FCPA Compliance and Ethics Blog

June 26, 2013

The Rutgers Basketball Scandal – Some Questions for the Compliance Practitioner to Ask

The seemingly continuous saga of the Rutgers Athletic Department and the attendant fallout from the Mike Rice scandal has reappeared in the news recently. For those who do not remember this tale, it involved the head basketball coach who was videotaped physically abusing his players by hitting them, kicking them and throwing basketballs at them during practice. Of course he also verbally abused them as well. When asked about his coaching style by the Rutgers Athletic Director (AD) Tim Pernetti, Coach Rice admitted that he was “aggressive” or perhaps as Warren Zevon would say, “he’s just an excitable boy.” While I usually write about the lessons which a compliance practitioner can draw from an event or series of events, I will use the Rutgers basketball scandal to raise questions about how your compliance program might handle a claim of violations of a federal law such as the Foreign Corrupt Practices Act (FCPA) or internal company policy, such as a Code of Conduct.

I.                   The Investigation

According to Jim McGrath, writing in the Internal Investigations Blog, in an article entitled “Focus For Next Rutgers Investigation”, Lacey interviewed six players, one former player, a former player who transferred from Rutgers, all of Rice’s assistants and other support personnel in the basketball program, Coach Rice himself, Eric Murdock, AD Pernetti, and a sports psychologist whom AD Pernetti consulted earlier this year. In addition, he reviewed nearly 50 hours of videotaped practices – roughly half of all practice time – during the coach’s tenure. He also kept AD Pernetti abreast of the results of his investigation during the pendency of the investigation.

In the initial investigation, Lacey found that Coach Rice’s behavior violated Rutgers policy barring workplace violence: “In sum, [I] believe there is sufficient evidence to find that certain actions of Coach Rice did ‘cross the line’ of permissible conduct and that such actions constituted harassment or intimidation within Rutgers’ Policy, Section 60.1.13.” That policy is Rutgers’ Workplace Violence Policy, in which “behavior [that] would be interpreted by a reasonable person as being evidenced (sic) of intent to cause physical harm to individuals or property” is prohibited. Lacey also believed that Coach Rice engaged in misconduct, which could be reasonably determined “to embarrass and bring shame or disgrace to Rutgers in violation of Coach Rice’s employment with Rutgers.” Lastly, Lacey concluded that Rice violated other terms of his five-year contract that would pay him $700,000 for the 2013-14 season that were added after previous disciplinary issues came to AD Pernetti’s attention.

While Lacey found that Coach Rice “did engage in certain conduct that went beyond mere cursing, including occasions where [he] used coarse, inappropriate and insulting language during practices and workouts, verbally attacked players in a manner outside the bounds of proper coaching, shoved and grabbed players on multiple occasions and engaged in other boorish and immature behavior,” it did not violate additional university policies – including Rutgers’ anti-bullying policy – and that the coach’s conduct “did not create a ‘hostile work environment’ as that term is understood in connection with anti-discrimination and anti-harassment policies.”

Perhaps even more amazing, and a hint to the real purpose of the investigation and report, Lacey ended his report by stating, “Although couched in different terms, EM’s actual complaint is not for wrongful termination, but for AD Pernetti’s decision not to offer EM a new contract. AD Pernetti’s decision not to offer a new contract to EM was based on EM’s abandonment of his employment and his direct and deliberate insubordination, and was not based on any impermissible or retaliatory reason. Therefore, there was no violation of Rutgers’ CEPA policy.” So after all the work and interviews, the question remains as to what was the purpose of the investigation; to investigate the behavior of Coach Rice or give Rutgers cover in the whistleblower lawsuit claim of Murdock?

II.                Questions To Be Asked

As pointed out by McGrath, some troubling questions were raised by the release of the Lacey Report. For instance, what were the reasons for AD Pernetti’s action or inaction and that of other school administrators in the wake of the Lacey report? Did any Rutgers administrators violate university policies or their own contractual obligations in how they dealt with Coach Rice after the completion of the Lacey investigation? McGrath notes, not without some irony, that “Regardless of whether breaches of required conduct are found or not, Barchi’s acknowledgement in a press conference that – while he was fully briefed on Coach Rice’s actions and suspension – he had never seen the 30-minute video of his coach’s antics until last week, is particularly confounding. Citing a busy administrative schedule and the organizational need to rely upon the advice and counsel of underlings as a justification for not giving the evidence at least the once-over seems a poor excuse for his ignorance of the situation.”

To those questions posed by McGrath I would add some of the following:

A.     What is the role of Senior Management?

Whistleblower Murdock claims he sent 5 emails to the University President asking him to view the video. If something is so serious that it needs to get to the attention of the head of an organization, what should a subordinate do to get this attention? As President Barchi stated that as soon as he saw the video Coach Rice had to go, it begs the question of when should a General Counsel (GC), Chief Compliance Officer (CCO) or other employee engage a company president? What about the Board of Directors? If a President is too busy for you, is there a direct line to the Board for consultation?

B.     What is the role of your investigation?

An obvious starting point is to ask, “What is your investigation protocol?” A time of crisis is not the time to be writing out your investigation protocol or perhaps, even worse, revising it. We may never know what role the Interim GC played in determining the protocol or even looking to see if there was an investigation protocol. Some of the things that you need to consider are the following: Who reviews the results of your investigation? What is the role of an investigation? What is the scope of the investigation; is it to uncover the facts so the situation can be remedied; or is it to determine if you can be liable for taking remedial action?

Lastly, and this point is presented more starkly in the Rutgers scandal than in most commercial business situations I have seen, should the information be shared with a merger partner? Remember Rutgers was nearing the end of a yearlong process to join the Big Ten Conference. If this scandal had come out during the negotiations, would the Big Ten have continued to pursue Rutgers? More cynically, did all the publicity over the Rutgers scandal create more publicity about Rutgers joining the Big Ten and thereby increase brand awareness along the East Coast?

C.    When is a whistleblower an extortionist?

Another interesting facet of the Rutgers scandal is the claim that Murdock is actually trying to extort money out of Rutgers. It should be noted that Murdock did not surreptitiously videotape Coach Rice abusing his players. Murdock obtained Rutgers’ practice through Freedom of Records request from state of New Jersey and then edited the tapes down to the final version shown on ESPN, for which Rutgers officials roundly criticized him.

To bring a suit against Rutgers, a person must send a formal demand letter, which Murdock’s attorney did on or about December 26, 2012. Two weeks after his demand letter was rejected, Murdock leaked his video footage to ESPN. In April, New York Times (NYT) reporter Steve Eder, in an article entitled “F.B.I. Investigating Former Rutgers Assistant”, reported that the “F.B.I. is investigating whether the assistant at Rutgers who first voiced concerns about the abusive behavior of his boss, Mike Rice, tried to extort the university.” Conner Simpson, in another article in the Atlantic Wire entitled “The Rutgers Scandal Now Has an F.B.I. Extortion Investigation” asked, “How does leaking a video and getting your old boss fired amount to extortion, you ask?” He then said “Well, ESPN’S Don Van Natta Jr. reported Friday that Murdock wrote a letter to the school demanding $950,000 to settle his wrongful termination claims a month after he first showed Pernetti the video. Rutgers politely declined. Murdock filed a lawsuit against the school on Friday. So, uh.”

How many whistleblowers do you think Rutgers encouraged to come forward with this information before it became public? More importantly, how many whistleblowers do think will be encouraged to come forward in the future if they know that their fate will include a FBI investigation if they make a whistleblower claim and perhaps file a lawsuit?

A colleague of mine pointed out that I was very much in the milieu of ‘Monday Morning Quarter-backing’ with some of my criticisms of Rutgers. He correctly noted that decisions made in or near real time may look quite different many months or years down the road. On this point he is absolutely correct. So I think a key point from the Rutgers scandal is to document your reasoning and logic, in writing, before you assess any discipline or make any decisions so that months later you know exactly why those decisions were made. In other words, have a protocol in place and follow the protocol. If you change the protocol, document the reason that you do so. But sometimes you gut just knows something is really bad. One of those times is when your Chief Executive Officer (CEO) (or University President) says that within the first five minutes of reading a report (or seeing a video) they knew the person should be fired.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

May 7, 2013

Do Law Firms Have an In-House Privilege?

There is often a discussion about the retention of outside counsel to lead an investigation of alleged violations of the US Foreign Corrupt Practices Act (FCPA) so that the company may maintain the attorney-client privilege. But is there some other privilege which might be lurking in this relationship? This question was discussed in an article in the May issue of the ABA Journal, entitled “Inside Story”, by Mark Curriden, which details a discovery dispute before the Georgia Supreme Court where a law firm has claimed that it enjoys an attorney-client privilege in a malpractice claim brought by a former client. The case involves allegations that communications between a law firm and its in-house counsel are privileged in favor of the law firm and poses the following query: “whether communications between lawyers and in-house counsel are protected by the attorney-client privilege and the work product doctrine when a dispute arises between the firm and a client.”

The case involves three lawyers from the Savannah, GA law firm of Hunter, Maclean, Exley & Dunn PC (Hunter Mclean). The law firm had prepared certain real estate sales contracts, which were used by the firm’s client, St. Simons Waterfront LLC. After buyers began to opt out of these contracts to purchase certain properties, the law firm suggested that the company negotiate with the purchasers.

The company demanded that the law firm work to enforce the agreements. Curriden wrote that “The lawyers for Hunter Maclean took the scolding as a sign that St. Simons Waterfront was planning a malpractice claim against them and contacted the firm’s in-house counsel immediately after the call.” He quoted the lawyer for St. Simons Waterfront who said that “Within minutes of the conference call, Hunter Maclean lawyers were already taking legal steps to defend themselves for litigation, even though they were still representing the client and would continue to represent the client for another three months.”

The law firm understood that the company was threatening litigation against the law firm and claimed they told the client that it needed new counsel. The company said at no time did it suggest that it was preparing to sue its own lawyers and denies that the law firm told them after the phone call in question that a conflict existed and that the company should retain new counsel.

Indeed later, the client sued the law firm for malpractice in the drafting of the real estate contracts, in a case styled, St. Simons Waterfront v. Hunter, Maclean, Exley & Dunn. The dispute currently before the Georgia Supreme Court is over certain documents that the law firm claims is its internal attorney-client privileged communications , specifically including a 33-page memo from the firm’s own in-house lawyer describing the Feb. 18, 2008, conference call referenced above, that lawyers at the firm wrote the day after the telephone conversation occurred.

Susan W. Cox, counsel representing Hunter Mclean, said that “The documents and communications sought involve efforts by the firm to investigate, evaluate and consider how to respond to the client’s asserted claim.” Curriden further quoted her as stating that “Under the plaintiff’s argument, Cox says, “a law firm would have to immediately withdraw from any further client representation, regardless of the harm to the client and regardless of whether the client consented to the additional temporary and necessary representation, in order to protect its in-house information from disclosure in the malpractice claim. It was impossible for Hunter Maclean to immediately withdraw without causing great harm to the client. Under Georgia and federal law, the attorney-client privilege is interpreted to protect against disclosure of information obtained or shared in a confidential relationship, and that applies equally to communications with in-house and outside counsel.””

However, the trial court disagreed with the law firm’s position and ordered production of the documents “ruling that the privilege didn’t apply because Hunter Maclean failed to inform the client about its conflicts. The judge ordered Hunter Maclean to turn over the internal documents that St. Simons Waterfront was seeking.” Then “The Georgia Court of Appeals reversed, ruling that the firm’s communications with in-house counsel remained privileged because the in-house counsel was completely isolated from the St. Simons Waterfront legal work and thus did not have a conflict. St. Simons Waterfront appealed to the state supreme court. Oral arguments were held in March.”

The article posited the two schools of thought on this question. Attorney John G. Nelson, counsel for the St. Simons Waterfront, was quoted as saying “The appellate court’s reasoning “makes it too easy for law firms to conceal unethical conduct from clients…If the client’s attorneys consult with the in-house attorney—not for the purpose of meeting their ethical obligations to the client but to cover up their own malpractice, and the in-house attorney assists them in doing so—the firm could withhold that information simply because the in-house attorney was ‘segregated’ from directly representing the client.”” Nelson further said that “The reason is simple: When a law firm represents a current client, the entire law firm’s fiduciary and ethical duties are to that client.”

However at least 13 law firms which are not parties to this dispute, signed an amicus brief in support of the law firm in the discovery dispute. Interestingly, the American Bar Association (ABA) filed an amicus brief which stated the ABA “takes no position on whether the privilege and work product claims in this case should be sustained.” After quoting this statement, Curriden goes on to quote from the ABA’s amicus brief that ““the ABA urges that lawyers’ communications when seeking legal advice from their in-house counsel should be broadly protected because of the benefits to their clients and the legal system, and to lawyers and their firms,” states the association’s brief. “Lawyers face an increasing array of legal and ethics duties, and the availability of in-house advice, without the cost or inconvenience of seeking an outside lawyer, encourages lawyers to pursue internal investigations where questions of misconduct or malpractice arise.”” Therefore, the attorney-client ““privilege should not be abrogated or limited except for compelling reasons.” But this analysis changes “if it is concluded that the client may have a malpractice claim against the lawyer,” states the brief. “Whether the privilege as to further in-house consultations is abrogated or limited during a continuing representation might become a question of fact for the trial court as to whether the client were promptly and adequately informed of the potential claim.””

As a former in-house counsel I certainly find it troubling if, at the slightest spat between a law firm and a client, the law firm then ‘lawyers-up’ and girds for a lawsuit. One of the greatest things about the legal profession is that it holds the highest duty possible to its clients. If a law firm is taking a position contrary to its client’s interest, it cannot no longer ethically represent the client. Curriden ends his article with a short discussion on this point when he said, “many corporate GCs privately express concerns about what their law firms may be doing behind their backs.” He quoted Randy Johnston, who focuses his practice at JohnstonTobey PC in Dallas on professional malpractice cases, who said “Corporate general counsel have every right to be concerned that their law firm is secretly plotting against them and their best interests, and are doing so without notifying them,”. Johnston goes on further to say “In the end, I think there’s only one solution: Law firms should have the right to internal defense and to work product, but the law firm must immediately inform the client when there is a conflict. Failure to tell the client eviscerates the privilege. Period.”

This is a case which certainly bears watching as it may go quite a long way towards fundamentally altering the attorney-client relationship.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

April 30, 2013

FCPA Prosecutions Against Individuals? Check Out April

One of the oft-heard criticisms of the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) is the lack of individual prosecutions under the Foreign Corrupt Practices Act (FCPA). That may well be on its way to changing as April 2013 may become known as “FCPA Individuals Month” for the charges and enforcement actions brought against various individuals for FCPA violations. The DOJ and SEC used several different types of enforcement actions, both criminal and civil, against a variety of individuals over the past month.

I.                   BizJet

One group of charges was the four enforcement actions involving individuals concerning BizJet. The lineup of those three BizJet executives and one employee involved in these enforcement actions is as follows:

  1. Bernd Kowalewski – President and Chief Executive Officer (CEO);
  2. Peter DuBois – Vice President of Sales and Marketing;
  3. Neal Uhl – Vice President of Finance; and
  4. Jald Jensen – Regional Sales Manager

Defendants DuBois and Uhl pled guilty in January, 2012 and had their pleas unsealed on April 5, 2013. Defendants Kowalewski and Jensen were charged by Criminal Indictment, also in January, 2012, but are still at large today. The DOJ Press Release states that “The two remaining defendants are believed to remain abroad.” The bribes were characterized as “commission payments” and “referral fees” on the company’s books and records. Payments were made from both international and company bank accounts here in the United States. In other words, this was as clear a case of a pattern and practice of bribery, authorized by the highest levels of the company, paid through US banks and attempts to hide all of the above by mis-characterizing them in the company’s books and records.

II.                Alstom

Two individuals from the company later identified as Alstom were charged or had their charges made public in April. According to a DOJ Press Release dated April 16, 2013, “Frederic Pierucci, 45, a current company executive [of Alstom] who previously held the position of vice president of global sales for the Connecticut-based U.S. subsidiary, was charged in an indictment unsealed yesterday in the District of Connecticut with conspiring to violate the Foreign Corrupt Practices Act (FCPA) and to launder money, as well as substantive charges of violating the FCPA and money laundering.” Pierucci was arrested. A former Alstom executive, “David Rothschild, 67, of Massachusetts, a former vice president of sales for the Connecticut-based U.S. subsidiary, pleaded guilty on Nov. 2, 2012, to a criminal information charging one count of conspiracy to violate the FCPA.”

In a post by the FCPA Professor, entitled “Current And Former Alstom Employees Charged In Connection With Payments In Indonesia”, he stated the two were involved with the following: “The conduct at issue concerned the Tarahan coal-fired steam power plant project in Indonesia.” Both were charged around the same set of facts. Pierucci and Rothschild, together with others, paid bribes to officials in Indonesia, including a member of Indonesian Parliament and high-ranking members of Perusahaan Listrik Negara (PLN), the state-owned and state-controlled electricity company, in exchange for those officials’ assistance in securing a contract for the company to provide power-related services for the citizens of Indonesia, known as the Tarahan project. The charges allege that, in order to conceal the bribes, the defendants retained two consultants purportedly to provide legitimate consulting services on behalf of the power company and its subsidiaries in connection with the Tarahan project. In reality, however, the primary purpose for hiring the consultants was allegedly to use the consultants to pay bribes to Indonesian officials.

The Pierucci Indictment specified the following Counts for violations of the FCPA involving the first consultant.

Count Date Means and Instrumentalities of Interstate and International Commerce
Two 11/16/2005 Wire transfer in the amount of $200,064 from Power Company’s Connecticut bank account to Consultant A’s bank account in Maryland for the purpose of bribing Official 1.
Three 1/4/2006 Wire transfer in the amount of $200,064 from Power Company’s Connecticut bank account to Consultant A’s bank account in Maryland for the purpose of bribing Official 1.
Four 3/7/2007 Wire transfer in the amount of $200,064 from Power Company’s Connecticut bank account to Consultant A’s bank account in Maryland for the purpose of bribing Official 1.
Five 10/5/2009 Wire transfer in the amount of $66,688 from Power Company’s Connecticut bank account to Consultant A’s bank account in Maryland for the purpose of bribing Official 1.

III.             Frederic Cilnis

In a blog post, entitled “The Danger of FCPA “Proactive” Investigations”, Mike Volkov stated “At the recent Dow Jones Compliance Symposium in Washington, D.C., an FBI official warned the attendees that the Shot Show debacle would not deter law enforcement from using proactive investigations techniques. It was a stark warning because it was realized in less than thirty days.” This was dramatically demonstrated with the arrest of Frederic Cilnis.

An article in the Financial Times (FT), entitled “FBI sting says that ‘agent’ sought to have mining contracts destroyed”, it was reported that “Frederic Cilins held the last of a series of meetings with the widow of an African dictator to discuss what she was going to do with some sensitive documents.” What were these ‘sensitive documents’? The FT reported that it had seen “some of the documents” and “According to one copy of a contract seen by the FT” it appeared to agree to pay $4m the wife of the then President of the country to help to secure rights to a mining concession in Guinea. Unfortunately for Cilins he “did not realise that the woman he was talking to was wearing a wire and that FBI agents were watching. As he left the meeting, the agents arrested him carrying envelopes filled with $20,000 in cash, the indictment says. That was a pittance compared with the $5m he was taped offering the dictator’s widow during what US authorities say was a two-month campaign to tamper with a witness and destroy records.”

IV.              Uriel Sharef

Uriel Sharef was a former officer and board member of Siemens. According to the SEC Press Release announcing resolution of his matter, “The settlement resolves the Commission’s civil action against Sharef for his role in Siemens’ decade-long bribery scheme to retain a $1 billion government contract to produce national identity cards for Argentine citizens. The final judgment, to which Sharef consented, enjoins him from violating the anti-bribery and related internal controls provisions of the FCPA and orders him to pay a $275,000 civil penalty, the second highest penalty assessed against an individual in an FCPA case.”

The FCPA Professor, in his April 19 Friday Roundup, posed the following “The burning question of course is whether the SEC would have prevailed against Sharef if he put the SEC to its burden of proof. As highlighted in this previous post, Sharef’s co-defendant, Herbert Steffen, did just that and in February Judge Shira Scheindlin dismissed the SEC’s complaint against Steffen finding that personal jurisdiction over Steffen exceeded the limits of due process.” However, the SEC Press Release seemed to anticipate this query by stating that “Sharef met with payment intermediaries in the United States and agreed to pay $27 million in bribes to Argentine officials. Sharef also enlisted subordinates to conceal the payments by circumventing Siemens’ internal accounting controls.”

In the month of April, the US enforcement agencies certainly seemed to be answering the questions about bringing FCPA criminal charges and civil complaints against individuals. You may quibble about the sentences handed out in the BizJet case but that is another discussion for another day. For those who may have thought that the use of wire taps, cooperating witness and other proactive federal law enforcement techniques may not be used in FCPA cases after the Gun Sting cases dismissals, such techniques were used in both the BizJet matters and the action against Cilnis. Lastly, one phone call to the US may not create in personam jurisdiction but if you come to the US and engage in conduct which violates the FCPA, personal jurisdiction will attach.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

April 3, 2013

M*A*S*H and Triage in Your FCPA Investigation Protocol

One of the things that I learned from the television series M*A*S*H was the need for triage. In the hospital setting, triage is the process of determining the priority of patients’ treatments based on the severity of their condition. At the Dow Jones Global Compliance Symposium, there were a couple of panels which discussed the need for triage in your compliance program around issues that are reported through a company’s internal reporting mechanism.

Given the number of ways that information about violations or potential violations of the Foreign Corrupt Practices Act (FCPA) can be communicated to the Department of Justice (DOJ) having a robust triage system is an important way that a company can separate the wheat from the chaff and bring the right number of resources to bear on a FCPA problem. Kevin O’Connor, Vice President (VP) for Global Compliance, United Technologies Corp, said that one of the things that this is important in making an initial determination of whether to bring in outside counsel to head up an investigation. It is also important in a determination of the resources that you may want or need to commit to a problem. Ty Cobb, a partner at Hogan Lovells, put it this way “How much information do you need to know before you go to outside counsel? Quite a bit.” Another panelist, Jamie Gorelick, partner at WilmerHale, put it in a different manner when she said “you have to kick the tires” so that you know the circumstances in front of you before you make the decision to go to outside counsel.

But even if you kick the tires and determine that you do need to involve outside counsel, there are still ways in which a corporation can work to control the costs of a FCPA investigation. O’Conner said that United Technologies is able to keep the costs down by having a very robust team of investigators embedded in many departments across the company, outside of the compliance function. O’Connor said that these employees come from employment and professional backgrounds which trained them in the basics of investigations. Many of these United Technologies employees come from law enforcement but there are other professions such as national security, foreign service, the intelligence community, human resources and others.

O’Connor said that the key is to hire people with a background and prior training investigations. These investigators receive FCPA and other compliance training while at United Technologies so that if a major incident arises they can be used to supplement outside counsel personnel who may lead an investigation. In this way, United Technologies is able to keep outside counsel from sending lawyers all over the world and thereby run up the costs of a FCPA investigation. This concept was put another way by another panelist, David Yawman, Senior Vice President & Chief Compliance and Ethics Officer, PepsiCo Inc., who said that he “wants to be building sprinkler systems and not fighting fires”. He explained this meant that he wants to have trained personnel available to him, who can have their primary function outside the compliance group but can be called upon as needed in such a FCPA investigation.

On another panel Paul McNutly, partner at Baker & McKenzie LLP, explained that he believed it would be important for a company’s regular outside counsel to partner more with the entity as a way to help hold down costs. McNulty explained that a law firm could work to help put on the additional FCPA and compliance focused training that O’Connor discussed on a more regular and ongoing training. This partnership relationship would allow the law firm to have confidence that the company’s investigators could handle a large or wide-ranging FCPA investigation. This confidence would help outside counsel in any discussions they might have with the DOJ during the pendency of a FCPA investigation.

McNulty was asked how do you help keep costs from reaching the ‘ridiculous’ level? He also mentioned that a company needs to initially scope any FCPA allegation which may arise through a company’s internal reporting mechanism or other manner. But said another step is to develop a reasonable investigation plan. This can be particularly important if you self-disclose to the DOJ. You will need to go into the DOJ and present your investigation plan so McNulty suggested an early discussion with the government on the scope of the investigation is critical.

Panelist Gorelick stressed that you should engage the DOJ to show not only the scope of your investigation but that it can be limited so that you do not face the dreaded ‘where else’ question. You should develop a logical plan with the nexus to the facts. However, she emphasized that you must have credibility with the government that not only will your investigation will be robust but that facts you have determined in your initial triage are a reasonable interpretation.

I found it very useful that there was a discussion relating to costs of a FCPA investigation that extended over two panels at the conference. Both in-house and outside counsel presented concrete and achievable solutions that can be implemented to help contain costs. But the key is to be prepared, not only in terms of having your investigation and notification protocols in place before the FCPA allegation comes in but also doing the proper triage so that you have an initial understanding of what you may be facing.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

March 26, 2013

McNulty’s Maxim No. 3 and Response to Allegations of Bribery

In a Wall Street Journal (WSJ) article by Chris Matthews, Joe Palazzolo and Shira Ovide, entitled “U.S. Probes Microsoft Bribery Allegations”, they reported that the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) were investigating “kickback allegations made by a former Microsoft representative in China, as well as the company’s relationship with certain resellers and consultants in Romania and Italy”. A whistleblower alleged that an executive of Microsoft’s China subsidiary had told the whistleblower “to offer kickbacks to Chinese officials in return for signing off on software contracts”. Additionally, they reported that “investigators are also reviewing whether Microsoft had a role in allegations that resellers offered bribes to secure software deals with Romania’s Ministry of Communications”.

Interestingly, as reported by Chris Matthews in a WSJ post in Corruption Currents, entitled “Microsoft Responds to FCPA Allegations”, Microsoft publicly responded to the reports. Matthews reported that Deputy General Counsel (GC) John Frank wrote in a blog post “As our company has grown and expanded around the world, one of the things that has been constant has been our commitment to the highest legal and ethical standards wherever we do business”. Frank also said that “The matters raised in the Wall Street Journal are important, and it is appropriate that both Microsoft and the government review them.”

Commenting on this situation with Microsoft, Alexandra Wrage, President of Trace International, wrote an article on Forbes.com, entitled “Microsoft And The Rising Federal Scrutiny Of Bribery”, where she said, “All of this should not be discouraging to companies worried about complying with anti-bribery laws. Strong compliance programs, even those that fail to prevent all forms of bribery, do provide protection from liability. “[A] company’s failure to prevent every single violation does not necessarily mean that a particular company’s compliance program was not generally effective,” write the DOJ and SEC in their recently published Resource Guide to the FCPA. “[The] DOJ and SEC…do not hold companies to a standard of perfection,” the Guide continues. This may not be enough to guarantee corporate compliance officers a full night’s rest, but it should provide some comfort.”

Wrage also noted that the Microsoft investigation underscores that fact that with any company that does business internationally you cannot watch all the people, or indeed all the third parties, all the time and that violations of anti-corruption laws such as the FCPA or anti-bribery laws, such as the UK Bribery Act, are a constant risk in worldwide business operations. She believes that Microsoft, by all accounts, would appear a robust anti-bribery compliance program. She understands that Microsoft’s Standards of  Business Conduct intones a strict policy against bribes, quoting it for the following:

“Microsoft prohibits corruption of government officials and the payments of bribes or kickbacks of any kind, whether in dealings with public officials or individuals in the private sector. Microsoft is committed to observing the standards of conduct set forth in the United States Foreign Corrupt Practices Act and the applicable anti-corruption and anti-money laundering laws of the countries in which we operate.”

The company also requires all outside vendors to read and comply with the Microsoft Vendor Code of Conduct, which also prohibits incentives such as kickbacks or bribes.

But, as she says, for a large multinational like Microsoft, which has offices in more than 100 countries, it does not always mean that thousands of business partners all across the globe will be compliant all of the time. Indeed, as admitted by Microsoft Deputy GC Frank in his blog post, “In a company of our size, allegations of this nature will be made from time to time. It is also possible there will sometimes be individual employees or business partners who violate our policies and break the law. In a community of 98,000 people and 640,000 partners, it isn’t possible to say there will never be wrongdoing.”

I think the final quote from Frank above, points to the specific usefulness of the Guidance, which states, “In the end, if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately.” These three clauses point to Paul McNulty’s three maxims but the Microsoft response points to McNulty Maxim No. 3, “What did you do about it?

I have asked Paul what he meant by this which he broke down into two parts. The first part is did you investigate it thoroughly and did you remediate those factors which led to the underlying issue? As reported by Matthews, Palazzolo and Ovide “The allegations in China were also the subject of a 10-month internal investigation that Microsoft concluded in 2010, according to people briefed on the internal investigation. The probe, conducted by an outside law firm, found no evidence of wrongdoing, these people said.” As noted above, DOJ and SEC lawyers are now looking at these allegations, as well as those issues in Romania and Italy.

The second part is what remediation did you do? At this point it is not clear what remediation, if any, will be appropriate so we may have to leave that prong open at this time. However, there is one other matter brought up by the Guidance that is certainly raised in the context of this Microsoft matter that should be looked at. It is government involvement. One of the nine factors listed in the US Sentencing Guidelines state, “the corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents”. Further, the Guidance makes clear throughout that a company benefits from self-disclosing and cooperating with the government. While it is not clear if Microsoft self-disclosed anything back in 2010 when it conducted its internal investigation, it does appear that it is cooperating with the DOJ and SEC at this time.

While several commentators have pointed to this Microsoft matter as an example of how difficult it might be to do business in full compliance with the US Foreign Corrupt Practices Act (FCPA) all the time, I draw a different lesson from this matter. I believe that an aggressive approach to McNulty Maxim No. 3 shows that it is not about how hard it is to do business internationally, or that the FCPA is too difficult to follow; but it is the strength of your compliance program and your response to allegations which should be the determinative factor for compliance. I think McNulty’s advice was good when I initially heard and I think it is good now. Moreover, it is a part of the FCPA Guidance which shows it is not just how McNulty might think through these issues but how the DOJ and SEC do so as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

February 20, 2013

Interview with Scott Moritz

Ed. Note-today we continue with our series on thought leaders and practitioners in the compliance arena. Today, we have an interview with Scott Moritz, who is a Managing Director, Protiviti (www.protiviti.com)

============================================================================================

1. Where did you grow up and what were your interests as a youngster? 

I grew up on the North Shore of Long Island, the youngest of six kids. Our father owned a swimming pool construction company whose workforce at various times consisted of my legendary grandfather, brothers, many cousins, a wide variety of parolees and, for a few summers during high school, me. Since I can remember, I was always fascinated with police work and detective stories and grew up watching TV shows like Baretta, The Rockford Files and Police Story. From an early age, people thought I looked like a cop. When I was 16, some of my knuckleheaded friends brought me along to New York City as “security,” because they wanted to buy fireworks, which were illegal at the time. In fact, I played the security role a lot with my friends, because they always seemed to attract the kind of attention that necessitated someone securing their safety. Our misadventure in the city was my first exposure to a recurring theme in my law enforcement experience: even if something is illegal to make, sell or possess, it is still readily available. In no time, one of my friends was in negotiation with a gang member who took one look at me and said “He’s a cop, get lost.” My undercover career was over before it started.

2. Where did you go to college and what experiences there led to your current profession?

I graduated from Jacksonville University in Jacksonville, Florida with a double major in marketing and management and a minor in psychology. Throughout college, I worked as a bouncer, bartender, DJ and eventually manager at a rock nightclub. As a 5’8” bouncer in Jacksonville, where the average male is 6’3,” I quickly developed negotiation, persuasion, de-escalation and other crisis-related skills. I also had to be able to read body language and know when a  negotiation had broken down, and it was time to take action. I prided myself on how frequently I was able to get people out of the club peacefully. I witnessed more violent crimes, including shooting incidents, in my four years as a nightclub employee than I did in nearly 10 years as an FBI agent.

3. How did you come to join the FBI? What were your duties as an agent?

After college, I applied to take the NYPD entrance exam. At the time, my sister Stacey was an Assistant U.S. Attorney in the Southern District of New York. When I mentioned to her that I had applied to take the police exam, she asked “What about the FBI?” She put me in touch with her friend, who was a Special Agent in the New York Field Office. This was in 1985. I called the number she gave me and a deep, booming voice answered, “TERRORISM!” I was so startled, I nearly fell off my chair! Whatever preconceptions I had in terms of how the FBI might answer the phone, that one didn’t make the mental checklist. I collected myself and had a great conversation with the agent, who encouraged me to apply to the FBI.

The FBI recruitment process is very involved, with many aspects to it, and candidates fall by the wayside at every stage. Back then, there was an initial application, a written exam, the completion of a very detailed application, a panel interview with three FBI Special Agents and finally a background check investigation, and as far as I know, that’s still the case today. Completing the application was quite an undertaking because you had to provide very detailed information about you, your siblings, their spouses, your parents and every roommate you’ve ever had. The application was used as the roadmap for the intensive background investigation that follows.

I entered on duty as an FBI Special Agent in October, 1986. Special Agent trainees lived at the FBI Academy for four months, and academy training was divided equally between academics (minimum passing grade is 85%), physical training/defensive tactics and firearms training.

FBI Special Agents investigate and enforce an incredibly wide variety of criminal violations, counter-intelligence and counter-terrorism. My first assignment was the Memphis, Tennessee field office. At the time, Memphis was a relatively small FBI office, so agents had much broader responsibilities than in the larger field offices where agents tend to be more specialized. For most of my time in Memphis, I was assigned to a White Collar Crime squad, which also had responsibility for the Civil Rights and Fugitive programs. I worked on a wide array of primarily financial crime investigations, including on the bank robbery response team and worked with the narcotics task force. While white collar crime was my primary focus, each agent on the squad carried multiple fugitive cases. The FBI has primary jurisdiction to enforce Unlawful Flight to Avoid Prosecution (UFAP) in support of state and local law enforcement when there is evidence that violent offenders have fled their jurisdictions.

In 1991, I was transferred to NYC and assigned to the money-laundering and asset forfeiture squad.  There, the entire mission was to conduct parallel financial investigations alongside the largest, most complex criminal cases being investigated by the New York FBI. I worked on many organized crime, narco-laundering, and trafficking and white collar crime cases, and our squad seized and forfeited nearly $1 billion during my five years there.

4. How have you utilized the skills you learned in law enforcement in your current profession?

I use the skills I learned as an FBI Special Agent every day in my current profession and have since the day I left the Bureau nearly 17 years ago. Many crimes are revenue-generating crimes; making cases against criminal defendants and their criminally-derived assets means painstaking financial analysis. Tracing criminal proceeds back to their source provides evidence of the crime, quantifies it and enables the government to dismantle criminal organizations by seizing assets obtained by the specified unlawful activity or used to facilitate the laundering of criminal proceeds. I am usually surrounded by mountains of banking records and financial records. However, reviewing banking and financial records alone often doesn’t reveal the full picture. While at the FBI, I developed the ability to use publicly available information to identify the financial holdings and business interests of criminal subjects and their associates, as well as any prior illegal conduct or civil disputes that could help build the case against them. These same background investigation techniques can be used in a commercial context both after the fact as part of the ensuing financial crime investigation and also to vet prospective relationships in an effort to determine whether a company would make a suitable business partner. Likewise, interviewing and interrogation skills are something you use in a variety of settings. Unlike interviews depicted on many TV crime dramas, interviewing is often all about building a rapport and establishing some common ground, no matter how despicable the subject of the interview may be. People also give off hidden cues that signal when they are uncomfortable with your questions and when they are outright lying. These same skills are very helpful when conducting interviews of executives and employees, whether in the course of evaluating a corporate compliance program, conducting anti-corruption due diligence or interviewing a suspect.

5. You recently changed companies, moving from Navigant to Protiviti. What can you tell us about your new position and some of the things that you would like to achieve?

I’m incredibly excited about my new role at Protiviti. I’ve joined an established and very experienced firm whose professional staff includes investigators, forensic accountants, anti-corruption practitioners and technologists in over 70 offices in 23 countries. Protiviti also has a very powerful technology platform in its Governance Portal. The Portal manages data intake, risk scoring, work-flow management, case management and decision-making ‑ so that all the aspects of an overall ethics and compliance program, or a single aspect of it, such as managing third-party anti-corruption programs, can be brought together on a single platform. (The Portal has received industry recognition: Protiviti has been positioned as a “Challenger” by Gartner in the October 2012 Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms.)

I really look forward to continuing to help clients apply their limited resources strategically on a risk basis and also to better position them so that they can manage their regulatory risk proactively and deploy investigative and forensic resources rapidly when issues emerge.

============================================================================================

Scott Mortiz can be reached at scott.moritz@protiviti.com.

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. 

February 8, 2013

How Does Your Organization Treat Whistleblowers?

As almost everyone knows, Lance Armstrong spoke for the first time about his performance enhancing drug (PED) use recently on Oprah. On the first night he admitted for the first time that he used PEDs during his seven wins at the Tour De France. The title of my colleague Doug Cornelius’ piece in Compliance Building really said it all in his article “Lance Armstrong – A Lying Liar Just Like Madoff”. Cornelius said “What caught my attention about the Armstrong interview was the window into the mind of a pathological liar. Armstrong had been telling the lie over and over and over. He lied to the public. He lied to the press. He lied to cancer survivors. He lied under oath.”

One of the areas which came up for me was how the people who blew the whistle on Armstrong’s use of PEDs before his admission were treated and how Armstrong subsequently treated them. Armstrong admitted that he was a ‘bully’ to those who said, hinted, or even implied that he had taken PEDs. He attacked ex-teammates; wives of ex-teammates and even a masseur who saw him take such substances. He put on an aggressive PR campaign for the better part of the past decade, to which the wife of ex-Tour De France winner Greg LeMond said “I can’t describe to you the level of fear that he brings to a family.”

While I would hope that most American and European companies have moved past the situation where whistleblowers are ostracized or worse threatened, one can certainly remember the GlaxoSmithKline (GSK) whistleblower Cheryl Eckard. A 2010 article in the Guardian by Graeme Wearden, entitled “GlaxoSmithKline whistleblower awarded $96m payout”, he reported that Eckard was fired by the company “after repeatedly complaining to GSK’s management that some drugs made at Cidra were being produced in a non-sterile environment, that the factory’s water system was contaminated with micro-organisms, and that other medicines were being made in the wrong doses.” She later was awarded $96MM as her share of the settlement of a Federal Claims Act whistleblower lawsuit. Eckard was quoted as saying, “It’s difficult to survive this financially, emotionally, you lose all your friends, because all your friends are people you have at work. You really do have to understand that it’s a very difficult process but very well worth it.”

More recently there was the example of NCR Corp., as reported in the Wall Street Journal (WSJ) by Christopher M. Matthews and Samuel Rubenfeld, in an article entitled “NCR Investigates Alleged FCPA Violations”, who stated that NCR spokesperson Lou Casale said “While NCR has certain concerns about the veracity and accuracy of the allegations, NCR takes allegations of this sort very seriously and promptly began an internal investigation that is ongoing,” regarding whistleblowers claims of Foreign Corrupt Practices Act (FCPA) violations. In a later WSJ article by Matthews, entitled “NCR Discloses SEC Subpoena Related to Whistleblower, he reported that NCR also said “NCR has certain concerns about the motivation of the purported whistleblower and the accuracy of the allegations it received, some of which appear to be untrue.”

Lastly, is the situation of two whistleblowers from the British company EADS. As reported by Carola Hoyos in a Financial Times (FT) article, entitled “Emails tell of fears over EADS payments”, Hoyos told the story of two men who notified company officials of allegations of bribery and corruption at the company and who suffered for their actions. The first, Mike Paterson, the then financial controller for an EADS subsidiary GPT, internally reported “unexplained payments to the Cayman Island bank accounts for Simec International and Duranton International, which totaled £11.5M between 2007 and 2009.” Hoyos reported that Paterson was so marginalized in his job that he was basically twiddling his thumbs all day at work.

The second whistleblower was Ian Foxley, a retired British lieutenant-colonel, who had joined the company in the spring of 2010 stationed in Saudi Arabia, to oversee a £2M contract between the British Ministry of Defence (MOD) and the Saudi Arabian National Guard. In December 2010, Foxley discovered some of the concerns which Mike Paterson had raised. According to Hoyos, “The morning after he discovered Mr. Paterson’s concerns he assessed the emails that Mr. Paterson had told him he had written over the previous three years.” This led Foxley to flee Saudi Arabia with documents of these suspicious payments, which he has turned over to the Institute of Chartered Accountants and the UK Serious Fraud Office (SFO).

What does the response of any of these three companies say about the way that it treats whistleblowers? Is it significantly different from the bullying Armstrong admitted he engaged in during his campaign to stop anyone who claimed that he was doping? While I doubt that companies will ever come to embrace whistleblowers, the US Department of Justice’s (DOJ’s) recent FCPA Guidance stated that “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” However, by marginalizing, attacking or even making a whistleblower fear for their life, such actions can drive a whistleblower to go the DOJ, Securities and Exchange Commission (SEC) or SFO. The Guidance recognized that “Assistance and information from a whistleblower who knows of possible securities law violations can be among the most powerful weapons in the law enforcement arsenal.”

So what is the compliance professional to make of the Armstrong confession and how can it be used for a compliance program? A recent White Paper, entitled “Blowing the Whistle on Workplace Misconduct”, released by the Ethics Resource Center (ERC) detailed several findings that the ERC had determined through surveys, interviews and dialogues. One of the key findings in this White Paper was that that a culture of ethics within a company does matter. Such a culture should start with a strong commitment to ethics at the top, however it is also clear that this message must be reinforced throughout all levels of management, and that employees must understand that their company has the expectation that ethical standards are vital in the business’ day-to-day operations. If employees have this understanding, they are more likely to conduct themselves with integrity and report misconduct by others when they believe senior management has a genuine and long-term commitment to ethical behavior. Additionally, those employees who report misconduct are often motivated by the belief that their reports will be properly investigated. Conversely, most employees are less concerned with the particular outcome than in knowing that their report was seriously considered.

This is the ‘Fair Process Doctrine’. This Doctrine generally recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. Considerable research has shown that people are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at by processes and procedures that are perceived as fair. Adhering to the Fair Process Doctrine in two areas of your Compliance Program is critical for you, as a compliance specialist or for your Compliance Department, to have credibility with the rest of the workforce.

In this area is that of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

This fairness has several components. One would be the use of outside counsel, rather than in-house counsel, to handle the investigation. Moreover, if company uses a regular firm, it may be that other outside counsel should be brought in, particularly if regular outside counsel has created or implemented key components which are being investigated. Further, if the company’s regular outside counsel has a large amount of business with the company, then that law firm may have a very vested interest in maintaining the status quo. Lastly, the investigation may require a level of specialization which in-house or regular outside counsel does not possess.

Phrasing it in another way, Mike Volkov, writing in his blog Corruption, Crime and Compliance, in an article entitled “How to Prevent Whistleblower Complaints”, had these suggestions: (1) Listen to the Whistleblower – In dealing with a whistleblower, it is critical to listen to the whistleblowers concerns. (2) Do Not Overpromise – At the conclusion of an initial meeting with a whistleblower, the company representative should inform the whistleblower that the company will review the allegations, conduct a “preliminary” investigation and report back to the whistleblower during, or at the conclusion of, any investigation. (3) Conduct a Fair Investigation – Depending on the nature of the allegations, a follow up inquiry should be conducted. The steps taken in the investigation should be documented.

I would add that after your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for the violation of any compliance policy. Simply put if you are going to fire employees in South America for lying on their expense reports, you have to fire them in North America for the same offense. It cannot matter that the North American employee is a friend of yours or worse yet a ‘high producer’. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

Lance Armstrong has and will continue to provide the ethics and compliance practitioner with many lessons. You can use his treatment of whistleblowers as an opportunity to review how your company treats such persons who make notifications of unethical or illegal conduct. With the increasing number of financial incentives available to persons to blow the whistle to government agencies, such as the SEC under the Dodd-Frank Act, it also makes very good business sense to do so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

February 1, 2013

Amnesty for Armstrong? Lessons for the Compliance Practitioner

The Lance Armstrong saga continues to provide many lessons for the compliance practitioner. A recent article on ESPN.com, entitled “Lance calls for amnesty program”, reported that Armstrong has come out in favor of those who openly speak about the doping culture of cycling, of course most notably him. The article stated “Now that doping has become such a big problem, Armstrong said a truth and reconciliation program is the “only way” to rid cycling of performance-enhancing drugs, and the sport’s governing body should have no role in the process.” In an interview given to Cyclingnews, it was reported that Armstrong said that the “best way forward is a truth and reconciliation process offering amnesty to riders and officials who detail doping in the sport.”

When asked which anti-doping agency should give this amnesty and which one should take such testimony Armstrong answered that “the program should be run by the World Anti-Doping Agency and not the U.S. Anti-Doping Agency (USADA), the body that produced a scathing report detailing systematic doping by Armstrong and his teams. The USADA report led to Armstrong being stripped of his seven Tour titles and banned from elite sport for life.” Not too surprising that Armstrong does not want to get anywhere near USADA given the report they released on him last summer. Armstrong stated that complete amnesty must be given “otherwise no one will show up.” Any chance that ‘no one’ he refers to would be himself?

While Armstrong’s idea of a ‘Truth and Reconciliation’ program may seem, well shall we say, a tad self-serving, the use of a suspended or lessened sentence has been successfully used to elicit testimony in the cycling world.According to the New York Times, USADA had “the ability to offer other cyclists reduced suspensions if they provided information about Armstrong’s doping. Similar to how prosecutors try to persuade lower-level drug dealers to share information about their superiors, the anti-doping agency sat down one by one with cyclists from Armstrong’s teams. Ultimately, 11 agreed to cooperate.” So I guess people will show up if you offer them some type of amnesty, just not the top banana.

What is the compliance angle to amnesty programs? Siemens used an amnesty program to help it investigate its worldwide bribery scheme. In November 2007, Siemens began an amnesty program relating to possible violations of anti-public-corruption laws in order to expedite the independent investigation and facilitate clarification. According to an article in the FCPA Blog, entitled “Siemens’ Employees Come In From The Cold”, Siemens began this amnesty program because its “internal investigation reportedly had stalled because of stonewalling by managers in various countries.”

In the first three months 66 employees came forward in connection with the amnesty program. In addition, a large number of employees received information about the program. “The amnesty program has been very successful” Peter Y. Solmssen, member of the Managing Board and General Counsel of Siemens AG said. He went on to say “We’re pleased that so many employees have made use of the program and are thereby expediting clarification.” By mid-January, 2008, Siemens’ counsel, Debevoise & Plimpton, said that “[s]ince November 28, 2007, we have obtained significant new information and developed very substantial leads from participants in Siemens’ amnesty program, as well as other sources, regarding topics relevant to our investigation.” Siemens itself said that information provided by the employees who ‘came in from the cold’ through this amnesty program gave it new leads to pursue in its internal investigation. At the end of the day, the Department of Justice (DOJ) lauded Siemens amnesty program, which it characterized as “innovative” in helping to further Siemens internal investigation.

Further, The Wall Street Journal (WSJ) reported in March 2008, in an article entitled “Siemens Amnesty Plan Assists Bribery Probe”, that the amnesty program “was offered to all employees except 300 of Siemens’s top executives and expired at the end of February [2008], prompted about 110 employees to offer information about alleged wrongdoing.” Under the amnesty program, the company did not make claims for damages or unilaterally terminate employee relationships. However, Siemens reserved the right to impose lesser disciplinary measures.

So what about Armstrong and his ‘Truth and Reconciliation’ idea? In the ESPN.com article, he intones that he is really the victim here. First of all, he feels that he is really the fall guy for the sport of cycling, because you know, everybody was doing it. He just did it better. He also said it was unfair that those who testified against him had received “minor off-seasons sanctions versus the death penalty” for himself. He was quoted as saying, “What is relevant is that everyone is treated equally and fairly. We all made the mess, let’s all fix the mess, and let’s all be punished equally.” That certainly sounds like someone who is repentant, doesn’t it?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

January 24, 2013

What is Your FCPA Investigation Protocol?

On Wednesday, at the ACI FCPA Bootcamp, there was an excellent presentation by Jay Martin, Vice President, Chief Compliance Officer (CCO) and the Senior Deputy Counsel for Baker Hughes Incorporated and Jacki Trevino, Senior Manager, Corporate Compliance at Fluor Corporation. I have heard both of them speak and I can assure you that they both know the Foreign Corrupt Practices Act (FCPA) and their compliance stuff. They both also always have a great power point presentation that you can take away from any presentation either one of them makes. Yesterday was no different on either score.

The topic of their presentation was “FCPA Compliance Best Practices: Success Stories of Robust and Effective Anti-Corruption Compliance Programs in High Risk Markets” and as you might guess from such a title, there was a significant amount of information discussed. Today, I wanted to focus on one part which dealt with investigation protocol. I think that one of the key lessons to be drawn from the ongoing Wal-Mart FCPA matter is that back in the 2006 time frame, when the corporate office was made aware of allegations of bribery and corruption regarding its Mexican subsidiary, the corporate office either did not have an investigation protocol in place, or perhaps even worse, it had one and disregarded it when the allegations bubbled up to Bentonville.

Trevino presented the Fluor investigation protocol which consists of the following five steps (1) Opening and Categorizing the Case; (2) Planning the Investigation; (3) Executing the Investigation Plan; (4) Determining Appropriate Follow-Up; and (5) Closing the Case. I recognize that if a case of significant bribery or corruption is uncovered that there may be more or additional steps that you may need to take. However if you follow this basic protocol, you should be able to work through most investigations, in a clear, concise and cost effective manner. Furthermore you should have a report at the end of the day which should stand up to later scrutiny if a regulator comes looking. Finally, you will be able to document, document, and document, not only the steps you took but why and the outcome obtained.

Step 1: Opening and Categorizing the Case. Under this first step, you should categorize the ethics and compliance violation. You should notify the relevant individuals, including those on your investigation team and any senior management members under your notification protocols. After notification, you should assemble your investigation team for preliminary meetings and assessments. This Step 1 should be accomplished in one to three days after the allegation comes into compliance, either through your reporting structure or other means.

Step 2: Planning the Investigation. After assembling your investigation team, you should determine the required investigation tasks. These would include document review and interviews. If hard drives need to be copied or documents put on hold or sequestered in any way, or relationships need to be analyzed through relationship software programs or key word search programs, this should also be planned out at this time. These tasks should be integrated into a written investigation or work plan so that the entire process going forward is documented. Also if there is a variation from the written investigation plan, such variation should be documented and an explanation provided as to why there was such a variation. Lastly, if international travel is involved this should also be considered and planned for at this step. This Step 2 should be accomplished with another one to three days.

Step 3: Executing the Investigation Plan. Under this step the investigation should be completed. I would urge that the interviews not be effected until all documents are reviewed and ready for use in any interviews. Care should be taken to ensure that an appropriate Upjohn warning is issued and that the interviewee clearly understands that whoever is performing the interview represents the company and not the person being interviewed, whether they are the target of the investigation or not. The appropriate steps should also be taken to preserve the attorney-client privilege and attorney work product assertions. This Step 3 should be accomplished in one to two weeks.

Step 4: Determining Appropriate Follow-Up. At this step the preliminary investigation should be completed and you are ready to move into the final phases. In some investigations, it is relatively easy to determine when the work is essentially complete. For example, if the allegation is both specific and narrow, and the investigation reveals a compelling and benign explanation for the conduct alleged, then the investigation typically is complete and you are ready to convene the investigation team and the relevant business unit representatives. This group would decide on the appropriate disciplinary steps or other actions to take. This Step 4 should be completed in one day to one week.

It must be cautioned that at this step, if there are findings of specific or discrete allegations of corruption and bribery, a decision must be made as how to handle such findings going forward.

Step 5: Closing the Case. Under this final step, you should communicate the investigation results to the stakeholders and complete the case report. Everything done in the above steps should be documented and stored, either electronically or in hard copy form together. The case report should be completed. This Step 5 should be completed in one day to one week.

With the growing number of reports to the Securities and Exchange Commission (SEC) Whistleblower program under Dodd-Frank, companies are under increasing pressure to get up and running quickly on any claim of bribery and corruption that is brought forward. By using the Fluor investigation protocol that Trevino has laid out, you will have a ready-made process in place to start from. If your company does not have such a protocol I would suggest that you tailor this process to fit the needs of your company. If your company does have an investigation protocol in place, I would suggest that you review it in need of the one that Trevino has presented to us.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

 

January 23, 2013

The FCPA Guidance on the Ten Hallmarks of an Effective Compliance Program

Many commentators are still mining the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) publication, A Resource Guide to the U.S. Foreign Corrupt Practices Act, (the “Guidance”), which was released last November. I continue to find nuggets to provide to the compliance practitioner, as do others. But as we are a Base 10 culture, today I want discuss the 10 points listed as the ‘Hallmarks of Effective Compliance Programs”. They are a change in style, but not content, from the prior 13 point minimum best practices that the DOJ has in the Deferred Prosecution Agreements (DPAs) since at least November, 2010 and, indeed, from prior information made available by the DOJ.

I.                   Where Have We Been

Beginning with at least the Metcalfe & Eddy Consent and Undertaking, filed in December, 1999, the DOJ has laid out its thoughts on what should go into a Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program. In the Metcalfe & Eddy Consent and Undertaking, the DOJ laid out ten points of an effective FCPA anti-corruption compliance program. This was modified somewhat in Opinion Release 04-02, which laid out a best practices compliance program in 12 points, where the DOJ reviewed the proposal by an investment group who were acquiring certain companies and assets from ABB Ltd. ABB Vetco Gray Inc. and ABB Vetco Gray (UK) Ltd., two of the entities being acquired, had previously pled guilty to FCPA violations. The investment group desired to protect itself from further liability, to the extent possible, by proposing to the DOJ a comprehensive best practices compliance program. While the DOJ noted that this compliance program was not a shield against future violations, the DOJ would not “intend to take an enforcement action [against the investors] for violations of the FCPA prior to their acquisition from ABB.”

In the Panalpina DPA, issued in November, 2010, the DOJ laid out a 13 point minimum best practices compliance program. This number was changed this past summer when the Data Systems & Solutions LLC (DS&S) DPA was announced. In this enforcement action the DOJ listed 15 points on its minimum best practices FCPA anti-corruption compliance program. Then later in the summer, the DOJ moved to a 9 point compliance program in the Pfizer DPA. Even with all these changes in the number, the substance of each compliance program has remained the same.

II.                Where Are We Now? Hallmarks of Effective Compliance Programs

The Guidance cautions that there is no “one-size-fits-all” compliance program. It recognizes that depending on a variety of factors such as size, type of business, industry and risk profile that a company should determine what is appropriate for its own needs regarding a FCPA compliance program. But the Guidance makes clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

  1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states that “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
  2. Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. The Guidance makes clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model. Some of the risks a company should assess include “the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.”
  3. Oversight, Autonomy, and Resources. This section starts with a discussion on whether a company has assigned a senior level executive to oversee and implement a company’s compliance program. Not only must a company assign such a person with appropriate authority but that person, and the overall compliance function, must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Additionally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
  4. Risk Assessment. The Guidance states that “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.” The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.”
  5. Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
  6. Incentives and Disciplinary Measures. This involves both the carrot and the stick. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.” These incentives can take the form of a part of senior management’s bonuses or simply recognition on the shop floor.
  7. Third-Party Due Diligence and Payments. Here the Guidance focuses on the ongoing problem area of third parties. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
  8. Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
  9. Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
  10. Mergers and Acquisitions. Pre-Acquisition Due Diligence and Post-Acquisition Integration. Here the DOJ and SEC spell out what it expects in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information is not something that most companies had previously focused on. Basically, a company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

As I commented earlier in this article, the DOJ and SEC have communicated what they believe are the important parts of a risk based, anti-corruption compliance program for many years. I do not think that a compliance defense could be set out any more succinctly. However, I do like things set out in Base 10 and the “Hallmarks of Effective Compliance Programs” is an excellent compilation of where we are and what you need in place to go forward. I recommend this as a good a starting point for any compliance practitioner to implement a new compliance program or to evaluate the state of an ongoing compliance regime so assess your company’s risks and use these hallmarks as a basis to move forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

« Previous PageNext Page »

Blog at WordPress.com.