FCPA Compliance and Ethics Blog

March 6, 2015

GHBER and Local Ethics and Compliance Organizations

GHBERLogoDoes your locality have an ethics and compliance group that provides a level playing field for companies and organizations to discuss problems and share best practices? If you do not, it may be something that you wish to consider. Here in Houston, through foresight and perseverance, we have such an organization. It is known locally as GHBER, which stands for the Greater Houston Business and Ethics Roundtable. It is a voluntary professional organization dedicated to promoting ethical business practices and serving as a forum for the exchange of information and strategies regarding implementation, administration and compliance of ethical business conduct programs. GHBER was founded in 1996 at the University of Houston’s C. T. Bauer College of Business, with the leadership of Dr. Bette Ann Stead and was designed to provide a level playing field for companies and organizations around ethics and compliance, to discuss problems and share best practices in the profession.

GHBER is unique as it is the premier ethics and compliance organization in Houston. It facilitates a wide range of compliance practitioners, from health care to energy to tech and beyond. GHBER is made up of lawyers, compliance practitioners, auditors, CPA-types and all other manner of professionals who work in our profession. Some of the different types of activities that the group involves itself in are the following:

  • Roundtable Discussions among members of sponsoring organizations to facilitate discussions by any member of the community who has an interest in maintaining ethical business structures.
  • Service to its members and to the community in the Greater Houston area.
  • Recognition of organizations, of any size, who are making a demonstrable effort to promote ethical business practices.
  • Education of the public and for individuals and officers responsible for administering their organization’s ethics and compliance programs and to promote the study of business ethics in colleges and universities.
  • Chapter Formation for an ethical support network and implementation of programs at the local level.
  • Commitment to uphold and promote ethical business structures and values. Memberships within this organization will be open to organizations and individuals who have made a demonstrable effort to implement business ethics practices, and/or who have a strong desire to implement a business ethics policy.

Of all the goals and achievements of GHBER the one that I find to be the most significant, as the son of a college professor, is its educational goal. In 2005 GHBER initiated a scholarship program to recognize students in area MBA programs who, in the opinion of each student’s school, demonstrate ethical leadership. The scholarship is the GHBER Bette Stead Scholarship in honor of Dr. Stead and the contribution she made in the formation and initial development of GHBER. By the 10th Anniversary, GHBER had provided $10,000 in scholarships. Scholarship winners attend GHBER meetings and this process is helping to develop a new generation of compliance practitioners who will grow up as compliance professionals and not simply lawyers moving over from the corporate legal department or other corporate function.

Right up there with its educational function GHBER puts on quarterly speaker programs for its members. These quarterly programs are open to the public and enable GHBER to promote ethical business practices and serve as a forum for the exchange of information and strategies for developing strong compliance programs.

GHBER has had some very interesting and excellent speakers over the years. Two of my favorites were Scott Lane, founder of the Red Flag Group, and Andrew Weissmann, who recently returned to the Department of Justice (DOJ). Weissmann talked about his days as the head of the Enron Task Force prosecuting miscreants to Houston’s greatest corporate scandal.

This year’s initial speaker demonstrated the breadth of the organization. In February the group hosted Chris Olsen, Vice President (VP) of Football Administration for the Texans, who talked about the compliance issues facing the business of football. In April, we are very pleased to host Kathleen Edmond, of Robins Kaplan LLP and former Chief Ethics Officer at Best Buy, who continues to lead and share best practices. She will discuss building successful collaboration between compliance, risk and Audit. In September, Mark Lowes, VP Litigation for KBR, who will discuss lessons learned regarding the Barko Qui Tam vs. Halliburton case. He will explore such questions as the issue of when are investigations considered privileged? In November the great Stephen Martin will discuss how to conduct an effective compliance risk assessment.

Each year in July GHBER holds a Members Only best practice all day session that provides the compliance practitioner, general counsel (GC), procurement and ethics and compliance professionals’ insight into a timely topic. This year the group will be treated to a discussion of the Layne Christensen Foreign Corrupt Practices Act (FCPA) investigation, which concluded with the company receiving a declination from the DOJ. The presentation will be led by Layne Christensen GC, Steven F. Crooke, and outside attorney Russ Berland, of Stinson Leonard Street, LLP. There will also be a presentation by Christopher Sindik and Robert Leffel, from The Red Flag Group, who will guide you on the best practices required when publishing a Supplier Code of Conduct.     

Yet what is the very best thing about all of the above? It may well be the cost, which is only $100 for an individual membership. Even a corporate membership is still a very reasonable $500. While the SCCE is the leading organization for the compliance practitioner on a national or international basis, there is room in every city for a local ethics and compliance organization. It can be an excellent resource for compliance practitioners in a wide variety of industries. If you are in Houston I would urge you to check out the next GHBER meeting in April. Kathleen Edmond is one of the most respected compliance practitioners around and it would give you the opportunity to meet many of the local top ethics and compliance folks. If you do not have the good fortune to live in Houston or another city that has such an organization, I would urge you to consider founding such an organization.

For more information on GHBER you can visit its website by clicking here. If you want to correspond with the Group’s President (and one of my favorite people) contact Amy Lilly at amy.lilly@CenterpointEnergy.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

November 6, 2014

Supplier Risk Management – Interconnected Processes

The Last EmpireI recently read a book review in the Times Literary Supplement (TLS) by Archie Brown, entitled “One into fifteen”, where he reviewed the book “The Last Empire” by author Serhii Plokhy. Plokhy’s book is about the dissolution and final days of the Soviet Union. One of the more interesting precepts from the book is end of the Soviet Union as announced on Christmas Day, 1991, by then Communist Party Secretary Mikhail Gorbachev. Brown wrote, “All too often the dissolution of the Soviet Union is conflated with the end of Communism and with the end of the Cold War. But the book points out that the Politiburo had ceased to be the ruling body of the USSR in March of 1990 and thus it was “entirely fallacious to speak of either Communism or the Cold War as having ended in December 1991. The transformation of the system was a precondition for the demise of the state, with the latter being an unintended consequence of the former. But these were distinctive, albeit interconnected processes.””

I considered ‘interconnected processes’ when I saw the Compliance Insider, Illustrative Case Study Series, entitled “Supplier Risk Management”, in which The Red Flag Group laid out in a visual format how a company can effectively identify and manage risks in its supply chain. The process is dubbed ‘Report, Review and Improve’ and consists of six steps.

Step 1 – Collect information on the suppliers. This step begins with a review and assessment of your own Vendor Master files to make an initial determination if a new or indeed other supplier is needed. If there is a business justification for bringing the supplier into a commercial relationship with your company, then you should gather performance data on the proposed vendor. The article suggests that a technological solution can help to provide risk-rated questionnaires to facilitate the process by building workflows and approvals directly into your questionnaires.

Step 2 – Validate the collected information. This is the investigative step. You should take the information provided to you by the proposed supplier and test it. You can check on references. You should also engage the supplier directly by interviewing the internal staff of the proposed supplier and review documents and records as appropriate. When necessary, you may also wish to consider the use of outside experts or internal consultants for recommendations or validations. This step should end with the creation of a risk score of the data you have gathered. Here a technological solution can assist by automating your analysis of completed questionnaire with a risk-based scoring of the answers to facilitate the validation process.

Step 3 – Rate the risk of the supplier. This is the analysis step where you should “compare the risks against your complete knowledge of the proposed supplier.” You should also compare your assessed risks against industry data and the risk-rank the proposed supplier or suppliers. A technological solution can also help to crunch large amounts of numbers or other data to give a first pass on your risk-ranking which can be further refined if required.

Step 4 – Implement risk management controls. The article posits that this step should include the conducting of background due diligence and integrity analysis by screening against known watch lists, sanctions lists and those of politically-exposed-persons (PEPs). A technological solution can help this step by managing the request and delivery of due diligence reports, aid in the reviewing, approving and tracking of completed reports and ensure ongoing compliance with automated daily reviews of such lists. Another suggested component of this step is to meet with your internal and external stakeholders to convey expectations. From this point you should be ready to enter the contracting phase, with appropriate compliance terms and conditions. To the extent required, you should also create and manage your compliance policy for the supplier at this stage as well.

Step 5 – Assess and monitor the supplier. In any relationship with a third party in the compliance world, this step is where the rubber hits the road and you have to manage the relationship. The article discusses custom eLearning that can allow you to quickly and efficiently create training programs for your suppliers based upon your compliance regime and not hypothetical training based on legal standards. A technological solution can also assist you in obtaining online certifications to certify that your supplier is in compliance with your company’s business requirements and internal controls. Finally such a solution can help to automate the process going forward to ensure that certification updates are provided, executed and tracked. But more than the ongoing certifications and training, you will need to monitor the transactions you engage in with a supplier. This may entail reviewing a large amount of data through transaction monitoring but it may also entail going to visit a supplier and going through the deep dive of an audit.

Step 6 – Continuous reporting, review and monitoring. All of this information you obtained must be fully documented. Of course, it must be documented to produce to a regulator if the government comes calling. However, this information can also be used to improve the supplier relationship and perhaps even your vendor system. One of the most interesting suggestions was to create a ‘Virtual Data Room’ dedicated to your suppliers. Not only would the creation of such a stored environment enable you to call up information requested by a regulator on short notice, you would also have it in an accessible format for supply chain process improvements. The article suggests trying such techniques as implementing performance incentive programs which can push compliance culture and behavior changes based upon the data you collect. Interesting the clothing company Levi Strauss instituted just such a policy for suppliers in the area of corporate social responsibility, it announcing it earlier this week.

If you do not subscribe to The Red Flag Group’s Compliance Insider publication, I suggest that you do so. It is one of the very best periodicals around on the building blocks of compliance. The six steps it has laid out for process of identifying and managing your supplier compliance risks under the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act demonstrates the thesis of Plokhy’s book reviewed in the TLS; that it is interconnected processes which usually mark change and management. In the case of the former Soviet Union, it may be been drawn by more human factors but there are now a variety of technological tools available to assist your facilitation of this process under any anti-bribery or anti-corruption compliance regime.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 15, 2014

The Louisiana Purchase and Compliance Focus Group – Changing the Game

Focus GroupIn 1803, the fate of the United States changed in ways that could have never been contemplated, when the French Minister Talleyrand offered to sell France’s entire Louisiana Territory in North America to stunned American negotiators, Robert Livingston and James Monroe, who were simply trying to purchase the city of New Orleans from the French Emperor Napoleon. Quickly recognizing that this was an offer of potentially immense significance for the US, Livingston and Monroe began to negotiate on France’s proposed cost for the entire territory. Several weeks later, on April 30, 1803, the American emissaries signed a treaty with France for a purchase of the vast territory for $11,250,000. With the sale of the Louisiana Territory, Napoleon abandoned his dreams of a North American empire, but he also achieved a goal that he thought more important. “The sale [of Louisiana] assures forever the power of the United States,” Napoleon later wrote, “and I have given England a rival who, sooner or later, will humble her pride.”

There are many great resources out there for the compliance practitioner. One of them I have really come to appreciate and look forward to receiving is the Red Flag Group’s bi-monthly Compliance Insider magazine, available both in print and online versions. In the most recent version there were several articles that I found very useful for the compliance practitioner but the one I want to focus on today is the compliance focus group. This provides a forum, which allows employees to raise compliance issues and concerns in “an informal environment, in small groups or in one-on-one sessions. They can be done as stand alone or as break-out sessions from larger meetings, conferences or similar events where multiple parties get together.” The article provided 10 things which you should consider before you hold your compliance focus groups.

  1. Select Your Countries and Regions Carefully. You need to reflect on selecting those areas, which have “compliance issues, have been the subject of investigations or are higher risk.” Contrast that selection with one or more regions that have achieved compliance performance so that you can clearly articulate the difference. Most importantly, pick the regions that need the most support and “have the most business at risk if there is a compliance issue. You will also know from your own business those areas, business units or regions where there is more “noise” around compliance.”
  1. Plan Your Locations, Times and Attendees. Think about your logistics, both higher level such as travel times and lower details such as seating. As you will usually desire to have three to four sessions per day, up to 90 minutes, you will need to make sure people have enough time to get there and register. But also think about seating, as you want to make things as informal as possible. This means a conference table or a large U shape arrangement and not classroom or lecture room seating.
  1. Have Separate Management Sessions. It is important that you make attendees feel that they can give open and honest thoughts about the company and its compliance regime. This means you cannot have senior management in sessions for middle management and lower management and employees.
  1. Draft an Agenda and a Short Presentation. The author believes that many times participants will need a stimulus of some sort to get things going. He advises “A good idea is to build a brief agenda before the meeting, even if it is fairly flexible – many senior employees will demand an agenda before accepting a meeting.” Also prepare a brief PowerPoint presentation for the session designed to explain the purpose and outcomes of the session, keep it to five or six slides which will act as placeholders for discussion topics.
  1. Think About Some Probing Questions In Advance. Here are some of the suggested questions that you should consider asking to the group:
  • Do people understand what compliance is? What does it mean to you in your daily business dealings?
  • What do people think of the policies and procedures across the company?
  • Is the training simple and easy to understand?
  • What is the company culture around compliance? Do people really take it seriously or is there a “tick-the-box” mentality?
  • Are there issues with reporting? How do people report? What is the culture regarding reporting issues?
  • Does management “walk the walk” with compliance or just “talk the talk”?
  • How does your company compare to its peers in the area of compliance?
  • What is the competitive environment like, both externally and internally?
  • Where are the areas that compliance could improve?
  1. Select a Facilitator. Compliance issues can be sensitive and people can be uncomfortable talking about them. For the focus group to succeed and be of value, everyone should be made to feel comfortable; and feel that they are not being audited or reviewed or they will not be confident to speak up. The author believes that here a good facilitator can be assist in keeping “the discussion going, ensure that everyone participates, make people feel at ease and, most importantly, ensure that the discussion is lively. The facilitator might also need to be trained on some of the risk areas of the business and have a solid understanding of the business and the existing compliance program.”
  1. Prepare Your Opening Disclaimer. Some participants may want to know how their comments will be used, quoted directly or generalized. This would be the time to address such concerns and invoke confidentiality of names and other identifiers.
  1. Prepare Some Takeaways. The leader should be prepared to summarize what the next steps will be going forward, including when a report might be issued to management and what might included in the report.
  1. Prepare a Report For All Participants. A key component of any compliance focus group is a post event report, which consolidates all sessions. This should be generated as soon as possible after the end of the last session. The report should include specific actions that will be taken based upon the input received from the focus groups. There will certainly be expectations from participants that if they have reported any circumstances which warranted responses they will want to know what the compliance team is doing about a response. Participants will also want to see whether the feedback they gave is consistent with that given in the other sessions.

10.Write a Report for Management. This report should focus on the larger issues raised in the compliance focus groups and, as the author notes, “looking at the trends, steps forward and lessons learned.”

While your compliance focus group may not be quite the game changer that the Louisiana purchase was for the US, it will certainly provide you solid information on your compliance program that you can use to move it forward; as the article notes, “From the people who use the programme everyday—your employees and partners—you can find out what the programme means, how it adds value (or doesn’t add value) and how it is seen by the management team around the world. And while you are at it, you may want to check out the Red Flag Group’s Compliance Insider magazine, it is a great resource.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

May 17, 2012

The Value in Conducting Thorough Background Checks on Executives

Filed under: Background Checks,Bribery Act,Red Flag Group — tfoxlaw @ 5:52 am
Tags:

Ed. Note-today we have a guest post by Scott Lane, President of the Red Flag Group.

Internet giant Yahoo! has now been forced to undertake another extensive search for a Chief Executive Officer to help salvage its underperforming business. Today it was announced that Scott Thompson would be stepping down from his recently appointed position at the company in the wake of allegations surrounding the accuracy of his education record. The scenario that Yahoo! is now in serves as a reminder to organisations of the importance of conducting thorough background checks on new senior executive appointments as a means of avoiding potential shareholder disputes and detrimental publicity.

Not long after Scott Thompson was appointed CEO of Yahoo! in January 2012, rumours began circulating about the authenticity his academic credentials as detailed on his CV. Mr Thompson’s CV listed an accounting and computer science degree from Stonehill College in the United States. Daniel Loeb, the boss of the hedge fund Third Point who own 5.8% of Yahoo!, claimed that Mr Thompson had not in fact graduated with a degree in computer science. The discrepancy in Mr Thompson’s record was deemed to be the result of an “inadvertent error” by Yahoo!. Mr Loeb initiated a number of inquiries on behalf of other shareholders as to how Yahoo!’s vetting process had not picked up that Mr Thompson never graduated with a degree in computer science.

This case divided opinion as to the seriousness of Mr Thompson’s misrepresentation, particularly as his performances in previous roles had earned him considerable acclaim. However, Yahoo! had exposed themselves to potential litigation by using Mr Thompson’s degree information on regulatory filings, and the ongoing discussions about his background continued to be a distraction from becoming established in his new role. So much so that the decision has been made that Mr Thompson is to step down as CEO. Not only will Yahoo! now have to undertake another expensive and time consuming search for his replacement, his departure also comes at the expense of other existing directors who were responsible for his employment. More so, over the past number of weeks Yahoo! has been the focus of considerable media attention for all the wrong reasons, and its board’s reputation to make decisions in the best interests of all stakeholders tarnished.

This is certainly not the first time a company has suffered the indignity of having to replace senior executives. Last year the chief executive of InterContinental Hotels Group’s Asia-Pacific operations, Patrick Imardelli, resigned after it was discovered that he had misrepresented his academic record on his CV.

This issue could have been addressed if companies:

  • Conducting a detailed background check to ascertain the overall accuracy of an individual’s CV including all previous work and study credentials
  • Detailed research into the person’s profile in International media in each of the markets where they have lived, carried on business or managed people
  • Interviews with other colleagues, business associates, and previous employers to address the overall integrity of the person in all markets in which they have worked
  • Interviews with the person to assess their understanding of compliance and legal risks, their approach to ethical and integrity issues and their answers to a series of hypothetical corporate situations posing ethical challenges and testing their responses along the way
  • The conducting of psychometric testing based on integrity issues to assess independently the responses to certain situations

Background screening and integrity assessments should be an essential part of the hiring and promoting process. This is important with all new employees, but even more so with those moving into senior positions. The incident involving Mr Thompson will for some time remain a blight against Yahoo! in the eyes of some of its shareholders, but they will no doubt adopt screening measures to heavily scrutinise all candidates in the future. Whilst undertaking extensive screening operations can be time consuming and costly, it is not as damaging to an organisation as disharmony amongst shareholders when it is discovered that a recently appointed individual’s credentials are false.

============================================================================================

For more information on the Red Flag Group, click here.

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. 

Blog at WordPress.com.