FCPA Compliance and Ethics Blog

May 22, 2015

On the Oregon Trail: the BHP Enforcement Action and High-Risk Hospitality

Oregon TrailToday we celebrate American exceptionalism. As noted in ‘This Date in History’, on this date in 1834 the first wagon train, made up of 1,000 settlers and 1,000 head of cattle, set off down the Oregon Trail from Independence, Missouri, on the Great Emigration. After leaving Independence, the giant wagon train followed the Santa Fe Trail for some 40 miles and then turned to its northern route to Fort Laramie, Wyoming. From there, it traveled on to the Rocky Mountains, which it passed through by way of the broad, level South Pass that led to the basin of the Colorado River. The travelers then went southwest to Fort Bridger and on to Fort Boise, where they gained supplies for the difficult journey over the Blue Mountains and into Oregon. The Great Emigration finally arrived in October, completing the 2,000-mile journey from Independence in five months.

The settlers who took off on this Great Emigration on the Oregon Trail did not have anything in the way of a road map. Fortunately for the modern day anti-corruption compliance practitioner, you do have road maps that can guide your compliance with the Foreign Corrupt Practices Act (FCPA) going forward. Over the past few years the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have put out significant and detailed information on compliance failures, which have led to FCPA enforcement actions. For any Chief Compliance Officer (CCO) or compliance practitioner, these enforcement actions provide solid information of lessons learned which can be used as teaching points for companies. Further, these lessons can be used as road maps to review compliance programs to see what gaps, if any, may exist and how to implement solutions.

This trend continued with the release of the SEC FCPA enforcement action involving BHP Billiton Ltd. (BHP) this week. First and foremost to note is that it was a SEC enforcement action involving violations of the internal controls provision of the FCPA. There was no evidence of bribery leading to any DOJ enforcement action. Yet as I have been writing and saying for almost one year, SEC enforcement of the internal controls provision of the FCPA is increasing and companies need to pay more attention to this part of the FCPA. A bribe or offer to bribe does not have to exist for an internal controls violation to occur. CCOs and compliance practitioners need to be cognizant of compliance internal controls and put effective compliance internal controls in place that can be audited against to test their effectiveness.

The BHP enforcement action revolved around the company’s hospitality program for the Beijing 2008 Olympics. Every CCO and compliance practitioner should study this enforcement action in detail so that they can craft appropriate compliance internal controls for high dollar entertaining for big time sporting events. For any company that may be planning for high dollar hospitality spends for the 2016 Brazil Olympics, this enforcement action lays out what you should and should not do in your compliance program. But this holds true for any major sporting event such as the Super Bowl, World Cup or you name the event.

BHP had a paper program that appeared robust. As laid out in the Cease and Desist Order, “BHPB developed a hospitality application which business managers were required to complete for any individuals, including government officials, whom they wished to invite.” The application included these questions to be fully answered:

  • “What business obligation exists or is expected to develop between the proposed invitee and BHP Billiton?”,
  • “Is BHP Billiton negotiating or considering any contract, license agreement or seeking access rights with a third party where the proposed invitee is in a position to influence the outcome of that negotiation?”
  • “Do you believe that the offer of the proposed hospitality would be likely to create an impression that there is an improper connection between the provision of the hospitality and the business that is being negotiated, considered or conducted, or in any way might be perceived as breaching the Company’s Guide to Business Conduct? If yes, please provide details.”; and
  • “Are there other matters relating to the relationship between BHP Billiton and the proposed invitee that you believe should be considered in relation to the provision of hospitality having regard to BHP Billiton’s Guide to Business Conduct?”

So the right forms were in place and some of them were fully filled out. However, as the Cease and Desist Order made clear, an effective compliance program does not end at that point. Now would be an appropriate time to recall that high risk does not mean you cannot engage in certain conduct. High risk means that to have an effective compliance program, you have to manage that risk. A basic key to any effective compliance program is oversight or a second set of eyes baked in to your process. BHP formally had this oversight or second set of eyes in the form of an Olympic Sponsorship Steering Committee (OSSC) and Global Ethics Panel Sub-Committee.

Where BHP failed was that “other than reviewing approximately 10 hospitality applications for government officials in mid-2007 in order to assess the invitation process, the OSSC and the Ethics Panel subcommittee did not review the appropriateness of individual hospitality applications or airfare requests. The Ethics Panel’s charter stated that its role simply was to provide advice on ethical and compliance matters, and that “accountability rest[ed] with business leaders.” Members of the Ethics Panel understood that, consistent with their charter, their role with respect to implementation of the hospitality program was purely advisory. As a result, business managers had sole responsibility for reconciling the competing goals of inviting guests – including government officials – who would ““maximize [BHPB’s] commercial investment made in the Olympic Games” without violating anti-bribery laws.”

But there was more than simply a failure of oversight by BHP. The Cease and Desist Order noted that not all of the forms were filled out with the critical information around a whether a proposed recipient might have been a government official. Even more critically missing was information on whether the proposed recipient was in a position to exert influence over BHP business. Moreover, BHP did not provide training to the business unit employees who ended up making the call as to whether or not to provide the hospitality on payment of travel and hospitality for spouses. The Cease and Desist Order stated that BHP “did not provide any guidance to its senior managers on how they should apply this portion of the Guide when determining whether to approve invitations and airfares for government officials’ spouses.” Finally, there were no controls in place to update or provide ongoing monitoring of the critical information in the forms.

All of this led the SEC to state the following, “As a result of its failure to design and maintain sufficient internal controls over the Olympic global hospitality program, BHPB invited a number of government officials who were directly involved with, or in a position to influence, pending negotiations, efforts by BHPB to obtain access rights, or other pending matters.” This led to the following, “BHPB violated Section 13(b)(2)(B) because it did not devise and maintain internal accounting controls over the Olympic hospitality program that were sufficient to provide reasonable assurances that access to assets and transactions were in executed in accordance with management’s authorization.” Perhaps it was stated most succinctly by Antonia Chion, Associate Director of the SEC’s Division of Enforcement, in the SEC Press Release announcing the enforcement action when he said, “A ‘check the box’ compliance approach of forms over substance is not enough to comply with the FCPA.”

There is also clear guidance from the SEC about how BHP was able to obtain the reduced settlement it received. BHP “provided significant cooperation with the Commission’s investigation”. Moreover, the Cease and Desist Order laid out the remedial steps the company took. These steps included: (1) creation of compliance group independent of the business units; (2) review of its anti-corruption program and implementation of certain upgrades; (3) embedding of anti-corruption managers into the business units; (4) enhancements of “its policies and procedures concerning hospitality, gift giving, use of third party agents, business partners, and other high-risk compliance areas”; (5) enhancement of “financial and auditing controls, including policies to specifically address conducting business in high-risk markets”; and (6) enhanced anti-corruption compliance training.

FCPA compliance is a relatively simply exercise. That does not mean it is easy. For travels on the Great Emigration on the Oregon Trail, travel was neither simple nor easy. If you want to send government officials to high profile sporting events or provide other high dollar hospitality, the FCPA does not prevent you from doing so. But it is a high risk and to be in compliance you must to manage those high risks appropriately, all the way through the process. The BHP enforcement action provides you a detailed road map of what to do and what not to do.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 21, 2015

Compliance Week 2015 Wrap Up

Wrap UpCompliance Week 2015 has ended. This year was the tenth anniversary of the annual conference and in many ways I found it to be the best one yet. Matt Kelly and his team put together a conference and experience, which was absolutely first-rate. If you were not able to make this year’s event, I hope you will join us for Compliance Week 2016, which Matt announced the dates for at the conclusion of this year’s event. The dates for 2016 are May 23-26, back of course in Washington DC to be held yet again at the Mayflower Hotel. I wanted to give you some of my thoughts on the highlights of this year’s event and what made it so unique.

At my age, I am somewhat loathe to channel my teenage daughter but the first thing that I noticed was a very different vibe this year over past year’s conferences. From the Cocktail Party reception held on Sunday night, all the way through the conclusion of the event, there seemed to be an air that I have not quite been able to put my finger on. It was more than an acknowledgement and perhaps even an excitement about how far the compliance profession has come in the past ten years. While I have written about the Chief Compliance Officer (CCO) and compliance profession as CCO 2.0, I had the feeling that we may be moving on to CCO 3.0, as that was even the title of a session.

But this vibe was more tangible than simply a feeling. One key ingredient for me was the use of social media into the conference experience. While many events have a conference app, which can provide you information on such things as the agenda, speakers and their presentations, room locations and the like; the Compliance Week 2015 app was fully interactive, allowing you to live tweet, send IM to fellow conference attendees and receive text messages when a room changed or other conference alteration occurred. It also provided a virtual help desk for all attendees.

Many of sessions were led by CCOs from major corporations and they were able to provide a strategic vision of where they were going at their organizations. This was kicked off from the start of the conference, from the first panel on the first day where the CCOs from Boeing, GE and the Director of Compliance for Wal-Mart began the event. Obviously these are three of the largest companies in the US and do business on a worldwide basis. Yet, while sharing their strategic visions, each one was able to provide a solid example from their respective organization that a CCO or compliance practitioner from any sized company could implement. From Wal-Mart with a workforce of 2.2 million employees, it was keep the message simple. From Boeing, it was incorporate any compliance failures as teaching moments or lessons learned into your internal compliance training going forward. From GE, it was how to inculcate and incorporate compliance into your everyday business planning.

The conversations were excellent as usual. I led the FCPA conversation and there were several alumni present, who told me they look forward to attending each year. One of the reasons is that there is no avenue in their hometowns to get together in an environment to discuss issues of mutual concern. It is concept that Mike Snyder and I used in founding the Houston Compliance Roundtable. A place where you can ask any question and have it answered by another compliance professional in an environment where Chatham House rules apply. While I certainly started the discussion, it quickly became fully interactive with all participants sharing their views on a variety of topics. While we have some great compliance talent in Houston at our Roundtable, it cannot top the level of maturity and sophistication present at the Compliance Week annual conference. We all benefited from the experience.

This experience was doubled when I led a breakfast event on Tuesday. While an inducement to attend was a complimentary copy of my book Doing Compliance, there were 25 attendees who joined me for a very engaging and free-flowing conversation about the state of compliance, we practitioners and where enforcement may be heading. Compliance Week treated us all to breakfast and, once again, I probably learned as much as any one. But since Chatham House rules were in effect, I cannot report on any of the substantive things that were discussed. I will share with you that I am excited to lead such a breakfast again next year and I hope you will be one of the 25 to sign up.

As always there were a number of government representatives who spoke at Compliance Week again this year. For me, the parade was led by Department of Justice (DOJ) Assistant Attorney General Leslie Caldwell. While I will be writing further, and in more detail, about Caldwell’s remarks, she said a few things that I think bear emphasis. One was that compliance professionals need to work towards more data analytics in the form of transaction monitoring to assist in moving to a prevent and even predictive and prescriptive mode for your best practice compliance program. Next she emphasized that your compliance program must not be static but must evolve as your business risks evolve. Finally, and much closer to my heart, were her remarks that you need to “sensitize your business partners to compliance.” It was if she was channeling her inner Scott Killingsworth with his groundbreaking work on ‘Private-to-Private’ or P2P compliance solutions. Or, as I might say, she was advocating a business solution to the legal problem of bribery and corruption across the globe.

But Caldwell was not the only DOJ representative as we had Laurie Perkins, Assistant Chief, Foreign Corrupt Practices Act (FCPA) Unit and Kara Brockmeyer, Chief, FCPA Unit; Division of Enforcement from Securities and Exchange Commission (SEC), on a panel moderated by yours truly. First I would urge that if you are ever asked to moderate a panel with FCPA enforcers and regulators, jump at the chance. The reason is that you get to ask the questions you want answers to; even if you get past your prepared questions, when there is a lull in questions from the audience, you can follow up with something you want to know or in my case always wanted to know. So I asked some basic questions like: What is Criminal Information? (to Perkins) and Could you explain the process for the SEC’s Administrative Procedure? (to Brockmeyer). I was certainly enlightened by their answers to both questions.

The event sponsors were of course there to provide information on their solutions to assist any compliance practitioner. If you have never been to an event at the Mayflower Hotel in Washington, the conference rooms are along a wide hall that allows good people flow and adequate room for the sponsors and others to set up, meet attendees and discuss their products and services. I view the sponsors and vendors as a part of the compliance solution going forward and while they are clearly there to sell; they also engage in a fair amount of education. But the education runs both ways with many compliance practitioners communicating needs they have which can be incorporated into new product developments.

Unfortunately Compliance Week 2015 had to come to an end. But the feeling, information and new friends I met will last with me until Compliance Week 2016 next year. I hope you will plan to join me.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 11, 2015

Senn Interview, Part I – Investigations Under the FCPA

FCPA InvestigationsOne of the things that I am questioned on is when to bring in outside counsel for a Foreign Corrupt Practices Act (FCPA) investigation or simply to take a look at an issue that may have raised a Red Flag but is not yet a FCPA violation. Clearly a reason is retain the attorney client privilege and I think most Chief Compliance Officers (CCOs) and compliance practitioners understand that reason, but one of the things I learned as a trial lawyer is that you need to understand who your ultimate audience will be in work you do as a lawyer. If you draft a contract, you need to think through how it will play out in front of a judge or jury. If you start an FCPA investigation, your ultimate audience may well be the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). I recently had the opportunity to visit with white-collar practitioner Mara Senn, a partner at Arnold & Porter LLP, on this issue. She had several insights that I thought were insightful to assist a CCO or compliance practitioner to think through these issues. Today, I begin a three-part blog post on some of Senn’s thoughts on investigations for potential FCPA violations; tomorrow we will look at the decision (or not) to self-disclose and, finally, remediation if you discover a FCPA violation.

Unfortunately, many investigations being in a crisis situation, where a company may have discovered something that they know is bad but they do not know how bad that particular problem might be or they are not aware just how widespread the problem is. Senn indicated that the first thing she would note is that not every single incident requires outside counsel. There are all kinds of issues that can be handled very efficiently and effectively by in-house counsel. Moreover, there will be other issues and corporate disciplines involved such as the Human Resources (HR) Department. She explained that for a typical compliance blip that may happen, you do not need to call in an outside counsel right away, but if you do have these indicia of larger problems, particularly if you are a public company, it is a good idea to call outside counsel because you may be involved in reporting obligations. She cautioned that even at this early stage, outside counsel does not have to be boots on the ground and may not be required to be intimately involved if it is not a very complicated case.

Even with the above information, I asked Senn if there were any advantages she might see from bringing in outside counsel from the get-go rather than waiting. She articulated a number of things. First, there is more credibility if it is an independent review. If you are working for the company in whatever capacity, the government is not going to believe, as much, that it’s an independent investigation. From the government’s perspective, DOJ and/or SEC, they do not typically know the company involved in the investigation. Further, government regulators and enforcement officials are typically suspicious that a company is going to try to do what is right for the company. Of course there have been documented enforcement actions where companies have either destroyed documents or tried to hide things, such as witnesses or other evidence. In certain situations, an employee may look the other way, either purposefully or not really realizing what they’re seeing, and may take the investigation in the wrong direction. You want to just inoculate against that kind of problem.

Second, Senn said that there are very complicated issues that come up in cross-border situations. She provided four quick examples: privacy laws; labor laws; cultural issues and language issues. It can be very helpful, more cost effective and important from a legal compliance perspective to have somebody who is experienced in those kinds of issues.

Finally, and what I found most interesting, was Senn’s perspective on document preservation. She believes that “probably from the government’s perspective, the most important aspect of setting up an investigation in a way that makes them feel comfortable, is ensuring that all data is locked down.” Some questions that she believes counsel needs to ask are: “Do you have hand held devices? Where are all of your servers? What is your back-up tape situation? Are you trained in forensically retaining information?” Basically you need to get into the technical nitty gritty and if you do not, you could end up having a situation where either information is lost or there’s a possibility or suspicion that information is lost. Unfortunately, that is the situation that leads to a prosecutor’s imagination going wild. Senn ended her thoughts on this key point with the following, “the thing you want to do is just lock down that information, so if it ever comes to a point where the government says, “Well, we want to kick the tires,” you can say, “Okay, don’t worry. We’ve got everything you would have gotten otherwise.”

All of these steps can lead your company, through its investigation counsel, to having credibility with the DOJ and SEC. She made clear that the government will not only put you through your paces but also test the vibrancy of your investigation protocol and steps you might take as an independent assessor. She said that “if they realize, or they think, that all you’re doing is parroting what they consider to be the company line, and you haven’t gone in and independently really taken a look for yourself, you’re just going to come off as less credible, as somebody that they can’t really trust. That is definitely something that a company wants to avoid at all costs.”

I really liked the way Senn phrased the next step, “You don’t want to go too crazy” around scoping out the investigation. After getting the documents and technology locked down you should try and figure out the bad actor(s). Depending on the situation of whether the investigation target is aware of their status, you may be forced into “somewhat of a stealth investigation, where instead of going full bore and sending out document holds and things like that, you first want to essentially get that person’s information and make sure that they’re not going to do anything to their information. If there are a number of people you know are at issue, you want to lock that down, as well.”

The next step is to collect the documents forensically and use the information gleaned from this step in the process to do what Senn called “lay of the land interviews” where you try and obtain enough information to have a basic understanding of the situation, who the key players and who may be involved in the incident. Senn also believes you can garner quite a bit of information from working with your client before the actual interviews begin. You can look at organizational charts; see the number of employees who could have touched the transaction(s) at issue and also the countries involved. Also a review of the company’s financial accounting systems is critical so that you can assess how much will have to be done manually and in-country. (Think Avon)

One of the questions that I have struggled with is at what point in the investigation process is it appropriate to discipline employees, up to and including termination? I was gratified when Senn said this not only was a difficult question but also required a case-by-case analysis. You should begin by taking any persons out of the responsible situation. Paid leave pending an investigation is one option. If you terminate them, they will be gone and you will have zero control over them for initial interviews, follow-up interviews or assistance. She explained, “the government might want to interview that person. If you fired them, and that person has moved away or is now inaccessible to the government, it’s actually worse. My tendency is to keep them around, but just prevent them from continuing to do any of the harm that they may have previously done.”

In my next post, I will review Senn’s thoughts on the subject of self-disclosure.

To listen to the full interview with Mara Senn, go to the FCPA Compliance and Ethics Report, by clicking here, or download it from iTunes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 30, 2015

King Arthur Week – The Green Knight and the Protection of Whistleblowers – Part IV

Filed under: Jordan Thomas,SEC,Whistleblower,WSJ — tfoxlaw @ 5:41 am
Tags: , ,

Green KnightWe continue our King Arthur themed week with an exploration of one of the most interesting characters in the Arthur canon, The Green Knight, so called because his skin and clothes are green. The meaning of his greenness has puzzled scholars since the discovery of the poem, that identifies him as the Green Man, a vegetation being in medieval art; a recollection of a figure from Celtic mythology; a Christian symbol or the Devil himself. According to Wikipedia, C. S. Lewis suggested the character was “as vivid and concrete as any image in literature” and J. R. R. Tolkien called him the “most difficult character” to interpret in the introduction to his edition of Sir Gawain and the Green Knight. His major role in Arthurian literature includes being a judge and tester of knights, and as such the other characters see him as friendly but terrifying and somewhat mysterious.

In his primary story with Sir Gawain, the Green Knight arrives at Camelot during a Christmas feast, holding a bough of holly in one hand and a battle-axe in the other. Despite disclaim of war, the knight issues a challenge: he will allow one man to strike him once with his axe, under the condition that he return the blow the following year. At first, Arthur takes up the challenge, but Gawain takes his place and decapitates the Green Knight, who retrieves his head and tells Gawain to meet him at the Green Chapel at the stipulated time. One year later, while Gawain is traveling to meet the Green Knight, he stays at the castle of Bercilak de Hautedesert. At Bercilak’s castle, Gawain’s loyalty and chastity is tested, Bercilak sends his wife to seduce Gawain and arranges that they shall exchange their gains for the other’s. On New Year’s Day, Gawain meets the Green Knight and prepares to meet his fate, where upon the Green Knight feints two blows and barely nicks him on the third. He then reveals that he is Bercilak, and that Morgan le Fay had given him the double identity to test Gawain and Arthur.

I thought about this story of testing when I read an article in the Wall Street Journal (WSJ), entitled “SEC Gives More Than $600,000 to Whistleblower in Retaliation Case” by Rachel Louise Ensign. She reported on the Paradigm securities matter where an award was made to the whistleblower, which was settled by the firm late last year. The settlement was for $2.2MM and $600, 000 of that amount was paid to the whistleblower for the firm’s retaliation against him. This was the first award to a whistleblower for retaliation from the act of whistleblowing. The award is 30% of $2.2MM, which is the maximum amount a tipster can get under the program. The agency said the “unique hardships” he faced were a factor in the size of his award. Securities and Exchange Commission (SEC) Enforcement Director, Andrew Ceresney, was quoted in the article as saying ““We appreciate and recognize the sacrifice this whistleblower made and the important role the whistleblower played in the success of the SEC’s first anti-retaliation enforcement action.””

This award to a whistleblower caps a stunning couple of weeks for whistleblowers who have brought information forward under the Dodd-Frank whistleblowing provisions. First there was the KBR pre-taliation fine and Cease and Desist Order.  In this matter, KBR was fined for having language in its internal employee Confidentiality Agreement (CA) that required employees to go to the company’s legal department before releasing certain confidential information to outside parties such as the SEC. The SEC held that such restrictions violated the “whistleblower protection Rule 21F-17 enacted under the Dodd-Frank Act. KBR required witnesses in certain internal investigations interviews to sign confidentiality statements with language warning that they could face discipline and even be fired if they discussed the matters with outside parties without the prior approval of KBR’s legal department. Since these investigations included allegations of possible securities law violations, the SEC found that these terms violated Rule 21F-17, which prohibits companies from taking any action to impede whistleblowers from reporting possible securities violations to the SEC.” This was in the face of zero findings that KBR had actually used such language or restrictions to prevent any employees from whistleblowing to the SEC.

In another part if its Press Release regarding the KBR case Director Ceresney said, “By requiring its employees and former employees to sign confidentiality agreements imposing pre-notification requirements before contacting the SEC, KBR potentially discouraged employees from reporting securities violations to us. SEC rules prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC.  We will vigorously enforce this provision.”

Then we have the case of Tony Menendez, who was profiled by Jessie Eisinger in an article entitled “The Whistleblower’s Tale: How An Accountant Took on Halliburton”. The article told the story of a whistleblower, who took his concerns to government regulators and was then outed by the company as the SEC whistleblower and retaliated against. Interestingly, the SEC took no action on the whistleblower claims and the company argued on appeal that “since the SEC hadn’t brought any enforcement action, his complaint about the accounting was unfounded.” The company also claimed that simply because the whistleblower was identified by name, this alone was not the basis for a “material adverse action” against him. While Halliburton won at the administrative hearing level, it lost at the Fifth Circuit Court of Appeals.

So now there is a Court of Appeals opinion holding that if whistleblowing was a “contributing factor” only to the retaliation. Further, the employee is not required to prove motive. Well-known whistleblower expert Jordan Thomas also explained in the Eisinger article, “Whistleblowers can be victims of retaliation even if they are ultimately proved wrong as long as they have a “reasonable” belief that the company was doing something wrong.”

It appears that the SEC will be more like the Green Knight going forward. It will be a tester to determine if retaliation against whistleblowers occurs. From preventing companies from trying to stop whistleblowing via CA’s, to monetary awards for retaliation even where there is no SEC or government action taken, to the award to whistleblowers as a part of an SEC settlement for retaliation by their former employers; the SEC is making very clear that they will test how your company treats whistleblowers. If the SEC finds your company’s conduct lacking, you may well be facing something like the Green Knight going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 29, 2015

King Arthur Week – The Round Table and Compliance Professionals and Lawyers as Whistleblowers – Part III

Filed under: FCPABlog,SEC,Whistleblower — tfoxlaw @ 12:01 am

Round TableToday we use King Arthur’s Round Table as the entry into our topic. The Round Table is the famous table around which he and his Knights congregated. Its shape implies that everyone who sits there has equal status. Wace, who relied on previous depictions of Arthur’s fabulous retinue, first described the Round Table in 1155. The symbolism of the Round Table developed over time; by the close of the 12th century it had come to represent the chivalric order associated with Arthur’s court, the Knights of the Round Table.

As with all things Arthurian, the origins of the Round Table are a bit murky. One commentator claims Arthur created the Round Table to prevent quarrels among his barons, none of whom would accept a lower place than the others. Others believe it came to prominences as a symbol of the famed order of chivalry that flourished under Arthur. In Robert de Boron’s Merlin, written around the 1190s, the wizard Merlin creates the Round Table in imitation of the table of the Last Supper and of Joseph of Arimathea’s Holy Grail table. This table has twelve seats and one empty place to mark the betrayal of Judas. This seat must remain empty until the coming of the knight of purity and chastity who will achieve the Grail. When the Knight Percival comes to the court at Camelot, he sits in the seat and initiates the Grail quest. Whatever the origins of the Round Table, it may be the single most tangible item associated with King Arthur.

I thought about these concepts surrounding the legend of the Round Table in consideration of the announcement earlier this month of a whistleblower award paid out by the Securities and Exchange Commission (SEC) of between $1.4 to $1.6 MM to a compliance officer. Sam Rubenfeld reported in an article in the Wall Street Journal (WSJ), entitled “SEC Awards More than $1.4 Million to Whistleblower Compliance Officer”, that the award was paid “to a compliance officer who provided information that helped the SEC in an enforcement action against the tipster’s company, marking the second time a compliance professional received an award under the SEC’s whistleblower program.” As stated this was the second award paid out to a compliance officer, the first occurred in August 2014 and was in the amount of $300,000.

This un-named whistleblower took his (or her) concerns internally to management but was not successful in persuading management to cease the illegal practices. Moreover, “The compliance officer had a reasonable basis to believe disclosure to the SEC “was necessary to prevent imminent misconduct” from causing “substantial financial harm” to the company or investors, the SEC said.” The FCPA Blog, in a post entitled “Compliance officer awarded $1.5 million under SEC whistleblower program”, reported, “After that award, Sean McKessy, chief of the SEC’s whistleblower office, said employees who perform internal audit, compliance, and legal functions can be eligible for an SEC whistleblower award “if their companies fail to take appropriate, timely action on information they first reported internally.”” Adding to McKessy was Andrew Ceresney, chief of the SEC’s enforcement division, who said in a statement “This compliance officer reported misconduct after responsible management at the entity became aware of potentially impending harm to investors and failed to take steps to prevent it.”

This second award makes clear that the SEC will treat compliance professionals as all other whistleblowers when it comes to making an award based upon the fine or penalty. In a December 2014 article, entitled “When Should Internal Auditors And Compliance Officers Become SEC Whistleblowers”, Daniel Hurson wrote “while the amount of the [first] award [$300,000] was not particularly hefty, and was dwarfed by several multi-million dollar whistleblower awards given previously, it carried particular significance to astute observers in the corporate legal, internal audit, and compliance communities. Insiders know that compliance officers and internal auditors, beleaguered and sometimes frustrated as they may be, hold the “keys to the kingdom” when it comes to knowledge of corporate ethical and legal lapses within their companies. Prior to this award, it had generally been thought the SEC would continue to discourage such awards on the rationale that it would not want to encourage employees whose job it was to prevent corporate legal and ethical violations to profit from simply doing their jobs.”

Hurson wrote that this initial whistleblower payment to a compliance practitioner marked a change in SEC policy because “It has generally been understood that compliance officers and internal auditors are not permitted to receive whistleblower awards because information they reported to a superior constituting allegations of misconduct was not to be considered “original information” under the Dodd-Frank Act and SEC rules.” He ended his piece with the following, “In the final analysis, however, the real job of a compliance officer is not just training employees to know the FCPA or any of the myriad of laws and regulations that now govern corporate conduct, but doing his or her absolute best to help them comply with the law, and to identify the cases when they fail. An internal auditor is charged with making his or her investigations and reports, but not administering punishment. But the presumption in each case is that the company will take your work seriously and take action to correct and if necessary report the problem to regulatory authorities.

If this does not happen, or the company displays either a lack of good faith or competence in undertaking its end of the bargain, you may have to undertake corrective action, however unpleasant or personally risky. In truth, you owe this to the company, its vast majority of honest employees, and its investors. If certain people in the corporate structure are blind to the “bet the company” risk in ignoring or covering up wrongdoing, your job is to insure that philosophy does not prevail. I suggest with respect that that duty should remain foremost in the personal decision as to whether and when a compliance officer or internal auditor should, if the situation demands and the law allows, become a whistleblower.”

There was nothing in the SEC Press Release or any of the commentary on the 2015 whistleblower award to indicate that the compliance professional involved was a lawyer. However, an equally delicate issue is whether a lawyer can be a whistleblower. In an article entitled “Is the SEC encouraging unethical whistleblowing by counsel?” Nick Morgan explored this issue. Lawyers are also governed by their state bar associations on their ethical obligations, which include confidentiality and loyalty to a client. Morgan noted, “The Dodd-Frank bounty provisions further exacerbated the conflict between federal securities whistleblower law and state attorney ethics requirements by giving attorneys financial incentives to breach attorney-client confidentiality.”

Three state bar organizations, Washington, California and New York, have questioned if SEC regulations trump state bar ethical obligations regarding attorney whistleblowers. Indeed in New York, “the New York County Lawyers’ Association’s committee on professional ethics responded to the development by releasing a formal opinion. It concluded that New York lawyers, presumptively, may not ethically serve as whistleblowers for a bounty against their clients under Dodd-Frank, because doing so generally gives rise to a conflict between lawyers’ interests and those of their clients.”

What happens when federal law is in conflict with state regulations regarding lawyers’ ethical obligations? Morgan reported, “no court has yet found that SEC regulations preempt state ethics rules governing lawyers’ communications with their clients.  In cases in which conflicts of state and SEC law have appeared, federal courts have been receptive to arguments based on lawyers’ ethical obligations under state law and have balanced the state and federal interests. While the Dodd-Frank bounty provisions increase the incentives for attorneys to act as whistleblowers at their clients’ expense, it is unclear whether those incentives outweigh the risks and burdens associated with taking such actions. Aside from the ethical issues, whistleblowers more often than not go uncompensated and incur significant burdens for their trouble, decreasing whatever temptation some attorneys may feel.”

King Arthur’s Round Table may have been designed so that all Knights were treated as equals. As noted in some of the legends the Round Table is part of the Holy Grail quest storyline, requiring purity of heart and chastity to achieve the Grail. Both strands of the Round Table legend inform the debate on whistleblowers. Even if compliance practitioners may report on their own companies to the SEC, it is not clear about the answer when it comes to lawyers. Further, as lawyers have separate legal obligations they fail to meet the second purpose of the Round Table, to find someone to chase the Grail of whistleblowing.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 20, 2015

Miss Marple Short Stories and SEC Enforcement of the FCPA, Part V – Final Thoughts

Agatha ChristieI conclude my week of exploration of Agatha Christie’s Miss Marple short stories and the Securities and Exchange Commission’s (SEC) enforcement of the Foreign Corrupt Practices Act (FCPA) by reviewing some of the new things I’ve learnt during this week of research. I learned that Christie made several social observations and revealed much about herself through these stories. She is very much constrained by the roles given to women in the early to mid-1920s, including the lack of a proper education. She also writes about some of the disdainful attitudes of people to an older woman. I found a number of inside jokes that Christie placed into the stories, even referring to the prevalence of detective fiction in print and on the stage at the time the stories were written. Finally is the fact that people make the mistake of not noticing her but that she is watching them and listening and that they will remain unaware of her presence for not too much longer.

In his recent blog post, entitled “Are You An FCPA Contender Or Pretender?”, the FCPA Professor suggested that if you want to practice in the area of FCPA compliance, you really should take the time to read some of the very few underlying sources and documents relating to the subject. After my week exploration of the SEC enforcement of the FCPA, I would note that you can learn quite a bit by heeding his advice.

Internal Controls

There was a trend, beginning in the fall of 2014 of SEC FCPA enforcement actions, where the Department of Justice (DOJ) either declined to prosecute the company or settled with the company via a Non-Prosecution Agreement (NPA). This led me to conclude that the SEC was ramping up its review and enforcement of the accounting provisions under the FCPA separate and apart from criminal side enforcement of the FCPA by the DOJ. Earlier this month, when Andrew Ceresney, the SEC Director, Division of Enforcement, spoke at CBI’s Pharmaceutical Compliance Congress in Washington DC he discussed the importance of internal controls in SEC enforcement. While his remarks were primarily directed “in the context of financial reporting” I believe they could be equally applicable in the FCPA compliance context.

Ceresney said, “What kinds of practice pointers for how to avoid these issues? Well, in cases we have brought, we see controls that were not carefully designed to match the business, or that were not updated as the business changed and grew. And we see that senior leadership was not asking the tough questions – and sometimes not even asking the easy questions. Senior management in some cases was just not engaged in any real discussion about the controls. As a result, employees did not properly focus on them and the firm and its shareholders are put at risk.” I think these statements, particularly taken in the context of his overall remarks, portend a greater focus on internal controls review and enforcement in the FCPA context.

Finally, in the area of internal controls, is the interplay of Sarbanes-Oxley (SOX) with FCPA enforcement and several sections of the Act that have FCPA implications. These include SOX §302 that requires the principle officers of a company to “take responsibility for and certify the integrity of these company’s financial reports on a quarterly basis.” Under SOX §404 companies must present annually their conclusion “regarding the effectiveness of the company’s internal controls over accounting.” Finally, SOX §802 prohibits “altering, destroying, mutilating, concealing or falsifying records, documents or tangible objects” with the intent to obstruct or influence a federal investigation, such as the FCPA.

Every public company is required to report on its internal controls. The SEC may well start mining those required, annual public disclosures for information on compliance internal controls. If the SEC finds a company’s report lacking and then after requesting further information, still finds a company’s response lacking, a company may be looking at strict liability and a financial penalty based on profit disgorgement as I lay out next.

Strict Liability

I have written about the coming of strict liability to the SEC enforcement of the FCPA’s accounting provisions, including books and records and internal controls. However, after having read, re-read and reviewed the FCPA and commentary, I now believe that a strict liability interpretation for enforcement of the FPCA is fully supported by the plain language of the Act itself. I come to this conclusion because there is no language in the text of the Act that ties the accounting provision requirements to any other operative violation of the statute. In other words, there is no language that says that an accounting provisions violation must be tied to an offer or payment of a bribe to obtain or retain business. While the FCPA does not specifically say that a company will be strictly liable for a violation of the accounting provisions, it is certainly not prohibited. Since violations of the accounting provisions as enforced by the SEC are civil violations only, I now believe that such a position is not prohibited by the Act.

Profit Disgorgement 

Similar to my views on strict liability for accounting violations, I have also come to believe that profit disgorgement is a remedy fully supported and available to the SEC in FCPA enforcement actions. This change was made by an un-related law, entitled The Penny Stock Reform Act of 1990, which amended the Securities Exchange Act of 1934 to: allow the SEC to (1) impose tiered civil money penalties pursuant to administrative findings of violations of the Act; (2) enter an order requiring an accounting and disgorgement; (3) issue cease and desist orders; and (4) issue temporary restraining orders. Profit disgorgement has generally been considered an equitable remedy. Sasah Kalb and Marc Alain Bohn, in their article “Disgorgement: The Devil You Don’t Know, wrote “As an equitable remedy, disgorgement is not intended as tool to punish, but as a vehicle for preventing unjust enrichment. The SEC is therefore only permitted to recover the approximate amount earned from the alleged illicit activities. Disgorging anything more would be considered punitive.”

In conjunction with this equitable nature for profit disgorgement, is the concept of proportionality. In the article by David C. Weiss, entitled “The Foreign Corrupt Practices Act, SEC Disgorgement of Profits and the Evolving International Bribery Regime: Weighing Proportionality, Retribution and Deterrence”, he wrote that regarding proportionality “punishment schemes fail a utilitarian test when the punishment exceeds, or threatens to exceed, the offense. Put another way, deterrence requires that a punishment be proportionate to the harm—allowing for some multiplier based on the likelihood of being caught. Punishments that are not proportionate are not justified under this utilitarian theory.”

Profit Disgorgement as a Remedy for Strict Liability

In this final section, I give my opinion as to where I think the next step of SEC enforcement may be headed. I think it will be a combination of the enforcement of the accounting provisions of the FCPA through a strict liability reading of them by the SEC to the remedy of profit disgorgement. Admittedly this opinion seems contrary to the equitable nature of the remedy of profit disgorgement. However the greater focus of SEC scrutiny and enforcement of the accounting provisions point me in that direction. While it is also true that profit disgorgement has traditionally required some specific ill-gotten gains; with the statutory authority provided by the Penny Stock Act to the SEC allows for disgorgement with no language around its equitable beginning, this may be enough for the SEC to make such an intellectual leap. Further, as noted by Kalb and Bohn, “Because calculations like these often prove difficult, courts tend to give the SEC considerable discretion in determining what constitutes an ill-gotten gain by requiring only a reasonable approximation of the profits which are causally connected to the violation.”

The final component is the lack of judicial review in FCPA enforcement actions. Every practitioner is aware of the absolute dearth of cases in this area. With the SEC moving towards more administrative actions, through the 2010 Dodd-Frank amendment that enables the SEC to collect civil penalties through administrative proceedings, there may not be many federal district court reviews going forward. Of course to have a federal district court review of a remedy, it generally takes the defendant to make some objection and companies seemingly do not wish to take on the SEC in any FCPA enforcement matter (or the DOJ for that matter). But even if there was a federal district review of a Cease and Desist Order filed before it, you almost never hear the court reject an agreed Order on the grounds that the remedy was too harsh or unwarranted.

I hope you have enjoyed and learned something this week unique to the SEC enforcement of the FCPA. I know I have both enjoyed reading many of the excellent commentators I have reviewed during my research. David Weiss, Marc Alain Bohn, Sasha Kalb, Russ Ryan and the FCPA Professor have all contributed significant legal work and thought leadership in this area that I have built some of my theories on so I thank them for their contributions. Another joy was reading Agatha Christie’s Miss Marple short stories. If you have a few evenings or some down time for spring break or summer vacation, I suggest you pick up the volume. It is just like visiting with an old friend on a dark and stormy night…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

March 19, 2015

Ingots of Gold & SEC FCPA Enforcement – Communication – Part IV

Ingots of GoldToday I want to use the Christie’s story Ingots of Gold as an introduction to some of the regular communications that the Securities and Exchange Commission (SEC) representatives frequently provide in public forums, regarding their views on Foreign Corrupt Practices Act (FCPA) enforcement and, more importantly for the compliance practitioner, FCPA compliance. In this story, told by Miss Marple’s friend, he was spending a holiday in Cornwall with an acquaintance called John Newman. It involved a shipwreck and, as the title foretold, valuable cargo. After a stormy night Newman was missing but was later found bound and gagged in a ditch. It is revealed that Newman used this as ruse to cover his tracks from a theft of gold, which, of course, Miss Marple resolves when no one else can do so.

It was the language of this story that struck me. For as famous as Agatha Christie is for her puzzles, she had a great facility for language. At one point Miss Marple said, “You wouldn’t like my opinion, dear. Young people never do, I notice.” Later she describes the antagonist with the following, “his mind might run in strange, unrecognized channels”. Fortunately for the compliance community, one of the significant ways that the SEC communicates with compliance practitioners is through public speeches. We were recently treated to another such example when Andrew Ceresney, the SEC Director, Division of Enforcement, spoke at CBI’s Pharmaceutical Compliance Congress in Washington DC. Ceresney provided some clear guidelines for the compliance practitioner about what the SEC expects from companies in the area of FCPA compliance. More specifically he talked about some specific bribery schemes the SEC has seen in FCPA enforcement actions involving the pharmaceutical industry. These examples provided scenarios that any compliance practitioner in the pharmaceutical space can investigate for their organization.

Pharmaceutical Industry Bribery Schemes

Ceresney discussed ‘Pay-to-Prescribe’ bribery schemes where physicians and hospitals are paid bribes in “exchange for prescribing certain medication, or other products such as medical devices.” These schemes can involve payments of cash or other forms of non-cash benefits such as gifts, travel and entertainment. He described an example where a company “invited “high-prescribing doctors” in the Chinese government to club-like meetings that included extensive recreational and entertainment activities to reward doctors’ past product sales or prescriptions.” Another such scheme involved a running total of points for doctors who prescribed a company’s products, which could later be cashed in for items of value. Another involved a rebate of part of a hospitals overall purchase to certain doctors or hospital administrators.

Another form of bribery was seen where a company would direct charitable donations to the decision-makers “pet” charity. In a couple of FCPA enforcement actions, the charity had nothing to do with the pharmaceutical industry but in one case there was “a purported donation of nearly $200,000 to a public university to fund a laboratory that was the pet project of a public hospital doctor. In return, the doctor agreed to provide business to” the company in question. The point of all of these examples is that “that bribes come in many shapes and sizes, and those made under the guise of charitable giving are of particular risk in the pharmaceutical industry. So it is critical that we carefully scrutinize a wide range of unfair benefits to foreign officials when assessing compliance with the FCPA – whether it is cash, gifts, travel, entertainment, or charitable contributions.”

Compliance Programs

I certainly agree with Ceresney, only adding that I do not think you can say it too loud or too often, when he stated, “The best way for a company to avoid some of the violations that I have just described is a robust FCPA compliance program.” It all begins with a risk assessment so that you will understand what your company’s risks are and you can manage them accordingly through your compliance program. From there Ceresney said, “The best companies have adopted strong FCPA compliance programs that include compliance personnel, extensive policies and procedures, training, vendor reviews, due diligence on third-party agents, expense controls, escalation of red flags, and internal audits to review compliance.” He also specifically mentioned third parties, as they are still perceived to be the highest risk in any FCPA risk matrix. He stated, “To properly combat against these abuses, a compliance program must thoroughly vet its third-party agents to include an understanding of the business rationale for contracting with the agent. Appropriate expense controls must also be in place to ensure that payments to third-parties are legitimate business expenses and not being used to funnel bribes to foreign officials.”

Self-Reporting and Cooperation

Next Ceresney turned to self-reporting and cooperation. After initially noting that the current enforcement environment is greatly aided by self-reporting, he went on to explain why it is in a company’s interest to do so. Beyond the simple credit a company receives for self-reporting, by doing so “parties are positioned to also help themselves by aggressively policing their own conduct”. The SEC will also “continue to find ways to enhance our cooperation program to encourage issuers, regulated entities, and individuals to promptly report suspected misconduct. The Division has a wide spectrum of tools to facilitate and reward meaningful cooperation, from reduced charges and penalties, to non-prosecution or deferred prosecution agreements in instances of outstanding cooperation.” He ended this section of his remarks with a couple of thoughts that I believe succinctly provided the SEC’s position on self-reporting and cooperation. First he said “When I was a defense lawyer, I would explain to clients that by the time you become aware of the misconduct, there are only two things that you can do to improve your plight – remediate the misconduct and cooperate in the investigation.” He then ended with the following, “Companies that choose not to self-report are thus taking a huge gamble because if we learn of the misconduct through other means, including through a whistleblower, the result will be far worse. “

Internal Controls 

Ceresney had some interesting remarks around internal controls. He said they were in the “context of financial reporting”; however I found that they might well have significant implications for the compliance practitioner. I thought his money line was “Internal control problems have been prominently featured in recent enforcement cases we have brought in the financial reporting area, even in cases without accompanying charges of fraud.  This reflects our view that adequate internal controls are the building blocks for accurate financial reporting and can prevent fraudulent activity.” While the specified area of these remarks was around SOX §§302 and 404, I think this portends directly to internal controls under the FCPA.

He went on to state, “my key takeaway is that senior leadership of companies should place strong emphasis on the importance of designing and implementing strong internal controls. Senior officers need to ask questions about what they are being told about their internal controls – but perhaps more importantly, ask questions about the things that are not being reported to them. Dropping those occasional inquiries into conversations where they won’t be expected sends a powerful message that you want these issues to be on your employees’ minds. And what is needed is not just involvement from senior leadership but also from the audit committee. Instead of a check-the-box mentality, it is important to use careful thought at the outset to how controls should be designed in light of a firm’s business operations. This entails an up-front assessment of financial reporting risks, designing controls that address those risks, and ensuring that the resulting controls are well documented and communicated. And, as the company’s business evolves and changes, management must consider whether the existing internal controls are appropriate, or need to be enhanced or changed. Appropriate resources and attention also need to be devoted to monitoring those controls for effectiveness and making changes as needed.” Every time you see the words ‘financial’ simply substitute compliance and I think you will see where the SEC is headed in its internal controls enforcement of the FCPA.

Just as Agatha Christie communicated with her audience in ways broader than simply puzzles, through her great facility for delicious language, the SEC communicates in substantive ways with the compliance community through its speeches. You really do not have to read the tea leaves when you have such a clear message as was delivered by Ceresney at the CBI conference. Moreover, with all the sites that reported on it, talked about it and even linked to the printed text, you did not have to pay to attend. It is all there for you to read and to read for free.

For a copy of the text of Ceresney’s remarks, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

March 18, 2015

The Blue Geranium – SEC Enforcement of the FCPA – Part III

Blue GeraniumIn Christie’s The Blue Geranium a difficult and cantankerous semi-invalid wife is looked after by a succession of nurses. They changed regularly, unable to cope with their patient, with one exception Nurse Copling who somehow managed the tantrums and complaints better than others of her calling. The wife had a predilection for fortunetellers and one announced that the wallpaper in the wife’s room was evil; pronouncing she should “Beware of the Full Moon. The Blue Primrose means warning; the Blue Hollyhock means danger; the Blue Geranium means death.” Four days later, one of the primroses in the pattern of the wallpaper in the wife’s room changed color to blue in the middle of the night, when there had been a full moon.

On the morning after the next full moon, the wife was found dead in her bed with only her smelling salts beside her. Once again Miss Marple has the solution remembering that potassium cyanide resembled smelling salts in odor. The wife took what she thought were smelling salts but was in reality potassium cyanide. The flowers on the wallpaper had been treated with litmus paper which the turned the geranium in question blue, which unmasked the killer.

I found this story to be an interesting way to introduce the topic of the Securities and Exchange Commission’s (SEC’s) damage remedies. While some are obvious, such as the fines and penalties which are listed in the text of the Foreign Corrupt Practices Act (FCPA), another one, that being profit disgorgement must be seen through the lens of multiple legislations.

Monetary Fines

The damages that are available to the SEC differ in some significant aspects from those available to the Department of Justice (DOJ) in its enforcement of the criminal side of the FCPA. According to the FCPA Guidance, “For violations of the anti-bribery provisions, cor­porations and other business entities are subject to a civil penalty of up to $16,000 per violation. Individuals, including officers, directors, stockholders, and agents of companies, are similarly subject to a civil penalty of up to $16,000 per violation, which may not be paid by their employer or principal. For violations of the accounting provisions, SEC may obtain a civil penalty not to exceed the greater of (a) the gross amount of the pecuniary gain to the defendant as a result of the violations or (b) a specified dollar limitation. The specified dollar limitations are based on the egregious­ness of the violation, ranging from $7,500 to $150,000 for an individual and $75,000 to $725,000 for a company.”

As straightforward as these monetary amounts may seem, the totals can become very large very quickly. As noted by Russ Ryan in a guest post on the FCPA Professor’s blog, entitled “Former SEC Enforcement Official Throws The Red Challenge Flag, the SEC significantly multiplied those amounts in a default judgment context against former Siemens executives by claiming that “four alleged bribes should be triple-counted as three separate securities law violations – once as a bribe, again as a books-and-records violation, and yet again as an internal-controls violation – thus artificially multiplying four violations to create twelve.” Further, under the specific books-and-records and internal-controls allegations “the SEC was super aggressive, taking the position that these classically non-fraud violations involved “reckless disregard” of a regulatory requirement, thus allowing the SEC to demand the maximum $60,000 per violation in “second-tier” penalties rather than the $6,000 per violation in the “first-tier” penalties ordinarily associated with non-fraud violations.”

Profit Disgorgement

In addition to the above statutory fines and penalties, “SEC can obtain the equitable relief of disgorgement of ill-gotten gains and pre-judgment interest and can also obtain civil money penalties pursuant to Sections 21(d)(3) and 32(c) of the Exchange Act. SEC may also seek ancillary relief (such as an accounting from a defendant). Pursuant to Section 21(d)(5), SEC also may seek, and any federal court may grant, any other equitable relief that may be appropriate or necessary for the benefit of investors, such as enhanced remedial measures or the retention of an independent compliance consultant or monitor.” These remedies can be sought in a federal district court of through the SEC administrative process.

As explained by Marc Alain Bohn, in a blog post on the FCPA Blog entitled “What Exactly is Disgorgement?” profit “Disgorgement is an equitable remedy authorized by the Securities Exchange Act of 1934 that is used to deprive wrong-doers of their ill-gotten gains and deter violations of federal securities law. The Act gives the SEC the authority to enter an order “requiring accounting and disgorgement,” including reasonable interest, as part of administrative or cease and desist proceedings”. In another article Bohn co-authored with Sasha Kalb, entitled “Disgorgement – the Devil You Don’t Know” published in Corporate Compliance Insights (CCI), they set out how such damages are calculated. They said, “In calculating disgorgement, the SEC is required to distinguish between legally and illegally obtained profits. The first step in such calculations is to identify the causal link between the unlawful activity and the profit to be disgorged. Once this causal link is established, the SEC may assert its right to disgorge illicit profits that stem from this wrong-doing. Because calculations like these often prove difficult, courts tend to give the SEC considerable discretion in determining what constitutes an ill-gotten gain by requiring only a reasonable approximation of the profits which are causally connected to the violation.”

However if you read the FCPA quite closely you will not find any language regarding profit disgorgement as a remedy. Nevertheless a simple reading of the statute does not limit our inquiry as to this remedy. In a Note, published in the University of Michigan Journal of International Law, entitled “The Foreign Corrupt Practices Act, SEC Disgorgement of Profits and the Evolving International Bribery Regime: Weighing Proportionality, Retribution and Deterrence”, author David C. Weiss explained the development of the remedy of profit disgorgement. As noted by Bohn, profit disgorgement was always available to the SEC from the very beginning of its existence, through the enabling legislation of 1934. But as explained by Weiss, in the completely unrelated legislation entitled The Penny Stock Reform Act of 1990, profit disgorgement was “authorized by statute [as a remedy to the SEC] without a limitation to the FCPA.”

Finally, and what many compliance practitioners do not focus on for SEC enforcement of the FCPA, was the enactment of Sarbanes-Oxley Act of 2002 (SOX). Weiss said, “The most recent change to the way in which the SEC enforces the FCPA—and a critical development to consider—is SOX, which affects virtually all of the SEC’s prosecutions, including those under the FCPA. When assessing penalties, the SEC draws on SOX to provide great latitude in determining the types of penalties it enforces. While SOX did not amend the FCPA itself, it did amend both civil and criminal securities laws relating to compliance, internal controls, and penalties for violations of the Exchange Act. Since the enactment of SOX, the SEC has possessed the power to designate how a particular penalty that it assesses will be classified.” [citations omitted]

There has been criticism of the SEC using profit disgorgement as a remedy. As far back as 2010, the FCPA Professor criticized this development in his article “The Façade of FCPA Enforcement” where he found fault with the remedy of profit disgorgement for books and records violations or internal controls violations only, where there is no corresponding “enforcement action charging violations of the anti-bribery provisions.” He wrote “It is difficult to see how a disgorgement remedy premised solely on an FCPA books and records and internal controls case is not punitive. It is further difficult to see how the mis-recording of a payment (a payment that the SEC does not allege violated the FCPA’s anti-bribery provisions) can properly give rise to a disgorgement remedy.”

Bohn and Kalb said, “Over the last six years, disgorgement has served to significantly increase the financial loss that companies are exposed to in FCPA enforcement matters. In addition to the considerable civil penalties often imposed by the SEC as part of FCPA settlements, the SEC has made clear that it will not hesitate to seek recovery of large sums through disgorgement provided they are reasonably related to the alleged misconduct. Yet the methodology used by the SEC to support the amounts it seeks to disgorge has not been much discussed.  In the absence of adequate guidance as to how these sums are calculated, disgorgement poses an even greater risk in the current aggressive FCPA enforcement climate.” I would only add to their conclusion that profit disgorgement is here to stay.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 17, 2015

The Companion and SEC Enforcement of the FCPA – Part II

The CompanionI will use Agatha Christie’s short story The Companion as the introduction to today’s blog post. This story, related by one of the Tuesday story-telling group of detective aficionados, Dr. Lloyd, and is about two people who are related yet take different paths. It involves the death of a woman while on vacation on the Island of Gran Canaria. The deceased was named Mary Barton and she died while trying to save her companion, one Amy Durrant, from drowning. Sometime later Miss Durrant was deemed missing and presumed drowned off the coast of Cornwall. However there was a double crime as Durrant had actually drowned Barton in Gran Canaria and then faked her own death in Cornwall, however she had returned home to Australia where she actually died within a month of returning. It turned out that Durrant was a cousin to Barton and her only living relation. Since both women were now dead, Barton’s not inconsiderable estate passed on to Durrant’s children, which was her plan all along.

All of which informs today’s topic that being the difference in Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) enforcement resolution tools from those used by the Department of Justice (DOJ). While both the SEC and DOJ use Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs); there are other tools in the SEC arsenal, which the DOJ does not use. These revolve around the fact that in FCPA enforcement, the DOJ handles criminal prosecution and the SEC handles things on the civil side of FCPA enforcement.

Traditionally the SEC obtains a Cease and Desist order by going to a federal district court. The FCPA Guidance states, “In a civil injunctive action, SEC seeks a court order compelling the defendant to obey the law in the future. Violating such an order can result in civil or criminal contempt proceedings. Civil contempt sanctions, brought by SEC, are remedial rather than punitive in nature and serve one of two purposes: to compensate the party injured as a result of the violation of the injunction or force compliance with the terms of the injunction.”

In most cases the defendant does not contest these Orders and there are no admissions made by the defendant regarding conduct that may have violated the FCPA. While there has been significant criticism of ‘No Admission’ settlements entered into by the SEC, these types of settlements are not expected to change where there is no corresponding criminal action. In a 2013 speech, SEC Chair Mary Jo White announced an expansion of the “admit” policy, and explained that while “neither admit nor deny” settlements would remain the norm, the SEC would now require defendants to admit wrongdoing “in certain cases where heightened accountability or acceptance of responsibility through the defendant’s admission of misconduct may be appropriate”. SEC enforcement chief, Andrew Ceresney, has added that defendants may be required to admit violations in cases of “egregious misconduct,” such as cases involving obstruction of the SEC’s investigation or harm to large numbers of investors.

However the past year or so, the SEC has moved to handle FCPA enforcement actions through an administrative process. As explained in the FCPA Guidance, “SEC has the ability to institute various types of administrative proceedings against a person or an entity that it believes has violated the law. This type of enforcement action is brought by SEC’s Enforcement Division and is litigated before an SEC administrative law judge (ALJ). The ALJ’s decision is subject to appeal directly to the Securities and Exchange Commission itself, and the Commission’s decision is in turn subject to review by a U.S. Court of Appeals.”

In a post on the FCPA Blog, entitled “Are Administrative Proceedings the New Civil Complaints?” Marc Alain Bohn explored this expanded use of administrative law proceedings in SEC enforcement of the FCPA, by noting, “which was facilitated in part by a 2010 Dodd-Frank amendment to the Securities and Exchange Act of 1934 that enables the SEC to collect civil penalties through administrative proceedings.” Moreover, Bohn noted a couple of significant differences in going through a federal district court to obtain a Cease and Desist Order and going through the SEC administrative process. He said, “FCPA cases resolved via administrative proceeding require no judicial approval, as opposed to the settlement of formal civil complaints. This distinction is important because district court judges have complicated several SEC prosecutions in recent years by demanding changes to negotiated settlements or dismissing charges or otherwise limiting claims. In addition, the imposition of a cease-and-desist order under an administrative proceeding requires only that the SEC establish a likelihood that a defendant will violate federal securities law, in contrast with the “reasonable likelihood” required by a court-ordered injunction.” [citations omitted]

The FCPA Professor has been unremitting in his criticism of this administrative settlement process, citing a complete lack of transparency in the process, among other criticisms. Mike Volkov, perhaps more charitably, wrote, “The SEC’s “new” use of administrative proceedings for FCPA cases demonstrates its unwillingness to face judicial scrutiny and undermines the effectiveness of its enforcement program. The SEC likes to play on its home turf and for some reason feels that going to court is not as important.” Whatever your view on the use of the administrative process might be I would only say that it is here to stay so you had better be ready to participate in it if you find yourself in a SEC FCPA enforcement action.

Another criticism of this process is what might be called the home court advantage. In an article in the Wall Street Journal (WSJ), entitled “Firms oppose SEC’s internal enforcement process”, reporter Hazel Bradford quoted Terry Weiss, an attorney with Greenberg Traurig LLP in Atlanta, for the following “I have no problem with fairness when (a case) is brought in a federal District Court and when it is overseen by a federal District Court judge who is appointed by the president of the United States and approved by the U.S. Senate. I have a significant problem when you have (administrative law judges) who are picked by the SEC.” The problem with this argument is that ALJ’s have been a part of the federal enforcement process for a wide variety of agencies, department and issues since the 1930s. To say the SEC is using an approved administrative process that violates the Constitution seems to me to be a stretch.

Another area the SEC has in common with the DOJ in FCPA enforcement is that they both sometimes decline to bring enforcement actions. The FCPA Guidance cites back to the SEC Enforcement Manual for the “guiding principles” in determining whether the Commission will bring a FCPA enforcement action. The factors the SEC will determine, which are the same for enforcement actions against entities or individuals., are listed as follows:

  • the seriousness of the conduct and potential violations;
  • the resources available to SEC staff to pursue the investigation;
  • the sufficiency and strength of the evidence;
  • the extent of potential investor harm if an action is not commenced; and
  • the age of the conduct underlying the potential violations.

It is important to understand these differences in resolution vehicles and tactics used by the SEC, separate and apart from the DOJ. The civil jurisdiction of FCPA enforcement entails some differences in approach by the SEC. It is important that any Chief Compliance Officer (CCO) or compliance practitioner understand these differences in the event their company goes through a FCPA investigation or enforcement action. We saw three significant FCPA enforcement actions last fall, Smith & Wesson, Layne Christensen and Bio-Rad, where there was no corresponding DOJ FPCA enforcement action brought jointly with the SEC enforcement action. As anti-corruption compliance programs mature, it may well be that this could portend the future. Just as with The Companion simply because it appears that two are together, they may have their own separate callings. Tomorrow I review some of the unique damages available to the SEC in a FCPA enforcement action.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 16, 2015

Miss Marple Short Stories and SEC Enforcement of the FCPA, Part I

Miss Marple Short StoriesI am a huge Agatha Christie fan. I have read most of the Poriot novels and many of the Jane Marple novels as well. However, I was not aware of Christie’s work in the short story format until I recently read a volume entitled Miss Marple Short Stories. This volume included 13 short stories first published in 1932. In many ways reading them was like revisiting an old friend, who had new stories to tell me that I had not previously heard. So in honor of my love of Agatha Christie and her short stories, I will theme my blog posts this week around one of her original short stories, published as The Thirteen Problems.

The first story was called The Tuesday Night Club and introduced Miss Marple and her cast of characters around these stories. Each was asked to relate some mystery and the others would try and solve the mystery. As with most of Christie’s writing, there were the stories and the characters who were, in many ways, stories themselves so there was a double layer of intersection. In this story a wife died of poisoning and her husband was the prime suspect. However Miss Marple deduced that the couple’s longtime housekeeper who has gotten “into trouble” through a liaison with the husband had poisoned the wife in hope’s of marrying the now widow. The group around Miss Marple was astounded when her deduction was confirmed by the storyteller when he related the housekeeper’s own deathbed confession.

Just as many readers may not have focused on Agatha Christie’s work in the short story format, many Foreign Corrupt Practices Act (FCPA) practitioners tend to focus on Department of Justice (DOJ) FCPA enforcement actions. However, just as Christie aficionados who did not focus on her short stories, many FPCA compliance practitioners do not tend to focus on FCPA enforcement by the Securities and Exchange Commission (SEC). To help address this, over the next week I will discuss issues relating to SEC enforcements.

Today, I begin with reviewing some jurisdictional issues unique to the SEC; commonly referred to as the FCPA accounting provisions, they consist of the books and records provisions which, as set out in the FCPA Guidance, requires that “issuers must make and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect an issuer’s transactions and dispositions of an issuer’s assets and internal controls requirements.” Under the internal controls provisions, “issuers must devise and maintain a system of internal accounting controls sufficient to assure management’s control, authority, and responsibility over the firm’s assets.”

Perhaps the most interesting thing about the ‘accounting provisions’ under the FCPA as stated in the FCPA Guidance, is as follows: , “Although the accounting provisions were originally enacted as part of the FCPA, they do not apply only to bribery-related violations. Rather, the accounting provisions ensure that all public companies account for all of their assets and liabilities accurately and in reasonable detail”. [emphasis supplied] This means there can be strict liability for stand alone violations of these provisions, with no ties back to the corrupt intent or elements of a FCPA violation are present.

Who is covered under SEC enforcement of the FCPA? 

The SEC prosecutes ‘issuers’ who are defined as a company “that has a class of securities registered pursuant to Section 12 of the Exchange Act or that is required to file annual or other period reports pursuant to Section 15(d) of the Exchange Act.” The SEC also enforces the FCPA against companies “whose securities trade on a national securities exchange in the United States, including foreign issuers with exchange traded American Depository Receipts” and trade in over-the counter markets. While the SEC does not bring enforcement actions against private companies, private companies are also subject to the FCPA, just as public companies for bribing a foreign government official, in violation of the FCPA.

Accounting Provisions

Consistent with the concern that bribe payments are often disguised as other types of payments in a company’s books and records, “requires issuers to “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.”” The “in reasonable detail” qualification was adopted by Congress “in light of the concern that such a standard, if unqualified, might connote a degree of exactitude and precision which is unrealistic.” The addition of this phrase was intended to make clear “that the issuer’s records should reflect transactions in conformity with accepted methods of recording economic events and effectively prevent off-the-books slush funds and payments of bribes.”

The Guidance goes on to give several examples of SEC enforcement actions of the books and record provisions where bribes were mischaracterized in a company’s books and records. Such examples include bribes paid out in the guise of commissions, royalties or consulting fees. Another prominent example includes reimbursement for sales and marketing or miscellaneous expenses where no such activity occurred. A favorite has been mischaracterized travel and entertainment expenses. Finally, a large group of often over-looked expenses include free goods for demonstration products, intercompany accounts, vendor payments and customer write-offs.

A key distinction of FCPA enforcement by the SEC from other types of accounting fraud is that there is no materiality requirement under the FCPA. Typically, internal audit, external audit or even forensic accounting, only review material transactions. Obviously for a large multi-national company subject to the FCPA, materiality could be millions of dollars or multiplies thereof. However we have seen FCPA enforcement actions with corrupt payments made in the low thousands of dollars.

Internal Controls Provisions

The FCPA says that internal controls requires issuers to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that—

(i) transactions are executed in accordance with management’s general or specific authorization;

(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;

(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and

(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.

As further explained in the FCPA Guidance, “the Act defines “reasonable assurances” as “such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.” Neither the FCPA nor the FCPA Guidance specifies a particular set of controls that companies are required to implement. However the FCPA Guidance does note, “the internal controls provision gives companies the flexibility to develop and maintain a system of controls that is appropriate to their particular needs and circumstances.”

Moreover, the FCPA Guidance recognizes that “An effective compliance program is a critical component of an issuer’s internal controls.” To do so, a company needs to access its risk and then design and implement a system of internal controls to “account the operational realities and risks attendant to the company’s business.” The FCPA Guidance suggests some of these areas should include “the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption”. But the over-riding key is to assess your company’s FCPA compliance risks and set up a set of internal controls to help manage those risks effectively.

Other SEC Enforcement Areas Relating to FCPA Compliance 

In addition to the accounting provisions there are other laws and regulations that the SEC enforces and ties into FCPA enforcement. As noted in the FCPA Guidance, “Issuers have reporting obligations under Section 13(a) of the Exchange Act, which requires issuers to file an annual report that contains comprehensive information about the issuer. Failure to properly disclose material information about the issuer’s business, including material revenue, expenses, profits, assets, or liabilities related to bribery of foreign government officials, may give rise to anti-fraud and reporting violations under Sections 10(b) and 13(a) of the Exchange Act.”

There are also several sections under the Sarbanes-Oxley Act (SOX) that have FCPA implications. These include SOX §302 that requires the principle officers of a company “take responsibility for and certify the integrity of these company’s financial reports on a quarterly basis.” Under SOX §404 companies must present annually their conclusion “regarding the effectiveness of the company’s internal controls over accounting.” Finally, SOX §802 prohibits “altering, destroying, mutilating, concealing or falsifying records, documents or tangible objects” with the intent to obstruct or influence a federal investigation, such as the FCPA.

The remainder of this week I will tie another Miss Marple short story to another SEC FCPA enforcement issue. I hope that you will tune in for the next installment.

TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,244 other followers