FCPA Compliance and Ethics Blog

January 16, 2015

As American as Duck Soup, the Marx Brothers and Stepping In It

Duck SoupI am at the end of my week of Marx Brothers themed posts. As you can tell, I am a huge fan and several of you have asked which is my favorite film. Before answering I must confess that I much prefer their Paramount films to their later MGM work. Their first two films were adaptations of the Broadway shows The Cocoanuts (1929) and Animal Crackers (1930), George S. Kaufman and Morrie Ryskind wrote both. Their third Paramount film, Monkey Business (1931), was their first movie not based on a stage production, and the only one in which Harpo’s voice is heard (singing tenor from inside a barrel in the opening scene). Number four was Horse Feathers (1932), where they brothers satirized the American college system and Prohibition, the amateur status of college football players, and placed them the cover of Time.

But for me it is their final Paramount film, Duck Soup (1933), which was their greatest and my personal favorite. It was directed by the highly regarded Leo McCarey, is the highest rated of the five Marx Brothers films on the American Film Institute’s top 100 years … 100 Movies list. It had slapstick, singing and dancing, atrocious puns and just about every other form of top-notch comedy one can ask for in a movie. The absurdity of the film and the nature of the Marx Brothers comedy seems to me to be summed up in a dispute the film sparked between the Brothers and the village of Fredonia, New York. “Freedonia” was the name of a fictional country of which Groucho was the President and the city fathers wrote to Paramount and asked the studio to remove all references to Freedonia because “it is hurting our town’s image”. Groucho fired back a sarcastic retort asking them to change the name of their town, because “it’s hurting our picture.”

I thought about this comedic phenomenon when I read several articles about JP Morgan Chief Executive Officer (CEO) Jamie Dimon and his whining about how tough regulators have been on him and his poor little bank. An article in the Financial Times (FT) Lex Column, entitled “JPMorgan: comic relief”, said, “A rule of thumb for JPMorgan earnings: the more entertaining chief executive Jamie Dimon is on the conference call, the limper the results. Yesterday, he riffed on [among other things]: what is un-American (the bank being chased by many regulatory bodies rather than just one)”. This was in the face of a report in another FT article by Tom Braithwaite, entitled “High quality global journalism requires investment”, that the bank “said its earnings have been hit by $1.1bn in new legal charges, as it prepares to settle over allegations of foreign exchange manipulation with the Department of Justice. This latest sum takes the total legal charges disclosed by the US’s largest bank since 2010 to more than $25bn, or more than a year’s profits. “Banks are under assault,” said Jamie Dimon, chief executive, as he reported fourth-quarter results on Wednesday.”

Dimon’s seeming insistence that banks following laws is un-American and the attendant cost of doing business in compliance with relevant anti-money laundering (AML) laws still seems to bedevil a fellow mega-bank, HSBC Holdings PLC, which paid a paltry fine of $1.9 billion (paltry that is next to JPMorgan) for its transgressions and violations of that un-American prohibition against money-laundering. In an article in the Wall Street Journal (WSJ) Rachel Louise Ensign and Max Colchester reported that after a two-year monitorship, the independent monitor will issue a report that “will criticize the bank and lay out ways it needs to improve.” This is in the face of the 2014 monitor’s report that HSBC “information-technology systems still lacked ‘integration, coordination and standardization’ and recommending that senior executives have their bonuses docked absent progress.” The monitor also said that “Throwing bodies at it and putting your finger in the dike-that’s not a sustainable system.”

What has been HSBC’s response to this news? Apparently with the same whining as Dimon but rather than focus on the fact they have to follow laws, HSBC focused on the actual doing of compliance. The article said that the new Chief Compliance Officer (CCO) Joe Evan, a former Drug Enforcement Administration official, “surprised some colleagues by spitting tobacco juice into a cup while in the office”; perhaps they are just anti-tobacco. However even such simple messaging techniques as screen savers with the AML reminders to “Ask The Right Question” have been derided at HSBC. Even the head of the bank’s AML compliance was quoted as having said “But money laundering happens in financial institutions. How do you reconcile appetite with reality?”

Now contrast this incessant whining with the recent change in tactics by one of the few remaining financial meltdown enforcement actions left, that being the Department of Justice’s (DOJ) case against Standard & Poor (S&P). In an article in the New York Times (NYT), entitled, “S.&P. Nears Settlement With Justice Over Crisis”, Ben Protess reported that S&P has been accused by the DOJ “of awarding inflated credit rating to mortgage investments that spurred the financial crisis”. S&P initially had aggressively fought the lawsuit, Protess noted, and attacked the government case in the press. S&P had hired noted First Amendment lawyer Floyd Abrams to go on television to claim to link “the federal investigation to S.&P.’s decision in 2011 to cut the United States credit rating below the top grade of triple A.” Unfortunately for S&P they could not prove that defense, even after extensive discovery on the issue. But their tune has recently changed, “After S.&P. mounted a two-year campaign to defeat civil fraud charges — portraying them as retaliation for cutting the credit rating of the United States — the ratings agency is now negotiating with the Justice Department to settle the case, according to people briefed on the matter.”

But the real problem for S&P is that they could have settled two years ago, before suit was filed. Protess said, “The government offered S.&P. roughly the same settlement size, $1 billion plus, before filing suit two years ago. If S.&P. had embraced that offer, instead of fighting accusations that it abused its role as a rating agency, it could have walked away without accumulating tens of millions of dollars in legal fees.” Moreover, by not settling pre-suit, S&P has subjected itself to the new reality of settling suits with an admission of liability, never good for those pesky follow-on shareholder actions. Further, “more than a dozen state attorneys general are demanding that S.&P. pay more than $1 billion to settle the case, the people briefed on the matter said, a penalty large enough to wipe out the rating agency’s entire operating profit for a year.”

Are banks and rating entities inherently arrogant or do they simply face that age-old foe that many people face today, dog excrement? As Dimon said in his earnings call, and was quoted in the FT’s Lex Column, sometimes “even JP Morgan will step into it on occasion”.

If you want to avoid stepping in it this weekend, I suggest you settle in and watch some old Marx Brothers movies.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 15, 2015

The Marx Brothers Mirror Scene: Absurdity and Comments by a SEC Commissioner

Mirror SceneI continue my Marx Brothers’ themed week by today looking at what I and many others believe to be their most cherished routine: the Mirror Scene. Danny Leigh, in his article in the Financial Times (FT), entitled “Souped-up comedy”, wrote, “The set-up is deathlessly simple. Fredonia’s President, Groucho in nightgown and cap finds Harpo, a spy from neighboring Sylvania, in his bedroom. They chase each other down some stairs and face off in front of each other, dressed identically. Harpo, the spy and intruder pretends to be Groucho’s reflection, and the two brothers spend the next three minutes locked in a mad dance of mimicry. The result is flawless, the kind of ecstatic comedy in which the world outside the cinema simply falls away. Variations on the skit had been performed by others before but the brothers raised it to undreamt absurdist heights, claiming it for ever as their own.” So you have Pinky (Harpo), dressed as Firefly (Groucho), pretending to be Firefly’s reflection in a missing mirror, matching his every move—including absurd ones that begin out of sight—to near perfection. In one particularly surreal moment, the two men swap positions, and thus the idea of which is a reflection of the other. The scene is absolutely silent until Chicolini (Chico), also disguised as Firefly, enters the scene and collides with both of them and sound resumes.

Although its appearance in Duck Soup is the best-known instance, the concept of the mirror scene did not originate in this film. Max Linder included it in Seven Years Bad Luck (1921), where a man’s servants have accidentally broken a mirror and attempt to hide the fact by imitating his actions in the mirror’s frame. Charlie Chaplin used a similar joke in The Floorwalker (1916), though it didn’t involve a mirror. This scene has been recreated many times from entertainment as diverse as Bugs Bunny cartoons, to the televisions series Gilligan’s Island and even in a The X-Files episode. Harpo himself did a reprise of this scene, dressed in his usual costume, with Lucille Ball also donning the fright wig and trench coat, in the I Love Lucy episode “Lucy and Harpo Marx”.

I find it to be absurdist comedy at its ultimate height. To this day, I almost cry I laugh so hard when I see that scene. While you may not find it quite as funny as I did, most probably one thing you will also not find funny is an ongoing debate in both academia and in legal circles involving a question on corporate governance as reported in the New York Times (NYT) in the Dealbook column by Andrew Ross Sorkin, in an article entitled “An Unusual Boardroom Battle, in Academia”. The question staggered elections of corporate board members or whether the entire slate of Board members be elected, up or down, each year.

On the side of full Board, up or down voting is Professor Lucian A. Bebchuk, a Harvard Law School professor who has long researched corporate governance issues and has been an outspoken advocate for increased democracy in corporate America’s boardrooms and his group, the Harvard’s Shareholder Rights Project. Professor Bebchuk believes staggered election of Board members “silences shareholders, entrenches management and makes it less likely that suitors or activists will emerge, depressing valuations.”

On the other side of the dispute are Daniel M. Gallagher, a member of the Securities and Exchange Commission (SEC), and Joseph A. Grundfest, a professor at Stanford Law School and a former SEC commissioner, who co-authored a paper entitled “Did Harvard Violate Federal Securities Law? The Campaign Against Classified Boards of Directors.” The paper is in opposition to Bebchuk’s position. Sorkin observed that “Mr. Gallagher and Mr. Grundfest suggest that companies are dropping their staggered board structures — and shareholders are voting to eliminate them — based, in part, on faulty research by Harvard’s Shareholder Rights Project. Worse.” But here is the kicker and what moves this rather arcane academic debate into the realm of the absurd. “They suggest, Mr. Bebchuk’s project committed fraud by not fully disclosing the extent of contradictory research, which they say is a “material omission” by S.E.C. standards.” Yes sports fans, a sitting SEC commissioner suggested in writing that Harvard had engaged in a securities law violation.

As Sorkin noted, “there’s the fundamental issue of whether a sitting member of the S.E.C. should be writing such an incendiary paper in the first place.” Sorkin quoted an email comment made by Professor Robert J. Jackson Jr., from Columbia Law School. Jackson wrote to Sorkin in an email “All should agree that it is wildly inappropriate for a sitting S.E.C. commissioner to issue a law review paper accusing a private party of violating federal securities law without any investigation or due process of any kind. This is a striking, and as far as I know unprecedented, departure from longstanding S.E.C. practice.” Jackson went on to say “Imagine if a sitting S.E.C. commissioner wrote a law review article accusing Goldman Sachs of violating federal law without any S.E.C. investigation of the matter — Goldman and their counsel would quite rightly be outraged.”

Near the end of his article, Sorkin stated, “There are many opposing views on the paper. But here’s one way to think about it: It was a bad precedent for Mr. Gallagher to involve himself in a paper that raises the possibility of fraud in the field he regulates without the due process of a legal complaint. Mr. Grundfest could have written this provocative paper on his own, though it might not have attracted the same amount of attention within the industry.”

I would ask you to imagine if any of the Department of Justice (DOJ) attorneys who work in the Foreign Corrupt Practices Act (FCPA) area were to write an article, law review or other, that said not only is an entity’s position on interpretation of the FCPA wrong, its interpretation in practice is a FCPA violation. Do you think such corporation or entity would feel like they would get a fair shake from such prosecutors? Think any bias might exist going forward? While I have been one of the loudest advocates for the DOJ making more information on its FCPA declinations more public, SEC Commissioner Gallagher’s paper, demonstrates a very good reason for the DOJ not making any such information public: i.e. due process and fairness. Just as bad facts can certainly lead to bad law, this action by a sitting SEC Commissioner to even imply that an entity violated US Securities Laws in an article is not a road that we want to begin to go down.

For a clip of the famous Mirror Scene, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 14, 2015

Marx Brothers Compliance Week Continues – The Stateroom Scene and High-Risk

Stateroom SceneI continue my exploration of the Marx Brothers’ movies by looking at the famous Stateroom scene from the MGM release A Night at the Opera. In researching this I was somewhat stunned to find that the scene was written and developed with the Brothers by that silent comedy great Buster Keaton, who was at the time a gag writer for MGM. Talk about provenance for a scene, one of the greatest purveyors of gags (Keaton) writing for three of the greatest screen comedians, the Brothers Marx.

The scene starts with Driftwood discovering that Fiorello, Tomasso, and Baroni snuck onto the boat by stowing away in his steamer trunk. Fiorello and Tomasso have to hide out in the room while parades of people walk in to use the cabin or to carry out their duties. Crammed into this little space at the end of the scene are Driftwood, Fiorello, Tomasso, Baroni, two cleaning ladies who make up the bed, a manicurist, a ship’s engineer and his assistant, a girl looking for her aunt, a maid (“I come to mop up.” “You’ll have to start on the ceiling.”), and four waiters with trays of food (prompting Driftwood’s classic line: “Is it my imagination, or is it getting crowded in here?”). Eventually there are 15 people in Driftwood’s tiny cabin. The mass of humanity tumble out into the hallway when Mrs. Claypool opens the door. I particularly like the way they sped up the film for the dénouement.

I thought about the Stateroom scene in the context of an article in the New York Times Magazine, entitled “The Wreck of the Kulluk”, and an article in the New York Times (NYT) by Joe Nocera, entitled “The Moral of the Kulluk.” The Magazine piece was an except from Of Ice and Men to be published later this month by Deca, authored by McKenzie Funk. In his longform piece he detailed the miss-steps that led to the grounding and sinking of the Shell Oil Company drill rig Kulluk after an unsuccessful attempt to drill for oil in the Artic Ocean. It was a tale of greed, high-risk drilling for oil and the attendant potential for a high reward and, at the end of the day, safety and engineering shortcuts that cost Shell the loss of the drill rig and the end of the potential of Artic drilling for the foreseeable future. The tale itself if riveting but for the Chief Compliance Officer (CCO) or compliance practitioner it had many key elements which should be considered for an anti-corruption compliance program under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery laws.

The US Geological Service had estimated that the Artic held “nearly a quarter of the world’s undiscovered petroleum.” Moreover, when Shell put its plan in place, it was reeling from an accounting scandal. Funk said that the purchase of the Kulluk and drilling for oil in the Artic “was important not because Shell needed oil in 2005. The company had plenty of oil. It was important because Shell had spent the previous year engulfed in a scandal involving what are known as proved reserves”. This meant that “Shell still had to show to investors that it’s long-term future was as bright as it once looked”, i.e. before the accounting scandal.

For an energy production company such as Shell, drilling in the Artic Ocean is about the most difficult place left on earth in which to try and drill. In 2012, Shell was the world’s largest corporation and clearly thought it was up to the task. Funk wrote, “It was on track to spend $6 billion preparing for Arctic Alaska, and that March the Obama administration approved exploratory drilling. The task that remained was not to tame the frontier so much as to bring it within reach, to bind Arctic Alaska to the rest of the world. Shell imagined a future of new ports, new airports and permanent rigs.”

The journey of the Kulluk up to the Artic Sea was delayed and had several problems that would later haunt the drill rig. However, Shell was able to claim a victory as it actually began drilling in October 2012, but then shortly had to depart due to unanticipated ice floes threatening the drill rig. The Kulluk began the long tow out from the Artic Sea to its homeport in Seattle. However the boat towing it was so badly damaged it had to break off the tow. Shell then made the fateful decision not to leave the Kulluk in port in Dutch Harbor, because as Funk noted “If the Kulluk was in an Alaskan port on New Year’s Day, [Shell] executives believed, it would be subject to a state oil-facilities tax of as much as $6 million. In late December, a spokesman confirmed Shell’s fears in an email to a longtime reporter at a local newspaper, The Dutch Harbor Fisherman, writing, “It’s fair to say the current tax structure related to vessels of this type influenced the timing of our departure.””

This fateful decision, not to spend the winter in Dutch Harbor, Alaska, led to the beaching of the drill rig after it had broken free from its tow cables in stormy weather and hit the Alaskan coast. Funk concluded, “In the early hours of New Year’s Day [2013], the Coast Guard flew over the wreck. In aerial photos published around the world, the rig was dwarfed by the auburn, grass-covered hills of the uninhabited island where it had finally come to a rest.”

In his article Nocera wrote of some of the highlights he took away from Funk’s piece. He said, “Despite spending $6 billion preparing to explore for oil in this remote part of the world, it didn’t plan adequately, and it cut too many corners. According to the Coast Guard, which investigated the Kulluk disaster, not only had Shell’s risk management been “inadequate,” but there also had been a significant number of “potential violations of law and regulations.”” Nocera identified three key risk factors that were not managed. First was the weather. The second is the US government’s (or any government’s) ability to regulate such a high-risk venture.

Just as there were too many people in the Marx Brothers’ Stateroom, sometimes the risk is so high that a company cannot operate safely. The same is true in compliance. Sometimes a company cannot do business within the parameters of the FCPA. In such a case, a CCO needs to speak up and say so. Mike Volkov, the Two Tough Cookies and Donna Boehme oft-times tell us that part of the job of a compliance practitioner is to say No when it needs to be said. Joe Nocera certainly is not against oil companies drilling in inhospitable locations or their making money. Yet he concluded the lesson in the story of the Kulluk disaster is oil companies are not in position to drill for oil in the Artic safely. It is simply too risky. If a deal is so high-risk, the chances of completing it without engaging in conduct which violates the FCPA cannot be reasonably assured, it is time for compliance to step up and say No. If Shell had understood and managed its risk more prudently, it would not be out $6bn in losses from the Kulluk disaster.

For a YouTube clip of the Stateroom scene, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

January 8, 2015

Craig Biggio to the Hall of Fame and Your Compliance Team

Biggio HOFFor those of you who do not believe that global warming is upon us, let me assure you that it is real and unfortunately caused by humans. How do I know this for a certainty? It is because there was an event back in 2005 that caused Hell itself to freeze over. I am of course referring to the first and only appearance of the Houston Astros in the World Series. While it was certainly a positive event for long-suffering Astros fans everywhere, with ownership dedicated to coming in last each year now, I do not think climate change aficionados will have the Astros to blame again anytime soon.

This does not mean that tremors are prevented from occurring in the earth’s fabric from time-to-time. On Monday we had one of those such minor earthquakes in Texas, not attributable to frac-ing, when the earth shook as the first Astro was named to enter the Baseball Hall of Fame (HOF); second baseman, Craig Biggio. Biggio’s statistics were truly Hall-worthy coming in with 3060 hits, 668 doubles (5th on the all-time list) and my personal favorite, he is the all-time leader in Major League Baseball (MLB) for being hit by pitches with 286 bonkings.

While Biggio’s c HOF greatness is singular to him, he was part of greater Astros teams which had sustained success from the late 1990s to the middle of the last decade, culminating in the above climate-changing event of 2005 when the Astros appeared in the World Series, losing to the longer suffering Chicago White Soxs, who had not appeared in the World Series since 1959 (the Astros forerunner, Houston Colt-45s came into existence in 1962.) I thought about the team aspect of Biggio and his Astros teammates when I read an article in the New York Times (NYT) Corner Office column by Adam Bryant, entitled “Even the Best Team Can Be Better”, where Bryant featured an interview with Maynard Webb, a veteran technology executive who is currently serving as the chairman of Yahoo.

One of the things that many Chief Compliance Officers (CCOs) do not often consider is the team aspect to a compliance function. As the compliance function moves to CCO 2.0 and compliance becomes more of an ongoing business process, one of the things a CCO or compliance practitioner needs to be cognizant about is the team function. This means a team within the compliance function itself and for the greater company. Bryant wrote that one of the lessons Webb has learnt as a leader is that “You have to get voted onto the team every day as an employee, and you have to be the employer of choice every day. I would often ask team leaders: “You have seven people working for you. How many of those would you rehire if all the positions were open again?” The point is that you can’t let mediocre performance impede where you can go. Most managers are good-hearted people, and it’s really hard to tell somebody they’re not performing well. I would just encourage people to get after that more quickly because the rest of your team is watching you and waiting for you to do something.”

One of the things that I have heard successful CCO’s talk about is humility. Webb seconded that notion as a leader when he said, “We treat people well. We stay humble. We don’t get ahead of ourselves. We work hard, and we take ownership of what we do. And if you act out or you do anything out of line, you will hear about it. I remember when I made the all-star team in the Babe Ruth League. We had just come together recently as a team. I was playing third base, and when it was my time to hit, I struck out. I went back to third base, and we were doing a bit of practice before the other team’s turn to bat. I was really mad and I was firing the ball as hard as I could over to first base, and my mother yelled out, “Hey, Webb, too bad you can’t hit as hard as you throw.”” Nothing like a mom to bring you back down to earth when needed but still an important lesson to bring forward into the compliance realm.

Webb also had some insights for hiring in the compliance function, which I thought were important to consider. He said, “I’ll probably start by asking you about your first job and what you’ve done outside of school and work. I’ve found that there is a high correlation between work ethic and people’s extracurricular activities that weren’t driven by mom and dad. Then I would ask about other things to look for truth and self-awareness, like: “Six months from now, we’re going to know each other very well. What will your team and what will I say that you do really, really well? And then what will they say that we all wish you did better?” You’d be surprised at the number of times I’ve heard people say: “Oh, nothing. You’ll just love everything about me.” And I’ll say: “Dude, that’s not true. It’s not true for me. Let me give you some examples of the things you’ll wish that I did better.””

The reason he does so is that Webb is “looking for self-awareness and openness. And then I try to probe on value systems and how they work in teams. Tell me about situations that were really tough, and how you got out of them. I like to hear how they tell stories.” I think this is a critical skill for a compliance practitioner because you are required to have the authority and backbone to say No when the situation calls for it. Chuck Duross said we have to be the Alamo at times. I originally thought that meant we had be ready to be slaughtered but it means stand tall for what you believe in and more importantly what your company should believe in, and do business ethically and in compliance with anti-corruption/ anti-bribery laws such as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

December 15, 2014

Hiring and Promotion in Compliance – Wait for Great

7K0A0597The role of Human Resources (HR) in anti-corruption programs, based upon the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act, is often underestimated. I come from a HR background and practiced labor law early in my career so I have an understanding of the skills HR can bring to any business system which deals with legal issues; which is not only required of all businesses but certainly is true of FCPA or UK Bribery Act compliance. If your company has a culture where compliance is perceived to be in competition or worse yet antithetical to HR, the company certainly is not hitting on all cylinders and maybe moving towards dysfunction.

One of the Ten Hallmarks of an Effective Compliance program relates to the key role HR plays in incentives and discipline. However, another key area that is not given as much attention is in hiring and promotion. The FCPA Guidance states, “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cu tting ethical corners is an ac­ceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his win-loss record.” In other words make compliance significant for professional growth in your organization and it will help to drive the message of doing business in compliance.

I thought about these concepts when I read an article in the Corner Office column of the Sunday New York Times (NYT), entitled “Sally Smith of Buffalo Wild Wings, on patience in hiring” where columnist Adam Bryant interviewed Sally Smith, the Chief Executive of Buffalo Wild Wings, the restaurant chain. She had some interesting concepts not only around leadership but thoughts on the hiring and promotion functions, which are useful for any Chief Compliance Officer (CCO) or compliance practitioner striving to drive compliance into the DNA of a company.

Leadership – Get Feedback

One of the early lessons which Smith learned about leadership is to set clear expectations. Bryant wrote that Smith told him, “You have to be really clear about what you want and what your expectations are. When you’re clear and everybody understands them, you have a much better chance of success than if you say, “Just do it.” It’s a great slogan, but you’ve got to know what it is that you’re just doing.” This is a constant battle for the compliance practitioner when senior management also makes clear that you must make your numbers as well. However this dynamic tension can be met and one of the best ways is to require business-types to make their numbers but doing so in a way that is in compliance with a company’s Code of Conduct and compliance regime.

A second leadership lesson that Smith has learned is around feedback. As you might guess from a Chief Executive, Smith has found that obtaining honest critiques about her management style from those who work under her is difficult to acquire. To overcome this reluctance she set up a program where her leadership can give anonymous reviews of her performance annually to the company’s Board of Directors. Bryant said, “My leadership team does a performance review on me each year for the board. It’s anonymous. They can talk about my management style or things I need to work on. If you want to continue growing, you have to be willing to say, “What do I need to get better at?”” This type of insight is absolutely mandatory for any best practices compliance program as anonymous reporting is also one of the Ten Hallmarks of an Effective Compliance program. But more than simply an anonymous reporting line for FCPA violations, how does your company consider feedback to determine how all levels of the company is doing compliance going forward or as the FCPA Guidance states, “From the boardroom to the shop floor.”

Hiring and Promotion – Waiting for Great

Here Smith had some thoughts put in a manner not often articulated. One of her cornerstones when hiring is to search out the best person for any open position, whether through an external hire or internal promotion. Bryant stated that Smith said “We use the phrase “wait for great” in hiring. When you have an open position, don’t settle for someone who doesn’t quite have the cultural match or skill set you want. It’s better to wait for the right person.”

Smith articulated some different skills that she uses to help make such a determination. Once a potential hire or promotion gets to her level for an interview, she will assume that person is technically competent but “I assume that you’re competent, but I’ll probe a bit to make sure you know what you’re talking about. And then I’ll say, “If I asked the person in the office next to you about you, what would they say?””

Passion and curiosity are other areas that Smith believes is important to probe during the hiring or promotion process. In the area of passion, Smith will “Often ask, “What do you do in your free time?” If they’re passionate about something, I know they’re going to bring that passion to the workplace.” Smith believes curiosity is important because it helps to determine whether a prospective hire will fit into the Buffalo Wild Wings culture. Bryant wrote, “I look for curiosity too, because if you’re curious and thinking about how things work, you’ll fit well in our culture. So I’ll ask about the last book they read, or the book that had the greatest impact on them.” Smith also inquires about jobs or assignments that went well and “ones that went off the tracks. You ask enough questions around those and you can determine whether they’re going to need a huge support team.”

I found these insights by Smith very useful for a compliance practitioner and the hiring and promotion functions in a compliance program. By asking questions about compliance you can not only find out the candidates thoughts on compliance but you will also begin to communicate the importance of such precepts to them in this process. Now further imagine how powerful such a technique could be if a Chief Executive asked such questions around compliance when they were involved in the hiring or promotion process. Talk about setting a tone at the top from the start of someone’s career at that company. But the most important single item I gleaned from Bryant’s interview of Smith was the “Wait for great” phrase. If this were a part of the compliance discussion during promotion or hiring that could lead to having a workforce committed to doing business in the right way.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 12, 2014

John Doar and the Bio-Rad FCPA Enforcement Action – Part II

John DoarJohn Doar died yesterday. He was perhaps most famously known for his role as the House Judiciary Committee Chief Counsel during the investigation of and impeachment proceedings against then President Nixon. However, it was his role in the civil rights movement in the South that in large part inspired me to become a lawyer. He rode with the Freedom Riders in Alabama; walked with James Meredith so that he could register to attend the University of Mississippi, then stayed in the same dorm room with Meredith while the campus rioted; prosecuted the KKK in Mississippi after the murder of three civil rights workers in 1964; and marched for voting rights with Dr. King in Selma. My favorite John Doar story was retold in his obituary in the New York Times (NYT), where he stopped a riot in its tracks with the following ““My name is John Doar — D-O-A-R,” he shouted to the crowd. “I’m from the Justice Department, and anybody here knows what I stand for is right.” That qualified as a full-length speech from the laconic Mr. Doar. At his continued urging, the crowd slowly melted away.”” In my book, he is right up there with Atticus Finch.

In an earlier post, I reviewed the Bio-Rad Laboratories, Inc. (Bio-Rad) Foreign Corrupt Practices Act (FCPA) enforcement action from the perspective of the Non-Prosecution Agreement (NPA) the company was able to secure with the Department of Justice (DOJ). Today I want to review the bribery schemes that the company used to either internally fund the bribes or attempt to evade internal detection. Both the NPA and the Securities and Exchange Commission’s (SEC) Order Instituting Cease-and-Desist Proceedings (Order). The compliance practitioner can use these bribery schemes not only for FCPA training but also to see if any such schemes or their indicia may be present in your company.

Initially I need to discuss the corporate structure. It was apparently quite decentralized. According to the Order, “Bio-Rad’s international sales organization (“ISO”) oversees the company’s international sales operations; this includes all locations outside the United States and Canada. In 2009, the ISO consisted of four sub-divisions: (1) Western Europe; (2) Asia Pacific; (3) Japan; and (4) Emerging Markets. Each sub-division had a general manager, reporting to the vice-president of ISO. The Asia Pacific sub-division included Vietnam and Thailand. The Emerging Markets sub-division included Russia and other eastern European countries. Some countries within the sub-divisions had a country manager who reported to the ISO sub-division general manager.” Emerging markets is clearly a high-risk area for pharmaceutical companies. If your business development or sales organization has such a designation, I would suggest that you check and see if there are sufficient protections in place to at least raise any red flags, which might need further investigation.

However, it was more than the management structure of the business operations that was decentralized, the compliance function was similarly structured. The NPA stated, “BIO-RAD also decentralized its compliance program such that its international offices were responsible for ensuring adequate compliance with its business ethics policy and code of conduct.” This decentralization so defanged the company’s compliance program that it could not perform even the most basic functions of a compliance organization; no due diligence on third parties, indeed no management of third parties at all from the compliance perspective; no risk assessments were performed and, finally, the most damning was that the compliance function could not even ensure compliance with the company’s own business ethics policy.

The Russia Scheme

However the company used third party representatives to facilitate the bribery scheme. In addition to the lack of due diligence or usual steps that a compliance practitioner might put in place to manage third parties under the FCPA there were several other items of note which constitute lessons learned by the compliance practitioner. First and foremost was the commission rate paid to these third parties, that being between 15%-30%. This alone may well have been enough to demonstrate “a conscious disregard for the high probability that the Russian Agents were passing along at least a portion of their commissions to Russian government officials to obtain profitable public contracts for the sale of medical diagnostic equipment.” Further, the payments made to these agents were sent to countries outside Russia, where neither the alleged services were delivered nor where the agents were legally domiciled. Moreover, not only did these agents have no offices in Russia, they had no employees in Russia either.

Apparently there were contracts in place with these agents. The services these agents were specified to deliver included, “acquiring new business, creating and disseminating promotional materials to prospective customers, distributing and installing products and related equipment, and training customers.” But it really is hard to deliver services if you have no employees. Apparently there were times these agents did deliver something identified as “distribution services” for the commission rates between 15%-30%. However the estimated value of these services for the company was between 2%-2.5% of the total sales.

Another area of obvious concern should have been the pre-payment of commissions to these agents. Any time you pre-pay before a service is delivered (other than a retainer into a lawyer’s trust account) you can potentially run into trouble. But Bio-Rad took it a step further by making pre-payments before contracts with the ultimate buyer were negotiated. Any ideas where those pre-paid commissions might have gone? Another area was the amount of the commissions. They were just less than $200,000, which happened to be the authority level of the head of Bio-Rad’s Emerging Markets business unit. So there was no oversight or second set of eyes on these pre-payments because it was within the manager’s authority level. Finally, these pre-payments were actually forbidden under the contracts but they were made anyway.

The Vietnam Scheme 

The Vietnam Country Manager had contracting authority up to $100,000 and sales commissions up to $20,000. From 2005-2009 Bio-Rad apparently paid bribes directly to health care workers so they would purchase the company’s products. When it was pointed out to the Country Manager this was illegal, he simply moved to a distributor “at a deep discount, which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes…Between 2005 and the end of 2009, the Vietnam office made improper payments of $2.2 million to agents or distributors, which was funneled to Vietnamese government officials. These bribes, recorded as “commissions,” “advertising fees,” and “training fees,” generated gross sales revenues of $23.7 million to Bio-Rad Singapore.” 

The Thailand Scheme

In Thailand, it was an almost mundane bribery scheme involved compared to Russia and Vietnam. Bio-Rad acquired an interest in a Thai Joint Venture (JV) through an acquisition where it performed “very little due diligence” on the JV. Bio-Rad acquired a minority interest in the JV and it did not communicate directly with the JV’s distributors but only through the majority owners of the JV. The bribery scheme was funded through “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” The due diligence was so poor that Bio-Rad did not know that the prime third party sales representative for the JV were the same majority owners of the JV.

Tomorrow, I will discuss some of the internal controls that a company might employ to help prevent such a compliance failure as occurred at Bio-Rad.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

October 22, 2014

Right to Retire Or Termination: Remediation of Leadership To Foster Compliance

Fall of RomeMany historians have long given 476 AD as the date of the fall of the Roman Empire. Further, it was from this date forward that Europe began its long slide into the abyss, which came to be known as the Dark Age. However, this view was challenged in 1971 by Peter Brown, with the publication of his seminal work “The World of Late Antiquity”. One of the precepts of Brown’s work was to reinterpret the 3rd to 8th centuries not as simply a decline of the greatness that had been achieved in the heydays of the Roman Empire, but more on their own terms. It was in the year of 476 AD that the last Roman Emperor, Romulus Augustulus, left the capital of Rome in disgrace. However as Brown noted, he was not murdered or even thrown out but allowed to retire to his country estates, sent there by the conquers of the western half of the Roman Empire, the Goths. Not much conquering going on if a ruler is allowed to ‘retire’, it was certainly a replacement but not quite the picture of marauding barbarians at the gate.

I thought about this anomaly of retirement by a leader in the context where a company or other entity might be going through investigations for corruption and non-compliance with such laws as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Yesterday I wrote about three recent articles and what they showed about a company’s oversight of its foreign subsidiaries. Today I want to use these same articles to explore what a company’s response and even responsibility should be to remediate leadership under which the corruption occurs. The first was an article in the New York Times (NYT), entitled, “Another Scandal Hits Citigroup’s Moneymaking Mexican Division” by Michael Corkery and Jessica Silver-Greenberg. Their article spoke about the continuing travails of Citigroup’s Mexican subsidiary Banamex. Back in February, the company reported “a $400 million fraud involving the politically connected, but financially troubled, oil services firm Oceanografía.”

This has led Citigroup to ever so delicately try to oust the leader of its Mexico operations, Mr. Medina-Mora, by encouraging him to retire. While Citigroup did terminate 12 individuals around the Oceanografía scandal earlier in the year, it has not changed the employment status of the head of the Mexico business unit. This may be changing as the article said, “In a delicate dance, Citigroup is encouraging its Mexico chairman, Manuel Medina-Mora, 64, to retire, according to four people briefed on the matter. The bank has been quietly laying the groundwork for his departure, which could come by early next year, the people said. Still, Mr. Medina-Mora’s business acumen and connections to the country’s ruling elite have made him critical to the bank’s success in Mexico. Citigroup and its chairman, Michael E. O’Neill, cannot afford to alienate Mr. Medina-Mora and risk jeopardizing those relationships, these people said.”

Should Mr. Medina-Mora be allowed to retire? Should he even be required to retire? What about the ‘mints money’ aspect of the Mexican operations for Citigroup? Was any of that money minted through violations of the FCPA or other laws? What will the Department of Justice (DOJ) think of Citigroup’s response or perhaps even its attitude towards this very profitable business unit and Citigroup’s oversight, lax or other?

Does a company have to terminate employees who engage in corruption? Or can it allow senior executives to gracefully retire into the night with full pension and other golden parachute benefits intact? What if a company official “purposely manipulated appointment data, covered up problems, retaliated against whistle-blowers or who was involved in malfeasance that harmed veterans must be fired, rather than allowed to slip out the back door with a pension.” Or engaged in the following conduct, “had steered business toward her lover and to a favored contractor, then tried to “assassinate” the character of a colleague who attempted to stop the practice.” Finally, what if yet another company official directed company employees to “delete hundreds of appointments from records” during the pendency of an investigation?

All of the above quotes came from a second NYT article about a very different subject. In the piece, entitled “After Hospital Scandal, V.A. Official Jump Ship”, Dave Phillips reported that two of the four VA Administration executives who engaged in the above conduct and were selected for termination, had resigned before they could be formally terminated. The article reported that the VA “had no legal authority to stop” the employees from resigning. Current VA Secretary Robert McDonald was quoted in the article as saying, “It’s also very common in the private sector. When I was head of Procter & Gamble, it happened all the time, and it’s not a bad thing — it saves us time and rules out the possibility that these people could win an appeal and stick around.” Plus, he said, their records reflect that they were targeted for termination. “They can’t just go get a job at another agency,” Mr. McDonald said. “There will be nowhere to hide.”

The third article was in the Wall Street Journal (WSJ) and entitled, “GM Says Top Lawyer to Step Down”. In this piece, reporters John D. Stroll and Joseph B. White, with contributions from Chris Matthews and Joann Lublin, reported that General Motors (GM) General Counsel (GC) Michael Millikin will retire early next year. Milliken is famously the GC who claimed not to know what was going on in his own legal department around the group’s settlements of product liability claims of faulty ignition switches. Milliken claimed he was kept “in the dark” by his own lieutenants about the safety issues involved with this group of litigation. Does Milliken have any responsibility for the failures of GM around this safety issue? What does his apparent graceful retirement say about the corporate culture of GM and its desire to actually change anything in the light of its ongoing travails? Of course one might cynically point to GM’s failure to even have a Chief Ethics and Compliance Officer as evidence of the company’s attitude towards compliance and ethics. (I wonder how that might look to the DOJ/Securities and Exchange Commission (SEC) if GM goes under any FCPA scrutiny?)

With Citigroup, the Department of Veterans Affairs and GM, we have three separate excuses for companies (and a Cabinet level department) not disciplining top employees for ethical and/or compliance failures. At Citigroup, the excuse is apparently that it does not want to rock the boat from a top producing foreign subsidiary by terminating the head of the subsidiary under investigation. At the Department of Veterans Affairs, the excuse seems to be they can go ahead and resign because we prefer to get rid of them that way. At GM, it is not clear why the GC who claimed not to know what was going on in even his own law department can ride off into the sunset with nary a contrary word in sight. Millikin’s conduct would seem to be the product of a larger cultural issue at GM.

I thought about how the DOJ might look at these situations for companies if a FCPA claim were involved. Even with McDonald’s observations about what happened when he was with Procter & Gamble; does a company show something less than commitment to having a culture of compliance if it allows an employee to retire? What does it say about Citigroup and its culture given the current dance it is having with its head of the Mexico unit? What about GM and its Sgt. Schultz of a GC and his ‘I was in the dark posture’? As stated by Mike Volkov, in his post entitled “Goodbye Mr. Millikin: GM’s Continuing Culture Challenges”, GM does under appear to understand the situation it finds itself in currently over its failures. He wrote, “GM still does not understand the significance of its governance failure…GM should have taken dramatic and affirmative steps to create a new culture – resources and new initiatives should be launched to rid GM of its current culture and replace it with a new speak up culture. It is a daunting task in such a large company but it has to be done. Until GM wakes up, missteps and failures will continue.” One might say the same for Citigroup and the Department of Veterans Affairs as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

October 21, 2014

Carlton Fisk, The Homer and Oversight of a Profitable Subsidiary

Fisk HomerToday we celebrate one of the great moments in World Series history. At approximately at 12:34 AM on this date in 1975, Carlton Fisk came to bat at the bottom of the 12th, in Game 6 of the World Series between the Boston Red Sox and Cincinnati Reds. He hit a pitch down the left field line. He stood at the plate, bouncing up and down and flailing at the ball as though he was helping an airplane land on a dark runway. “I was just wishing and hoping,” he said at a ceremony some years later. “Maybe, by doing it, you know, you ask something of somebody with a higher power. I like to think that if I didn’t wave, it would have gone foul.” Whether or not the waving was responsible, the ball bounced off of the bright-yellow foul pole above the Green Monster for a home run. Fenway’s organist played the Hallelujah Chorus from Handel’s Messiah while Fisk rounded the bases. One for the ages indeed as it appeared the Baseball Gods might finally be smiling on the Red Sox nation. Alas, they lost the next game and it was not to be for another 30 years.

I thought about Fisk’s homer and the ultimate heartbreak of Red Sox nation once again in 1975 when I read about several recent issues involving corruption and corporate responsibility for oversight, or perhaps more appropriately, the lack thereof. The first was an article in the New York Times (NYT), entitled “Another Scandal Hits Citigroup’s Moneymaking Mexican Division”, by Michael Corkery and Jessica Silver-Greenberg. Their article spoke about the continuing travails of Citigroup’s Mexican subsidiary Banamex. Back in February, the company revealed “a $400 million fraud involving the politically connected, but financially troubled, oil services firm Oceanografía.”

However, company investigators have unearthed another problem at the Mexico unit. The article reported “An internal investigation, begun by Citigroup in July, found evidence that the security unit was overcharging vendors and may have been taking kickbacks, a person briefed on the investigation said. The internal inquiry also found shell companies that had been set up to look like vendors and receive payments from the Banamex unit.” In a statement reported in the piece, Citigroup’s Chief Executive Officer (CEO) Michael L. Corbat “called the conduct of the individuals in the security unit ‘appalling’”.

What I found most interesting in the article was the response of Citigroup and what its implications might mean for the compliance practitioner, particularly one whose company is under scrutiny for a Foreign Corrupt Practices Act (FCPA) violation by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). The NYT piece made clear that the Mexico unit is so profitable that it figuratively “mints money” for the company. Moreover, “despite the latest headline-grabbing turmoil at Banamex, Citigroup does not want to cede any ground in Mexico where it dominates a large portion of the retail market.”

What is the responsibility for a US corporate parent when a foreign subsidiary ‘mints money’ for the company? Should the corporate parent pay closer attention to make sure the subsidiary is doing business in compliance with the FCPA and other relevant laws? In the past few posts, I have discussed some of the specific internal controls a compliance practitioner might consider for a company’s international operations. One of the problems Citigroup is facing with the conduct of its Mexico subsidiary is the company’s concern of “lax controls and oversight”. Moreover, there is concern that some part of the ongoing troubles in the Mexico unit relates to its head, Manuel Medina-Mora. Citigroup Chairman Michael O’Neill, was said to have “privately expressed concerns to board members that Mr. Medina-Mora, who is also co-president of the parent company, has not always relayed problems in the region to executives at the bank’s headquarters on Park Avenue, according to the people briefed on the matter. Instead of looping in executives in New York, Mr. Medina-Mora has at times chosen to handle the issues himself.”

How much oversight should a parent corporation have over a subsidiary? At a basic level it would seem that oversight should be enough to prevent and detect illegal conduct. Clearly, a Chief Compliance Officer (CCO) should be considering the entity-wide internal controls for a company. Under the FCPA accounting provisions, issuers can be held liable for the conduct of their foreign subsidiaries, even though the improper conduct occurred outside of the US. The scope of liability is based on the issuer’s incorporation of the subsidiary’s financial statements in its own records and SEC filings.

While a CCO should expect (and the DOJ & SEC for that matter) that internal controls at locations outside the US are of the same effectiveness as internal controls in US business units and at the US corporate office; unfortunately, that might not always be the case. It is often the case that corporate level internal controls are stronger than those in foreign business units. The Citigroup situation with its Mexican subsidiary would seem to be a clear example of the oft-cited reason that many companies were built through acquisitions, resulting in many business units (both in and outside the US) having completely different accounting and internal control systems than US corporate office. There is often a tendency to leave acquired companies in the state in which they were acquired, rather than trying to integrate their controls and conform them to those of current business units. After all, the reason for the acquisition was the profitability of the acquired company and nobody wants to be accused of negatively impacting profitability, especially one that ‘mints money’.

The second example is one a bit closer to home and it is that of the General Motors (GM) legal department. In an article in the Wall Street Journal (WSJ) entitled “GM Says Top Lawyer to Step Down”, John D. Stroll and Joseph B. White, with contributions from Christopher Matthews and Joann S. Lublin, reported that GM General Counsel (GC) Michael Millikin will retire early next year. Millikin was criticized after the GM internal investigation found that he ran the GM legal department in such a hands off manner that he did not know about his legal department’s own settlements for product liability claims involving faulty ignition switches until February of this year. His defense was that his own lawyers “left him in the dark” even though there was evidence that he had been repeatedly warned, “GM could face punitive damage awards related to its failure to address the safety defect.” Missouri Senator Claire McCaskill summed up sentiment about Milliken with her statement “This is either gross negligence or gross incompetence.” In other words if you are a GC or CCO you had better know what is going on in your own department. What would it say about a CCO who did not know that compliance department members were dealing with violations of the FCPA without informing him or her? It would say that the CCO failed to exercise leadership and oversight.

And while you are watching things closely, you may want to check out a clip of Carlton Fisk’s famous homer by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 30, 2014

Discipline and Rigor in Your Internal Controls

DisciplineIn a recent New York Times (NYT) Op-Ed by David Brooks, entitled “The Good Order”, he discussed how routine can lead to creativity. He cited to the example of three well-known authors whose habits included the following. “Maya Angelou would get up every morning at 5:30 and have coffee at 6. At 6:30, she would go off to a hotel room she kept — a small modest room with nothing but a bed, desk, Bible, dictionary, deck of cards and bottle of sherry. She would arrive at the room at 7 a.m. and write until 12:30 p.m. or 2 o’clock.” Another example was John Cheever, who “would get up, put on his only suit, ride the elevator in his apartment building down to a storage room in the basement. Then he’d take off his suit and sit in his boxers and write until noon. Then he’d put the suit back on and ride upstairs to lunch.” Finally, there was the example of Anthony Trollope, who “would arrive at his writing table at 5:30 each morning. His servant would bring him the same cup of coffee at the same time. He would write 250 words every 15 minutes for two and a half hours every day. If he finished a novel without writing his daily 2,500 words, he would immediately start a new novel to complete his word allotment.” Brooks thesis for his piece seemed to be summed up by a quote from Henry Miller (of all people), “I know that to sustain these true moments of insight, one has to be highly disciplined, lead a disciplined life.” Sort of gives a whole new meaning to the word ‘discipline’.

However moving back to somewhat salacious concepts, I thought about those words in the context of internal controls around a Foreign Corrupt Practices Act (FCPA) compliance program. Brooks’ thoughts on building and maintaining order inform today’s post. In the area of internal controls, I believe it is incumbent to consider not only the most obvious risk areas for your internal controls but also the universe of potential transactions within the operations of a particular company. Once again relying on my friend and internal controls expert Henry Mixon I queried him about some of the other types of internal controls a company should consider around gifts, travel, business courtesies and entertainment.

One area that companies need to be mindful of is corporate checks and wire transfers, in response to falsified supporting documentation, such as check requests, purchase orders, or vendor invoices. Here Mixon believes that the Delegation of Authority (DOA) is a critical internal control. So, for example a wire transfer of $X between company bank accounts in the US might require approval by the Finance Manager at the initiating location and one officer. However, a wire transfer of $X to the company’s bank account in Nigeria, could require approval by the Finance Manager, a knowledgeable person in the Compliance function, and one officer. The key is that the DOA should specify who must give the final approval for such an expense.

I asked Mixon about the situation where checks drawn on local bank accounts in locations outside the US “off books” bank accounts, commonly known as slush funds. Petty cash disbursements in locations outside the US – the unique control issues regarding locations outside the US will be discussed in a future podcast. Some petty cash funds outside the US have small balances but substantial throughput of transactions. In this instance, Mixon said that the DOA should address replenishment of petty cash funds in countries outside the US, as well as approval of expense reports for employees who work outside the US, including those who travel from the US to work outside US.

Another area for concern is travel, the reason for this being that a company’s corporate travel department and independent travel agencies can buy tickets, hotel rooms, etc., for non-employees. Mixon noted that internal controls might be needed to ensure policies are enforced when travel for non-employees can be purchased through a corporate travel department or through independent travel agencies. As was demonstrated with GlaxoSmithKline PLC (GSK) in China, a company must not discount the risk related to abuse of power internally and collusion with independent travel agencies. Mixon advises that you should implement procedures to ensure compliance with your company policies regarding payment of travel and related expenses for third parties, for not only visits to manufacturing or job sites but also any compliance restrictions that might be in place.

An area for fraud, corruption and corporate abuse has long been Procurement cards or “P Cards”. Mixon cautions that if your company uses procurement cards, assume this to be a very high-risk area, not just for FCPA but also for fraud risk generally. Banks have made a great selling job to corporations for the use of P-Cards to help to facilitate “cash management” but, more often than not, they can simply be a streamlined way to allow embezzlement and misbehavior to go undetected. Here a control objective should be put in place along the lines of a written policy and procedures defining the acceptable and unacceptable use of company Procurement Cards, required forms, required approvals, documentation and review requirements.

An interesting analogy that Mixon used is that misbehavior, like water, seeks its own level. Mixon explained that this meant if the pre-approval process and strong controls over expense reports prevent misbehavior, employees who wish to misbehave will seek other ways to do it where controls are not so strong. This means you should use your risk assessment process to help prioritize where controls are most needed. If your company prohibits gifts and any travel other than for the submitting employee from being included in the expense report, you should consider requiring instead a check request form be used, which, Mixon noted, would be subject to stringent controls. He added that in such cases a checklist should be completed and attached to the check request which includes questions and disclosures designed to flush out exactly what was provided in the way of a business class airline, pocket money, event tickets, side trips, leisure activities, spouses or other relatives who might be traveling and why the travel had business purpose. Such an internal control would allow for a more streamlined processing of expense reports and still elevates the gifts/travel items to the appropriate level of review and requires appropriate documentation.

I inquired as to why a Compliance Officer relies on the audit controls that are in place regarding gifts because in many companies, internal audits of expense reports are common. Mixon noted that it is important to keep in mind that, with respect to gifts, internal audits most often constitute, at best, a detect control, which only gives comfort for some historical period and is not necessarily representative of the controls in place to prevent future violations. So, it will be a false sense of security if a Compliance Officer relies on the internal audit of expense reports to be the control needed over violation of Gift policies.

I thought about one line in Brooks’ piece, which seemed to echo Mixon’s thoughts on internal controls, where Brooks wrote, “Building and maintaining order…requires toughness of mind and rigid discipline to properly serve your own work.” By having the rigor to institute and enforce the types of internal controls Mixon has identified, you can go a long way towards detecting and more importantly preventing a FCPA violation from occurring.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

August 25, 2014

Trying Something Different – the Desktop Risk Assessment

IMG_0774How many among you out there are sushi fans? Conversely, how many out there consider the idea of eating raw fish right up there with going into to the dentist’s office for some long overdue remedial work? One’s love or distaste for sushi was used as an interesting metaphor for leadership in this week’s Corner Office section of the New York Times (NYT) by Adam Bryant, in an article entitled “Eat Your Sushi, and Expand Your Horizon”, where he profiled Julie Myers Wood, the Chief Executive Officer (CEO) of Guidepost Solutions, a security, compliance and risk management firm. Wood said her sushi experience relates to advice she gives college students now, “One thing I always say is “eat the sushi.” When I had just graduated from college, I went with my mom to Japan. We had a wonderful time, but I refused to eat the sushi. Later, when I moved to New York, I tried some sushi and loved it. The point is to be willing to try things that are unfamiliar.”

I thought about sushi and trying something different in the context of risk assessments recently. I think that most compliance practitioners understand the need for risk assessments. The FCPA Guidance could not have been clearer when it stated, “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.” Many compliance practitioners have difficulty getting their collective arms about what is required for a risk assessment and then how precisely to use it. The FCPA Guidance makes clear there is no ‘one size fits all’ for about anything in an effective compliance program.

One type of risk assessment can consist of a full-blown, worldwide exercise, where teams of lawyers and fiscal consultants travel around the globe, interviewing and auditing. However if there is one thing that I learned as a lawyer, which also applies to the compliance field, is that you are only limited by your imagination. So using the FCPA Guidance that ‘on one size fits all’ proscription, I would submit that is also true for risk assessments.

As with Wood’s admonition that you might want to try sushi even if you think you may not like it. I think that there are several different types of risk assessments that can be used to help to advance your compliance regime going forward. This means that if you do not have the time, resources or support to conduct a worldwide risk assessment annually, you can take a different approach. You might try assessing other areas annually through a more limited focused risk assessment, which a colleague of mine calls the Desktop Risk Assessment.

Some of the areas that such a Desktop Risk Assessment could inquire into might be the following:

  • Are resources adequate to sustain a culture of compliance?
  • How are the risks in the C-Suite and the Boardroom being addressed?
  • What are the FCPA risks related to the supply chain?
  • How is risk being examined and due diligence performed at the vendor/agent level? How is such risk being managed?
  • Is the documentation adequate to support the program for regulatory purposes?
  • Is culture, attitude (tone from the top), and knowledge measured? If yes, can we use the information enhance the program?
  • Disciplinary guidelines – Do they exist and has anyone been terminated or disciplined for a violating policy?
  • Communication of information and findings – Are escalation protocols appropriate?
  • What are the opportunities to improve compliance?

There are a variety of materials that you can review from or at a company that can facilitate such a Desktop Risk Assessment. You can review your company’s policies and written guidelines by reviewing anti-corruption compliance policies, guidelines, and procedures to ensure that compliance programs are tailored to address specific risks such as gifts, hospitality and entertainment, travel, political and charitable donations, and promotional activities.

You could assess your company’s senior management support for your compliance efforts through interviews of high-level personnel such as the Chief Compliance Officer (CCO), Chief Financial Officer (CFO), General Counsel (GC), Head of Sales, CEO and Board Audit or Compliance Committee members to assess “tone from the top”. You can examine resources dedicated to compliance and also seek to understand the compliance expectations that top management is communicating to its employee base. Finally, you can gauge operational responsibilities for compliance.

Such a review would lead to the next level of assessment, which would be generally labeled communications within an organization regarding compliance. You can do this by assessing compliance policy communication to company personnel but even more so by reviewing such materials as compliance training and certifications that employees might have in their files. If you did not yet do so, you should also take a look at statements by senior management regarding compliance, such as actions relating to terminating employees who do business in compliance but do not make their quarterly, semi-annual or annual numbers set in budget projections.

A key element of any best practices compliance program is internal and anonymous reporting. This means that you need to review mechanisms on reporting suspected compliance violations and then actions taken on any internal reports, including follow-ups to the reporting employees. You should also assess whether those employees who are seeking guidance on compliance for their day-to-day business dealings are receiving not only adequate but timely responses.

I do not think there is any dispute that third parties represent the highest risk to most companies under the FCPA, so a review of your due diligence program is certainly something that should be a part of any risk assessment. But more than simply a review of procedures for due diligence on third party intermediaries, you should also consider the compliance procedures in place for your company’s mergers and acquisitions (M&A) team; focusing on the pre-acquisition phase.

One area that I do not think gets enough play, whether in the FCPA Inc. commentary or in day-to-day practice is looking at what might be called employee commitment to your company’s compliance regime. So here you may want to review your compliance policies regarding employee incentives for compliance. But just as you look at the carrots to achieve compliance with your program, you should also look at the stick, in the form of disciplinary procedures for violations. This means you should see if there have been any disciplinary actions for employee compliance violations and then determine if such discipline has been applied uniformly. If you discipline top sales people in Brazil, you have to discipline your top sales folks in the US for the same or similar violations.

This list is not intended to be a complete list of items, you can pick and choose to form some type of Desktop Risk Assessment but hopefully you can see some of the things areas you can assess. In his article on Ms. Woods, Bryant quoted her for the following key trait she observed from successful leaders, “They were able to identify and focus on core things. When you go into an agency or a company, there are a million things you could fix. But you can’t fix everything, so you make a decision about your priorities, and then you act on them.” A Desktop Risk Assessment may well help you to do so.

If you aim to perform an annual Desktop Risk Assessment with a full worldwide risk assessment every two years or so, you should be in a good position to keep abreast of compliance issues that may change and need more or greater risk management. And do not forget the that the FCPA Guidance ends its section on risk with, “When assessing a company’s compliance program, DOJ and SEC take into account whether and to what degree a company analyzes and addresses the particular risks it faces.” Finally, if you never have tried sushi, I urge you to do so as it not only tastes good but its good for you as well.

==============================================================================================================================================================================================================================================

On Tuesday, August 26th I will be co-presenting with Marie Patterson VP Marketing for Hiperos on a webinar focusing on GSK in China-One Year Later. I will review the continued saga of the GSK corruption investigation in China, the Humphreys’ and Wu convictions and what it means for your compliance program going forward. The event is free and begins at 1 PM EDT. I hope that you can join us. For details and Registration, click here.

==============================================================================================================================================================================================================================================

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

« Previous PageNext Page »

Blog at WordPress.com.