DPAs and NPAs – Powerful Tools in the Fight Against Corruption

As readers of this blog know the FCPA Professor and I usually look at the same Foreign Corrupt Practices Act (FCPA) enforcement action, item or remark and see different things. Sometimes we even hear the same thing and come away with different interpretations. Last week, we experienced yet another instance of the former where we both looked at the same article, that being one in Global Investigations Review entitled “Caldwell: settlement a “more powerful tool” than convictions” by Rahul Rose, yet came away with different interpretations. After some to-ing and fro-ing, we decided that we would both post our interpretations on the same day. So with a nod to Dan Fogelberg and Tim Weisberg, today we have the first twin posts from different bloggers dual- blog posts. Since we agreed to write our respective posts without seeing the other’s post and hence could not comment on each other’s post, I urge that after you finish reading my blog today, you click on over to the FCPA Professor’s site and see what his thoughts on Caldwell’s remarks might be.

The specific remarks we want to focus on were apparently made by during the Q&A session of Assistant Attorney General Leslie R. Caldwell who spoke at the Launch of the Organization for Economic Co-operation and Development Foreign Bribery Report, note these remarks were not found in the printed remarks of the speech on the Department of Justice (DOJ) website. In her Q&A, Rose reported the following, “Caldwell told the audience in Paris: “Companies cannot be sent to jail, so all a court can do is say you will pay ‘x’. We can say: ‘you will also have a monitor and will do all sorts of other things for the next five years, and if you don’t do them for the next five years then you can still be prosecuted’.” [And for the money shot] “In the United States system at least it is a more powerful tool than actually going to trial,” she said.”

It turns out that I have been thinking along these lines as well. The debate over the usefulness of Deferred Prosecution Agreement (DPAs) and Non-Prosecution Agreements (NPAs) has been long attended. Yet there are a couple of key reasons that DPAs and NPAs are such powerful tools in the fight against anti-corruption and anti-bribery which I do not believe have been fully articulated or explored. The first is that by settling, the DOJ (and Securities and Exchange Commission [SEC]) will have the ability to monitor the company going forward. This process began under the practice of formally appointing a corporate monitor nominated by the company in the throes of the enforcement action and who would be agreed to by the DOJ. This practice is generally referred to as a company having mandatory monitor.

While this specific practice received a fair amount of criticism from a variety of sources, the basic concept was sound. That concept was that a neutral third party would review a company’s compliance with the terms and conditions of a DPA or NPA and report to the DOJ at intervals generally no shorter than annually. This would give the DOJ eyes and ears into a company to oversee its adherence to the terms of the settlement. But what information did Caldwell convey in her statement as to why she thinks settlements are such a powerful tool? I read three pieces of information her statement about why FCPA settlements are such powerful tools.

‘Do All Sorts of Other Things’

Under this prong a settling defendant is required to do “all sorts of other things.” We know from the DPAs and NPAs relating to FCPA enforcement over the past several years, the minimum that a company will be required to institute is a best practices anti-corruption compliance program. While the FCPA Guidance specifies ten hallmarks of an effective compliance program, the DPAs and NPAs have had between 9 to 16 items listed in the best practices anti-corruption compliance programs that settling companies’ have agreed to institute. If the DOJ went to trial and secured a conviction the company would not have to put such a compliance program in place but only pay a fine or some other monetary penalty. Further, by requiring such a best practices anti-corruption compliance program in such a public manner, through a publicly filed DPA or NPA, the DOJ can communicate its current thinking on what it believes constitutes such a program. This provides valuable information to the compliance practitioner going forward and I believe completely disabuses the argument that companies cannot know what their obligations might be to comply with the FCPA or that companies do not know what the DOJ expects from them in the area of a FCPA compliance regime.

‘You will also have a monitor’

David E. Matyas and Lynn Shapiro Snyder
from the law firm of Epstein Becker & Green P.C., described the duties of a corporate monitor in their article entitled, “Monitoring the Monitor? The Need for Further Guidance Governing Corporate Monitors Under Pre-Trial Diversion Agreements”. The monitor would meet with “the company’s board and employees. A monitor then develops a work plan which defines the scope, access, and power the monitor will have over the company. The monitor’s work involves frequent visits to the company (including possible on-site accommodations) and broad access to company documents and meetings. The monitor should be knowledgeable about the regulatory aspects of the company’s operations, but that is not necessarily a criterion for selection of the monitor. Indeed, a monitor can hire others to assist in his or her responsibilities at the company’s expense. The monitor files periodic reports with the U.S. Attorney’s Office and makes visits with that office as well as with the company. At the conclusion of a monitor’s term – often 24-36 months – the monitor files a final report that details the activities accomplished and whether the company complied with all the terms of the agreement.”

So the monitor provides the DOJ with continued insight into what the company is doing to satisfy its settlement obligations around the implementation of its compliance program. If the DOJ has high confidence that the company has and will continue to put significant resources and efforts into its compliance program, it may agree to a voluntary monitor, as we have seen with the Parker Drilling and Hewlett-Packard (HP) DPAs. If the DOJ does not have such confidence, it may require a monitor for the length of the DPA, such as we saw in the Total DPA, which was three years. The DOJ may also take an interim position on the mandatory or voluntary nature of the monitor by allowing a company to end a mandatory monitorship half-way through the pendency of a DPA as it did with the Weatherford DPA, which allowed the mandatory monitorship to end at the 18 month mark of a three year DPA, if certain criteria were met.

‘You can still be prosecuted’ 

This final point is not to be underestimated. Once again if a company is found guilty at trial, a fine and/or penalty will be assessed and payment is the end of it. While it still may be under enhanced scrutiny, it will not have the affirmative obligation to report any FCPA violations going forward, nor will it bear potential liability and prosecution for failure to implement the terms and conditions of the DPA or NPA. Indeed, the company will agree to be prosecuted if there is another violation or it fails to implement as agreed to.

So by using DPAs and NPAs as settlement tools, I believe that the DOJ is able to impact on an ongoing basis, for two to three years, the compliance program of a settling company. This continued oversight usually translates into greater enthusiasm by a settling company to get compliance right so that it does not have to go through the full FCPA investigation and enforcement process. Of course there will always be recalcitrant companies such as Marubeni Corporation, which do not take the agreed to compliance obligations seriously going forward. When they get into trouble as recidivists, the second penalty is usually much higher. But there is also benefit to the compliance practitioner and greater compliance community because the DOJ communicates its expectations in these DPAs and NPAs. So they also work as powerful communication tools. Finally, by requiring a third party to act as the monitor, whether voluntary or mandatory, the DOJ can get some independent insight into what a company is doing compliance-wise.

Not knowing what the Professor has said, I have not tried to anticipate his arguments or rebut them directly. Nonetheless, I have tried to articulate why I agree with Ms. Caldwell’s remarks and why I continue to find the DOJ’s use of DPAs and NPAs as settlement tools a powerful weapon in the fight against bribery and corruption. I also hope that you will find favor with this exercise that the FCPA Professor and I have engaged in because we both believe that ongoing debate over FCPA enforcement is worthwhile for the compliance practitioner and necessary for the long-term success of compliance moving forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Critiquing FCPA Enforcement and the GSK Domestic Corruption Conviction

Recently the FCPA Professor posted a blog, entitled “Look in the Mirror Moments”, in which he used written commentary by the US Secretary of the Treasury to the Chinese government about the Chinese governments anti-trust investigations as a mechanism to explore critiques of Foreign Corrupt Practices Act (FCPA) enforcement. In this post, he compared certain aspects of FCPA enforcement to the Chinese corruption enforcement action against GlaxoSmithKline PLC (GSK). Leaving aside the differences in anti-trust enforcement (price-fixing, monopolistic behavior and illegal collusion) and anti-corruption enforcement (bribery), I wanted to review his critiques through the prism of the known facts of the GSK enforcement action.

The FCPA Professor had the following comments about FCPA enforcement, in comparison with the Chinese corruption enforcement action against GSK. He said,

“Without in any way trying to comprehensively compare the overall U.S. legal system to the overall Chinese legal system, the following attributes of FCPA enforcement must at least be acknowledged. 

The vast majority of corporate FCPA enforcement actions lack transparency and the resolution documents (whether a non-prosecution agreement, deferred prosecution agreement or civil administrative order) are the result of an opaque process ultimately controlled by the same office prosecuting or bringing the action. 

As to the swiftness of FCPA enforcement actions, one can only assume that the majority of general counsels and board of directors of companies under FCPA scrutiny would be jumping for joy if the scrutiny – from start to finish – would resolve itself in 15 months rather than the typical 3-5 years (and in some instances more) of FCPA scrutiny lingering.”

The difficulty I have with both of these points is that one cannot separate the Chinese enforcement action against GSK from the Chinese legal system that produced it. Let’s start with the ‘jumping for joy’ prong. The initial difference to note is that the Chinese enforcement action was a domestic prosecution based upon Chinese domestic law for bribery and corruption of Chinese. It was not a US (or UK) company violating US (or UK) laws. This means that the relevant documents and witness were in the locality where the investigation was performed. Even when a key witness, GSK China Country Manager Mark Reilly was in the UK, he voluntarily returned to China to give evidence but was prevented from leaving the country without being charged with a crime. So as far as is known, there were no government-to-government requests for information, no Letters Rogatory or use of any other international discovery mechanism to obtain evidence.

Moreover, the procedural protections in place under US (and UK) criminal procedure simply do not exist in China. There is no right to counsel, no right against self-incrimination, no right to confront witness and not even a right to know what the charges against you might be. These lack of rights were certainly borne out in the speed in which the Chinese investigative authorities were able to obtain evidence and public confessions from GSK principals involved in the bribery and corruption. The first 30-day timeline of the GSK investigation went as follows:

• June 28, 2013 – Local Police announced they have place GSK officials under investigation for economic crimes.
• July 11, 2013 – Public Security Ministry issued statement accusing GSK of bribery.
• July 15 , 2013 – Four senior company execs ‘detained’. Finance chief barred from leaving country.
• July 16, 2013 – GSK General Counsel (GC) placed under ‘house arrest’ along with 30 other employees. One of the four GSK China executives who were detained, admited to bribery allegations on Chinese state television.
• July 22, 2013 – GSK formally apologized for breaking Chinese law regarding domestic bribery and corruption.
• July 26, 2013 – Peter Humphrey, a UK citizen and his wife, a naturalized US citizen, both hired by GSK in an ancillary matter related to the GSK corruption scandal were arrested but not told of the charges against them.

A little over one year later, in July, 2014 the trial of Humphrey and his wife was announced. Orignially it was to be held in secret with both Humphrey and his wife still not told of the formal charges against them. However after diplomatic protests by both the US and UK governments, Humphrey and his wife were both convicted and sentenced in an open trial, albeit lasting only one day, on August 8, 2014. The charges against them were announced at trial. Thereafter, GSK pled guilty in a secret one-day trial GSK was fined approximately $491MM and China Country Manager Mark Reilly and four other GSK China business unit executives were found gulity. They were all sentenced to jail but given suspended sentences.

How did the Chinese government develop its evidence so quickly? One of the defendant’s, admitted, on state run televison, his involvement in the bribery scheme only 18 days after the investigation was announced by Chinese authorities. Indeed, GSK itself made a public apology only 24 days after the announcement by the Chinese authorities it was under investigation. We now know that GSK was informed by a whistleblower of allegations of bribery and corruption as early as January 2013 yet in June GSK announced it had not found anything to substantiate these allegations.

I believe the answer is found in the differences in the Chinese and US legal systems. It all starts with the following: in China you are presumed guilty while in the US (and the UK), you are presumed innocent until proven guilty. In an article in the New York Times (NYT), entitled “Presumed Guilty in China’s War on Corruption”, Andrew Jacobs and Chris Buckley wrote that the “war on corruption often operates beyond the law in a secret realm of party-run agencies”. The process “Known as Shuanggui, it is a secretive, extralegal process that leaves detainees cutoff from lawyers, associates and relatives.” Moreover, even as a case moves through the Chinese criminal justice system, defendants’ counsel “have limited access to evidence, witnesses, and their clients.” It does not get any better when a defendant actually goes to court because “Lawyers say Chinese courts rarely allow them to call defense witnesses, while prosecutors frequently withhold cruical evidence.” Finally, of the 8,110 officials charged with corruption “in the first half of this year, 99.8 percent were convicted”. To this rather amazing trial court conviction rate, I would add the the prosecution does even better on appeal, never losing to a convicted defendant.

Does that sound like a system in which you would jump for joy if you were caught up in, even knowing that the time from announcment of investigation until 99.8% chance of conviction awaited you? Even if the government investigation only took 14 months? In the US, corporations have the same rights as individuals at trial; to cross-examine witness, to be made aware of the charges against it, those charges must be brought with specficity, right to counsel, right to an open trial and right to appeal. These rights are all enshrined in the US Constitution. Those rights are not present for individuals or corporations under Chinese law or jurisprudence.

But the FCPA Professor also critiqued the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) in FCPA enforcements with the following observation: The vast majority of corporate FCPA enforcement actions lack transparency and the resolution documents (whether a non-prosecution agreement, deferred prosecution agreement or civil administrative order) are the result of an opaque process ultimately controlled by the same office prosecuting or bringing the action.When a company enters into negotiation with the DOJ and SEC it is with legal counsel in tow. Even if we in the general public are not privy to these negotiations over the terms and conditions of enforcement actions I am confident that there is some give and take. Further, while I only have personal knowledge of one negotiation for the specific terms of a Deferred Prosecution Agreement (DPA), the lawyer representing the company made clear it was a negotiation. It was not a Diktat with sentencing simply pronounced by the DOJ. Does the office which handles the investigation also handle the settlement negotiation? Yes but that is what prosecutors do each and every day in every city, county, town, hamlet, state and federal jurisdiction in this country.

Just as it takes two to tango, it takes two to negotiate. The DOJ does not negotiate with itself. Another party is sitting across the table and that other party is the company involved in the FCPA investigation. Why is that company there in the room negotiating? Because the company has assessed its interest and determined that it would be better off settling than going to trial. This is in the face of DOJ failures in the trial court in the Gun Sting cases, the O’Shea trial and the trial court overturning the verdict in the Lindsey Manufacturing conviction. Simply because there is a negotiation between the DOJ and a private party does not make it some nefarious process, even if the prosecutors hold the upper hand.

As far as the fines and penalites, there has been nothing to suggest the basis of the $491MM fine assessed against GSK. That amount is a bit less than the amounts initially reported that GSK China paid out as bribes, somewhere over $500MM. At least in the US, there are the Sentence Guidelines which form some basis of the calculation. Of course there is always some prosecutorial discretion to lessen a fine or penalty below the suggested amount. We have seen that occur this year with the HP enforcement action and recently Asst. Attorney General Leslie Caldwell suggested that Alcoa could have been fined over $1bn for its conduct, while the actual fine was $384MM. It is appropriate for prosecutors to have such discretion.

While the DOJ is also critiqued that DPAs (and Non-Prosecution Agreement [NPAs]) are essentially the same as going to trial with a near 100% success rate, I think this belies the number of declinations that the DOJs gives out. Unfortunately (and here the FCPA Professor and I do agree); there is not enough information given out about declinations; either regarding the raw numbers or the specific reasons for a declination. Only if a company agrees or is required to make such information public does it become known. Nevertheless, there is the recent example of Layne Christensen, which received a declination. In an article in Compliance Week, entitled “How Two Companies Got Regulators to Drop FCPA Charges”, Jaclyn Jaeger reported on the reasons the company sustained this result of receiving a declination through interviews with Christensen GC, Steve Crooke, its Chief Compliance Officer (CCO), Jennafer Watson and its outside counsel Russ Berland. Jaeger detailed the specific steps the company took and we can all see the effect it had upon the DOJ, through the declination to prosecute the company.

The debate about the costs of FCPA enforcement actions, the proper role of DPAs/NPAs and length of time of investigations is a healthy one and living in the open society that we have in the US, one that we will continue to have. Since I am not a prosecutor (or ex-prosecutor), I cannot look in the mirror at FCPA enforcement but I can review the facts of the DOJ and SEC’s FCPA enforcement, contrasted with the Chinese domestic bribery and corruption proseuction of GSK and believe that there is no basis for comparing the two systems, as they are so different in too many fundamental aspects.

I can however say one thing with absolute certainly; wherever you do want to be, a Chinese jail is not high on the list.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Internal Controls for Third Party Representatives in a FCPA Compliance Program

This week, I am continuing my podcast series, on the FCPA Compliance and Ethics Report, on internal controls in best practices anti-corruption compliance program, under the Foreign Corrupt Practices (FCPA), UK Bribery Act or other anti-bribery legislation. In this series, I am visiting with Henry Mixon, a top notch internal controls expert, to help explain what internal controls might be needed, how to assess the need and then how to implement the needed internal controls. This week I am running a two-part episode of the internal controls related to the management of third party representatives.

Mixon suggested that a compliance practitioner should perform an analysis of any third party representative to provide insight into the pattern of dealings with such third parties and, therefore, the areas where additional controls should be considered. He listed some basic internal controls that should be a part of any financial controls system. The general internal controls, which might be appropriate, could be some or all of the following:

• A control to correlate the approval of payments made to contracts with third party representatives and your company’s internal system for processing invoices.
• A control to monitor all situations in which funds can be sent outside the US, in whatever form your company might use, which could include accounts payable computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances or other forms.
• A control for the approval of sales discounts to distributors.
• A control for the approval of accounts receivable write-offs.
• A control for the granting of credit terms to third parties or customers outside the US.
• A control for agreements for re-purchase of inventory sold to third parties or customers.
• A control for opening of bank accounts specifically including accounts opened at request of an agent or a customer.
• A control for the movement / disposal of inventory.
• A control for the movement / disposal of movable fixed assets.
• Execution and modification of contracts and agreements outside the US.

Mixon also noted that in addition to the above there should also be internal control needs based on activities with third party representatives. These could include some or all of the following internal controls

• A control for the structure and enforcement of the Delegation of Authority.
• A control for the maintenance of the vendor master file.
• A control around expense reports received from third parties.
• A control for gifts, entertainment and business courtesy expenditures by third party representatives.
• Charitable donations.

• All cash / currency, inventory, fixed asset transactions, and contract execution in countries outside the US where the country manager has final authority.
• Any other activity for which there is a defined corporate policy relating to FCPA.

While that may appear to be an overly exhaustive list, Mixon indicated that he believed there were four significant controls that he would suggest the compliance practitioner implement initially. He listed: (1) Delegation of Authority (DOA); (2) Maintenance of the vendor master file; (3) Contracts with third parties; and (4) Movement of cash / currency.

Mixon noted that a DOA should reflect the impact of FCPA risk including both transactions and geographic location so that a higher level of approval for matters involving third parties and for fund transfers and invoice payments to countries outside the US would be required inside an organization. He did concede that quite often the DOA is prepared without much thought given to FCPA risks. Unfortunately once a DOA is prepared it is not used again until it is time to update for personnel changes. Moreover, it is often not available, not kept current, and/or did not define authority in a way even the approvers could understand it. Therefore it is incumbent that the DOA be integrated into a company’s accounts payable (AP) processing system in a manner that ensures all high-risk vendor invoices receive the proper visibility. To achieve this you should identify the vendors within the vendor master file so payments are flagged for the appropriate approval BEFORE they are paid.

Furthermore if a DOA is properly prepared and enforced, it can be a powerful preventive tool for FCPA compliance. To support this Mixon used the following example: A wire transfer of $X between company bank accounts in the US might require approval by the Finance Manager at the initiating location and one officer. However, a wire transfer of $X to the company’s bank account in Nigeria, could require approval by the Finance Manager, a knowledgeable person in the Compliance function, and one officer. In this situation, the DOA should specify who must give the final approval for engaging third parties. Moreover, the DOA should address replenishment of petty cash funds in countries outside the US, as well as approval of expense reports for employees who work outside the US (including those who travel from the US to work outside the US).

I then asked Mixon about the vendor master file, which he believes can be one of the most powerful PREVENTIVE control tools largely because payments to fictitious vendors are one of the most common occupational frauds. The vendor master file should be structured so that each vendor can be identified not only by risk level but also by the date on which the vetting was completed and the vendor received final approval. There should be electronic controls in place to block payments to any vendor for which vetting has not been approved. Next manual controls are needed over the submission, approval, and input of changes to the vendor master file. These controls include verification that all vendors have been approved before their information (and the vendor approval date) is input into the vendor master. Finally, manual controls are also needed when “one time” vendors are requested, when a vendor name and/or vendor payment information changes are submitted.

Near and dear to my heart as a lawyer, Mixon also indicated that contracts with third parties can be a very effective internal control which works to prevent nefarious conduct rather than simply as a detect control. He cautioned that for contracts to provide effective internal controls, relevant terms of those contracts (commission rate, whether business expenses can be reimbursed, use of subagents, etc.,) should be extracted and available to those who process and approve vendor invoices. If there are nonconforming service descriptions, commission rates, etc., present in a contract such terms must be approved not only by the original approver but also by the person so delegated in the DOA Unfortunately contracts are not typically integrated into the internal control system. They are left off to the side on their own, usually gathering dust in the legal department file room.

Mixon said that the Hewlett-Packard (HP) FCPA enforcement action was an excellent example of the lack of internal control over the disbursements of funds and movement of currency because you had the country manager delivering bags of cash to a Polish government official to obtain or retain business. Mixon believes that all situations where funds can be sent outside the US (AP computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances, etc.,) should be reviewed from a FCPA risk standpoint. He went on to say that within a given company structure you need to identify the ways in which a country manager (or a sales manager, etc.,) could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system.

To prevent these types of activities internal controls need to be in place. Mixon presented the following example of how this could be managed: All wire transfers outside the US should have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA and wire transfer requests going out of the US should always require dual approvals. Lastly, wire transfer requests going outside the US should be required to include a description of proper business purpose.

Mixon continues to emphasize that internal controls are really just good financial controls. The internal controls that he detailed for third party representatives in the FCPA context will help to detect fraud, which could well lead to bribery and corruption.

You can listen to my podcast with Henry Mixon on internal controls for third parties in a FCPA compliance program, part I by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Mid-Year FCPA Report, Part I

As we are now past the halfway mark of 2014, I thought it might be a good time to look at the year in review, so over the next couple of days, I will be reviewing what I believe to be some issues and developments to the Foreign Corrupt Practices (FCPA) world. In this Part I, I will look at an enforcement action which brought a company to No. 5 on the list of highest FCPA settlements, to a company which seemingly came back from the edge of very bad FCPA conduct and finally some individual prosecutions and one interesting settlement in a SEC action against individuals. 

Alcoa

In one of the more long-running international bribery and corruption sagas, Alcoa Inc. settled a FCPA action by having one of its subsidiary’s plead guilty to bribing officials in Bahrain to win contracts to supply the raw materials for aluminum to Aluminum Bahrain BCS or Alba. As reported by the FCPA Professor, “Alcoa entities agreed to pay approximately $384 million to resolve alleged FCPA scrutiny (a criminal fine of $209 million and an administrative forfeiture of $14 million to resolve the DOJ enforcement action and $175 million in disgorgement to resolve the SEC enforcement action – of which $14 million will be satisfied by the payment of the forfeiture in the criminal action).” Alcoa now sits as No 5 on the list of all-time FCPA settlements and has the distinction of paying the largest disgorgement.

Payments were made through shell corporations, agents and distributors. As reported in the Wall Street Journal (WSJ), in an article entitled “Alcoa Snared in Bahrain Bribery Case”, although one of its subsidiaries, Alcoa World Aluminum, pled guilty to violating the FCPA, its parent Alcoa issues a statement that “neither the Department of Justice nor the SEC alleged or found that anyone at Alcoa “knowingly engaged in the conduct at issue.”” According to the WSJ article, the bribery scheme had been in place since at least 1989. Further, at least one in-house counsel had raised concerns in 1997 that the contracts around the bribery scheme when she wrote in an email to Alcoa’s corporate headquarters stating “The contract looks odd. Are these factors OK from an anti-trust and FCPA perspective?” I guess sometimes actual knowledge is really not actual knowledge.

Hewlett-Packard (HP)

In what can only be described as one of the most stunning failures of internal controls to be seen in the annuls of FCPA enforcement actions, HP resolved a matter through a guilty plea, a Deferred Prosecution Agreement (DPA) and a Non-Prosecution Agreement (NPA), for three separate bribery schemes in three countries. For a deal in Russia, HP paid a one-man agent approximately $10MM, which was simply a conduit to pay bribes. In Poland, HP’s Country Manager literally carried bags of cash in the amount of $600K to a Polish government representative for contracts. Finally, in HP’s Mexico subsidiary, according the to the Securities and Exchange Commission (SEC) Press Release, HP “paid a consultant to help the company win a public IT contract worth approximately $6 million. At least $125,000 was funneled to a government official at the state-owned petroleum company with whom the consultant had connections. Although the consultant was not an approved deal partner and had not been subjected to the due diligence required under company policy, HP Mexico sales managers used a pass-through entity to pay inflated commissions to the consultant.”

As noted by Mike Volkov, “In total the three HP entities paid $76 million in criminal penalties and forfeitures. In a related filing, the SEC and HP entered into a civil settlement under which HP agreed to pay $31 million in disgorgement, prejudgment interest, and civil penalties.”

The enforcement action is also notable for two other factors. The first is that HP did not self-disclose the conduct even after German authorities raided the company’s Germany subsidiary’s offices in connection with the Russia transaction. HP seemingly made a dramatic comeback in the eyes of the Department of Justice (DOJ), which leads to the second point of note. That involved the overall penalty assessed against HP. What are we to make of the criminal fines levied against the Russian and Polish subsidiaries of HP? The US Sentencing Guidelines for the Polish subsidiary suggested a fine range of $19MM to $38MM, yet the final fine was $15MM. The US Sentencing Guidelines for HP’s Russian subsidiary suggested a fine range of $87MM to $174MM, yet the final fine was $58MM.

What does it all mean? It would seem that a company could come back from the brink of very bad facts and no self-disclosure. How did HP do it? The resolution documents only reference HP’s ‘extraordinary cooperation’ and installation of a best practices compliance program. My hope is that HP will publicize the steps it took so that the rest of us might learn how they accomplished the results they received.

Individual Indictments, Arrests and Settlements

As reported in the FCPA Blog, there were a number of individuals who fell under FCPA criminal scrutiny in the first half of 2014.

PetroTiger

Joseph Sigelman, the former co-CEO of PetroTiger Ltd., was charged with conspiracy to violate the FCPA and to commit wire fraud, conspiracy to launder money, and substantive FCPA and money laundering offenses. He is accused of bribing an official at Ecopetrol SA, Colombia’s state-controlled oil company, and defrauding PetroTiger by taking kickbacks. As reported by Joel Schectman in the WSJ, two other PetroTiger executives, Sigelman’s co-CEO, Knut Hammarskjold and the company’s former General Counsel (GC), Gregory Weisman, have already pled guilty to the charges.

It is alleged that Sigelman bribed an official in Colombia to help win an oil contract worth $39 million and of seeking kickback payments during the acquisition of another company, in exchange for a better price. Most interestingly, even after the company conducted an internal investigation, which uncovered the conduct and self-disclosed its findings to the DOJ, Sigelman has said he will go to trial and contest the charges.

Firtash and His Associates

In what may be an early preview of the corrupt doings of the old guard in Ukraine, there were a number of individuals arrested or indicted in connection with an alleged scheme to pay $18.5 million in bribes to officials in India to gain titanium mining rights. They include team leader, Dmitry Firtash, a Ukrainian national, who was arrested in Vienna, Austria, March 12, 2014, and the following were indicated with Firtash and charged with conspiracy to violate the FCPA, and who are still at large: Andras Knopp, a Hungarian businessman,; Suren Gevorgyan a Ukrainian national,; Gajendra Lal, an Indian national and permanent resident of the US; Periyasamy Sunderalingam, a Sri Lankan. K.V.P. Ramachandra Rao, a member of parliament in India and former official of the state of Andhra Pradesh, has been charged along with the other five defendants with one count each of a racketeering conspiracy and a money laundering conspiracy, and two counts of interstate travel in aid of racketeering. Although he was not charged under the FCPA, the DOJ has asked India to arrest him.

Direct Access Partners

Continuing the investigation into the first investment bank, Direct Access Partners LLC (DAP), to be charged with FCPA violations, there were two more individuals charged, in addition to the four from 2013 who all pled guilty. Benito Chinea, former CEO of DAP, was charged in federal court in New York for bribery involving Venezuela’s state bank and Joseph Demeneses, a former managing director, was also charged in the 15-count indictment of paying kickbacks to a vice President of the Venezuelan Nation Bank BANDES, in exchange for the bank’s bond-trading business.

Noble Energy Executives

While it is not entirely clear if these cases belong in the first half or second half of the their, the Securities and Exchange Commission (SEC) rather unceremoniously dropped its enforcement action against one former and one current Noble Energy executives. The SEC had claimed that former Noble Corporation CEO Mark A. Jackson along with James J. Ruehlen, had bribed customs officials to process false paperwork purporting to show the export and re-import of oil rigs, when in fact the rigs never moved. These actions led to allegations that Jackson and Ruehlen directly violated the anti-bribery provisions, internal controls and false records provisions relating to the FCPA. For all of these claims the SEC sought injunctive relief and monetary damages.

But as reported in the FCPA Blog, “A docket entry from July 1 for the U.S. federal district court in Houston said all deadlines in the SEC’s civil FCPA enforcement action against two former Noble executives have been vacated “pending final settlement documents.”” Both defendants agreed not to violate or aid and abet any violation of the FCPA going forward. Pretty stout stuff when you consider that all US citizens have that obligation going forward, whether they agree to it in a court filed documents or not.

Tomorrow we continue with Part II.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

 

Nursery Rhymes, a Chinese Proverb, the HP FCPA Enforcement and the Myth of the Rogue Employee

Hey diddle diddle,

The Cat and the fiddle,

The Cow jumped over the moon.

As my friend and colleague Jay Rosen is want to remind us, he continually learns much about compliance and ethics from his Kindergarten-aged daughters. I submit that you need only look to children’s nursery rhymes in the context of the recent Hewlett-Packard (HP) Foreign Corrupt Practices Act Enforcement (FCPA) to fully appreciate the inanity of the myth of the ‘rogue employee.’ HP has been cited as the prime example of the case where a small group of evil or ‘rogue employees’ purposely mislead their ultimate US corporate parent (HP Co) by engaging in bribery and corruption for which their US corporate parent, who did not engage in the corrupt action, were forced to pay the fines and penalties (and attendant investigative costs, remediation costs and negative publicity). For the purposes of this discussion we will leave out the millions of dollars that HP potentially benefited from via the illegal actions of its alleged ‘rogue employees’; or if there has ever been a case involving ‘rogue employees’ who, intentionally or otherwise, took a company down into FCPA grief.

I. HP-Poland – the Tale of Little Jack Horner – what a good boy I am

Little Jack Horner

Sat in the corner,

Eating a Christmas pie;

He put in his thumb,

And pulled out a plum,

And said ‘What a good boy am I!’

This is the one where commentators are having a Eureka moment. After all, the settlement documents point to one man, HP’s Poland Country Manager, and his John Le Carré-esque meetings. In this bribery scheme, the Country Manager engaged in a multi-year bribery scheme to pay bribes to one Polish government official to secure a large number of contracts. These bribes were paid surreptitiously, using a variety of techniques to evade detection but they all had one thing in common which I will ask you to figure out from the Bribery Box presented below.

HP-Poland Bribery Box Score

Bribe Amount	Method of Payment	Year Paid	Business Received
$150,000	Bag of cash, delivered to home of Polish gov official	2007	Contract valued at $15.7MM
$100,000	Bag of cash, delivered in parking lot to Polish gov official	2007
$130,000 to $140,000	Bag of cash delivered to Polish gov official	2008	Contract executed January 2008
$110,000	Bag of cash	2008	Contract executed in April 2008
$90,000	Bag of cash delivered to Polish gov official	2008	Contract executed May 2008
$30,000	Bag of cash delivered to Polish gov official	2008	Final 3 contracts totaled $32MM in value
$6,000	(offer)	2010	For contract signed in 2010 valued at $4MM
$30,000	Delivered as gifts	2007-2010	Total contracts valued at $60MM

For those of you not so quick on the draw the common element, at least until the end of the Box Score, is that all the bribes were paid in cash. For part of my in-house legal career, I did legal work for the energy industry and I have some familiarity in the amount of money that Country Manager’s made, at least the range of their salary and bonus, and it certainly was not enough to fund bribes in the amount of $600,000 in cash over a couple of years.

So let me get this straight, no one else at HP-Poland aided the Country Manager while he helped himself to the kitty? Didn’t anyone even notice, say in 2007, one of our $250,000 was missing? If not, the Country Manager had to have help in siphoning off funds from HP itself to fund these bribes? So my first question is where was HP internal audit? At the country level? At the region level? At the corporate level? Where was HP Co, when HP-Poland landed $60MM in contracts, in determining how these contracts were procured? Where were HP internal controls?

Was the Country Manager like Little Jack Horner? What a good boy I am?

II.   HP-Russia – Yes Sir, Yes Sir, Three Bags Full

Baa, baa, black sheep,

Have you any wool?

Yes, sir, yes, sir,

Three bags full.

HP-Russia seems to confuse commentators the most about the myth of the ‘rogue employee’. Here they point to the coded spreadsheets (the “Encrypted Spreadsheet”), which could only be unlocked and read by the conspirators themselves. And after all, they lied, lied, when they were asked about some of the details of the transaction in questions. I am sure Inspector Renoir is still shocked, shocked, to discover that gambling is still occurring on the premises of Rick’s Café American in Casablanca.

So why three bags full? Well, first of all, if you are from a certain university in central Texas you’ll immediately know what it means. For the less delicate among you, it would mean a large load of Col. Sherman Potter’s horse-hockey; three bags full in fact. This deal had been floating around HP for years, was well-known enough to raise multiple Red Flags inside the company and was simply internally shopped until it slid through by hook, nook or crook; or in this case, three bags full.

The initial deal was inked with the Russian government in June 2001 but as the Russian government could not fund it, they sought another foreign government to fund and that government was the US. However, to do so, it required that at least 85% of all goods and services were of US origin. To meet this requirement, the initial deal was changed to substitute a US intermediary (Intermediary 2) who replaced the Swiss intermediary on the deal (Intermediary 1). HP Co conducted due diligence on Intermediary 2 and then met with Intermediary 2 in the US to conduct additional due diligence. However, Intermediary 2 balked at answering more “pointed questions” about its expertise and financial wherewithal to handle the transaction. HP Co then told HP-Russia that they would not approve the transaction.

Not to be deterred from a good deal, the foreign government financing was switched from the US to Germany. In addition, Intermediary 2 was ditched for a one-man shop, Burwell Consulting Ltd (Burwell). Burwell and others were eventually paid nearly $21MM in bribes for the Russia government contract. There has been much discussion about how HP-Russia tricked HP-Germany’s employees through the use of “encrypted, password protected spreadsheets that tracked the deal’s financial inflows and outflows”. However, what I found more interesting was the discussion about how not only had HP-Russia shopped the deal internally and been told a resounding NO by HP Co for obvious Red Flags present but also the discussion of how HP-Russia internally funded the bribery scheme.

They did so by the classic ‘stuffing the channel’ that every software lawyer, accountant, bookkeeper, auditor, sales rep and anyone else subject to GAAP or IFSR learns on their first day of training on their first job. It goes like this: HP-Russia sold products to a channel partner; who then sold them to Intermediary 3; who then sold them back to HP with a mark-up and voila, you have a big pile of cash with which to bribe.

So what does the HP-Russia deal tell us about HP as a company? As with HP-Poland, you would have to question where was internal controls while this was playing out, at the country level, at the region level, at the anywhere level? But there is far more than simply internal controls going on here. Based on what was publicly announced in the settlement documents, HP Co had actual knowledge that the deal was rife with Red Flags as it was presented. It was so bad they shut it down. Of course, the business guys simply resurrected it in another place, in another guise. What does that say about the overall effectiveness of the compliance function at the time if HP-Russia could bring a Red Flagged deal to HP Co only to have it stopped, then to shove it through HP-Germany due to weak controls? What about the internal controls on how HP-Russia was able to generate $21MM in scammed money to pay the bribes in the first place? Think anyone else might have thought about running that scam through those robust internal controls? After all, its only three bags full…

III.   HP-Mexico – Fool Me Once…

Fool Me Once,

Shame on You;

Fool me twice,

Shame on Me.

The above did not come from George Bush (The Younger) but is purported to be an old Chinese proverb. I like that thought anyway and it certainly informs our look the claim of ‘rogue employee’ in Mexico. Here, for reasons far beyond my comprehension, HP was able to secure a Non-Prosecution Agreement (NPA) from the Department of Justice (DOJ) for the actions of its subsidiary in Mexico in paying a bribe of $1.6MM to facilitate the winning of a contract worth $6MM. But the lesson learned from the ancient Chinese proverb certainly informs our look at the allegation of the ‘rogue employee’ down Mexico way.

HP-Mexico wanted to use a certain agent involving a deal with Pemex because he had a very close relationship with the Pemex official who would be making the decision on the contract. HP-Mexico even signed a contract with this agent where his description of services was an “influencer fee” for which he would receive a 25% commission. This agent could apparently neither meet HP Co’s due diligence requirements, accept HP Co’s mandatory commission rate or both but whatever the reason, they were not approved as an agent on the Pemex deal. But like all good HP business folks (beginning to see a pattern here?) HP-Mexico simply subcontracted this agent to an existing, approved HP channel partner. HP-Mexico then amazingly (or perhaps not) said that they needed to raise the commission rate of this channel partner from 1.5% to 26.5% because this channel partner was now “managing discounts with Pemex” which coincidentally, this channel partner had never done. Because this channel partner was previously approved by compliance, the request for increase in commission rate was never submitted to compliance for approval. Think an internal control or two might have been appropriate in this situation?

What do the nursery rhymes and Chinese proverb tell us about HP and the Myth of the Rogue Employee? All three of the bribery schemes involved showed that there were multiple failures of numerous systems that allowed the schemes to run rampant. But perhaps the thing that they speak to the most is the culture that existed at the company during the time frames in question. While the FCPA Professor and others have noted that some of the conduct in question began in Russia as long ago as 1999, the settlement documents speak to conduct in Poland as recently as 2010. Certainly, the NPA for HP-Mexico’s conduct was for actions in 2009. What was the tone set that not only allowed employees to think that they could get away with subverting the law but that they had to do so. That, perhaps, is the most troubling questions unanswered by the Myth of the Rogue Employee.

Whatever the answer to HP’s culture of compliance may have been at the time of the conduct which led to the enforcement action, the claim that the company does not bear responsibility for either setting that tone, facilitating the conduct by looking the other way when convenient or not having appropriate internal prevention and detection controls in place to prevent massive fraud by its own employees; the reality is that when a employees of a company can evade controls to generate multi-millions of dollars to generate pools of money to pay bribes, there is no ‘rogue employee’ or even small group of rogue employees. Or there is about as much chance as a cow jumping over the moon.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

The HP FCPA Settlement

Last week the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) jointly announced the conclusion of a Foreign Corrupt Practices Act (FCPA) enforcement action against Hewlett-Packard Company (HP). In the settlement, HP agreed to pay $108MM in fines, penalties and disgorgements for criminal and civil acts. To say that it was one of the more perplexing FCPA settlements would seem to be an understatement. While some will read the settlement documents and see conduct which did not merit such a high total amount of fines and penalties, I am not from that camp.

The tale of this sordid affair of bribery and corruption occurred over 3 continents with multiple countries involved, evidencing an entire breakdown in company internal controls and a complete lack of a culture of compliance. Yet the settlement documents make great pains to emphasize that few employees were actually involved in the nefarious conduct. How bad was the conduct? Think right up there with BizJet because we had bags of cash delivered to a Polish government official. (But unlike BizJet, the Board of Directors did not approve the bribery scheme and it was not taken across the border.) For the Russian deal, it was shopped through several countries with multiple levels of company review, which did not seem to work or care much about anything except getting the deal done. For Mexico, they just seemed to get a free pass where the contract description for the agent who paid the bribe was “influencer fee”.

Finally, as most readers might remember, HP did not self-report this misconduct to the DOJ or SEC. Apparently, the story of HP’s bribery by its German subsidiary to gain a contract in Russia was broken by the Wall Street Journal (WSJ) article in April 15, 2010. The next day, the DOJ and SEC announced they were investigating the allegations of bribery. However, HP was made aware of the allegations by its German subsidiary in December 2009, when German authorities raided HP’s offices in Munich and arrested one HP Germany executive and two former employees. Yet HP never self-reported. Not exactly the poster child for self-disclosure for any company going forward.

Of course HP’s public response at the time indicated its attitude, when a HP spokesperson was quoted in the WSJ article as saying “This is an investigation of alleged conduct that occurred almost seven years ago, largely by employees no longer with HP. We are cooperating fully with the German and Russian authorities and will continue to conduct our own internal investigation.”

More befuddlement comes from the reported facts around HP Germany. As noted by the WSJ report, one, then current, HP executive was arrested and two former employees were arrested in connection with the investigation by German authorities. There is no mention of them in any of the settlement documents. The WSJ article also reported that investigation-related documents submitted to a German court showed that German prosecutors were “looking into whether H-P executives funneled the suspected bribes through a network of shell companies and accounts in places including Britain, Austria, Switzerland, the British Virgin Islands, Belize, New Zealand, the Baltic nations of Latvia and Lithuania, and the states of Delaware and Wyoming”. While some of these countries were mentioned in the settlement documents there was no mentions of DOJ or SEC investigations into Wyoming, Belize, the British Virgin Islands or New Zealand.

What are we to make of the criminal fines levied against the Russian and Polish subsidiaries of HP? The Polish subsidiary pled guilty to a two count Criminal Information consisting of (1) violating the FCPA’s internal control provisions; (2) violating the FCPA’s books and records provisions. The US Sentencing Guidelines suggested a fine range of $19MM to $38MM, the final fine was $15,450,244.

For the Russia deal, the Russian subsidiary pled guilty to a four count Criminal Information consisting of (1) conspiracy to violate the books and records provisions of the FCPA; (2) violating the FCPA’s anti-bribery provisions; (3) violating the FCPA’s internal control provisions; (4) violating the FCPA’s books and records provisions. The US Sentencing Guidelines suggested a fine range of $87MM to $174MM, yet the final fine was $58,772,250.

Finally, in Mexico HP’s subsidiary, according the to the SEC Press Release, “paid a consultant to help the company win a public IT contract worth approximately $6 million. At least $125,000 was funneled to a government official at the state-owned petroleum company with whom the consultant had connections. Although the consultant was not an approved deal partner and had not been subjected to the due diligence required under company policy, HP Mexico sales managers used a pass-through entity to pay inflated commissions to the consultant.” This was internally referred to by HP as an “influencer fee.” Pretty clear evidence of what it was to be used for, wouldn’t you say? Yet the DOJ did not to criminally prosecute the company’s Mexican subsidiary and entered into a Non-Prosecution Agreement (NPA), HP agreed to pay forfeiture in the amount of $2,527,750.

How did HP accomplish all of this? In a Press Release HP Executive Vice President and General Counsel John Schultz said, “The misconduct described in the settlement was limited to a small number of people who are no longer employed by the company. HP fully cooperated with both the Department of Justice and the Securities and Exchange Commission in the investigation of these matters and will continue to provide customers around the world with top quality products and services without interruption.”

As reported by the FCPA Professor, in his blog post entitled “HP And Related Entities Resolve $108 Million FCPA Enforcement Action”, the HP Russian subsidiary Plea Agreement gave the following factors for the reduction in the fine from the Sentencing Guideline range:

“(a) monetary assessments that HP has agreed to pay to the SEC and is expected to pay to law enforcement authorities in Germany relating to the same conduct at issue …; (b) HP Russia’s and HP’s cooperation has been, on the whole, extraordinary, including conducting an extensive internal investigation, voluntarily making U.S. and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the Department; (c) HP Russia and HP have engaged in extensive remediation, including by taking appropriate disciplinary action against culpable employees of HP and enhancing their internal accounting, reporting, and compliance functions; (d) HP has committed to continue enhancing its compliance program and internal accounting controls … (e) the misconduct identified … was largely undertaken by employees associated with HP Russia, which employed a small fraction of HP global workforce during the relevant period; (f) neither HP nor HP Russia has previously been subject of any criminal enforcement action by the Department or law enforcement authority in Russia or elsewhere; (g) HP Russia and HP have agreed to continue to cooperate with the Department and other U.S. and foreign law enforcement authorities, if requested by the Department …”

In the same blog post, the Professor reported the following reasons were stated for reduction in the final fine by HP’s Polish subsidiary’s:

“(a) HP Poland’s cooperation with the Department’s investigation; (b) HP Poland’s ultimate parent corporation, HP, has committed to maintain and continue enhancing its compliance program and internal accounting controls …; and (c) HP Poland and HP have agreed to continue with the Department and other U.S. and foreign law enforcement authorities in any ongoing investigation …”

We have witnessed companies, which have engaged in ‘extraordinary cooperation’ with the DOJ during the pendency of their FCPA investigations. BizJet is certainly one that comes to mind. Further, there are clear examples of companies, which extensively remediated during the pendancies of their FCPA investigations, from which they clearly benefited. Two prime examples are Parker Drilling, which not only received a financial penalty below the suggested range but also was not required to have a corporate monitor, while they had C-Suite involvement in its bribery scheme. Weatherford seeming came back from the brink during mid-investigation when they hired Billy Jacobson and turned around not only their attitude towards cooperation with the DOJ but also their efforts toward remediation.

Both of these companies are headquartered in Houston and both have been quite active on the conference circuit talking about their compliance programs so most compliance practitioners are aware that these companies are on the forefront of best practices. Perhaps HP is on some circuit doing that, somewhere. If so, kudos to them. If their remediation work led to a best practices compliance program for the company and their extraordinary cooperation led to the astonishing reduction in penalties to their entities, I certainly tip my cap to them. If their lawyers were great negotiators and made great presentations to the DOJ and SEC, all of which led to or contributed to the final results, a tip of the cap to them as well.

So what is the lesson to be learned for the compliance practitioner? Other than befuddlement, I am not sure. Congratulating HP and its counsel is not a lesson it is an action. If HP now has a best practices compliance program, I hope they will provide the compliance community with the lessons that they learned and incorporated into their compliance program, which allowed them to obtain the fines below the minimum suggested range. If they have incorporated some enhanced compliance components into their program I hope they will share those enhancements too.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014