The FCPA Compliance and Ethics Report

If you have not done so, I hope that you might go over to my podcast site, the FCPA Compliance and Ethics Report,  to check out some of my recent podcasts. The episodes are between 20-30 minutes long and they are available for download on iTunes so you can listen to them on your commute to work or when working out at the gym.

Internal Controls

I have begun a series on internal controls in a best practices FCPA compliance program with noted internal controls expert Henry Mixon. In Parts I & II, Mixon and I discuss the basics of what are internal controls. These podcasts supplement some of my recent blogs on internal controls.

Episode 85-What Are Internal Controls, Part I

Episode 87-What Are Internal Controls, Part II

HR and Compliance

One of the best allies for the compliance function in any company is the Human Resources department. I explore how HR can assist compliance in a myriad of components of any best practices compliance program.

Episode 86-Use of HR in a Compliance Program

Continuous Improvement of a Compliance Program

In the FCPA Guidance and in almost every speech I have heard by a Department of Justice official, they talk about how your compliance program should evolve to meet new compliance risks, changes in best practices, geographic markets where your company does business and new product/service offerings. You can do this by continuous improvement of your compliance program.

Episode 84-Continuous Improvement of Your Compliance Program

The Compliance EcoSystem

Jon Rydberg is the Founder and CEO of Orchid Advisors. He is also the former CCO of Smith & Wesson and was at the company when it navigated it way through a FCPA investigation and enforcement proceeding. From these experiences, Rydberg has developed a holistic approach to compliance which he has trademarked as the “Compliance EcoSystem”. I explore his ideas on an fully integrated approach to compliance

Episode 83-Interview with Jon Rydberg

Use of Interviews in Your Compliance Program

Brian Ching is the most famous player in the history of the Houston Dynamos soccer club. Ching recently retired and moved into the front office as the General Manager of the Houston Dash, the Houston professional women’s soccer club. I interviewed Ching on his transition to management and how the Dash use the face-to-face interview process to not only assess the non-soccer skills that the team requires of its players but also to communicate the team’s expectations. There are some very significant insights about how a company can communicate its expectations regarding ethical business practices.

Episode 79-Interview with Brian Ching

The FCPA Professor

Finally and last but certainly not least, I bring back the FCPA Professor for a two-part podcast on his new book The Foreign Corrupt Practices Act In a New Era.

Episode 80, Interview with the FCPA Professor, Part I

Episode 81-Interview with the FCPA Professor, Part II

A good weekend to all.

The Berlin Airlift and Different Approaches to Compliance Issues

As the USA played Germany in the World Cup yesterday, it is perhaps appropriate that we look back at another June 26^th event that involved the US as we celebrate one of the great relief efforts in post-war Europe and the Cold War, the Berlin Airlift. On June 26, 1948, US and British pilots begin delivering food and supplies by airplane to Berlin after the city is isolated by a Soviet Union blockade. Though some in President Truman’s administration called for a direct military response to this aggressive Soviet move, the President was concerned that such a response would trigger another world war. As an alternative, he coordinated a massive airlift operation under the control of General Lucius D. Clay, the American-appointed military governor of Germany. The first planes took off from England and western Germany on June 26, loaded with food, clothing, water, medicine and fuel. By July 15, an average of 2,500 tons of supplies was being flown into the city every day. The massive scale of the airlift made it a huge logistical challenge and at times a great risk, with planes landing at Tempelhof Airport every four minutes, round the clock for the next 15 months. This broke the Soviet blockade.

I thought about this alternative approach that Truman employed, a supply line rather than a military response, when I read MIT Sloan Management Review article, entitled “What Businesses Can Learn From Sports Analytics”, by Thomas H. Davenport. In his article, Davenport explored how “the use of analytics in the sports world has much to teach managers about alignment, performance improvement and business ecosystems.”

For his article, Davenport “interviewed more than 30 representatives of teams, sports analytics vendors and consultants for a report on the state of the art in sports analytics,” in which he “focused on three different areas of activity, each of which is growing rapidly. In order of decreasing prevalence, they are: team and player performance analytics, sports business analytics, and health and injury prevention analytics.” From this research, he developed five key lessons that almost any business could adopt. However I thought about his points in the context of compliance ecosystems rather than business ecosystems so I will use his article as a starting point to consider what compliance can learn from sports analytics.

1. Align leadership at multiple levels 

Davenport believes “In sports, key decisions — which players to acquire, how much to pay them, and which strategies to adopt for better athletic and business performance — must be made and overseen at multiple levels. As a result, alignment along different management levels is crucial.” Based on his research I believe the message for Chief Compliance Officers (CCOs), compliance practitioners and analytical practitioners is to work together closely and consult frequently.

2. Focus on the human dimension 

Davenport’s key finding about sports teams is that they realize that their players are both their most important and expensive resources and that sports teams focus on the human dimension of performance in a variety of ways. “First, they address individual-level game performance by monitoring points scored, rebounds gathered, batting averages and other increasingly sophisticated measures of both offensive and defensive performance… Second, teams are beginning to assess not just individual performance, but performance in context.” They will also assess a team’s performance “with and without a combination of players.”

However, if companies say they focus on their employees as their most valuable resource, they typically only focus their analytics on “operational or marketing issues and not on the human dimension of performance.” The key insight here is for compliance to focus on more of a team aspect by investigating a group’s compliance performance “with or without a particular person’s presence could be a valuable insight.” This could be expanded to reviewing wider sales teams in a region, country or product/service line.

3. Exploit video and locational data 

In Major League Soccer (MLS), players wear a GPS-based locational device that captures all movements around the field. In the NBA, six cameras in the ceiling of each arena capture all movements of the players and ball. All Major League Baseball (MLB) stadiums have cameras that track every pitch, and many teams also track every hit and fielding play with video cameras. This allows a more complete view of the raw numbers that metrics generates.

While it may not seem readily apparent, this type of approach can also benefit the compliance function. The key is that it looks at raw numbers in a different way. So transaction monitoring could be pared with relationship monitoring or other indicia. Also travel and communications could be considered to show what might be happening in locations that are not readily apparent. The key takeaway is that there is more information available by obtaining more types of data.

4. Work within a broader ecosystem

Davenport found that “Professional sports teams are relatively small businesses, with much of their revenue going toward player salaries, leaving just nominal funds for any data and analytics projects. As a result, teams often need to work within a broader ecosystem of data, software and services providers.” Based on this he believes that a “key in these partnerships is to draw as much as possible from the partner while maintaining key internal capabilities.”

For the compliance professional, you should try to develop relations with key vendors because there are just too many different techniques, types of data and other aspects of analytics to exploit, and even the largest corporation can’t excel on its own. The GRC Pundit, Michael Rasmussen has observed that in GRC there is more than one technology. The same holds true in the compliance space. Jon Rydberg, founder of the Orchid Advisors, has called this the “Compliance Ecosystem Transformation” which he defines as “The coordinated development of compliance activities that transcend your entire supply chain, from suppliers – to manufacturers – to distributors – to retailers.”

5. Support “analytical amateurs”

Finally, Davenport found that “Some professional athletes have begun to analyze their own performance in depth using public or team data and reports. Specifically, a number of soccer and football players have become assiduous reviewers of their video and GPS data, although the most frequent users have been professional baseball players, particularly pitchers.”

For the compliance professional, this translates that they could also benefit from becoming such ‘analytical amateurs”. Moreover, they could work with business unit personnel to could keep track of their own scores on compliance measures and use that information to improve their performance. Analytics-minded salespeople and managers could, for example, use the extensive data from compliance management management systems to assess and improve their performance.

I found Davenport’s article to be quite thought provoking. For just as President Truman was able to come up with a different approach for a situation that could have led to World War III or at the very least a completely communist dominated unified Berlin, there are different ways to look at problems and find solutions. Using the analytical approach that has become so prevalent in the sports world may lead you to new and different thinking in the compliance arena.This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Interview with Jon Rydberg

Ed. Note-today I continue with my series of interviews with thought leaders in the compliance arena. Today, I post an interview of Jon Rydberg, CEO and Founder of Orchid Advisors.

Where did you grow up and what were your interests as a youngster?

I spent the majority of my life in Connecticut but lived in the Los Angeles area for approximately nine years. My wife and I moved back to the east coast in 2009 to be with family. Growing up the son of two teachers and a two-time valedictorian meant my childhood was destined to be focused on academics, leaving little time for other interests such as golf and soccer. My true childhood passion was entrepreneurship, only I didn’t know it at the time. My parents would say that I was good at generating ideas, starting a project and then losing focus only to do it all over again with another new idea. I guess you could classify my childhood to resemble that of a early-stage venture capitalist.

Where did you go to college and what experiences there led to your current profession?

My father was a teacher at the local high school. So, naturally that meant I had to attend the local preparatory school, Avon Old Farms. It was an incredible experience being surrounded by the best and brightest of student athletes and tenured professors. After high school, I received a BS in Mechanical Engineering and an MBA in Corporate Finance from Bucknell and Rensselaer, respectively. And, I was only a few classes short of a Masters in Accounting before my career escalated and my free time for academic interests became hard to come by

How did my current career spawn from that? It likely began with my first job, designing packaging for explosive devices in accordance with DOT regulations. Shortly after I was managing R&D efforts for tactical weaponry that were destined for Aerospace & Defense giants such as Lockheed, Boeing and United Technologies. In the early 2000s I led the A&D industry segment a global audit and consulting firm Protiviti and had a similar client service role for Ernst & Young. Almost every product I’ve touched since day one has been subject to a federal or state regulation. Today, I am the CEO of a national consulting practice focused on Transforming the Compliance Ecosystem^TM.

You have worked both in Big 4 accounting firms and in corporations. What lessons did you learn from these different types of employment experiences?

#1 – The concepts of compliance, internal control and internal audit are too often misunderstood, including amongst top executives. Unfortunately, the concepts are thought of us impediments, not enablers, of high-end business performance or beneficial elements of the corporate governance structure – until it is too late. The Orchid team offers an open invitation to any person or firm that wishes to partner on our initiative to enhance the perceived value of these functional areas.

#2 – Achieving compliance, comfortably, means establishing it as an equal business metric to quality, safety and financial performance. Human nature will drive people to focus on incentivized areas, obviously. So, concepts like a ‘balanced scorecard’ add value to ensuring the long-term viability of the organization and protects owner interests.

#3 – Don’t be afraid of recognizing when help is needed, no one knows everything. Take the opportunity to learn from those who’ve seen both the good and the bad elsewhere.

You have worked with a variety of US governmental agencies. Are there any general guidelines that you can give the compliance practitioner to who might be presenting to or working with a government agency for the first time?

Yes, I think it can be summed up with my favorite phrase – there is a big difference between being compliance and having a compliance program. The point is, Federal and State agencies have a job to do in both establishing new legislation and then regulating it. The role of a regulator isn’t loved but there’s not much we can do about it. A best practice approach is to build trust, be honest and transparent and recognize that continuous improvement begins with a self assessment and ends with a written compliance plan.

What led you to found Orchid Advisors and how do you hope to change the Compliance Ecosystem^TM?

I had worked with a number of high-profile attorney’s on various compliance projects who knew the law inside and out but who had little practical implementation experience. It was clear to me that someone, or some firm, had to be created to bridge the gap between those who could recite the regulations chapter and verse and those who make and ship widgets on a daily basis. Orchid Advisors was launched to ‘operationalize’ compliance with a proprietary methodology called the Compliance Ecosystem^TM.

The Compliance Ecosystem^TM takes the concept of compliance (as a department or impediment to execution) to a whole new level. Much like the Japanese approach to manufacturing processes and total quality development, the Compliance Ecosystem embeds compliance control into: (1) Business strategy; (2) Corporate culture; (3) Process and technology; and (4) Continuous improvement. Furthermore, it emphasizes the importance of managing compliance not only within the four walls of your business, but also at your suppliers, distributors and other supply chain partners.

And, the beauty of our methodology is that it applies to every industry, any company size or structure and any regulation. That being said, our initial focus includes: Anti-bribery (FCPA, UK Bribery, etc.); ATF firearms compliance; ITAR compliance; Import / Export compliance and Sarbanes-Oxley compliance.

You recently released the book “Anti-Bribery Leadership”, authored with myself. Who do you think should read this book and why?

Our book is unique. As Matt Kelly, Editor of Compliance Week stated, “it isn’t Shakespeare and it’s not intended to be.” This guide is specifically designed to be short and laser focused for high-level corporate executives, board members and corporate attorneys. In 60 pages we’ve provided:

• A list of questions that those executives should be asking their own organizations;
• A compliance methodology accepted by the Federal Government;
• Examples of high-risk areas drawn from our own Department of Justice and Securities and Exchange Commission investigations; and
• Tools to govern the ongoing operations of the business.

Anti-Bribery Leadership: Practical FCPA and U.K Bribery Act Compliance Concepts for the Corporate Board Member, C-Suite Executive and General Counsel is available in both bound and eBook versions. You can purchase a bound copy by clicking here and an eBook version on Kindle by clicking here. The eBook version is currently a Top Ten best-seller.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

New Book Available on Anti-Bribery Leadership

I am pleased to announce the release of a new book entitled, “Anti-Bribery Leadership” which I have authored with Jon Rydberg, the CEO of Orchid Advisors. In this book, Jon and I provide practical lessons pertaining to the FCPA, U.K. Bribery Act and broader Anti-Corruption / Anti-Bribery standards for Board Members, Chief Executive Officers, General Counsel and other corporate executives who seek to lower their enterprise risk profile by learning simple strategies from tested compliance veterans.

I am certain that you will find it useful to reinforce the our belief that compliance – both in general and as it pertains to the anti-corruption/anti-compliance – should be viewed, like quality and safety, as an equal business metric. Although compliance should not be designed to impede efficient business operations, it should be part of the decision-making process. In fact, best-in-class compliance programs are enablers of planned and measured risk-taking. This book is a handy guide on how to make such compliance programs work for you and your company.

You can order a hard bound copy through Amazon.com by clicking here or an eBook version for Kindle by clicking here.

From China to Poland and Brazil-The Lilly FCPA Enforcement Action- Part II

In Parts II and III of my review of the Eli Lilly and Company (Lilly) Foreign Corrupt Practices Act (FCPA) enforcement action brought by the Securities and Exchange Commission (SEC), I will discuss some the processes and procedures which you can use in your Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance program which should enable you to prevent or detect FPCA violations, similar to those Lilly sustained, as discussed in Part I of these blog posts on the Lilly enforcement action. Today, in Part II, I will discuss the FCPA issues that Lilly faced in China, Brazil and Poland.

As it is a New Year, I would like to start out with listing Paul McNulty’s Three Maxims regarding the effectiveness of a FCPA compliance program. I have been privileged to hear Paul speak many times for several years. These Maxims were the questions he posed to companies when he was in his role as the United States Deputy Attorney General. First, what did you do to prevent it? Second, what did you do to detect it? Third, what did you do to remedy it?

With the McNulty Maxims in mind, Lilly got into FCPA hot water for using four different styles of bribery schemes in four separate countries. In China, the corruption involved employees and bribery payments which were falsely labeled as reimbursement of expenses. In Brazil, the corruption involved a distributor which received a larger than normal discount for Lilly products. The additional revenues generated from this discount were used to pay a bribe. In Poland, the corruption involved charitable donations which were falsely labeled in Lilly’s books and records. These charitable donations were used to induce a Polish government official to approve the purchase of Lilly products; and, finally, Lilly’s subsidiary in Russia, paid bribes to Offshore Agents who were domiciled outside Russia and who performed no services for the compensation they received.

I.                   China

According to the SEC Complaint, in China the FCPA violations centered around various sales representatives who submitted false expense reports to cover bribes which were paid or their supervisors who instructed them to do so. The SEC Complaint noted that although the dollar amounts for the gifts provided to Chinese officials “generally small, the improper payments were wide-spread throughout the [Chinese] subsidiary.” To prevent such actions, a company must train its employees about the requirements of the FCPA, or any other relevant anti-corruption law, regarding what is and is not allowed under such laws. A company must then follow up to monitor and audit such activities. In a sales model which is employee based, internal audit must review the expense reports of its sales representatives as they represent the highest risk of corruption.

II.                Brazil

In Brazil, Lilly used the distributor model to market its drugs through third-party distributors who then resold these products to public and private entities. As noted by Matt Ellis, in his post entitled “Eli Lilly’s Distributor in Brazil: The Non-Obvious FCPA Risk”, the discounts that distributors typically receive from manufacturers such as Lilly can be problematic under the FCPA because “enforcement officials can see these discounts as potential “loose money” that can be used for bribe payments. This is especially the case when the distributor is engaging in other activities on behalf of the producer, like marketing, licensing, and customs clearance.” This was the situation that Lilly found itself in as the standard range of discounts given to distributors was “between 6.5% and 15%, with the majority of distributors in Brazil receiving a 10% discount” but in early 2007, at the request of a Lilly sales manager, the company awarded an unusually high discount of between 17% and 19% to a distributor for the sale of a Lilly drug to the government of one of the states of Brazil. The distributor used approximately 6% of this additional discount to create a fund to pay Brazilian government representatives to purchase the Lilly drugs from him.

a.      Prevent

In the area of prevent, the SEC Complaint noted the following “Lilly-Brazil’s pricing committee approved the discounts without further inquiry. The policies and procedures in place to flag unusual distributor discounts were deficient.” Lastly, as stated by Ellis, “It noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.” Indeed Kara Brockmeyer, the SEC’s chief FCPA enforcer, stated in the SEC Press Release announcing the matter:

Eli Lilly and its subsidiaries possessed a “check the box” mentality when it came to third-party due diligence. Companies can’t simply rely on paper-thin assurances by employees, distributors, or customers. They need to look at the surrounding circumstances of any payment to adequately assess whether it could wind up in a government official’s pocket.

All of this means that if a discount is outside the normal range typically given to a distributor, a red flag is raised as to why the increased discount was allowed. Simply basing a management decision on the representations of a sales manager is not a sufficient mechanism to clear such a red flag.

b.         Detect

From the detect prong, internal audit needs to follow up with ongoing monitoring and auditing. Internal audit can be used to help determine the reasonableness of a commission rate outside the accepted corporate norm. Further, as noted by Jon Rydberg, of Orchid Advisors, in an article entitled “Eli Lilly’s Remedial Efforts for FCPA Compliance – After the Fact”, the company should be “implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption” for the distributor sales model.

III.             Poland

Here Lilly used charitable donations to a charitable foundation which was, as stated in the SEC Complaint, “founded and administered by the head of one of the regional government health authorities at the same time that the subsidiary was seeking the official’s support for placing Lilly drugs on the government reimbursement list.” There were a total of eight payments made to the charitable foundation. In addition to the charitable donations made, Lilly “falsely characterized the proposed payments”. Lilly had a group which reviewed the request for such donations called the “Medical Grant Committee [MGC]” which approved the payments “largely based on the justification and description in the submitted paperwork.”

a.      Prevent

From the prevent prong, it is clear that if the MGC had adequately reviewed the donation request, it would have determined that the charitable foundation was administered by the same person making the decision over the sale of Lilly products. Indeed, the largest request was made just two days after the government decision maker authorized a large purchase of Lilly products. The SEC Complaint also noted that of there were different corporate justifications for the eight requests for the charitable donations made. So, as noted by Rydberg, there was a failure of corporate governance and financial controls. In its FCPA Guidance, the Department of Justice (DOJ) lists five questions which a company should ask when considering a charitable donation. They are: (1) What is the purpose of the payment? (2) Is the payment consistent with the company’s internal guidelines on charitable giving? (3) Is the payment at the request of a foreign official? (4) Is a foreign official associated with the charity and, if so, can the foreign official make decisions regarding your business in that country? (5) Is the payment conditioned upon receiving business or other benefits?

b.      Detect

From the detect prong, there are several things which can be incorporated into a FCPA compliance program regarding charitable donations. The DOJ has issued several Opinion Releases on charitable donations and based on Opinion Release 10-02, some of the protections a company can do to comply with the FCPA regarding charitable donations are as follows:

1)      Certifications by the recipient that it will comply with the requirements of the FCPA;

2)       Due diligence to confirm that none of the recipient’s officers or directors are affiliated with the foreign government at issue;

3)      A requirement that the recipient provide audited financial statements;

4)      A written agreement with the recipient restricting the use of funds to humanitarian or charitable purposes only;

5)      Steps to ensure that the funds were transferred to a valid bank account;

6)      Confirmation that contemplated activities had occurred before funds were disbursed; and

7)      Ongoing auditing and monitoring of the efficacy of the program.

These protections allow an audit trail which can be monitored or audited by the company’s audit team.

Tomorrow I will take a look at Lilly’s FCPA violations in Russia and use that information to set forth some minimum best practices which you can use in your compliance program to help you both prevent, detect and then FCPA compliance violations.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013