OECD | FCPA Compliance and Ethics Blog

July 13, 2015

Great Structures Week I: Vitruvius, the Brooklyn Bridge and Compliance

Filed under: Best Practices,Bribery Act,Compliance,Compliance and Ethics,compliance programs,Department of Justice,FCPA,FCPA Guidance,OECD,Ten Hallmarks of an Effective Compliance Program — tfoxlaw @ 12:01 am
Tags: best practices, Bribery Act, compliance programs, Department of Justice, DOJ, OECD, The Teaching Company, Vitruvius

I recently completed a course from The Teaching Company, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. It was a wonderful learning experience about some of the world’s greatest structures and the development of structural engineering throughout history. As I worked my way through the course, it occurred to me that many structural engineering concepts are apt descriptors for an anti-corruption compliance program. So today, I will begin the ‘Great Structures Week’ as an entrée into an appropriate topic for your Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-corruption/anti-bribery compliance program. Each day I will discuss a structural engineering concept together with one my favorite examples from Professor Ressler’s course.

To open the series I will consider what makes a structure great. Marcus Vitruvius Pollio (Vitruvius) was a Roman author, architect, and civil engineer during the 1st century BC, known for his work entitled De Architectura. Vitruvius is famous for proclaiming that a structure must exhibit the three qualities of firmitas, utilitas and venustas, meaning that it must be solid, useful and beautiful. These are sometimes termed the Vitruvian Triad and today these are loosely translated that great constructions must have form, function or structure. Form is the arrangement of space and harmony. Function is the measure of usefulness. Structure contains innovative techniques in its creation.

My favorite example of a structure that incorporates all three of these concepts is the Brooklyn Bridge. The beauty of the form follows the functions of the scientific principles that underlie the bridge’s structure. As Ressler noted “Each element of the form of the Brooklyn Bridge serves a structural purpose based on mathematical principles.” First the form itself is one of great beauty. The function remains the same, even if the modes of transport have evolved; the Bridge was designed to carry people from Brooklyn to Manhattan. Yet as Ressler notes, “beyond the aesthetic, these features are a direct reflection of the scientific principles underlying the bridge’s design. They are, in a word, structure – a system of load carrying elements that cause the bridge to stand up.” We have a graceful and elegant design, which operates to safely conduct people over the Hudson River, through an engineering design that allows the structure to act as intended.

This convergence of Vitruvius’ tripartite view of what makes a great structure is an appropriate analogy for a best practices anti-corruption compliance program to facilitate compliance with the FCPA, UK Bribery Act or similar regime. Over the years both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear that each company should have a compliance program that fits its needs. Indeed, in the FCPA Guidance, it could not have been made clearer when it stated, “Individual companies may have different compliance needs depending on their size and the particular risks associated with their businesses, among other factors. When it comes to compliance, there is no one-size-fits-all program.” The Guidance goes on to state the obvious when it notes, “companies may consider a variety of factors when making their own determination of what is appropriate for their specific business needs. Indeed, small- and medium-size enterprises likely will have different compliance programs from large multi-national corporations”.

The Guidance goes on to note, “Compliance programs that employ a “check-the-box” approach may be inefficient and, more importantly, ineffective. Because each compliance program should be tailored to an organization’s specific needs, risks, and challenges, the information provided below should not be considered a substitute for a company’s own assessment of the corporate compliance program most appropriate for that particular business organization. In the end, if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately.”

Yet when viewed through Vitruvius’ prism, it is clear that an anti-corruption compliance program is much more holistic, with form, function and structure. A good compliance program is really about good financial controls. I think this is one outlook of FCPA compliance which is not discussed enough. Stanley Sporkin, in many ways the progenitor of the law, recognized that if a company was going to engage in corruption it would have to hide such activity through falsified books and records. Hence, he articulated the basis for having the accounting provisions included when Act was originally written and enacted into law. These provisions include both the books and records provision and the internal controls provision. The Guidance says, “the accounting provisions ensure that all public companies account for all of their assets and liabilities accurately and in reasonable detail”. So the form of a compliance program should be largely in financial controls that are baked into a company.

The formula of a compliance program can follow several forms. It can be based on the Ten Hallmarks of an Effective Compliance Program from the FCPA Guidance, the Six Principles of Adequate Procedures as contemplated by the UK Bribery Act; the OECD 13 Good Practices or other formulations such as the Five Elements of an Effective Compliance Program developed by Stephen Martin and Paul McNulty from the law firm of Baker & McKenzie. The form of any of these articulations meets the Vitruvius definition.

Next is the function. Here I think it is appropriate to consider what the FCPA Guidance says regarding internal controls, that being “Internal controls over financial reporting are the processes used by companies to provide reasonable assurances regarding the reliability of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organization regarding integrity and ethics; risk assessments; control activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitoring.” Moreover, “the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.” This language points to function of any best practices compliance program, to make the company a better-run company.

Finally, in the area of structure it is incumbent to recall that any best practices anti-corruption compliance program continues to evolve. It evolves with technological innovations such as transaction or continuous controls monitoring. But a compliance program must evolve as your company evolves. Changing commercial realities and conditions can create new or increased FCPA compliance risks. Your compliance program needs to be able to detect, assess and manage new risk as your business creates new products; moves into new territories or develops new sales channels. The FCPA Guidance states, “They are dynamic and evolve as the business and the markets change.” To do so, “a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its industry.”

For a review of what goes into a best practices compliance program, I would suggest you check out my book, entitled “Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program”, which is available through Compliance Week. You can review the book and obtain a copy by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Leave a Comment

July 6, 2015

The All-Star Game and Tone at the Top

Filed under: Best Practices,Bribery Act,compliance programs,Department of Justice,FCPA,FCPA Guidance,OECD,Ten Hallmarks of an Effective Compliance Program,Tone at the Top — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, Department of Justice, DOJ, FCPA, Foreign Corrupt Practices Act

Today is the 83^rd anniversary of the initial Major League Baseball (MLB) All-Star Game, which took place on this date in 1933, in Chicago’s Comiskey Park. The brainchild of a determined sports editor, the event was designed to bolster the sport and improve its reputation during the darkest years of the Great Depression. The sports editor of the Chicago Tribune convinced his owner to allow him to lobby for the game with MLB’s Commissioner, Kenesaw Mountain Landis, and the owners. To win over the public, they allowed fan balloting for the Game’s players. The proceeds went to a charity for retired baseball players. The Game was a rousing success and has continued as an institution to this day.

The conception and execution of the first All-Star Game shows what a committed tone from top management can create. Last week I wrote a couple of posts dealing with the tone for an organization around compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA); one on tone in the middle and one on tone at the bottom. As usual, when I begin writing about a topic, I do not seem to be able to start where I thought I would end. So today, with the anniversary of the first MLB All-Star Game in mind, I decided to round out my triumvirate of posts by concluding with some thoughts on Tone at the Top and the reasons why it is so important to any anti-corruption compliance program.

Quite simply, any compliance program starts at the top and flows down throughout the company. Before you arrive at tone in the middle and bottom, it must start with a commitment at the top. All regulatory schemes for anti-corruption compliance recognize this key hypothesis. The concept of an appropriate tone at the top is in the US Sentencing Guidelines for organizations accused of violating the FCPA; the FCPA Guidance; the UK Bribery Act’s Six Principles of Adequate Procedures; and the OECD Good Practice Guidance on Internal Controls, Ethics and Compliance (OECD Good Practices). The reason all of these guidelines incorporate it into their respective practices is that all employees look to the top of the company to see what is important.

The US Sentencing Guidelines reads:

High-level personnel and substantial authority personnel of the organization shall be knowledgeable about the content and operation of the compliance and ethics program … and shall promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

The OECD Good Practices reads:

strong, explicit and visible support and commitment from senior management to the company’s internal controls, ethics and compliance programs or measures for preventing and detecting foreign bribery;

The UK Bribery Act’s Six Principles of Adequate Procedures reads:

The top-level management of a commercial organisation (be it a board of directors, the owners or any other equivalent body or person) are committed to preventing bribery by persons associated with it. They foster a culture within the organisation in which bribery is never acceptable.

The FCPA Guidance, under the section entitled “Commitment from Senior Management and a Clearly Articulated Policy Against Corruption”, states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company. Managers and employees take their cues from these corporate leaders. Thus, DOJ and SEC consider the commitment of corporate leaders to a “culture of compliance” and look to see if this high-level commitment is also reinforced and implemented by middle managers and employees at all levels of a business.” But the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) expect more than simply to have senior management say the right things. They both expect that such message will be pushed down the ranks of an enterprise so that “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards. Compliant middle managers, in turn, will encourage employees to strive to attain those standards throughout the organizational structure. In short, compliance with the FCPA and ethical rules must start at the top. DOJ and SEC thus evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”

The FCPA world is riddled with cases where the abject failure of any ethical “Tone at the Top” led to enforcement actions and large monetary settlements. In the two largest monetary settlements of enforcement actions to date, Siemens and Halliburton, for the actions of its former subsidiary KBR, the government specifically noted the companies’ pervasive tolerance for bribery. In the Siemens case, for example, the SEC noted that the company’s culture “had long been at odds with the FCPA” and was one in which bribery “was tolerated and even rewarded at the highest levels”. Likewise, in the Halliburton matter, the government noted that “tolerance of the offense by substantial authority personnel was pervasive” throughout the organization.

So how can a company overcome these employee attitudes and set, or re-set, its “Tone at the Top”? In a 2008 speech to the State Bar of Texas Annual Meeting, reprinted in Ethisphere, Larry Thompson, PepsiCo Executive Vice President (EVP) of Governmental Affairs, General Counsel (GC) and Secretary, discussed the work of Professor Lynn Sharp at Harvard. From Professor Sharp’s writings, Mr. Thompson cited five factors, which are critical in establishing an effective integrity program and to set the right “Tone at the Top”.

The guiding values of a company must make sense and be clearly communicated.
The company’s leader must be personally committed and willing to take action on the values.
A company’s systems and structures must support its guiding principles.
A company’s values must be integrated into normal channels of management decision-making and reflected in the company’s critical decisions.
Managers must be empowered to make ethically sound decisions on a day-to-day basis.

David Lawler, writing in his book “Frequently Asked Questions in Anti-Bribery and Corruption”, boiled it down as follows “Whatever the size, structure or market of a commercial organization, top-level management’s commitment to bribery prevention is likely to include communication of the organization’s anti-bribery stance and appropriate degree of involvement in developing bribery prevention procedures.” Lawler went on to provide a short list of points that he suggests senior management engage in to communicate the type of tone to follow an anti-corruption regime. I had a Chief Executive Officer (CEO) of a client who, after I described his role in a best practices compliance program, observed, “You want me to be the ambassador for compliance.” I immediately averred in the affirmative. The following is a list of things that a CEO can do as an ‘Ambassador of Compliance’:

Reject a ‘do as I say, not as I do’ mentality;
Not just ‘talk-the-talk’ but ‘walk-the-walk’ of compliance;
Oversee creation of a written statement of a zero tolerance towards bribery and corruption;
Appoint and fully resource, with money and headcount, a Chief Compliance Officer (CCO);
Oversee the development of a Code of Conduct and written compliance program implementing it;
Ensure there are compliance metrics on all key business reports;
Provide leadership to middle managers to facilitate filtering of the zero tolerance message down throughout the organization;
Not only have a whistleblowing, reporting or speak up channel but celebrate it;
Keep talking about doing the right thing;
Make sure that you are seen providing your CCO with access to yourself and the Board of Directors.

Coming at it from a different perspective, author Martin Biegelman provides some concrete examples in his book, entitled “Building a World Class Compliance Program – Best Practices and Strategies for Success”. He begins the chapter discussed here with the statement “The road to compliance starts at the top.” There is probably no dispute that a company takes on the tone of its top management. Biegelman cites to a list used by Joe Murphy regarding actions a CEO can demonstrate to set the requisite tone from the Captain’s Chair of any business. The list is as follows:

Keep a copy of the Constitution on your Desk. Have a dog-eared copy of your company’s Code of Conduct on your desktop and be seen using it.
Clout. Make sure your compliance department has authority, influence and budget within the company. Have your Chief Compliance Officer report directly to the Board of Directors.
Make them Accountable. At Senior Executive meetings, have each participant report on what they have done to further the compliance function in their business unit.
Sticks and Carrots. Have both sanctions for violation of company compliance and ethics policies and incentives for doing business in a compliant manner.
Don’t do as I say, Do as I do. Turn down an expensive dinner or trip offered by a vendor. Pass on a gift that you may have received. Turn down a transaction based upon ethical considerations.
Be a Student. Be seen at intra-company compliance training. Take a one or two day course or attend a compliance conference outside your organization.
Award Compliance. You should recognize outstanding compliance efforts with companywide announcements and awards.
The Board. Recruit a nationally known compliance expert to sit on your company’s Board and chair the audit or compliance committee.
Independent Review. Obtain an independent, outside review of your company’s compliance program and report the results to the Board’s Audit Committee.
Vendors. Mandate that all vendors in your Supply Chain embrace compliance and ethics as a business model. If not, pass on doing business with them.
Network. Talk to others in your industry and your peers on how to improve your company’s compliance efforts.

Many companies struggle with some type of metric that can be used for upper management regarding compliance and communication of a company’s compliance values. One technique might be to require the CEO to post companywide emails or other communications once a quarter on some compliance related topic. The CEO’s direct reports would then also be required to email their senior management staff a minimum of once per quarter on a compliance topic. One can cascade this down the company as far as is practicable. Reminders can be set for each communication so that all personnel know when it is time to send out the message. If these communications are timely made, this metric has been met.

I hope that you can use some of the techniques for setting, creating and moving an appropriate tone for compliance throughout your organization. And, of course, enjoy the 2015 All-Star Game. Although the Astros now play in the American League (AL), my heart is still with the National League (NL).

© Thomas R. Fox, 2015

Leave a Comment

December 10, 2014

The Nobel Prize and FCPA Enforcement Going Forward

Filed under: Compliance,Compliance and Ethics,Department of Justice,FCPA,Financial Times,OECD,Wall Street Journal — tfoxlaw @ 12:01 am
Tags: Department of Justice, DOJ, Foreign Corrupt Practices Act, SEC, Wall Street Journal, WSJ

One hundred and 13 years ago on this date, the first Nobel Prizes were awarded in Stockholm, Sweden, in the fields of physics, chemistry, medicine, literature, and peace. The ceremony came on the fifth anniversary of the death of Alfred Nobel, the Swedish inventor of dynamite and other high explosives. In his will, Nobel directed that the bulk of his vast fortune be placed in a fund in which the interest would be “annually distributed in the form of prizes to those who, during the preceding year, shall have conferred the greatest benefit on mankind.” Although Nobel offered no public reason for his creation of the prizes, it is widely believed that he did so out of moral regret over the increasingly lethal uses of his inventions in war. The Royal Swedish Academy of Sciences decides the prizes in physics, chemistry, and economic science; the Swedish Royal Caroline Medico-Surgical Institute determines the physiology or medicine award; the Swedish Academy chooses literature; and a committee elected by the Norwegian parliament awards the peace prize. The Nobel Prizes are still presented annually on December 10, the anniversary of Nobel’s death. Each Nobel Prize carries a cash prize of nearly $1,400,000 and recipients also received a gold medal, as is the tradition.

Just as important in the area of anti-corruption and anti-bribery is the Organization for Economic Development and Cooperation (OECD). Earlier this month the OECD issued a report entitled “Foreign Bribery Report-An Analysis of the Crime of Bribery of Foreign Public Officials”. To say the findings were eye opening, if not disheartening, would be to put it mildly. As reported by Shawn Donnan in the Financial Times (FT), in an article entitled “Big companies blamed for most of the world’s bribery cases”, he said that “Large companies and their senior managers are responsible for the vast majority of the world’s bribery cases and are giving up a third of their profits from related projects to corrupt officials”. Donnan summarized the reports key findings as follows:

Companies with more than 250 employees accounted for 60 per cent of the cases of corruption studied. In 31 per cent of the cases the companies brought the bribes to the attention of authorities themselves. In just 2 per cent of the cases were whistleblowers involved.
The cost of bribes averaged 10.9 per cent of the value of the related transaction and 34.5 per cent of the profits. The largest bribes paid in a single case were worth $1.4bn. The smallest were valued at just $13.17.
A majority of the bribery cases involved company executives. Managers were involved in 41 per cent of the cases. A further 12 per cent involved the president or chief executive officer of a company.
Corruption is not just a poor world phenomenon. Almost half the cases studied involved bribery of public officials from countries with “high” or “very high” levels of human development.
The number of bribery cases brought around the world has grown substantially since 1999 but has fallen in the past two years after reaching a peak of 68 annually in 2010. Moreover, the time needed to prosecute cases has risen substantially from an average of 2 years in 2003 to 7.3 years in 2013.
Executives at state-owned companies accounted were the target of almost three in 10 bribes while customs officials accounted for just 11 per cent. Almost 60 per cent of the bribes were paid in order to obtain government contracts.
More than two-thirds of all sanctions levied were the result of legal settlements rather than convictions. In almost half the cases studied the fines levied were worth less than 50 per cent of the profits made by defendants as a result of the bribe.
Oil and mining companies on average paid bribes worth 21 per cent of the value of projects whereas those involved in the education sector or in water supply paid just 2 per cent.

I thought about the implications of these key findings in the context of Foreign Corrupt Practices Act (FCPA) enforcement going forward. At the 2014 Securities Enforcement Forum, held in October of this year, Jesse Eisenger reporting in the New York Times (NYT) DealB%k column, in an article entitled “In Turnabout, Former Top Regulators Assail Wall Street Watchdogs”, noted that white-collar defense lawyer Brad S. Karp, the chairman of Paul, Weiss, discussed some of the defense tactics that he uses when the government comes knocking against banks. “First, he pushes to move the charges to a subsidiary. Second, he tries to lower the charge. Third, he said, he focuses “on the powerful individuals in an organization” meaning that lawyers need to put top management first as they prepare a defense.”

Now consider those tactics in the context of the OECD report. Where do you think that the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) might look if they wanted to beef up enforcement? I ask this question because of a second article, which got my attention this week. In the Wall Street Journal (WSJ), Joel Schectman wrote a piece based upon in interview with University of Virginia School of Law professor Brandon Garrett, entitled “Professor Says Corporate Penalties Aren’t Working”. Schectman wrote, “many critics have said the government is still fighting companies with kid gloves.” Garrett delivered some direct criticisms when he was quoted as follows:

Of course, companies, like children, can’t go to jail. You can fine them, but the fines might not affect the right person. There is much more focus on rehabilitation compared with other areas of the criminal justice system.

What you can do with companies is supervise them strictly, not through the lenient means they are using. People would be really troubled if the most serious individual offenders were let out and told to just behave for a couple years without supervision. And that is what’s happening with companies. In cases that are not plea bargains, there is no probation, there is no court supervision of probation, and with these deferred and non-prosecution agreements, most of them are not even supervised by an independent monitor. Only a quarter get monitorships.

Most companies don’t have to audit their compliance to validate whether it’s working or not. Obviously a prosecutor is not in any position to obtain a sense of whether a big multinational company is complying with anything. Even a monitor needs a big international team working for them onsite to look at documents and interview employees.

Garrett does not seem to favor the DOJ going to trial but does believe that by getting a criminal plea in front of a court, the DOJ could use the resources and power of a federal court to deal with recidivists. Moreover, he believes that rehabilitation should be more rigorous and stated, “And if prosecutors aren’t getting anything more than the company’s assurance that it will do a systemic fix, that should leave us uneasy. We are starting to see recidivist banks and it’s looking like this compliance stuff isn’t working. A monitor isn’t a cure-all either. There are concerns about how a monitor is appointed. Do some of them go over budget without doing good work? But having someone independent seems a much better way to supervise compliance than rely on the company’s own assurance.”

What does all this mean for FCPA enforcement going forward? On the one hand you have the OECD saying the myth of the rogue employee is simply that, a myth. Corporations are intentionally violating anti-corruption laws such as the FCPA or certainly are aware of the conduct. Couple that with Garrett’s concerns that companies are getting off too easily and you may have a storm of more severe and stringent FCPA enforcement coming out of the DOJ and SEC. It may mean more and greater fines and penalties. It may mean greater use of external monitors who have unlimited budgets. It may mean more court supervision and interpretation of what compliance programs a company may implement going forward. It may mean longer and more thorough investigations as the DOJ and SEC strive to ascertain as much as they can that companies are remediating not only during the pendency of their investigations and enforcement actions but continue to do so while they are under resolution agreements such as Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs).

© Thomas R. Fox, 2014

Comments (1)

June 3, 2013

Competitive “(dis)advantage” and extraterritoriality of anti-bribery laws

Filed under: Best Practices,Bribery Act,compliance programs,EU,FCPA,OECD — tfoxlaw @ 1:01 am

Ed. Note-I was recently interviewed by Branislav Hock, a Research Master in Law Tilburg University in The Netherlands in connection with his graduate studies. After the interivew, I asked if he could write a blog post which discuss his research. The following is our first guest post from a University student in The Netherlands.

Bribery, including its various forms such as political contributions or gift giving, is a widespread phenomenon when doing business abroad, including trade and foreign investment. The Anti – Bribery Convention (the Convention) of the Organisation for Economic Cooperation and Development (OECD) seeks to address these concerns by obliging its signatory states to prohibit firms from bribing foreign government officials in order to obtain or retain business.[i] However, in many emerging countries, bribery of foreign public officials is under-regulated and often even not criminalized at all. In this context, it has been argued that firms from such emerging countries therefore enjoy an advantage over firms from OECD Convention signatories, as they are free to bribe without bearing any liability (so-called ‘free-rider’ problem). This argument is also supported by the results of several macro-economic studies. However, this article argues that in the light of new dynamics of a global anti-bribery enforcement regime, economic assumptions pointing to the problem of competitive disadvantage are disputable because its effects are different.
Are OECD Firms “Leaving” Emerging Markets Because of Anti-Bribery Laws?

Despite the relatively long existence of the Convention, its enforcement was sporadic. However, after 2006 the United States has increased the enforcement enormously. The U.S. Department of Justice and the U.S. Securities and Exchange Commission conducted in average 2.4 enforcement actions per year between the years 1998 – 2006. It increased to average 12.6 enforcement actions between the years 2007 – 2012. The U.S. authorities imposed in penalties $87 million in 2007 while in 2010 already $1.8 billion.[ii] In this context, the business community and some academics argue that current enforcement is too aggressive and that it undermines value maximizing investments of OECD firms in highly corrupted markets.[iii] Indeed, this argument might seem really strong because it is also supported by empirical evidence.

Economic studies at the macro-level points towards the relationship between the level of corruption and the inflow of foreign direct investments (FDIs). One notable study found out that inflow of FDIs and the level of corruption are in a negative relation when the investors are OECD firms. Conversely, non-OECD firms invest relatively more in markets with high level of corruption.[iv] In other words, according to these studies the aggressive enforcement of OECD-based anti-bribery laws pushes “good” firms to leave “corrupted” emerging markets. In this context, some legal scholars even argue that the effect of anti-bribery enforcement (in particular enforcement of the U.S. Foreign Corrupt Practices Act – FCPA) might be understood as an imposition of unintended economic sanctions against emerging markets.[v]

Competitive (Dis)advantage?

If we look at the global business arena from a wider perspective, the problem of under-regulation of transnational bribery is not special. Increasing importance of corporate social responsibility and stress on ethical business practices make it that soft-law responsibilities are continuously being transformed into hard-law obligations. This transformation of “good business practices” into legal institutions is just a natural sign of social dynamics which is common in many legal areas such as human rights or environmental law. These processes by their nature also influence the way the business in a global arena is done. It is as common as the voice of the business community which is repeatedly complaining on unfair rules of the game when the playing field is levelled by imposition of new legal obligations.[vi]

Moreover, understanding law and legal rules in the way that they have definite purpose or that they lead to definite consequence might be naïve. This view does not take into consideration the dynamic nature of the global business and constructive role of businesses themselves. There are at least two contra-arguments which need to be presented in order to put the above mentioned claim, that emerging countries enjoy an advantage over firms from OECD Convention signatories because of OECD-based anti-bribery laws, under question.

Firstly, national enforcement authorities from OECD Convention signatories have interpreted the Convention so as to endow them broad extraterritorial jurisdiction.[vii] Jurisdiction will be asserted over free-rider firms on the basis that such firms, for example, have assets in the OECD Convention signatory country or are even partially owned by nationals from that signatory. For instance, U.S. authorities have used such arguments to claim jurisdiction to investigate and eventually punish foreign firms for their operations outside the United States.[viii] I believe that broad extraterritorial enforcement of OECD-based anti-bribery laws which was started by the U.S. motivated also other countries to be active. Increasingly, across the globe, many of the countries such as Russia or China have now passed their own laws. Moreover, it seems that they have even ability and desire to enforce them actively as was proclaimed – at least I have noticed that – during the Anti-Corruption Conference for G20 Governments and Business (organized by the Russian Presidency).[ix] Therefore, it is becoming much more difficult to escape from the widening reach of the anti-bribery net and “use” legal gaps for the free riding.

Secondly, relation between law and business competition in the global market cannot be seen as a static concept; it is always moving. Firms are constantly trying to beat their competitors, therefore businesses always respond to the upcoming competitive discourse by finding the way how to transform it into a business advantage; law seems to be a great material for such a transformation. In this context, Thomas Fox, in the interview for my research project, had the following observation: “…obviously the FCPA applies to American companies no question, but if the Chinese company wants to do business with the American company they need to comply with the FCPA because American company is responsible at the end of the day and it’s really a business solution to the political or social problem of corruption so it is becoming more and more common that any company outside the U.S. who wants to do business with U.S. company might have some type of compliance program at place to satisfy U.S. authorities.”

In other words, functioning of OECD-based anti-bribery laws goes beyond the limits of traditional legal boundaries. It can be seen that the positive effect of extraterritoriality helps significantly to mitigate the free-rider problem arising from under-regulation of transnational bribery.[x] This is because in the context of economic and business globalisation, OECD-based anti-bribery laws are directly applicable to a widening range of foreign firms.[xi] Moreover, existing regulatory gaps are often filled by private contractual arrangements (indirect application) as any foreign firm which wants to do business with OECD firms is forced by its OECD business partners not to bribe. This new enforcement dynamics of anti-bribery laws has so far not been the subject of consistent empirical research. I believe that development of such kind of conceptual model could serve as an interesting ground for an empirical test of positive extraterritorial effects of OECD-based anti-bribery laws. It would help to better understand what extraterritoriality is and what should be its role in the global anti-bribery enforcement regime. Moreover, it would contribute to better compliance with the Convention as it will decrease the uncertainty currently connected with enforcement and application of anti-bribery laws.

Towards New Difficulties?

It has been said that extraterritoriality of OECD-based anti-bribery laws helps to mitigate the free-rider problem. However, it is not an aim of this article to claim that the new dynamics of the global enforcement regime does not cause any potential problems. It might also generate negative effects related to protectionism due to the lack of enforcement coordination between anti-bribery authorities. In this context, Thomas Fox in our interview expressed one of the problems as follows: “What the companies are struggling with now is if you have a U.S. investigation and enforcement action, then years later you have a German one and years after that you have one in West-Africa. They do not have certainty when it is going to end. Just for your consideration it should mentioned that as the Convention has no enforcement mechanism the enforcement authority of country A could tend to exploit its extraterritorial jurisdiction in order to target mostly foreign bribery arising from firms from other countries (say B, C or D), thereby putting firms from country A at a competitive advantage. In return, the enforcement authorities from B, C or D can then either try to coordinate with those of A or enter into a retaliatory pattern of enforcement against firms from A. It could lead then to serious enforcement defects which could cause ineffectiveness of the whole OECD anti-bribery enforcement mechanism. However, it would be within the scope of this contribution to elaborate on this issue in more depth.

To Conclude…

Based on the arguments stated above, I see the problem of the large “anti-bribery gaps” in emerging markets as a classical element of “global transformation of competitive advantage”. The levelled playing field always create an opportunity for businesses to better react on new circumstances than their competitors. It is actually what “smart competitors” are looking for. The voices claiming that the aggressive enforcement of OECD-based anti-bribery laws pushes “good” firms to leave “corrupted” emerging markets are based on economic assumptions which are used to answer a legal question. However, these economic assumptions are doubtful because the effects are and must be (at least in a long term) different. Hence, accepting a general concept that OECD firms can’t effectively compete in emerging markets if they don´t bribe and do business fairly might seem to be overstated.

Branislav Hock obtained his LL.M. in Law and Jurisprudence at Charles University in Prague, Czech Republic. Currently, he is a Research Master student in Law at Tilburg University, in The Netherlands, where he prepared his PhD proposal “Extraterritorial Effects of OECD-based Anti-Bribery Laws in Theory and Practice: from Free-Riders to Protectionism? He is also an editor of the Tilburg Law Review. He can be reached via email, b.hock@tilburguniversity.edu. He would welcome any comments or questions about this article.

[i] See Article 1 of the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (came into force on 15 February 1999 and as of May 1, 2013, has been adopted by 40 countries). The Convention focuses only on the supply side of bribery.

[ii] See Choi, S. J. and Davis, K. E. (2012). Foreign Affairs and Enforcement of the Foreign Corrupt Practices Act. NYU Law and Economics Research Paper No. 12-15; NYU School of Law, Public Law Research Paper No. 12-35; See also Runnels, M.B., & A.M. Burton. 2012. “The Foreign Corrupt Practices Act and New Governance: Incentivizing Ethical Foreign Direct Investment in China and Other Emerging Economies”. Cardozo Law Review. 34 (1): 295-328.

[iii] See Spalding, A.B. (2010). Unwitting Sanctions: Understanding Anti-Bribery Legislation as Economic Sanctions Against Emerging Markets”. Florida Law Review. 62 (2): 351-428; Dalton, M.M. (2006). Efficiency v. Morality: The Codification of Cultural Norms in the Foreign Corrupt Practices Act. New York University Journal of Law and Business, Vol. 2; Westbrook A. D. (2011). “Enthusiastic Enforcement, Informal Legislation: The Unruly Expansion of the Foreign Corrupt Practices Act”. Georgia Law Review. 45 (2): 489-579.

[iv]Cuervo-Cazurra, A. (2006). Who cares about corruption? Journal of International Business Studies, 37, 6, 807-822.

[v] Spalding (2010) supra note 3.

[vi] See among others McBarnet, D. (2010). Transnational Transactions: Legal Work, Cross-Border Commerce and Global Regulation, 369-386. In Masson, A., & Shariff, M. J. Legal strategies: How corporations use law to improve performance. Berlin: Springer.

[vii] For the purposes of this article, extraterritoriality exists when an enforcement authority applies national laws for conduct occurring beyond the countries’ borders.

[viii] For example Rino International, a China-based issuer was investigated in 2008 for its business activities in China; See also US v. DPC (Tianjin) Co. Ltd. DPC; OECD firms are being investigated as well – Royal Dutch Shell was investigated and penalised by U.S. authorities for its operations in Nigeria. For more information see FCPA Blog, <www.fcpablog.com>.

[ix] Third Annual High Level Anti-Corruption Conference for G20 Governments and Business, 25-26 April 2013

[x] See Chow D. 2012. “China under the foreign corrupt practices act”. Wisconsin Law Review. 2012 (2): 573-608; Nichols P.M. 2012. “The Business Case for Complying with Bribery Laws”. American Business Law Journal. 49 (2): 325-368; Rose-Ackerman S., and Hunt S. 2012. “Transparency and Business Advantage: The Impact of International Anti-Corruption Policies on the United States National Interest”. NYU Annual Survey of American Law 67: 433-467.

[xi] Foreign firms are directly subjected to given national anti-bribery laws provided that they listed shares on one of OECD exchange markets

Leave a Comment

September 12, 2012

What’s Going On? Some Questions Regarding UK Regarding Anti-Bribery Enforcement

Filed under: Best Practices,Bribery Act,OECD,thebriberyact.com,Transparency International — tfoxlaw @ 1:01 am
Tags: Bribery Act, compliance, compliance programs, OECD

For my money, the greatest R&B single ever was Marvin Gaye’s 1971 smash hit “What’s Going On?” While I knew that Gaye, who died in 1984, had been posthumously inducted to the Rock and Roll Hall of Fame in 1987; I did not know that he had a a three-octave vocal range or that he was ranked at number 6 on Rolling Stone’s list of the Greatest Singers of All Time. Gaye also ranked high on music magazines’ lists, ranking at number 18 on the 100 Greatest Artists of All Time on the music magazine, Rolling Stone and he ranked number 20 on VH-1’s list of 100 Greatest Artists of All Time. See if you want to hear some of the most beautiful and heartfelt singing, head over to YouTube for a clip of Gaye belting out the classic.

I thought about the song’s title recently as over the past couple of weeks there have been some interesting articles appearing in interviews, reports and a London court ruling which raise some difficult questions as to just what may be going on at the UK Serious Fraud Office (SFO) regarding its enforcement of the UK Bribery Act and the ongoing ability of the SFO to bring enforcement actions for those companies which engage in bribery or otherwise violate the Bribery Act.

The Interview and Questions on Enforcement of Corporate Hospitality Requirements

It all began with an interview, given by David Green, Director of the SFO, to the Daily Mail on September 2. As reported in thebriberyact.com, Director Green said the following:

‘We are not interested in that sort of case. We are interested in hearing that a large company has mysteriously come second in bidding for a big contract. The sort of bribery we would be investigating would not be tickets to Wimbledon or bottles of champagne. We are not the “serious champagne office”.’

The briberyact.com guys, Barry Vitou and Richard Kovalevsky Q.C., made clear their feelings on this statement by Director Green when they said “Hopefully the latest comments from the new SFO Director will kill off some of the scaremongering that has gone before among the media and some legal advisers.” The Bribery Act and its corporate hospitality requirements are “not rocket science.” They believe that “Companies should put in place proper procedures to deal with corporate hospitality in line with SFO guidance. Broadly speaking, “this means companies should think about their corporate hospitality process, and pick a number above which approval is required. If you want you can pick some more numbers above which a higher level of approval is required.”

The Briberyact.com guys do not believe that the “SFO is unlikely to be bringing a stand alone Bribery Act prosecution over corporate hospitality.” They also believe that the key in justifying your actions with gifts and entertainment “is to be able to justify why you picked approval thresholds and that the policy is actually followed. Both should be well documented.” In other words, you should have a policy, follow that policy and then document whatever decisions that you make under your policy.

However, a contrary position was taken by Alexandra Wrage, President of Trace International, who wrote in a blog post in CorporateCounsel.com, entitled “When Governments Undermine Antibribery Compliance Efforts”. Wrage asked the following question regarding Director Green’s advice on corporate hospitality, “So where does Green’s advice leave in-house compliance officers?” She went on to state that she believed such advice left compliance practitioners “arguing for frugality in the face of a restrictive law that the SFO has announced it isn’t too bothered about enforcing. There are few U.S. compliance departments that would deem a day at Wimbledon as “reasonable” hospitality. In the U.S., the argument is: this is permitted, as long as we’re reasonable. The argument for companies with operations in the U.K. must be: this is not permitted under the law, but the SFO, at least for now, will not investigate such matters.” She ended her piece with the following, “It is difficult enough to guide a company through the morass of antibribery compliance when the threat of enforcement is real and management is focused not only on the ethics of the situation, but also legal risk. It is indeed more difficult when the enforcement agency itself makes light of the chances of prosecution and trivializes the very decisions with which compliance departments struggle. The UK Bribery Act may offer the clarity compliance officers have long hoped for, but it raises a new question for companies with U.K. operations that may be more challenging than the last: When do boundaries really matter to the SFO and, in turn, to employees?”

The TI Exporting Corruptions Report

On September 6, Transparency International (TI) published its 8th annual progress report on OECD Convention enforcement, entitled “Exporting Corruption”. The OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, adopted in 1997, requires each signatory country, of which the United Kingdom is a member, to make foreign bribery a crime. TI believes that such laws are a key instrument for curbing the export of corruption globally because the 39 signatory countries are responsible for two-thirds of world exports and three-quarters of foreign investment. The OECD Working Group on Bribery conducts a follow-up monitoring program which reviews the parties’ implementation of the Convention’s provisions. Nine to ten country reviews are issued each year. This 8^th annual progress report represents an independent assessment of the status of OECD Convention enforcement, based on reports from our national chapters in 37 OECD Convention countries (excluding Iceland and Russia). Countries are classified in four enforcement categories this year: Active, Moderate, Little and No enforcement.

TI opined in its report that “The UK Government must strengthen its anti-bribery effort by ensuring that the Serious Fraud Office (SFO) has adequate resources to investigate and prosecute bribery”. Although IT noted that under the Bribery Act, prosecutions had increased over the past year, “cutbacks to the SFO could see a decline in future UK enforcement. The Government has cut more than a third of the SFO’s budget in the last four years, hampering the prosecutor’s ability to tackle complex and damaging bribery cases.” Chandu Krishnan, Executive Director of Transparency International UK, was quoted in a Press Release as stating, “If the Government is serious about fighting corruption, it should not be cutting resources for enforcing the legislation designed to do just that. We must ensure that the SFO is not outgunned by those it should be prosecuting, who incidentally can usually afford the best legal advice available. The SFO should never be in a position where it is unable to investigate and prosecute cases due to a lack of resources.”

The Court Finding – Bribery as a (legal) way of doing business?

As reported in a Bloomberg.com post by Leonid Bershidsky, entitled “Russian Graft Goes Legit in London”, a London court recently found that influence-peddling in Russia is an “internationally recognized business arrangement.” In a recent decision, London’s Commercial Court found that the legal Russian concept of “krysha” where a “powerful person, often a government or law-enforcement official, who defends their interests and protects them from predators in return for a piece of the action” can be enforced in a English civil court. Bershidsky wrote that “Flimsy as the arrangement sounds, it’s how business is still often done in Russia when the help of a government official or facilitator is needed. I have personally seen such schemes in action. A private businessman, who is to all intents and purposes the owner of a business, takes on a raking bureaucrat as a silent and undocumented partner. The bureaucrat is not allowed to own his stake officially. He relies on his influence to guarantee that the businessman won’t ignore the arrangement.”

The plaintiff had sought to enforce a “krysha” arrangement where there was no written contract. The Court did not hold that such payments were bribes, corruption or otherwise illegal, but instead held there was not sufficient evidence of a binding contract. The invidious of this arrangement is clear in that money is being paid for ‘influence’ and such payments are kept “off-books” via an undeclared ownership structure. In other words, about as many Red Flags as you can get. If such arrangements are legal in Russia, why are they not anywhere else in the world?

All of the above may leave many compliance practitioners scratching their heads and wondering what is going on in the UK. Hopefully there will be some clarity, for the better, in the coming months.

© Thomas R. Fox, 2012

Comments (2)

September 9, 2012

The Five Essential Elements of a Corporate Compliance Program – Part II

Filed under: Adequate Procedures,Best Practices,Books and Records,Bribery Act,Communication,compliance programs,Department of Justice,FCPA,Internal Audit,OECD,Stephen Martin,Training,Uncategorized — tfoxlaw @ 1:10 pm
Tags: Bribery Act, compliance, Department of Justice, DOJ, FCPA, OECD, Risk Assessment

Tuesday morning, at the University Club of Chicago, Stephen Martin and I will co-present at a Foreign Corrupt Practices Act (FCPA) event hosted by Kreller. If you are in or near Chicago, I hope that you can join us for this presentation. The title of our presentation is “Anti-Corruption/FCPA Developments & Best Practices” and we will focus on a concept that Stephen and his partners at the law firm of Baker & McKenzie have developed which are five essential elements of a corporate compliance program. In Part I, I discussed the background to the development of the five essential elements. In today’s installment, Part II, I will detail the remaining elements in the five elements of an essential compliance program.

III. Standards and Controls

Generally, every company has three levels of standards and controls. (1) Code of Conduct. Every company should have a Code of Conduct which should express its ethical principles. However, a Code of Conduct is not enough. (2) Standards and Policies. Every company should have standards and policies in place that build upon the foundation of the Code of Conduct and articulate Code-based policies, which should cover such issues as bribery, corruption and accounting practices. (3) Procedures. Every Company should then ensure that enabling procedures are implemented to confirm those policies are implemented, followed and enforced.

FCPA compliance best practices now require companies to have additional standards and controls, including, for example, detailed due diligence protocols for screening third-party business partners for criminal backgrounds, financial stability and improper associations with government agencies. Ultimately, the purpose of establishing effective standards and controls is to demonstrate that your compliance program is more than just words on a piece of paper.

IV. Training

Another pillar of a strong compliance program is properly training company officers, employees and third parties on relevant laws, regulations, corporate policies and prohibited conduct. Simply conducting training usually is not enough. Enforcement officials want to be certain the messages in the training actually get through to employees. The Department of Justice’s (DOJ) expectations of effectiveness are measured by who a company trains, how the training is conducted and how often training occurs.

There are several key elements to training. First is that you need to train the right people. You must prioritize which audience to educate by starting your training program in higher risk markets and focus on directors, officers and sales employees who may have direct contact with government officials or deal with state-owned entities. Again, focus initially on training country managers in your company’s high-risk markets, then expand geographically and through the ranks of employees.

Second, in high risk markets and for high risk employees or third parties you should conduct live, annual training. Enforcement officials have made it clear that live, in-person training is the preferred method in high-risk markets and also that it should be regular and frequent. Another benefit of live training is the immediate feedback from employees that would be much less likely to occur during a webinar or other remote training. Lastly, during live training, employees are more likely to make casual mention of a potentially risky practice, giving you the opportunity to address it before it becomes a larger problem.

It is important that you pay attention to what employees say during training. This is because training can alert you to potential problems based on the type of questions employees ask and their level of receptiveness to certain concepts. For example, during training employees might ask specific questions about important compliance considerations such as their interactions with government officials or gift-giving practices. Such questions can raise red flags and uncover issues that should be reviewed and addressed quickly.

Thirdly, you should tailor your training to each country. This means that employing a generic script for compliance training is a mistake. To be effective, training programs should be customized by region, country, industry, areas of compliance and types of employee. In addition to Foreign Corrupt Practices Act (FCPA), UK Bribery Act, and OECD guidelines, focus on compliance risks in the country where the employees being trained are working. For example: In China, address the many corruption risks involved in dealing with state-owned entities.

V. Oversight – including monitoring, auditing and responses

The issue your company should focus on here is whether employees are staying with the compliance program. Even after all the important ethical messages from management have been communicated to the appropriate audiences and key standards and controls are in place, there should still be a question of whether the company’s employees are adhering to the compliance program. Two of the seven compliance elements in the US Sentencing Guidelines call for companies to monitor, audit and respond quickly to allegations of misconduct. These three highlighted activities are key components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs.

Many companies fall short on effective monitoring. This can sometimes be attributed to confusion about the differences between monitoring and auditing. Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. However, you should not assume that because your company conducts audits that it’s effectively monitoring. A robust program should include separate functions for auditing and monitoring. While unique in protocol, however, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For instance if you notice a trend of suspicious payments in recent monitoring reports from Indonesia, it may be time to conduct an audit of those operations to further investigate the issue.

Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local finance departments in your foreign offices to ask if they’ve noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage. Additionally the global compliance committee should meet or communicate as often as every month to discuss issues as they arise. These ongoing efforts demonstrate your company is serious about compliance.

Finally, as was emphasized again with the recent Pfizer Deferred Prosecution Agreement (DPA), your company should establish protocols for internal investigations and disciplinary action. The Pfizer “Enhanced Compliance Obligations” included the following on investigative protocols: (a) On-site visits by an FCPA review team comprised of qualified personnel from the Compliance, Audit and Legal functions who have received FCPA and anti-corruption training; (b) Review of a representative sample, appropriately adjusted for the risks of the market, of contracts with, and payments to, individual foreign government officials or health care providers, as well as other high-risk transactions in the market; (c) Creation of action plans resulting from issues identified during the proactive reviews; these action plans will be shared with appropriate senior management and should contain mandatory remedial steps designed to enhance anti-corruption compliance, repair process weaknesses, and deter violations; and (d) a review of the books and records of a sample of distributors which, in the view of the FCPA proactive review team, may present corruption risk. Prior to such an investigation, however, the company should have procedures – including document preservation protocols, data privacy policies, and communication systems designed to manage and deliver information efficiently – in place to make sure every investigation is thorough and authentic.

Finally, and consistent with Stephen Martin’s Baker & McKenzie partner Paul McNulty’s Maxim Three (What did you do about it?), is your remediation efforts. Your company should remediate problems quickly. A key concept behind the oversight element of compliance is that if companies are policing themselves on compliance-related issues, the government won’t have to do it for them. Remediation, then, is an important component of oversight. If your company’s sales force in Thailand is engaged in potentially improper activity due to a lack of adequate training, remediate the deficiency and schedule that training now. In the end, it’s not enough to just gather information and identify compliance problems through monitoring and auditing. To fulfill this essential element of compliance, you also have to respond and fix the problems.

Stephen Martin and the Baker & McKenzie team have put together an excellent resource for the compliance practitioner in their five essential elements of a corporate compliance program. I hope that you can attend our FCPA event this week. For those of you who cannot attend in person, you can email me for the slide deck and other materials after the event.

© Thomas R. Fox, 2012

Leave a Comment

September 7, 2012

The Five Essential Elements of a Corporate Compliance Program-Part I

Filed under: Best Practices,Bribery Act,compliance programs,Ethical Leadership,FCPA,Federal Sentencing Guidelines,OECD,Risk Assessment,Stephen Martin,Tone at the Top — tfoxlaw @ 1:28 am
Tags: best practices, Bribery Act, compliance, compliance programs, Department of Justice, DOJ, FCPA, Risk Assessment

Next Tuesday morning, at the University Club of Chicago, Stephen Martin and I will co-present at a Foreign Corrupt Practices Act (FCPA) event hosted by Kreller. If you are in or near Chicago I hope that you can join us. The title of our presentation is “Anti-Corruption/FCPA Developments & Best Practices” and we will focus on a concept that Stephen and his partners at the law firm of Baker & McKenzie have developed which are five essential elements of a corporate compliance program. Over the next two posts, I will sketch out what Stephen and I will be presenting. In today’s post I will present the background to the development of the five essential elements and in Part II, I will go through the remaining elements.

First a word about Stephen Martin; for those of you who do not know Stephen Martin, he has a long and distinguished legal and compliance career. He was at the Department of Justice (DOJ) and then moved in-house, helping some of America’s largest companies to wade through major corporate scandals. He was most recently the General Counsel (GC) at Corpedia before heading into private practice at Baker & McKenzie. He has been around the (compliance) block more than once and I can assure you that he knows his FCPA compliance stuff. He is certainly one of the practitioners that I would go see to make a FCPA compliance presentation.

Why is it important to have such a compliance program? I will answer in two words, Morgan Stanley. The declination to prosecute, issued by the DOJ, provides the most recent and powerful evidence of the benefits of investing in compliance. Morgan Stanley’s pre-existing compliance program was highlighted in press releases and public comments as the biggest reason for the Government’s decision not to prosecute the bank. The decision not to prosecute was based on evidence of:

• Rigorous internal controls;

• Regular training and reminders on FCPA policy and compliance;

• Internal policies addressing the corruption risks associated with the giving of gifts, business entertainment, travel, lodging, meals, charitable contributions and employment, that were updated regularly to reflect regulatory developments and specific risks;

• Compliance program monitoring and auditing; and

• Extensive pre-retention due diligence on business partners and stringent controls on payments to business partners.

The five essential elements of a corporate compliance program are based upon the best practices as set out in the seven elements of a corporate compliance program under the US Sentencing Guidelines; the 13 Good Practices by the OECD on Internal Controls, Ethics, and Compliance; and the UK Bribery Act’s Six Principles of an Adequate Procedures compliance program. The following chart lists the elements of each.

While the above guidelines and statutes vary in length, tone and detail, depending on the jurisdiction and the enforcement agency, from this comparison Martin and his colleagues distilled five essential elements which they believe make up a best practices compliance program. They are as follows:

Leadership – color coded Red.
Risk Assessment – color coded Yellow.
Standards and Controls – color coded Blue.
Training and Communication – color coded Green.
Oversight – color coded Grey.

I. Leadership

The point means more than simply “Tone-at-the-top”. A successful compliance program must be built on a solid foundation of ethics that are fully and openly endorsed by senior management; otherwise the program may amount to little more than a hollow set of internal rules and regulations. There should be an unambiguous, visible and active commitment to compliance. But even more than support or the right tone, compliance standards require that companies must have high-ranking compliance officers with the authority and resources to manage the program on a day-to-day basis. And compliance officers must have the ear of those ultimately responsible for corporate conduct, including the board of directors.

Some of the questions you might think about in connection with the leadership of your compliance program are the following: How is board oversight implemented? Is there an ethics or audit committee reporting to the full board? What is the role of the Chief Compliance Officer? What is the role of the General Counsel? How do the legal and compliance departments interact? Does the CCO have “real power”? Is she or he treated as a second-class citizen?

Equally the Board of Directors has a key role to fulfill. The Board must ensure compliance policies, systems and procedures are in place and it should monitor implementation and effectiveness of the compliance program:

Be actively involved
Attend Board meetings
Review, consider and evaluate information provided
Inquire further when presented with questionable circumstances or potential issues
Once Board knows of a potential compliance issue it must act.
Regularly receive compliance briefings and training.

I think everyone agrees and understands that the Chief Compliance Officer (CCO) is a key, if not the key, role in a company’s compliance program. Some of the important indicia of a CCO are that they are high ranking within the company and are dedicated to compliance and responsible for day-to-day management and oversight of compliance program. The position should have direct access to the Board or appropriate Board committee and the Compliance Department should be provided sufficient resources to achieve its goals.

In addition to the role of the CCO, there should be compliance officers in high-risk markets who regularly communicate with managers in the field because country and/or regional managers are often the employees in the trenches who are responsible for overseeing sales people and third-party agents who are producing, selling and distributing the company’s products and services. Lastly, local managers are often in the best position to set the tone for compliance and to detect and address illegal or unethical practices before they become issues that put the company at risk.

II. Risk Assessment

The implementation of an effective compliance program is more than simply following a set of accounting rules or providing effective training. Compliance issues can touch many areas of your business and you need to know not only what your highest risks are but where to marshal your efforts in moving forward. A risk assessment is designed to provide a big picture of your overall compliance obligations and then identify areas of high risk so that you can prioritize your resources to tackle these high risk areas first.

What are some of the areas where you need to assess your risks? As set out in the DPA’s of Tyson Foods, Alcatel-Lucent and Maxwell Technologies the following are suggested:

Country Risk – What is the correlation between growth markets and corruption risk and what is the perceived level of corruption? In other words, the Transparency International Corruption Perceptions Index or similar list.
Sector Risk – Has government publicly stated industry is under scrutiny or already conducted investigations in sector? Are there corruption risks particular to the industry?
Business Opportunity Risk – Is the business opportunity a high value project for your company? Are there multiple contractors or intermediaries involved in the bidding or contract execution phase?
Business Partnership Risk – Does this business opportunity require a foreign government relationship? Does a foreign government require you to rely upon any third parties?
Transaction Risk – Will your company be required to make any “compelled giving” through any requirements for political or charitable contributions? Are you required to use any intermediaries to obtain licenses and permits?

In addition to an initial risk assessment to either (1) inform your compliance program or (2) help you to identify high risks and prioritize their remediation, risk assessments should be a regular, systemic part of compliance efforts rather than an occasional, ad hoc exercise cobbled together when convenient or after a crisis. These should be conducted at the same time every year and deputize a consistent group, such as your internal audit department or enterprise risk management team, to conduct the annual review. Such annual risk assessments act as a strong preventive measure if they are performed before something goes wrong. In addition, enforcement trends and government priorities change rapidly so it is vital to stay up to date and conduct regular assessments. Lastly, it avoids a “wait and see” approach.

Risk assessments should also be used to scrutinize new business partners and third-party agents. The majority of FCPA/anti-corruption investigations and enforcement actions involve some use of third parties, including consultants, distributors, contractors and sales agents. By conducting a formal risk assessment each year it provides an opportunity to take a closer look at recently-established business relationships to make sure partners and third parties do not have improper connections to government officials or some involvement in unethical or illegal conduct. Additionally conducting such a risk assessment allows your company to proactively address and remediate any risks that are uncovered.

Stephen Martin and the Baker & McKenzie team have put together an excellent resource for the compliance practitioner in their five essential elements of a corporate compliance program. I hope that you can attend our FCPA event next week. For those of you who cannot attend in person, you can email me for the slide deck and other materials after the event.

Comments (1)

January 6, 2012

The End is Nigh for Facilitation Payments – Get Ahead of the Breeze

Filed under: Bribery Act,compliance programs,Facilitation Payments,FCPA,Jon Jordan,OECD,SEC,Transparency International — tfoxlaw @ 1:31 am
Tags: compliance programs, FCPA, Foreign Corrupt Practices Act, SEC

Last summer, an article was published in the University of Pennsylvania, Journal of Business Law, entitled “The OECD’s Call for an End to the ‘Corrosive’ Facilitation Payments and the International Focus on the Facilitation Payments Exception under the Foreign Corrupt Practices Act”. It was authored by Jon Jordan, Senior Investigations Counsel, in the Foreign Corrupt Practices Act (FCPA) Unit of the Securities and Exchange Commission (SEC). In this article, Jordan reviews, at length, the creation of the facilitation payment exception to the FCPA and the international criticism of the US position by the Organization of Economic Co-operation and Development (OECD), Transparency International, the World Economic Forum and TRACE International. The article also contains a discussion of the hidden costs to US companies which still allow facilitation payments under their company compliance regimes. I found this article to be an excellent review of the issue of facilitation payments and a useful guide to the compliance practitioner on how to navigate this knotty problem.

Costs of Facilitation Payments

1. The Bull’s Eye

Jordan notes that the cost of making facilitation payments is often higher than simply the (purportedly) small dollar amount. He believes that once a company starts down the road of making such payments, it may well lead “to higher costs imposed on those companies that choose to engage in that type of activity.” He quotes Alexandra Wrage, President of TRACE International, that having a corporate policy of allowing facilitation payments is like “putting a bull’s eye on your company’s forehead” as the payment of facilitation payments sets “a permissive tone, which leads to more and greater demands.”

2. Books and Records Issues

A second reason detailed by Jordan is the hidden intra-corporate transaction costs in making facilitation payments. There are a “complex matrix of domestic and foreign anti-bribery laws that companies must navigate when making facilitation payments, and steering through that matrix can be a compliance nightmare and a costly legal undertaking.” The clearest example of this situation is the UK Bribery Act, which has no exception for facilitation payments. If your company has a UK subsidiary, or any employees who are UK citizens, you must carve out an exclusion for them from your facilitation payment exception under your FCPA compliance policy. Got that? So not only must you have an entire carve out in your compliance protocols, your internal accounting system, which is required under the FCPA to record internal controls, you must also make sure that no UK citizen or person otherwise under the jurisdiction of the UK Bribery Act, makes such a claim for reimbursement under your company policy.

3. Customers

The same is true for large UK based multi-national companies with which your company might transact business. The most obvious example in the energy arena is BP, which not only bans facilitation payments, but requires that any company which provides services for them ban facilitation payments made while doing work for or performing services on BP’s behalf. So think through how you would train your employees on how to properly make and record facilitation payments under your FCPA compliance policy with the HUGE EXCEPTION of when they might be performing some work under the 5 year Master Services Agreement with BP. It’s an administrative nightmare.

Is it Legal to Bribe?

Jordan also brings up the issue that there is not any country in which facilitation payments to public officials of that country are permitted under the written law of the recipient’s country. Accordingly, even if a particular facilitation payment qualifies for an exception of the FCPA, it, nevertheless, is likely to constitute a violation of local law – as well as under anti-bribery laws of other countries that also might apply simultaneously – and thus exposes the payer, his employer and/or related parties to prosecution in one or more jurisdictions. While enforcement to date in this area has been limited increased global attention to corruption makes future action more likely. Countries that are eager to be seen as combating corruption are prosecuting the payment of small bribes with greater frequency. Remember the hellish example of UK citizen Bill Smith, who was sentenced to two years imprisonment in an Afghanistan prison for making a ‘facilitation payment’ to get his company’s vehicles out of a Kabul impoundment lot. Apparently, even Afghanistan will fight the corruption of its own government officials, particularly if the fight involves a foreigner.

You Don’t Need a Weatherman

Jordan concludes by stating, “The facilitation payments exception has become a dinosaur remnant of a bygone era…” He advises US companies to get ahead of this issue and ban such payments in their company compliance programs now. This is sound advice. I would, however, add one additional reason for such advice, which is foretold in the intro paragraph to this article.

Who does the author work for and where does he work? Let’s recap: The SEC in the FCPA Unit. The article clearly states, “The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement of its employees…and do not necessarily reflect the views of the Commission…” Did I mention who the author works for and where he works? You don’t need a weatherman to know which way the wind blows and the direction of that breeze you feel at your back about now is clearly running against allowing the facilitation payments to continue.

Comments (1)

August 1, 2011

The FCPA Compliance Audit: A Market Approach to Moving the Bar Forward

Filed under: Adequate Procedures,Audit,Bribery Act,compliance programs,FCPA,OECD,Sentencing Guidelines,This Week in the FCPA — tfoxlaw @ 11:16 am
Tags: compliance programs, Department of Justice, FCPA, Howard Sklar

The issue of audit rights in compliance terms and conditions is one that leads to debates both pro and con. My This Week in FCPA colleague Howard Sklar and I have sparred on this issue. Usually the debates centers around the threshold question of if you have the rights must you audit the contractual counter-party which has agreed to allow itself to be audited. I argue that if you have audit rights that you must, at least selectively use them. However, if you do not ever use these audit rights, it may put you in a worse position than if you did not have the rights. The next argument is usually along the lines that the counter-party will never allow your company to audit them. The third argument is that auditing takes too much time and is too costly.

In my discussions with Howard I usually respond that it is always better to have audit rights. The concept of the compliance audit of counter-parties is in the US Sentencing Guidelines for organizations accused of violating the Foreign Corrupt Practices Act (FCPA); the Department of Justice’s (DOJ) best practices for effective compliance programs which have been released with each Deferred Prosecution Agreement (DPA) over the past year; the UK Bribery Act’s Six Principles of Adequate Procedures; and the OECD Good Practices. The reason all of these guidelines incorporate it into their respective practices is that it is one of the key tools to utilize in managing any business relationship from the compliance perspective going forward.

In response to the second argument, I think the answer is more straight-forward. Under any reputable commercial contract, the party paying the money ALWAYS has the right to audit the company which receives the money. While this audit is typically limited to auditing invoices, backup documentation and other evidence of services provided or product delivered, it is nevertheless a standard clause that almost every company has seen in a contract. I believe that good communication with a counter-party, to explain the genesis of the compliance audit and why it has become a best practice, is an important part of the ongoing dialogue between the parties, both before, during and after contract negotiations.

I believe that the response to the third objection is also straight-forward. I previously wrote about the Apple 2011 Supplier Responsibility Report. Apple looked at a variety of issues that affect its business relationships with its suppliers, these areas included training, protecting of workers, use of underage labor and social responsibility. One of the areas that Apple audited and reported about was compliance. I believe the Apple example shows that companies can successfully audit their suppliers, channel ops partners and any others in their sales or distribution chains. I understand that people will respond that this is Apple, one of the biggest and most visible US companies around. However, my point is that Apple is a concrete example of a successful and transparent compliance audit.

While not in the compliance area, I recently read about two US companies, Proctor & Gamble and Kaiser Permanente, who grade their suppliers on their environmental practices. In an article in the November 2010 issue of FastCompany, author Damian Joseph quotes Dean Edwards, VP and chief procurement officer at Kaiser Permanente, “We’re sending a message to vendors loud and clear…Green up your act today, lest you lose a huge client tomorrow.” Author Joseph posed the question to Jeff Erikson, an expert in supply chain management as “How do you control distant suppliers and enforce new standards?” Erikson answered, “There are no easy answers but asking the question is a positive change in behavior.”

I think that the final two quotes encapsulate the strongest reasons for the compliance audit. Nothing changes company or business behavior like market based factors. The (FCPA can and does change behavior to move companies and countries toward the rule of law. That is certainly an advantage of the Act and something that should be considered when amendments to the FCPA are bandied about under the claim that the FCPA costs US company’s jobs.

=============================================================================================

Episode 14 of This Week in FCPA is upheld. Howard Sklar and I discuss several issues including:

Business Roundtable in DC
Diageo
Lindsey allegations of prosecutorial misconduct
Carson jury instructions
National Strategy to Combat Transnational Organized Crime
Niger now has a “High Commission”
Diebold has no news, but we report on it anyway
Travel Act gets challenged, nobody notices
RBS gets hit for AML, without actually violating anything

Comments (1)

July 27, 2011

Will No One Rid Me of this Meddlesome Priest?

Filed under: Adequate Procedures,Bribery Act,compliance programs,Deferred Prosecution Agreement,FCPA,OECD,Sentencing Guidelines — tfoxlaw @ 6:46 am
Tags: Bribery Act, DOJ, FCPA, OECD, Sentencing Guidelines

Tone at the Top has become a phrase inculcated in the compliance world. The reason it is so important to any compliance program is because it does actually matter. Any compliance program starts at the top and flows down throughout the company. The concept of appropriate tone at the top is in the US Sentencing Guidelines for organizations accused of violating the Foreign Corrupt Practices Act (FCPA); the Department of Justice’s (DOJ) best practices for effective compliance programs which have been released with each Deferred Prosecution Agreement (DPA) over the past year; the UK Bribery Act’s Six Principles of Adequate Procedures; and the OECD Good Practices. The reason all of these guidelines incorporate it into their respective practices is that all employees look to the top of the company to see what is important. Or to quote my colleague Mike Volkov, who quoted Bob Dylan, in opining “You don’t need to be a weatherman to know which way the wind blows”.

The US Sentencing Guidelines reads:

The OECD Good Practices reads:

strong, explicit and visible support and commitment from senior management to the company’s internal controls, ethics and compliance programs or measures for preventing and detecting foreign bribery;

The UK Bribery Act Guidance for the Six Principles of Adequate Procedures reads:

Attachment C, to each DPA released in the past year, has the following

2. [The Company] will ensure that its senior management provides strong, explicit, and visible support and commitment to its corporate policy against violations of the anti-corruption laws and its compliance code.

The Foreign Corrupt Practices Act (FCPA) world is riddled with cases where the abject failure of any ethical “Tone at the Top” led to enforcement actions and large monetary settlements. In the two largest monetary settlements of enforcement actions to date, Siemens and Halliburton, for the actions of its former subsidiary KBR, the government specifically noted the companies’ pervasive tolerance for bribery. In the Siemens case, for example, the Securities and Exchange Commission (SEC) noted that the company’s culture “had long been at odds with the FCPA” and was one in which bribery “was tolerated and even rewarded at the highest levels”. Likewise, in the KBR case, the government noted that “tolerance of the offense by substantial authority personnel was pervasive” throughout the organization.

In addition to the two cases set out above, in a 2003 report, the Commission on Public Trust and Private Enterprise cited a KPMG survey covering selected US industries; found that 37 percent of employees had, in the previous year, observed misconduct that they believed could result in a significant loss of public trust if it were to become known. This same KPMG survey found that employees reported a variety of types of misconduct and that the employees believed this misconduct is caused most often by factors such as indifference and cynicism; pressure to meet schedules; pressure to hit unrealistic earnings goals; a desire to succeed or advance careers; and a lack of knowledge of standards.

So how can a company overcome these employee attitudes and replace the types of corporate cultures which apparently pervaded at News Corp and re-set its “Tone at the Top”? In a 2008 speech to the State Bar of Texas Annual Meeting, reprinted in Ethisphere, Larry Thompson, PepsiCo Senior Vice President of Governmental Affairs, General Counsel and Secretary, discussed the work of Professor Lynn Sharp at Harvard. From Professor Sharp’s writings, Mr. Thompson cited five factors which are critical in establishing an effective integrity program and to set the right “Tone at the Top”.

The guiding values of a company must make sense and be clearly communicated.
The company’s leader must be personally committed and willing to take action on the values.
A company’s systems and structures must support its guiding principles.
A company’s values must be integrated into normal channels of management decision making and reflected in the company’s critical decisions.
Managers must be empowered to make ethically sound decisions on a day-to-day basis.

So whether with malicious intent or simply said out of frustration, when Henry II uttered the words which are the title of today’s posting, it set the tone for the four knights which overheard him. They set off and murdered Thomas Becket. Perhaps less starkly into today’s world, if the tone from the top is that you must meet you quarterly numbers or the company will find someone else to do the job; that is the message that will come across to company employees. But whether you are the King of England, the CEO of a Fortune 500 company or simply in a leadership position in your company; the tone does matter.

=======================================================

Episode 13 of This Week in FCPA is up. Check out Howard Sklar and myself on this week’s topics.

Leave a Comment

FCPA Compliance and Ethics Blog

July 13, 2015

Great Structures Week I: Vitruvius, the Brooklyn Bridge and Compliance

July 6, 2015

The All-Star Game and Tone at the Top

December 10, 2014

The Nobel Prize and FCPA Enforcement Going Forward

June 3, 2013

Competitive “(dis)advantage” and extraterritoriality of anti-bribery laws

September 12, 2012

What’s Going On? Some Questions Regarding UK Regarding Anti-Bribery Enforcement

September 9, 2012

The Five Essential Elements of a Corporate Compliance Program – Part II

September 7, 2012

The Five Essential Elements of a Corporate Compliance Program-Part I

January 6, 2012

The End is Nigh for Facilitation Payments – Get Ahead of the Breeze

August 1, 2011

The FCPA Compliance Audit: A Market Approach to Moving the Bar Forward

July 27, 2011

Will No One Rid Me of this Meddlesome Priest?

January

Blogroll

Pages

Admin

Read by Email

Recent Posts from FCPA Compliance and Ethics Report: FCPA Compliance and Ethics Report

Episode 240-Bill Coffin on Compliance Week 2016

Episode 239-Jonathan Armstong On EU Privacy Shield

Episode 238-John Allen on HR Touch Points in Compliance

Episode 237-Steve McCalmont on the Avior Risk Management Platform

Episode 236-Adam Turteltaub and SCCE CCO Survey