Best Practices | FCPA Compliance and Ethics Blog

August 20, 2015

BNY Mellon and Lessons Learned In Hiring Family Members – Part II

Filed under: Best Practices,BNY Mellon,Bribery and Corruption,Compliance,Compliance and Ethics,compliance programs,Doing Compliance,FCPA,SEC — tfoxlaw @ 4:37 am
Tags: best practices, compliance, compliance programs, FCPA, Foreign Corrupt Practices Act, SEC

In yesterday’s post I reviewed the Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) enforcement action involving the Bank of New York Mellon Corporation (BNY Mellon) around its hiring of sons and nephews of foreign governmental officials to obtain or retain business from certain foreign Sovereign Wealth Funds. I discussed the underlying facts and penalties assessed against BNY Mellon as laid out in the SEC Cease and Desist Order (the “Order”). Today I want to provide some guidance on what this enforcement action may mean for companies going forward when hiring the sons and daughters or close family relatives of foreign government officials.

The first thing to remember is there is nothing in the FCPA which prohibits the hiring of a son, daughter or close family member of a foreign government official. What the FCPA does make illegal is an action where a company “or any officer, director, employee, or agent acting on behalf of such issuer, in order to obtain or retain business, from corruptly giving or authorizing the giving of, anything of value to any foreign official for the purposes of influencing the official or inducing the official to act in violation of his or her lawful duties, or to secure any improper advantage, or to induce a foreign official to use his influence with a foreign governmental instrumentality to influence any act or decision of such government or instrumentality.” [citation omitted]

The actions of BNY Mellon were clearly designed to not simply curry favor with the foreign governmental officials involved but also to either grow the business or help to retain what the company already had in place with the un-named foreign Sovereign Wealth Fund. At this point most companies have a written FCPA compliance program in place; consisting of policies and procedures. Note, this does not mean that the compliance program is effective because for a compliance program to be effective, a company must actually be doing compliance. Many FCPA enforcement actions occur because an exception was granted to a policy or procedure and either the reason for granting the exception was inappropriate or there was no documentation as to why the exception was granted. In the case of BNY Mellon, it was the latter.

BNY Mellon offered high value, high prestige summer internship programs for “undergraduates as well as a separate summer program for postgraduates actively pursuing a Master of Business Administration (MBA) or similar degree. Admission to the BNY Mellon postgraduate internship program was highly competitive and characterized by stringent hiring standards.” The main purpose of these internships was to give BNY Mellon an opportunity to evaluate the interns as potential permanent hires to the company. There was a designated track for nomination to the internship program and internal company evaluation prior to offering candidates an intern position. In other words, there were policies and procedures around the process but BNY Mellon did not follow them.

Hiring Process

The first Red Flag, which BNY Mellon seemingly ignored in this entire process, was that each of the candidates were recommended to the firm by foreign governmental officials who held control of business relations between Sovereign Wealth Funds and the bank. Their requests that their close family relations be hired by BNY Mellon was contra to the banks own process of selecting candidates for its internship program from a exclusive group of universities and colleges in the US and UK. The Order noted, “Successful applicants had to achieve a minimum grade point average, and had to advance through multiple rounds of interviews in addition to having relevant prior work experience and a demonstrated affinity for and interest in financial services work.”

None of these indicia were present in the hiring of the foreign governmental official’s relatives at issue. There was no evidence the candidates met any of BNY Mellon’s own internal criteria for consideration to the internship program. Indeed, as the Order stated, “as recent graduates not enrolled in any degree program, the Interns did not meet the basic entrance standard for a BNY Mellon postgraduate internship.” Finally, to top it off, all three were hired sight unseen and “BNY Mellon decided to hire the Interns before even meeting or interviewing them.”

The Internships

But BNY Mellon’s violative conduct did not stop by simply hiring the three close family relatives for its internship program. The three persons got benefits far more than simply a regular internship program. BNY Mellon designed special “Bespoke” internship programs for the three interns. As requested by their fathers and uncle, the three interns received “customized work experiences” which “were not regular undergraduate or graduate summer internships at all, but customized one-of-a-kind training programs. The internships were valuable work experience, and the requesting officials derived significant personal value in being able to confer this benefit on their family members.”

The internships were abnormally long, lasting six months, which was twice the normal length. Additionally they were “rotational in nature, meaning that Interns A, B and C had the opportunity to work in a number of different BNY Mellon business units, enhancing the value of the work experience beyond that normally provided to BNY Mellon interns.”

The Costs

In addition to the exceptions granted in the hiring process and the internships themselves, BNY Mellon also paid out money and non-monetary benefits in a manner different to others in the internship program. The Order stated, “BNY Mellon determined, because Interns A and B had already graduated from college, that Interns A and B should be paid above the normal salary scale for BNY Mellon undergraduate interns but below the scale for postgraduate interns. Intern C was unpaid. BNY Mellon also coordinated obtaining visas for all three of the Interns so that they could travel from the Middle East to work in the countries in which they were placed. BNY Mellon paid the legal fees and filing costs related to the visas. As the BNY Mellon Asset Management employee responsible for arranging two of the three internships wrote in a contemporaneous e-mail, the internships constituted an “expensive favor” for the requesting foreign official.” Indeed the Order cited to an email from one BNY Mellon employee who wrote, “I am working on an expensive ‘favor’ for [Official X] – an internship for his son and cousin (don’t mention to him as this is not official).” Further, BNY Mellon knew the request and accommodation was unethical, if not illegal, as the same employee wrote in another email, ““[W]e have to be careful about this. This is more of a personal request . . . [Official X] doesn’t want

[the Middle Eastern Sovereign Wealth Fund] to know about it.” The same employee later directed his administrative assistant to refrain from sending email correspondence concerning Official X’s internship request “because it was a personal favor.”

Lessons Learned Going Forward

I must emphasize once again that there is nothing illegal around the hiring of a close family member of a foreign governmental official. It does however present a higher risk for indicia of bribery and corruption and violation of the FCPA. A higher FCPA risk means you need to evaluate that risk more closely and manage that risk accordingly.

The obvious starting point for any hiring of a close family member of a foreign governmental official is whether the candidate is qualified for the position. If they are not qualified it is ‘Full Stop’ at that point. In the case of BNY Mellon there was no evidence any of the candidates had the academic background, the academic credentials, leadership traits or intangible skills to meet the bank’s normal internship hiring criteria. As with any other anomaly granted in a company’s normal process, there must be a documented reason for the exception, review by appropriate authority of the exception and documentation as to why the exception was granted. None of these steps were present in the BNY Mellon matter. Put another way, if you are hiring a family member or close relative of a foreign government official for any reason other than merit, it had better be a darn good one and well-documented as to your decision-making calculus with appropriate senior management oversight.

But your risk management does not stop simply with the hiring process. If the foreign governmental official is the person who made the request for the hiring of the family member, this is a Red Flag not to be overlooked. Your analysis needs to be on the role of that foreign governmental official in awarding new business to your company or in retaining old business. If the foreign governmental official has direct or even strong indirect control over such business relation, this may present such a direct conflict of interest, this may be a risk that you cannot manage. A good rule of thumb here is whether there is full transparency in the hiring with the foreign government involved with your company. In the case of BNY Mellon, they did not want anyone in the Sovereign Wealth Fund to know BNY Mellon had hired the son or nephew. That is a clear sign transparency is lacking and someone, somewhere is engaging in unethical conduct, if not breaking the law.

Finally, if you do decide to move forward and hire the close family member, you need to assign that new hire to work not associated with the business relationship between your company and the foreign government involved. Just as in the lifecycle of third party management, managing the relationship after a contract is inked is in many ways the most critical element; the same is true in the employment relationship involving close family members of foreign government officials.

Ultimately, you need to have internal controls to ensure effective compliance going forward. You cannot have customer relationship managers making the calls on hiring which over-ride the Human Resources (HR) procedures. There must be not only HR review but also mechanisms to flag for compliance review such hires. Lastly, there needs to be sufficient senior management oversight because this is such a high-risk proposition.

I hope you have enjoyed and found this two-part series on the BNY Mellon FCPA enforcement action and the lessons learned from it useful. The SEC Order provides a clear road map to the Chief Compliance Officer (CCO), compliance practitioner, HR professional or anyone else who reads it on the steps you should take in the hiring of a close family member of a foreign government official with which you are doing business. It may take some additional effort than simply having your business unit employees make the call on who to award prestigious internships to in order to obtain or retain business but in the long run you will have a better run company for doing so. FCPA enforcement is not a game and by doing compliance will make your company a more accurtely operated entity.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Leave a Comment

August 19, 2015

BNY Mellon Settles First Sons and Daughters (and Nephews) FCPA Hiring Matter – Part I

Filed under: Best Practices,BNY Mellon,Chief Compliance Officer,Compliance,Compliance and Ethics,FCPA,SEC — tfoxlaw @ 12:01 am
Tags: BNY Mellon, compliance, compliance programs, FCPA, FCPA Blog, SEC, sons and daughters

Yesterday the Securities and Exchange Commission (SEC) announced a resolution with Bank of New York Mellon Corporation (BNY Mellon) for violations of the Foreign Corrupt Practices Act (FCPA). This was the first enforcement action around the now infamous Princesslings and Princelings investigations where US companies hired the sons and daughters of foreign government officials to curry favor and obtain or retain business.

While JPMorgan Chase has garnered the most attention around this issue, probably because of its notorious spreadsheet tracking of sons and daughters hires to develop business in China, there are multiple US companies under scrutiny for similar conduct. The FCPA Blog has reported that Credit Suisse, Goldman Sachs, Morgan Stanley, Citigroup, and UBS are all under investigation by the SEC for their hiring practices around the sons and daughters of foreign government officials. BNY Mellon has the honor of being the first company to reach resolution on this issue.

This is an important issue for many companies going forward and since this is the initial enforcement action on this issue, I am going to take a deep dive into the matter over the next couple of days. Today, I will discuss the facts of the case and tomorrow I will discuss not only the lessons to be learned from this FCPA enforcement action but also how the Chief Compliance Officer (CCO) or compliance practitioner can use those facts to graft a hiring program around the sons and daughters of foreign government officials which will not violate the FCPA.

In its Press Release, the SEC noted, “The Securities and Exchange Commission today announced that BNY Mellon has agreed to pay $14.8 million to settle charges that it violated the Foreign Corrupt Practices Act (FCPA) by providing valuable student internships to family members of foreign government officials affiliated with a Middle Eastern sovereign wealth fund.” Andrew J. Ceresney, Director of the SEC Enforcement Division, was quoted in the Press Release as stating, “The FCPA prohibits companies from improperly influencing foreign officials with ‘anything of value,’ and therefore cash payments, gifts, internships, or anything else used in corrupt attempts to win business can expose companies to an SEC enforcement action. BNY Mellon deserved significant sanction for providing valuable student internships to family members of foreign officials to influence their actions.” Kara Brockmeyer, Chief of the SEC Enforcement Division’s FCPA Unit, said, “Financial services providers face unique corruption risks when seeking to win business in international markets, and we will continue to scrutinize industries that have not been vigilant about complying with the FCPA.”

The Cease and Desist Order (Order) entered found that BNY Mellon violated the anti-bribery and internal controls provisions of the Securities Exchange Act of 1934. BNY Mellon, “Without admitting or denying the findings, the company agreed to pay $8.3 million in disgorgement, $1.5 million in prejudgment interest, and a $5 million penalty. The SEC considered the company’s remedial acts and its cooperation with the investigation when determining a settlement.”

The underlying facts and BNY Mellon’s conduct as laid out in the Order provide some clear guidance for the CCO or compliance practitioner regarding what will be a violation of the FCPA in terms of hiring sons, daughters and close family relatives going forward. It should be noted that two of the hires were sons of foreign governmental officials and one was a nephew. However, the first important lesson under this enforcement action is around the parties involved. Although not identified by country, the foreign governmental entity involved was a Middle Eastern Sovereign Wealth Fund. If there was any question as to whether foreign sovereign wealth funds were covered under the FCPA, that answer is now clear, they are covered. All corporate actions should be cloaked with this knowledge going forward.

The Order also specified how the hiring of the relatives led directly to BNY Mellon obtaining and retaining business. One foreign government official, (Official X), “made a personal and discreet request that BNY Mellon provide internships to two of his relatives: his son, Intern A, and nephew, Intern B. As a Middle Eastern Sovereign Wealth Fund department head, Official X had authority over allocations of new assets to existing managers such as the Boutique, and was viewed within BNY Mellon as a “key decision maker” at the Middle Eastern Sovereign Wealth Fund. Official X later persistently inquired of BNY Mellon employees concerning the status of his internship request, asking whether and when BNY Mellon would deliver the internships. At one point, Official X said to his primary contact at BNY Mellon that the request represented an “opportunity” for BNY Mellon, and that the official could secure internships for his family members from a competitor of BNY Mellon if it did not satisfy his personal request.”

There were clear statements by the BNY Mellon official involved that hiring this son and nephew were being done to obtain or retain business. As reported in the Order:

BNY Mellon was “not in a position to reject the request from a commercial point of view” even though it was a “personal request” from Official X. The employee stated: “by not allowing the internships to take place, we potentially jeopardize our mandate with [the Middle Eastern Sovereign Wealth Fund].”
Another employee was quoted as saying, ““I want more money for this. I expect more for this. . . . We’re doing [Official X] a favor.”
Yet another employee was quoted as saying, “I am working on an expensive ‘favor’ for [Official X] – an internship for his son and cousin (don’t mention to him as this is not official).”
Finally, to demonstrate the nefarious nature of the arrangement and lack of transparency in the entire process, this final BNY Mellon employee said, ““[W]e have to be careful about this. This is more of a personal request . . . [Official X] doesn’t want [the Middle Eastern Sovereign Wealth Fund] to know about it.” The same employee later directed his administrative assistant to refrain from sending email correspondence concerning Official X’s internship request “because it was a personal favor.”

The second foreign government official, (Official Y), “asked through a subordinate European Office employee that BNY Mellon provide an internship to the official’s son, Intern C. As a senior official at the European Office, Official Y had authority to make decisions directly impacting BNY Mellon’s business. Internal BNY Mellon documents reflected Official Y’s importance in this regard, stating that Official Y was “crucial to both retaining and gaining new business” for BNY Mellon. One or more European Office employees acting on Official Y’s behalf later inquired repeatedly about the status and details of the internship, including during discussions of the transfer of European Office assets to BNY Mellon. At the time of Official Y’s initial request, a number of recent client service issues had threatened to weaken the relationship between BNY Mellon and the European Office.”

When it came to hiring Official Y’s son there were some equally damning communications at BNY Mellon that were featured in the Order.

The BNY Mellon sovereign wealth fund relationship manager said, “that granting Official Y’s request was likely to “influence any future decisions taken within [the Middle Eastern Sovereign Wealth Fund].”
The same person also worried aloud that if BNY Mellon did not hire the son, it “might well lose market share to a competitor as a result.”
He went on to write ““Its [sic] silly things like this that help influence who ends up with more assets / retaining dominant position.”
Finally, he noted that to accede to Official Y’s request was the “only way” to increase business share.

Added to all of this was that none of the three individuals met the BNY Mellon requirements for its internship program; they met neither the academic or professional requirement to obtain an internship. BNY Mellon not only waived its own hiring requirements, it did not even go through the pretense of meeting with them or interviewing them. Finally, these three individuals were provided with “bespoke internships were rotational in nature, meaning that Interns A, B and C had the opportunity to work in a number of different BNY Mellon business units, enhancing the value of the work experience beyond that normally provided to BNY Mellon interns.”

The penalty was also interesting. As set out in the order BNY Mellon agreed to the following penalty amount: “disgorgement of $8,300,000, prejudgment interest of $1,500,000 and a civil money penalty in the amount of $5,000,000, for a total payment of $14,800,000.” The SEC noted the cooperation efforts of the bank in stating, “Respondent acknowledges that the Commission is not imposing a civil penalty in excess of $5,000,000 based upon its cooperation in a Commission investigation.” Further, BNY Mellon engaged in extensive remediation. The Order stated, “Prior to the investigation by the Commission of the Interns, BNY Mellon had begun a process of enhancing its anti-corruption compliance program including: making changes to the Anti-Corruption Policy to explicitly address the hiring of government officials’ relatives; requiring that every application for a full-time hire or an internship be routed through a centralized HR application process; enhancing its Code of Conduct to require that every year each employee certifies that he or she is not responsible for hiring through a non-centralized channel; and requiring as part of a centralized application process that each applicant indicate whether she or a close personal associate is or has recently been a government official, and, if so, additional review by BNY Mellon’s anti-corruption office is mandated.”

Tomorrow I will look at lessons learned for the CCO and compliance practitioner and how you can avoid the missteps of BNY Mellon in your hiring program going forward.

© Thomas R. Fox, 2015

Leave a Comment

August 18, 2015

Georgia On My Mind – How Does Compliance Enhance Shareholder Value?

Filed under: Best Practices,Chief Compliance Officer,Compliance,Compliance and Ethics,Ethical Leadership,Ethisphere,FCPA,Financial Times,Ft — tfoxlaw @ 12:01 am
Tags: compliance, FCPA, FT, Georgia On My Mind, Hoagy Carmichael

Can you get a sense of place from listening to a song? In an article in the Financial Times (FT), entitled “The Life of a Song – Georgia On My Mind”, Mike Hobart wrote that when you “combine Stuart Gorrell’s lyrics with Hoagy Carmichael’s music… the sense of place becomes palpable.” While that may be true, the piece attributed to Frank Trumbauer who said, “Nobody ever lost money writing songs about the South”. The song did not become the well-known standard it is today until Ray Charles recorded it in 1960, some 30 years after Carmichael wrote it. Hobart believes that the song works so well “not the least because ‘Georgia On My Mind’ is a brilliant piece of imaginative fiction that captures the yearnings of a homesick soul. That fact and fantasy are so out of step only adds to the pathos.”

That ultimate line from Hobart’s piece struck me around an issue that I have thought about for some time. How many Chief Compliance Officers (CCOs) and compliance practitioners out there have faced the following question from the General Counsel (GC), Chief Executive Officer (CEO), Chief Financial Officer (CFO) What does it do to enhance shareholder value? This is the question that is posed when senior management wants to deny resources to or even cut back the compliance function. At best the question is disingenuous and at worst it is simply a dodge by someone wanting to denude a corporate compliance function for their own nefarious reasons.

Michael Skapinker raised this second point, in another FT article entitled “Shareholder value is a cover for over-mighty chief executives”. Skapinker further opines that this question also presages an inquiry into whether CCOs “are using the cover of shareholder primacy to put themselves first?” While he also condemned the disparity in the growth of senior executives salaries and true shareholder value, Skapinker worries about the lack of accountability of CCOs and how their actions can damage a company’s reputation.

So how do you respond to this query? I think there is an answer with which you can always respond when faced with a clearly hostile CEO or other senior manager. It is the following. A best practices anti-corruption compliance program, whether based on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery law always enhances shareholder value. The reason is quite simple. It is all about tightening up the internal controls to prevent bribery and corruption.

However the part that such CEOs or other senior management may not understand is that FCPA internal controls are largely financial controls. Such controls are in place not only to comply with laws but also to provide internal oversight on how money flows out from an organization. The better the internal financial controls the better run a company will be in both the short and long term.

Most readers are familiar with Ethisphere’s annual designation of the World’s Most Ethical Companies. Many commentators deride this list because many of the companies on the list have gone through a FCPA investigation or enforcement action. Even with that factor, one of the things that Ethisphere touts about this list is that the companies on it routinely outperform the Standard & Poor’s (S&P) Index in annual performance. I thought about this seeming anomaly for a long time, wondering how ethical companies could be in the midst of FCPA investigations and be on a most ethical list.

The reason these companies are on the list is that they have better financial controls and by having better financial controls, these companies are more generally better run. Think about financial controls around employee expense reimbursement as an example. These are in place to satisfy Internal Revenue Service (IRS) rules to demonstrate the business purpose of employee travel, entertainment of customers, hospitality for potential customers and similar business expenses. Now consider this IRS requirement overlaid with a FCPA compliance requirement. Not only do you need to record the foreign government officials (or not) that you entertain, you need to document the expense incurred and the business purpose. If the expenses were predetermined to be over the amount set in your compliance policy, you may require compliance department pre-approval. When an employee submits an expense reimbursement form, there is usually a signature or self-attestation required. Then the employee’s supervisor, and perhaps one level above, must approve the reimbursement request before it even gets to Accounts Payable (AP) for a financial and procedure focused review.

All of these steps are financial controls yet they operate as internal compliance controls as well. If the controls are enforced the compliance function would have a searchable database to test employee expense reimbursement requests to see if any anomalies appear which should be set aside for further investigation. Imagine how GlaxoSmithKline PLC (GSK) might have fared if it had properly assessed its Chinese employee reimbursement requests to determine if the employees had actually put on the events for which they claimed reimbursement.

The same financial control analogy is true for the other key steps in any best practices compliance program. Management must communicate the message regarding doing business in compliance down to the troops. This message should be formalized in policies and procedures to set expectations of behavior. Then there should training on these educations and a person or function sufficiently resourced to run it. Next there should be incentives to do business in compliance and sanctions for those who fail to meet the set expectations and an appropriate reporting mechanism for internal reporting of compliance violations. Any best practices FCPA compliance program would also have a risk assessment, management of third parties and a mergers and acquisition (M&A) component. Finally, all of these concepts should be memorialized through internal controls that are designed, implemented and tested for effectiveness.

So the next time one of those senior management types asks you what the compliance function does or even what an expenditure that you want to incur will do to increase shareholder value, you can not only point him (or her) to the Ethisphere Most Ethical Company list but you can dive down to the specific level of your company and point directly to one of the above concepts around internal controls, which are really financial controls, to make your company not only run more efficiently but also provide appropriate levels of oversight.

So just as Hoagy Carmichael may indeed have written Georgia On My Mind because no one “ever lost money writing songs about the South”; no company was worse run because it had effective internal controls. Quite the contrary, the more effective your compliance controls are the better run your company will be and that will most certainly enhance shareholder value.

© Thomas R. Fox, 2015

Leave a Comment

August 14, 2015

The BHP Case and Enforcement of The FCPA’s Internal Controls Provision

Filed under: Accounting Records violations,Best Practices,BHP Billiton,Compliance,Compliance and Ethics,FCPA,Internal Controls,SEC — tfoxlaw @ 12:01 am

Ed. Note-today we have a guest post from Jean-Michel Ferat ,CPA, CFF is a Managing Director in the Washington D.C office of the Claro Group around his views on the BHP Billiton enforcement action.

Much has been made in the last few months of the SEC’s seemingly aggressive stance in the BHP Billiton case. Many FCPA practitioners have taken the view that the SEC likely over-reached and set a wobbly precedent in extracting a $25 million civil settlement from BHP for its alleged internal control failure relating to the identification of hospitality payments to government officials that could potentially have been subject to some quid pro quo arrangement.

This appears to be a standout case for the SEC, even when compared to the 2012 Oracle case. In Oracle, the SEC had at least the existence of an off-the-books slush fund which on its surface appeared to have been set up for nefarious purposes. In most if not all SEC enforcement actions in the last 5 years, it would appear that internal controls violations were coupled with a books and records violation: in other words shady accounting. With BHP, the SEC had a company that identified a specific corruption risk, established a control to mitigate that risk but failed to execute it adequately. No off-the-books slush fund, no fake invoices, no fictitious vendors, no circuitous payments to government officials….. In other words: no shady accounting.

Accounting Controls vs. Compliance Controls

The BHP case is important for another reason. It helps to illustrate a thorn in the side of most organizations when it comes to establishing and documenting a comprehensive control structure: the distinction between accounting controls and compliance controls. I won’t argue here whether a literal interpretation of the law should restrict our regulators and law enforcement to violations of accounting controls or whether it extends to other operational controls – e.g. compliance controls – as well. What I will argue is that the distinction between accounting controls and compliance controls is not purely semantic but one with practical implementation, enforcement and reporting differences within most organizations.

When one of thinks of accounting controls in the context of corruption risk, one thinks of controls over accounts payable, petty cash, vendor set-up, disbursements and the like. In essence, these are controls that address whether cash out the door is going to its intended recipient and whether it is properly accounted for in the company’s books and records. These types of controls over financial reporting have received persistent scrutiny under SOX 404 and are typically “owned” by a company’s finance function (e.g. accounting manager, controller, CFO). Conversely, compliance controls are ones that do not necessarily impact a company’s financial reporting process but are meant to ensure compliance with laws and regulations. In the case of the FCPA, such controls might include mandatory FCPA training for employees, audit rights in third party contracts, and due diligence surrounding third party representatives. These controls are not usually “owned” by the finance function but are typically fall to the legal department or CCO. This division of labor makes sense for most organizations but it has the often-times negative effect of creating control “silos” where neither finance nor legal has a complete picture of FCPA risk mitigation. The primary mechanism for countering this silo effect is (1) implementing an enterprise wide risk management process (2) mapping those risks to the detailed internal controls (both accounting and compliance) designed to mitigate and (3) disseminating this information to upper management across the entire organization.

The Risk Management Process and Linking Controls to Identified Risks

A company’s Enterprise Risk Management Process should be used to identify perceived risks to the organization and put in place a risk mitigation plan. In most company’s though, the mitigation plan is often kept at a very high level and rarely includes a deep dive into the detailed accounting and compliance controls currently in place or that must be implemented to adequately mitigate risk. In the case of FCPA risk, we often see companies undertaking corruption risk assessments and addressing internal controls at a very high level, but similarly, we rarely see such risk assessments taking a deep dive into the specific controls in place to manage corruption risk.

In the case of BHP, employees actively identified a new corruption risk and sought to mitigate it. Where it looks to have failed was by not integrating the newly identified risk into its overall risk management process and ensuring that the newly established control was adequate to mitigate the risk. Had BHP included the identified risk into its overall risk management process, it likely would have benefited from:

visibility of the perceived risk by various parts of the organization including Finance, Legal, Operations and members of the Risk Committee of the Board, if one existed;
A clear determination of who within the organization was responsible for mitigating the risk;
A chance for internal audit or another group within the organization to evaluate whether the established controls were sufficient and operating effectively.

Linking detailed internal controls to identified risks is a laborious task, in particular in decentralized organizations with varying types of internal controls in different geographic locations and/or business segments. The BHP case and newly established COSO guidelines would suggest however that organizations should seriously consider performing this task. FCPA scholars will wait to see whether the SEC’s position on BHP is part of an emerging pattern of internal controls enforcement or a one off anomaly. Regardless, public issuers should take heed and look to shoring up their risk management and internal control processes before the regulators come knocking.

Editors Note-a reader noted the line “Most notable in this case is the fact that the SEC did not charge BHP with either a books and records violation or an anti-bribery violation, but an internal controls violation alone,” is incorrect. BHP was charged with a Books and Records violation of the FCPA. This line has been removed.

Jean-Michel Ferat, CPA, CFF is a Managing Director in the Washington D.C office of the Claro Group and has over eighteen years of experience in the specialized fields of forensic accounting and fraud detection. He has applied his skills in a variety of cases involving financial statement fraud, high-level corruption, terrorist financing, collusive bidding rings, money laundering, embezzlement, asset misappropriation. HE has undertaken dozens of corruption investigations around the globe including a lead role in the United Nations Oil-for-Food Programme investigation. He can be reached at jmferat@theclarogroup.com.

Leave a Comment

August 13, 2015

Cymbeline – Doing Virtue and FCPA Compliance

Filed under: Best Practices,Compliance,Compliance and Ethics,Culture,Department of Justice,Doing Compliance,Ethics,FCPA,SEC — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, Department of Justice, DOJ, FCPA, Foreign Corrupt Practices Act, FT, SEC, Wall Street Journal, WSJ

Commentators still level the hue and cry that it is somehow the fault of the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) that companies continue to violate the Foreign Corrupt Practices Act (FCPA). Things would improve if only the DOJ and SEC would (1) prosecute companies more aggressively; (2) prosecute companies less aggressively; (3) make an example of ‘rogue’ employees who violate their corporate overseers pronouncements not to violate the law; (4) prosecute more corporate executives to ‘send a message’; (5) amend and clarify the FCPA because the concept of do not pay bribes is somehow too complicated for mere mortals to understand; (6) implement a compliance defense because apparently the DOJ does not consider that enough in any decision to prosecute; and/or (7) as The Donald desires, simply do away with the FCPA to restore the ability to pay a fair price for fair corruption.

I thought about all of these varied and contradictory reasons when considering one of Shakespeare’s most enigmatic plays, Cymbeline. In an article in the Wall Street Journal (WSJ) entitled “The Long, Painful Drama of Self-Knowledge”, Stephen Smith considered the character Posthumus who was thought of as virtuous yet, through the crush of the plot, has his virtuous image shattered. Smith poses the question of “Why is Posthumus such a poor leader of himself, and a danger to others?” He answers his own question by saying, “The play suggests that his lack of self-knowledge, along with the flattery of his culture, make him overconfident.” In other words, he was human.

I thought about this analysis in the context of the recent accounting and financial scandal that engulfed the Toshiba Corporation in Japan. For those who did not follow the news, Toshiba announced last month that it had overstated its profits from 2008-2014 by over $1 billion dollars. This was in the face of the company having been publicly recognized for its good governance standards and practices. In an article in the Financial Times (FT), entitled “Japan Inc left shaken by Toshiba scandal”, Kana Inagaki reported, “On paper, it had a structure that gave its external directors the authority to many top executives and an auditing committee to monitor the behaviour of the company’s leaders. It was lauded for its efforts. In 2013, the group was ranked ninth out of 120 publicly traded Japanese companies with good governance practices in a list compiled by the “Japan Corporate Governance Network.””

But it was all a sham as it turned out that chairman of the audit committee was in on the fraud in addition to a plethora of top executives. Kota Ezawa, an analyst at Citigroup was quoted in the piece that “Toshiba was lauded as the frontrunner in governance efforts but that was a misunderstanding. Its governance structure looked good but the execution was not.” Ezawa further stated, “We need to make sure that companies understand that having structures is not enough.” So even a company with $52bn in annual sales must have more than a paper program.

For those who want to point to some defect in the Japanese corporate character, reminding us of the Olympus scandal from 2011, where successive corporate executives covered up long running accounting fraud, Andrew Hill, also writing for the FT in an article entitled “The universal dangers shown by Toshiba’s failings”, says not to point that self-righteous finger quite so quickly. He reminds readers of WorldCom from earlier this century. Being from Houston, I would remind readers of Enron and its accounting fraud as well. Hill cites to the work of Professor Michael Jones to identify four main types of accounting fraud, (1) increasing income, (2) decreasing expenses, (3) increasing assets, and (4) decreasing liabilities. Hill further notes that one common failing in all of these examples is the failure of internal controls. A second key failing is the “Unwillingness to challenge authority, a trait attributed to employees at Toshiba and Olympus — and often given an “only in Japan” spin — is a recurring problem everywhere, from Royal Bank of Scotland under Fred Goodwin to Fifa under Sepp Blatter.”

Hill’s explanation of the how and why of these accounting scandals is as age old as the time of Cymbaline. He wrote, “The most important lesson from Toshiba is about the malign impact of top-down pressure to meet unrealistic targets. Toshiba’s ex-chief executive denies having given direct instructions to staff to inflate profits. But the investigating panel said he told executives to “use every possible measure to achieve profitability” and added that Toshiba’s corporate culture did “not allow employees to go against the will of their superiors”.”

The lessons that Hill finds in the Toshiba accounting scandal are equally applicable to FCPA compliance and enforcement. It is not the DOJ or SEC’s “fault” when companies do not comply with the FCPA. It is up to the companies to which the law applies to comply with it. Make no mistake; it is quite simple not to pay bribes. One only has to wake up and say “I am not paying a bribe today, no matter what the economic benefit is to me”. Yet for a company, it is not easy because you have to not only put the appropriate controls in place, but you have to do compliance by ensuring these controls are executed upon. That was the failing of Toshiba, it had the controls in place but it did not execute on them.

I think this speaks directly as to why FCPA violations continue to occur and be prosecuted. Hill ended his piece by noting, “When aggressive targets, irresistible management pressure and weak controls coincide, misconduct can spread quickly. Rival companies see the inflated numbers and strain to match them. To suggest such weaknesses are confined to one corporate or national culture is a first step into dangerous complacency.” As long as humans are involved with corporations and there are incentives in place for more and greater sales, you will always have the motivation to cut corners and pay bribes. That impulse can be brought on by a bump in salary, a nice bonus, a promotion or sometimes simply keeping your job. That is why a compliance program must be put in place and those controls must be effective.

In Cymbeline the protagonist Posthumus learns that one key component of virtue is prudence. Near the end of his article on Shakespeare’s play Smith writes, “In his story, we glimpse one goal of Shakespearean drama: to help forge just such a character – an integrated human person capable of leading himself and others to peace, with the help of virtue.” For FCPA compliance, as long as there are incentives in place to make money, there will be people who cut corners by paying bribes. Yet companies can temper this by putting an effective compliance program in place and actually doing compliance. Much like Posthumus learns in Cymbeline it is one’s actions which lead to being virtuous; for a company, it is doing compliance that leads to it being called ethical.

© Thomas R. Fox, 2015

Leave a Comment

August 11, 2015

What Goes Downhill May Go Uphill in FCPA Compliance

Filed under: Best Practices,Brazil,Corruption in Brazil,Department of Justice,FCPA,Petrobras — tfoxlaw @ 12:01 am
Tags: best practices, Bribery Act, compliance, compliance programs, Department of Justice, DOJ, FCPA, FT, NYT

Usually the question I am posed is how far down the chain must you go in your due diligence to ensure that your suppliers are in compliance with the Foreign Corrupt Practices Act (FCPA). I would pose that now, after the Petrobras scandal, a company may need to examine the flow in the other direction. I thought about this directional shift when I read an exhaustive report in the Sunday New York Times (NYT) on the Petrobras scandal, entitled “Brazil’s Great Oil Swindle”, by David Segal. The article reviews the genesis of and details the ongoing nature of the Petrobras scandal.

While I have previously written about the other Brazilian companies that have been caught up in the scandal, such as Oderbrecht, Camargo Corrêa and UTC Engenharia, Segal’s article detailed a level of immersion in corruption that should concern every US Company subject to the FCPA and catch the eye of Department of Justice (DOJ) prosecutors handling FCPA cases. It appears that the companies that had direct contracts with Petrobras also colluded in the old-fashioned anti-trust sense, so that not only did they control all the subcontract work done on any Petrobras project but they would also demand bribes from the subcontractors which they then passed up the chain to Petrobras executives and eventually Brazilian politicians. If this scheme turns out to be true, it literally could explode potential FCPA exposure for any US Company doing business on any subcontract where Petrobras was the eventual beneficiary.

Segal reported, “according to prosecutors, these companies stopped competing and started to collaborate. They formed a cartel and decided, in advance, which of them would win a particular deal. A charade competition was orchestrated, and the anointed winner could charge vastly more than it would in a free market.” Further, “A document obtained by prosecutors laid out what it called the “rules of the game.” The trumped-up bidding process was labeled a “sports tournament”, with an assortment of rounds and a “trophy.” There was a no-sore-loser codicil, too: “The teams that participate in a round should honor the rules that have been agreed on, even when they are not the winner.”

But the corruption did not stop simply at these non-Petrobras entities. These companies would demand bribes from their subcontractors that they passed up the line to Petrobras. Segal wrote, “From 1 to 5 percent of the value of a given contract was diverted to those on the receiving end of the scheme, a group that included 50 politicians from six parties, according to prosecutors. Money from cartel members took a circuitous route to politicians’ pockets, passing through ghost corporations whose owners made bribes look like consulting fees.”

Think about all of this for a minute. What happens when everyone and every company associated with a National Oil Company (NOC) is in on the corruption? I thought about this question when I read an article in the Financial Times (FT) by Andres Schipani, entitled “We were terrorized by the drop in oil prices”, where he discussed how the drop in world oil prices has negatively affected Venezuela more than any other top oil producing company. Part of the country’s trouble is the rampant corruption around its NOC PDVSA. Schipani quoted a former minster for the following, “The design of the political economy here only benefits the corrupt.” Moreover, the country is near the bottom of the Transparency International Corruption Perceptions Index (TI-CPI) coming in at 161^st out of 175 countries listed.

Most Chief Compliance Officers (CCOs) and compliance practitioners had focused their third party risk management program around third parties, first on the sales side and then in the Supply Chain (SC). However now companies may well have to look at other relationships, particularly those where the company is a subcontractor involved in a country prone to corruption with a NOC or other key state owned enterprise. Last year the Wall Street Journal (WSJ) in an article entitled “Venezuelan Firm Is Probed In U.S.”, by José De Córdoba and Christopher M. Matthews, reported that a US company ProEnergy Services LLC (ProEnergy), a Missouri based engineering, procurement and construction company, sold turbines to Venezuelan company Derwick Associates de Venezuela SA (Derwick), who provided them to the Venezuelan national power company. The article reported that the DOJ’s “criminal fraud section are reviewing actions of Derwick and ProEnergy for possible violations of the Foreign Corrupt Practices Act”. Derwick was reported to have been “awarded hundreds of millions of dollars in contracts in little more than a year to build power plants in Venezuela, shortly before the country’s power grid began to sputter in 2009”. All of this with a commission rate paid by ProEnergy to Derwick of a reported 5%.

The Brazilian investigation poses far more dire consequences for any US Company that did business with the cartel of Brazilian companies that had locked up the Petrobras work. It means that you need to go back immediately and not only review the underlying due diligence which you did (probably none); then review the contracts with those entities; and, finally, cross-reference to see if there were any contract over-charges which were rebated back to the cartel members. If so, you may well have a serious problem on your hands as any unwarranted rebates, refunds, customer credits or anything else that could have been readily converted into cash to be used to fund a bribe.

This second part is one thing that challenges many compliance officers. The compliance function does not always have visibility into the transactions assigned to specific contracts or projects like your company might be engaged in for Petrobras in Brazil. However it also speaks to the need for transaction monitoring as not simply a cutting edge technique or even best practice but a required financial controls tool that is also applicable to compliance internal controls as well.

As Brazilian prosecutors expand ever outward from Petrobras, US companies subject to the FCPA and UK companies and others subject to the UK Bribery Act would do well to review everything around their Brazilian operations, contracts and dealings. The Petrobras scandal has shown two clear trends to-date. First is that we are far from the end of this scandal. Second, the prosecutors have been fearless so far in following the corruption trail wherever it may go. If they follow it to US companies, they could prosecute them on their own in Brazil for violation of domestic anti-bribery and anti-corruption laws or turn the evidence over to the DOJ. The thing to do now is to get out ahead of this all too certain waterfall.

© Thomas R. Fox, 2015

Comments (1)

August 6, 2015

Social Media Week Part IV – Telling a Story About Honey

Filed under: Best Practices,Chief Compliance Officer,Compliance,Compliance and Ethics,compliance programs,Doing Compliance,Gar Hurst,Innovation,Marketing,Social Media — tfoxlaw @ 12:01 am
Tags: CoVouch

I continue my exploration of the use of social media in doing compliance by taking a look at a very innovative social media solution to a difficult compliance issue around, of all things, honey. This example shows how creative thinking by a lawyer, in the field of import compliance, led to the development of a software application, using some of the concepts that I discussed earlier in the week around social media. Once again demonstrating the maxim that lawyers (and compliance practitioners) are only limited by their imagination, the use of this software tool demonstrates the power of what social media can bring to your compliance program.

This innovation contrasts with a reader’s comment earlier this week when I began my series on the use of social media in doing compliance. The comment was that this reader’s company, while actively using social media to reach, communicate with and receive information back from its customer base; did not allow employees to access Facebook, Twitter, Pinterest, Snapchat and a whole host of other social media sites on company purchased computers. While the company’s stated reason was security, the true reason is that they simply did not trust their employees not to “waste time” by accessing such sites during work hours.

Such corporate attitudes, while clearly from the time of the dinosaurs, unfortunately still exist. Companies need to understand that social media is a tool which can and should be used affirmatively. Like any tool, it can be abused but if you cannot trust your employees not to goof off (1) they probably should not be your employees and (2) the company is a lousy manager; so there is lots of opportunity for growth. It reminds of when I was working for a corporation back in 2004 and they did not want employees to have company issued cell phones, because you know they might use them for personal use. The bottom line is that social media is here to stay. Millennials and others are only going to communicate through that medium so if companies want to stay relevant, not only with products and services but also with their employee base, they need to understand that social media is an important and significant tool of the future. But enough of my mini-Howard Sklar rant.

Gar Hurst, a partner in the law firm of Givens and Johnston PLLC in Houston, faced an issue around US anti-dumping laws for honey that originated in China. The US Government applies anti-dumping trade sanctions to goods from a particular country. They do this when a domestic interest group alleges and proves, at least theoretically, that the producers in a foreign country are selling their goods into the US market at below fair-market value. By doing this, they are harming the US domestic industry. The dumping duties, which can result from this, can easily be 100, 200, even up to 500 % of import duties. To get around the anti-dumping laws, importers would ship Chinese originated honey to Indonesia, Vietnam or some other country and pass it off as originating from one of those locations.

The problem that Hurst’s client faced was how to prove the honey did not originate from China. In an interview, Hurst said, “We were working with a Southeast Asian honey producer. They were in this situation where Customs was essentially treating them as though they were a Chinese producer. We’ve provided them documents. We’ve provided them invoices. We’ve provided them production docs. We’ve provided them all sorts of documents but there was nothing that we could give them documentary that they didn’t believed could be fake. That was the problem, documents on their face are just a form of testimonial evidence. Meaning, somebody somewhere said, this stuff is actually from the Philippines. It’s only as good as the word of the person who wrote it on. We needed something that would get beyond that problem.”

So using awareness around communications through a smart phone, Hurst and his team came up with an idea “that with the explosion of smartphone technology which is in the hands of basically everybody in the United States and soon to be everyone in the world, these devices basically allow a person to take a picture that is geo-tagged and time and date stamped and then upload that picture to a database in the cloud. Effectively, that’s what we did.” As Hurst explained the process which they came up it was amazingly simply, “We basically created an app that resided on Android phone that they could then go around and document the collection of all these various barrels of honey and its processing. Every time they take a picture, it would be time and date stamped with geo-tagging as well. You know when and where a picture of a particular barrel of honey which we would label with some special labels so you could identify it when and where that was taken.” The product they came up with is called CoVouch.

From there the information is uploaded into a secure database that Hurst and his team created in the cloud. His firm then took all of the evidence they had documented that the honey originated in Indonesia, not China, and presented it to the US Customs service to show his client had not sourced its honey in China. In version 2.0 Hurst and his development team are creating a searchable database which US Customs can use to make spot checks and other determinations.

Recognizing the level of technical sophistication of honey farmers in Asia, CoVouch is amazingly simply to use. It takes pictures, puts time stamps on them and puts geo-tags that show the location where the picture was taken and with glued or pasted on bar codes, you can trace the shipment of honey throughout its journey. But it does so in a way that tells a story. Hurst said, “you’re telling the story but the provenance, if you will, of one imported barrel of honey and how did it get to where it’s at. It’s different. Yeah, that’s right. That’s exactly what we’re trying to do and trying to do it in a way that is easy enough so that, as you put it, a fairly, uneducated farmer in Indonesia can do it and a busy Customs agent in the United States can review it.”

Such a software system uses the concepts around social media to make a honey farmer a provider of documents evidence, through photographs, to meet US anti-dumping laws. But I see the application as a much broader tool that could be used by anyone who needs to verify information on delivery, delivery amounts, delivery times and delivery locations. This could be a field hand who is delivering chemicals even West Africa and does not know how to speak English. Hurst pointed to uses around whether something might be eligible for special import or export regulations due to NAFTA, whether restricted trade goods, such as those used in the oilfield industry, worked their way into Iran and even applicability under the Buy American Act around the US content in goods.

For the anti-corruption compliance practitioner, you could use such a tool to not only receive information, and more importantly photographic evidence, but you could also deliver information. But the key is that you are only limited by your imagination. CoVouch could be a tool that you use internally for delivery of information and receipt of information inside your company.

Tomorrow I will end my weeklong exploration of the use of social media in your compliance program by discussing some of the more common social media applications and how you might use them.

Once again please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, the FCPA Compliance and Ethics Report.

To check out the CoVouch website, click here.

To listen to my podcast with Gar Hurst, go to the FCPA Compliance and Ethics Report, Episode 181, by clicking here.

Leave a Comment

August 5, 2015

Social Media Week Part III – Twitter and Innovation in Your Compliance Program

Filed under: Best Practices,Chief Compliance Officer,Compliance,Compliance and Ethics,compliance programs,Innovation,MIT Sloan Management Review,Social Media,Twitter — tfoxlaw @ 12:01 am

I continue my exploration of the use of social media in your Foreign Corrupt Practices Act (FCPA) compliance program today. One of the ways that Chief Compliance Officers (CCOs) and compliance practitioners can communicate about their compliance programs is through the use of the social media tool Twitter. In an article in the Summer issue of the MIT Sloan Management Review, entitled “How Twitter Users Can Generate Better Ideas”, authors Salvatore Parise, Eoin Whelan and Steve Todd postulated that “New research suggests that employees with a diverse Twitter network – one that exposes them to people and ideas they don’t already know – tend to generate better ideas.” Their research led them to three interesting findings: (1) “Overall, employees who used Twitter had better ideas than those who didn’t.”; (2) In particular, there was a link between the amount of diversity in employees’ “Twitter networks and the quality of their ideas.”; and (3) Twitter users who combined idea scouting and idea connecting were the most innovative.

I do not think the first point is too controversial or even insightful as it simply confirms that persons who tend have greater curiosity tend to be more innovative. The logic is fairly straightforward, as the authors note, “Good ideas emerge when new information received is combined with what a person already knows.” In today’s digitally connected world, the amount of information in almost any area is significant. What the authors were able to conclude is that through the use of Twitter, “the potential for accessing a divergent set of ideas is greater.”

However it was the third finding that I thought could positively impact the compliance profession, the role of the Idea Scout and the Idea Connector. An idea scout is “an employee who looks outside the organization to bring in new ideas. An idea connector, meanwhile, is someone who can assimilate the external ideas and find opportunities within the organization to implement these new concepts.” For the compliance practitioner, the ability to “identify, assimilate and exploit new [compliance] ideas” is the key takeaway. However to improve your compliance innovation, “you need to maintain a diverse network while also developing your assimilation and exploitation skills.”

For the compliance practitioner, Twitter can be “described as a ‘gateway to solution options’ and a way to obtain different perspectives and to challenge one’s current thinking.” Interestingly the authors found that “It’s not the number of people you follow on Twitter that matters; it’s the diversity within your Twitter network.” The authors go on to state, “Diversity of employee’s Twitter network is conductive to innovation.” Typically an Idea Scout will “identify external ideas from experts and resources on Twitter.” Clearly the compliance practitioner can take advantage of experts with the anti-corruption compliance field but there is perhaps an equally rich source of innovation from those outside this arena.

An interesting approach was what the authors called the “breadcrumb” approach to finding innovation leaders and thought-provokers. It entailed a “period of “listening” to colleagues and industry leaders who are on the platform – including what they are tweeting about, who they are following and replying to on the platform, who is being retweeted often”. So with most good leadership techniques the first key is to listen.

Equally important to this Idea Scout is the Idea Connector, who is putting the disparate strands from Twitter’s 140 character tweets together. For the compliance function, this will be someone who identifies compliance best practices or other information from Twitter ideas, can then put them together and direct the information to the relevant company stakeholders. Finally, such a person can “Curate Twitter ideas and matches them with company resources needed to implement them.”

Here the authors listed a variety of ways an Idea Connector can use Twitter. One user said, “I try to sift through all the Twitter content from my network and look for trends and relationships between topics. I put my analysis and interpretation on it. I feel that’s where my value-add is.” Another method is to focus on analytics and one user “filtered specific subsets of the topic for different stakeholders” at his company. Another method was to create “social dashboards or company blogs based on the insight” received thought Twitter. Interesting, one of the key requirements for successfully mining Twitter was in finding ways to share its content “since many employees, especially baby-boomers don’t use the platform themselves.” Conversely by mining information from Twitter and presenting it, this can allow these ‘technologically challenged’ older employees to ascertain how they can target millennial’s.

But as much as these concepts can move a CCO or compliance practitioner to innovation in a compliance program, it can also foster additional information through the following of your own employees. It is well known that Twitter can facilitate greater communication to and between the compliance function and its customer base, aka the company employees. However the authors also point to the use of Twitter to enable this same type of innovation because it “is different than email and other forms of information sources in that it enables continuous engagement”.

Twitter was created to allow people to connect with one and other and communicate about their activities. However the marketing potential was immediately seen and used by many companies. Now a deeper understanding of its use and benefits has developed. For the compliance practitioner one thing you want to consider is to align your Twitter and great social media strategy with your compliance strategy; match your Twitter strategy to your compliance strategy.

Twitter can be powerful tool for the compliance practitioner. It is one of the only tools that can work both inbound for you to obtain information and insight and in an outbound manner as well; where you are able to communicate with your compliance customer base, your employees. You should work to incorporate one or more of the techniques listed herein to help you burn compliance into the DNA fabric of your organization.

Leave a Comment

August 3, 2015

Social Media Week Part I – Using Social Media In Your Compliance Program

Filed under: Best Practices,Chief Compliance Officer,Compliance,Compliance and Ethics,compliance programs,Innovation,Marketing,Social Media,Social Media Examiner — tfoxlaw @ 12:01 am

Welcome to Part I of Social Media Week. I recently did a webinar, hosted by The Network, on the use of social media in your Foreign Corrupt Practices Act (FCPA) compliance program. The response was as great as almost any other webinar in which I have participated. Based upon the overwhelming feedback, this week I will post a series of blogs on the use of social media in your compliance program. In Part I, I begin with a discussion of why you should integrate social media into your compliance program.

I have been studying the business side of social media for some time now as a way to help understand how I might more effectively and more creatively bring the message of doing compliance to my readers and podcast listeners. This led me to think about the message of compliance inside of a corporation and how it is distributed. In a compliance program, a large portion of your consumers/customers are your employees. Social media presents some excellent mechanisms to communicate the message of compliance going forward. Many of the applications that we use in our personal communication are free or available at very low cost. So why not take advantage of them and use those same communication tools in your internal compliance marketing efforts going forward.

On the Social Media Examiner site, which brands itself as “Your Guide to the Social Media Jungle”, is a podcast entitled “Social Sharing: How to Inspire Fans to Share Your Stories”, hosted by Michael Stelzner, Chief Executive Officer (CEO) and Founder of the site. In the podcast Stelzner interviews Simon Mainwaring, author of “We First: How Brands and Consumers Use Social Media to Build a Better World”, who said that to allow them to market successfully there are three key components, (1) Let your employees know what you stand for; (2) Celebrate their efforts; and (3) Give them a tool kit of different ways to participate. I think each of these concepts can play a key role for the compliance practitioner in internally marketing their compliance program.

Let Your Employees Know What You Stand For

In the FCPA Guidance, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) said that the basis of any anti-corruption compliance program is the Code of Conduct as it is “often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” That well known @CodeMavencc, Catherine Choe, has said that she believes “Two of the primary goals of any Code are first, to document and clarify minimum expectations of acceptable behavior at a company, and second, to encourage employees to speak up when they have questions or witness misconduct.”

But more than the Code of Conduct, does your company really communicate that it stands for compliance? Obviously formal anti-corruption training under the FCPA is important but I think that more is required to reinforce that your company has a culture of compliance throughout the organization. In other words, are you communicating what you stand for and not simply the rules and regulations of a compliance program?

Celebrate Their Efforts

Once again the FCPA Guidance speaks to the need to incentivize employees in the company realm. The Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many Guiding Principles of Enforcement forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.” But more than simply incentives, it is important to “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well.”

Mainwaring’s concept means going beyond incentivizing. To me his word ‘celebrate’ means a more public display of success. Financial rewards may be given in private, such as a portion of an employee’s discretionary bonus credited to doing business ethically and in compliance with the FCPA. While it is certainly true those employees who are promoted for doing business ethically and in compliance are very visible and are public displays of an effective compliance program. I think that a company can take this concept even further through a celebration to help create, foster and acknowledge the culture of compliance for its day-to-day operations. Bobby Butler, at Universal Weather and Aviation, Inc., has spoken about how his company celebrated compliance through the event of Compliance Week. He said that he and his team attended this event and used it as a springboard to internally publicize their compliance program. Their efforts included three separate prongs: they were hosting inter-company events to highlight the company’s compliance program; providing employees with a Brochure highlighting the company’s compliance philosophy and circulating a Booklet which provided information on the company’s compliance hotline and Compliance Department personnel.

Give Your Employees a Tool Kit For Compliance

Obviously a key component of any effective compliance program is an internal reporting mechanism. The FCPA Guidance states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” The Guidance goes on to also discuss the use of an ombudsman to address employee concerns about compliance and ethics. I do not think that many companies have fully explored the use of an ombudsman but it is certainly one way to help employees with their compliance concerns. Interestingly, in an interview in the Wall Street Journal (WSJ) with Sean McKessy, Chief of the SEC’s Office of the Whistleblower, he stated, “What I hear is that companies are generally investing more in internal compliance as a result of our whistleblower program so that if they have an employee who sees something, they’ll feel incentivized to report it internally and not necessarily come to us.”

Two of the newest and perhaps coolest tools a Chief Compliance Officer (CCO) or compliance practitioner can utilize in the realm of social media are Meerkat and Periscope. Both tools allow you to tell a compliance story in real time, throughout your organization and beyond. They are both live streaming apps that enable you to create a video and open the portal to anyone who wants to use it. Anybody in your Twitter community can click on that link and watch whatever you’re showing on your phone. The big piece is the mobile aspect. It’s as simple as a basic tweet and hitting the “stream” button.

However, there are a wide variety of social media tools available that you can incorporate into your compliance program. Apps like Pinterest, Snapchat, Instagram and others may seem like tools that are solely suited to personal use. However their application is much broader. Over the next week, I will be exploring some of these apps and tools and how they might be used in doing compliance. As with many ideas in the compliance space, a CCO or compliance practitioner is only limited by their imagination. For these apps, they can be most useful when you tell the story of compliance in your company. Hootsuite did a campaign called “Follow the Sun” using Periscope. They decided to let their employees showcase what they called #HootsuiteLife. They gave access to different people in every company office around the globe. Throughout the day, it would “Follow the Sun,” and people in different offices would log into the Hootsuite account and walk around and show off their culture, interviewing their friends, etc. They talk about the importance of culture and now they are proving it. The number of inbound applications drastically increased after people got that sneak peek into their company.

Yet there are other tools available, at no cost, and can be downloaded onto a mobile device such as a smartphone or iPad. These include the O’Melveny & Myers LLP Foreign Corrupt Practices Act Handbook; which concentrates solely on the FCPA and is primarily a new vehicle to distribute content it already makes available upon request. This content includes O’Melveny’s FCPA Handbook and In-House Counsel’s Guide to Conducting Internal Investigations. In addition, the app features five resource sections that serve as an interactive, illustrative directory with titles ranging from ‘O’Melveny Authored Client Alerts’ to ‘DOJ Opinion Releases’.

Another approach is found in the Latham & Watkins LLP’s AB&C Laws app which takes an international approach to anti-corruption and anti-bribery laws, with the content focused on organizing and easing access to statutes and regulatory guidance according to specific fields of interest, from legislative frameworks to extra-territorial application to enforcement and potential penalties. It also includes official guidance such as steps (where available) that can be taken to reduce the risk of liability for bribery and corruption.

There is much to be learned by the CCO and compliance practitioner from the disciplines of marketing and social media. These concepts are useful to companies in getting their sales pitches out and can be of great help to you, the CCO or compliance practitioner, in collaborating and marketing throughout your company. I hope you will follow this week’s Use of Social Media series as I will endeavor to provide to you not only with a discussion of some new tools which you can incorporate into your compliance program going forward but also a different way to think about who your customers are and how you are reaching them with your message of doing compliance.

Finally, I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, The FCPA Compliance and Ethics Report.

Leave a Comment

July 30, 2015

The Trait of Empathy in Compliance

Filed under: Adam Bryant,Best Practices,CCO 2.0,Chief Compliance Officer,Compliance,Compliance and Ethics,compliance programs,New York Times — tfoxlaw @ 12:01 am
Tags: empathy, NYT

Can you empathize with those who work for you, around you and those you report to? While many leaders, particularly those who might be labeled the ‘command and control’ type seem to think that empathy is a negative; I think that it is an important habit for any Chief Compliance Officer (CCO) or compliance practitioner to not only practice but also master. Recently there were a couple of articles in the New York Times (NYT) that discussed this character trait and I found them useful to consider for the leadership toolkit of the CCO or compliance profession.

The first was by Daryl Cameron, Michael Inzlicht and William A. Cunningham, entitled “Empathy is Actually a Choice” and the second was in the Corner Office section by Adam Bryant, entitled “Is Empathy on Your Résumé?”, in which Bryant profiled Stewart Butterfield, the co-founder and chief executive of Slack, a communication service for businesses. The first piece focused on research by the authors and the second was Bryant’s weekly piece on business leadership.

The researchers noted, “While we concede the exercise of empathy is, in practice, often far too limited in scope, we dispute the idea that this shortcoming is inherent, a permanent flaw in the emotion itself…we believe that empathy is a choice that we make to extend ourselves to others. The “limits” to our empathy are merely apparent, and can change, sometimes drastically, depending on what we want to feel.” The authors ended by stating, “Arguments against empathy rely on an outdated view of emotion as a capricious beast that needs to yield to sober reason. Yes, there are many situations in which empathy appears to be limited in its scope, but this is not a deficiency in the emotion itself. In our view, empathy is only as limited as we choose it to be.”

Bryant’s article on Butterfield and his leadership style brought these concepts home. Most interestingly, Butterfield began by self-disclosing, “I’m good at the leadership part. But I’ve always said that I’m a terrible manager. I’m not good at giving feedback. People are like horses — they can smell fear. If you have a lot of apprehension going into a difficult conversation, they’ll pick up on that. And that’s going to make them nervous, and then the whole conversation is more difficult.”

Another insight on leadership was something as simple as meetings. Butterfield said that “if you’re going to call a meeting, you’re responsible for it, and you have to be clear what you want out of it. Have a synopsis and present well. At the same time, if you’re going to attend a meeting, then you owe it your full attention. And if it’s not worth your attention, then say so — but don’t be a jerk about it — and leave the meeting.” So more than simply taking responsibility for one’s own time, he put out the empathy to allow you to consider how your agenda (or lack thereof) may have negative repercussions on others on your team or in your organization.

Another interesting insight from Butterfield were his thoughts on empathy as it related to leadership. This is a sought out trait for employees, as early as in the interview process. He said, “When we talk about the qualities we want in people, empathy is a big one. If you can empathize with people, then you can do a good job. If you have no ability to empathize, then it’s difficult to give people feedback, and it’s difficult to help people improve. Everything becomes harder.”

Similarly to his examples around meetings, Butterfield believes that empathy can express itself as courtesy. He said, “One way that empathy manifests itself is courtesy. Respecting people’s time is important. Don’t let your colleagues down; if you say you’re going to do something, do it. A lot of the standard traits that you would look for in any kind of organization come down to courteousness. It’s not just about having a veneer of politeness, but actually trying to anticipate someone else’s needs and meeting them in advance.”

I found it interesting that on the same day in the same newspaper, theory not only met practice but the practice had a business application. For those out there who feel leadership skills are ingrained into your DNA, the authors pointed out “Likewise, in another recent study, the psychologists Karina Schumann, Jamil Zaki and Carol S. Dweck found that when people learned that empathy was a skill that could be improved — as opposed to a fixed personality trait — they engaged in more effort to experience empathy for racial groups other than their own. Empathy for people unlike us can be expanded, it seems, just by modifying our views about empathy.”

Yet for the CCO or compliance practitioner, Butterfield pointed out specific areas where the trait of empathy can yield great respect for you and your position in any corporation. People rarely think of courtesy and respect as leadership skills but if you can bring these to bear in your compliance practice, you can garner greater influence as not only someone who cares but someone who cares and gets things accomplished. For any corporate disciple which relies on influence to succeed these simple tools can go a long way to providing to you a wider manner to impact corporate culture, become a trusted partner and be a part of any significant business conversation earlier rather than later in the game.

Leave a Comment

FCPA Compliance and Ethics Blog

August 20, 2015

BNY Mellon and Lessons Learned In Hiring Family Members – Part II

August 19, 2015

BNY Mellon Settles First Sons and Daughters (and Nephews) FCPA Hiring Matter – Part I

August 18, 2015

Georgia On My Mind – How Does Compliance Enhance Shareholder Value?

August 14, 2015

The BHP Case and Enforcement of The FCPA’s Internal Controls Provision

August 13, 2015

Cymbeline – Doing Virtue and FCPA Compliance

August 11, 2015

What Goes Downhill May Go Uphill in FCPA Compliance

August 6, 2015

August 5, 2015

August 3, 2015

July 30, 2015

The Trait of Empathy in Compliance

January

Blogroll

Pages

Admin

Read by Email

Recent Posts from FCPA Compliance and Ethics Report: FCPA Compliance and Ethics Report

Episode 240-Bill Coffin on Compliance Week 2016

Episode 239-Jonathan Armstong On EU Privacy Shield

Episode 238-John Allen on HR Touch Points in Compliance

Episode 237-Steve McCalmont on the Avior Risk Management Platform

Episode 236-Adam Turteltaub and SCCE CCO Survey