Lee Surrenders and Hanson Wade’s Oil & Gas Supply Chain Compliance Conference

Today we celebrate one of the most momentous anniversary’s in the history of the United States, for it was on this day in 1865, 150 years ago, that Confederate General Robert E. Lee surrendered his Army of Northern Virginia to Union Commanding General Ulysses S. Grant at Appomattox Courthouse, effectively ending the American Civil War. Fighting continued for several more weeks to come, however with Lee’s surrender the Civil War had, in all intents and purposes, ended.

Lee and his troops were forced to abandon the Confederate capital of Richmond, they were blocked from joining the surviving Confederate force in North Carolina, and were harassed and outrun by Union cavalry, who took 6,000 prisoners at Sayler’s Creek. With desertions mounting daily the Confederates were surrounded with no possibility of escape. On April 9, Lee sent a message to Grant announcing his willingness to surrender and in the afternoon they met at the home of Wilmer McLean and agreed to the terms of surrender.

Although politicians would later change these terms quite dramatically, Grant is said to have told his officers, “The war is over. The Rebels are our countrymen again.”

Later this month, from April 28-30, Hanson Wade is putting on its annual conference in Houston. It is the “Oil and Gas Supply Chain Compliance” conference, now in its 5^th year, and once again the list of speakers is simply stunning. It includes the following Chief Compliance Officers (CCOs) and senior compliance folks: Dan Chapman, Cameron; Brian Moffatt, Ethos Energy, Jay Martin, Baker Hughes; Marcel De Chermont, Acteon Group, Jan Farley, Dresser-Rand; John Sardar, Noble Energy and a host of other luminaries in the field of Foreign Corrupt Practices Act (FCPA) compliance. Even if you live outside of Houston, the FCPA compliance talent at this event will rival any other event in the US and for such an event not held in Washington DC or New York City, it is simply outstanding.

Some of the panels and topics for discussion include: Applying Culturally Sensitive Approaches To Deliver A Core Compliance Methodology For A Variety Of Countries And Risks; How to Meaningfully Engage Your Business Operations in Taking Greater Compliance Ownership; Avoid The Risk Of Cavalier Behaviour Across The Supply Chain In The Face Of A Challenging Economic Climate; How To Deliver Cost-Effective, Risk Based, Function Specific Compliance Training; several in-depth presentations on Supply Chain and Third Party due diligence. These are but some of the sessions and there are many other excellent panels, sessions and speakers which I have not mentioned.

Recently the Event’s Chairperson, Dan Chapman, Vice President, Chief Ethics and Compliance Officer for Cameron, talked about some of the issues that will be discussed in this year’s conference. Chapman said, “Supply chain is, in my mind, a critical part of compliance and creating awareness throughout the business as to when and where you should apply compliance principles is a key focus. For me the industry has evolved in recent years, and our organizations tend to now have strong legal teams who understand anti-bribery and corruption legislation. Not only this, they now have the ‘tone from the top’. Where I feel that work needs to be done is practically embedding compliance into operational processes, and becoming a true and valuable partner to the business. With the current state of the oil price, we’re likely set for reduced budgets and increased risk, which makes it more important now than ever to share stories, materials and solutions to effectively mitigate compliance risk while enabling business delivery.”

I will be speaking at the conference on internal controls but I am extremely pleased to be co-leading an in-depth workshop on the third day of the event, with Joe Oringel, guest blogger and Managing Director at VisualRisk IQ. In our workshop, you will learn how to implement a system of data-driven monitoring controls and documents to measure the effectiveness of your compliance program and get you through a Securities and Exchange Commission (SEC) investigation. During our 3 hour session we will go into the weeds on the following:

• Understanding what internal controls are required under a best practices compliance program;
• Recognizing what FCPA enforcement actions tell us about internal controls in an anti-corruption compliance program;
• Getting to grips with what the SEC expects you to have in place;
• Competently documenting the effectiveness of your internal controls;
• Understanding best practices and a methodology for the use of data analytics in compliance and ethics organization;
• Prioritizing business and compliance questions that can be answered with analysis of digital data; and
• Identifying a learning plan and resources to enhance your team’s data analytics expertise

I hope that you can attend this most excellent FCPA conference with the two-day sessions on April 28 and 29 and the workshop day on April 30. Very few FCPA conferences focus on Supply Chain and the information that you will receive at this one will be first rate. Finally, Hanson Wade has allowed me to offer a 20% discount to readers of my blog. You can obtain it by entering the code TFLaw20 when you register online. For the conference brochure and full details regarding the agenda and registration, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Join Us For Hanson Wade’s Compliance Strategy Day

One of the best annual compliance and ethics conferences returns to Houston next month when Hanson Wade presents its 4^th Annual Oil & Gas Supply Chain Compliance Community Week from April 14-17. While one past participant labeled the conference as the “Best of the best compliance conferences I have attended in the past 3 years”, the company has expanded its offering to provide the compliance practitioner with a wide range of presentations tailored to a wide variety of needs.

As usual, the event features the best of Houston’s multi-talented compliance practitioners including Jay Martin, Chief Compliance Officer (CCO) from Baker Hughes Inc., Melissa Bohannon, Director of Logistics, Global Supply Chain – Weatherford International Inc., Kwesi Baiden, CCO at ENSCO Inc., Fred Ratliff, Senior Counsel, Anti-Bribery and Corruption – Shell Oil Company, Graham Vanhegan, Deputy General Counsel, Corporate and CCO from ConocoPhillips Co, Ron de los Santos, Regional Ethics and Compliance Manager – Americas at American Bureau of Shipping (ABS) and Kim Walker, Associate General Counsel & Deputy CCO – Transocean Inc.

In addition to the Houston talent, there will be a wealth of top compliance practitioners from outside the city of Houston; including, Arvind Sharma, Senior International Trade Counsel from Flowserve Corp, Mike Volkov of the Volkov Law Group, Bill Fischer, Vice President and Chief Legal and Compliance Officer from T.D. Williamson Inc., Bruce Thames, Senior Vice President and Chief Operating Officer from T.D. Williamson Inc. From the world of non-governmental organizations (NGO’s) working towards anti-corruption and anti-bribery there will be representation from the always popular and excellent speaker Alexandra Wrage and David Woodcock, Regional Director of the Securities and Exchange Commission’s (SEC) Fort Worth Regional Office. There are many other excellent and knowledgeable speakers who will be presenting the event.

Some of the topics over the two days of plenary sessions include the following: Ensure the ‘Tone from the Top’ meets the ‘Message in the Middle’ by hearing how ConocoPhillips, GE Oil & Gas, T.D. Williamson, Flowserve & Transocean embed a culture of compliance in their organizations. Understand how the compliance model has shifted and how you can develop more effective partnerships with your third parties with new collaborative insights from representatives from Weatherford. You will be shown how to overcome the inhibitors to effective risk management in a complex global supply chain by learning from Parker Drilling, Navex and Statoil. Learn how compliance can create added value that executives, middle management and employees can get behind by learning from in a very interesting, unique joint insight from T.D. Williamson’s COO and CCO. Discover what to do once you have opened Pandora’s box by looking at how National Oilwell Varco responded to issues when conducting a corporate acquisition. Discover how to get a better return on your compliance spend by learning how to deploy a risk-based due diligence program that is defensible and cost-effective with TRACE. Understand how to benchmark your compliance program with the best of the best by hearing industry-first insights from Fluor, Technip, Cameron and Shell compliance professionals.

There are two separate workshops that will provide specific insight into two keys areas. The first workshop is how to develop a blueprint to increase the effectiveness of your compliance training. It will be led by Arvind Sharma and Flora Francis, Senior Compliance Counsel, Global Compliance Leader at GE Oil & Gas. This workshop will address several different areas of concern such as: How you can continually manage compliance risk amongst your employees worldwide; understanding how often to refresh your programs and catching up with new employees; how you can more effectively identify and classify “at risk” positions and red flags. You will also obtain an understanding of how programs have been rolled out effectively across the supply chain; how to overcome the risk of training fatigue and increase the effectiveness of your training and finally how to develop your own blueprint to enhance the effectiveness of your compliance training.

In the second workshop you will hear about new approaches to ensure your trade compliance program does not leave your business exposed to charges of Foreign Corrupt Practices Act (FCPA) violations. It will be led by three noteworthy compliance practitioners: James Scott, Exports and Compliance Manager from Hydrasun Ltd., Ron de los Santos from ABS and Cindy Johnson, Global Trade Compliance Specialist from FMC Technologies Inc. In this session you will hear about keeping on top of evolving export control laws and managing programs across international borders; defining your export compliance for different departments, divisions and businesses with their implication for business growth; and installing the compliance ethos and training across cultures throughout an international organization. From these topics you will be able to identify your biggest risks and set in place an export control program to suit your business; develop an understanding of what you need to do to receive customs clearance more swiftly and effectively; and finally, you will discover the steps you need to take to ensure you are not leaving your business exposed in this critical area of compliance.

Hanson Wade has added a new feature this year, which I think takes this conference up to a notch above their usual excellent event. They have added a fourth day, entitled Compliance Strategy Day. Presentations on this day have been designed to give the attendee an interactive opportunity to explore the strategic considerations you need to be aware of when it comes to managing regulatory and enforcement risks over the next 12 months. On this day, attendees will have the opportunity hear directly from the SEC, as well as gain perspectives from those with experience at the Department of Justice (DOJ), and gain insights from both outside counsel and industry as to how to best manage these strategic risks.

I will be speaking on the Compliance Strategy Day, looking back, for some hindsight, at the compliance lessons we have learned over the past year and forward to how we can put those lessons to use. I will also provide an update of the current state of anti-corruption compliance in Latin America. So I hope that you can join us. 

You can find out more about this event, by clicking here. Readers of this blog are entitled to a discount to this event. To receive this discount, please enter the following code FOXLAW10.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Tribute to Leonard and Hanson Wade Supply Chain Compliance Europe 2013, Part II

Yesterday I introduced my tribute to Elmore Leonard and the upcoming Hanson Wade Supply Chain Compliance Europe 2013 Conference in London on November 4-7. Today we begin with Leonard’s Ten Rules for writing.

1. Never open a book with weather.

2. Avoid prologues.

3. Never use a verb other than “said” to carry dialogue.

4. Never use an adverb to modify the verb “said” . . .

5. Keep your exclamation points under control.

6. Never use the words “suddenly” or “all hell broke loose.”

7. Use regional dialect, patois, sparingly.

8. Avoid detailed descriptions of characters.

9. Don’t go into great detail describing places and things.

10. Try to leave out the part that readers tend to skip.

Why are these important for the compliance practitioner? It is because Codes of Conduct, compliance policies and procedures are all in writing. Even if you cannot write like a novelist, you can write in plain English. Do not simply get a policies and procedures written by lawyers for lawyers. Write them so that the business folks who are trying to do the right thing, can understand the obligations they are under. And think of Elmore Leonard when you are writing. If it doesn’t inspire you, it will put a smile on your face.

Along the lines of ‘keeping it real’ we continue with the Hanson Wade the interview of Paul Zietsman, Chief Compliance Officer (CCO) at Sasol. In today’s post, he shares his insights into the development of their new internal culture and attitude towards compliance after gaining ongoing board level buy in and investment.

What advice would you give to anyone who has just received a fine in their organisation, what should be their first steps on the road to recovery?

I think the very first thing would be to make sure what you have is support from your executive management or from your most senior body in your company.  Now, usually when a company has had an incident you would have that kind of support because everybody, especially the senior managers are under stress, as there might be personal liability for them. So, you usually have some level of support from them.  I think that should be the starting point.  You should first determine that level of support, particularly because without that support, you’re not going to be successful in anything you will do going forward.

At one of the meetings with CCO’s in South Africa I have attended a colleague was struggling with a internal compliance challenge and I asked him a couple of questions all catered around the support that they have from the senior management. We eventually realized that this was exactly the issue, he did not have the support. I have even told him that before he gained this support he couldn’t expect any progress, and everything that they were doing up till now was actually in vain and that they should first establish that support.

The next step is to clean out your house, it is important to have an investigation and to spend enough time really going through your business and making sure that there are no similar noncompliance or contradictions even in any part of your business.

Especially from a compliance officer’s perspective, it is important because we are in a constant battle to demonstrate value in our business, and we do not have a direct contribution to the bottom-line.  It is always difficult to show that value.

Now if you have another incident shortly after you’ve established or after you’ve started to improve your compliance function, when you are finding your feet, it could be detrimental to the compliance function. The company may feel that now operations are under way this should not occur again.

So therefore, I think that it is important to start on a clean slate and you can only start in a clean slate if you have done a thorough investigation, if you have really identified any further issues that might be in your business.

Then another thing is to also strengthen your government relationships by centralizing your reporting lines for you insurance providers. I know many of my colleagues would crucify me for saying that, because there is a certain belief that you can add more value by being present in the business and therefore you have to have a decentralized system.  But let me explain, when I say centralized, I don’t mean that you pull all your compliance officers who have identified issues back to the head office so there is no engagement with the business units.  All I am mean is that the reporting lines should be central and the incentives and the bonuses should not be determined by the business that they serve.

So for instance, at Sasol, all my compliance officers report through various managers into me, so they don’t report to the business at all.  But, they spend 80% of their time in the businesses.  So they’re really involved.  They know their businesses, and they can add just as much value to the business as other compliance officer that work in a decentralised model.

Here though, I have the benefit of ultimate control, and I have the benefit of my compliance officers not being influenced by objectives within the business units; which might not always be in line with good governance, but works for Sasol.

Then the last point for me here is not to lose balance.  We have seen that with quite a few companies and initially even at our company we’ve experienced this as just a natural reaction.  The moment you have an issue on something you need to focus all your attention just on that issue. For example, if you take a company that has had an incident with regards to bribery laws, they would mainly focus their compliance programme around bribery.  Quite often, they lose sight of the other risks and expose themselves because of this resulting in a great compliance programme focusing on one particular risk where they had an issue in the past, but leaving the guard open in other areas.  I think it is important to keep a balance here.  Do your investigation in the area in which you had an issue, but also improve strength in your compliance programme in general.

This way you will have a well-balanced programme that would include proper recertification up front so you will know what risks you are facing. Then you can design and implement a compliance programme that will deal with all of the risks going forward, not only the area on which you had an issue.

Sasol has operations in Africa, what would you say is the most challenging aspect of operating in Africa vs other regions?

You know if you ask this question to 90% of my colleagues, I think they would say that it’s bribery because bribery is the major issue in Africa, and I would to some extent, agree with them.  I am quite passionate about Africa.  So I do a lot of reading about Africa and I am quite knowledgeable about Africa based on that. I would agree with them that certainly one of Africa’s biggest challenges is bribery and corruption.

If only Africa could deal with that, it could be one of the most prominent continents in the world.  However, I would say from the compliance perspective it’s not that easy.  You can’t just say its bribery.  I think there is something deeper and that is really challenging.  To me it varies to extremes within Africa.  In the sense that, in one country, you will have some of the most sophisticated and refined laws dealing with a specific area while in the same country just in a another area will have absolutely no laws at all.

Then you also have a situation where you have certain countries with the most sophisticated laws but they just are not enforced, because they don’t have the skills and we don’t have the manpower to enforce them.  So it’s a matter of dealing with the unknown and I know a lot of companies entering Africa deal with these challenges, they feel as long as they are just managing the anti-bribery risk they should be okay.  The reality is that they are exposed to a number of other risks. It might not be as risky in the recent world because there is no guarantee of an enforcement, but you never know.  Anything can happen so it is really dealing with that unknown factor that is the most challenging.

What advice would you give to companies looking to open new operations in Africa?

Well based on what I just said, I think it is important not to underestimate Africa.  Yes, you might not have the kind of enforcement there that you would see in the rest of the developed world but I think you need to be prepared for that.  So I would say, implement your whole compliance programme, the same as you have in other locations in the world and launch that into Africa.  Then at the same time, while implementing the whole of your programme, put a specific emphasis on bribery because bribery is a major concern in Africa.  I think there are quite a few unique challenges regarding bribery in Africa.  For instance, the involvement of the government in business, even sometimes the government being involved, will be the catalyst to the payment of bribes in Africa.  That creates a lot of new challenges and you need to have a specially devised program dealing with that.

We had an incident recently in one of the African countries we were operating in, where the government itself requested us to make cash payments, per diem payments to the officials because they just didn’t have the kind of systems in place to support these payments themselves.  Now of course we couldn’t do that so we refused that and we had further discussions with them to see how we could get the money to them. That was initiated because of a specific requirement in terms of a particular law, but knew we couldn’t pay directly to the officials.  So you will certainly end up in situations like that and you need to have robust controls dealing with those kind of challenges which is fairly unique to developing countries like Africa.

Readers of this blog can receive a discount to the event. Use the code, FOXLAW10 when registering. For details and more information about the event, click here, or go directly to the HansonWade website.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Tribute to Leonard and Hanson Wade Supply Chain Compliance Europe 2013, Part I

Elmore Leonard died this week. He was certainly one of the most prolific authors of the second half of the 20^th Century, turning out a book a year for almost 60 years. Although he began his writing career penning short stories for Western fiction magazines, he gravitated to crime novels. But he was more than just a crime novelist. In his New York Times (NYT) obituary, entitled “A Novelist Who Made Crime and Art, and His Bad Guys ‘Fun’”, reporter Marilyn Stasio quoted from his recognition by the American Chapter of PEN, which said “his books are “not only classics of the crime genre, but some of the best writing of the last half-century.””

For me, reading Leonard was akin to reading Hemmingway, sparse and taut, direct clean writing. Leonard’s writing style is an instructive way to think about compliance so I considered Leonard and his ability to communicate in connection with the upcoming Hanson Wade Supply Chain Compliance Europe 2013 Conference in London on November 4-7. I have attended several HansonWade conferences and they have all been first rate. But one thing that stands out for me is that each conference has speakers which provide you with direct information that you can use in your compliance program.

Over the next two days I will write about an interview Hanson Wade conducted with one of the speakers, Paul Zietsman, who is the Chief Compliance Officer (CCO) at Sasol Ltd (SSL). In today’s post, he shares his insights into the company’s compliance journey since their fine 6 years ago and the lessons they have learned. In tomorrow’s post we will continue our tribute to Elmore Leonard and learn from Paul about the development of their new internal culture and attitude towards compliance after gaining ongoing board level buy in and investment.

Paul, can you start by telling us about your recent compliance experience?

I am a Chief Compliance Officer of Sasol since 2009.  Sasol is a multinational petrochemical company with listings in both Johannesburg and New York with at least 32,000 employees and we operate in 38 jurisdictions.  I initially started off at Sasol in the commercial department and eventually after the major incident we had on competition law, I was requested to head up a new project in the compliance area. Which involved improving our compliance function at the time.

Now, and over the past few years I have been exposed to various, interesting scenarios and certainly learned to manage compliance in the developing worlds. Since our head office is based in Johannesburg and we have quite a few businesses in Africa. At the same time I also have been exposed to fairly good global based practices, due to my interaction with other multinational companies in Europe and America as well as Australia. This interaction has involved discussions and key benchmarking exercises with my fellow chiefs of compliance at a number of multinational companies.

Paul, Sasol was one of the companies that, due to compliance issues, received a fine six years ago.  Could you tell about the journey since that fine for Sasol?

It’s a long journey and I do not think one will ever really reach the spot where you would say “that everything is perfect now” That said, we would certainly not have a similar incident again, moving forward it’s an ever evolving journey and we are always challenged to improve on what we have.  It was a very interesting journey, but we have come through it.

When I start off here in the compliance team we had only a small number of compliance officers who were not centralized or centrally based.  They operated within the business units. We’ve changed that around to a well skilled global compliance team with 22 resources, all reporting centrally into the compliance function core at head office.

This gives a general overview, but our plan also entailed specific actions that we have taken. For instance, a following clean-up investigation took place,  where we had to find out if there was any similar instances lurking somewhere in our business.  We also had to look at more robust compliance structures and specifically look at compliance in our various business units as well as our corporate structure.  We reviewed our former compliance framework and adopt a new one , which involved benchmarking our practices against others. I am pleased to have regularly interacted with my colleagues at various other multinational companies on a regular basis.  So I had something to measure our framework against.

I must say in my experience talking to these people at these other companies was totally positive and really surprising. I know that some companies are usually not that willing to share but, when it comes to compliance and it comes to doing the right thing, most of the compliance people are very willing to share.

The last point in our journey but a very important point; was to ensure we were effective in cementing our compliance program as a standing item on our board’s agenda.  It is important that the senior leadership of a company takes charge of the compliance program and that is exactly what we have done at Sasol.

The Hanson Wade event will have some of the top compliance practitioners from the US, Europe and Africa to speak on some of the biggest compliance challenges and solutions that you can implement to meet these challenges. For instance you will learn how to identify how to build and update a robust, real world global compliance program and embed it effectively from ConocoPhillips. You can hear about Shell’s perspective on how to move from theory to reality in implementing a practical risk-based compliance program. You will pick up tips on how to work effectively to ensure compliance in the world’s most complex operating environments. Other topics will include how to mitigate compliance risks when working with third parties through tight contract controls and specific information on how GE Oil & Gas rolled out their compliance program effectively, to achieve truly global compliance.

Readers of this blog can receive a discount to the event. Use the code, FOXLAW10 when registering. For details and more information about the event, click here, or go directly to the HansonWade website.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

From the Compact Model to the Luxury Model – Managing Your Third Party Risk

I am currently attending the Hanson Wade Oil and Gas Supply Chain Compliance conference in Houston. The event is excellent and the presentations have been ‘spot on’ for the nuts and bolts of how to do compliance. As the conference is in Houston, a number of the speakers and attendees are from energy companies but the concepts that are being discussed apply to all companies which have an anti-corruption or anti-bribery compliance program. One of the things that came through each of the presentations was that as compliance programs mature, many companies are developing programs which are more tailored towards the risks that companies face, which are ascertained through more sophisticated risk assessments and management of those risks.

This pattern is certainly consistent with the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) FCPA Guidance which says that a company should assess its risks and manage its risks. From this starting position, a company can then put together a well thought out and reasoned approach to Foreign Corrupt Practices Act (FCPA) compliance. Many of the presentations dealt with third parties and the differing responses and approaches companies have developed for the specific risks that they have uncovered.

Clearly third party risk mitigation through due diligence is key. How much due diligence is enough? One speaker said that it is a balancing call to determine the right amount. There were several presentations which spoke about the increasing use of technology to assist companies in this process. One speaker, a former federal prosecutor, said that one of the things that she looked for when a prosecutor was the ‘thoughtful analysis’ that the FCPA Guidance speaks about. To this end she believes that the human element will always be important because prosecutors want to see the thought process of not only how your program is designed but how you have crafted your risk mitigation based upon the information that you have assessed.

One of the speakers listed some of the factors to begin the review of your third parties. Recognizing that there is no one all-encompassing list, she suggested the following:

1. How many third parties do you have?
2. Where are these third parties located?
3. Industry or sector do you conduct business?
4. What is the relationship of the third party to a foreign government or state owned enterprise?
5. Are the owners of the third party related at all to government employees?
6. Is the use of the third party a business necessity or not? Why do you need to use sales representatives?
7. What are the reputations and qualifications of the third parties? Can they do what you need them to do from a commercial perspective?
8. How much control will you have over the third parties? Contrast the control that you have over sales agents with the lesser amount of control that you have over distributors and joint ventures.

From the answers to some of these questions you can begin to craft your third party due diligence inquiries. I was intrigued by one speaker who speech contrasted the steps that you might take with a lower risk third party with that of a higher risk third party. She likened the lower risk approach to that of a compact car and set out the following suggestions:

• Rank each third party by the risk you have assessed;
• Perform an Internet search on the third party;
• Perform reference checks on the third party;
• Interview control persons involved with the third party;
• Agreement to abide by anti-bribery and anti-corruption laws;
• Insert appropriate compliance terms and conditions in your third party contracts.

She contrasted the Compact model with what she termed the ‘Luxury model’ requirements of a third party program:

• Prioritize your third parties by risk;
• Appoint a Business Unit sponsor for each third party;
• Develop a detailed third party application;
• Perform an electronic records search on each third party;
• Also perform independent screening of each third party;
• Perform reference checks on each third party;
• Perform site visits and interviews of each third party;
• Have each third party acknowledgement your company’s Code of Conduct;
• Require each third party  to go through ethics training;
• Create a company committee, consisting of internal business, legal and compliance representatives to review your high risk third parties;
• Insert compliance terms and conditions into each third party contract;
• Require both internal and external audits of each third party;
• Perform annual updates on your third parties; and
• Perform quarterly electronic database rescreening.

There was also a discussion of some common Red Flags that you should be on the outlook for. They included:

• Excessive commissions paid to third parties;
• Unreasonable discounts given to third parties such as distributors;
• Vaguely described services in a third party contract or invoice back to your company;
• A third party which is in a different line of business than the one you want to hire to assist your company;
• Close association by the third party with a Foreign Official;
• Retention of the third party is required by a Foreign Official;
• The third party is a shell company located offshore; and
• Payments made to the third party are in a country different from the location where the third party’s services are delivered.

The concepts I derived from this presentation is that you should assess and manage your risks. If you determine them to be low, the Compact Model may work for you. If your third party risks are high, then the Luxury Model may be more appropriate. If you use a thoughtful and reasoned approach, you can navigate this area. But always Document, Document and then Document what you have done and why.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Don’t Spread Your Compliance Program Too Thin

“You do not want to be spread too thin”. When I heard that phrase a light bulb went off inside my head. It was uttered to me by Jan Farley, the Chief Compliance Officer (CCO) of Dresser-Rand. I asked Jan what he meant by the phrase and he explained that you cannot stretch your compliance program so thin that you try and cover everything; so that you miss the larger Foreign Corrupt Practices Act (FCPA) or UK Bribery Act risks that your company faces. I thought about Jan’s phrase in the context of the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance. I have written that under the FCPA Guidance companies should have carefully designed and well thought out compliance programs.

If your company’s sales model is to use third parties, that is probably your highest risk, then prioritize your time and compliance budget on managing that risk, initially before you move on to other compliance risks. Conversely, if your sales model is to use employees, then put your time and effort into managing that risk, through training and monitoring employees regarding their interactions with foreign officials. Do not spend your time, budget and energy on managing the risk of low to no-risk parties and issues. There is no substitute for carefully thinking through your company’s risk profile.

Jan is one of several current CCOs in Houston who began their compliance department careers at Baker Hughes working for Jay Martin. Prior to joining Dresser-Rand, he was the Senior Ethics and Compliance Counsel – Eastern Hemisphere for Baker Hughes stationed in London, England. During Jan’s tenure at Baker Hughes it paid the then largest fine ever for FCPA violations ($44MM in 2007).  Baker Hughes was under a very robust Deferred Prosecution Agreement (DPA) and a Corporate Monitor and expended a significant amount of time, money and effort on its compliance program. This experience gave Jan an in-depth view of the issues in implementing and working with a FCPA compliance program in the corporate setting.

Jan’s comments also echo something that I believe is clear from the Guidance: Don’t focus on the small stuff. Indeed the Guidance states, “Thus, it is difficult to envision any scenario in which the provision of cups of coffee, taxi fare, or company promotional items of nominal value would ever evidence corrupt intent, and neither DOJ nor SEC has ever pursued an investigation on the basis of such conduct.” In other words, do not waste your compliance time, resource or energy around these small issues. However, if these small issues are a part of a larger systemic or long standing course of conduct that violates the FCPA, then the DOJ may well look into these issues. You will want to show the DOJ you are focusing on the “big stuff”.

The Guidance also makes clear that each company should assess its risks and manage its risks. The Guidance specifically notes that small and medium-size enterprises likely will have different risk profiles and therefore different attendant compliance programs than large multi-national corporations. Moreover, this is something that the DOJ and SEC take into account when evaluating a company’s compliance program in any FCPA investigation. This is why a “Check-the-Box” approach is not only disfavored by the DOJ, but, at the end of the day, it is also ineffectual. It is because each compliance program should be tailored to the enterprise’s own specific needs, risks, and challenges.

In addition to being one of the many experienced compliance practitioners in Houston, Jan also speaks at various compliance conferences and events. He is doing so at the upcoming Hanson Wade Oil & Gas Supply Chain Conference in Houston from April 29 to May 2. Jan was recently interviewed in connection with the event.

Over the last year what changes have you seen with regard to FCPA implementation and enforcement action by the government?

Over the last year I haven’t seen any really big changes, but a steady course of enforcement of the laws and regulations. Of course, one of the big stories is the allegations against Wal-Mart out of Mexico. From that you can see how an issue raised in one country can call into question the potential for issues in other countries, and so you have a kind of knock-on effect and an expanded search for issues elsewhere.

Another big item this past year was the Department of Justice and SEC guidance issued in November. It is a very good consolidation of the information and views that have developed over the course of time. I think it is very beneficial to have and you should read and study it if you work in compliance.

A lot of people are also talking about the Department of Justice declination against pursuing any criminal penalties against Morgan Stanley. The DOJ acknowledged what a good anti-corruption program that Morgan Stanley had in place. I think that was the first time that had been specifically mentioned as a factor for declining to prosecute.

How has recent enforcement action and regulatory focus highlighted the need for an effective compliance program?

The enforcement actions over the last five or six years has been pretty steady. I think it’s clear that it’s not something that’s going to decrease any time soon. There is a steady focus in pursuing enforcement actions because the government is obtaining a lot of money from it and so that enables them to have the resources to keep pursuing these actions. So it will continue to be extremely important to have an effective compliance program.

What are the main challenges you face when it comes to remaining compliant?

I think giving the proper training and education to your employees and business partners regarding the importance of compliance with anti-corruption laws, and communicating the program to a diverse workforce across the world, whilst keeping the message fresh is a major challenge. In order to meet this challenge you’ve got to work to make the policies as simple and straightforward as they can be. Importantly, you want to be able to communicate those policies in the local language to be sure that they’re understood by your employees and business partners.

Also, it’s very important to have proper internal controls. You want to make sure that you’re closely reading your internal audit reports that your company is getting in the various countries. You can look to see what implications the reports have for your compliance program. And you want to make sure that internal audit is auditing for potential compliance issues.

I found Jan’s thoughts on don’t spread your compliance program too thin to be an excellent insight into how to assess and then manage the compliance risks that your company faces. His ideas echo the FCPA Guidance and put into words one of the very strong messages that is made clear throughout the Guidance. Take a look at your company’s risks and do not scatter your compliance resources everywhere or too thinly.

============================================================================================

For full details on the Hanson Wade 3rd Annual Oil & Gas Supply Chain Conference, click here. Readers of this blog are entitled to a discount on the registration charge. So use the code FOXLAW13 when registering.

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Happy Birthday FT and Welcome Hanson Wade

Yesterday celebrated an auspicious anniversary as it was the 125^th anniversary of the British newspaper, the Financial Times (FT), its first issue having been delivered on February 13, 1888. In England, and across the world, the FT is a venerated institution, beginning with its unique color for a print newspaper and, as you might guess from its name, a focus on all things financial. While we in the United States have the Wall Street Journal (WSJ), having a daily newspaper delivered to my door which reports on business, and other noteworthy events from around the world, from a British perspective certainly provides a matchless viewpoint to take a look at events, people and issues. As readers of this blog will recognize I get quite a bit of my material from the FT so it also a very useful resource to me writing about the Foreign Corrupt Practices Act (FCPA); the UK Bribery Act and compliance issues across the globe.

Although, perhaps, not quite as old as the FT, the English company Hanson Wade is putting on a peerless compliance oriented event here in Houston from April 29 to May 2. It is the 3^rd annual Oil and Gas Supply Chain Compliance Conference. Once again Hanson Wade will have the top FCPA and related compliance talent in Houston for two days of conferencing and one day of focused workshops. The sessions will feature such topics as the following: New ways to enhance your ability to identify and mitigate the risks posed by third parties by applying some of the creative approaches that GE Oil & Gas and Parker Drilling utilize to ensure compliance across a complex, global supply chain; Ensuring that your company remains compliant when operating in new, challenging locations by applying the latest regional intelligence and develop a practical guide with fresh insights from Fluor, Baker Hughes and Dresser-Rand; Achieving the cross-departmental collaboration that is needed to operate in total compliance;  Hear about the perspectives of compliance and supply chain professionals from Weatherford, Huntsman and Halliburton on how they manage conflicting priorities; Discover the strategies used by Flowserve and Apache to help them prioritize their focus and achieve a higher level of  compliance by quickly and effectively isolating and eliminating weak links in your supply chain; and Benchmarking  your activities against the latest and most innovative approaches used by ExxonMobil, BP, Fluor, KBR and Ensco in how they are delivering continual improvement in their own compliance programs.

Recently Jay Martin, Vice President (VP), Chief Compliance Officer (CCO) and the Senior Deputy General Counsel (GC) for Baker Hughes Incorporated spoke to Hanson Wade about some of the recent issues that have come up for him in his role and what he will be talking about at this year’s event.

Over the last year, what changes have you seen with regard to FCPA implementation and enforcement action by the government? There seems to have been an increased emphasis on the prosecution of individuals as opposed to a sole focus on corporations. There have also been a series of industry sweeps that have been part of the recent enforcement agenda.

How has this highlighted the need for an effective compliance program? The Morgan Stanley case and the recent guidance that was issued by the SEC and the DOJ on the FCPA made clear the importance of a company having a robust compliance program to manage FCPA risk. Recent enforcement actions have given considerable credit to companies that have had such programs and this is the first time we have seen the government actually giving more affirmative credit for good programs.

What one initiative have you implemented this year that allowed you to maximize your compliance program? We are continuously reviewing and upgrading our compliance program based upon new events such as new enforcement cases coming out and the issuance of the DOJ and SEC guidance document.

We are particularly proud of the advancements that we have made with the application of our FCPA compliance program to joint ventures. That has been our biggest initiative.

What are you going to be speaking on at the conference this year? I will be presenting on the different international regulations and how they impact your organization’s compliance program. It is imperative that companies continue to expand and upgrade their compliance programs because of the proliferation of anti-bribery legislation around the globe and the increased cooperation across borders of the enforcement authorities.

So today we celebrate one of the UK’s greatest institution’s the FT. I would only add to the celebration by saying, “Keep on truckin’”. While Hanson Wade is not as old as the FT, they put on, for my money, one of the top compliance events in Houston and use the top compliance talent in Houston, of which there is a considerable amount, to give you insight in to not only what you should do in terms of best practices but also what to expect going forward. I hope that you will mark the dates on your calendar to attend and that I will see you there.

For full details on the Hanson Wade 3rd Annual Oil & Gas Supply Chain Conference, click here. Readers of this blog are entitled to a discount on the registration charge. So use the code FOXLAW13 when registering.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013