FCPA Compliance and Ethics Blog

April 20, 2015

The Intersection of the FCPA, TI-CPI and Tax Appeals in Brazil

Three Way IntersectionThe Transparency International-Corruptions Perceptions Index (TI-CPI) is released each year in November. The TI-CPI rates Brazil as 69th out of 175 countries on its index, coming in with a score of 43 out of 100. I wonder if TI might consider an interim report this year on Brazil? As things keep going, more and more corruption is alleged to be a part of the everyday fabric of the country. While the Petrobras and related scandals have been well chronicled, the overall stench of corruption just keeps spreading and spreading.

Recently it was announced yet another set of investigations around corruption has begun. This time it involves the Brazilian Finance Ministry’s Administrative Council for Tax Appeal. In an article in the Wall Street Journal (WSJ), entitled “Brazil Probes New Bribery Allegations”, Paulo Trevisani reported that this is an “arbitration board that hears appeals from taxpayers who dispute how much they owe the [Brazilian] government.” The investigation would appear to be widespread as “Prosecutors said 74 companies and 24 individuals are under investigation.”

Interestingly not only is the Finance Ministry investigating the allegations but also the Brazilian internal revenue service, the Brazilian federal police and the Brazilian federal prosecutors office. In what would seem to indicate the inherent conflict of interest in the Finance Ministry investigating itself, Trevisani reported the “Finance Ministry said the alleged scheme wasn’t systematic but rather, involved “isolated acts” carried out by a small group of government tax officials. When prosecutors announced the investigation on March 26 they said that losses to the nation’s treasury totaled $6.1 billion over 15 years.” Oops.

While the entities and individuals under investigation have not been named, “a leading investigator on the case said companies under investigation include Ford Motor Brazil, a unit of Ford Motor Co.; JBS, the world’s largest meatpacker, the Brazilian unit of the Spanish bank Banco Santander SA; and Brazil’s second largest private-sector bank, Bradesco SA.” You may recall from an earlier blog post I noted that Brazil’s third largest state-owned bank Caixa Econômica Federal (Caixa) is also under investigation for corruption.

However, this new corruption scandal is the first time that non-Brazilian companies have come under investigation outside of the Petrobras scandal. The WSJ article noted, “Brazil’s tax system is among the most onerous and complex in the world. Penalties can be steep. That has fostered an environment where corruption can flourish, [un-named] experts say. “Taxes in Brazil are so high and complicated that it is easy for companies to get in trouble with the taxman,” the leading investigator told The Wall Street Journal. The investigator said frequent tax disputes created opportunities for ill-intentioned public servants to profit by helping firms circumvent red tape. Prosecutors say the probe began in 2013 after they received an anonymous letter describing details of the alleged scheme.”

An article in forbes.com, entitled “Ford On List Of Companies Suspected Of Brazilian Tax Fraud” by Kenneth Rapoza, went further than the WSJ article when it laid out the list of “companies are under investigation for taking part in various tax bribery schemes” and then listed the amounts they allegedly avoided paying. The Top Ten list is:

  • Santander: R$3.3 billion
  • Bradesco: R$2.7 billion
  • Ford: R$1.7 billion
  • Gerdau: R$1.2 billion
  • Light: R$929 million
  • Banco Safra: R$767 million
  • RBS: R$672 million
  • Camargo Correa: R$668 million
  • Mitsubishi: R$505 million
  • Banco Industrial: R$436 million

An article in businessinsider.com, entitled “Brazil uncovers multibillion-dollar tax fraud”, reported that this investigation, dubbed Operation Zeal, had uncovered that “the [tax] body managed to obtain tax appeals board rulings in the companies’ favor by either cutting penalties or waiving them altogether. In return, officials allegedly received bribes from some 70 companies believed to have benefited from the scheme. A written statement issued by Brazilian federal police stated “The investigations, begun in 2013, showed the organization acted within the body sponsoring private interests, seeking to influence and corrupt advisors with a view either to securing the cancellation or reduction of penalties from tax authorities”. Moreover, “Police said the scam could have netted the companies as much as 19 billion reais ($5.9 billion) but evidence uncovered so far amounts to around a third of that amount.” Finally, and perhaps most ominously, the article said, “Federal police organized crime chief Oslain Campos Santan said the total sums could end up being “as much” as that involved in the Petrobras scam”.

This new Brazilian corruption scandal recalls the Foreign Corrupt Practices Act (FCPA) enforcement action against the Houston-based Parker Drilling Company. According to the Department of Justice (DOJ) Press Release issued at the time of the announcement of the conclusion of the matter, the company was issued a tax assessment on its drilling rigs. The Press Release went on to state, “According to court documents, rather than pay the assessed fine, Parker Drilling contracted indirectly with an intermediary agent to resolve its customs issues. From January to May 2004, Parker Drilling transferred $1.25 million to the agent, who reported spending a portion of the money on various things including entertaining government officials. Emails in which the agent requested additional money from Parker Drilling referenced the agent’s interactions with Nigeria’s Ministry of Finance, State Security Service, and a delegation from the president’s office. Two senior executives within Parker Drilling at the time reviewed and approved the agent’s invoices, knowing that the invoices arbitrarily attributed portions of the money that Parker Drilling transferred to the agent to various fees and expenses. The agent succeeded in reducing Parker Drilling’s TI Panel fines from $3.8 million to just $750,000.”

So with all of the above that has been written about in the past few weeks, where do you think Brazil should be on the TI-CPI? While its rating of 43 out of 100 may not seem too low or perhaps more accurately too much perceived corruption, it may be time for a mid-year reassessment. Certainly if you are a Chief Compliance Officer (CCO) or compliance practitioner you may wish to perform your own reassessment. If you have any dealings with the Brazilian Finance Ministry’s Administrative Council for Tax Appeal, you need to perform an internal investigation starting today on all information you can find about the process and results. For if the results were extremely favorable the reason for the achievement may have violated both Brazilian law and the FCPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 17, 2015

The Passing of Günter Grass and Compliance Week 2015 Is Near

Filed under: Compliance Week — tfoxlaw @ 12:01 am
Tags:

Gunter GrassGünter Grass died this week. The contradictions that made up post-war Germany were wrapped up in him as well as any other single person I know anything about. He was a Nobel Prize winner for literature, who, it was revealed late in his life, had been a member of the Waffen-SS during World War II. He was an anti-militarist, anti-nationalist and against German reunification, yet a big fan of Castro’s Cuba. Contractions indeed. Like most Americans, I was introduced to Grass through his seminal work The Tin Drum. It was as haunting a work as I had read up to that point in my life and one I can still remember reading to this day.

In the area of conference excellence around all things compliance, there is the upcoming Compliance Week 2015. While the conference has not had as many appearances as Gehrig’s long streak, this is the 10th annual event. As usual, Matt Kelly and his team over at Compliance Week have put together a star-studded and first-rate program for a wide variety of compliance practitioners. From the US government there is Margaret McGuire, Vice Chair of the Securities and Exchange Commission (SEC) Financial Reporting and Task Force, and Assistant Attorney General Leslie Caldwell. For export controls there will be representatives from the Department of Treasury and Department of Justice (DOJ) to bring you the latest on export control enforcement issues. Finally, both Laura Perkins from the DOJ and Kara Brockmeyer from the SEC will be there to discuss Foreign Corrupt Practices Act (FCPA) enforcement from the perspectives of their agencies.

As usual there will be many sessions aimed at the compliance practitioner. Are you interested in developing a strong corporate culture? If so there will be sessions to discuss how to do so from working with your management to have the right culture to building ethics and compliance programs that amplify those values rather than undermine them. Another often-discussed topic is compliance leadership. There are several sessions focusing on this topics as well as moving compliance officers into the new era of corporate compliance, CCO 2.0.

If there are specific geographic areas that you are concerned about there will be conversations about Russia, Central Asia, the Middle East, Africa, China and Latin America. In these sessions, held in smaller groups to facilitate conversations and questions, there will be discussions that focus on ethics and compliance risks in geographic hotspots around the world. Wondering which regulators matter most in a specific area? What training tactics work best for local workforces? Which cultural differences can cause the biggest risks or mis-steps? All those questions and more are prime fodder for these sessions.

Cyber security is becoming more prominent. In addition to the sessions where government speakers will talk from their perspectives, there will also be sessions aimed at the corporate response. Sarbanes-Oxley (SOX) reporting and money laundering issues will be discussed. Finally, although it may not seem intuitive for compliance professionals but I would urge you to attend the session on the new revenue recognition standards. Even I could understand the prior standards and lawyers and compliance professionals need to have handle on what the business folks need to do to have their sales properly recognized in books and records.

There will be several sessions dealing with training. An interesting one is entitled “Game On: 4th Generation Ethics and Compliance Education” and will provide you with information on best practices and how to align roles, risks, training priorities strategically and to make the most efficient use of limited training time while protecting the organization. The discussion will be framed around statistics that you can use to drive training decisions and true program effectiveness. Another interesting angle will be through the prism of social media in a session which will consider the new risks social media brings, and the best ways to square its advances in communications and IT with your existing compliance program, whether that’s through new policies, new technology, or a mix of both.

There will be several of sessions dealing with investigations. One I am looking forward to attending is entitled “Compliance Officer’s Role in Investigations and Discipline”, where we will focus on how you can run an effective investigation in some of the most difficult spots in the world, where local law may conflict with what you need to do. The distinguished panel will explore local stumbling blocks to your investigation, and offer ideas on how to complete the job nonetheless. In the era of ­pre-taliation claims by the SEC, discipline is becoming a trickier subject for Chief Compliance Officers (CCOs).

The FCPA is always at the forefront of this conference and this year’s event is no different. You can learn from Leslie Caldwell about overall enforcement trends and from other government representatives on some of the issues specific to their agencies and departments. Lastly, I will be leading a conversation on the FCPA enforcement trends we have seen in 2015 to date.

As usual, Matt Kelly and his team have put together a fantastic event. But the greatest value might be for you to mingle and meet with some of the top compliance practitioners and thought leaders in the country over three days in May. There will be plenty of time for socializing and meeting in the spacious breakfast area, on refreshment breaks or in the always-great Tuesday evening cocktail party.

I have been authorized to offer readers of this blog, who register for Compliance Week, a discount off of the standard rate. To register, please use this link and enter discount code CW15_FCPAFOX (case sensitive) to receive the special pricing. You can read more on the event by going to the following website: http://conference.complianceweek.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 16, 2015

Consumer Protection and Your Business

Filed under: Compliance,compliance programs,KYC — tfoxlaw @ 12:01 am

IMG_1145Ed. Note-today we have a guest post from Karen Schirmer, a Senior Advisor at Chartwell.

You’ve been hearing for a while now that the regulatory environment has been changing, and you follow the Consumer Financial Protection Bureau (“CFPB”) alerts to see if this new regulator will be looking at your type of business sometime in the near future. But you haven’t done anything new to prepare for greater consumer protection scrutiny because you’re too busy preparing for the upcoming state or bank examination. If this describes your organization, we understand that being proactive with limited funds and resources can be difficult. Nonetheless, consumer protection laws exist on the state and federal level, and states, banks, and other regulators are all taking a broader approach to their reviews. In this article, we will provide you with simple best business recommendations on how to get started with your consumer protection program.

Examine your collateral and marketing for consumer transparency

The most frequently cited violations of consumer protections have been unfair, deceptive, or abusive acts or practices (“UDAAP”) due to the lack of transparency of fees, unclear terms and conditions, and misleading statements deemed harmful to consumers. It is important that the consumer understands what the product or service is and the costs and terms of the products or services being purchased.   This includes all fees and fee limits, including inactivity, dormancy or service fees. Marketing, Packaging, Terms and Conditions, and overall Website language are places that have high risk of creating confusion for the consumer. These are good places to start your project review. Focus on the wording of your marketing and other collateral: is it in an active voice, using strong verbs and the simplest tense possible? Are explanations in everyday words, rather than excessive acronyms, abbreviations, or multiple negatives? Are several qualifiers used in explanations? If so, see if those explanations may be made more direct. Short, concise sentences are best. Look for consistency in terminology – if a transaction fee is the same as an activity fee, pick one term (this may be guided by regulation), define it, and use it throughout.

When evaluating either new or existing financial services products for consumer transparency, your standard of proof should be low, such as “likelihood” of being misled. A reasonable consumer’s overall or “net” impression counts, and omissions of key facts can lead a consumer to the wrong overall impression.

The format and proximity of material information is very important. Consumer disclosures and other key information, such as product function, terms and conditions, privacy and complaint notices should be in at least 8pt font (your product may need to follow a particular font requirement, per regulation) and whenever possible, clearly described on the first or second page, and linked in multiple places. It is prudent to identify any structural aspects of a product or terms and conditions that a consumer might not understand or would find surprising and add highlights or clarifications as appropriate.

Engage your privacy and data security teams 

With several high-profile data security breaches occurring in 2014, consumer confidence and trust in many financial products has eroded, and spending habits have changed accordingly.

The message is that companies offering financial products and services should look into strengthening their security infrastructure with data loss prevention, network security, encryption, and strong authentication and defensive measures. Other internal best practices include having a detailed data security policy that is communicated through training to employees and 3rd party stakeholders, and assigning controls and control owners to test security measures on a regular basis.

Privacy and transparency are interrelated. Companies must provide users with clear and complete information regarding any collection, use and disclosure of the collected data. Further, internal departments that have access to or may want to use the data must receive training on the limited uses for and protection of the data.

Enhance the consumer experience 

The consumer experience starts with the presentation of a product choice or choices, and the consumer is able to select options in an informed manner. Lack of understanding on the part of the consumer of the risks, costs or conditions of the product or service often leads to complaints.

Once the consumer has signed up for a product or service, it is important that the consumer may access his/her account information easily. The consumer should have ample free access to account information.

A consumer’s experience with a product is directly impacted by the quality of a company’s customer service function. The telephone number(s) for complaints of various types should displayed in multiple places (i.e. websites, receipts, postings, Terms and Conditions).

Effective and timely resolutions of complaints is critical in an environment where consumer protection gets strong attention from state Attorney General’s offices and Federal Agencies. Companies should have policies and procedures that include the following:

  1. A policy statement in support of consumer protection;
  2. An ongoing process of identifying consumer protection laws;
  3. A compliance management system to track the applicable requirements of the laws on a per business or per product basis;
  4. A written process specifically for complaints that raise compliance issues;
  5. A written process for using complaint data to fix practices and take corrective action; and
  6. A records-management process that includes the maintenance of complaint records, litigation, investigation, policies, procedures and reports of complaints resulting in operational changes. Responses and timeframes are tracked

Consumer protection is more than just providing disclosures. Your consumer protection review can be done in layers. Seek a commitment from senior management and/or Board of Directors, implement strategic projects such as the ones described above, add in training and on-going monitoring and you will be well on your way to having strong consumer protection compliance program.

Karen Schirmer has 12 years of experience directing Compliance teams, and drafting programs that identify requirements, risks, controls and methods of control validations. During her work as Compliance Director for Western Union, Inc. and Integrated Payments Systems Inc., she conducted independent reviews, and coordinated regulatory examinations.  As part of the First Data leadership team for 10 years, she drafted and directed the operations of the 2012-2013 Global Corporate Compliance Program.  For more information, please contact Karen at karenschirmer@chartwellcompliance.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, her affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.

April 15, 2015

Five Step Process for Transaction and Continuous Controls Monitoring

Five Step ProcessMost Chief Compliance Officers (CCOs) and compliance practitioners understand the need for transaction monitoring. Whether it be as a part of your overall monitoring of third parties, employees, or to test the overall effectiveness of internal controls and compliance, transaction monitoring is clearly a part of a best practices compliance program. Further, while most compliance practitioners are aware of the tools which can be applied to transaction monitoring, they may not be as aware of how to actually engage in the process. Put another way, how do you develop a methodology for building a transactional monitoring process that yields sustainable, repeatable results?

I recently put that question to one of the leaders in the field, Joe Oringel, co-founder and principal at Visual Risk IQ. He explained to me that their firm has dissected data analytics and transaction monitoring into a five-step process they call QuickStart, which facilitates applying the process iteratively across a two to four month time frame. These iterations allow for, and reinforce the methodology’s repeated and practical application and reapplication. The five steps are (1) Brainstorm, (2) Acquire and Map Data, (3) Write Queries, (4) Analyze and Report, and (5) Refine and Sustain.

Brainstorm

Under this step, the transactional monitoring specialist, subject matter expert (SME), such as one on the Foreign Corrupt Practices Act (FCPA) or other anti-corruption law, and the compliance team members sit down and go through a multi-item list to better understand the objectives and set the process going forward. The brainstorming session will include planning the monitoring objectives and understanding the data sources available to the team. Understanding relationships between the monitoring objectives and data sources is essential to the monitoring process. During brainstorming, the company’s risk profile and its existing internal controls should be reviewed and discussed. Finally, there should be a selection of the transaction monitoring queries and a prioritization thereon. This initial meeting should include company representatives from a variety of disciplines including compliance, audit, IT, legal and finance departments, sales and business development may also need to be considered for this initial brainstorming session.

While the rest of the steps may seem self-evident in any transaction monitoring process, it is the brainstorming step which sets the Visual Risk IQ approach apart. This is because business knowledge is critical to sustaining and improving the transaction monitoring process. And because the process is iterative, periodic meetings to further understand the business pulse allow the most useful data to be monitored through the system. 

Acquire and Map Data

The second step is to obtain the data. There may be a need to discuss security considerations, whether or how to redact or mask sensitive data, and ensure files are viewable only by team members with a “need to know”. Balancing, which consists of comparing the number of records, checksums, and controls totals between the source file (as computed by the file export) and then re-calculated number of records, checksums, and control totals (as computed by a file import utility). Balancing is performed to make sure that no records are dropped or somehow altered, and that the files have integrity. Somewhat related is making sure that the version of the files used is the “right” one. For example if you are required to obtain year-end data year-end close could be weeks after the closing entries have been actually recorded, depending on the departments engaged in the year end processes.

Types of systems of record could include Enterprise Resource Planning (ERP) data from multiple transaction processing systems, including statistics on numbers and locations of vendors, brokers and agents. You may also want to consider watch lists from organizations such as the Office of Foreign Asset Control (OFAC), the Transparency International – Corruption Perceptions Index (TI-CPI), lists of Politically Exposed Persons (PEPs) or other public data source information. Some of the data sources include information from your vendor master file, general ledger journals, payment data from accounts payable, P-cards or your travel and entertainment system(s). You should also consider sales data and contract awards, as correlation between spending and sales as these may be significant. Finally, do not forget external data sources such as your third party transactional data. All data should initially be secured and then transmitted to the transaction monitoring tool. Of course you need to take care that your transaction monitoring tool understands and properly maps this data in the form that is submitted.

Write Queries

This is where the FCPA SME brings expertise and competence to assist in designing the specific queries to include in the transaction monitoring process. It could be that you wish to focus on the billing of your third parties; your employee spends on gifts, travel and entertainment or even petty cash outlays. From the initial results that you receive back you can then refine your queries and filter your criteria going forward. Some of the queries could include the following:

  • Business courtesies to foreign officials;
  • Payments to brokers or consultants;
  • Payments to service intermediaries;
  • Payments to vendors in high risk markets;
  • Round dollar disbursements;
  • Political contributions or charitable donations; and
  • Facilitation payments.

Analyze and Report

In this process step, you are now ready to begin substantive review and any needed research of potential exceptions and reporting results. Evaluating the number of potential exceptions and modifying queries to yield a meaningful yet manageable number of potential exceptions going forward is critical to long-term success. You should prioritize your initial results by size, age and source of potential exception. Next you should perform a root cause analysis of what you might have uncovered. Finally at this step you can prioritize the data for further review through a forensic review. An example might be if you look at duplicate payments or vendor to employee conflicts. Through such an analysis you determine if there were incomplete vendor records, whether duplicate payments were made and were such payments within your contracts terms and conditions.

Refine and Sustain

This is the all-important remediation step. You should use your root cause analysis and any audit information to recalibrate your compliance regime as required. At this step you should also apply the lessons you have learned for your next steps going forward. You should refine, through addition or deletion of your input files, thresholds for specific queries, or other query refinements. For example, if you have set your dollar limits so low that too many potential exceptions resulted for a thoughtful review, you might raise your dollar threshold for monitoring. Conversely if your selected amount was so low that it did not generate sufficient transactions, you could lower your parameter limits. Finally, you can use this step to determine the frequency of your ongoing monitoring.

Oringel concluded by emphasizing the iterative nature of this process. If you can establish your extraction and mapping rules, using common data models within your organization, you can use them to generate risk and performance checks going forward. Finally, through thoughtful use of transaction monitoring parameters, you can create metrics that you can internally benchmark your compliance regime against over time to show any regulators who might come knocking.

For further information on this process, contact Joe Oringel at Joe.Oringel@VisualRiskIQ.com

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 14, 2015

Lincoln Assassinated and HSBC’s Continued Self-Inflicted Woes

Filed under: Anti-Money Laundering,Compliance,compliance programs,HSBC — tfoxlaw @ 12:01 am

Lincoln AssassinationToday is the 150th anniversary of the first successful Presidential assassination attempt. It was on this day in 1865 that John Wilkes Booth shot President Abraham Lincoln at Ford’s Theater in Washington DC. Booth was not a lone gunman but led a group of Confederate sympathizers who attacked or planned to attack leading US government officials. Co-conspirator Lewis T. Powell burst into Secretary of State Seward’s home, repeatedly stabbing him and seriously wounding him and three others, while George A. Atzerodt, assigned to kill Vice President Johnson, lost his nerve and fled.

HSBC continues to stay in the news, unfortunately largely for the wrong reasons in the realm of anti-corruption, facilitating tax evasion and money laundering. In an article in the New York Times (NYT), entitled “HSBC Is Deemed Slow To Carry Out Changes”, reporters Jessica Silver-Greenberg and Ben Protess noted that earlier this month, federal prosecutors made a quarterly count filing as a part of their report on the bank’s Deferred Prosecution Agreement (DPA) “faulting the bank for weaknesses in spotting suspicious transactions and for enabling a corporate culture resistant to change.”

The filing itself was based upon the corporate monitor’s Michael Cherkasky’s “confidential 1000 page report submitted to prosecutors in January. That report, people briefed on the matter said, offered a more scathing assessment of the bank’s progress.” The monitor has been “evaluating HSBC’s global operations for cracks in its money-laundering controls. As such, he has reviewed the bank’s various business lines, including its sprawling operations in China.”

In the technology area, the filing noted the “bank’s technology systems, despite some improvement, still suffer from “fragmentation” and “lack of connectivity” the Justice Department filing said. With its creaky framework, the filing said, “the collection and analysis” of data could suffer.” This lack of technology to both check on customers or potential customers and then review the transactions they might engage in were a prime deficiency noted in the original 2012 enforcement action where “prosecutors found that HSBC facilitated money laundering on behalf of Mexican drug cartels, allowing at least $881 million in tainted money to course through its United States branches.”

But perhaps the more troubling finding in the prosecutors filing was around the culture at the bank. There was not specific criticism of the tone at the top of the bank or with senior management but with the employees’ attitudes towards meeting the obligations under the DPA. The filing said that “Change at the bank was met with resistance” providing at least one example; “When presented with negative findings from auditors, the filing said, managers at the bank’s United States unit for global banking and markets “inappropriately pushed back.” Ultimately, the resistance caused an internal audit report “to be more favorable to the business than it would have been otherwise.”

Interestingly HSBC itself pushed back against the government’s filing, at least in the press. The article noted that “In response to the filing, Stuart Levey, the bank’s chief legal officer said, “The Justice Department recognized in its letter that HSBC has made material progress toward meeting the most stringent compliance standards imposed to date upon a global financial institution.” Levey also said that “the bank was continuing to meet all its obligations under the deferred-prosecution-agreement and that its leaders “are making progress toward that objective and appreciate the monitor’s ongoing work.””

Monitor Cherkasky’s report and the Department of Justice (DOJ) filing bring up a couple of interesting points for speculation. The first is the continuing dialogue and debate on the effectiveness of DPAs and whether they actually do achieve their stated goals of changing corporate culture and behavior. The NYT article said that the DOJ filing, which came under the name of the President’s Attorney General-designee, as head of the US Prosecutor’s office, comes “at a time when prosecutors are grappling with repeat offenders on Wall Street”. Moreover, “the filing underscores the Justice Department’s efforts to stem the pattern of corporate recidivism.” Just how hard should the DOJ come down on HSBC? There are other more aggressive steps the DOJ could take, even at this point. These include “extending the five-year deferred-prosecution agreement or singling out culpable employees by name.” Indeed the article cited to a recent speech by the head of the DOJ’s criminal division, Deputy Assistant Attorney General Leslie Caldwell, where she said, “the government has “a range of tools” to deal with corporate recidivism, including extending the term of a deferred-prosecution agreement while prosecutors investigate accusations of new criminal conduct.”

How about tearing up the DPA and simply criminally prosecuting the bank on the facts it admitted to in the DPA? Caldwell also spoke to that possibility when she said in the same speech, “Make no mistake: The criminal division will not hesitate to tear up a D.P.A. or N.P.A and file criminal charges where such action is appropriate and proportional to the breach.” Since parties are required to agree to facts in any DPA or Non-Prosecution Agreement (NPA) it would seem that tearing up those settlement documents and then prosecuting those companies on the underlying facts would be a relatively straightforward matter.

The other party in this debate is the Attorney General-nominee herself. While at this point it is not clear if the GOP majority will ever let her nomination come up for a vote before the full Senate, what if the Senate Judiciary Committee decides to reopen the hearings on this issue and then shoehorn it into the larger ongoing academic and FCPA Inc. debate on DPAs (and NPAs and other settlement tools). What if the FCPA testified on the “Façade of FCPA Enforcement”? What if Ted Cruz came in to ask why the DOJ is even bothering to prosecute the British banking giant?

At the time of its settlement in 2012, the HSBC fine was the largest for any bank involving money laundering. The monitor’s report and DOJ court filing demonstrate that the settlement is still controversial and the conduct engaged in by the bank many years ago may well continue to resonate up to this day and well into the future.

But the negative news for HSBC did not end with the filing of the DOJ report. As reported in the Financial Times (FT), in an article entitled “French magistrates open formal criminal probe into HSBC”, Emma Dunkley wrote that the parent entity of the bank, HSBC Holdings, “has been placed under criminal investigation by French authorities and made to post €1bn bail over allegations that its Swiss private banking arm helped clients avoid taxes.” This is separate and apart from the investigations into the company’s Swiss banking unit, which has been indicted or is under investigation “over tax evasion allegations in several other countries, including the US, Belgium and Argentina.”

In another article in the NYT, entitled “HSBC Facing Criminal Investigation in French Tax Case, Chad Bray reported that the bank apologized after released documents “showed that its employees had reassured clients that the lender would not disclose details of their accounts to the tax authorities of their home countries and discussed options to avoid paying taxes on those assets. The bank has acknowledged previous “conduct and compliance failures” in its Swiss business and has said that it has overhauled its private banking business and reduced its client base in Switzerland by 70 percent since its peak.”

The woes of HSBC continue and indeed seem to be increasing. With the fallout from the monitor’s report and other ongoing investigations the bank may be in danger of having its DPA revoked. While HSBC is not the only poster child for Banks Behaving Badly it may find itself as the first bank to have its DPA torn up and either the entity or responsible individuals criminally prosecuted for recidivist behavior.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 13, 2015

Brazilian Corruption Scandal Expands Past Petrobras – Is a FCPA Country Sweep Next?

BroomThe Brazilian corruption scandal took a new turn last week, when the Brazilian government announced that it was investigating the country’s health ministry and the state-owned bank Caixa Econômica Federal (Caixa). As reported by Rogerio Jelmayer and Luciana Magalhaes in the Wall Street Journal (WSJ), in an article entitled “Corruption Scandal in Brazil Gets Bigger”, the schemes were similar to those used in the Petrobras scandal, where inflated contracts were awarded to contractors who kick backed the overcharges to those in position to award the business.

This expansion of Brazilian government investigation is also the first reported instance of companies outside the energy sector or those doing business with the Brazilian state-owed enterprise Petrobras being investigated by the Brazilian government. Over the years there have been several Foreign Corrupt Practices Act (FCPA) enforcement actions regarding US companies doing business in Brazil. With this expansion of the Petrobras corruption scandal to other government departments and state-owned entities, a new chapter may be opening. This new chapter may bring not only Brazilian domestic bribery and corruption scrutiny but also draw the attention of US or UK regulators, such as the Department of Justice (DOJ), Securities and Exchange Commission (SEC) or the UK Serious Fraud Office (SFO).

In the health ministry the area of contracts under investigation were those for advertising. The WSJ article said, “the cost of advertising contracts was inflated by as much as 10%, prosecutors said, with the surplus also passed along to politicians. The health ministry said all its advertising contracts meet the legal requirements, and it will investigate the allegations and cooperate with police and prosecutors.” It certainly is comforting when the government says it will cooperate with investigators.

But perhaps more interesting was the timing of the allegations against the country’s third largest state-owned bank Caixa. While the allegations around the scope and extent of the bribery were similar to those made against the Brazilian health ministry, the declarations of these new investigations coincided with the announcement last week by the government Finance Minister Joaquim Levy and Caixa Chief Executive Officer (CEO) Miriam Belchior for “an initial public offering [IPO] in the insurance joint venture it has with French insurer CNP Assurances.”

What do you think the comfort level will be for institutional investors about now in this IPO? I wonder if under IPO rules and regulations in Brazil, whether the CEO must certify either the financial statement as accurate or that there is no evidence of corruption in the organization? Even those in Brazil recognize the gravity of these allegations against Caixa. Luis Santacreu, a banking analyst at the Brazilian rating agency Austin Ratings, said that he thought this announcement would make the IPO more difficult and “the allegations against Caixa show it needs to improve its governance.”

These two developments demonstrate the difficulties that international companies may have in doing business in Brazil going forward. It is not difficult to believe that a country sweep on those doing business in Brazil, with the Brazilian government or with Brazilian state-owned enterprises, may well be coming. Given the recent 2014 World Cup and the upcoming 2016 Olympics, it would not seem too great a stretch for the DOJ or SEC to begin to look at US companies with significant amounts of commerce with and in Brazil.

While we have not seen evidence of country sweeps to-date, there has been evidence of industry sweeps in FCPA enforcement. The FCPA Professor, in a blog post entitled “Industry Sweeps”, posted an article from FCPA Dean Homer Moyer, entitled “The Big Broom of FCPA Industry Sweeps”. In his article, Moyer said that an industry sweep is the situation where the DOJ and/or SEC will focus “on particular industries – pharmaceuticals and medical devices come to mind — industry sweeps are investigations that grow out of perceived FCPA violations by one company that enforcement agencies believe may reflect an industry-wide pattern of wrongdoing.” Moyer further wrote, “Industry sweeps are often led by the Securities and Exchange Commission (“SEC”), which has broad subpoena power as a regulatory agency, arguably broader oversight authority than prosecutors. They are different from internal investigations or traditional government investigations, and present different challenges to companies. Because the catalyst may be wrongdoing in a single company, agencies may have no evidence or suspicion of specific violations in the companies subject to an industry sweep. A sweep may thus begin with possible cause, not probable cause. In sweeps, agencies broadly solicit information from companies about their past FCPA issues or present practices. And they may explicitly encourage companies to volunteer incriminating information about competitors.”

As a compliance professional, one of the key takeaways from the Brazilian corruption scandal is that you should take a very hard and detailed look at your company. With the spread of Brazilian investigations around corruption, we can see that these scandals are not be limited to only the energy or energy-related service industry. One of the first things you can begin to do is to review the list of third parties who might work with the Brazilian government or with Brazilian state-owned enterprises. You should begin by asking such questions as:

  • What is the ownership of the third party? Is there a business justification for the relationship?
  • Is there anyone in the company who is responsible for maintaining the relationship? Is there ongoing accountability?
  • How is the relationship being managed?
  • Are you engaging in any transaction monitoring?
  • Are you engaging in any relationship monitoring?
  • What is the estimated or budgeted size of the spend with the third party?

While the GlaxoSmithKline PLC (GSK) investigation has reverberated throughout the China, I think that the Brazilian corruption scandals will be with us for some time. As bad as it seems about now, and it certainly appears bad, there are many lessons that the compliance practitioner can not only draw from but use for teaching moments within your company. For if you are doing business with the Brazilian government or with Brazilian state-owned enterprises it may not be “if you are subject to a FCPA sweep” but only “when”.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 10, 2015

International Anti-Corruption Enforcement Efforts

ARound the GlobeWhile the US Foreign Corrupt Practices Act (FCPA) is still the most widely recognized and enforcement anti-bribery and anti-corruption law across the globe, there have been a number of initiatives which will lead directly to greater anti-bribery and anti-corruption enforcement. This increased enforcement will lead to increased risks for companies that do not have anti-bribery and anti-corruption compliance programs in place. This post discusses the efforts of other countries to enact and enforce legislation to curb bribery and corrupt across the globe.

China 

Over the past 18 months, GlaxoSmithKline PLC (GSK) was embroiled in a very public, very nasty bribery and corruption investigation. It culminated in the conviction of GSK and the assessment of a $491 million fine, criminal conviction of four senior GSK China subsidiary managers and the criminal convictions of two ancillary GSK-hired investigators. The entry of the Chinese government into the international fight against corruption and bribery is truly a game-changer. While there may be many reasons for this very public move by the Chinese government, it is clear that foreign companies are now on notice. Doing business the old fashioned way will no longer be tolerated. This means that international (read: western) companies operating in China have a fresh and important risk to consider; that being that they could well be subject to prosecution under domestic Chinese law.

The international component of this investigation may well increase anti-corruption enforcement across the globe. First of all, when other countries notorious for their endemic corruptions, for example India, see that they can attack their domestic corruption by blaming it on international businesses operating in their country, what lesson do you think they will draw? Most probably that all politics are local and when the localities can blame the outsiders for their own problems they will do so. But when that blame is coupled with violations of local law, whether that is anti-bribery or anti-price fixing, there is a potent opportunity for prosecutions.

One of the audit failures of GSK was around well known compliance risks in China, including (1) event abuse planning; (2) mixture of legitimate and illegitimate travel; (3) other collusion with travel agencies; and (4) parallel itineraries. So those risks are well known and have been documented. While the cost of monitoring is high and would involve the tedious work of verifying millions of receipts by calling hotels, airlines and office supply stores and scrutinizing countless transactions for signs of fraud; if your compliance risks are known for a certain profile, then you should devote the necessary resources to making sure you are in compliance in that area.

Brazil 

While GSK was a harbinger of international anti-corruption investigations and enforcement actions based on domestic anti-bribery laws; Brazil and its state-owned energy company Petrobras may become the world’s largest corruption investigation. In a New York Times (NYT) article, entitled “Scandal Over Brazilian Oil Company Adds Turmoil to the Presidential Race”, the scandal was detailed by a former Petrobras official, Paulo Roberto Costa. Mr. Costa was the person who oversaw the company’s refining operations. He has admitted to having engaged in the receipt of bribes for at least a 10 year period “equivalent to 3 percent of the value of the deals from the Brazilian construction companies that obtained the contracts” to build refineries. This amounted to literally millions being “stashed in bank accounts in Switzerland and the Cayman Islands.” He “inflated budgets for new projects” by 3% and then had that amount kicked back to him as bribes. The allegations were verified “through an associate, Alberto Youssef, a black-market money dealer who testified that he helped launder funds in the scheme. Mr. Youssef, who has also accepted a plea deal, testified that more than a dozen of Brazil’s largest construction companies had paid hefty bribes to obtain lucrative Petrobras contracts.” Interestingly, Brazilian President Rousseff “has also effectively acknowledged the prevalence of corruption inside the executive suites of Petrobras, while denying that she had known about the kickbacks when they were taking place.”

The scandal has not only engulfed suppliers to Petrobras in Brazil. It has now moved to the international stage. From shipyards in Singapore, which have been alleged to have paid bribes to Petrobras, to Rolls Royce in Great Britain which has been alleged to have paid bribes for the sale of turbine engines; this scandal truly is international in scope and may engulf more companies going forward. In addition to violations of Brazilian law, the US government has reportedly opened an investigation, as Petrobras USA is a US stock-exchange issuing entity and subject to the FCPA. Indeed, in the US there are already multiple shareholder derivative lawsuits against the US entity for mis-representing its true value because of the corruption allegations against the company in Brazil.

The Petrobras scandal continues to make news almost daily and its repercussions continue to reverberate across the globe. The FCPA Blog, in an article entitled “Swiss AG freezes $400 million in Petrobras bribe probe”, stated that in Switzerland alone there are nine open investigations into alleged money laundering tied to Petrobras. In mid-March the Office of the Attorney General of Switzerland (OAG) announced that they had issued an order to freeze $400 million of assets allegedly tied to a Petrobras corruption scheme. The FCPA Blog further stated the OAG announced “The release of over $120 million reflects Switzerland’s clear intention to take a stand against the misuse of its financial center for criminal purposes and to return funds of criminal origin to their rightful owners.”

The domestic Brazilian Anti-Bribery Law, the Clean Company Act, enacted into law in 2014, is uniquely designed for oversight by internal audit. Compliance programs will be evaluated on three prongs: the structure of the program; specifics about the legal entity; and an evaluation of the program’s efficiency. The first prong will include consideration of the existence of mechanisms for reporting suspected or actual misconduct, training, code of conduct, policies and procedures, periodic risk assessments, and application of disciplinary measures against employees (including senior management too) involved in wrongdoing. Under the second prong, the compliance risks associated will be considered. Compliance programs should be tailored to the company’s risks; “one-size-fits-all” programs will not be accepted. The third prong will consist of a case-by-case verification, that it is not simply a paper program.

Finally, and no doubt spurred by the Petrobras corruption scandal, the FCPA Blog also reported, in another article entitled “After protests, Brazil president issues anti-graft regulations”, that Brazilian President Dilma Roussef issued a presidential decree with regulations under the Clean Company Act. The new regulations issued address some of the crucial questions concerning the administrative procedure for imposing corporate liability and assessing fines. It also set out the criteria for determining fines, evaluating compliance programs, and entering into leniency agreements. Finally, the decree also provides that books and records accuracy and completeness will be a key criterion for evaluating compliance programs, no doubt inspired by the FCPA accounting provisions. As the FCPA Blog said, “The regulations under the Clean Company Act are a critical milestone in the effort to restore credibility to Brazil’s federal government, in light of its past commitments to fighting corruption in the corporate world.”

Conclusion 

What does all of the above mean for a global company? It means that some law that prohibits bribery and corruption will cover your business. It will not and does not matter if you are a US, UK or Brazilian company doing business outside of your home country, somewhere a law prohibiting bribery and corruption will cover your actions. Even if you are not covered by the FCPA, the UK Bribery Act or the Clean Company Act, if you are doing business in a local country you can still be subject to prosecution under its domestic anti-bribery laws. This means that there will be greater enforcement going forward and greater cooperation between enforcement agencies.

For businesses the only response to this plethora of new laws is to implement and enhance a best practices anti-bribery/anti-corruption compliance program and there are several examples that companies can follow to do so. In the US, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) provided their suggestions with their Ten Hallmarks of an Effective Compliance Program; the UK Ministry of Justice (MOJ) has provided commentary on the Six Principles of an Adequate Procedures compliance program and the Organization of Economic Cooperation and Development (OECD) has put forth its Good Practice Guidance on Internal Controls, Ethics, and Compliance.

All of these anti-bribery/anti-corruption regimes set forth easily digested concepts that a company could implement. However, there must be more than simply a paper program in place. A company must actually do compliance for it to be effective. By making compliance a part of normal business practices, it will be possible to prevent, detect and then remediate any bribery or corruption issues that may arise.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 9, 2015

Lee Surrenders and Hanson Wade’s Oil & Gas Supply Chain Compliance Conference

Lee and GrantToday we celebrate one of the most momentous anniversary’s in the history of the United States, for it was on this day in 1865, 150 years ago, that Confederate General Robert E. Lee surrendered his Army of Northern Virginia to Union Commanding General Ulysses S. Grant at Appomattox Courthouse, effectively ending the American Civil War. Fighting continued for several more weeks to come, however with Lee’s surrender the Civil War had, in all intents and purposes, ended.

Lee and his troops were forced to abandon the Confederate capital of Richmond, they were blocked from joining the surviving Confederate force in North Carolina, and were harassed and outrun by Union cavalry, who took 6,000 prisoners at Sayler’s Creek. With desertions mounting daily the Confederates were surrounded with no possibility of escape. On April 9, Lee sent a message to Grant announcing his willingness to surrender and in the afternoon they met at the home of Wilmer McLean and agreed to the terms of surrender.

Although politicians would later change these terms quite dramatically, Grant is said to have told his officers, “The war is over. The Rebels are our countrymen again.”

Later this month, from April 28-30, Hanson Wade is putting on its annual conference in Houston. It is the “Oil and Gas Supply Chain Compliance” conference, now in its 5th year, and once again the list of speakers is simply stunning. It includes the following Chief Compliance Officers (CCOs) and senior compliance folks: Dan Chapman, Cameron; Brian Moffatt, Ethos Energy, Jay Martin, Baker Hughes; Marcel De Chermont, Acteon Group, Jan Farley, Dresser-Rand; John Sardar, Noble Energy and a host of other luminaries in the field of Foreign Corrupt Practices Act (FCPA) compliance. Even if you live outside of Houston, the FCPA compliance talent at this event will rival any other event in the US and for such an event not held in Washington DC or New York City, it is simply outstanding.

Some of the panels and topics for discussion include: Applying Culturally Sensitive Approaches To Deliver A Core Compliance Methodology For A Variety Of Countries And Risks; How to Meaningfully Engage Your Business Operations in Taking Greater Compliance Ownership; Avoid The Risk Of Cavalier Behaviour Across The Supply Chain In The Face Of A Challenging Economic Climate; How To Deliver Cost-Effective, Risk Based, Function Specific Compliance Training; several in-depth presentations on Supply Chain and Third Party due diligence. These are but some of the sessions and there are many other excellent panels, sessions and speakers which I have not mentioned.

Recently the Event’s Chairperson, Dan Chapman, Vice President, Chief Ethics and Compliance Officer for Cameron, talked about some of the issues that will be discussed in this year’s conference. Chapman said, “Supply chain is, in my mind, a critical part of compliance and creating awareness throughout the business as to when and where you should apply compliance principles is a key focus. For me the industry has evolved in recent years, and our organizations tend to now have strong legal teams who understand anti-bribery and corruption legislation. Not only this, they now have the ‘tone from the top’. Where I feel that work needs to be done is practically embedding compliance into operational processes, and becoming a true and valuable partner to the business. With the current state of the oil price, we’re likely set for reduced budgets and increased risk, which makes it more important now than ever to share stories, materials and solutions to effectively mitigate compliance risk while enabling business delivery.”

I will be speaking at the conference on internal controls but I am extremely pleased to be co-leading an in-depth workshop on the third day of the event, with Joe Oringel, guest blogger and Managing Director at VisualRisk IQ. In our workshop, you will learn how to implement a system of data-driven monitoring controls and documents to measure the effectiveness of your compliance program and get you through a Securities and Exchange Commission (SEC) investigation. During our 3 hour session we will go into the weeds on the following:

  • Understanding what internal controls are required under a best practices compliance program;
  • Recognizing what FCPA enforcement actions tell us about internal controls in an anti-corruption compliance program;
  • Getting to grips with what the SEC expects you to have in place;
  • Competently documenting the effectiveness of your internal controls;
  • Understanding best practices and a methodology for the use of data analytics in compliance and ethics organization;
  • Prioritizing business and compliance questions that can be answered with analysis of digital data; and
  • Identifying a learning plan and resources to enhance your team’s data analytics expertise

I hope that you can attend this most excellent FCPA conference with the two-day sessions on April 28 and 29 and the workshop day on April 30. Very few FCPA conferences focus on Supply Chain and the information that you will receive at this one will be first rate. Finally, Hanson Wade has allowed me to offer a 20% discount to readers of my blog. You can obtain it by entering the code TFLaw20 when you register online. For the conference brochure and full details regarding the agenda and registration, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 8, 2015

The WPA and More Productive Compliance Meetings

WPA LogoOn this day 80 years ago, Congress created the Works Progress Administration (WPA), a central part of President Franklin D. Roosevelt’s New Deal. The WPA was established under the Emergency Relief Appropriation Act, as a means of creating government jobs for some of the nations many unemployed. Under the direction of Harry L. Hopkins, the WPA employed approximately 8 million people who worked on 1.4 million public projects before it was disbanded in 1943. Its programs were extremely popular and contributed significantly to Roosevelt’s landslide reelection in 1936.

I have always been amazed at the variety of works that the WPA had a hand in creating, from vast public building projects like the construction of highways, bridges, and dams to the careers of several important American artists, including Jackson Pollock and Willem de Kooning. Many of the most interesting art deco buildings still in use were built during the 1930s through the auspices of the WPA.

While the WPA constructed and led to many good works during its existence, one of the banes of corporate existence is the number of meetings that one must attend. Even worse than the raw number of meetings is the lack of any good that comes out of most meetings. Most meeting organizers have no clue how to run a successful or even useful meeting. I thought about this when I read a recent article in the Houston Business Journal (HBJ), entitled “10 ways to make your next meeting more productive by Dana Manciagli.

Manciagli began her piece by noting that researchers from the London School of Economics and Harvard University found that business leaders “spend 60% of their time in meetings, and only 15% working alone.” While this statistic alone is troubling enough, when you overlay that with the number of meetings where nothing is accomplished, it is clear to me you have a complete waste of time and resources. I do recognize that some companies have taken accomplishing nothing in meetings as a matter of corporate policy. General Motors (GM) took this to an art form in the well-documented GM Nod, which signified that there was agreement on an issue but that no one would actually do anything about it.

But for those who might want to actually accomplish something in a meeting, Manciagli pointed to Andrea Driessen whom she described as “chief boredom buster” at Seattle-based No More Bored Meetings . How is that for a moniker and company name? Manciagli related Driessen’s top ten tips for developing, running and ultimately having a successful meeting.

  1. Be a Know-it-all

Manciagli writes that because it is “natural to disengage when meeting content isn’t relevant. The most effective meeting hosts review all potential agenda segments to determine whether they apply to all attendees. If participants already know a particular content slice, then simply don’t cover that segment for the broader audience. Or if you have vastly different levels of awareness in the room, divide people accordingly to ensure maximum relevance for all.” Of course this means you will need to put some thought into your pre-meeting planning.

  1. No Problem? No Meeting!

We have all been subjected to it, the daily, weekly, monthly meeting check-in to see how the project is progressing. But Manciagli believes that “many of these less-than-productive meetings could be canceled or shortened if we identified the problem the meeting is intended to solve. And if we can’t find an identifiable problem, then don’t have the meeting.” Manciagli concludes, “Sometimes, it’s that simple.”

  1. Get Real

This is another pre-meeting planning point. Do you try to squeeze 13 action items for discussion and resolution into a 30-minute meeting? Conversely you do not need to book a 60-minute window to handle a couple of points. If you can handle a matter via email or need to go offline, do so.

  1. Prioritize, Prioritize, Prioritize!

Like its related cousin, Document, Document and Document, this phase should be more than simply a catchword. It should be an action item in your meeting planning process. Tackle your important issues first to “save time and solve your most pressing problem.”

  1. Play “Pass the Pad” To Avoid Late Arrivals

The biggest offender of this rule is, unfortunately, us lawyers. Why, because we are always (in our eyes) the most important. Yet not being able to start because someone is not present or having to repeat points is one of the worst problems there is around efficient meetings. The article notes, “Meeting productivity suffers when people arrive late, and the punctual are penalized.” Her solution is to require the latecomer to take notes in the meeting, writing “People learn quickly that they can either be on time, or become the dreaded note-taker if they are late. As host, you’ll see positive behavior change with little effort on your part.”

  1. Be a Meeting Bouncer

Manciagli tactfully writes about that “common meeting malady: the tangent talker.” I would perhaps less tactfully say there are way too many people who like to hear the sound of their own voices way too much. Manciagli suggests a little humor by “naming a tangent officer who monitors and records tangents for later. Use that parking lot! And you can lighten it up by using a toy police badge.” Nothing like a little corporate shame to keep things moving.

  1. Make it Multi-Sensory

It is not simply millennials who respond to social media. Most people do better when they are visually engaged. Manciagli suggests using more than simply oral presentations, use other tools, including the following: “Graphic illustration, in which someone draws out ideas in real time; Customer testimonials that emotionally inspire; Quizzes and games; Product demos; Surprise guests; Props that foster kinesthetic learning.”

  1. PPPPP

Everyone understands the Five P rule, aka prior planning prevents poor performance. As a meeting host, this means you must absolutely be prepared prior to the meeting. If there are technical issues, you should pass out that information prior to the meeting. Manciagli pointed out that “the more skin we all have in the game, the more likely we are to own and be accountable to group outcomes.”

  1. Hire an “Accountant”

Accountability. How many meetings have you attended where there was no accountability? Manciagli believes “Most meetings lack built-in accountability structures.” She gives the tangible hint to “ask everyone to record at least one goal related to the meeting that they’ll commit to completing in the next week or month, and have them check in with one another. Teams gain measurable accountability, and you get recognized for generating stronger results tied to your meetings.”

  1. Remember: Humor is No Joke

Humor has a big use in meetings, “The power of humor — if used effectively within the meeting mix — is no laughing matter. Indeed, there is a strong business case to be made for laughing while learning.” It can also lower the stress level in meetings, once again if used properly.

I am sure that you have your own horror stories of aimless, wandering meetings that go nowhere painfully slow. As a Chief Compliance Officer (CCO) or compliance practitioner, one of your most valuable items in a corporation is time. You can set an example about running an efficient and productive meeting and then lead your company down the path laid out in the article. Who knows, the results of what you start in your company may last as long as WPA work.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 7, 2015

Rolling Stone’s Rape Story Retraction: Lessons for the Compliance Practitioner

Rolling Stone Magazine LogoThere are only a very few magazine articles that have radically affected me when I read them. Nick Hornby’s account of a group of soccer hooligans, where he chronicled when they traveled to and briefly took over the Italian city of Turin in 1982; Jack McCallum who profiled Jerry Sandusky after he retired from Penn State University and began his fulltime work at the Second Mile organization in 1999; and Sabrina Rubin Erdely’s piece in Rolling Stone last fall about an alleged gang rape and its aftermath on the University of Virginia (UVA) campus. But as much as the first two articles moved me, it was Erdely’s article that sickened me. As a father of a teenaged daughter about to head off to college, I certainly did not want her in any such place.

This weekend, Rolling Stone magazine retracted its story about the rape at UVA and released a full copy of the internal investigation of the story by the Columbia School of Journalism Dean Steve Coll that detailed Rolling Stone magazines reporting missteps and its failures to engage in the most basic of journalistic techniques before it published the story. The New York Times (NYT) had two articles on the story. An article by Jonathan Mahler, entitled “In Report on Rolling Stone, a Case Study in Failed Journalism, cited that journalism scandals fall into three broad categories. The first is “is pure fabrication, for which high-profile culprits include Jayson Blair (The New York Times), Stephen Glass (The New Republic) and, going back a little further, Janet Cooke (The Washington Post).” Next “is the act of plagiarism (culprits too numerous to list).” But the UVA piece fell into a third category, “lack of skepticism.”

In the second NYT article, entitled “Rolling Stone Article on Rape Failed All Basics, Report says, reporter Ravi Somaiya wrote, “The Columbia report catalogued a series of errors at Rolling Stone, finding that the magazine could have avoided trouble with the article if certain basic ‘reporting pathways’ had been followed.” What was the central flaw in the way Rolling Stone handled the story? First, and foremost, it did not interview any of the three persons the victim named that she told about the rape. Rolling Stone printed the victim’s tale without bothering to check with them. While it is not clear, apparently Rolling Stone did not even try to substantiate the underlying charge of rape by the victim in any manner other than interviewing her seven times.

Mahler noted, “On the most basic level, the writer of the Rolling Stone article, Sabrina Rubin Erdely, was seduced by an untrustworthy source. More specifically, as the report details, she was swept up by the preconceptions that she brought to the article. As much casting director as journalist, she was looking for a single character with an emblematic story that would speak to — in her words — the “pervasive culture of sexual harassment/rape culture” on college campuses.”

Coll in an interview on NPR said that there was a failure at Rolling Stone magazine up and down the line. There was a failure by the reporter’s editor and the Managing Editor for not insisting on the basic questioning of the holes in Erdley’s stories and failures to follow basic reporting protocols. Also the Fact Checking group at the magazine did not insist strongly enough that its concerns be addressed or those concerns were rejected by the magazine’s management.

What I see is a failure of process. This failure led to repercussions immediately for the fraternity involved, which was falsely accused of having its members gang raping a co-ed and to the tarnishing of UVA. But the long-term repercussions for Rolling Stone magazine and the reporter involved, and even the reporting and conversation around sexual assaults on college campuses. In his article Mahler cited Nicholas Lemann, professor at Columbia and the journalism school’s former dean, who “distributes a document called “The Journalistic Method” in his classes”. This process is similar to “investigating a scientific phenomenon. “It’s all about very rigorous hypothesis testing: What is my hypothesis and how would I disprove it? That’s what the journalist didn’t do in this case.””

For the compliance practitioner there are several clear lessons to be drawn from this horrific scandal. Most people have somewhere heard the journalistic technique of a second source to confirm information. It was enshrined in a scene from the movie version of All The President’s Men. In any process there must be validation of said process. You can easily remember this as ‘a second set of eyes’ on any process, compliance or other. It acts like a second source in that it validates the original information.

In the more formal world of internal controls, it is called ‘segregation of duties’. This technique acts to require a double check of any action by requiring a second set of eyes to take a look at an issue. In business the separation by sharing of information with more than one individual in one single task is an internal control intended to prevent fraud and errors. In the IT world this is called redundancy. It is generally recognized there are several techniques that can help to enforce the segregation of duties. They include:

  • Audit trails recreate the actual transaction flow from the point of origination to its existence on an updated file.
  • Reconciliation of accounts and an independent verification process is ultimately the responsibility of users, which can be used to increase the level of confidence that an application ran successfully.
  • Exceptions are handled at supervisory level, backed up by evidence noting that exceptions are handled properly and in timely fashion.
  • Continuous controls monitoring should be maintained, which record all processed system commands or application transactions.
  • Supervisory review should be performed through observation and inquiry.
  • Independent reviews, which follow a prescribed procedure to detect errors and irregularities.

In addition to these segregation of duty lessons for the compliance practitioner, the Rolling Stone scandal provides one additional clear, concrete lesson. As Paul McNulty would say in No. 3 of his McNulty’s Maxims What did you do about it? Unfortunately for Rolling Stone the answer to that query appears to be not much. Not only were none of those directly involved in the article even so much as disciplined, Rolling Stone sees no need to change anything in its reporting or editorial process based on the lessons laid out in the Coll Report.

In an article in the online publication Slate, entitled Despite Damning Report, Rolling Stone Will Continue “To Do What We’ve Always Done.” Are They Serious?”, reporter Hanna Rosin wrote, “Rolling Stone’s editors are “unanimous in the belief that the story’s failure does not require them to change their editorial systems.” Are they serious? Did they read the report?” She also reported that Rolling Stone, “ended by saying they don’t need new ways of doing things; they “just have to do what we’ve always done and just make sure we don’t make this mistake again.” And Coco McPherson, head of fact-checking, said, “I one hundred percent do not think that the policies that we have in place failed. I think decisions were made around those because of the subject matter.””

All I can hope is that companies subject to the Foreign Corrupt Practices Act (FCPA) do a better job of learning from the Rolling Stone fiasco than Rolling Stone appears to have done.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,188 other followers