Doing Compliance-The Book

I have consistently tried to bring a ‘Nuts and Bolts’ approach to my writing about compliance. Last year when describing some of my writing on the building blocks of a Foreign Corrupt Practices Act (FCPA) compliance program to my friend Mary Flood, she said “That’s great but what about actually doing compliance?” Fortunately for me, she did not ask how as there is no telling just how much hot water answering that question would have gotten me into! Her idea about writing a book which a compliance practitioner could use as a one-volume reference for the everyday work of anti-corruption compliance was the genesis of my most recent hardbound book, Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program. I am pleased to announce that the book is hot off the presses and now available for purchase through Compliance Week in the US and Ark Publishing in the UK.

Just as the world becomes more flat for business and commercial operations, it is also becoming so for anti-corruption and anti-bribery enforcement. Any company that does business internationally must be ready to deal with a business environment with these new realities. My book is designed to be a one-volume work which will give to you some of the basics of creating and maintaining an anti-corruption and anti-bribery compliance program which will meet any business climate you face across the globe. I have based my discussion of a best practices compliance program on what the Criminal Division of the US Department of Justice (DOJ) and Enforcement Division of the Securities and Exchange Commission (SEC) set out in their jointly produced “FCPA – A Resource Guide to the U.S. Foreign Corrupt Practices Act”, the FCPA Guidance, the ‘Ten Hallmarks of an Effective Compliance Program.” The FCPA Guidance wisely made clear that there is no ‘one-size-fits-all’ approach when it stated, “Individual companies may have different compliance needs depending on their size and the particular risks associated with their businesses, among other factors.” Thus, the book is written to provide insight into the aspects of compliance programs that DOJ and SEC assesses, recognizing that companies may consider a variety of factors when making their own determination of what is appropriate for their specific business needs.

This book does not discuss the underlying basis of the FCPA, the UK Bribery Act or any other anti-corruption or anti-bribery legislation. I have assumed the reader will have a modicum of knowledge of these laws. If not, there are several excellent works, which can provide that framework. The book is about doing business in compliance with these laws. As with all Americans, I appreciate any list that is deca-based, so the format of 10 hallmarks resonates with me. I have used this basic ten-part organization in laying out what I think you should consider in your anti-corruption and anti-bribery compliance program. In addition to presenting my own views in these areas, I also set out the views of both FCPA practitioners and commentators from other areas of business study and review. The book includes the following:

Chapter 1 – Where It All Begins: Commitment from Senior Management and a Clearly Articulated Policy against Corruption  It all begins at the Top, what should management say and do? ‘Tone at the Top’ is a great buzz word but how does a company truly get the message of compliance down through the ranks? This chapter discusses the techniques management can use to move the message of compliance down through middle management and into the lower ranks of the company.

Chapter 2 – Some Written Controls: Code of Conduct and Compliance Policies and Procedures  The Cornerstone of your anti–bribery/anti-corruption compliance program is set out in your written standards and internal controls which consist of a Code of Conduct, Compliance Policy and implementing Procedures. This chapter discusses what should be in the written basics of your compliance program and how best to implement these controls.

Chapter 3 – For the CCO: Oversight, Autonomy, and Resources The role and function of a Chief Compliance Officer (CCO) in any compliant organization cannot be overstated. Simply naming a CCO is no longer enough to meet even the minimum requirements of best practices. One of the key areas that the DOJ will review is how is a CCO allowed to fulfill his role. Does the position have adequate resources? Does it have autonomy and support in the corporate environment? Does the Board of Directors exercise appropriate oversight? This chapter reviews the Compliance Function, Oversight, Autonomy and Resources and relates structuring the compliance function in an organization.

Chapter 4 – The Cornerstone of Your Compliance Program: Risk Assessment It all begins here, as a risk assessment is the road map to managing your compliance risk. The implementation of an effective compliance program is more than simply following a set of accounting rules or providing effective training. Compliance issues can touch many areas of your business and you need to know not only what your highest risks are, but where to marshal your efforts in moving forward. A risk assessment is designed to provide a big picture of your overall compliance obligations and then identify areas of high risk so that you can prioritize your resources to tackle these high-risk areas first. This chapter discusses what risks you should assess, the process for doing so and using that information going forward.

Chapter 5 – Getting Out on the Road: Training and Continuing Advice Once you have designed and implemented your compliance program, the real work begins and you must provide training on the compliance program and continuing advice to your company thereafter. This means that another pillar of a strong compliance program is properly training company officers, employees, and third parties on relevant laws, regulations, corporate policies, and prohibited conduct. However merely conducting training usually is not enough. Enforcement officials want to be certain the messages in the training actually get through to employees. The expectations for effectiveness are measured by who a company trains, how the training is conducted, and how often training occurs. This chapter discusses getting the message of compliance out to your employees.

Chapter 6 – Do As I Do & As I Say: Incentives and Disciplinary Measures Any effective compliance program will use a variety of tools to help ensure that it is followed. This means that you must employ both the carrot of incentives and the stick of disciplinary measures to further compliance. How can you burn compliance into the DNA of your company? Discipline has long been recognized as an important aspect of a compliance regime but more is now required. This chapter relates structuring compliance into the fabric of your company through hiring, promotion of personnel committed to compliance and how to reward them for doing business ethically and in compliance with the FCPA.

Chapter 7 – Your Greatest Source of FCPA Exposure: Third Parties and How to Manage the Risk Third Parties are universally recognized as the highest risk in any compliance program. Indeed it is estimated that well over 90% of all FCPA enforcement actions involve third parties. Therefore it is important how to manage this highest risk for an anti-corruption program. This chapter provides a five-step process for the investigation and management of any third party relationship; from agents in the sales chain to vendors in the supply chain.

Chapter 8 – How Do I Love Thee: Confidential Reporting and Internal Investigations In any company, your best source about not only the effectiveness of your compliance program but any violations are your own employees. This means that you must design and implement a system of confidential reporting to get your employees to identify issues and then have an effective internal investigation of any issues brought to your attention. Your own employees can be your best source of information to prevent a compliance issue from becoming a FCPA violation. This chapter provides the best practices for setting up internal reporting and investigating claims of compliance violations.

Chapter 9 – How to Get Better: Improvement: Periodic Testing and Review Once you have everything up and running you still need to not only periodically oil but also update the machinery of compliance. You do this through the step of continuous improvement, which is the use of monitoring and auditing to review and enhance your compliance regime going forward. A company should focus on whether employees are staying with the compliance program. Even after all the important ethical messages from management have been communicated to the appropriate audiences and key standards and controls are in place, there should still be a question of whether the company’s employees are adhering to the compliance program.

Chapter 10 – Should I or Shouldn’t I? Mergers and Acquisitions The last thing you want to bring in through an acquisition is another company’s FCPA violation for which your company must pay the piper; also known as buying a FCPA violation. Effectively managing your mergers and acquisitions (M&A) process can help you to identify risk areas in a potential acquisition and then remediate any issues in the post-acquisition integration phase. This chapter gives you the most recent pronouncements on how to avoid FCPA exposure in this key area of corporate growth and to use the M&A function to proactively manage compliance.

Chapter 11 – A Few Words about Facilitation Payments One of the key differences between the US FCPA and UK Bribery Act is that the US law allows facilitation payments. However, in today’s interconnected world, to allow one part of your company to make facilitation payments while UK subsidiaries or others covered by the UK Bribery Act are exempted out from your standard on facilitation payments has become an administrative nightmare. This chapter explores what is a facilitation payment, how the policing of your internal policy has become more difficult and some companies which have been investigated regarding their facilitation payments. It also provides guidelines for you to follow should your company decide to allow them going forward.

So with thanks to Mary Flood for the idea, Matt Kelly, the Editor of Compliance Week for the publishing platform and Helen Roche & Laura Slater and the rest of the team at Ark Publishing for getting me through the publishing process in a professional manner, I am published to announce that Doing Compliance: How to Design, Create, and Implement an Effective Anti-Corruption Compliance Program is now available for purchase.

You can purchase a copy of Doing Compliance: How to Design, Create, and Implement an Effective Anti-Corruption Compliance Program in the US by clicking here. You can purchase a copy of Doing Compliance: How to Design, Create, and Implement an Effective Anti-Corruption Compliance Program in the UK by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. © Thomas R. Fox, 2014

Billy the Kid Begins and the GSK China Verdict

According to This Day in History, 139 years ago today, Billy the Kid was arrested for the first time, for theft. Billy the Kid was believed to have been born in New York City and was later taken out west by his mother. He was arrested on September 23, 1875 when he was found in possession of clothing and firearms that had been stolen from a Chinese laundry owner. Two days after he was placed in jail, the teenager escaped up the jailhouse chimney. From that point on Billy the Kid was a fugitive. He later broke out of jail and roamed the American West, eventually earning a reputation as an outlaw and murderer, allegedly committing 21 murders.

I thought about the start of Billy the Kid’s outlaw career and more particularly how it ended as I was thinking through some of the issues surrounding the GlaxoSmithKline PLC (GSK) bribery conviction in China last week. For instance, did GSK obtain a negotiated settlement with the Chinese government when it was announced that the company pled guilty to bribery and corruption and was fined almost $500MM by a Chinese court? Further, what lessons can be drawn from the GSK matter for companies operating in China and the compliance practitioner going forward? Today, I want to explore the lessons that a company might be able to draw from the GSK matter.

I think the first lesson to draw is that the Chinese government will focus more on companies than on individuals. Andrew Ward, Patti Waldmeir and Caroline Binham, writing in a Financial Times (FT) article, entitled “Pain from graft scandal likely to linger”, quoted Mak Yuen Teen, a corporate governance expert at the National University of Singapore for the following, “By handing suspended sentences rather than jail terms to Mark Reilly, GSK’s former head of China, and four of his top lieutenants, the court in Hunan province was holding the company more accountable than the individuals.”

However other commentators said, “GSK got off more lightly than expected for bribing doctors to prescribe its drugs.” The article went on to note, “People close to the situation denied that the outcome amounted to a negotiated settlement. But Bing Shaowen, a Chinese pharmaceuticals analyst, said it was likely that GSK made commitments on research and development investment and drug pricing to avoid more draconian treatment. A further FT article by Andrew Ward, Patti Waldmeir and Caroline Binham, entitled “GSK closes a chapter with £300m fine but story likely to run on”, cited Dan Roules, an anti-corruption expert at the Shanghai firm Squire Sanders, who said that he had expected the penalty to be harsher. Roules was quoted as saying “The fact that GSK co-operated with the authorities would have made a difference.” The article went on to say that Roules “pointed to GSK’s statement on Friday pledging to become “a model for reform in China’s healthcare industry” by “supporting China’s scientific development” and increasing access to its products “through pricing flexibility”.”

What about reputational damage leading to a drop in the value of stock? The market had an interesting take on the GSK conviction, it yawned. Moreover, as noted in the FT Lex Column “The stock market was never bothered. The shares moved little when the investigation, and then the fine, were disclosed.” Why did the market have such a reaction? The Lex Column said that one of the reasons might be that the “China may be too small to matter much for now” to the company.

Another lesson is one that Matt Kelly, editor of Compliance Week, wrote about in the context of the ongoing National Football League (NFL) scandal, in an article entitled “The NFL’s True Problem: Misplaced Priorities Trumping Ethics & Compliance”, when he said that a company must align its “core values with its core priorities.” GSK moved towards doing that throughout the last year, during the investigation into the bribery and corruption scandal in China. Although the Chief Executive Officer (CEO) of GSK, Sir Andrew Witty, has been a champion for ethical reform in both the company and greater pharmaceutical industry, the FT reporters noted that the China corruption scandal, coupled with “smaller-scale corruption allegations in the Middle East and Poland, has raised fresh questions about ethical standards and compliance.” If Witty wants to move GSK forward, he must strive to align the company’s business priorities with his (and the company’s) stated ethical values.

Which brings us to some of the successes that GSK has created in the wake of the bribery and corruption scandal. These successes are instructive for the compliance practitioner because they present concrete steps that the compliance practitioner can do to help facilitate such change. As reported by Katie Thomas, in a New York Times (NYT) article entitled “Glaxo to Stop Paying Doctors To Boost Drugs”, one change that GSK has instituted is that it will no longer pay doctors to promote its products and will stop tying compensation of sales representatives to the number of prescriptions doctors write, which were two common pharmaceutical sales practices that have been criticized as troublesome conflicts of interest. While this practice has gone on for many, many years it had been prohibited in the United States through a pharmaceutical industry-imposed ethics code but is still used in other countries outside the US.

In addition to this ban on paying doctors to speak favorably about its products at conferences, GSK will also change its compensation structure so that it will no longer compensate sales representatives based on the number of prescriptions that physicians write, a standard practice that some have said pushed pharmaceutical sales officials to inappropriately promote drugs to doctors. Now GSK pays its sales representatives based on their technical knowledge, the quality of service they provided to clients to improve patient care, and the company’s business performance.

In addition to the obvious conflict of interest, which apparently is an industry wide conflict because multiple companies have engaged in these tactics, there is also clearly the opportunity for abuse leading to allegations of illegal bribery and corruption. Indeed one of the key bribery schemes alleged to have been used by GSK in China was to pay doctors, hospital administrators and other government officials, bonuses based upon the amount of GSK pharmaceutical products, which they may have prescribed to patients. But with this new program in place, perhaps GSK may have “removed the incentive to do anything inappropriate.”

This new compensation and marketing program by GSK demonstrates that companies can make substantive changes in compensation, which promote not only better compliance but also promote better business relationships. A company spokesman interviewed the NYT piece noted that the changes GSK will make abroad had already been made in the US and because of these changes, “the experience in the United states had been positive and had improved relationships with doctors and medical institutions.”

In addition to these changes in compensation and marketing, Ward/Waldmeir/Binham, reported that GSK announced it would strive to be “a model for reform in China’s healthcare industry” by “supporting China’s scientific development” and increasing access to its products “through pricing flexibility”. They further stated “Rival companies will now be watching nervously to see whether more enforcement action takes place in a sector where inducements for prescribing drugs have long been an important source of income for poorly paid Chinese medics,” which is probably not going to be a return the wild west of bribery and corruption that occurred over the past few years in China. Bing Shaowen was quoted as saying that the GSK matter “is a very historic case for the Chinese pharmaceutical industry. It means that strict compliance will become the routine and the previous drug marketing and sales methods must be abolished.”

Whatever you might think of the GSK result, the company certainly ended its legal journey better in China than Billy the Kid did in New Mexico. But the company still faces real work to rebuild its reputation in China. Moreover, it still faces legal scrutiny for its conduct in the UK under the Bribery Act and the US under the Foreign Corrupt Practices Acct (FCPA). So stay tuned…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

What a Long Strange Trip It’s Been – The First 1000 Blog Posts

Yes, indeed the Grateful Dead can and does inform your compliance regime as today is my 1000^th blog posting on the FCPA Compliance and Ethics Blog. To say that I ever thought I would see this day or this many blog posts, would portend a level of clairvoyance that even Carnac the Great could not conceive of pontificating upon. I had struggled with a theme for this momentous accomplishment but my sublimely-grounded English wife brought me down from the ethereal clouds with the following suggestion, “Even an old dog can learn new tricks.” Nothing like being married to a younger woman.

So today, I want to write about some of the things I have learned on this 4+ year journey, which began in late 2009/early 2010 after a serious automobile/bicycle event (Box Score: Hummer-1 Tom-0) where about the only thing I had on my hands was time while I was at home convalescing. I started to explore the world of social media, engaging on Twitter, webinaring from my home office and blogging. I was so un-savvy in this arena that about the only positive thing my teenaged daughter could say about me was “Dad, you are so unhip, you are retro. But that is cool too.” The first thing I learned was that even a complete computer misfit and social media idiot could set up a blog on WordPress. It is not only easy but free. I cannot say with any pride that some of my early blogs were very good but I can say that for a lawyer, whose only skill was to be able to perform word processing in Microsoft Word, I could type and then upload a blog post into WordPress. At that point in my blogging career, that was a major accomplishment.

Although it did take some time, I learned how to stop writing like a lawyer, with full citations in each blog, coupled with as much lawyerese as I could manage, by finally adjusting to a blogging format. I also relearned an old lesson, which says that if you really want to learn about a subject, write on it. I remember one of the first things I learned when researching the Travel Act was that this Kennedy era law, passed largely through the efforts of Bobby Kennedy, was designed to help in the fight against organized crime. So who would say a 60 year old law cannot be used for a 21^st century purpose? Or maybe even a Watergate-era like the Foreign Corrupt Practices Act (FCPA) could not have an expansive use, beyond that for which it was passed in 1977? I also learned that if you put out solid content people will read and listen to what you have to say.

I learned there are some great people out there blogging in the ethics and compliance space. I have met some fabulous colleagues through my blogging who have not only been incredibly supportive but whom I now cherish as good friends. Some of them include Mike Koehler, the FCPA Professor, for his scholarly rigor and continued intellectual challenges. Dick Cassin, the Dean of FCPA bloggers, for his unflinching support to myself and so many others. Mike Volkov, former prosecutor and DC-insider, who is always around to bounce a tough question off. Howard Sklar, who was my This Week in FCPA podcast partner, until we lost him to the corporate world. Francine McKenna, a great and generous mentor for myself and many others and the go-to person all issues in and around the accounting world. Jim McGrath, the internal investigations guy, who brings a former state prosecutor’s perspective to how investigations should be handled and critiqued. Matt Ellis, whose focus on and insights into South America (as in – it’s not a country) continue to shine a light on anti-corruption issues south of the border. Matt Kelly, Editor of Compliance Week, who saves some great witticisms for his weekly blog posts. These are but a very few of the folks I am now privileged to call friends because of my blogging.

I learned that there is way too much white noise in the FCPA space. The FCPA Professor calls them FCPA Inc. and Mike Volkov derides them as the FCPA paparazzi. Whatever you might call them, they put out reams and reams of information, sometimes useful but many times not. What I have tried to do is synthesize some of the most useful for the Chief Compliance Officer (CCO), compliance practitioner or anyone else who does the day-to-day work of anti-bribery/anti-corruption compliance. There are many, many things you can know but a far smaller subset of what you need to know. I try to bring to the compliance practitioner what they need to know. That is why the subtitle of my blog is ‘The Nuts and Bolts of FCPA Compliance’. I have tried to write about things which the compliance professional can use in the everyday practice of compliance.

I have learned that blog posts, which I thought were the most important, may turn out to be the least viewed blogs. Conversely, posts I did not think would be of great interest turned out to have the largest number of one-day hits. For instance, the largest single number of one-day hits I had was an article from two years ago about the SNC-Lavalin corruption investigation in Canada. [For a blog about FCPA compliance-go figure.] The second largest number was a recent blog post using the GM internal investigation as an exploration in the differences between a corporate legal function and its compliance function.

I have learned that by committing to something, you become much better at it. My first year of blogging, I tried to put out 2-3 blogs per week but beginning in 2011, I committed to a daily blog post. Once I made that commitment, blogging became a part of my workday. Once it became a part of my workday, it was like any other project or assignment. I had to set aside the time to work on it. It has made me a much more efficient and better writer to know that I need write something, during my workday. Yes there have been times I was up at 5 AM to write a post or stayed up way past my school-night bedtime trying to crank something out but those situations have become few and far between as I became more disciplined about my blogging.

But most of all I have learned that blogging is fun. It is fun because it is a challenge to write about something in an informative and engaging manner. It is fun to tie a Shakespeare play to a compliance and ethics theme. It is fun to read a week’s worth of Sherlock Holmes’ stories and tie a compliance topic to a story each day for one week. It is fun to find out what happened this day in history and use it as a hook to grab your readers’ attention. It is fun to engage in a debate with the FCPA Professor on a topic of mutual interest, where we look at the same thing, yet see it from different perspectives. And it is fun when you meet someone for the first time and after you introduce yourself, they say to you “When is a rose, not a rose? When it’s a FCPA violation”.

Where will the next 1000 blogs posts take me? I have no clue but if they are as much fun as the first 1000 posts have been I hope that you will continue to join my on This Long Strange Trip.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Loyalty v. Fairness?

Ed. Note-today we have a guest post by that well known Code of Conduct maven, Catherine Choe.

It’s been years since I had a subscription for paper delivery of the news.  I read the news either on my computer or on my phone, and I tend to skim the headlines until I see one that interests me (usually an article on the most recent compliance & ethics failure).  A few weekends ago, I visited friends who still have the Sunday New York Times delivered to their home, and as I sipped coffee, leafing through their paper, I stumbled across an item I would have missed electronically:  “The Whistle-Blower’s Quandary.”

The authors of this piece, found in the Opinion section, are a trio of professors who did a series of studies on why and when people blow the whistle.  The article starts with an obligatory mention of Edward Snowden, and I almost moved onto the next item in the paper, but their definition of whistleblower caught my attention:  “research participants… [who] witnessed unethical behavior and reported it.”  This is the behavior we in C&E try to encourage among our employees, and so, intrigued, I kept reading.

In one of the studies, the participants were asked to describe a time that they witnessed an ethical failure, reported it, and why; they were also asked to describe a time that they witnessed an ethical failure, did not report it, and why.  In analyzing these responses, the authors found something interesting.  When the participants who reported ethical failures described their actions, they “use[d] ten times as many terms related to fairness and justice, whereas non-whistle-blowers [sic] use[d] twice as many terms related to loyalty.”  The short piece concludes that if we want our employees to come forward and report the ethical failures that they witness, we need to be emphasizing fairness and justice in our Codes of Conduct, communications, and training, as those are the concepts that encourage speaking up, where emphasizing loyalty will encourage silence.

This reminded me of one of Matt Kelly’s blog posts at Compliance Week, when Kelly reported the conversations that he facilitated with a group of CCEOs on the topic of cultivating C&E leadership. One of the CCEOs at the roundtable said, “The reward for good conduct is keeping your job.”  But as Kelly correctly notes, “That approach can convince an individual employee not to violate your Code of Conduct, to be sure. But it does not necessarily inspire him to call out other misconduct, when that is exactly what compliance officers desperately need.”  Kelly framed his post with the concept of allegiance, that what CCEOs need are employees who are allegiant, or loyal, to our companies, “people who will act as advocates for the company’s best interests.”

In his blog post, Kelly noted that expecting this level of loyalty from our employees may be a hard sell.  Modern companies exist to make money for their shareholders.  This has caused a situation where we’re all focused on hitting quarterly goals so that we don’t spook Wall Street.  It creates situations where companies don’t, or maybe can’t, exhibit any behaviors that would inspire the kind of loyalty we’re looking for in our employees.  We operate in a business culture where companies that prioritize the satisfaction of their employees are studied and celebrated like the rarities they are, but then we don’t emulate them.

Does the piece in the Times mean that we can stop worrying about loyalty and that we should instead focus on fairness and justice?  Nothing in life is ever that simple.

A few years ago, the Compliance and Ethics Leadership Council did research into what the leading indicators of misconduct are, i.e., the signs that tell us in advance that we’re more likely to find misconduct at our companies.  CELC found that that one of the top leading indicators of misconduct is when employees identify more closely with their individual work groups or departments than they do with the company as a whole.  (You can see versions of this at play in many Sales departments and in one of the justifications for violating the Foreign Corrupt Practices Act:  “this is how WE do business [insert relevant region here.]”)  In follow up research, CELC also found that one of the primary reasons employees don’t report the misconduct that they witness is because they don’t think that the company will do anything about it.  Employees don’t believe that there will be what CELC calls “organizational justice,” where wrongdoers get punished.

What all of this boils down to for me is that fairness and loyalty don’t oppose each other, as the professors posited.  Loyalty reflects fairness, is an accurate measure of how fair we are.  If we consistently enforce our own rules and standards of business conduct, employees will exhibit loyalty by speaking up when they see misconduct.  If they see evidence that the company takes its own rules seriously, employees will exhibit loyalty by following the company’s lead and also take the rules seriously.  If, however, we make exceptions in how we enforce our rules and standards of business conduct (e.g., we can’t fire John because he’s our top performer even though we know he’s unethical; we’re not going to dig deeper into why we were able to penetrate a new market so quickly because we only care about being successful and not how we were successful), employees will exhibit loyalty by keeping silent and enabling the misconduct.

If we can’t back them up with visible action, sprinkling the words “fairness” and “justice” instead of “loyalty” into our Codes and communications and training won’t inspire the kind of loyalty Kelly and his roundtable of CCEOs want.  “Actions speak louder than words” is a cliché for a reason.  It may be overused, but ignoring it or discounting it won’t make the underlying wisdom go away.

————————————————————————————————————————————————————————————————————

My eBook on the GSK bribery and corruption affair in China is out. You can purchase it for reading on your Kindle by clicking here.

————————————————————————————————————————————————————————————————————

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at cchoe@tflcompass.com

Compliance Week Needs Your Help!

Calling all FCPA and anti-corruption enthusiasts, Compliance Week needs your help! Compliance Week and Kroll Advisory have teamed up to undertake a major survey on corporate anti-corruption programs, and are asking compliance executives to participate.

The survey itself—the 2013 ‘Global Anti-Bribery Benchmarking Report’—can be found here:

http://surveys.harveyresearch.com/se.ashx?s=0D146E2D11F8D225

The survey should take no more than 20 minutes to complete. It asks about the bribery risks you have, procedures you use to train employees and vet third parties, the size of  your compliance team, and more. Rest assured, all submissions will be secure and anonymous (even Compliance Week won’t know who submits what specific results). The deadline to submit information is end of business on Friday, March 15.

Results of the survey will first be presented at the Compliance Week 2013 annual conference in Washington, May 20-22 (www.ComplianceWeek.com/conference), and later published in a special supplement of the Compliance Week magazine.

It’s no secret that finding good, reliable benchmarking data on compliance programs is no easy task, so do please help by participating. Anyone with questions can contact Compliance Week editor Matt Kelly at mkelly@complianceweek.com.

The Lilly FCPA Enforcement Action Part I – Key Lessons Learned on Sportsmanlike Conduct

As you see from today’s picture I am enthusiastically wearing a New England Patriots (classic) shirt. You may ask yourself why am I wearing this shirt? The reason is because of a rather rash wager I made with Jay Rosen, Vice President of Merrill Brink, earlier this month on the Patriots/Texans football game. (I also made the same wager with Matt Kelly, Editor of Compliance Week, who says he will use the photo for marketing Compliance Week 2013, good luck with that!) I can’t quite seem to remember the final score but I do recall that it was what we in Texas might call a full ‘butt-whoopin’. Up until that game, the Patriots were 19-1 at home in the month of December over the past ten years, after beating the Texans, they became 20-1. The key lesson I learned from this experience is to evaluate your risk and then manage that risk accordingly.

Earlier this month, the Securities and Exchange Commission (SEC) announced the settlement of the Eli Lilly and Company’s (Lilly) violations of the Foreign Corrupt Practices Act (FCPA). The enforcement action details a number of bribery schemes that Lilly had engaged in for many years in multiple countries. Indeed Lilly used four different styles of bribery schemes in four separate countries; all of which violated the FCPA. In China, corrupt payments were falsely called reimbursement of expenses; in Brazil, money that was characterized as a discount for distributor was used to pay a bribe; in Poland, charitable donations were falsely labeled and used to induce a Polish government official to approve the purchase of Lilly products; and, finally, Lilly’s subsidiary in Russia, paid bribes to Offshore Agents who were domiciled outside Russia and who performed no services for which they were compensated.

I think the most noteworthy information found in this enforcement action is that it provides significant guidance to the compliance practitioner on not only the different types of bribery schemes used, but more importantly, by reading into the types of conduct the DOJ and SEC finds violates the FCPA, it is valuable as a lesson on how to structure tools to manage FCPA risks going forward. In this post I will detail the bribery schemes that Lilly engaged in and in Part II, I will discuss how the Lilly enforcement action should inform your FCPA compliance program.

I.                   China – Use of False Expense Reports to Cover Improper Gifts and Cash Payments

In China, Lilly employees used the classic system of submitting inflated expense reports and using the excess reimbursements to pay bribes. More ominously, not only did the sales representatives engage in this tactic but their supervisors did and also instructed subordinates to do so as well. The list of gifts that were provided to Chinese government officials was as wide ranging as it was creative. There were gifts consisting of specialty foods, wines and a jade bracelet. There were paid trips to bath houses, karaoke bars and spas. There was money paid to purchase “door prizes and publication fees to government employed physicians.” It was even noted that bribes were paid consisting of cigarettes. In the SEC complaint it stated that “Although the dollar amount of each gift was generally small, the improper payments were wide-spread across the [China] subsidiary.”

II.                Brazil – Use of Distributor Discounts to Fund Bribes

In Brazil, Lilly sold drugs to distributors who then resold the products to both public and private entities. It was the classic distributor model where Lilly sold the drugs to the distributors at a discount and then the distributors would resell the products “at a higher price and then took their discount as compensation.” There was a fairly standard discount given to the distributors which generally ranged “between 6.5% and 15%, with the majority of distributors in Brazil receiving a 10% discount.”

However in early 2007, at the request of a Lilly sales manager, the company awarded an unusually high discount of between 17% and 19% to a distributor for the sale of a Lilly drug to the government of one of the states of Brazil. The distributor used approximately 6% of this additional discount to create a fund to pay Brazilian government representatives to purchase the Lilly drugs from him. Further, the Lilly sales manager who requested this unusual discount was aware of the bribery scheme. Moreover, this increase in the discount was approved by the company with no further inquiry as to the reason for the request or to substantiate the basis for such an unusually high discount. If there were any internal controls they were not followed.

III.             Poland – Use of Charitable Donations to Obtain Sales of Drugs

In Poland we see our old friend the Chudow Castle Foundation (Foundation). You may remember this charity as it was the subject of a prior SEC enforcement action involving Schering-Plough Corporation. The thing that got both Lilly and Schering-Plough into trouble was that the Foundation was controlled by the Director of the Silesian Health Fund (Director) and with this position he was able to exercise “considerable influence over the pharmaceutical products local hospitals and other health care providers in the region purchased.”

Just how did this bribery scheme camouflaged as a charitable donation work? Initially it started while Lilly was in negotiations with the Director for the purchase of one of Lilly’s cancer drugs for public hospitals and other health care providers in the region. The Director actually made a request for a donation directly to representatives of Lilly. Thereafter, the Foundation itself made “subsequent requests” for donations.

In addition to this obvious red flag, Lilly did no due diligence on the Foundation and falsely described the nature of the payments not once but three separate times with three separate descriptions. Lilly turned some of the monies over not to the Foundation, but to the Director for use at his “discretion”. Interestingly, the donations were not only made at or near the time of a contract execution, with one donation being made two days after the Director authorized the purchase of the drugs from Lilly.  Internally Lilly even discussed the size of a donation, calling it a “rebate” and said “it will depend on the purchases of medicines.”

IV.              Russia – Use of Offshore Agents Who Performed No Services

As with Brazil, Lilly used a distributor sales model in Russia. However, there was a further twist which got Lilly into FCPA hot water. Lilly would enter into an agreement with a third party other than the distributor who was selected by the government official making decisions on the purchase of Lilly products. The other third parties were usually not domiciled in Russia, nor did they have bank accounts in Russia. In other words, they were Offshore Agents who were paid a flat fee or percentage of the total sales with no discernible work or services performed.

There was little to no due diligence performed on these Offshore Agents. In one instance, detailed in the SEC Complaint, Lilly ran a Dun and Bradstreet report on a third party agent, coupled with an internet search on a third party domiciled in Cyprus. There was no determination of the beneficial ownership of this Offshore Agent nor was there any determination of the business services which this Offshore Agent would provide, subsequently this . This Offshore Agent was paid approximately $3.8MM. An additional  Offshore Agent, again in Cyprus, which Lilly conducted little to no due diligence on, received a $5.2MM commission. Under another such agreement, yet another Cypriot Offshore Agent received a commission rate of 30% of the total sale.

What about the services that these Offshore Agents provided to Lilly? First and foremost, they all had their own special “Marketing Agreement” which was actually a template contract prepared by Lilly. The services allegedly provided by these Offshore Agents included “immediate customs clearance” or “immediate delivery” of the product. There were other equally broad and vague descriptions such as “promotion of the products” and “marketing research”. But not only was there little if no actual evidence that these Offshore Agents provided such services; Lilly, or its regular in-country distributors, actually performed these services.

Unlike their experience in Poland, officials from Lilly simply inquired directly from government officials with whom it was negotiating if it could “donate or otherwise support various initiatives that were affiliated with public or private institutions headed by the government officials or otherwise important to the government officials.” As noted in the SEC Complaint, Lilly had neither the internal controls in place nor performed any vetting to determine whether it “was offering something of value to a government official for the purpose of influencing or inducing him or her to assist Lilly-Vostok in obtaining or retaining business.”

In my next post I will discuss how the compliance practitioner can use the information and facts presented in the Lilly enforcement action as teaching points to evaluate and enhance a company’s compliance program.

Although I rarely agree with Peggy Noone, I always read her Saturday column in the Wall Street Journal (WSJ) and would like to end my blogging year with the closing paragraph, which I quote in full, from her article entitled “About Those 2012 Political Predictions”:

Lesson? For writers it’s always the same. Do your best, call it as you see it, keep the past in mind but keep your eyes open for the new things of the future. And say what you’re saying with as much verve as you can. Life shouldn’t be tepid and dull. It’s interesting—try to reflect the aliveness in your work. If you’re right about something, good. If you’re wrong, try to see what you misjudged and figure out why. And, always, “Wait ’til next year.”

A safe and Happy New Year to all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

How the Noir Novel Informs Your Compliance Program

In the Work Matters column in the December 3 Issue of the Texas Lawyer, in an article entitled, “Ten Phrases Lawyers Hear That Portend Disaster” author Michael Maslanka explored his love of noir fiction, which I share, through listed 10 phases that show the “it” so famous in noir novels is coming. The ten warning signs that he listed are as follows:

1. “Isn’t it obvious?” I hear this from managers when a company refuses to hire a disabled applicant, as in, “Isn’t it obvious that a man with one arm can’t do this job?” The manager unwisely forecloses the inquiry required by the Americans With Disabilities Act: An employer must determine if the employee can perform the essential functions of the job, with or without a reasonable accommodation.

Another example is when a supervisor says, “Isn’t it obvious that we don’t want to hire a convicted felon for this job?” That person unwisely ignores the EEOC’s new emphasis that automatic exclusion of an applicant with a criminal record may be a proxy for race discrimination.

2. “This is a no-lose case with a guaranteed two-comma verdict.” Listen to this quotation from Proverbs 28:20: “[H]e that maketh haste to be rich shall not be innocent.” Isn’t that the truth?

From the fictional Gordon Gekko to the all-too-real Bernie Madoff, those who greedily grasp after riches may be slow to reveal their lack of integrity. They show their true character only under careful attention and scrutiny. The best antidote: Be a person of character. As W.C. Fields wisely remarked, “You can’t cheat an honest man.”

3. “We must decide today!” Here is the greatest enemy of an integrity-based decision: time pressure. “Fire the employee now!” “We have to get this order of widgets out by 5 p.m. — no ifs, ands or buts.”

To paraphrase H.L. Mencken, decisions made under unnecessary time pressures usually are “swift, sure, and wrong.” When under pressure to do something “now,” the wise attorney should ask the client, “If we had 10 times as much time to make this decision, would it be the same decision?”

4. “That’s the other side’s problem.” I hear this from time to time, and I bet many lawyers do. These two statements always are cause to take a timeout:

• “That’s not our problem; it’s the other side’s problem”

• “Let them worry about that.”

When people start saying things like that, ask whether they’re doing so because the statements are true or because the underlying issue involves unpleasant facts that it’s easier not to acknowledge. Recall Ben Franklin’s wise advice: “Half a truth is often a great lie.”

Litigators and deal makers hear phrases like these. Events are percolating along, and someone on the team asks, “Should we be doing this?” or “Does the other party know about this issue?” When the question answers itself, it’s time for the lawyer to ask whether truth or convenience is driving the client’s position. Convenience never trumps ethics.

5 “Everybody else is doing it.” Here is just some of what I have heard in 31 years of practicing law:

• “Companies in my industry don’t pay overtime, so why should I?”

• “The guy with the company down the road fired the union organizer among the employees, and nothing happened to him.”

• “Don’t tell me what I can’t do; I’m paying you for telling me what I can do.”

Those who win the race to the bottom still lose. Stephen Cope, in his book “The Great Work of Your Life: A Guide for the Journey to Your True Calling” explains that “The Bhagavad Gita” teaches that it is better to follow one’s true dharma and fail than to follow others’ false dharma and succeed monetarily. And, let’s face it: The truth comes out in the end.

6. “We can’t change course now. We have too much invested.” This is false-dichotomy territory. How can a lawyer break through this either/or mindset? Mary C. Gentile offers advice in her book, “Giving Voice to Values: How to Speak Your Mind When You Know What’s Right.” She suggests changing the frame. Reject “We did not get what we wanted.” Embrace “What did we learn from this experience?”

Failing to do so conjures up, for me, lines from W. H. Auden’s “The Age of Anxiety”: “We would rather be ruined than changed/We would rather die in our dread/than climb the cross of the moment/and let our illusions die.” Change course. It’s the smart play.

7. Another pair of eyes on the project? You’re joking, right? What a waste.” True, projects are overlawyered and overanalyzed. But active resistance to advice is a telling sign that something maybe seriously amiss. Take it as a warning to press all the more for that other set of eyes.

An ostrich-like attitude of self-delusion can lead to disaster. Listen to Proverbs 1:30-31: “They would none of my counsel: they despised all my reproof. Therefore shall they eat the fruit of their own way, and be filled with their own devices.”

8. “We’ve always thought about it this way, and we always will.” I can do no better than Justice Felix Frankfurter, who decided a legal issue one way in 1943 and then completely reversed course in 1949. He gave this explanation in his opinion in Henslee v. Union Planters Bank: “Wisdom too often never comes, and so one ought not to reject it merely because it comes late.” Genius.

9. “It is what it is.” Huh? This phrase now is used principally by those who want to sound insightful and wise but who are just dazed and confused. Only Buddhist monks are allowed to talk like Buddhist monks.

10. “You are the most wonderful person I have ever met. We were meant to start this business/do this deal/win this suit.” Beware flattery without facts, especially when it comes too fast, too soon. It is a sign of a sociopath. They target their victims (people they can use), compromise their targets’ integrity, exploit them and toss them aside when finished. The whole cycle starts with false flattery.

These also have application for the compliance practitioner. If you hear a third party mention any of these, either in the due diligence process or in your relationship going forward, you need to drop what you are doing and begin an investigation. If you hear anyone in your company utter these, move post-haste as well. But most of all, these phrases should remind you just how great this classic American fiction is and how you can use it to inform your compliance program.

===========================================================================================

For those of you unaware, the Houston Texans will play the New England Patriots in Foxboro this weekend. I have friendly wagers with two of my favorite Patriot fans, Matt Kelly, Editor of Compliance Week and Jay Rosen, Vice President, Language Solutions Merrill Brink International. For the Compliance angle, see the piece by Matt entitled, “Sportsmanlike Conduct”. Go Texans!

===========================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

More Wisdom from the Bribery Act Guys

Ed. Note-today we host our colleague Matt Ellis who reports on the recent World Compliance event where the Bribery Act guys spoke. This article originally appeared in Matt’s blog, FCPAméricas Blog, which we reprint, in its entirety with his permission. 

In FCPAméricas’s last post, it gave highlights from Tom Fox at the World Compliance FCPA Summit 2011 in Houston, TX. At the same seminar, the Bribery Act Guys (UK attorneys Barry Vitou and Richard Kovalevsky QC) offered their own wisdom.

 Transitioning Away from Facilitating Payments

While it is commonly known that, unlike the FCPA, the UK Bribery Act prohibits facilitating payments, the Bribery Act Guys offered insight into how the Serious Fraud Office (SFO) will give companies time to bring their practices into compliance. The SFO has offered a 6-step guidance. The Bribery Act Guys explain that, “If the answers to these questions are satisfactory then the corporate should be shielded from prosecution”:

Whether the company has a clear issued policy regarding such payments;

1. Whether written guidance is available to relevant employees as to the procedure they should follow when asked to make such payments;
2. Whether such procedures are being followed by employees;
3. If there is evidence that all such payments are being recorded by the company;
4. If there is evidence that proper action (collective or otherwise) is being taken to inform the appropriate authorities in the countries concerned that such payments are being demanded;
5. Whether the company is taking what practical steps it can to curtail the making of such payments.

Corporate Hospitality under the UK Bribery Act

The Bribery Act Guys report that, when deciding whether a specific corporate expenditure falls outside of the bounds of reasonable and proportionate hospitality, the SFO will look to see whether:

the company has a clear issued policy regarding gifts and hospitality;

1. the scale of the expenditure in question fell within the confines of such policy and if not, whether special permission for it had been sought at a high level within the organization;
2. the expenditure was proportionate with regard to the recipient;
3. there is evidence that such expenditure had been recorded by the company; and,
4. the recipient was entitled to receive the hospitality under the law of the recipient’s country.

Predictions on UK Bribery Act Enforcement in Coming Months

The Bribery Act Guys have built a good track record with their predictions. They correctly predicted the delay on UK Bribery Act guidance, dismissed suggestions that the Bribery Act would be canned and said that the SFO would survive when others thought it would not.

They have now offered their predictions on enforcement activity. These predictions are timely since the UK Bribery Act just went into force on July 1, 2011 and applies only to conduct occurring after that date (although enforcement may incorporate prior activity if it is part of a ongoing “system” of wrongdoing). Will they get these ones right too?

Proceedings against Foreign Companies. The Director of the SFO, Richard Alderman, has a personal commitment to enforcement similar to that of U.S. Department of Justice Assistant Attorney General Lanny Breuer. Both regulators see their jobs as crusades. As such, Alderman is concerned less with proceeding against “low hanging fruit” and more in pursuing the harder cases that test the limits of the UK Bribery Act, especially with respect to extraterritorial jurisdiction. As a result, the Bribery Act Guys predict several proceedings against foreign companies so that the SFO can “level the playing field,” similar to the approach taken by U.S. enforcement.

1. Alderman’s Successor Might Seek to Bring in Money. After Alderman departs in Spring 2011, his successor might look to bring easier, lucrative cases. The SFO is highly underfunded, a fact that has impeded its ability to fully flex its muscles. Revenue from cases can change that.
2. Focus on Individuals. Like U.S. authorities, the SFO will focus on prosecuting individuals. For example, if a company discloses prior bribery of an acquiree discovered in acquisition due diligence, it can obtain a clean bill of health going forward. The individuals authorizing the scheme for the seller, on the other hand, will likely be prosecuted. Likewise, the target may also be subject to enforcement proceedings to recover the benefits of the proceeds of crime.
3. The Announcement of First Major Cases Will Take Time. It will likely take at least a year for major SFO prosecutions to be announced. This is because, broadly speaking, the SFO only announces actions at a very advanced stage or after it has concluded the investigation.

When the SFO Can Use UK Subsidiaries to Assert Jurisdiction over U.S. Parents

For the UK Bribery Act offenses of bribing, receiving a bribe, and bribing a foreign public official, it is, generally speaking, harder to assert jurisdiction over an overseas parent (unless the activity takes place in the jurisdiction). But for the offense of failing to prevent bribery, the SFO has more leeway in asserting jurisdiction over the parent through its UK subsidiary, even if the subsidiary is not directly involved in the scheme.

The SFO takes the view that, the less autonomous the UK subsidiary’s operations are from those of the U.S. parent, the more authority the SFO has to bring a case, even if the bribe was committed in a third country by an entirely different subsidiary. In other words, the more common the management and services functions between the UK subsidiary and the U.S. parent, the stronger the jurisdictional basis for proceeding against the parent. The extent of the connection will likely be tested in the courts.

============================================================================================

Matt Ellis, Principle and Founder of the law firm of Matteson Ellis Law, PLLC. He blogs at the  FCPAméricas Blog, a blog that explores corruption issues throughout Latin America and speaks to the companies and business-people in the region seeking to comply with international anti-corruption norms. He can be reached via phone at 1.855.FCPA.LAW.

Using HR to Change your Company’s Compliance DNA

In his Editor’s View column, in the August issue of Compliance Week, entitled, “Compliance, Collaboration and HR”, Matt Kelly wrote about the interaction of Compliance Departments and Human Resources (HR). He noted that while Compliance Departments may look to HR to support internal investigations, HR can also be used to assist in “molding company culture.” However, it is rarely used for this function. I heartily agree with Matt’s sentiments. In addition to supporting internal investigations, I believe that HR can be used in some of the following ways to assist the Compliance Department. It can be a key component in changing or maintaining your company’s compliance DNA.

Training

 A key role for HR in any company is training. This has traditionally been in areas such as discrimination, harassment and safety, to name just a few, and, based on this traditional role of HR in training, this commentator would submit that it is a natural extension for HR’s function to expand to the area of Foreign Corrupt Practices Act (FCPA) compliance and ethics training. There is a training requirement set forth in the US Sentencing Guidelines and companies are mandated to “take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.”

What type of training should HR utilize in the FCPA compliance and ethics arena? The consensus seems to be that there are three general approaches which have been used successfully. The first is the most traditional and that is in-person classroom training. This gives employees an opportunity to see, meet and interact directly with the trainer, not an insignificant dynamic in the corporate environment. It can also lead to confidential discussions after such in-person training. All FCPA compliance and ethics training should be coordinated and both the attendance and result recorded. Results can be tabulated through short questionnaires immediately following the training and bench-marked through more comprehensive interviewing of selected training participants to determine overall effectiveness.

Employee Evaluation and Succession Planning

What policy does a company take to punish those employees who may engage in unethical and non-compliant behavior in order to meet company revenue targets? Conversely what rewards are handed out to those employees who integrate such ethical and compliant behavior into their individual work practices going forward? One of the very important functions of HR is assisting management in setting the criteria for employee bonuses and in the evaluation of employees for those bonuses. This is an equally important role in conveying the company message of adherence to a FCPA compliance and ethics policy. This requirement is codified in the US Sentencing Guidelines with the following language: “The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.”

Does a company have, as a component of its bonus compensation plan, a part dedicated to FCPA compliance and ethics? If so, how is this component measured and then administered? There is very little in the corporate world that an employee notices more than what goes into the calculation of their bonuses. HR can, and should, facilitate this process by setting expectations early in the year and then following through when bonuses are released. With the assistance of HR, such a bonus can send a powerful message to employees regarding the seriousness with which compliance is taken at the company. There is nothing like putting your money where your mouth is for people to stand up and take notice.

In addition to employee evaluation, HR can play a key role in assisting a company to identify early on in an employee’s career the propensity for compliance and ethics by focusing on leadership behaviors in addition to simply business excellence. If a company has an employee who meets, or exceeds, all his sales targets, but does so in a manner which is opposite to the company’s stated FCPA compliance and ethics values, other employees will watch and see how that employee is treated. Is that employee rewarded with a large bonus? Is that employee promoted or are the employee’s violations of the company’s compliance and ethics policies swept under the carpet? If the employee is rewarded, both monetarily and through promotions, or in any way not sanctioned for unethical or non-compliant behavior, it will be noticed and other employees will act accordingly. One of the functions of HR is to help ensure consistent application of company values throughout the organization, including those identified as ‘rising stars’. An important role of HR in any organization is to help in building trust throughout the company and recognizing the benefits which result from that trust.

Background Screening

 A key role for HR in any company is the background screening of not only employees at the time of hire, but also of employees who may be promoted to senior leadership positions. HR is usually on the front lines of such activities, although it may in conjunction with the Legal or Compliance Departments. This requirement is discussed in the US Federal Sentencing Guidelines for Organizations (FSGO) as follows “The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.”

What type of background checks should HR utilize in the FCPA compliance and ethics arena? The consensus seems to be that HR should perform at least routine civil, criminal and credit background checks. Care should be noted in any such request made in countries outside theUnited Statesas such information may be protected by privacy laws or where the quality of such information is different in substance from that of theUnited States. For instance in the United Kingdom, the request of a credit check can negatively impact a prospective employee’s credit score so such a background check may not provide useful information to a prospective employer.

Additionally, although it may be difficult in theUnited Statesto do so, a thorough check of references should be made. I say that it may be difficult because many companies will only confirm that the employee worked at the company and only give out the additional information of dates of employment. In this situation, it may be that a prospective employer should utilize a current employee to contact former associates at other companies to get a sense of the prospective employee’s business ethics. However, it should be noted that such contacts should only be made after a thorough briefing by HR of the current employee who might be asked to perform such duty.

A company can also use HR to perform internal background checks on employees who may be targeted for promotions. These types of internal background checks can include a detailed review of employee performance; disciplinary actions, if any; internal and external achievements, while employed by the company and confirmation of both ethics and compliance training and that the employee has completed the required annual compliance certification. A key internal function where HR can be an important lead is to emphasize that an employee, who has been investigated but cleared of any alleged ethics and compliance violations, should not be penalized.

When the Government Comes Calling

While it is true that a company’s Legal and/or Compliance Department will lead the  response to a government investigation, HR can fulfill an important support role due to the fact that HR should maintain, as part of its routine function, a hard copy of many of the records which may need to be produced in such an investigation. This would include all pre-employment screening documents, including background investigations, all post-employment documents, including any additional screening documents, compliance training and testing thereon and annual compliance certifications. HR can be critical in identifying and tracking down former employees. HR will work with Legal and/or Compliance to establish protocols for the conduct of investigations and who should be involved.

Lastly, another role for HR can be in the establishment and management of (1) an Amnesty Program or (2) a Leniency Program for both current, and former, employees. Such programs were implemented by Siemens during its internal bribery and corruption investigation. The Amnesty Program allowed appropriate current or former employees, who fully cooperated and provided truthful information, to be relieved from the prospect of civil damage claims or termination. The Leniency Program allowed Siemens employees who had provided untrue information in the investigation to correct this information for certain specific discipline. Whichever of these programs, or any variations, that are implemented HR can perform a valuable support role to Legal and/or Compliance.

Doing More with Less

 While many practitioners do not immediately consider HR as a key component of a FCPA compliance solution, it can be one of the lynch-pins in spreading a company’s commitment to compliance throughout the employee base. HR can also be used to ‘connect the dots’ in many divergent elements in a company’s FCPA compliance and ethics program. The roles listed for HR in this series are functions that HR currently performs for almost anyUS company with international operations. By asking HR to expand their traditional function to include the FCPA compliance and ethics function, aUS company can move towards a goal of a more complete compliance program, while not significantly increasing costs. Additionally, by asking HR to include these functions, it will drive home the message of compliance to all levels within a company; from senior to middle management and to those on the shop floor. Just as safety is usually message Number 1, compliance can be message Number 1A. HR focuses on behaviors, and by asking this department to include a compliance and ethics message, such behavior will become a part of a company’s DNA.

————————————————————————————————–

I have previously written about Catelas software, see here. It does some very cool stuff. The Catelas guys are putting on a series of events to highlight their software and its uses in a FCPA compliance program. On Tuesday, August 23 and August 30, at 1 PM EDT, they are hosting a webinar entitled, “FCPA Investigations – Generate a Risk Assessment report, identify all key people & content before you fly!” Information and Registration can be found here. 

 This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011