The Weatherford FCPA Settlement, Part III

Yesterday, I reviewed the conduct which Weatherford International Limited (Weatherford) engaged in over a period from 2002-2011 in connection with its Foreign Corrupt Practices Act (FCPA) investigation, noted the deficiencies in its compliance program and its internal controls and even how the company intentionally impeded the investigations of both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). Today, I want to look at how the company changed course in mid-stream during the investigation, brought in a top-notch and well respected lawyer as its Chief Compliance Officer (CCO), created a best-in-class compliance program; all of which saved the company millions of dollars in potential fines and penalties.

1. I.                    DOJ Fine Calculation

To resolve the criminal aspects of this case, Weatherford agreed to pay an $87.2 million criminal penalty as part of a Deferred Prosecution Agreement (DPA) with the DOJ. There was also another $65.6 million paid to the SEC. However the figure paid to the DOJ was at the very bottom range of a potential criminal penalty. The range listed in the DPA was from $87.2 to $174.3 million. In coming up with this range under the Federal Sentencing Guidelines, it is significant for the actions that Weatherford did not receive credit for during the pendency of the investigation. The company did not receive a credit for self-reporting. The company only received a -2 for its cooperation because prior to 2008 the company engaged in activities to impede the regulators’ investigation.

So the fine range could have been more favorable to the company. But the key is that Weatherford received the low end of the range. How did they do this?

A.     New Sheriff in Town

One of the key things Weatherford did was bring in Billy Jacobson as its CCO and give him a seat at the table of the company’s Executive Board. He was a Federal Prosecutor in the Fraud Section, Criminal Division, US Department of Justice. He also served as an Assistant Chief for FCPA Enforcement Department so we can assume he understood the FCPA and how prosecutors think through issues. (Jacobson also worked as a State Prosecutor in New York City, with my former This Week in FCPA co-host Howard Sklar, so shout out to Howard.) Jacobson was not hired directly from the DOJ but after he had left the DOJ and had gone into private practice. There is nothing that shows credibility like bringing in a respected subject matter expert and giving that person the tools and resources to turn things around.

But more than simply bringing in a new sheriff, Weatherford turned this talk into action by substantially increasing its cooperation with the government, thoroughly investigating all issues, turning over the results to the DOJ and SEC and providing literally millions of pages of documents to the regulators. The company also cleaned house by terminating officers and employees who were responsible for the illegal conduct.

B.     Increase in Compliance Function

In addition to establishing Jacobson in the high level CCO position, the company significantly increased the size of its compliance department by hiring 38 compliance professionals and conducted 30 anti-corruption compliance reviews in the countries in which Weatherford operates. This included the hiring of outside consultants to assess and review the company’s compliance program and beefing up due diligence on all third parties, including those in the sales and supply chain, joint venture (JV) partners and merger or acquisition (M&A) candidates. The company also agreed to continue to enhance its internal controls and books and records to prevent and/or detect future suspect conduct.

If you have ever heard any of the current Weatherford compliance professionals speak at FCPA conferences, you can appreciate that they are first rate; that they know their stuff and the company supports their efforts on an ongoing basis.

C.     Best in Class Compliance Program

During the pendency of the investigation, Weatherford moved to create a best practices compliance program. They appear to have done so and agreed in the DPA to continue to maintain such a compliance program. Under Schedule C to the DPA, it set out the compliance program which the company had implemented and continued to keep in place, at least during the length of the DPA. It included the following components.

1. High level commitment from company officials and senior management to do business in compliance with the FCPA.
2. A substantive written anti-corruption compliance code of conduct.
3. Written policies and procedures to implement this code of conduct.
4. A robust system of internal controls, including accounting and financial controls.
5. Risk assessments and risk reviews of its ongoing business.
6. No less than annual assessments of its overall compliance program.
7. Appropriate oversight and responsibility of a Chief Compliance Officer.
8. Effective training for all employees and relevant third parties.
9. An effective compliance function which can provide guidance to company employees.
10. A robust internal reporting system.
11. Effective investigations of any reported compliance issue.
12. Appropriate incentives for employees to do business ethically and in compliance.
13. Enforced discipline for any employee who violates the company’s compliance program.
14. Suitable due diligence and management of third parties and business partners.
15. A correct level of pre-acquisition due diligence for any merger or acquisition candidate, including a risk assessment and reporting to the DOJ if the company uncovers and FCPA-violative conduct during this pre-acquisition phase.
16. As soon as practicable, Weatherford will integrate any newly acquired entity into its compliance regime, including training of all relevant new employees, a FCPA forensic audit and reporting of any ongoing violations.
17. Ongoing monitoring, testing and auditing of the company’s compliance function, taking into account any “relevant developments in the field and the evolving international and industry standards.”

D.    Monitor

Weatherford also agreed to an external monitor. However, the term of the monitor is not the entire length of the three-year DPA; the term of the monitor is only 18 months. The monitor’s primary function is to assess the company’s compliance with the terms of the DPA and report the results to the DOJ at least twice during the terms of the monitorship. After this 18 month term the DOJ will allow the company to self-report to the regulators. It should be noted that the term of the external monitor can be extended by the DOJ.

II.                Conclusion

It certainly has been a long, strange journey for Weatherford. I should note that I have not discussed at all the Oil-For-Food aspect of this settlement, which was an additional $100MM penalty to the company. However, with regard to the FCPA aspects of the matter, there are some very solid and telling lessons to be drawn from this case. First and foremost is that cooperation is always the key. But more than simply cooperating in the investigation is that a company should take a pro-active approach to putting a best-in-class compliance program in place during, rather than after the investigation concludes. Also, a company cannot simply ‘talk-the-talk’ but must come through and do the work to gain the credit. The bribery schemes that the company had engaged in and the systemic failures of its compliance program and internal controls, should serve as a good set of examples for the compliance practitioner to use in assessing a compliance program.

The settlement also sends a clear message from both the DOJ and SEC on not only what type of conduct will be rewarded under the US Sentencing Guidelines, but what they expect as a compliance program. One does not have read tea leaves or attempt to divine what might be an appropriate commitment to compliance to see what the regulators expect these day.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Venice, the US Navy and Red Flags

Today’s post comes from Venice where I am spending a week. It is one of the most unique and beautiful cities on earth. It was a great maritime power for over 1000 years. At the height of its power, it was the richest city on earth, worth almost 10 times more than the entire country of France in 1300. Even today, it is still dominated by the sea in all aspects, from the transportation of its daily food stuffs, to the flooding which is regular occurrence due to the fact the city is sinking into the Adriatic.

Venice’s maritime heritage sets the scene for today’s post which is about the ongoing corruption scandal in the US Navy. The scandal has led the Navy to taking action against seven officers over a criminal investigation into ship supply contracts for the Navy in the Pacific. The supply contracts where all with a company named Glenn Defense Marine Asia. As reported by the New York Times (NYT), the allegations are that the company, led by a Malaysian named Leonard Glenn Francis, won over $200 MM in contracts “to provide fuel, food and other services to warships by submitting extremely low bids.” The company then used bribery and corruption of Navy officers to help inflate the company’s billing and to “cover his tracks.” Apparently complaints were raised by Navy contracting officials as early as 2009 about the company, yet it was awarded three new contracts in June 2011, giving Glenn Defense Marine Asia “control over supplies and dockside services for its [the US Navy’s] fleet across the Pacific.”

For the compliance professional, this scandal involving the US involves some clear and unfortunately stark lessons learned regarding the warning signs of corruption, i.e. Red Flags.

Background Investigation

For any Foreign Corrupt Practices Act (FCPA) compliance program, a mandatory staple is to know with whom you are doing business. This is referred to as due diligence. A variety of sources are reviewed during the due diligence process, including background checks on third parties who do business with a company through the sales chain and supply chain. It turns out that Mr. Francis had spent time in jail on handgun charges. More significantly, the Navy encountered problems with Glenn Defense Marine Asia in its initial contracts with the company.

Rates and Pricing

Most compliance practitioners review contract rates to make sure that the rates do not create such a large amount of money to facilitate the payment of bribes or to create the incentive to pay bribes to win contracts. However, contract pricing and rates can be a significant indicator that something may not be quite right with a third party. In the case of Glenn Defense Marine Asia, it was its low-ball bidding which should have raised a red flag. In the bidding for the 2011 Pacific-wide supply contract, another company, DaeKee Global Company bid $67.9MM, while Glenn Defense Marine Asia bid only $21.6MM. Another NYT article quoted Robert Burton, a former acting administrator for the Office of Federal Procurement who said, “That type of huge price discrepancy is certainly a red flag.” He was further quoted to say, “Contracting officers should have raised questions.” Glenn Defense Marine Asia’s business plan was then to overcharge the US Navy using inflated prices and submit billing for delivery of non-existent goods and services.

Lavish Gift-Giving

To take this next step, the company needed the active assistance of US Naval officers. Once Glenn Defense Marine Asia was able to secure the contract to supply the Pacific-wide stores, it went to work on the naval officers now caught up on the criminal investigation. In one email the company said that “We gotta get him hooked on something” when discussing how to corrupt one naval officer to help Glenn Defense Marine Asia get over-charges paid to make up for the low bid on the contract. The company used lavish gifts and entertainment to cultivate officers who could send additional work in the direction of the company and approve the payment of inflated billing or billing for non-existent work. The gifts ranged from tickets to concerts, first class travel across the globe and payments of up to $100,000 in cash.

While most companies have compliance programs in place to deal with the lavish gift-giving and perform background due diligence on entities with which they do business they do not often focus on pricing. This scandal involving Glenn Defense Marine Asia and the US Navy makes clear that if a potential third party representative using an extra-ordinary low rate to entice your company to do business with it, something may be amiss. As Burton was pointed out in the NYT article, a huge price discrepancy is itself a red flag. If pricing is so low, as not to make business sense, it means the price difference will be made up somewhere else. In the case of the US Navy it was through over-charging for goods and services and billing for non-existent bills and services. If the same happens with a foreign government or state owned enterprise subject to the FCPA, it could well be that your company would be in hot water for going with the lowest bidder to represent your company. This does not mean that your company cannot do business with the lowest bidder, but it does mean that if a bid is so low as to defy commercial expectations, there needs to be further analysis to determine why the bid is so low.

The Glenn Defense Marine Asia/US Navy scandal presents some tangible lessons for the anti-corruption compliance practitioner. Just as Venice grew wealthy through smart trading, it is incumbent to know who you are doing business with, watch out for red flags and manage your business relationships after the contract is signed.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

A Modern [Fractured] Fairy Tale – Challenges under the FCPA in Africa

For anyone growing up in the 1960s one of the best TV cartoon shows was Rocky and Bullwinkle. As I grew older I came to appreciate the reason for this which was that the show was written for adults so that most of the satire was timeless. It still holds up today, especially if you understand the cultural references. There were other short segments, in addition to the main characters, one of which was entitled “Fractured Fairy Tales” featuring a satirical look at classic fairy tales. So with that inspiration in mind, today we present a fractured fairy tale of some of the challenges which face US companies doing business in Africa in complying with the Foreign Corrupt Practices (FCPA) or UK Bribery Act. In a later post, I will provide some guidance to the issues raised in today’s post.

Ed. Note. The following is a fictional tale and any resemblance to a person or persons living or dead is purely coincidental.

Hello. I wanted to clear up some misconceptions that you might have regarding doing business in my country. We are a small country population wise but we are rich in resources. It should not surprise you then to find out that the educated business elites of our country often work with and for our government’s interests. What is wrong with that? I am a patriot and I always look out for my country’s interests. If I get rich along the way, what is the harm? Surely there is no corruption in that?

Of course I have heard about the FCPA and the Bribery Act. But after all, they are your laws, not ours, so really they are your problem aren’t they? There is no corruption when you pump some of your profits back into the local economy is there? If there is how will my people ever overcome the great poverty we have endured? Do you want to keep us down economically? If I ask you to make a donation to a charity, which my wife runs, that is good for my country, what is wrong with me asking you to do that? It is also proper that I can help guide my wife in her decisions about where to spend the money donated. Surely there is no corruption in that?

I see nothing wrong in having a Swiss bank account. Everyone knows that Switzerland has the safest banking system in the world. Do you really believe that it is my fault I have made lots of money and that I have a desire to protect it from the ravages of inflation? I recently read about the people of Greece who are taking money out of their banking system and moving it to a more safe location. Surely there is no corruption in that? And what about your US Presidential Candidate, didn’t I read that once he and his wife had Swiss bank accounts? Why do you claim that it raises a “Red Flag” with me but not so with him?

I think it only decent and appropriate that you have a local business partner when dealing with my country. We want to empower our locals and the best way to do that is if you partner with local companies. Simply because I may happen to own an interest in the local business partner, is no reason not to do business with it. I am very serious in the fight against poverty for my country and I cannot think of a better way to do so than to have a local partner. Surely there is no corruption in that?

Yes, you sent a form for the local partner to fill out listing all of its owners, but it is not their fault that they don’t know who owns them; frankly they do not need to know. You really can’t expect me to know all of the businesses in which I own an interest in? There are just too many. Surely there is no corruption in that?

All I am asking you to do is to help my people. Do you want them to go hungry for the whole world to see? I don’t think that you do. That is why you should keep giving power and money to our local citizens. It is you taking our wealth; I see no reason why we should not benefit, even if it is for me and my friends. Surely there is no corruption in that?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Third Party Checkup

In a January 29, 2012 editorial in the New York Times (NYT), entitled “Made in the World”, columnist Thomas Friedman wrote about the end of ‘outsourcing’; his thesis being the “world is now so integrated that there is no “out” and no “in” anymore. In their businesses, every product and many services now are imagined, designed, marketed and built through global supply chains that seek to access the best quality talent at the lowest cost, wherever it exists.” However, the ‘cheapest’ does not necessarily mean the best for your company.

What are your company’s risks for not knowing such information? Clearly anti-corruption legislation has remedies for civil and criminal liability. However, equally great may be reputational damage, “even from public investigations into a third party.” Put another way, how do you think the folks at Apple felt when they woke up on the morning of January 25, 2012 to find the following headline on the front page of the NYT “In China, Human Costs are Built into an iPad”?

In a recent White Paper, entitled “Third Party Essentials: A Reputation/Liability Checkup When Using Third Parties Globally”, authors Marjorie Doyle and Diana Lutz posit that in most foreign business partner relationships, your company will be held responsible for the actions of third parties which work for and with your company. The new global expectation is that “you know who they are, you have vetted them and you are in control of the activities for which you hired them.” They further believe that such is even more important when anti-corruption and anti-bribery laws, such as the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other OECD based legislation, are applicable. They note, “Gone are the days when organizations could wash their hands of liability or damage to reputation from outsourced work due to ethics and compliance failure.”

To help companies navigate through the issues, the authors have prepared a checklist to test an “organizations health status concerning your relationship to your third parties.” It is as follows:

1. Do you have a list or database of all your third parties and their information? Does your company have a full list of all third parties including such basic information as name, location, type of services provided, contract files and dates, principals of the third party and primary contact, due diligence files and any other information you might need to manage the third party relationship going forward?
2. Have you done a risk assessment of your third parties and prioritized them by level of risk? You need to know which third party services present the greatest risk to your company by asking some of the following questions: (a) Is the third party’s service critical to your business?; (b) Is the third party’s service performed with little company supervision or oversight?; (c) Does the third party have access to any company funds, resources or assets?; (d) Can the third party fund the company contractually?; and (e) Does the third party obtain any foreign governmental licenses, certifications or other approvals for your company?
3. Do you have a due diligence process for the selection of third parties, based on the risk assessment? You should use the information determined through the risk assessment to “tailor the level of diligence to the level of risk.” Assign a risk profile to categories, such as high, medium and low. The higher the risk, the more due diligence will be required to vet the third party.
4. Once the risk categories have been determined, create a written due diligence process. Here you need to have a written policy and defined procedures to implement that policy. The policy should include the following: (a) who is responsible for implementation; (b) list of red flags and how such red flags are to be dealt with and cleared; (c) a procedure to pay for any due diligence performed; (d) reference checks on third parties; (e) procedures for in-person interviews for third parties in a high risk category; (f) conflicts of interest checks, and (g) process for documentation and storage of all of the above information.
5. Once the third party has been selected based on the due diligence process, do you have a contract with the third party stating all the expectations? In addition to your standard commercial terms, your third party contract should also include compliance terms and conditions, which should including the following: (a) anti-corruption and anti-bribery certification; (b)requirement that the third party maintain accurate books and records and that your company has audit rights; (c) indemnity rights; (d) anti-corruption and anti-bribery training for the third party’s employees; (e) an anonymous reporting mechanism for ethics complaints; (f) require the third party to obtain pre-approval to subcontract out any of its work for your company; (g) require the third party to report any ownership change back to your company, and lastly (h) clear termination rights.
6. Is there someone in your organization who is responsible for the management of each of your third parties? Just as your company would never have an employee who is not supervised, your company should not have a third party which does not have company oversight. You should designate a manager to maintain the third party relationship with your company. Such relationship manager should maintain and update documentation on the third party, work with Internal Audit to schedule and perform audits, meet regularly with the third party and oversee adherence to the third party’s contract with your company.
7. What are “red flags” regarding a third party? Red flags are generally recognized as signs or situations which should give rise to further investigation by your company. While there are innumerable questions which can be asked and answered, I believe that red flags are generally organized into some or more of the following categories: (a) something seems out of the ordinary; (b) reluctance of party to supply information/difficulty of verifying information; (c) the company/services/principals are not verifiable by data, only anecdotally; and (d) mismatch in business experience with the product or services offered. Whatever red flags you list, if they are undiscovered or left unresolved, it could certainly cost a reputational loss or worse for your company.

Many companies understand the maxim “Know Your Customer (KYC)”, nevertheless, in today’s global economy this maxim may well need to be expanded to “Know Your Third Party”. The authors conclude by agreeing with Thomas Friedman’s observation in his Op-Ed piece “that there is no “out” and no “in” anymore” and that “the rule is: Source everywhere, manufacture everywhere, sell everywhere.” However, with this opportunity brings potential costs. Your company should “apply the same rigor in selecting, training and managing third parties” as it does for its own employees. A good place to start is with a third party checkup.

============================================================================================
Episode 29 of This Week in FCPA is up. Howard Sklar and I visit with the winning defense lawyers in the O’Shea case.

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

How Charles Ponzi Can Inform Your Compliance Program

Yesterday, I used some of the wisdom from current CIA Director General David Petraeus to suggest how senior management might move forward with a compliance program. Today I will use a very different individual to help inform your third party due diligence, Charles Ponzi.

My colleague Tracy Coenen writes an invaluable blog entitled The Fraud Files Blog. She consistently writes about detecting fraud in all its forms. In a recent post,entitled “Ponzi Scheme and Investment Fraud Red Flags”, Tracy identified many Red Flags which might come up if you performed some due diligence on a Ponzi scheme or persons promoting it. In her blog post, she listed “some red flags about the “investment” you’re considering that might indicate it is a Ponzi scheme” and they are as follows:

• Promoters are not registered to sell investments (Consider doing a background check through Financial Industry Regulatory Authority (FINRA) if the promoter is U.S. based.);
• Promoters have a history of being investigated and/or disciplined for actions related to investments (Google is your best friend for this one.);
• Promoters and/or founders of the business/investment have criminal, bankruptcy, or civil court histories that are troubling (Use PACER to search all federal court records for a nominal fee. State courts generally have their own online systems, and access to them is growing daily.);
• Difficulty in verifying whether there is a legitimate business behind the investment (Again, Google is your friend!);
• Groundbreaking “new technology” or other special (but super-secret) methods or assets, which are going to take the world by storm and be the greatest thing since sliced bread;
• Complicated alleged business model that prevents an experienced investor from understanding how money is really made;
• The alleged performance of the company is suspiciously higher than competitors or companies in related industries;
• No objective third-party information can be found about the company;
• Elaborate explanations for why the business cannot be verified;
• Unusually high rates of return offered on the investments (Note that this one is the most common across all Ponzi schemes.);
• Returns on investment are guaranteed (Not to be confused with an annuity from a reputable company with a guarantee in the contract.);
• Promoter downplays the amount of risk investors will be exposed to, often  using phrases such as “a sure thing”;
• Reluctance to provide documentation supporting claims being made about the investment and the business behind it;
• Address of the “business” is a mail drop location, virtual office, or small private office that couldn’t possibly hold a business the size that is being claimed (Google Maps is very helpful for this one.);
• Few (if any) employees in the operation other than the founder and/or promoter;
• Background of the principals of the business is mismatched with what the business does (Use Google to find out what kinds of jobs they held previously, and compare it to what they’re supposedly doing now.); and
• Company’s alleged success is related to a recent announcement of some sort, rather than historical financial results (This one is even worse if the information in the announcement can’t be verified, and it appears to just be a PR stunt for the benefit of potential investors.).

One of the things that struck me in reading Tracy’s list of Ponzi scheme Red Flags is how closely they mirror those which may appear in a Foreign Corrupt Practices Act (FCPA) or UK Bribery Act due diligence investigation. Additionally the Red Flags would seem to organize themselves into four general areas:

1. Something seems out of the ordinary.
2. Reluctance of party to supply information/difficulty of verifying information.
3. The scheme is not verifiable by data, only anecdotally.
4. Mismatch in business experience with the product or services offered.

In due diligence training, I always tell people to listen to their guts, or if the hair on the back of their neck stands up, pay attention. Not listening to your internal warning system can lead your company down a path that it may well not desire to travel. Red Flags are so called for a reason and if they are raised they must be sufficiently clear. Tracy Coenen’s list of Red Flags for Ponzi schemes is one which any corporate compliance officer should take to heart.

Tracy Coenen, CPA, CFF  has also written a useful book for helping companies and individuals detect fraud and Ponzi schemes and investment frauds entitled, “Expert Fraud Investigation: A Step-by-Step Guide.” She can be reached via email at tracy@sequenceinc.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

AML for the Compliance Practitioner: The KPMG 2011 Survey on Anti-Money Laundering

Dick Cassin, writing in his FCPA Blog, has consistently raised the issue of Anti-Money Laundering (AML) in the wider battle against bribery and corruption. He set out some of his thoughts in a post entitled “9/11 and the FCPA”. He also speaks regularly about AML laws as one component of the ongoing battle against world-wide terrorism since 9/11and how that relates to anti-bribery and anti-corruption compliance. I thought about Dick’s writing and ideas while I was reading the survey released yesterday by KPMG, entitled “Global Anti-Money Laundering Survey 2011”. While this survey focused on the banking industry, there were many issues identified that are applicable to the wider compliance field. The survey is one of the continuing releases by KPMG that gives insight into what compliance practitioners are thinking, some of the challenges that they face and provides a summary of best practices which anti-bribery and anti-corruption practitioners can incorporate into their company’s US Foreign Corrupt Practices Act (FCPA) and UK Bribery Act compliance programs.

The part of the survey which struck me as most applicable to the FCPA and Bribery Act compliance practitioner was ongoing monitoring. My ‘This Week in FCPA’ colleague, Howard Sklar, often speaks that he believes a compliance program must be nimble and agile enough to evaluate new risks as they arise or become known to a company. The KPMG survey noted that “This principle [ongoing monitoring] also applies to wider risk management arrangements. Ongoing risk assessment should include intelligence generated internally as well as externally, and a key source for this data is monitoring tools and activities.” Ryan Morgan, Anti-Corruption Specialist at World Compliance, spoke, at the ACI-FCPA Boot Camp held in Houston this past January, about the need to perform ongoing due diligence on parties on more than an annual basis.  This is because such due diligence is simply a snapshot of time going back from the date of the due diligence. Morgan made clear that 3 months, 6 months or 9 months into the future this snapshot might change.

Another reason to do ongoing monitoring relates to Dick Cassin’s work on the connection of compliance programs to anti-terrorism. To assist banks and other financial institutions in the fight against money laundering and terrorist financing KPMG suggests they undertake ‘ongoing monitoring’ of the business relationship with each customer. This ongoing monitoring has two components. First such institutions should monitor all of the transactions involving the customer to ensure that they fall within expectations. This concept has clear resonation in the FCPA compliance area under one of the well-recognized Red Flags regarding third party business partners. If a proposed foreign business partner does not have experience in your company’s field of expectation for the services or products your company offers, or the commission the foreign business partner sought, or has received, do not fall within a range of monetary expectations, these are viewed as ‘Red Flags’.

The second component of ‘ongoing monitoring’ would fall into the category of “Know Your Customer” or as it is known by its acronym ‘KYC’. KPMG notes that this second element of the ‘ongoing monitoring’ requirement is the need to keep relevant KYC data items up-to-date. Without up-to-date data, banks cannot understand their customers, nor screen a company’s principals effectively against sanctions lists. As Ryan Morgan noted in his ACI presentation many times it is difficult to obtain accurate information on officers, directors and related parties in the ownership chain of a foreign business partner because of the inherent inefficiencies in  a foreign governments corporate records filing systems. This means that the tools must be in place but those tools must also be utilized on a regular basis.

The KPMG survey is filled with much information for any banking compliance officer but also solid information for the anti-bribery and anti-corruption practitioner. I heartily recommend it to you for your consideration.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Why Perform FCPA Due Diligence? (and what happens in you don’t)

So what are Red Flags and where do they appear? What level of due diligence does your company require for an entity based in the United States? How often during the pendency of a transaction or business relationship should your company update its due diligence? These questions and others were brought up in a recent article in the Wall Street Journal (WSJ) about a civil-racketeering lawsuit by the government of Ukraine against Olden Group, an Oregon based company. In the June 13, 2011 edition of the WSJ was an article by Dionne Searcy entitled, “Court Order US Firm to Pay Ukraine”. The article details a lawsuit which stemmed from an investigation, ordered by the President of the Ukraine, into medical supplies purchased by the government administration which preceded the most current administration.

The investigation was assisted by the US Company Kroll Inc., which issued a report on Olden Group. In its report, Kroll noted that Olden was tied to a “web of offshore companies registered in the US and tied Olden to past fraudulent schemes.” The Kroll Report and other information led the Ukrainian government to file the lawsuit. The Ukraine lawsuit alleged that Olden entered into sham contracts with a Ukrainian firm named Interfarm LLC to submit “phony customs declarations” which misstated prices that the Ukrainian government paid for vaccines. These overcharged monies were then laundered through both US and Latvian banks. These monies have disappeared.

As reported in the WSJ, based upon corporate records obtained from the state of Oregon, Olden Group is owned by two separate companies. The first is named Worldwide Management and has an address which is a post office box in Belize. The second is an entity named International United Holding AG and is based in Niue, an island in the South Pacific. Further these two companies are shareholders of numerous companies owned by two individuals, Charles Mathias and W. Rick Fletcher, who were reported in WSJ article to be “shareholders in numerous companies incorporated in Oregon.” When reached by the WSJ for comment, Mr. Mathias related that he has “registered numerous firms on behalf of several Eastern European organizations.” State of Oregon records revealed that Mr. Mathias had registered about 2,762 companies in Oregon.

The WSJ article also noted that one of the firms related to the Olden Group was named in the US Department of Justice’s (DOJ) bribery and corruption case against Daimler. This allegation involved one of the 2,762 companies which Mr. Mathias had incorporated in Oregon, United Petrol Group. It was alleged by the DOJ to be a part of Daimler’s corrupt acts to bribe certain Latvian government officials to obtain contracts. Lastly another entity formed by Mr. Mathias, Ronberg Gruppe, was placed on the World Bank blacklist in September 2010 for having “engaged in fraudulent practices relating to a [World Bank] project in Afghanistan.

I have set out this rather detailed description of the WSJ article to illustrate, once again, the need for continued vigilance throughout the due diligence process. Simply because your agent/vendor/business relationship is located in the United States, does not mean that you can automatically limit your due diligence inquiry to a Level One search. You must also be vigilant in obtaining related party information on the entity with which you are doing business with and obtain a list of the principles and check on them as well. The experience of the Ukraine government and the information from the Wall Street Journal article clearly demonstrates the pitfalls of failing to do so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Foreign Business Representatives: Some Red Flags to Review

Most Foreign Corrupt Practices Act (FCPA) Practitioners are aware that the greater the contacts with a foreign governmental official and the greater amount of money involved, the greater the FCPA risk for a company if a third party is involved. This is more particularly so if the foreign business representative involved does nothing more than simply make an introduction or uses his (or her) connections to get your company in front of “right people.”

This posting will discuss three Red Flags which a company should review regarding a foreign business partner. Many businesses look to the value obtained in the use of a foreign business representative. This simple economic analysis is not sufficient in the FCPA context. There should be a separate analysis on whether the foreign business representative has the substantive skills to perform the services requested. Finally, if the services performed by the foreign business representative are too far out of line with those performed by competitors, this can also present a Red Flag requiring additional scrutiny.

In his recent book entitled, “Foreign Corrupt Practices Act – A Practical Resource for Managers and Executives” noted FCPA specialist Aaron Murphy discussed this issue. Murphy had been in situations where the decision to retain a foreign business representative was based solely upon an economic analysis, with no substantive discussion within the company of whether the proposed foreign business representative had the requisite skills to provide substantive services. He observed that such a decision making process is a “dangerous mentality to adopt when doing business with foreign governments or state owned entities.”

Why

He goes on to discuss the situation where a foreign business representative is recommended by the entity with which your company is attempting to secure a contract. As a threshold issue, Murphy makes the inquiry as to whether such a “recommendation” is really a “requirement”. If your company is informed that the retention of such a foreign business representative would make things go more smoothly, this is clear evidence of a Red Flag on the proposed foreign business representative. Murphy recommends several inquiries which include the following:

• With whom is the proposed foreign business representative related or affiliated?
• What services does the foreign business representative bring to the table which our company cannot provide?
• Was the need for the foreign business representative always contemplated as a part of the transaction?

Murphy focuses on the final question as particularly important. If the “recommendation” for the proposed foreign business representative appeared out of the blue and was not a part of any original bid requirement or tender package, a company should be particularly suspicious. Such a request has the indicia that the proposed foreign business partner is really just a sham and potential conduit for the transfer of money to a foreign governmental official.

What Happened?

A separate issue arises when the services of a foreign business representative is unexplained or vaguely understood. Usually a foreign business representative will perform some service(s) but just exactly what the service(s) are is unclear to your company. Murphy poses this situation as the “What Happened” scenario where a company may have a FCPA internal controls/books and records violation because it simply cannot explain what the service(s) foreign business representative provided. This situation can arise where a service was performed quickly, and apparently efficiently, by a foreign business representative but with little understanding by your company of just how such service(s) were delivered.

Too Good to be True?

Another Red Flag which should be evaluated is where the foreign business representative performs services which are far above that of any competitor or demonstrable success rate. James Min, Vice President, Int’l Trade Law & Corporate Compliance at DHL Americas – Legal Department, has developed a risk matrix model which evaluates the performance of companies in the freight forwarders/express delivery industry. In this matrix, Min analyzes risks by multiplying factors noted herein and thus scoring. The model shows that location should not be the sole criteria for risk. The factors in the Min Model are the performance of your company’s customers clearance brokers and how far that performance varies from the norm your company normally receives. In the below chart, +1.00 equals average clearance time. >1.0 equals faster than average and <1 means slower than average.

The Min Model

Country	TI CPI	Customs  Clearance Performance	Variance from  Average Performance	Risk Score	Risk Rank
A	55	.93	1.21	61.9	1
B	20	.76	0.89	13.5	3
C	54	.29	1.00	15.6	2
D	88	.12	0.7.	7.39	4

Min presented his model at the recent ACI FCPA Bootcamp. The key in this approach is how often the Customs Broker/Express Delivery Service varies above the average for customs clearance times. If the percentage of customs clearance performance is so great that your vendors variance is above 100% most of the time, this could be a Red Flag that bribery or corruption is involved. This should lead to further investigation, due diligence, or asking of questions of your vendor.

Most companies understand the need for and perform due diligence on foreign business partners. Many companies follow this up with a contract, with the foreign business partner, which requires FCPA compliance terms and conditions. However, there should be additional monitoring and review of the services provided to your company during the term of the agreement. The Red Flags listed in this article are not a complete list or dispositive, as each review will be determined by the facts involved in the transaction.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Compelled Giving and the FCPA

The recent post on charitable donations under the Foreign Corrupt Practices Act (FCPA) and Opinion Release 10-02 brought an interesting dialogue with fellow blogger, the FCPA Professor. The FCPA Professor raised the issue of “compelled giving” disguised as a requirement that a US company doing business overseas makes a charitable donation with the implicit understanding that such a requirement is mandated to obtain or retain business by a foreign governmental official and how such payments would be viewed under the FCPA. We believe that the underlying facts of the Opinion Release referenced demonstrate that the Department of Justice (DOJ) has recognized that compelled giving is a situation that is faced by US companies doing business overseas, if not on a regular basis, but certainly one that is not unknown.

In Venezuela energy service contracts with the national oil company, PDVSA requires that the foreign company must agree to invest an established percentage of the profits from each contract into the community in which it operates. This is negotiated with the Venezuelan government and can include cash or in-kind contributions of computers, equipment or appliances to schools, communities or organizations. This requirement may also be present in contracts for infrastructure opportunities including communications and transportation.

Although it is legal and a practice required by law in Venezuela, these payments have generated some questions with regards to compliance with the FCPA and similar laws of other countries. While not a payment to a governmental official, it is still a payment to a governmental entity for the purpose of securing a contract. It may also be that a governmental official sits on the Board of the local charity in question. Such issues require careful consideration.

There appears to be only one FCPA enforcement action based entirely upon charitable giving. It is the case of Schering-Plough Poland which paid a $500,000 civil penalty assessed by the Securities and Exchange Commission (SEC) in 2008. As reported in the FCPA Blog, the Company’s Polish subsidiary made improper payments to a charitable organization named the Chudow Castle Foundation, which was headed by an individual who was the Director of the Silesian Health Fund during the time period in question. Schering-Plough is a pharmaceutical company and the Director of the Health Fund provided money for the purchase of products manufactured by Schering-Plough as well as influencing medical institutions, such as hospitals, in their purchase of pharmaceutical products through the allocation of health fund resources. In addition to the above, the SEC found that Schering-Plough did not accurately record these charitable donations on the company’s books and records.

The FCPA Blog further reported that when asked about the guidelines regarding requests for charitable giving and the FCPA then Deputy Chief of the Criminal Division’s Fraud Section at the DOJ Mark Mendelsohn, said that any such request must be evaluated on its own merits. He advocated a “common sense” approach in identifying and clearing Red Flags. This would include determining if a governmental decision maker held a position of authority at the charity to which the donation would be made, whether the donation was consistent with a company’s overall pattern of charitable giving, who made the request for the donation and how was it made.

The series of Red Flags raised and cleared by the US company which was the subject of Opinion Release 10-02. After initially listing the 3 levels of due diligence in which the company had engaged prior to finalizing its choice of local entity to receive the donation in question; the DOJ noted that the donation ‘requested’ of the US company would be subject to the following controls:

1. Payments of the donations would be staggered over a period of eight quarters rather than in one lump sum.
2. Ongoing monitoring and auditing of the funds use for a period of five years.
3. The donations would be specifically utilized for the building of infrastructure.
4. The funds would not be paid to the parent of the organization receiving the grant and there was an absolute prohibition on compensating Board Members.
5. The proposed grant agreement under which the funds would be donated had significant anti-corruption provisions which included a requirement that the local organization receiving the funds adopt an anti-corruption policy and that US company making the donation receive full access to the local organization’s books and records.

Both the underlying due diligence and the controls noted above led the DOJ to state “The Department is satisfied, however, that the Requestor has done appropriate due diligence and that the controls that it plans to institute are sufficient to prevent FCPA violations.”

In addition to the specific factors presented by the requesting US company in Opinion Release 10-02, the DOJ also listed several of the due diligence and/or controls that it had previously set forth in prior Opinion Releases relating to charitable donations. These included:

• certifications by the recipient that it will comply with the requirements of the FCPA;

• due diligence to confirm that none of the recipient’s officers or directors are affiliated with the foreign government at issue;

• a requirement that the recipient provide audited financial statements;

• a written agreement with the recipient restricting the use of funds to humanitarian or charitable purposes only;

• steps to ensure that the funds were transferred to a valid bank account;

• confirmation that contemplated activities had occurred before funds were disbursed; and

• ongoing auditing and monitoring of the efficacy of the program.

We believe that Opinion Release 10-02 addresses some of the concerns of US companies in the area of compelled giving; particularly in view of the enforcement action involving Schering-Plough. The DOJ, once again, has indicated that extensive due diligence, coupled with the best practices in compliance management going forward after the contract is executed, appear to be critical in its analysis. We also wish to thank our blog colleague the FCPA Professor for his timely and pointed questions which raised further interest in this area.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2010

Top 3 FCPA Cases OF 2010-Part III HP and (Lots of) Red Flags

This article concludes our series on what we believe to be the Top 3 Foreign Corrupt Practices Act (FCPA) cases in the first half of 2010. We have reviewed the facts surrounding each matter to come up with lessons that the FCPA compliance professional might use to assist putting forward a FCPA compliance ‘best practices’ program based upon the most recent information available. We previously explored the Gun Sting matter and (Ding Dong) Avon Calling and its China operations. Finally, we will review HP and its reported investigation for the alleged payments of bribes to secure a contract to sell computer hardware into Russia.

In April 2010 the Wall Street Journal (WSJ) reported that HP’s Germany subsidiary made payments, through agents, which eventually ended up in the hands of some unknown Russians, in order to obtain the contract to supply computers to the Russian Prosecutor’s Office. There was a complicated financing scheme used to route payments to offshore accounts which were beneficially owned or controlled by unnamed Russian officials. Suspected bribes were funneled through a network of shell companies and accounts in places including Britain, Austria, Switzerland, the British Virgin Islands, Belize, New Zealand, Latvia, Lithuania and the US states of Delaware and Wyoming. The bribes were paid through three German agents, who submitted fake invoices for fictional sales and then paid the money on as bribes to unnamed Russian governmental officials. In return, the suspected middlemen acting as agents, according to court documents allegedly received commissions totaling US$700,000,

German authorities reported the investigation, which started in 2007, when a German tax auditor discovered bank records showing that between 2004 and 2006, a HP subsidiary paid €22 million into the account of a small computer-hardware company in Leipzig. The records indicated the payments were made for services performed in Moscow. It was the size of the payment that caught the tax auditor’s attention and he red-flagged the matter for transfer to a special prosecution team, in Dresden, who handle major corruption cases.

The WSJ reported that at least one witness has said that the above transactions were internally approved by HP through its, then existing, contract approval process. In the April 15, 2010, WSJ article, Mr. Dieter Brunner, a bookkeeper who is a witness in the probe, said in an interview that he was surprised when, as a temporary employee of HP, he first saw an invoice from an agent in 2004. “It didn’t make sense,” because there was no apparent reason for HP to pay such big sums to accounts controlled by small-businesses, Mr. Brunner said. He then proceeded to say he processed the transactions anyway because he was the most junior employee handling the file, “I assumed the deal was OK, because senior officials also signed off on the paperwork”.

Just how many Red Flags are raised by the above?

• Offshore Companies

One of the main tactics utilized to disguise a principal who receives a bribe is to send the money through offshore companies, usually located in ‘exotic’ locations, not related to the situs of the transaction to conceal beneficial ownership and/or to take advantage of weak disclosure requirements. Any monies paid by HP to an agent, which were then sent to an offshore company or banks in a location completely unrelated to the transaction, should have been Red-Flagged for further inquiry.

• Small Sized Agents

As noted, by the temporary HP employee Dieter Brunner, one of the facts that “didn’t make sense” was a large payment to a small-sized business, indeed even a one-man business. One of the Red Flags that arises during due diligence on business partners is the size of the company in relationship to the work or services it performs. If a one-man company is receiving a multi-million dollar (or Euro) payment, it should be Red-Flagged for further inquiry.

• Faked Invoices for Goods/Services

One of the tests of revenue recognition for hardware and software is whether the goods and services relating thereto are actually delivered. If the middlemen did not receive the equipment they allegedly purchased, this should have been picked up by an accounting or financial department employee reviewing end of quarter results for revenue booking, a routine internal company audit or even simple inventory control and Red-Flagged for further inquiry.

In addition to the Red-Flags above, there are several important lessons learned that the Chief Compliance Officer (CCO) can take away from the HP matter and put into immediate practice in a US company’s compliance program.

1. What is the “Tone at the Top”? Even though he was a temporary employee for HP, bookkeeper Dieter Brunner immediately realized that the commission payment of such a large value to small or one-person companies “didn’t make sense”. However he went along because everyone else had approved the transaction. As the CCO you should immediately have your Chief Executive Officer (CEO) put out message that your company is committed to compliance and that if an employee sees something that “does not make sense” to elevate the issue.
2. Escalate the Issue. After the CEO makes the clear message that neither he nor the Board will tolerate anything less than full compliance, follow up to make certain that all employees know the avenues open to them to escalate an issue if something cannot be explained or easily answered. If the answer they receive from local management still does not make sense, an employee (even a temporary employee) can, and should, make use of a company hotline to escalate the issue for review, investigation and resolution. Emphasize that there is no negative consequence associated with making a good faith report through the Company hotline. Above and beyond a hotline, the Compliance Department should be available to answer any compliance questions which arise.
3. Training. After the CEO re-emphasizes your Company’s commitment to compliance and a Company-wide reminder on the hotline has been issued, use this opportunity to train, train and then train some more. All employees, permanent and temporary, who come to work at your Company should receive, at a minimum, computer based training on your compliance program. Take the opportunity to drive home the message that compliance is No. 1A, right behind safety, at your Company.

The HP case presents several opportunities for the CCO to put in place significant compliance assets to prevent and detect compliance issues before they become a payment of a multi-million dollar bribe. In addition to reviewing, auditing and listening to your employees for Red Flags you should use the facts to have your entire management make clear the seriousness of compliance to employees across the globe.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010