FCPA Compliance and Ethics Blog

June 13, 2014

King of the Mug Shots-Interview with Kevin LaCroix, Founder and Editor of the D&O Diary

???????????????????????????????Ed.Note-today we continue with our profile of thought leaders. Today we profile Kevin LaCroix, Founder and Editor of the D&O Diary, which for my money is one of the the best resources regarding Directors and Liability insurance issues available in the blogosphere. 

1.         Where did you grow up and what were your interests as a youngster? 

I grew up in Fairfax, Virginia, a suburb of Washington, D.C. We had a small house and a large family – I am the fifth of six children. Growing under those conditions helped foster independence, resilience and self-reliance. For obvious reasons, we spent most of our time outside. I am astonished how freely and how far we roamed as children. It was a different world then. As a young child, I developed a lifelong affinity for bicycle riding. In the summer of 1969, when I was 13 years old, I suffered a serious injury to my right foot. I spent the entire summer in bed, reading. It was during that summer that I developed a lifelong interest in historical literature, particularly biographies. Prior to that time, I had not been a particularly diligent student, but my attitude began to change after that. I went on to attend Fairfax High School, where I was fortunate to have several excellent teachers, including a Geometry teacher who convinced me that I could learn anything I decided to try to learn. Surprisingly, given the foot injury, I went on to run track and play soccer in high school. As I said, my upbringing fostered resilience.

2.         Where did you go to college and what experiences there led to your current profession? 

I was extremely fortunate to have been able to attend the University of Virginia, which was then and remains now an absolutely terrific place. It was, for me, just the right mix of serious academics and active socializing. After I arrived, I looked around and figured out that the best undergraduate department was the English Department, so I decided to become an English major (which in retrospect was a remarkably wise way to choose a major). I enjoyed every class I took in college. There may be other students who have gotten as much out of college as I did, but nobody has ever gotten more out of it than me.

While at UVa, I was able to study creative writing with John Casey (who went on to win a National Book Award) and with James Alan McPherson (who won the Pulitzer Prize for fiction while I was taking his class). The extent to which I write well at all now is owing to those classes – my many faults as a writer are of course exclusively my own doing. Casey and McPherson are both law school graduates and both encouraged me to consider law school. I might have found my way to law school eventually anyway, but their encouragement gave me confidence to pursue the opportunity.

I wound up attending the University of Michigan Law School, where I spent what may have been the best three years of my life. I loved law school. I loved my classes, I loved my professors, I loved my classmates (in one case, literally – my wife was a classmate), I loved the townie bar on Packard Street, I loved running in the Arboretum, I loved going to Michigan football games, I loved sitting in the reading room at the Law School, I loved the Lawyers’ Club dining room, I loved the big old house we lived in on Monroe Street. In the end, I may or may not have been meant to be a lawyer but I definitely excelled at being a law student. (I am not hinting that I got the highest grades, because I didn’t. I am just suggesting that I had the best time in law school.)

3.         What led you to begin the D&O Diary? 

In the spring of 2006, I started a new phase of my career, as a wholesale insurance broker. I had run an insurance underwriting operation for the prior ten years, but now I was trying something entirely different. It was tough at first. I didn’t have any clients to start with and the phone wasn’t ringing. To keep myself occupied, I deciding to write some professionally related articles. Out of simple curiosity, I started playing around with the Blogger application on Google.

I once heard someone say that starting a blog is about as difficult as making urine. So before I even knew what I was doing, I had created a blog. I had no plan at first or really even the slightest idea what I was doing and I certainly had no idea that the blog would become what, now eight years later, it has become.

It has turned out to be the most rewarding thing I have ever done in my career. Nothing I have done professionally has provided me with as much satisfaction. Since starting the blog, and as a result of having the blog, I have been able to travel around the world and it has been so amazing to me that wherever I go – from Boston to Barcelona to Berlin to Beijing and from Seattle to Stockholm to Singapore – I meet people who tell me how much they enjoy my blog.

True story – when I was in Singapore a couple of years ago, a women came up to me at an industry event, introduced herself, told me she was from Mauritius, and asked if she could get a picture with me on her iPhone. I asked her why in the world she wanted my picture, and she said “Because you’re the D&O Diary guy! You’re world famous!” As I said to my wife when I returned home, if someone from Mauritius tells you that you’re world famous, by definition that means you’re world famous. To which my wife replied, “That’s nice dear. Take out the trash, please. “

4.         I love your ‘Mug shot’ series? Where did you come up with the idea and what are some of the highlights of the series? 

About a year ago, I read an article in the New Yorker about Henry Blodgett’s website, Business Insider.  The article made me think a lot about the Internet as a publishing medium. In the article, Blodgett talked about how important it is for a website to connect with its readers. This observation set of a tumble of different thoughts, at the end of which out came the idea for the D&O Diary mugs. I couldn’t possibly reproduce the thought process that led to the idea, but the basic concept was to try to do something to make my readers feel like they are part of the blog. If I gave them a mug and asked them to send back a picture of themselves with the mug, and then published the pictures, then readers would feel connected to the blog.

I guessed that some readers might be interested but I never anticipated how great the interest would be. I went through 288 mugs in no time at all. I would have liked to have sent out even more mugs – the demand for many more mugs was certainly there. But my wife put her foot down. She was taking care of the shipping and it was incredibly time consuming for her. Also, a very large percentage of the mug requests came from overseas, and I hadn’t really thought about how expensive it is to ship things overseas. We spent several thousand dollars on shipping. Sadly, many of the mugs sent overseas were damaged in transit.

Overall, though, the project was an immense success. I was continuously amazed at the places people would take the mugs in order to get just the right mug shot. I had readers send in pictures with their mugs from inside the U.S. Supreme Court, at the Wailing Wall, on the Old Course at St. Andrews and in jungle covered ruins in Cambodia. People sent in pictures that were taken from mountain tops, in vineyards, on safari, in the snow, in the sunshine, at sea, on vacation, at work, and even from their back porch. (My most recent mug shot post, which has links back to all of the prior posts, can be found here.)

I had people send in pictures taken in Moscow, Beijing, New Delhi, Rotterdam, Shanghai, Paris, London, Montreal, South Africa, Hong Kong, Scotland, Warsaw, Toronto, Jerusalem, Sydney, Cambodia, and Bermuda, as well as at the Grand Canyon, the Baseball and Hockey Halls of Fame, Fenway Park, Mesa Verde National Park, in Napa Valley, at the No. 2 Course at Pinehurst, on Wall Street, at the America’s Cup races in San Francisco Bay, at the original Cheers bar in Boston, at the Naval Academy, at Stanford, in the Press Room at the White House, with their dogs, with their kids, with elephants and zebras, and always with the D&O Diary mug in the picture. I even published one picture of a mug that arrived in Shanghai in pieces.

I liked all of the pictures readers sent in, but I would have to say my favorite, simply on the score of most unusual, was the one taken at the veterinarian artificial insemination clinic at Stephen F Austin State University in Nacogdoches, Texas. The picture was taken with the mug in the foreground while an insemination procedure was underway in the background.  Yep, I didn’t expect that one.

 5.        What issues might you see from your perspective regarding D&O insurance regarding the FCPA going forward? 

Foreign Corrupt Practices Act and anti-bribery enforcement generally has been an area of concern in the D&O insurance arena for some time now. The issue is not the massive fines and penalties that companies get hit with, as those amounts typically are not covered by D&O insurance. The issue has more to do with the costs of investigation and defense, as well as the possibility of follow-on civil litigation.

There are a number of factors that will affect the extent to which coverage is available for investigative costs and defense expenses under a D&O insurance policy. Among other things, it will be important whether or not the company involved is a private company or a public company, as the types of policy form used for the two different kinds of companies provide significantly different entity coverage. Other issues that will affect the availability of coverage include the stage of the investigation; to the extent D&O insurance policies provide coverage for investigative costs at all, it is usually restricted to formal investigations. (Some modern forms now also provide coverage for individuals for pre-claim inquiries.) Another issue that will affect the availability of coverage for investigative costs is the identity of the investigative target. If the target is just the company itself, it will be more difficult to establish coverage for the investigative costs, as many policies restrict investigative cost coverage for the corporate entity.

Where the D&O Insurance can be a much more significant is if the FCPA enforcement action or investigation triggers a follow-on civil lawsuit. As I have noted frequently on my blog (most recently here), though there is no private right of action under the FCPA, it has become an increasingly common phenomenon after an FCPA investigation or enforcement action is disclosed for investors to file a lawsuit against the company’s officers and directors. These lawsuits typically take the form either of a securities class action lawsuit (an example of which is discussed here) or shareholders derivative lawsuits (as discussed here and here). These lawsuits are not always successful for the plaintiffs, yet the plaintiffs’ lawyers continue to pursue these kinds of claims.

These types of follow-on lawsuits represent the very kind of exposures for which companies purchase D&O insurance; at a minimum, the insurance permits the company and its executives to defend themselves from these kinds of claims. I expect these kinds of claims to be an increasingly significant part of the D&O claims environment for some time to come, particularly as anti-bribery regulatory and enforcement authorities outside of the U.S. step up their activities.



If you are interested in learning about mergers and acquisitions under the FCPA I am involved in to upcoming events designed to give you the most up-to-date advice on this area of compliance. Both events are sponsored by The Network. The first event is a webinar entitled appropriately enough, “Mergers and Acquisitions Under the FCPA” and is scheduled for  Tuesday, June 17th, 2014 TIME: 2:00 pm EDT. For registration and additional information click here. On Tuesday, June 24th the always popular Tom Fox/Stephen Martin roadshow travels to Denver where I will speak live on Merger and Acquisitions Under the FCPA and Stephen will talk about risk assessments under the FCPA. For information on the Denver event, click here


I am putting on a four part podcast series on the World Cup, detailing issues of bribery and corruption, together with an ongoing discussion of Team USA and this year’s tournament. I am joined by Mike Brown, the Managing Director of Infortal. You can check out Part I by clicking here of the series where we discuss bribery of referees in the lead up to the 2010 World Cup held in South Africa and FIFA’s response. Mike and I then review Team USA and it’s draw in Group g-the Group of Death. I hope that you will check out this series and enjoy it as much as Mike and I enjoy recording the episodes. Also remember, my podcast, the FCPA Compliance and Ethics Report is available for download at no charge on iTunes so you can listen to Part I on your commute to work. So sign up for the podcast from WordPress or iTunes and enjoy our series.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

February 11, 2013

Quadrophenia and Four Compliance Issues

This past weekend I saw the remaining members of The Who perform in their Quadrophenia Tour. While I had seen Roger Daltry perform the rock opera Tommy, I had never seen Pete Townsend in concert. To say I was blown away would be putting it mildly, especially as Quadrophenia does not even make it into my top three favorite Who albums, which are, in descending order, Who’s Next, Tommy and Live at Leeds. While Roger Daltry’s voice was not as strong as it was during his Tommy tour, not doubt due to the longer duration of this tour, it was still a great performance and it was worth it to see Pete Townsend. He can still rock. Also they ended the show with three songs from Who’s Next, which alone was worth the price of admission.

The story generally revolves around four themes based upon the four personalities of the members of the band; Daltry, Townsend, Keith Moon and John Entwhistle. However, it was also a play on (for those of you old enough to remember) quadrophonic sound. According to Pete Townsend, “”The whole conception of Quadrophenia was geared to quadraphonic, but in a creative sort of way. I mean I wanted themes to sort of emerge from corners. So you start to get the sense of the fourness being literally speaker for speaker.” So inspired by ‘fourness’ today, I will review four issues that have, or will, impact the compliance practitioner.

I.                   EU and Data Privacy

In an article in the Financial Times (FT), entitled “EU refuses to bend on tough data privacy law”, reporter James Fontanella-Khan wrote that Viviane Reding, the EU Commissioner for Justice, said that she will continue to fight any US attempts to water down its proposed data protection and privacy law, “which would force global technology companies to obey European standards across the globe.” Further, “Exempting non-EU countries from our data protection regulations is not on the table. It would mean applying a double standard.” Fontanella-Khan said that “US tech companies argue that it would be unfair for them to be subject to EU laws that are too stringent and could result in expensive administrative burdens and hefty fines for errant companies.” Can you think of any US laws that non-US companies have to comply with?

Issues for the compliance practitioner? There could be a myriad, from internal investigations, to sharing data with US regulators to ongoing monitoring and auditing. While it is currently US technology companies which are leading the fight against these new tough standards, non-tech companies could do well to assess how these changes may well impact them.

II.                Will DOJ Open FCPA Investigation Against EADS?

Perhaps not fully appreciating the irony in reporting the EADS story in the same issue as the above EU data privacy story, the FT also had an article by Carola Hoyos, entitled “FBI probe of EADS unit claims”, who reported that the Federal Bureau of Investigation (FBI) has interviewed “a witness and taken possession of documents in connection with allegations” that a British subsidiary of the European aerospace entity EADS, named GPT Special Management Systems, bribed Saudi Arabian military officials, in connection with business dealings. Hoyos reported that GPT “made ₤11.5 of unexplained payments – some via the US – to bank accounts in the Cayman Islands.”

Although there is no known open US Department of Justice (DOJ) investigation open into the EADS matter at this point, Hoyos noted that it was the DOJ which led the effort to investigate and eventually fine the UK company BAE, the amount of $400MM after the British government ordered the Serious Fraud Office (SFO) inquiry into allegations of BAE bribery for sales of equipment into Saudi Arabia “citing economic and diplomatic interests”. The FBI interviews occurred even though the SFO is currently investigating the matter. Hoyos also reported that EADS “maintained that its own investigations into the matter had yielded no evidence of wrongdoing.”

III.             Think Before You Hit That Send Button

In a post in his blog, the D&O Diary, entitled “Damning E-mails: Can We Talk?”, author Kevin LaCroix wrote that “revelations this past week arguably represent some type of high-water mark, as a cluster of serious allegations were accompanied by a trove of embarrassing excerpts from emails and instant messages. While the latest disclosures provide yet another reminder of the dangers associated with ill-considered use of modern electronic communications technology, they also raise questions about the use that regulators and claimants are attempting to make of the communications.” He was talking about the Commodities Futures Trading Commission’s press releases announcing RBS’s settlement this past week of charges of alleged Libor manipulation drew heavily on excerpts from the bank’s internal electronic communications. While noting that “emails do sometimes in fact evidence wrongdoing” the problem with them “is that when seemingly damning email excerpts are blasted into the media, it is very difficult to appreciate the larger context within which the excerpts fit.”

As much as he has distaste for the selective use of emails in this manner by regulators, LaCroix believes that they can provide a teachable moment. He writes that “a useful exercise to try to adopt is to pause and ask yourself, before hitting “send”, how the message would look if it were to fall into the hands of a hostile and aggressive adversary who was looking for ways to try to make you or your company look bad. Were this simple test to be more widely implemented, we would certainly see a marked reduction in, for example, running email jokes about the French maid’s outfit. My final thought is this – we all know that many electronic messages are written in haste and sometimes with insufficient care. With full awareness of this attribute of electronic communications, we should hesitate to jump to too many conclusions about the seemingly damaging inferences that could be drawn from email or instant message excerpts. But we should also learn from the inferences that regulators and claimants are trying to draw and try to take that into account in our own communications.” I could not have put it better myself.

IV.              Trust Your Gut and Raise Your Hand

There have recently been a plethora of articles about ‘big data’ and how it can help in the monitoring of a Foreign Corrupt Practices Act (FCPA) compliance program. I have been one of the folks to write and talk about it. However, in an article in the New York Times (NYT), entitled “Sure, Big Data is Great. But So Is Intuition”, reporter Steve Lohr wrote that while he thinks that big data is a powerful tool and an unstoppable tread it “might be a time for reflection, questions and qualms about this technology.” This is because, like all mathematical models, big data is “a simplification.” He quotes Thomas Davenport for the following. “A major part of managing Big Data projects, he says, is asking the right questions: How do you define the problem? What data do you need? Where does it come from? What are the assumptions behind the model that the data is fed into? How is the model different from reality?”

So the underlying basis for analyzing big data may actually be “too simple minded, rather than too smart.” All of this leads back to intuition. I would add that if the hair on the back of your neck stands up, your gut tells you something is wrong or something does not smell right, it probably isn’t right. The implications for the compliance practitioner? I would like to propose that the largest is in the area of training. What I try and tell non-compliance practitioners when I put on training is that if you see, smell or sense one of the above, just raise your hand. You do not have to know the ins and outs of the FCPA or know the answer but I do ask that you raise your hand and get the issue to a person who does have the expertise to analyze the issue.

If you have the chance to see The Who on their Quadrophenia Tour, all I can say is to drop whatever you are doing and go see it. I do not know if it will be your last chance to see Pete Townsend but when he winds up for one of those trademark windmill slams down the guitar strings, just close your eyes and listen. It is pure bliss and a quad of sensations for the ages.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

June 5, 2012

How to Influence FPCA Compliance as a Minority JV Partner

How does a company work towards achieving compliance with the Foreign Corrupt Practices Act (FCPA) in a Joint Venture (JV) or other business relationship where it holds less that 50% of the control? That question is often faced by US companies when they enter into a JV in many countries which require a majority of local ownership or even a 50-50 split in ownership. Some tactics that the compliance practitioner might employ were discussed in an article in the June issue of the Harvard Business Review, entitled, “The Perils of Partnering in Developing Markets”, in which Johns Hopkins (Hopkins) Medicine International Chief Executive Officer (CEO) Steven J. Thompson wrote about his company’s experience in partnering with a charity in Turkey to build and operate a “state-of-the-art medical facility.”

While not directly discussed in the article it is certainly worth noting that in partnering to create hospitals overseas, Hopkins is always dealing with the FCPA as health care services generally and hospitals particularly are run by the foreign government in which the hospital is located. However, the problems Hopkins encountered and some of the solutions provide excellent insight into compliance challenges that a company might well face when it moves into a developing market. Thompson began by noting that as a non-profit Hopkins always takes a minority interest or none at all. This requires Hopkins to operate not as typical JV or other type of partner but “more like consultants with a broad range of responsibility and high level of authority.” The other thing that I found quite interesting was that as a non-profit, the most important thing to Hopkins is its good name; in other words it is far more concerned about reputational damage than financial loss. Some of the key lessons learned were as follows.

Filling the Local Talent Gap

Even if the country’s laws do not require that local persons be the entity’s managers, most local partners insist upon it. Thompson has learned that fighting this “rarely pays out.” Instead Hopkins seeks to team its advisors with the local executives, so that the advisors will have the ability to influence both “process and culture.” Overtime, Hopkins has found that the top local managers cannot push as hard or as strongly for innovation and culture change so that the Hopkins team can begin to take over the top management functions.

A key component for long term success is training. This includes local training in all aspects of hospital management and financial operations. Additionally, Hopkins establishes a strong recruiting pipeline for bringing back to Baltimore, the home of Hopkins, so that they can be trained at and see how the facilities are run in the US.

When Best Practices Collide with Culture

In most medical treatment outside the US, the culture is such that a Doctors judgment is never questioned. This is quite different from the Hopkins experience in the US, where other providers of health care are empowered to challenge the decisions of senior physicians where a patient’s health may be at risk. The Hopkins approach when “confronted with a culture clash is to determine whether we really need to challenge the culture.” With this approach, Hopkins found that it could accomplish its goals, “within the cultural constraints” in which it operated. When it could not do so, it “seeded the staff with professionals who could lead by example” so that in the case of the culture of deference to Doctors whose authority was not challenged, senior nurses were brought in from countries where such a tradition did not exist. Once others saw that patient outcomes were steadily improved, “they began to come around and the culture of deference receded.”

Mitigating Risk

In many ways, I found the Hopkins experience in mitigating risk to be the most interesting. Here Thompson said that the pre-agreement due diligence process, which he termed “choosing the right partner and learning to read the signs from up-front negotiations are critical”, were two of the most critical factors. He identified factors such as foreign institutions which only desired short-term profit or were trying to capitalize on the Hopkins name as “anathema to success.” He wrote that these factors can be ascertained through long conversations with potential partners about goals such as sustainable quality and commitment rather than on financial returns alone. Mimicking the requirements under the US Department of Justice’s (DOJ’s) minimum best practices compliance program, Hopkins requires strong contract language regarding the commitments made by any foreign partner. Lastly, if a relationship begins to sour or otherwise have problems, Hopkins is not afraid to rethink its position or even end the relationship after appropriate consideration. To help facilitate this from the legal perspective, Hopkins requires a “termination for convenience clause” in its contracts.

Project Checklist

Another interesting aspect of the Hopkins approach was in the implicit use of risk assessment. Thompson included the below chart to illustrate “How Johns Hopkins Sizes Up International Risk”. I found that these concepts speak to an on-going approach to risk assessment so that the process is continuous and therefore allows for continuous improvement.

Evaluating the Opportunity

Getting up to Speed

Operating Over Time

Assess the potential partner’s willingness to commit resources. Engage experts to hire key personnel and to design processes. Stabilize processes and create feedback loops.
Assess regional constraints. Establish training and mentoring programs for local managers and professionals. Transfer more responsibilities to local managers.
Work with your local partner on a project plan and a business plan. Set up clinical, operations and financial performance metrics. Establish local education and recruitment pipelines.
Ensure that your local partner has a clear understanding of, and realistic expectations for the project. Establish quality, safety and efficiency processes. Establish regional marketing programs.
Set up a time for accreditation. Consider new initiatives and expansion.

If Trouble Arises

Thompson concluded is article with a list of action items that you can perform if there are signs of trouble. So, following McNulty’s Maxim No. 3 of “What did you do to remedy it?”, I list the following actions steps your company can take at three different stages of a JV relationship.

1. In the Evaluation Phase

  • If your concerns are modest, propose a smaller, several months-long pilot consulting project.
  • If your concerns are serious, you would walk away from the deal.

2. In the Start-Up Phase

  • Engage experts to hire the Key JV personnel and to design the appropriate processes.
  • Increase the number of ex-pat professionals involved in the JV.
  • Expand your support to local managers.
  • If warranted, revise strategic plans and consider replacing the onsite management.
  • If severe problems arise, consider scaling back or terminating the JV

3. As the Relationship Matures

  • Strengthen your training and mentorship.
  • Bring in subject matter experts (SMEs) to help solve defined problems.
  • Retool processes that may be falling short.
  • If required, reinstate key managers from your corporate headquarters or home office.
  • Freeze or reduce the scope of the JV’s activities until problems are solved.
  • Set up problems solving forums with partners in other countries.

Many US companies have struggled with how influence partners to comply with the FCPA in JV relationships. The Hopkins experience has some excellent steps that your company can take in the pre-formation stage, during contract negotiation, in post-execution contract management and then as the relationship matures. The process that Hopkins follows is one that clearly allows you to use influence, rather than the brute force of the majority right of control. It is a very good road map for you to consider and one that management should take a close look at when managing any overseas relationship.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

September 28, 2011

The Baseball Playoffs Are About to Begin as the Markets Begin to Drive Compliance

Can you name the three teams who started out the baseball season 0-6? It was the Boston Red Sox, the Tampa Bay Rays and the Houston Astros. Now for extra credit can you name the two of three still playing today for a playoff berth? (Spoiler Alert: It is not the Astros). As baseball ends its 162 game season and with the playoffs just around the corner I thought this would be a good lead in to what may be one of the most significant changes in the calculus for compliance that has occurred over the past several years.

Representatives of the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have been speaking now for several years on why companies should implement or enhance their compliance programs in order to follow the requirements of the Foreign Corrupt Practices Act (FCPA) to avoid prosecution. For at least the past year this tone has changed into something similar to what Greg Andres said at the House Judiciary Committee hearing in June, that companies should not engage in bribery at all. (Just say no?)

Up until now, there is always one business person at a conference who says something along the lines of “Why should I spend $200,000 to $500,000 to implement a FCPA compliance solution when the chances of getting caught and sanctioned are quite low?” My immediate response is “Remember the Ford Pinto?” Recognizing there will always be the Neanderthal approach to compliance the usual compliance discussion is “what do I have to do to follow the law?” However, that discussion may well become “what do I have to continue to operate my company and transact business” all within the compliance context. I have recently seen this change in three areas: the integration of compliance into overall risk management and business financing.


Banks which provide traditional financing are now requesting and reviewing company compliance programs before providing financing. I was recently involved in a project where a company was completing a “straight forward” purchase of another entity. All members of the consortium of lenders requested and reviewed the purchasing entity’s compliance program as part of their due diligence before lending the money. However, this requirement by financing institutions is not simply limited to the financing of purchases, take-overs or other means of acquisitions. It also includes regular re-financing of entities. The existence and maintenance of robust compliance programs, whether FCPA; UK Bribery Act compliant  or based upon some other jurisdiction’s legal requirements, is now being written into the covenants required in financing or re-financing.


Many have written about insurance for FCPA claims. For instance, the D&O E&O Monitor wrote about a product by the insurer Chartis which will provide insurance to a company to cover FCPA claims. This is certainly a type of insurance that companies should consider for their risk management portfolio, even if such coverage is limited to investigative costs only. One of the keys to obtaining such coverage is that the insurer must review a company’s compliance program. No compliance program (or substandard program) and the insurer will not provide the coverage. Additionally standard Directors and Officers insurance coverage may not apply if the Directors have not followed their responsibilities under the US Sentencing Guidelines or the various Deferred Prosecution Agreements which, over the past year, have set the standards for FCPA compliance best practices.

What does all of this mean? It means that FCPA compliance may have now moved from enforcement driven to market driven. This means that your company may not be able to access its value, through capital or financial markets, if it does not have a minimum best practices compliance program in place. How do you think that Chief Executive Officer (CEO), who will not allocate resources for a best practices compliance program, is going to feel when he cannot get financing to do a transaction; cannot refinance; or offload some risk via insurance? He may feel like a soon-to-be ex-CEO.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Blog at WordPress.com.