was “authorized by statute [as a remedy to the SEC] without a limitation to the FCPA.”

Finally, and what many compliance practitioners do not focus on for SEC enforcement of the FCPA, was the enactment of Sarbanes-Oxley Act of 2002 (SOX). Weiss said, “The most recent change to the way in which the SEC enforces the FCPA—and a critical development to consider—is SOX, which affects virtually all of the SEC’s prosecutions, including those under the FCPA. When assessing penalties, the SEC draws on SOX to provide great latitude in determining the types of penalties it enforces. While SOX did not amend the FCPA itself, it did amend both civil and criminal securities laws relating to compliance, internal controls, and penalties for violations of the Exchange Act. Since the enactment of SOX, the SEC has possessed the power to designate how a particular penalty that it assesses will be classified.” [citations omitted]

There has been criticism of the SEC using profit disgorgement as a remedy. As far back as 2010, the FCPA Professor criticized this development in his article “The Façade of FCPA Enforcement” where he found fault with the remedy of profit disgorgement for books and records violations or internal controls violations only, where there is no corresponding “enforcement action charging violations of the anti-bribery provisions.” He wrote “It is difficult to see how a disgorgement remedy premised solely on an FCPA books and records and internal controls case is not punitive. It is further difficult to see how the mis-recording of a payment (a payment that the SEC does not allege violated the FCPA’s anti-bribery provisions) can properly give rise to a disgorgement remedy.”

Bohn and Kalb said, “Over the last six years, disgorgement has served to significantly increase the financial loss that companies are exposed to in FCPA enforcement matters. In addition to the considerable civil penalties often imposed by the SEC as part of FCPA settlements, the SEC has made clear that it will not hesitate to seek recovery of large sums through disgorgement provided they are reasonably related to the alleged misconduct. Yet the methodology used by the SEC to support the amounts it seeks to disgorge has not been much discussed.  In the absence of adequate guidance as to how these sums are calculated, disgorgement poses an even greater risk in the current aggressive FCPA enforcement climate.” I would only add to their conclusion that profit disgorgement is here to stay.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Next Page »

Blog at WordPress.com.