FCPA Compliance and Ethics Blog

June 30, 2015

Another Great Bassist Gone and Tone at the Bottom

 

Chris SquireAs readers of this blog know, I am a huge fan prog rock fan. So it was with deep sadness and melancholy that I read Chris Squire passed away this weekend. He was a co-founder and bassist for the seminal rock group Yes. The band was one of founders of the musical genre known as ‘progressive rock’ or simply prog rock. According to his obituary in the New York Times (NYT) he was “the only member to have played on every one of Yes’s albums and participated in every one of its tours”. The NYT went on to say that “Mr. Squire’s propulsive and often melodic bass playing was a key element of the Yes sound. A self-taught virtuoso, he has been cited as an influence by many other rock bassists.”

I found some of the tributes from his former band mates to be the most touching and telling of Squire. Bill Bruford, the band’s original drummer, said in statement quoted in the article, “He had an approach that contrasted sharply with the somewhat monotonic, immobile bass parts of today. His lines were important; counter-melodic structural components that you were as likely to go away humming as the top line melody; little stand-alone works of art in themselves.”

Daniel Kreps, writing in Rolling Stone online, in an article entitled “Jon Anderson, Rick Wakeman Remember Yes’ Chris Squire”, quoted Yes co-founder Anderson for the following, “He was an amazingly unique bass player – very poetic – and had a wonderful knowledge of harmony. We met at a certain time when music was very open, and I feel blessed to have created some wonderful, adventurous, music with him. Chris had such a great sense of humor… he always said he was Darth Vader to my Obi-Wan. I always thought of him as Christopher Robin to my Winnie the Pooh.” Keyboardist Rick Wakeman was quoted in the same article “We have now lost, who for me, are the two greatest bass players classic rock has ever known. John Entwistle and now Chris,” Wakeman wrote. “There can hardly be a bass player worth his salt who hasn’t been influenced by one or both of these great players. Chris took the art of making a bass guitar into a lead instrument to another stratosphere and coupled with his showmanship and concern for every single note he played, made him something special.””

As most rock aficionados know, rock music is basically a dialogue between the bass guitar and the drums. With this base line set, the lead guitars and keyboards can go soaring off. That was certainly the formula for Yes. But as it really does not work unless the bass guitar lays the foundation for the entire band, I thought that a tribute to Squire might be a good way to visit one of the points of doing compliance not discussed often enough. While Tone-at-the-Top is almost ubiquitous, one thing not talked about consistently is the tone on the front lines of an organization. Even with a great ‘Tone-At-the-Top’ and in the middle, you cannot stop. One of the greatest challenges for a compliance practitioner is how to affect the ‘tone at the bottom’.

In a MIT Sloan Management Review article, entitled “Uncommon Sense: How to Turn Distinctive Beliefs Into Action”, authors Jules Goddard, Julian Birkinshaw and Tony Eccles looked at this issue when they explored the “often overlooked, critical source of differentiation is [a] company’s beliefs.”

One of the questions that the authors’ answer is: how to tap into this belief system? They posit a structured manner to obtain this information. By using these techniques, they believe that companies can rethink their “basic assumption and beliefs” and identify new directions for their organization. The authors listed seven approaches that they have used which I believe that the compliance practitioner can use to not only determine ‘Tone at the Bottom” but to impact that tone. They are as follows:

  1. Assemble a group. You need to assemble a group of employees who are familiar with the challenges of doing business in a compliant manner in certain geographic regions. Include both long-time employees and those who are relatively new to the organization. The authors also suggest that if you have any employees who have worked for competitors or for other organizations in your industry you include them as well.
  2. Ask questions. You should ask the members of this group to articulate their basic assumptions about your compliance model, about the management model, about your company’s business model and the future of the industry in general. Ask them to do this individually and not as a group.
  3. Categorize the responses. Now comes the work by the compliance practitioner or compliance team, as the authors believe that these assumptions will usually fall into two groups. The first is assumptions that everyone agrees upon, and these are the common beliefs. The second is those assumptions that only a few of the participants will identify – this is what the authors call the “uncommon beliefs”.
  4. Develop tests for common beliefs. For those beliefs that are labeled common – you should consider how you know these to be true? The authors caution that simply because the group may believe that the company operates in a common industry or that we “do it because it has always been done this way” is not necessarily a “hard fact.” Consider what check you could perform to verify the common belief that you desire to test. The authors note that the purpose here is to “identify the ‘common nonsense’ beliefs that everyone holds that are not actually hard laws of nature.”
  5. Develop tests for uncommon beliefs. Here the authors suggest that you need to consider why some people think that these beliefs are true. What is the information or experience that they have drawn upon? Is there any way for you to test these uncommon beliefs?
  6. Reassemble the original group. You should reassemble the original group and have them consider the beliefs that were articulated by them individually in the context of your compliance model and how both your company and your industry do business. Lead a discussion that attempts to identify any assumptions or beliefs that “are quite possibly wrong, but worth experimenting with anyway.”
  7. List of Experiments to perform. The authors believe that the outcome of the first six steps will be “a list of possible experiments [tests] to conduct” to determine the validity of the common and uncommon beliefs. These tests can be accomplished in the regular course of business, through a special project with a special team and separate budget. You should agree on the testing process and review your testing assumptions throughout the process. This process can and should take some time so do not set yourself such a tight time frame that it cannot be fully matured.

The bottom line is that not only must a company ‘talk-the-talk’ of compliance but it must also ‘walk-the-walk’ of compliance. Donna Boehme says that it’s really about the culture of compliance in your organization. Put another way, as Mike Volkov said, in an article entitled “Mood in the Middle Versus Tone at the Top”, “Even when a company does all the right things at the senior management level, the real issue is whether or not that culture has embedded itself in middle and lower management. A company’s culture is reflected in the values and beliefs that exist throughout the company.” You must find a way to articulate and then drive the message of ethical values and doing business in compliance with such anti-corruption laws from the top down, throughout your organization.

So thanks for the tunes and memories Chris while I Keep Calm and Listen to Prog Rock.

Keep Calm and Listen to Prog Rock

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 25, 2015

Custer’s Last Stand and Risk Management

Custer's Last StandOn this day in 1876 one of the greatest failures in risk management took place when Lieutenant Colonel George Armstrong Custer and his entire 7th Cavalry were wiped out at the Battle of the Little Big Horn. Custer had split his command into three wings and he took his battalion of 200 or so men down the center of what he thought would be little resistance. Instead he found that he was facing a far superior force of 3000 largely Sioux warriors who quickly overwhelmed and defeated Custer’s command, with all US troops being killed. There is now some debate on whether all the cavalrymen were actually killed by the Native Americans or took their own lives, saving the last bullet for themselves, in western parlance.

Historians have debated over time the reason for Custer’s defeat. Was it arrogance; bad intelligence; faulty command, just plain stupidity or even a wish for martyrdom by Custer? Whichever the cause, it was the worse defeat of the US Army by Native Americans in the Western campaigns of the later 1800s. Today, it might be termed as a faulty assessment and management of the risks involved.

I thought about Custer and his defeat when I read a recent article in the Harvard Business Review (HBR), entitled “Strategy How to Live With Risks. It presented risk, risk assessments and risk management in a new light, a key acumen being that risk management should be used as a “protection shield, not an action stopper.” It was based upon a research paper by the CEB, entitled “Reducing Risk Management’s Organizational Drag”, which I thought it had some interesting insights for the Chief Compliance Officer (CCO) or compliance practitioner.

The first insight is that, in many instances, companies are assessing risks that are in the rear-view mirror. The author pointed to the Sarbanes-Oxley (SOX) Act, passed in response to the Enron and Worldcom accounting scandals in noting, “In the wake of the 2008 financial crisis many large banks changed their business models, and other companies implemented systems to better manage credit risks or eliminate overreliance on mathematical models.” This type of mentality can lead to what the author says, is “a variation on what military historians call “fighting the last war.” As memories of the recession fade, leaders worry that risk management policies are impeding growth and profits without much gain.” The author went on to quote Matt Shinkman of CEB, a member based advisory company, for the following insight “Firms are questioning whether the models they put in place after the financial crisis are working—and more fundamentally questioning the role of risk management in their organizations.”

This retrospective look back is coupled with what the author says is a decision making process which “is too slow, in part because of an excessive focus on preventing risk” and not managing risk; in other words, companies were slowed down even further by something termed “organizational drag”. Companies need to find new mechanisms to assess and manage risk going forward. The best way to do so, many companies have indicated, is through reorganizing or reprioritizing risk management and the article presented “three best practices” in doing so.

Strike the Right Balance Between Risk and Reward

Recognizing that risk management is often simply ‘just saying no’, the HBR articcle suggests that “Today’s risk managers see their role as helping firms determine and clarify their appetite for risk and communicate it across the company to guide decision making. In some cases this means helping line managers reduce their risk aversion.” The interesting insight I found here is that if an asset is low performing it may be because the management is so risk averse. This may present a CCO or compliance practitioner with an opportunity to increase growth through other risk management solutions that they could implement.

Focus on decisions, not process

This insight is one that CCO and compliance practitioners should think about and try and implement. Recognizing that risk assessments are important, the author believes that risk managers should focus more on decisions concerning risk rather than the process of determining risk. This means, “In addition to relying on paperwork or process, risk managers are turning to tools (such as dashboards that show risks in real time) and training that help employees assess risk. They are also helping companies factor a better understanding of risk into their decision making.”

By having a seat at the senior management’s table, a CCO or compliance practitioner can help identify risk issues early on in planning. This allows a COO to help craft a risk management solution, or even better yet show colleagues how to “spot potential problems and managers see how their projects fit into the company’s overall portfolio of projects, each with its own set of risks.” The author again quoted Shinkman, “This is less about listing risks from a backward-looking perspective and more about picking the right portfolio of risky projects.”

Make employees the first line of defense

The author channels his inner Howard Sklar (water is wet) by stating, “Decisions don’t make themselves, people make them”. However from that insight, the author believes that “smart companies work to improve employees ability to incorporate appropriate levels of risk when making choices.” But this means you must not only adequately train your employees to spot the appropriate risk but you, as CCO must provide them with tools to manage the risk. The author wrote, “Companies are also trying to identify which types of jobs or departments face a disproportionate share of high-risk decisions so that they can aim their training at the right people. They’re focusing that training less on risk awareness and more on simulations or scenarios that let employees practice decision making in risky situations. Finally, risk managers are becoming more involved in employee exit interviews, because people leaving an organization often identify risks that others aren’t able or willing to discuss.”

The article ends by noting that the goal is “to transform risk management from a peripheral function to one with a voice integrated into the day-to-day management” of an organization. That is also viewed as a component of CCO 2.0 and a more mature model of improvement. By focusing on training employees on how to spot Foreign Corrupt Practices Act (FCPA) compliance risks and then providing them with the tools to adequately manage that risk, CCOs can deliver greater value.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 24, 2015

Pink Flamingos and the Compliance Audit

FeatherstoneThe creator of one of the most ubiquitous symbols of mid-century Americana died earlier this week. Don Featherstone, the creator of the pink plastic lawn flamingo, the ultimate symbol of American lawn kitsch, has died. He was 79. Featherstone, a trained sculptor with a classical art background, created the flamingo in 1957 for plastics company Union Products, modeling it after a bird he saw in National Geographic. Millions of the birds have been sold. Whether you think of the Pink Flamingo as a symbol of Miami Vice, Jon Waters and Devine or for something less salacious, here is to Featherstone, a true original.

While Featherstone created one of the ultimate symbols of the second half of the 20th century for a generation of South Floridians, the Japanese company Takata Corporation (Takata) continues to be in the news for much less prestigious reasons. As reported in the New York Times (NYT), in an article entitled “Senate Panel Says Tanaka Cut Audits on Safety”, Hiroko Tabuchi and Danielle Ivory said “In the middle of what would become the largest automotive recall in US history, the Japanese airbag manufacturer Takata halted global safety audits to save money”. Interesting (or perhaps ominously might be a better word) Takata responded by saying it had not halted safety audits for products but rather for worker safety. Doesn’t that give you some comfort?

A US Senate committee report found that “Takata halted global safety audits at its manufacturing plants in 2009, a year after Honda had started recalling a small number of cars to replace the airbags.” These audits were later restarted in 2011 but when they found safety issues related to airbag manufacturing in two key plants, “those findings were not shared with Takata’s headquarters in Tokyo, the report said, citing internal emails from Takata’s safety director at the time.” Moreover, “when the safety director returned to the plant months later to conduct a follow-up audit, employees appeared to scramble to create the appearance of a safety committee within the plant.” Finally, and perhaps most damningly, the report cited an internal Takata email which said, “No safety committee, as such, has been formed” at the plants in question.

Foreign Corrupt Practices Act (FCPA) compliance in many ways follows some of the paths laid out by corporate safety departments some 20-30 years ago when safety became much more high profile in US corporations. The safety committee and safety audits became mainstays of any best practices in the area of safety for a company. These techniques inform any anti-corruption best practices compliance program, either under the FCPA, UK Bribery Act or any other anti-corruption regime. Indeed audits are specifically delineated in the FCPA Guidance as a way to assist in the continuous monitoring of your compliance regime. Such an audit can be thought of as a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which the compliance criteria are fulfilled. There are three factors which are critical and unfortunately with Takata seemed to be lacking in its safety audit protocol: (1) an effective audit program which specifies all necessary activities for the audit; (2) having competent auditors in place; and (3) an organization that is committed to being audited.

Auditing can take several different forms in an anti-compliance program. As a matter of course, you should audit the compliance program in your own organization. A forensic audit can collect and analyze accounting and internal-controls evidence in your compliance regime. This information can be used to produce a fact-based report that can inform the decision-making process in inquiries, investigations and dispute resolution. The by-products of a forensic audit can include remediation strategies to help a company mitigate and remedy procedural or internal-controls gaps that allowed the underlying issue to occur. Further, an internal audit can review a compliance process to determine if employees are following prescribed processes or internal controls, in an operational Sarbanes-Oxley (SOX) or FCPA compliance audit.

In addition to the collection and analysis of evidence, an auditor’s objective is to attest to the credibility of assertions that are under examination, such as the material accuracy of financial statements for which the audited company’s management is responsible. Obviously one of the functions of such an audit is to determine if further investigation is warranted.

Now imagine if this scenario had been followed by Takata. The lack of a safety committee is a glaring omission at any manufacturing facility. Simply noting this and reporting it up the chain could have gone some way towards preventing the situation the company now finds itself in; with a worldwide recall of up to 32 million vehicles. The same is true for a compliance audit. Just as monitoring can provide information to you on a more real-time basis; a compliance audit compliments this real-time oversight with a much deeper dive into what has happened on a historical basis.

The recent BHP Billiton FCPA enforcement action is certainly one to look at in this context. Although there was a committee set up to review gifts and travel requests for the company’s 2008 Olympic hospitality program, the committee did not fulfill this charge. It was alleged in the Securities and Exchange Committee (SEC) settlement documents that this committee was never intended to pass muster on the applications for tickets and travel for government officials but was simply there to provide guidance.

Once again this situation points out the difference between having a paper compliance program in place and the actual doing of compliance. Even with an appropriate oversight structure in place BHP Billiton did not do the work of compliance by evaluating the applications for travel and tickets to the Beijing Olympics but left it to the devices of the business unit employees who were making the requests and ultimately most directly benefited from the gifting.

Another area ripe for audit in your compliance program is your third parties. While there is no one specific list of transactions or other items which should be audited when it comes to your third parties below are some of the areas you may wish to consider reviewing:

  • Contracts with supply chain vendors to confirm that the appropriate FCPA compliance terms and conditions are in place.
  • Determine that actual due diligence took place on the third party vendor.
  • Review the FCPA compliance training program for any vendor; both the substance of the program and attendance records.
  • Does the third party vendor have a hotline or any other reporting mechanism for allegations of compliance violations? If so how are such reports maintained? Review any reports of compliance violations or issues that arose through anonymous, hotline or any other reporting mechanism.
  • Does the third party vendor have written employee discipline procedures? If so have any employees been disciplined for any compliance violations? If yes review all relevant files relating to any such violations to determine the process used and the outcome reached.
  • Review expense reports for employees in high risk positions or high risk countries.
  • Testing for gifts, travel and entertainment which were provided to, or for, foreign governmental officials.
  • Review the overall structure of the third party vendor’s compliance program. If the company has a designated compliance officer to whom, and how, does that compliance officer report? How is the third party vendor’s compliance program designed to identify risks and what has been the result of any so identified?
  • Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the third party vendor.
  • With regard to any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and apply analytical procedures and testing.

The compliance function still is behind the safety function in terms of maturity. Because of this there are many lessons which a Chief Compliance Officer (CCO) or compliance practitioner can draw upon from our colleagues in safety. The safety audit is certainly a technique that can be drafted into your compliance program. But as the ongoing Takata air bag debacle demonstrates, your audit only works if you actually perform it. In other words, the protocol is simple, everyone understands you need to audit, but try and cut costs or corners and you will pay for it in the long run.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 23, 2015

Fraud and the Detection of the Sources for Bribery

 

Detection of FraudIn a recent White Paper authored by Peter Smith for OFS Portal, entitled “Procurement and Fraud in the Supply Chain”, where he examined “fraud linked to procurement and supply chain activities.” Smith focuses on where fraud can occur in the procurement process. From this starting point, he suggests “mitigating actions that organisations can take to protect themselves against fraud.” I found this article to be an excellent review of Supply Chain (SC) activities which the Chief Compliance Officer (CCO) or compliance practitioner could put to good use in reviewing their company’s Foreign Corrupt Practices Act (FCPA) anti-corruption and anti-bribery regime.

A. The Problem – How Does Fraud Happen?

Smith starts by classifying fraud in way which will assist the reader in understanding how it occurs. He believes there are “three critical factors to consider: the perpetrator(s), the plan and the point of failure.” The perpetrator is the one “behind the fraud and either executes it directly or through others.” In the anti-corruption world of the FCPA, this can be through an agent or a supplier who is working to help execute the fraud.

Interestingly, in the area of these third parties (and hence the greatest area of risk for FCPA compliance practitioners to consider) Smith notes that “The plan and point of failure factors are linked in that often the plan relies on the point of failure. In other words, most frauds take advantage in some weakness in the process, technology, policy or systems of combination of those.” Smith writes that there are three key phases “in the procurement life-cycle that can be considered; (1) the supplier selection phase; (2) the contract negotiation and award phase; and (3) the contract delivery management phase.”

Phase I – Supplier Selection and Qualification

This phase should be well known to the compliance practitioner as a part of the third party life-cycle management step denominated as due diligence. But Smith asks that you consider factors other than simply whether someone is on the Denied Parties List (DNP) or is a Politically Exposed Person (PEP). He suggests that you consider misrepresentation by the third party in the nature of “concealing the true nature of its business, history or ownership when it bids for the work.” He also points out that through collusion and cartels, persons or entities can work to control a market. If you did any work with Petrobras over the years, you will certainly recognize that many if its approved suppliers operated in this manner. Given what we now know about how corrupt Petrobras was, this is not too surprising.

But Smith also suggests that employees may be involved in skewing the selection process towards a corrupt agent or other partner. He recommends reviewing the bid process to see if there was bias in the competition, which would push an otherwise arms-length award to a corrupt partner. This could occur through biased competition through specification, where an employee would “construct a specification that makes it likely or inevitable that a particular supplier will win the competitive process.” The next is biased competition through tailoring the evaluation process which gives weight to the specific strengths of a corrupt third party. Finally, Smith points out that there can be biased competition through information leakage when a company employee will leak confidential information to a third party to give them an advantage in the bidding process.

Phase II – Contracting

Smith says the “next critical point at which fraud can take place is during the contract negotiations and in agreeing the detailed terms and conditions.” Moreover, Smith believes this stage is critical if often overlooked because “the seeds are often sown at the contracting stage.” Scenarios can include where there is a certain level of ‘local content’ required “but without any clear contractual mechanism to explain how it will be measured or policed.” As any CCO or other FCPA compliance practitioner would recognize, local content is one of the easiest ways to get into FCPA high risk so managing that risk is critical. I found Smith’s concern with setting out the clear legal terms and conditions around any such requirement as a good way to manage the high risk.

Phase III – Contract Delivery and Management

Here Smith laid several different fraud schemes which could facilitate a bribery plan. The first is fake invoices which can rely on “poor processes within an organisation” to spot. However this scheme can also rely on a company insider to approve such fabrications. Next is “volume over-invoicing”. In this scheme, while a supplier does supply some goods or services, the invoice is raised for more than has been delivered. If there is a scheme to create a pot of money to be used to fund bribes, there will need to be an internal company accomplice to “smooth the way by authorizing receipts or invoices.” Next there is “price-related over-invoicing” the third party will over-price the goods or services, above what is allowed under the contract. Another scheme set out by Smith is “invoice diversion” where “a legitimate payment that should go to a certain supplier is diverted to a third party fraudulently.” Another scheme can simply be to ease the contract terms and conditions which allow the third party to receive a benefit with nothing in return being delivered back to the company. Finally, there is what Smith details as one of the “toughest frauds to detect”, that being the delivery of lower quality products than is contractually specified.

B.The Solution – How to Reduce Fraud

Smith believes that fraud prevention can be built around a troika of concepts. (1) You need to have “effective procurement and spend management policies in place. (2) You must “use appropriate and robust processes”. (3) Finally “applying the right technology to support and manage those processes.” In his paper he followed the same outline on how to reduce the instances of fraud.

Phase I – Supplier Selection and Qualification

While a clear procurement policy is the starting point, it is only the starting point. Having a transparent process is important as well as adequate supplier qualification details. He notes that multiple sign-offs should be in place to ensure that one person does not control the entire process. This should also be incorporated into the communications trail with the competitors to ensure that no one third party receives confidential information. Obviously an appropriate level of due diligence should be applied to confirm that not only are the third party’s who they represent themselves to be but that they are also qualified to do the work or deliver the services. Finally, there should be controls around onboarding “so that firms who are actually going to be suppliers go through more rigorous checks before they are accepted onto” the Vendor Master List.

Phase II – Contracting

Obviously the starting point for any business relationship should be a well-drafted contract. However, for larger organizations Smith believes that “a contracts database or contract lifecycle management system is essential.” To the greatest extent possible there should be standard compliance and legal terms and conditions, coupled with an “appropriate level of sign-off and approvals management for contracts.” Finally, segregation of duties (SOD’s) “to make sure that there are checks and balances and that no one person holds too much power in the process.”

Phase III – Contract Delivery and Management

As I often say in the lifecycle management of third parties, the real work begins when the contract is signed. Smith believes that many of the routes of fraud, “can be closed off by taking a few precautions” which include some of the following steps. First and foremost is “no purchase order, no pay” but this also means there should be an invoice from the vendor which is matched to the contract for accuracy. Once again checks and balances, SOD’s for sign-offs and approvals must be built into your payment system. There should be controls around changes to the contract and, more importantly, changes to any payment details. Lastly, ongoing oversight and monitoring through controls analytics and auditing should be employed on the back end to verify delivery of goods or services.

I found Smith’s White Paper to be an excellent review for the CCO or compliance practitioner around not only the mechanism of how fraud occurs but a review of the techniques for fraud prevention. While his concepts may seem like a review for the compliance practitioner, it also allows you to think through how corruption might take place in your organization. The briber has to get the money from some source and Smith’s White Paper can give you insights on where you might look.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

June 22, 2015

George Carlin and Erga Omnes: the Petrobras Bribery Scandal Expands

George CarlinOn this date in 2008 George Carlin died. If you grew up in the late 1960s or early 1970s and you had anti-parental or anti-establishment inklings, which of course all teenagers do, you knew about George Carlin. In the early 1960s, Carlin was a relatively clean-cut, conventional comic. But around 1970, he reinvented himself as an eccentric, biting social critic and commentator. In this new incarnation, Carlin began appealing to a younger, hipper audience. He grew out his hair and added a beard together with a wardrobe in the stereotypically hippie style.

Carlin’s comedy also became counter-culture, not Cheech and Chong, hippy-dippy dopers, but with pointed jokes about religion, politics yet with frequent references to drugs. His second album with his new routine, FM/AM, won a Grammy Award for Best Comedy Recording. My favorite cut was the 11 O’Clock News. But it was his third album Class Clown that had, what I believe, to be the greatest comedy monologue ever, the profanity-laced routine “Seven Words You Can Never Say on Television.” When it was first broadcast on New York radio, a complaint led the Federal Communications Commission (FCC) to ban the broadcast as “indecent.” The US Supreme Court later upheld the order, which remains in effect today. The routine made Carlin a hero to his fans and got him in trouble with radio brass as well as with law enforcement; he was even arrested several times, once during an appearance in Milwaukee, for violating obscenity laws.

Interestingly I thought about Carlin and his pokings of the Establishment (AKA The Man) when I read several articles over the weekend about the recent spate of arrests around the Petrobras bribery and corruption scandal. In article in the Wall Street Journal (WSJ), entitled “Brazil Probe Sweeps Up Corporate Magnates” Will Connors, Rogerio Jelmayer and Paul Kiernan reported that “Brazilian officials arrested the heads of two Latin American construction giants, alleging they helped to mastermind a cartel that stole billions of dollars from state-run oil company Petrobras with the help of corrupt politicians to whom they paid kickbacks.” Also arrested with the heads of the two companies, Marcelo Odebrecht, head of Odebrecht SA and Chief Executive Officer (CEO) of Andrade Gutierrez, Otávio Azevedo.

The WSJ article reported that “Odebrecht is Latin America’s largest construction conglomerate, with business in the U.S., Europe and Africa, and whose head, Marcelo Odebrecht, is a household name in Brazil. Andrade Gutierrez has business in 40 countries. The privately owned companies are deeply involved in the development of stadiums and infrastructure for the 2016 Summer Olympics in Rio de Janeiro.” Moreover, Odebrecht is reported to have “a presence in 21 countries”. Obviously a question is if the company had engaged in bribery and corruption in Brazil, did they do so in any of the other countries in which they are doing business?

Interestingly, these arrests “come months after the heads of other construction companies were detained by Brazilian authorities.” Indeed in a BBC article in , entitled “Petrobras scandal: Top construction bosses arrested in Brazil”, David Gallas said, “Odebrecht had been named by former Petrobras executives as one of the companies that allegedly paid bribes in exchange for contracts with the oil firm, but until now the firm had not been targeted by investigators.” The WSJ article quoted Brazilian prosecutor Carlos Fernando dos Santos Lima who said at a news conference that the executives from the two companies had not been arrested earlier as the entities, “had a more sophisticated system for making the alleged bribe payments, using foreign bank accounts in Switzerland, Monaco and Panama, so it took longer to prove their case.” David Fleischer, a Brasilia based political analyst, quoted in the WSJ article was even more circumspect. He said, “The prosecutors are very careful. If you’re going after big fish you want to make sure you can take them down.”

Brazilian police said the arrests were “Erga omnes” which the WSJ translated from Latin as “towards all”. I thought about that statement in light of the ongoing debate about enforcement of the Foreign Corrupt Practices Act (FCPA) here in the US. On one side is the Chamber of Commerce and their allies who raise the ever-burgeoning cry that the Department of Justice (DOJ) needs to prosecute the invidious ‘Rogue employees’ who violate the FCPA. You will notice they never want the DOJ to look at the executives who might facilitate payment of bribes in the first place; whether through faux commitment to doing business in compliance, failing to properly allocate resources to compliance and ethics, simply rewarding those employees who git ‘er done no matter what the circumstances or (my favorite) putting a paper program in place and calling it a best practices compliance program.

Indeed those progenitors of relaxed enforcement want the DOJ to back off and let them do business the old fashioned way. However, if the bribery and corruption news from the first half of this year has told the world anything, it is about the dire effects of allowing such illegal conduct to take place and warning against slacking off laws which mandate doing business without bribery and corruption. In another WSJ article, entitled “Roots of a Brazilian Scandal That Weighs Heavily on the Nation’s Economy, Politics”, Marla Dickerson noted, “The scandal has crippled Petrobras, Brazil’s largest and most important company. In late April, the company wrote off more than $16 billion related to losses from graft and overvalued assets. The company’s woes have all but paralyzed the nation’s oil and gas sector. Hurt by slumping oil prices and strapped for cash, Petrobras has slashed investments, sparking a wave of credit downgrades, bankruptcies and layoffs among its suppliers that the weighed on Brazil’s economy.”

I wonder what George Carlin might have thought about all of this. He might have said that what else would you expect but I am relatively certain he would have done so while also sticking his thumb in the eye of The Man. 

For a YouTube version of the 11 O’Clock News, click here.

For a YouTube version of the 7 words you can never say on television, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

June 19, 2015

Tribute to John David Crow and an Innovation Strategy for Your Compliance Program

John David CrowJohn David Crow died Wednesday. Until Johnny Football, he was the only football player from Texas A&M University to win the Heisman Trophy. He played under the legendary Paul ‘Bear’ Bryant at A&M and for all of Bryant’s success, Crow was the his only player to win the award given annually to the nation’s best collegiate football player. Crow had a productive professional football career making the Pro-Bowl four times. He was also the Athletic Director at A&M from 1989 to 1993. So here’s to John David Crow, one of the Junction Boys and one of the greatest players in the history of Texas A&M. Finally, let me say something I almost never say, Gig ‘Em, John David.

I thought about John David Crow and his legacy of greatness when I read an article in the June issue of the Harvard Business Review (HBR), entitled “You Need an Innovation Strategy”, by Gary P. Pisano. While Pisano’s article dealt more generally with innovation in marketing, I found it highly relevant for the Chief Compliance Officer (CCO) or compliance practitioner, particularly in the context a Foreign Corrupt Practices Act (FCPA) compliance program. Earlier this week, the Department of Justice (DOJ) announced the resolution of a FCPA investigation involving IAP Worldwide Services, Inc. (IAP) via a Non-Prosecution Agreement (NPA). In the NPA, the company committed to implementing and enhancing a best practices FCPA compliance program. Listed at element 18 of its compliance program is the following: “The Company will conduct periodic reviews and testing of its anti-corruption compliance code, policies, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, policies, and procedures, taking into account relevant developments in the field and evolving international and industry standards.”[Emphasis supplied]

This means that the DOJ expects innovation in your compliance program to keep up with evolving international and industry standards. This requires you to implement an innovation strategy. While Pisano’s article does not specifically focus on compliance, I found that its concepts would help a CCO or compliance practitioner sustain the mandate for innovation in a compliance regime. Pisano’s article begins by stating the problem that many companies face is that “innovation remains a frustrating pursuit.” While acknowledging that failure to execute is an issue, Pisano believes the issue is deeper than simply a failure to execute, he believes there is a “lack of an innovation strategy.”

I found some of his basic definitions most useful for the compliance practitioner to think through innovation in the compliance function. Pisano wrote, “A strategy is nothing more than a commitment to a set of coherent, mutually reinforcing policies or behaviors aimed at achieving a specific competitive goal. Good strategies promote alignment among diverse groups within an organization, clarify objectives and priorities, and help focus efforts around them. Companies regularly define their overall business strategy (their scope and positioning) and specify how various functions – such as marketing, operations, finance, and R&D – will support it. But during my more than two decades studying and consulting for companies in a broad range of industries, I have found that firms rarely articulate strategies to align their innovation efforts with their business strategies.”

The key to success is something that every CCO or compliance practitioner should take to heart. Paraphrasing Pisano for the compliance practitioner is that the compliance function “should articulate an innovation strategy that stipulates how their [compliance] innovation efforts will support the overall business strategy.” Moreover, “creating an innovation strategy involves determining how innovation will create value for customers [of compliance, i.e. Employees], how the company will capture that [compliance] value, and which types of [compliance] innovation to pursue.”

Pisano posed several questions around this key area of connecting innovation to strategy. Initially he asked, “How will innovation create value for potential customers?” In my formula, customers become employees or others who will make use of your compliance innovation going forward. Here you should focus on the benefit for your end-using customer. Your innovation can make compliance faster, easier, quicker, more nimble and so on. But focus on that creation of value going forward. Pisano’s next question was “How will the company capture a shore of the value its innovations generate?” He suggests companies think through how to “keep their own position in the [compliance] ecosystem strong” through innovation. Pisano next asked, “What types of innovation will allow the company to create and capture value, and what resources should each type receive?” Here Pisano notes two major forms of innovation equally applicable to the CCO or compliance practitioner. They are a change in technology and a change in a business process. Both are equally valid.

Another problem that Pisano addresses is termed “overcoming prevailing winds” and this means that innovation can be driven downward or backward if there is not sufficient management support. This means not only must there be sufficient resource allocations but management must also incentivize the business units to proceed with implementing the innovations, particularly “when an organization needs to change its prevailing patterns.”

Another area Pisano addresses is “managing trade-offs” because it is inherent in any innovation strategy that there will be trade-offs. Here he terms the two key differences as “supply-push” and “demand-pull”. The supply-push approach comes when your innovation is focused on something that does not yet exist, for example if you are initially implementing a FCPA compliance regime. The demand-pull approach works more closely with your existing customer base to determine what they might need and work to implement innovation around those needs.

Interestingly Pisano ends his article with a discussion about “the leadership challenge”. I say interestingly because I would have thought that was required up front as it is the function of senior management to create the capacity for innovation in the first instance. Pisano writes, “There are four essential tasks in creating and implementing an innovation strategy.” Task 1 is to “answer the question “How are we expecting innovation to create value for customers and for our company?” and then explain that to the organization.” Task 2 “is to create a high-level plan for allocating resources to the different kinds of innovation.” Task 3 is “to manage trade-offs. Because every function will naturally want to serve its own interests, only senior leaders can make the choices that are best for the whole company.” Finally, task 4 dovetails with what almost every DOJ/SEC speaker I have ever heard say when they talk about the basics of any best practices compliance program. It is that “innovation strategies must evolve. Any strategy represents a hypothesis that is tested against the unfolding realities of markets, technologies, regulations, and competitors. Just as product designs must evolve to stay competitive, so too must innovation strategies. Like the process of innovation itself, an innovation strategy involves continual experimentation, learning, and adaptation.”

Pisano’s article provides the CCO or compliance practitioner with a framework to think through to help bring the innovation to a compliance program. I would have put leadership first, both in the compliance department and at senior management level. But however you go about it, you must recognize that your compliance program will have to evolve. That is one of the key differences between those who advocate static compliance standards embodied in a written compliance program and those who advocate that it is Doing Compliance that creates an active, vibrant and effect compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 17, 2015

Never Tick Off a Redbird

Angry RedbirdAt a Press Conference today, Satan officially announced that Hell has frozen over. He made this stunning announcement after the New York Times (NYT) reported that the baseball team with the most World Series wins in the history of the National League (NL), the St. Louis Cardinals, had hacked those paragons of virtue, enormity and the very symbol of baseball greatness, the Houston Astros, to view confidential information. The Cardinals have managed to win 5 World Series in the past 50 years; how many World Series have the Astros won? That would be a big fat nada, ZERO, none, zilch. The NL team with the most World Series wins in the past 50 years was caught hacking into the inner most secrets of one of the worst teams in that same time period. Where are Tom Brady’s deflated balls when you need them?

As reported by Michael Schmidt, in a piece entitled “Cardinals Face F.B.I. Inquiry in Hacking of Astros’ Network, Major League Baseball (MLB) asked the FBI and Department of Justice (DOJ) to investigate the hacking of the Astros “Last year, some of the information was posted anonymously online, according to an article on Deadspin. Among the details that were exposed were trade discussions that the Astros had with other teams. No doubt expecting that nefarious rogue agents of the Chinese government (or worse-the Chinese military) were seeking to wreck havoc on the game once known as ‘America’s pastime’ or “Believing that the Astros’ network had been compromised by a rogue hacker, Major League Baseball notified the F.B.I., and the authorities in Houston opened an investigation. Agents soon found that the Astros’ network had been entered from a computer at a home that some Cardinals officials had lived in. The agents then turned their attention to the team’s front office.” Oops, those darn Chinese; they are never around to blame when you need them.

So move aside New England Patriots, with your petty attempts to manipulate footballs in a championship game. Stop allowing your quarterback to dictate how he uses the tools of his trade, footballs. Do not cheat and call it getting an edge; all of this makes you look like rank amateurs next to the St. Louis Cardinals. Act like a real team and enlist your front office executives to steal information from the worst team in football. For long term pathetic-ness, you might try the Oakland Raiders or just go with the current joke of a team, the Tampa Bay Buccaneers whose No. One draft pick, and now face of the franchise, was one of the most ‘ethically challenged’ college players in recent years. If you really want great information about poor football, steal it from the Jacksonville Jaguars. Bill Belichek, you are only limited by your imagination!

As to the Cardinals, what on earth could the Astros have that they could possibly want? Take the Astros record over the past five years; it’s the worst in baseball. You want a piece of that? How about secret information on the leadership savoir fare of the Astros owner ‘Mr. I am smarter than everyone in the room because I made a $100mm in business’ Jim Crane. Why be one of the best-run sports franchises, when you can mimic the Astros? First you can tell everyone how stupid they are because they do not understand how it is in your interest to try and lose; next why you should cut off over 70% of your fan base from even watching games on television so they will not see your joke of a team play and, finally, how to sue the prior owner who sold you the team for mis-representing the quality of the assets.

But do not stop with the owner. The apparent ire of St. Louis (never under-estimate a pissed off Redbird) was directed at a former Cardinal employee who left to become the General Manager of the Astros, Jeff Luhnow. Apparently the Cardinals were upset that the baseball knowledge in Luhnow’s head was now being used by the Astros. (Did I mention the Astros had baseball’s worst record for the past 5 years?) Of course, perhaps the Cardinals could learn how make an offer to the top draft pick in the annual amateur draft and then withdraw the offer so they could make a lower one, thereby losing two top draft picks. That certainly was a brilliant move by the Astros that you would want to use going forward.

The Cardinals action brings up one of the greatest areas of corporate angst; when a business gets its feelings hurt. Heaven forbid. No doubt having recently seen a recent late night showing of the movie Animal House the Cardinals decided not to get mad; they decided to get even. So with this newfound information gleaned from the Astros, it now clear how the Cardinals have been so successful. Not simply being content to cheat, they broke the law to hack into the confidential information of another baseball team to learn that other team’s secret. Now I know why the Astros have been so bad over the years; they had all their confidential information sucked out of their organization by the evil Cardinals. So that giant sucking sound you hear from south Texas is not American jobs going to Mexico because of NAFTA but all the confidential information being sucked out of the Houston Astros.

What are the lessons for a Chief Compliance Officer (CCO) or compliance practitioner? One lesson is it points to the myriad of reasons that companies and individuals engage in bribery and corruption. It is laughable to think that the St. Louis Cardinals, one of the best-run franchises’ in all of sports (or so we thought); could learn anything from the idiots who run the Astros. Yet here we are; out of spite, vindictiveness or just plain old malevolence, front office executives of the Cardinals engaged in conduct that has drawn the scrutiny of the FBI and DOJ. This points to other motivations than fidelity to monetary gain as a reason for bribery and corruption.

Also, cybersecurity is a compliance concern. What protocols to you have in place to protect your data? How will you respond to a breach? What happens if another member of the cartel your business is in engages in criminal activity against you? Will you demand that they are kicked out of the cartel?

I think it also points up how actually Doing Compliance differs from having a paper compliance program in place. Whether you use the McNulty’s Maxims formulations (What did you do to prevent? What did you do to detect it? What did you do after you found out about it?) or the FCPA Guidance formulation that a best practices compliance program should prevent, detect and remedy violations. I am relatively certain the St. Louis Cardinals had a policy against breaking the law by hacking into the database of another baseball team. With equal certainty, I am sure the Cardinals had no program to prevent or detect such illegal conduct for if they did, it would certainly appear they conveniently looked the other way.

Finally, American businesses need to wise up. Stop all the whining, moaning and complaining about data breaches from Chinese/Russian/Bulgarian/the Galactic Empire/the Borg/(name your Evil Empire); you are most at risk from other US companies. For if the best team in the history of the NL will break the law to steal the trade secrets and confidential information of one of the worst teams, is anyone safe? Further, what are the chances that the Cardinals have been trying to steal trade secrets from winning teams? That would be a number way too high for me to even imagine. Quit crying to Congress that it is unfair for you to be required to protect your own data or that it would cost you money or jobs; secure your data now.

Now for a free tip from my consulting company, Advanced Compliance Solutions-if you have super-secret confidential information, make sure it password protected. But more than simply password protected, change you password every 90 days. That is a good first step in case the St. Louis Cardinals come hacking your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 16, 2015

Like a Rolling Stone and Charitable Donations Under the FCPA

Like a Rolling StoneToday we celebrate one of the seminal achievements in rock and roll for it was on this day, 50 years ago, in 1965 that Bob Dylan recorded his single Like a Rolling Stone. Columbia Records executives initially rejected the song as too long to be released as a single because it came in at over 6 minutes in length. However, through a campaign of subterfuge, Dylan’s manager was able to have it played by New York City DJs. The popularity of the song became so great that the same Columbia Records executives were forced to release it and it went to Number 2 on the Top 40.

According to the site ThisDayInHistory.com, “The most important impact of “Like A Rolling Stone” was not commercial but creative. Rolling Stone magazine said Dylan “transformed popular song with the content and ambition of ‘Like a Rolling Stone.’” Or as Bruce Springsteen said of the first time he heard it, “[it] sounded like somebody’d kicked open the door to your mind.”” And my favorite part is the opening organ riffs played by a 21-year-old Al Kooper who was just sitting in on the session.

I thought about this odd convergence that came together to create what Rolling Stone magazine named as the greatest song of all time in 2004 in the context of the continuing fallout from the ongoing scandal involving the governing body of international soccer, the Fédération Internationale de Football Association (FIFA). In a BBC Online article, entitled “Fifa corruption: South Africa cash ‘worrisome”, Andrew Harding wrote “A key figure in South Africa’s football World Cup bid has broken ranks with the government to suggest there might be some truth to a claim that a $10m bribe was paid to secure the 2010 tournament.” That figure is Tokyo Sexwale who was “a member of both the World Cup bid team and local organising committee”. Sexwale has now questioned whether the $10MM payment made to Jack Warner of Trinidad was truly a donation.

Sexwale went on to ask, “”Where are the documents, where are the invoices, where are the budgets, where are the projects on the ground?””

I thought about those questions in the context of a Chief Compliance Officer (CCO) or compliance practitioner working under a Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance program around charitable donations. There has been a paucity of FCPA enforcement actions around charitable donations. Both the Schering-Plough Corporation and Eli Lilly and Company enforcement actions centered in Poland were Securities and Exchange Commission (SEC) civil enforcement actions based upon violations of the books and records and internal controls provisions to the FCPA. There was no evidence of bribes being paid which rose to criminal conduct.

Generally, it is assumed that if you do the required review of the charitable organization that is due to receive a corporate donation and in this due diligence, there is no tie to a government official or family member, the donation can be made under the FCPA. However consider Sexwale’s comments around the evidence of whether a bribe was paid to Warner or if it was simply because “part of the feeling at the time – it’s a good thing, this [$10MM of] altruism (towards the African diaspora in the Caribbean)”. Yet even Sexwale noted the problem when he added, “The question is going to be: “What was done to make sure that your good intentions – you as the giver – have been realised?””

His comments gave me pause to think that companies who make charitable donations in foreign countries may now have to monitor these donations at a greater level and with greater scrutiny. The starting point may now well be as stated by Sexwale, “What was done to make sure that your good intentions – you as the giver – have been realized?” If this is now a standard of enquiry and oversight the Department of Justice (DOJ) will require validation on how your company can have assurances that your good intentions are realized? Once again you can look to the basic questions that Sexwale posed in the BBC online article, Where are the documents, where are the invoices, where are the budgets, where are the projects on the ground?

There have been four Opinion Releases around charitable donations under the FPCA. Opinion Release 95-01 was a request from a US-based energy company that planned to donate $10MM for equipment and other costs to a medical complex that was under construction near a large construction project. Opinion Release 97-02 dealt with a request from a US-based utility company who planned to donate $100K for construction and other costs to a government entity that proposed to build an elementary school near a facility. Before releasing funds, the utility company required certain guarantees from the government regarding the project, including that the funds would be used exclusively for the school. Also, the donation was directly to the foreign government and not a charity. Opinion Release 06-01 dealt with money to fund a pilot project in which the US Company would contribute $25,000 to the in country Ministry of Finance to improve local enforcement of anti-counterfeiting laws. The contribution was intended to provide incentive awards to local customs officials, needed because the African country involved was a major transit point for illicit trade and the local customs officials have no incentive to prevent the contraband. Finally, Opinion Release 10-02focused on the underlying due diligence engaged in by a US-based Micro Financial Institution (MFI) operating in an unnamed Eurasian country. The Release specified the three levels of due diligence that the US MFI had engaged in on the proposed locals MFIs which were listed as eligible to receive the funding. In addition to the specific discussion of the due diligence performed by the US MFI and noting the controls it had put in place after the funding was scheduled to be made the DOJ also listed several of the due diligence and/or controls that it had previously set forth in prior Opinion Releases relating to charitable donations.

While these Opinion Releases certainly imply a level of scrutiny at the post donation level, their primary focus is on who the donations are being made to and are they a government official. However, the DOJ may well expect both pre and post donation scrutiny, along the lines of Sexwale’s questions, which could demonstrate the legitimacy of the donation. However Sexwale’s questions also raise up something that the DOJ and SEC often say, that being that a good anti-corruption compliance program is really just good business. Shareholders and investors have the right to know how and where their money is begin spent. It would seem to behoove any company to want to the know the same thing that Sexwale wants to know about the $10MM payment to Jack Warner, What was done to make sure that your good intentions – you as the giver – have been realized? 

To hear the original version of Like a Rolling Stone on YouTube, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 15, 2015

The Compliance Practitioner’s Magna Carta – Fee Fixed for Compliance Consulting

Magna Carta 2Today is the anniversary of one of the most momentous events of English history. 800 years ago King John met the rebellious Barons at Runnymede and set his seal to the Magna Carta or ‘Great Charter”. The document was a peace treaty between the King and his Barons and guaranteed that the King would respect feudal rights and privileges, uphold the freedom of the church, and maintain the nation’s laws.

Clause 39, of 63, is seen as a key article as it states “no free man shall be arrested or imprisoned or disseised [dispossessed] or outlawed or exiled or in any way victimised…except by the lawful judgment of his peers or by the law of the land.” This clause has been celebrated as an early guarantee of trial by jury and of habeas corpus and inspired England’s Petition of Right (1628) and the Habeas Corpus Act (1679).

I thought about the Magna Carta in the context of one of the loudest and largest complaints from Chief Compliance Officers (CCOs), compliance practitioners and indeed corporations around Foreign Corrupt Practices Act (FCPA) compliance. That is the cost of outside counsel in the delivery of compliance services. Many commentators rail against the high cost of both FCPA investigations and remediation’s.. Much of this high cost is driven by law firms that bill by the hour.

Stephen Fairley, who runs the Rainmaker Institute, has written extensively about the high cost of hourly billing and alternative fee arrangements (AFAs). In a blog post, entitled “Considering Alternative Fee Arrangements? Here’s How to Make Them Work for Your Firm (1 of 2)”, he cited to Vincent Cino, Chairman of Jackson Lewis PC, who told American Lawyer, “The billable hour is directly opposed to the best interest of the client and to the provider of service because by its very nature it adds an artificial barrier to the accomplishment of the only real objective, which is a quality legal product for a set and expected price.” Fairley went on to state, “One of the most common AFAs is the fixed or flat fee arrangement”.

So today I am announcing a new service offering of compliance consulting for a fixed monthly fee. For this fee you can have a set number of hours of compliance consulting services from myself. While Fairley’s quotation and comments certainly resonate with me, I saw this approach work when I was an in-house counsel at a major corporation where the lawyers never kept a record of what they worked on. The reason for this was that the Law Department heads did not want anyone on the business side wondering how much a phone call to the corporate legal department was going to cost them. The legal department was funded through a straight overhead charge to the operating unit; in other words a fixed fee, set annually. The law department wanted the business unit folks to always call with questions so they made it as easy and inexpensive as possible.

I have long thought about that concept and that model in the delivery of compliance services. The purpose of my new service offering is to allow a CCO or compliance practitioner who may need the services of a Subject Matter Expert (SME) in the nuts and bolts of FCPA compliance to have a low-cost, yet first class, resource which they can call upon with any questions at anytime and know what their monthly cost will be. I want to give a client every incentive to pick up the phone and call me as their SME, without worrying about how much the phone call is costing.

But I have other reasons for this new service offering. The fixed fee arrangement benefits both side of the equation, the lawyer and the client. Lee Rosen, a North Carolina attorney, has written extensively on fixed fee arrangements for counsel. In a blog post entitled “Hourly Billing Kills Your Art” he said, “Fixed fees let lawyers be artists. They let us do what needs doing even if it’s not something that’s economically justifiable. They let you as a lawyer release the imaginative, creative inner lawyer that too often stays bottled up inside because of the economic constraints resulting from clients feeling the pressure to pay the bills.” If there was ever a practice that was more art than Black Book law, it is FCPA compliance. A fixed fee arrangement allows me to work on the art part of it in a way that will benefit clients, yet not cost an arm and a leg.

So on this anniversary of a seminal event in English history and one that we Americans celebrate as equally important to our national character, you now have the opportunity to consult with a SME on the ‘nuts and bolts’ of FCPA compliance on a cost-effective way that I am sure you will find most innovative and useful for your compliance program. If you are interested in finding out more contact me at my email address listed below and we can discuss the specifics of my new FCPA fixed fee consulting practice offer.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 12, 2015

Tribute to Sir Christopher Lee and Release of New Book for CCOs

Lee as DraculaSir Christopher Lee died yesterday. For several generations of horror movie fans, he was simply Dracula, having starred in the role for Hammer Films in the 1950s through the 1980s. Yet for another couple of generations of movie aficionados, he was known for his work in the later Star Wars series as Count Dooku in both Star Wars: Episode II — Attack of the Clones and in Star Wars: Episode III — Revenge of the Sith. He was also the wizard Saruman in Peter Jackson’s Lord of the Rings films.

His characterization of Dracula may have been closer to what Dracula’s creator, Bram Stoker, had envisioned. According to his obituary in The Telegraph, Lee “imbued the character with a dynamic, feral quality that had been lacking in earlier portrayals.” The first Hammer Dracula film was the most successful. The Telegraph stated, “With Cushing cast this time as the vampire hunter, Dracula (retitled Horror of Dracula in America) was a box-office success for Hammer and horror aficionados at the time labelled it “the greatest horror movie ever made”. Lee also regarded it as the best of the series of Dracula films that he made with Hammer. “It’s the only one I’ve done that’s any good,” he recalled. “It’s the only one that remotely resembles the book.””

Lee’s creativeness and greatness in the roles he has played lead-in to my topic today. I am extremely pleased to announce that my latest book CCO 2.0 | Internal Marketer and Soft Skills Required has been published and is now available from Compliance Week. CCO 2.0 provides the Chief Compliance Officer (CCO) and compliance practitioner with some of the most current ideas on the types of skills that a compliance officer might need and how to market the compliance function within the corporate environment.

In the Internal Marketer section, I take on such topics as The Five Golden Rules of Internal Marketing Compliance; Internal Marketing of a Compliance Program; Getting Employees to Care about a Compliance Program; Getting Your Employees to Internally Market Your Compliance Program; Internal Advertising of Your Compliance Program and Funding Your Compliance Program.

In the sections of soft skills I discuss skills the CCO or compliance practitioner can use to move forward the compliance agenda in a company. I discuss such topics as the use of influence by a CCO; Four Keys to Compliance Leadership; the CCO as Chief Persuasion Officer; the CCO as Chief Collaboration Officer; Communications tips for the compliance professional; putting compliance at the center of strategy and why compliance is different than legal function.

The book is available in paperback and eBook formats and you can find both by clicking here.

While you are on the Compliance Week site, I would also suggest that you take at look at my seminal work on creation, implementation and enhancement of an anti-corruption compliance program, Doing Compliance. If there is one book in your library on how to do compliance, this book is it. In this book I discuss the requirements to build, and execute, a modern compliance program. With a focus on anti-bribery and anti-corruption issues, the book first reviews the basic building blocks a compliance officer needs (code of conduct, policies and procedures, internal controls), moves on to address the proper role and autonomy of a CCO, delves into the most important CCO duties (risk assessment, training, investigations), and always offers practical examples and advice for how a compliance program should work.

Best of all, the paperback and eBook both have newly reduced pricing which should make it a ‘must have’ for every member of your compliance team. The book is available by clicking here.

Finally, if you have not yet checked out my podcasts, after you check out my latest two books, published by Compliance Week, you should head over to the FCPA Compliance and Ethics Report or iTunes to check out the latest editions. Some of the highlights are:

Episodes 163 and 166 deal with the FIFA indictments.

Episode 164 – MissionLogPodcast.com co-host John Champion returns to discuss Star Trek – The Next Generation (TNG) and the leadership lessons from Season One of TNG.

Episode 165 – I discuss the BHP FCPA enforcement action and its implications for the compliance practitioner as a strict liability standard because there was no evidence of bribery presented by the Securities and Exchange Commission (SEC).

Episode 167 – Mara Senn returns to share her top ten practices for cross-border investigations. Senn has some important and useful tips to help the CCO or compliance practitioner think through an approach for an international FCPA investigation.

Episode 168 – Noted criminal defense attorney Dan Cogdell discusses criminal procedure and funding your defense costs, in the defense of an individual Foreign Corrupt Practices Act (FCPA) enforcement action. With all the talk coming about the Department of Justice (DOJ) and FCPA commentariat about the need for individual prosecutions, this episode is timely.

Lastly, after you have purchased my two latest books and checked out my podcasts, I would urge you to head on over to Netflix and settle in with Sir Christopher Lee and his great Hammer films. They are the top of 1950s horror movies.

A happy weekend to all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,288 other followers