FCPA Compliance and Ethics Blog

June 13, 2014

King of the Mug Shots-Interview with Kevin LaCroix, Founder and Editor of the D&O Diary

???????????????????????????????Ed.Note-today we continue with our profile of thought leaders. Today we profile Kevin LaCroix, Founder and Editor of the D&O Diary, which for my money is one of the the best resources regarding Directors and Liability insurance issues available in the blogosphere. 

1.         Where did you grow up and what were your interests as a youngster? 

I grew up in Fairfax, Virginia, a suburb of Washington, D.C. We had a small house and a large family – I am the fifth of six children. Growing under those conditions helped foster independence, resilience and self-reliance. For obvious reasons, we spent most of our time outside. I am astonished how freely and how far we roamed as children. It was a different world then. As a young child, I developed a lifelong affinity for bicycle riding. In the summer of 1969, when I was 13 years old, I suffered a serious injury to my right foot. I spent the entire summer in bed, reading. It was during that summer that I developed a lifelong interest in historical literature, particularly biographies. Prior to that time, I had not been a particularly diligent student, but my attitude began to change after that. I went on to attend Fairfax High School, where I was fortunate to have several excellent teachers, including a Geometry teacher who convinced me that I could learn anything I decided to try to learn. Surprisingly, given the foot injury, I went on to run track and play soccer in high school. As I said, my upbringing fostered resilience.

2.         Where did you go to college and what experiences there led to your current profession? 

I was extremely fortunate to have been able to attend the University of Virginia, which was then and remains now an absolutely terrific place. It was, for me, just the right mix of serious academics and active socializing. After I arrived, I looked around and figured out that the best undergraduate department was the English Department, so I decided to become an English major (which in retrospect was a remarkably wise way to choose a major). I enjoyed every class I took in college. There may be other students who have gotten as much out of college as I did, but nobody has ever gotten more out of it than me.

While at UVa, I was able to study creative writing with John Casey (who went on to win a National Book Award) and with James Alan McPherson (who won the Pulitzer Prize for fiction while I was taking his class). The extent to which I write well at all now is owing to those classes – my many faults as a writer are of course exclusively my own doing. Casey and McPherson are both law school graduates and both encouraged me to consider law school. I might have found my way to law school eventually anyway, but their encouragement gave me confidence to pursue the opportunity.

I wound up attending the University of Michigan Law School, where I spent what may have been the best three years of my life. I loved law school. I loved my classes, I loved my professors, I loved my classmates (in one case, literally – my wife was a classmate), I loved the townie bar on Packard Street, I loved running in the Arboretum, I loved going to Michigan football games, I loved sitting in the reading room at the Law School, I loved the Lawyers’ Club dining room, I loved the big old house we lived in on Monroe Street. In the end, I may or may not have been meant to be a lawyer but I definitely excelled at being a law student. (I am not hinting that I got the highest grades, because I didn’t. I am just suggesting that I had the best time in law school.)

3.         What led you to begin the D&O Diary? 

In the spring of 2006, I started a new phase of my career, as a wholesale insurance broker. I had run an insurance underwriting operation for the prior ten years, but now I was trying something entirely different. It was tough at first. I didn’t have any clients to start with and the phone wasn’t ringing. To keep myself occupied, I deciding to write some professionally related articles. Out of simple curiosity, I started playing around with the Blogger application on Google.

I once heard someone say that starting a blog is about as difficult as making urine. So before I even knew what I was doing, I had created a blog. I had no plan at first or really even the slightest idea what I was doing and I certainly had no idea that the blog would become what, now eight years later, it has become.

It has turned out to be the most rewarding thing I have ever done in my career. Nothing I have done professionally has provided me with as much satisfaction. Since starting the blog, and as a result of having the blog, I have been able to travel around the world and it has been so amazing to me that wherever I go – from Boston to Barcelona to Berlin to Beijing and from Seattle to Stockholm to Singapore – I meet people who tell me how much they enjoy my blog.

True story – when I was in Singapore a couple of years ago, a women came up to me at an industry event, introduced herself, told me she was from Mauritius, and asked if she could get a picture with me on her iPhone. I asked her why in the world she wanted my picture, and she said “Because you’re the D&O Diary guy! You’re world famous!” As I said to my wife when I returned home, if someone from Mauritius tells you that you’re world famous, by definition that means you’re world famous. To which my wife replied, “That’s nice dear. Take out the trash, please. “

4.         I love your ‘Mug shot’ series? Where did you come up with the idea and what are some of the highlights of the series? 

About a year ago, I read an article in the New Yorker about Henry Blodgett’s website, Business Insider.  The article made me think a lot about the Internet as a publishing medium. In the article, Blodgett talked about how important it is for a website to connect with its readers. This observation set of a tumble of different thoughts, at the end of which out came the idea for the D&O Diary mugs. I couldn’t possibly reproduce the thought process that led to the idea, but the basic concept was to try to do something to make my readers feel like they are part of the blog. If I gave them a mug and asked them to send back a picture of themselves with the mug, and then published the pictures, then readers would feel connected to the blog.

I guessed that some readers might be interested but I never anticipated how great the interest would be. I went through 288 mugs in no time at all. I would have liked to have sent out even more mugs – the demand for many more mugs was certainly there. But my wife put her foot down. She was taking care of the shipping and it was incredibly time consuming for her. Also, a very large percentage of the mug requests came from overseas, and I hadn’t really thought about how expensive it is to ship things overseas. We spent several thousand dollars on shipping. Sadly, many of the mugs sent overseas were damaged in transit.

Overall, though, the project was an immense success. I was continuously amazed at the places people would take the mugs in order to get just the right mug shot. I had readers send in pictures with their mugs from inside the U.S. Supreme Court, at the Wailing Wall, on the Old Course at St. Andrews and in jungle covered ruins in Cambodia. People sent in pictures that were taken from mountain tops, in vineyards, on safari, in the snow, in the sunshine, at sea, on vacation, at work, and even from their back porch. (My most recent mug shot post, which has links back to all of the prior posts, can be found here.)

I had people send in pictures taken in Moscow, Beijing, New Delhi, Rotterdam, Shanghai, Paris, London, Montreal, South Africa, Hong Kong, Scotland, Warsaw, Toronto, Jerusalem, Sydney, Cambodia, and Bermuda, as well as at the Grand Canyon, the Baseball and Hockey Halls of Fame, Fenway Park, Mesa Verde National Park, in Napa Valley, at the No. 2 Course at Pinehurst, on Wall Street, at the America’s Cup races in San Francisco Bay, at the original Cheers bar in Boston, at the Naval Academy, at Stanford, in the Press Room at the White House, with their dogs, with their kids, with elephants and zebras, and always with the D&O Diary mug in the picture. I even published one picture of a mug that arrived in Shanghai in pieces.

I liked all of the pictures readers sent in, but I would have to say my favorite, simply on the score of most unusual, was the one taken at the veterinarian artificial insemination clinic at Stephen F Austin State University in Nacogdoches, Texas. The picture was taken with the mug in the foreground while an insemination procedure was underway in the background.  Yep, I didn’t expect that one.

 5.        What issues might you see from your perspective regarding D&O insurance regarding the FCPA going forward? 

Foreign Corrupt Practices Act and anti-bribery enforcement generally has been an area of concern in the D&O insurance arena for some time now. The issue is not the massive fines and penalties that companies get hit with, as those amounts typically are not covered by D&O insurance. The issue has more to do with the costs of investigation and defense, as well as the possibility of follow-on civil litigation.

There are a number of factors that will affect the extent to which coverage is available for investigative costs and defense expenses under a D&O insurance policy. Among other things, it will be important whether or not the company involved is a private company or a public company, as the types of policy form used for the two different kinds of companies provide significantly different entity coverage. Other issues that will affect the availability of coverage include the stage of the investigation; to the extent D&O insurance policies provide coverage for investigative costs at all, it is usually restricted to formal investigations. (Some modern forms now also provide coverage for individuals for pre-claim inquiries.) Another issue that will affect the availability of coverage for investigative costs is the identity of the investigative target. If the target is just the company itself, it will be more difficult to establish coverage for the investigative costs, as many policies restrict investigative cost coverage for the corporate entity.

Where the D&O Insurance can be a much more significant is if the FCPA enforcement action or investigation triggers a follow-on civil lawsuit. As I have noted frequently on my blog (most recently here), though there is no private right of action under the FCPA, it has become an increasingly common phenomenon after an FCPA investigation or enforcement action is disclosed for investors to file a lawsuit against the company’s officers and directors. These lawsuits typically take the form either of a securities class action lawsuit (an example of which is discussed here) or shareholders derivative lawsuits (as discussed here and here). These lawsuits are not always successful for the plaintiffs, yet the plaintiffs’ lawyers continue to pursue these kinds of claims.

These types of follow-on lawsuits represent the very kind of exposures for which companies purchase D&O insurance; at a minimum, the insurance permits the company and its executives to defend themselves from these kinds of claims. I expect these kinds of claims to be an increasingly significant part of the D&O claims environment for some time to come, particularly as anti-bribery regulatory and enforcement authorities outside of the U.S. step up their activities.

===============================================================================================================================================================================================================================================

M&A UNDER THE FCPA

If you are interested in learning about mergers and acquisitions under the FCPA I am involved in to upcoming events designed to give you the most up-to-date advice on this area of compliance. Both events are sponsored by The Network. The first event is a webinar entitled appropriately enough, “Mergers and Acquisitions Under the FCPA” and is scheduled for  Tuesday, June 17th, 2014 TIME: 2:00 pm EDT. For registration and additional information click here. On Tuesday, June 24th the always popular Tom Fox/Stephen Martin roadshow travels to Denver where I will speak live on Merger and Acquisitions Under the FCPA and Stephen will talk about risk assessments under the FCPA. For information on the Denver event, click here

WORLD CUP REVIEW

I am putting on a four part podcast series on the World Cup, detailing issues of bribery and corruption, together with an ongoing discussion of Team USA and this year’s tournament. I am joined by Mike Brown, the Managing Director of Infortal. You can check out Part I by clicking here of the series where we discuss bribery of referees in the lead up to the 2010 World Cup held in South Africa and FIFA’s response. Mike and I then review Team USA and it’s draw in Group g-the Group of Death. I hope that you will check out this series and enjoy it as much as Mike and I enjoy recording the episodes. Also remember, my podcast, the FCPA Compliance and Ethics Report is available for download at no charge on iTunes so you can listen to Part I on your commute to work. So sign up for the podcast from WordPress or iTunes and enjoy our series.

==============================================================================================================================================================================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 20, 2013

The Death of Pennoyer v. Neff and the Requirements for Minimum Contacts under the FCPA

Filed under: D&O Diary,FCPA,FCPA Professor,minimum contacts,SEC — tfoxlaw @ 1:01 am
Tags: , , ,

The bane of every first year law student, at least in Civil Procedure, is Pennoyer v. Neff. This is because (1) it is usually studied very early in the semester; (2) is viewed as the first true introduction to how strikingly convoluted legal issues can be; and (3) has the most turgid legal writing from the 19th century imaginable to attempt to read and understand. Fortunately for all of us, in a case called International Shoe v. Washington, the US Supreme Court overturned Pennoyer and held that if a person is not present with in the forum, then he (or she) must have such minimum contacts with the forum that the maintenance of the action must not offend traditional notions of fair play and substantial justice. Courts have named these two tests (1) the minimum contact analysis and (2) the reasonableness inquiry. Last month there were two cases involving the Foreign Corrupt Practices Act (FCPA), which discussed just how far enforcement of the FCPA can go, using the minimum contacts and reasonableness tests.

The first case was SEC v. Schraub, where the Securities and Exchange Commission (SEC) brought an enforcement action against three executives of Magyar Telekom, Plc. As set out in an article in the D&O Diary, entitled “Foreign-Domiciled Individuals and the FCPA’s Reach”, this case followed on after the Magyar Telekom FCPA enforcement action. It involved an enforcement proceeding against three Magyar executives. The SEC alleged that the three authorized payments to an intermediary, knowing the payments would be forwarded to government officials. The SEC also alleged that the individuals made false statements to the company’s auditors by signing representations that the company’s books and records were accurate. All three executives are Hungarian citizens and residents. The three moved to dismiss the SEC’s complaint, arguing that the US lacked personal jurisdiction over them. This case was before Judge Richard Sullivan.

The second case was SEC v. Sharef, a case following out the Siemens FCPA matter. In this case the SEC filed an enforcement action against several Siemens executives in connection with alleged bribery activities in Argentina. One of the defendants, Herbert Steffen, moved to dismiss contending that the court lacked personal jurisdiction over him. Steffen, a German citizen, had been Chief Executive Officer (CEO) of Siemens Argentina twice before his retirement in 2003. This case was before Judge Shira Scheindlin, the same judge who presided over the Frederick Bourke case.

The cases came to different results based upon different underlying facts. But the key to remember is the International Shoe test, minimum contacts and reasonableness.

I.                   Straub

  1. Minimum Contacts

As cited by the FCPA Professor in his post, entitled “Motion To Dismiss Denied In Former Magyar Telekom Exec’s Case”, Judge Sullivan said:

“[T]he Defendants here allegedly engaged in conduct that was designed to violate United States securities regulations and was thus necessarily directed toward the United States, even if not principally directed there.  […] [D]uring and before the time of the alleged violations, both Magyar’s and Deutsche Telekom’s securities were publicly traded through ADRs listed on the NYSE and were registered with the SEC […] Because these companies made regular quarterly and annual consolidated filings during that time, Defendants knew or had reason to know that any false or misleading financial reports would be given to prospective American purchasers of those securities.”

Therefore, it is not only that Magyar traded securities through ADRs listed on the NYSE that satisfies the minimum contacts standard but also that Defendants allegedly engaged in a cover-up through their statements to Magyar’s auditors knowing that the company traded ADRs on an American exchange, and that prospective purchasers would likely be influenced by any false financial statements and filings. The court thus has little trouble inferring from the SEC’s detailed allegations that, even if Defendants’ alleged primary intent was not to cause a tangible injury in the United States, it was nonetheless their intent, which is sufficient to confer jurisdiction.

2.     Reasonableness

Judge Sullivan stated that while it might not be convenient for Defendants to defend this action in the United States, Defendants have not made a particular showing that the burden on them would be “severe” or “gravely difficult.” The SEC noted that there was no alternative forum available for the US government and this required that the US bring a FCPA action against Defendants in federal courts in the US or the  Defendants could potentially evade liability altogether. Additionally, because this case was brought under federal law, the judicial system has a strong federal interest in resolving this issue here. The Court found that the exercise of personal jurisdiction over Defendants was “not unreasonable.”

II.                Sharef

  1. Minimum Contacts

In a post, entitled ““Far Too Attenuated” – Judge Grants Herbert Steffen’s Motion To Dismiss In SEC FCPA Enforcement Action”, the FCPA Professor cited to Judge Scheindlin regarding this prong of the jurisdictional test. Judge Scheindlin said that the defendants must have “followed a course of conduct directed at … the jurisdiction of a given sovereign, so that the sovereign has the power to subject the defendant to judgment concerning the conduct.  The effects in the United States must ‘occur as a direct and foreseeable result of the conduct outside the territory’ and defendant ‘must know, or have good reason to know, that his conduct will have effects in the [forum] seeking to assert jurisdiction over him.

The SEC allegations against Steffen were premised on Steffen’s role in encouraging another defendant to authorize bribes to Argentine officials that ultimately resulted in falsified filings. Thereafter his only actions were “limited to participation in a phone call initiated by Sharef from the United States in connection with the bribery scheme, and that in the first half of 2003, defendants including Steffen ‘urged Sharef to meet the demands [of Argentine officials] and make the additional payments.’”

She found that Steffen’s actions were “far too attenuated from the resulting harm to establish minimum contacts. Steffen was brought into the alleged scheme based solely on his connections with Argentine officials.” There was no allegation Steffen authorized the bribes nor was there any allegation that he directed, ordered or even had awareness of the cover ups that occurred at SBS much less that he had any involvement in the falsification of SEC filings in furtherance of those cover ups.

The FCPA Professor quoted Judge Scheindlin for the following “If this Court were to hold that Steffen’s support for the bribery scheme satisfied the minimum contacts analysis, even though he neither authorized the bribe, nor directed the cover up, much less played any role in the falsified filings, minimum contacts would be boundless. Illegal corporate action almost always requires cover ups, which to be successful must be reflected in financial statements. Thus, under the SEC’s theory, every participant in illegal action taken by a foreign company subject to U.S. securities laws would be subject to the jurisdiction of U.S. courts no matter how attenuated their connection with the falsified financial statements. This would be akin to a tort-like foreseeability requirement, which has long been held to be insufficient. The allegations against Steffen fall far short of the requirement that he ‘follow a course of conduct directed … the jurisdiction of a given sovereign, so that the sovereign has the power to subject the defendant to judgment concerning that conduct. Absent any alleged role in the cover ups themselves, let alone any role in preparing false financial statements the exercise of jurisdiction here exceeds the limits of due process, as articulated by the Supreme Court and the Second Circuit.’

  1. Reasonableness

Judge Scheindlin took a different tact on the reasonableness prong. She found that Steffen’s lack of geographic ties to the US, his age, his poor proficiency in English, and the forum’s diminished interest in adjudicating the matter, all weigh against personal jurisdiction. This would place a heavy burden on this seventy-four year old defendant to journey to the US to defend against this suit. As the SEC and the Department of Justice (DOJ) have already obtained comprehensive remedies against Siemens and Germany has resolved an action against Steffen individually, she believed that the “SEC’s interest in ensuring that this type of conduct does not go unpublished will not be furthered by continuing the suit against Steffen, in light of his age, the burden to defend this suit, and the previous adjudications.

III.             Jurisdictional Box Score

Case

SEC v. Straub, et al

SEC v. Sharef, et al

Defendants Elek Straub, Andras Balogh and Tamas Morvai Herbert Steffens
Judge Richard Sullivan Shira Schendlin
Underlying FCPA Case Magyar Telekom, Plc Siemens AG
Analysis – Minimum Contacts
  1. Made false statements to company auditors.
  2. Knowing that company securities traded on American exchange
  3. Prospective purchasers would likely be influenced by false financial filings.
  1. No evidence proffered defendant had directed, ordered or had awareness of bribes.
  2. No evidence that he was involved in falsification of financial records
Analysis – Reasonableness
  1. SEC could not seek redress outside US
  2. US government has strong interest in hearing matter
  1. Defendant had lack of geographic ties to US
  2. Age of Steffens – 76
  3. Country of his domicile has resolved action against him individually

These two cases are very fact specific. However, they also set some clear parameters as to whether and how a FCPA enforcement action can be brought against individual foreign defendants. The difference between the two cases would appear to be affirmative actions by the three Magyar Telekom employees in providing false information in the reporting of financial information which is made public to companies listed in the US. This may well set a bar to future actions against foreign nationals under the FCPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

February 11, 2013

Quadrophenia and Four Compliance Issues

This past weekend I saw the remaining members of The Who perform in their Quadrophenia Tour. While I had seen Roger Daltry perform the rock opera Tommy, I had never seen Pete Townsend in concert. To say I was blown away would be putting it mildly, especially as Quadrophenia does not even make it into my top three favorite Who albums, which are, in descending order, Who’s Next, Tommy and Live at Leeds. While Roger Daltry’s voice was not as strong as it was during his Tommy tour, not doubt due to the longer duration of this tour, it was still a great performance and it was worth it to see Pete Townsend. He can still rock. Also they ended the show with three songs from Who’s Next, which alone was worth the price of admission.

The story generally revolves around four themes based upon the four personalities of the members of the band; Daltry, Townsend, Keith Moon and John Entwhistle. However, it was also a play on (for those of you old enough to remember) quadrophonic sound. According to Pete Townsend, “”The whole conception of Quadrophenia was geared to quadraphonic, but in a creative sort of way. I mean I wanted themes to sort of emerge from corners. So you start to get the sense of the fourness being literally speaker for speaker.” So inspired by ‘fourness’ today, I will review four issues that have, or will, impact the compliance practitioner.

I.                   EU and Data Privacy

In an article in the Financial Times (FT), entitled “EU refuses to bend on tough data privacy law”, reporter James Fontanella-Khan wrote that Viviane Reding, the EU Commissioner for Justice, said that she will continue to fight any US attempts to water down its proposed data protection and privacy law, “which would force global technology companies to obey European standards across the globe.” Further, “Exempting non-EU countries from our data protection regulations is not on the table. It would mean applying a double standard.” Fontanella-Khan said that “US tech companies argue that it would be unfair for them to be subject to EU laws that are too stringent and could result in expensive administrative burdens and hefty fines for errant companies.” Can you think of any US laws that non-US companies have to comply with?

Issues for the compliance practitioner? There could be a myriad, from internal investigations, to sharing data with US regulators to ongoing monitoring and auditing. While it is currently US technology companies which are leading the fight against these new tough standards, non-tech companies could do well to assess how these changes may well impact them.

II.                Will DOJ Open FCPA Investigation Against EADS?

Perhaps not fully appreciating the irony in reporting the EADS story in the same issue as the above EU data privacy story, the FT also had an article by Carola Hoyos, entitled “FBI probe of EADS unit claims”, who reported that the Federal Bureau of Investigation (FBI) has interviewed “a witness and taken possession of documents in connection with allegations” that a British subsidiary of the European aerospace entity EADS, named GPT Special Management Systems, bribed Saudi Arabian military officials, in connection with business dealings. Hoyos reported that GPT “made ₤11.5 of unexplained payments – some via the US – to bank accounts in the Cayman Islands.”

Although there is no known open US Department of Justice (DOJ) investigation open into the EADS matter at this point, Hoyos noted that it was the DOJ which led the effort to investigate and eventually fine the UK company BAE, the amount of $400MM after the British government ordered the Serious Fraud Office (SFO) inquiry into allegations of BAE bribery for sales of equipment into Saudi Arabia “citing economic and diplomatic interests”. The FBI interviews occurred even though the SFO is currently investigating the matter. Hoyos also reported that EADS “maintained that its own investigations into the matter had yielded no evidence of wrongdoing.”

III.             Think Before You Hit That Send Button

In a post in his blog, the D&O Diary, entitled “Damning E-mails: Can We Talk?”, author Kevin LaCroix wrote that “revelations this past week arguably represent some type of high-water mark, as a cluster of serious allegations were accompanied by a trove of embarrassing excerpts from emails and instant messages. While the latest disclosures provide yet another reminder of the dangers associated with ill-considered use of modern electronic communications technology, they also raise questions about the use that regulators and claimants are attempting to make of the communications.” He was talking about the Commodities Futures Trading Commission’s press releases announcing RBS’s settlement this past week of charges of alleged Libor manipulation drew heavily on excerpts from the bank’s internal electronic communications. While noting that “emails do sometimes in fact evidence wrongdoing” the problem with them “is that when seemingly damning email excerpts are blasted into the media, it is very difficult to appreciate the larger context within which the excerpts fit.”

As much as he has distaste for the selective use of emails in this manner by regulators, LaCroix believes that they can provide a teachable moment. He writes that “a useful exercise to try to adopt is to pause and ask yourself, before hitting “send”, how the message would look if it were to fall into the hands of a hostile and aggressive adversary who was looking for ways to try to make you or your company look bad. Were this simple test to be more widely implemented, we would certainly see a marked reduction in, for example, running email jokes about the French maid’s outfit. My final thought is this – we all know that many electronic messages are written in haste and sometimes with insufficient care. With full awareness of this attribute of electronic communications, we should hesitate to jump to too many conclusions about the seemingly damaging inferences that could be drawn from email or instant message excerpts. But we should also learn from the inferences that regulators and claimants are trying to draw and try to take that into account in our own communications.” I could not have put it better myself.

IV.              Trust Your Gut and Raise Your Hand

There have recently been a plethora of articles about ‘big data’ and how it can help in the monitoring of a Foreign Corrupt Practices Act (FCPA) compliance program. I have been one of the folks to write and talk about it. However, in an article in the New York Times (NYT), entitled “Sure, Big Data is Great. But So Is Intuition”, reporter Steve Lohr wrote that while he thinks that big data is a powerful tool and an unstoppable tread it “might be a time for reflection, questions and qualms about this technology.” This is because, like all mathematical models, big data is “a simplification.” He quotes Thomas Davenport for the following. “A major part of managing Big Data projects, he says, is asking the right questions: How do you define the problem? What data do you need? Where does it come from? What are the assumptions behind the model that the data is fed into? How is the model different from reality?”

So the underlying basis for analyzing big data may actually be “too simple minded, rather than too smart.” All of this leads back to intuition. I would add that if the hair on the back of your neck stands up, your gut tells you something is wrong or something does not smell right, it probably isn’t right. The implications for the compliance practitioner? I would like to propose that the largest is in the area of training. What I try and tell non-compliance practitioners when I put on training is that if you see, smell or sense one of the above, just raise your hand. You do not have to know the ins and outs of the FCPA or know the answer but I do ask that you raise your hand and get the issue to a person who does have the expertise to analyze the issue.

If you have the chance to see The Who on their Quadrophenia Tour, all I can say is to drop whatever you are doing and go see it. I do not know if it will be your last chance to see Pete Townsend but when he winds up for one of those trademark windmill slams down the guitar strings, just close your eyes and listen. It is pure bliss and a quad of sensations for the ages.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

November 9, 2012

The Red Scare: Knowledge and the Importance of Due Diligence

 Ed. Note-we continue our series of guest posts from our colleague Mary Shaddock Jones, who today looks at the importance of due diligence.

At midnight on November 9, 1989, East Germany’s rulers gave permission for the Berlin Wall, separating East and West Berlin, to be opened up.  Ecstatic crowds immediately began to clamber on top of the Wall and hack large chunks out of the 28-mile barrier.  I remember viewing the scene on T.V.  It was a momentous moment in world history.  For those of you who may not know, while East Germany never officially adopted a “red flag” for its country, on most official buildings, the national flag (black-red-gold with hammer and circle) was flown with a solid red flag flown next to it!  Twenty-two years later the “fall of the Red Flag of East Berlin”, seems like distant memory.  However, for businesses doing business internationally the “red flag” has once again come to represent a warning or a threat in terms of liability under the FCPA

The Lay Person’s guide to the FCPA published by the Department of Justice warns U.S. firms about their choice of overseas partners and agents. A bad choice is someone who is likely to make corrupt payments. That likelihood, the DOJ says, is usually indicated by warning signs called “red flags.” If there are red flags to start with, and if the intermediary does bribe a foreign official to help the business, the company will have trouble arguing it shouldn’t be responsible for an FCPA violation based on an indirect corrupt payment.

Red flags, as the name suggests are easy to spot, and include such things as: (1) unusual payment patterns or financial arrangements;  (2) a history of corruption in the country;  (3) a refusal by the foreign joint venture partner or representative to certify that it will not take any action that would cause the U.S. firm to be in violation of the FCPA; (4) unusually high commissions; (5) Lack of transparency in expenses and accounting records; (6) An apparent lack of qualifications or resources on the part of the joint venture partner or  representative to perform the services offered; and, (7) a recommendation from the local government of the intermediary to hire this particular third party.

Although red flags are often relatively easy to discover, the failure to look may result in a company being subject to severe penalties.  As a result,  prior to dealing with any third party, companies should conduct Due Diligence in an  attempt to discover whether the third party is involved in any prohibited corrupt practices or has some connection to a foreign government official that you may not be aware of.  Due diligence is thus an essential tool, as it allows one to acquire knowledge of any existing or potential “red flags”, thus enabling entities to make informed decisions on whether or not to interact with or transact business with certain persons and entities.

The practical pointer for today’s blog is this- The undeniable truth is that Companies must know who they are doing business with and, as importantly, why they are choosing to do business with this particular entity.  This requires the accumulation of information! In order to collect adequate information concerning prospective third-party Agents or Business Partners, many companies are now using a consistent set of tools, for example: (1) questionnaires requiring the person within the company who is recommending the retention of a third party to provide basic information such as the reasons for engagement, the specific services required, how prospective third-party individuals or companies were selected for possible service, relevant experience and capabilities of the prospective third party, whether the prospective third-party would need to interact with government officials, how much and in what manner the third party should be compensated, etc.; (2) a questionnaire submitted to the prospective third party requesting significant information regarding the ownership, physical location, management, experience, relationship to foreign government officials, references of the third party and an assurance by the third party that it understands and is willing to comply with anti-corruption laws and regulations; (3) some method of vetting the reputation and background of the prospective third-party representative or business partner. Ultimately,  the level of due diligence required will generally be commensurate with the level of perceived risk.

When conducting due diligence of high-risk third parties, one should typically employ the services of  third party professionals.  These professionals can help insure that the high risk third party does not pose potential FCPA liability through the use of various means such as: checks of corporate filings and business records, legal proceedings, Internet searches, and adverse media checks.  Furthermore,  many emerging markets and developing countries pose such a great risk of FCPA liability, that additional due diligence procedures including “in-country” (a/k/a “boots on the ground”) searches may be required such as: conducting searches of localized public records, phone interviews, site visits, and reference checks.

Consider the following policy language:

Under the U.S. FCPA,  the Company and its Personnel could be liable for indirect offers, promises of payments, or payments to any Government Official (or to private entity if the UK Bribery Act is involved) if such offers, promises, or payments are made through an Agent or Partner with the knowledge that a Government Official will be the ultimate recipient. As a result, it is important that the Company, through the Company Compliance Officer, consider the necessity of conducting anti-corruption due diligence on a prospective Agent or Partner. If after performing a risk assessment the Company concludes that a due diligence investigation should be conducted, then the extent of the investigation must be determined.  The degree of due diligence the Company will perform depends upon a lot of factors, including the dollar value of the arrangement, the expected contact with government officials, and the country at risk.  In making the determination, the Company will consider whether the transaction raises “red flags”.

Examples of common “red flags” with third parties are as follows:

  • The prospective acquisition target, Agent, or Partner insists that its identity remain confidential or refuses to divulge the identity of its owners, directors, or officers.
  • Family, business or other ‘special’ ties with government or political officials.
  • Reputation for violation of local law or company policy, such as prohibitions on commissions, or currency or tax law violations. Also negative press, rumors, allegations, investigations or sanctions.
  • The transaction or the prospective acquisition target, Agent, or Partner is or operates in a country where there is widespread corruption or a history of bribes and kickbacks
  • Requests from government officials or agencies to engage or hire specific third parties.
  • Inadequate credentials for the nature of the engagement or lack of an office or an established place of business.
  • Missing or inadequate documentation to support services and invoices. Unsupported charges or expenses, requests for payment of non-contracted amounts.
  • Convoluted or complex payment requests, such as payment to a third party or to accounts in other countries, requests for payments in cash or requests for upfront payment for expenses or other fees.
  • Requests for political, charitable contributions or other favors as a way of influencing official action.
  • Third party has a reputation for getting ‘things done’ regardless of circumstances or suggests that for a certain amount of money, he can fix the problem or “make it go away”.

All due diligence investigations conducted by the Company will include an analysis of potential “red flag” issues.  Investigations of potential “red flag” issues should be carefully documented and relevant documents, such as due diligence, questionnaires, reports, and compliance certificates, should be maintained by the Company Compliance Officer or his or her designee.

On Monday, we will examine contractual language to consider when contracting with approved Agents and Partners.  Stay tuned.

 Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries.  She was of the first individuals in the United States to earn TRACE Anti-bribery Specialist Accreditation (TASA).  She can be reached at msjones@msjllc.com or 337-513-0335. Her associate, Miller M. Flynt, assisted in the preparation of this series.  He can be reached at mmflynt@msjllc.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor.

 

October 17, 2011

SciClone FCPA Lawsuit Settlement: New Enhanced Best Practices?

In a story in the D&O Diary, entitled “More Woes for Companies with Chinese Connections”, Kevin LaCroix discussed the settlement reached by the entity SciClone Pharmaceuticals, and its individual defendant directors and officers, in litigation involving three consolidated derivative lawsuits that were filed following the company’s announcement that it was the target of Securities and Exchange Commission (SEC) and Department of Justice (DOJ) investigations for possible violations of the Foreign Corrupt Practices Act (FCPA). As reported by the FCPA Professor and others, within the first two weeks after the company’s announcement of the investigation there was a literal whirlwind of announcements by law firms of investigations of SciClone and the lawsuits which were consolidated into the settled action.

The FCPA does not provide for a private right of action, the announcement of a FCPA investigation can often bring civil lawsuits against the company, as nominal defendant, and certain of the company’s directors and officers. In the SciClone lawsuits, it was alleged that “the Individual Defendants, by reason of their failure to implement and maintain internal controls and systems at the Company to assure compliance with the FCPA, breached their fiduciary duties and may be held liable for damages.” As reported by LaCroix the parties have agreed, subject to court approval, to resolve the consolidated actions based on the company’s agreement to adopt certain specified corporate governance reforms and their agreement to pay $2.5 million in plaintiffs’ attorneys’ fees. The payment of the plaintiffs’ attorneys’ fees is to be made by “SciClone’s insurers under its director and officer insurance policy.”

SciClone has a large amount of its business in China and on its website announces, “SciClone’s goal is to grow sales of our significant marketed portfolio in China”. As noted by LaCroix, “The existence of the FCPA investigation underscores the challenges facing companies attempting to do business in China.” This “China-centric” business focus may have led to some of the issues involved in the FCPA investigation.

The Settlement has several features that are well worth noting by the compliance practitioner.

Clawbacks

In addition to agreeing to seek to retrieve any incentive-based compensation from company officers in the event of  an earnings restatement, SciClone is required to “take legal action to recoup” all incentive-based compensation “paid to the director, officer, employee, or independent contractor” that was earned if an “Established Violation” is found. An Established Violation is defined to be “a guilty plea or other admission of guilt under penalty of perjury, or a criminal or civil judgment or sanction.” This requirement on a company is something not generally or previously seen. The requirement against third party “independent contractors” is also a new wrinkle. Is this language broad enough to include agents, resellers, distributors or any other monikered foreign business partner?

Compliance Coordinator

The Settlement goes into substantial detail about the creation of a new position within SciClone named “Compliance Coordinator”. While never calling this position the Chief Compliance Officer, the Compliance Coordinator has many roles usually associated with that position. In addition to the duties of the Compliance Coordinator, which will be enumerated below, the position requires fluency in both English and Mandarin. Other requirements of the Compliance Coordinator include:

  • A senior profession with FCPA compliance experience, who would be a part of the executive management team.
  • Knowledge of and experience with the types of compliance issues faced by SciClone.
  • The Compliance Coordinator shall report directly to the Audit Committee of the Board of Directors on all compliance efforts going forward through no less than quarterly and annual reports.
  • Provide an annual assessment of the Company’s compliance program and perform unannounced site visits to China to ensure compliance with the program.
  • Liaise with a designated compliance “point person” at all locations other than the home office of the Compliance Coordinator.
  • The Compliance Coordinator shall have the right to be present at any regularly-noticed meeting of the Board of Directors.

Compliance Program and Code of Conduct

The Settlement adopts the 13 point best practices compliance program as set for in all Deferred Prosecution Agreements (DPAs) since at least the Panalpina DPA of November, 2010. The Settlement also goes into some detail about the Code of Conduct specifically adding a component for “Health Care Professionals” as that is the type of business in which SciClone is involved.

Internal Controls, Use of Agents and Employee Training

In three separate sections of the Settlement, there are further requirements regarding “Internal Controls and the Compliance Function”; “Use of Foreign Agents and Distributors” and “Employee Compliance Training”. In the Internal Controls section the company’s Internal Auditor “shall report directly to the Audit Committee at least quarterly” and “shall provide a balanced assessment of significant legal compliance risks and effectiveness of the system of internal controls in managing these risks.” Regarding the use of foreign business partners, compensation should be “commercially reasonable” and the company should contractually limit compensation to “specific, identified tasks and should avoid large percentage-based commissions and success fees.” In the training section it is specifically noted that the training should be both in English and Mandarin.

The SciClone Settlement has several unique and interesting factors. The first is that is has great specificity for a civil settlement. One can only speculate but it would certainly appear that these compliance roles, policies and procedures were not in place and that the lack of them has led to at least one or more potential violations. Certainly not referenced anywhere in any of these proceedings is the role of the DOJ or SEC and how these compliance roles, policies and procedures may have been influenced by DOJ or SEC input, or how these might factor into any settlement  with the DOJ or SEC. This civil Settlement Agreement adds greater specificity to the 13 points of a minimum best practices compliance program that was set forth in the Panalpina settlement.

For a copy of the parties’ stipulation of settlement click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Blog at WordPress.com.