Halliburton Shareholder Derivative Action Settlement: Lessons for Enhancements to Your Compliance Program

In a story first reported in the Wall Street Journal (WSJ), entitled “Halliburton Says Court Approved Corruption Lawsuit Settlement”, Sam Rubenfeld reported that Halliburton has settled a shareholder derivative action which had been filed in state district court in Houston, Texas. The lawsuit, the consolidation of actions brought by two institutional shareholders and one individual shareholder against the company and its Board of Directors individually, had alleged that “the board’s failure to stop the activity caused the company to have to pay hundreds of millions of dollars in settlements and fines, and it damaged Halliburton’s reputation”.

The settlement is interesting for several reasons. Initially, it should be noted that Halliburton will not pay any damages but more than that, Rubenfeld reported that “the plaintiffs said in the settlement they faced “very steep hurdles” in establishing that the directors named in the suit were liable for the illegal activity, and that it was unlikely they would win damages “even closely approaching” what they sought in litigation”. In the settlement, Halliburton agreed to make changes to its corporate governance structure “including a clawback of compensation for board members who were involved in or approved the activity, beefing up its compliance program and strengthening the roles of its board members.” In other compliance areas, the company agreed to publish “newsletters and internal bulletins to include at least six articles per year addressing ethics and compliance issues.” Finally, Halliburton agreed that it’s “code of conduct has to be revised so as a layperson can understand it, and it has to be changed to specifically prohibit the use of bribes and kickbacks.”

I.                   Clawback Provisions

There were several specific provisions relating to clawbacks which may well now become standard provisions for officers and directors of companies going forward. They related to both monetary compensation and non-monetary compensation, such as stock. All the provisions turn on the following:

1. If an officer or director is named for “substantially participating in a significant violation of the law”;
2. And either a company investigation determines the officer’s or director’s conduct was “not indemnifiable”; OR
3. The officer or director “does not prevail at trial, enters into a plea arrangement…or otherwise admits to the violation in a legal proceeding.”
4. Then the clawback is triggered.

 II.                Greater Oversight of Compliance

The settlement specifies several steps the Audit Committee of the Board should take to enhance its role in the compliance function including holding more regular meetings and reporting to the full Board on issues relevant to compliance and risk management in general. The settlement also specified that a Management Compliance Committee shall be created and detailed investigation and reporting protocols for any “Significant Violation of any federal or state law”.

III.             Compliance Program Enhancements

Here the settlement specified that for employees working in high risk countries “who have job descriptions associated with business development and procurement activities [emphasis mine] they should have annual compliance training. The settlement also specified Halliburton to rewrite its Code of Business Conduct in plain English “so that it is written in a manner as is commonly understood by a layperson.” The Code of Business Conduct rewrite is to be expanded to make clear that foreign bribery and kickbacks are prohibited and will not use agents recommended by foreign governmental officials, unless such agents are screened through appropriate due diligence. As noted by Rubenfeld’s article Halliburton agreed to publish newsletters and provide email updates and intranet postings, which will address compliance at least six times per year. The company agreed to strive to maintain a ratio of one “Audit Service position for every 5,000 employees” and to certain restrictions in hiring a Chief Financial Officer (CFO).

In a section specified “To assure that its compliance program be deemed “effective” under the revised Federal Sentencing Guidelines” the company agreed to have a compliance program which would be designed to detect an offense “before discovery outside of the organization or before discovery was reasonably likely”. If there is a determination that such conduct occurs the company will take steps to prevent it from reoccurring. Halliburton agreed to take “reasonable steps to remedy the harm from criminal conduct”. Lastly, the Chief Compliance Officer (CCO) was given direct reporting authority to the Board and directed to report “no less than annually on the implementation and effectiveness of Halliburton’s compliance program.”

This settlement is a welcome addition for the compliance practitioner. First and foremost, the no payment of damages is a welcome change from such claims. Moreover, the enhancements agreed to by Halliburton give both compliance practitioners and company specific guidance on good corporate government practices in the compliance arena and specific ways to tie a compliance program to the US Federal Sentencing Guidelines.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

DS&S DPA: Lessons Learned for the Compliance Practitioner

On Monday, June 18, the Department of Justice (DOJ) announced the resolution of a matter involving violations of the Foreign Corrupt Practices Act (FCPA) by Data Systems & Solutions LLC (DS&S), a US entity based in Virginia. The settlement resulted in the company agreeing to a two year and 7 day Deferred Prosecution Agreement (DPA). The case was interesting for a number of reasons and it has some significant lessons which the compliance practitioner can put into place in a corporate compliance program. The charges related to DS&S’s business included the design, installation and maintenance of instrumentation and controls systems at nuclear power plants, fossil fuel power plants and other critical infrastructure facilities. In reading the Criminal Information, I can only say that this was no one-off or rogue employee situation but this was a clear, sustained and well known bribery scheme that went on within the company.

I.                   The Criminal Information

The bribery scheme involved payments made to officials at a state-owned nuclear power facility in Lithuania, named Ignalina Nuclear Power Plant (INPP). The payments were made to allow DS&S to obtain and retain business with INPP. The Information listed contracts awarded to DS&S in the amount of over $30MM from 1999 to 2004. Significantly, DS&S did not self-disclose this matter to the DOJ but only began an investigation after receiving a DOJ Subpoena for records.

The Players Box Score

DS&S Officials	INPP Officials	Subcontractors
Exec A – VP of Marketing and Business Development (BD)	Official 1 – Deputy Head of Instrumentation and Controls Department	Subcontractor A – Simulation Technology Products and Services
	Official 2 – Head of Instrumentation and Controls Department	Subcontractor B – Beneficially owned by Official 1 and which employed INPP Officials
	Official 3 – Director General at INPP	Subcontractor C – Shell company used a funneling entity to pay bribes
	Official 4 – Head of International Projects at INPP
	Official 5 – Lead SW Engineer at INPP

The bribery scheme used by DS&S recycled about every known technique there is to pay bribes. The Information listed 51 instances of bribes paid or communications via email about the need to continue to pay bribes. The bribery scheme laid in the Information reflected the following techniques used by:

•       Payment of bribes by Subcontractors to Officials on behalf of DS&S;
•       Direct payment of bribes by DS&S into US bank accounts controlled by INPP Officials;
•       Creation of fictional invoices from the Subcontractors to fund the bribes;
•      Payment of above-market rates for services allegedly delivered by the Subcontractors so the excess monies could be used to fund bribes;
•      Payment of salaries to INPP Officials while they were ‘employed’ by Subcontractor B;
•       Providing travel and entertainment to Officials to Florida, where DS&S has no facilities and which travel and entertainment had no reasonable business purpose; and last but not least…
•      Purchase of a Cartier watch as a gift.

II.                The Deferred Prosecution Agreement

I set out these details with some specificity for two reasons. The first is that the Information is a must read for anyone in Internal Audit who reviews books and records. It gives you the precise types of Red Flags to look for. But secondly is the fact that DS&S received a discount of 30% off the low end of the penalty range as calculated under the US Sentencing Guidelines. The calculation as listed in the DPA is as follows:

Calculation of Fine Range:

Base Fine $10,500,000

Multipliers 1.20(min)/2.40(max)

Fine Range $12,600,000/$25,200,000

The ultimate fine paid by DS&S was only $8.82MM, which the DPA states is “an approximately thirty-percent reduction off the bottom of the fine range…” So for the compliance practitioner the question is what did DS&S do to get such a dramatic reduction? We know that one thing they did NOT do was self-report as the DPA notes that this case began as a DOJ investigation and DS&S received Subpoenas “in connection with the government’s investigation.” However, after this initial delivery of Subpoenas DS&S engaged a clear pattern of conduct which led directly to this 30% discount of the low end of the fine range. The DPA reports that DS&S took the following steps:

 

• Internal Investigation. DS&S initiated an internal investigation and provided real-time reports and updates of its investigation into the conduct described in the Information and Statement of Facts.
• Extraordinary Cooperation. DS&S’s cooperation has been extraordinary, including conducting an extensive, thorough, and swift internal investigation; providing to the Department searchable databases of documents downloaded from servers, computers, laptops, and other electronic devices; collecting, analyzing, and organizing voluminous evidence and information to provide to the DOJ in a comprehensive report; and responding promptly and fully to the DOJ’s requests.
• Extensive Remediation. The number of steps DS&S took in regard to remediation included the following:
  • Termination of company officials and employees who were engaged in the bribery scheme;
  • Dissolving the joint venture and then reorganizing and integrating the dissolved entity as a subsidiary of DS&S;
  • Instituting a rigorous compliance program in this newly constituted subsidiary;
  • Enhancing the company’s due diligence protocols for third-party agents and subcontractors;
  • Chief Executive Officer (CEO) review and approval of the selection and retention of any third-party agent or subcontractor;
  • Strengthening of company ethics and compliance policies;
  • Appointment of a company Ethics Representative who reports directly to the CEO;
  • The Ethics Representative provides regular reports to the Members Committee (the equivalent of a Board of Directors in a LLC); and
  • A heightened review of most foreign transactions.
  • Enhanced Compliance Program. More on this in the next section.
  • Continued Cooperation with DOJ. The company agreed to continue to cooperate with the Department in any ongoing investigation of the conduct of DS&S and its officers, directors, employees, agents, and subcontractors relating to violations of the FCPA and to fully cooperate with any other domestic or foreign law enforcement authority and investigations by Multilateral Development Banks.

III.             Enhanced Compliance Obligations

One of the interesting aspects of the DS&S DPA is that there are 15 points listed in the Corporate Compliance Program, attached as Schedule C to the DPA, rather than the standard 13 items we have seen in every DPA since at least November 2010. The new additions are found on items 13 & 14 on page C-6 of Schedule C and deal with mergers and acquisitions. They read in full:

13. DS&S will develop and implement policies and procedures for mergers and acquisitions requiring that DS&S conduct appropriate risk-based due diligence on potential new business entities, including appropriate FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. If DS&S discovers any corrupt payments or inadequate internal controls as part of its due diligence of newly acquired entities or entities merged with DS&S, it shall report such conduct to the Department as required in Appendix B of this Agreement.

14. DS&S will ensure that DS&S’s policies and procedures regarding the anticorruption laws apply as quickly as is practicable to newly acquired businesses or entities merged with DS&S and will promptly:

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to DS&S, on the anti-corruption laws and DS&S’s policies and procedures regarding anticorruption laws.

b. Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.

This language draws from and builds upon the prior Opinion Release 08-02 regarding Halliburton’s request for guidance during an attempted acquisition and the Johnson and Johnson (J&J) Enhanced Compliance Obligations which were incorporated into its DPA. While the DS&S DPA does note that it is specifically tailored as a solution to DS&S’s FCPA compliance issues, I believe that this is the type of guidance that a compliance practitioner can rely upon when advising his or her clients on what the DOJ expects during Mergers and Acquisitions (M&A). The five keys under these new items, 13 & 14 highlighted above, are: (1) develop policies and procedures for M&A work prior to engaging in such transactions; (2) full FCPA audit of any acquired entities “as quickly as practicable”; (3) report any corrupt payments or inadequate internal controls it discovers in this process to the DOJ; (4) apply DS&S anti-corruption policies and procedures to the newly acquired entities; and (5) train any persons who might “present a corruption risk to DS&S” on the company’s policies and procedures and the law.

IV.              Summary

The DS&S DPA provides some key points for the compliance practitioner. First and foremost, I believe that it demonstrates the reasonableness of the DOJ. The bribery scheme here was about as bad as it can get, short of suitcases of money carried by the CEO to pay bribes. The company did not self-report, yet received a significant reduction on the minimum level of fine. The specificity in the DPA allows a compliance practitioner to understand what type of conduct is required to not only avoid a much more significant monetary penalty but also a corporate monitor. Lastly, is the specific guidance on FCPA compliance in relation to M&A activities, to the extent that if anyone in the compliance arena did not understand what was required in the M&A context; this question would seem to be answered in the DS&S DPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The President and Lin-sanity: Lesson Learned III For Your Compliance Program

Lin-sanity still reigns and it may well now have reached its penultimate level. What evidence do I have of this cultural phenomenon? It is that both US President Barack Obama AND Sarah Palin are now on the Lin-sanity bandwagon. Palin, who played basketball in high school, is pictured at the left with the highly coveted Lin gear outside her Manhattan hotel. Not to be outdone, last week on the B.S. Report, a weekly podcast hosted by the Sports Guy Bill Simmons, held at the White House, President Barrack Obama talked about Lin-sanity and his fellow Harvard alum Jeremy Lin.

The President made an interesting comment, which I thought spoke to an ongoing issue in the compliance world. His observation was that Lin’s in-game success did not happen overnight, so question for you where were all of the ubiquitous NBA coaches all through his practices during the 15 months he has been in the NBA? The President thought that some coach, should have seen something, which indicated Lin had some talent. While we can ponder the wisdom of the 30+ coaches, between the Warriors and Rockets, who all blew that one, one of the things that the President’s comment brought up for me is the role of training in any best practices compliance program. Why you might ask? The answer is because one of focuses within an organization is to not only develop talent, but to evaluate talent in everyday work situations; similar to evaluating a basketball player in practice. So the Lin-sanity Lesson III is that one of the areas of training is to teach business unit employees to coach and evaluate compliance talent in an organization.

This is an area that Human Resources (HR) can be of great assistance to the Compliance Department. Compliance can take the lead in training on the substance of compliance. However, HR can assist in training managers to evaluate and audit employees on whether they conduct themselves within a culture of compliance and ethics. This is the traditional role of HR. While there is a training requirement for any minimum best practices compliance program, based upon the requirements in the US Sentencing Guidelines, I would submit that there is an opportunity to bring additional and more focused HR based training to bear which would enable a company to develop leaders who are thoroughly grounded in compliance and ethics.

Under the US Sentencing Guidelines, companies are mandated to “take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.” This requirement would also suggest that training results should also be evaluated and once again HR can fill this role. As part of this evaluation, a candidate for promotion can be assessed in not only their interest in the area but their retention of the materials going forward. Lastly, HR can evaluate how a candidate for promotion incorporates compliance and ethics not only into his or her work but how the candidate might help to foster a culture of compliance in the company.

President Obama’s remark about Jeremy Lin and what he may have shown in practice brought up the day-to-day work that any NBA player must go through which is watched by numerous NBA coaches. This concept is the same in a business organization. The day-to-day practices equate to how employees comport themselves whilst doing the routine and daily business of their companies. It’s a good bet that if an employee acts in an ethical manner in his or her routine dealings, they will do so in a situation which requires conducting business through a culture of compliance. HR is a part of the corporate organization that can evaluate these day-to-day scenarios. HR can also train business unit employees to evaluate personnel on compliance and ethics issues. You should not miss this opportunity to watch and evaluate your employees!

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Smith & Nephew DPA: Lessons Learned in Using Distributors

A distributor can be generally defined as a company or individual who purchases a product from an original equipment manufacturer (OEM) and then independently sells that product to an end user. A distributor takes title, physical possession and owns the products. The distributor then sells the product again to an end-using purchaser. The distributor usually receives the product at some discount from the OEM and then is free to set the resell price at any amount above what was originally paid for the product. A distributor is often used by the US manufacturing industry to act as a sales force outside of the US.

The landscape of the Foreign Corrupt Practices Act (FCPA) is littered with cases involving both agents and resellers, who are most clearly acting as representatives of the companies whose goods or services they sell for in foreign countries. However, many US businesses believe that the legal differences between agents/resellers and distributors insulate them from FCPA liability should the conduct of the distributor violate the Act. They believe that as the distributor takes title and physical possession of the product, the legal risk of ownership has shifted to the distributor. If the goods are damaged or destroyed, the loss will be the distributor’s not the US business which manufactured the product. Under this same analysis, many US companies believe that the FCPA risk has also shifted from the US company to the foreign distributor. However, such belief is sorely miss-placed.

As reported by the FCPA Professor and FCPA Blog, on February 1, 2012, the Department of Justice (DOJ) announced that it entered into a Deferred Prosecution Agreement (DPA) with Smith & Nephew, Inc., a medical equipment manufacturer, for violations of the FCPA.  Smith & Nephew paid a monetary penalty of $16.8MM to the DOJ and $5.4MM to the Securities and Exchange Commission (SEC) as a civil penalty, all for a total of $22.2MM in fines and penalties. The violations revolved around a Greek distributor of Smith & Nephew who paid bribes to Greek doctors so that they would purchase and use Smith & Nephew products. According to the FCPA Professor, in a post entitled “Next Up – Smith & Nephew”, Smith and Nephew and its German subsidiary, would sell products to the entities “at a discount to the ‘list’ price and the Greek Distributor would re-sell to Greek HCPs and government hospitals at a profit.”

Further, as noted by the Professor, the purpose in setting up these entities “was to secure lucrative business with hospitals in the Greek public health care system by making and promising to make corrupt payments of money and things of value to publicly-employed Greek HCPs.”  According to the information, “S&N, certain of its executives, employees, and affiliates agreed to sell to [the] Greek Distributor at full list price, then pay the amount of the distributor discount – between 25 and 40 percent of the sales made by [the] Greek Distributor – to an off-shore shell company controlled by [the] Greek Distributor, in order to provide off-the-books funds for [the] Greek Distributor to pay cash incentives and other things of value to publicly-employed Greek HCPs to induce the purchase of S&N products, while concealing the payments.”  According to the information, S&N “falsely recorded or otherwise accounted for the payments to the shell companies on its books and records as ‘marketing services’ in order to conceal the true nature of the payments in the consolidated books and records of S&N and GmbH.”

In honor of the commencement of Spring Training next week, I put together a handy Box Score of the entities which Smith & Nephew set up for this FCPA conspiracy.

Entity Designation	Domicile of Entity	Commission Rate	Services Provided	Actual Services
Shell Company A	UK	40% of sales of Greek distributor	Marketing	Did not perform any services
Shell Company B	UK	26% of sales of Greek distributor	Marketing	None listed
Shell Company C	UK	35% of sales of Greek distributor	Marketing	Did not perform any true services

Indicia of Bribery and Corruption

What are some of the factors that demonstrate the distributors used by Smith & Nephew were fraudulent and did not have a legitimate business purpose? Initially I would note that the distributor was domiciled in a location separate, the UK, and apart from the sole location it was designed to deliver products or services into, Greece. This clearly demonstrated that the entities were used for a purpose that the company wished to hide from Greek authorities. While it is true that a distributor might sell products into a country different than its domicile, if the products are going into a single country, this should raise a Red Flag.

However, the biggest indicium of corruption was the amount of the commission paid. The traditional sales model for a distributor has been to purchase a product, take the title, and therefore the risk, and then resell it to an end user. Based upon this sales model, there has been a commission structure more generous than those usually accorded a reseller or sales agent, who is usually only a negotiator between the OEM and the end user. This difference in taking title, and risk of loss, have led to a cost structure which has provided a deeper discount of pricing for distributors than commission rates paid to resellers or sales agents. The sales structure used by Smith & Nephew had pricing discounts of between 26-40% off the list price. Further, this money was used precisely to pay bribes to Greek doctors to use Smith & Nephew products. If your company uses a distributor model, I would suggest that you review and reassess your pricing structure in light of this enforcement action.

Monitorship

A very interesting feature of the Smith & Nephew DPA is that the company agreed to an external Monitor. This is not something we saw in most DPAs from 2011. The Monitor’s primary purpose is to “assess and monitor Smith & Nephews compliance with the terms of this Agreement so as to specifically address and reduce the risk of any recurrence of Smith & Nephew’s conduct.” The Monitor is to be retained by Smith & Nephew “for a period of not less than eighteen (18) months.” The DPA specifies that the Monitor is to perform at a minimum two reviews and corresponding reports. The Monitor shall provide to Smith & Nephew a written work plan no less than 60 days before commencing either review. The Monitor is to formulate conclusions based upon “among other things (a) inspection of relevant documents, including Smith & Nephew’s current anti-corruption policies and procedures; (b) onsite observation of selected systems and procedures of Smith & Nephew at sample sites, including internal controls and record-keeping and internal audit procedures; (c) meetings with, and interviews of, relevant employees officers, directors and other persons at mutually convenient times and places; and (d) analyses, studies and testing of Smith & Nephew’s compliance program with respect to the anticorruption laws.”

The Smith & Nephew DPA provides the compliance practitioner with specific guidance regarding how not to use a distributor. While this post did not focus on the conduct of Smith & Nephew during the pendency of the investigation, suffice to say that its conduct after self-disclosure led to a fine which was 20% below the minimum suggested by the Sentencing Guidelines. This fact clearly points to the value of self-disclosure and cooperation with the DOJ, as a key, if not THE key component during any enforcement action.

Lessons Learned on Compliance and Ethics is available for purchase on amazon.com by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

The Saga of MF Global – Don’t Shoot the Messenger, Fire the Chief Compliance Officer

In a post last week on his site, Corruption, Crime and Compliance, Mike Volkov named the Chief Compliance Officer (CCO) his “Person of the Year”. He did so because “There is no other position in a company which has taken on more significance.” This significance was foretold, in part, by the Department of Justice’s (DOJ) minimum best practices compliance program, where they have listed in each Deferred Prosecution Agreement (DPA) and Non-Prosecution Agreement (NPA) released beginning in 2010 and continuing into 2011,  the following:

“Senior Management Oversight and Reporting. A Company should assign responsibility to one or more senior corporate executives of the Company for the implementation and oversight of the Company’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to the Company’s Legal Counsel or Legal Director as well as the Company’s independent monitoring bodies, including internal audit, the Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.”

In November 2010, the US Sentencing Guidelines were also amended to make the role of the CCO more robust and allow direct reporting to a Board of Directors or subcommittee of the Board. The amendment read “the individual…with operational responsibility for the compliance and ethics program…have direct reporting obligations to the governing authority or any appropriate subgroup… (e.g. an audit committee or the board of directors)”. If a company has the CCO reporting to the General Counsel (GC) who then reports to the Board? Such structure may not qualify as an effective compliance and ethics program under the amended Sentencing Guidelines.

These two bits of guidance came to mind when reading about MF Global over the past few weeks, regarding its Chief Risk Officer, the financial services equivalent of a CCO. As reported on December 15, in a New York Times (NYT) article entitled “MF Global’s Risk Officer Said to Lack Authority” Ben Protess and Azam Ahmed reported that the company replaced its Chief Risk Officer, Michael Roseman, earlier in 2011, after he “repeatedly clashed with Mr. Corzine [the CEO] over the firm’s purchase of European sovereign debt.” He was given a large severance package and left the company. When he left, there was no public reason given. His replacement was brought into the position with reduced authority.

Writing in the December 16, edition of the NYT’s DealB%K, in an article entitled “Another View: MF Global’s Corporate Governance Lesson” Michael Peregrine stated that “compliance officer is the equivalent of a “protected class” for governance purposes, and the sooner leadership gets that, the better.” Particularly in the post Sarbanes-Oxley world, a company’s CCO is a “linchpin in organizational efforts to comply with applicable law.” When a company fires (or asks him to resign), it is a significance decision for all involved in corporate governance and should not be solely done at the discretion of the Chief Executive Officer (CEO) alone.

Both the DOJ minimum best practices and the amendment to the US Sentencing Guidelines, giving the CCO direct access to a company’s Board of Directors, would seem to provide the profile that would mandate that a Board wants to know the reason why a CCO (or Chief Risk Officer) would suddenly resign, particularly after he “repeated clashed” with a CEO over compliance issues. The universal corporate blanket “resigned to pursue other opportunities” is a white-wash that a Board should look beyond, if indeed that reason was given to the MF Board. The bottom line is that when a CCO leaves, particularly if it was due to a clash with the CEO, the Board had better take a close look into the reasons as it may be that the CEO wants to take risks which could put the company at grave risk.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

The FCPA Compliance Audit: A Market Approach to Moving the Bar Forward

The issue of audit rights in compliance terms and conditions is one that leads to debates both pro and con. My This Week in FCPA colleague Howard Sklar and I have sparred on this issue. Usually the debates centers around the threshold question of if you have the rights must you audit the contractual counter-party which has agreed to allow itself to be audited. I argue that if you have audit rights that you must, at least selectively use them. However, if you do not ever use these audit rights, it may put you in a worse position than if you did not have the rights. The next argument is usually along the lines that the counter-party will never allow your company to audit them. The third argument is that auditing takes too much time and is too costly.

In my discussions with Howard I usually respond that it is always better to have audit rights. The concept of the compliance audit of counter-parties is in the US Sentencing Guidelines for organizations accused of violating the Foreign Corrupt Practices Act (FCPA); the Department of Justice’s (DOJ) best practices for effective compliance programs which have been released with each Deferred Prosecution Agreement (DPA) over the past year; the UK Bribery Act’s Six Principles of Adequate Procedures; and the OECD Good Practices. The reason all of these guidelines incorporate it into their respective practices is that it is one of the key tools to utilize in managing any business relationship from the compliance perspective going forward.

In response to the second argument, I think the answer is more straight-forward. Under any reputable commercial contract, the party paying the money ALWAYS has the right to audit the company which receives the money. While this audit is typically limited to auditing invoices, backup documentation and other evidence of services provided or product delivered, it is nevertheless a standard clause that almost every company has seen in a contract. I believe that good communication with a counter-party, to explain the genesis of the compliance audit and why it has become a best practice, is an important part of the ongoing dialogue between the parties, both before, during and after contract negotiations.

I believe that the response to the third objection is also straight-forward. I previously wrote about the Apple 2011 Supplier Responsibility Report. Apple looked at a variety of issues that affect its business relationships with its suppliers, these areas included training, protecting of workers, use of underage labor and social responsibility. One of the areas that Apple audited and reported about was compliance. I believe the Apple example shows that companies can successfully audit their suppliers, channel ops partners and any others in their sales or distribution chains. I understand that people will respond that this is Apple, one of the biggest and most visible US companies around. However, my point is that Apple is a concrete example of a successful and transparent compliance audit.

While not in the compliance area, I recently read about two US companies, Proctor & Gamble and Kaiser Permanente, who grade their suppliers on their environmental practices. In an article in the November 2010 issue of FastCompany, author Damian Joseph quotes Dean Edwards, VP and chief procurement officer at Kaiser Permanente, “We’re sending a message to vendors loud and clear…Green up your act today, lest you lose a huge client tomorrow.” Author Joseph posed the question to Jeff Erikson, an expert in supply chain management as “How do you control distant suppliers and enforce new standards?” Erikson answered, “There are no easy answers but asking the question is a positive change in behavior.”

I think that the final two quotes encapsulate the strongest reasons for the compliance audit. Nothing changes company or business behavior like market based factors. The (FCPA can and does change behavior to move companies and countries toward the rule of law. That is certainly an advantage of the Act and something that should be considered when amendments to the FCPA are bandied about under the claim that the FCPA costs US company’s jobs.

=============================================================================================

Episode 14 of This Week in FCPA is upheld. Howard Sklar and I discuss several issues including:

1. Business Roundtable in DC
2. Diageo
3. Lindsey allegations of prosecutorial misconduct
4. Carson jury instructions
5. National Strategy to Combat Transnational Organized Crime
6. Niger now has a “High Commission”
7. Diebold has no news, but we report on it anyway
8. Travel Act gets challenged, nobody notices
9. RBS gets hit for AML, without actually violating anything

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Will No One Rid Me of this Meddlesome Priest?

Tone at the Top has become a phrase inculcated in the compliance world. The reason it is so important to any compliance program is because it does actually matter. Any compliance program starts at the top and flows down throughout the company. The concept of appropriate tone at the top is in the US Sentencing Guidelines for organizations accused of violating the Foreign Corrupt Practices Act (FCPA); the Department of Justice’s (DOJ) best practices for effective compliance programs which have been released with each Deferred Prosecution Agreement (DPA) over the past year; the UK Bribery Act’s Six Principles of Adequate Procedures; and the OECD Good Practices. The reason all of these guidelines incorporate it into their respective practices is that all employees look to the top of the company to see what is important. Or to quote my colleague Mike Volkov, who quoted Bob Dylan, in opining “You don’t need to be a weatherman to know which way the wind blows”.

The US Sentencing Guidelines reads:

High-level personnel and substantial authority personnel of the organization shall be knowledgeable about the content and operation of the compliance and ethics program … and shall promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

The OECD Good Practices reads:

1. strong, explicit and visible support and commitment from senior management to the company’s internal controls, ethics and compliance programs or measures for preventing and detecting foreign bribery;

The UK Bribery Act Guidance for the Six Principles of Adequate Procedures reads:

The top-level management of a commercial organisation (be it a board of directors, the owners or any other equivalent body or person) are committed to preventing bribery by persons associated with it. They foster a culture within the organisation in which bribery is never acceptable.

Attachment C, to each DPA released in the past year, has the following

2. [The Company] will ensure that its senior management provides strong, explicit, and visible support and commitment to its corporate policy against violations of the anti-corruption laws and its compliance code.

The Foreign Corrupt Practices Act (FCPA) world is riddled with cases where the abject failure of any ethical “Tone at the Top” led to enforcement actions and large monetary settlements. In the two largest monetary settlements of enforcement actions to date, Siemens and Halliburton, for the actions of its former subsidiary KBR, the government specifically noted the companies’ pervasive tolerance for bribery. In the Siemens case, for example, the Securities and Exchange Commission (SEC) noted that the company’s culture “had long been at odds with the FCPA” and was one in which bribery “was tolerated and even rewarded at the highest levels”. Likewise, in the KBR case, the government noted that “tolerance of the offense by substantial authority personnel was pervasive” throughout the organization.

In addition to the two cases set out above, in a 2003 report, the Commission on Public Trust and Private Enterprise cited a KPMG survey covering selected US industries; found that 37 percent of employees had, in the previous year, observed misconduct that they believed could result in a significant loss of public trust if it were to become known. This same KPMG survey found that employees reported a variety of types of misconduct and that the employees believed this misconduct is caused most often by factors such as indifference and cynicism; pressure to meet schedules; pressure to hit unrealistic earnings goals; a desire to succeed or advance careers; and a lack of knowledge of standards.

So how can a company overcome these employee attitudes and replace the types of corporate cultures which apparently pervaded at News Corp and re-set its “Tone at the Top”? In a 2008 speech to the State Bar of Texas Annual Meeting, reprinted in Ethisphere, Larry Thompson, PepsiCo Senior Vice President of Governmental Affairs, General Counsel and Secretary, discussed the work of Professor Lynn Sharp at Harvard. From Professor Sharp’s writings, Mr. Thompson cited five factors which are critical in establishing an effective integrity program and to set the right “Tone at the Top”.

1. The guiding values of a company must make sense and be clearly communicated.
2. The company’s leader must be personally committed and willing to take action on the values.
3. A company’s systems and structures must support its guiding principles.
4. A company’s values must be integrated into normal channels of management decision making and reflected in the company’s critical decisions.
5. Managers must be empowered to make ethically sound decisions on a day-to-day basis.

So whether with malicious intent or simply said out of frustration, when Henry II uttered the words which are the title of today’s posting, it set the tone for the four knights which overheard him. They set off and murdered Thomas Becket. Perhaps less starkly into today’s world, if the tone from the top is that you must meet you quarterly numbers or the company will find someone else to do the job; that is the message that will come across to company employees. But whether you are the King of England, the CEO of a Fortune 500 company or simply in a leadership position in your company; the tone does matter.

=======================================================

Episode 13 of This Week in FCPA is up. Check out Howard Sklar and myself on this week’s topics.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Recent DPAs Provide Guidance on FCPA Compliance Best Practices

The House Judiciary Committee will hold hearings Tuesday on the Foreign Corrupt Practices Act. At this point the Witness List as set forth on the Committee’s website is as follows:

Hon. Michael Mukasey Former Attorney General Partner Debevoise & Plimpton LLP Mr. Greg Andres Deputy Assistant Attorney General Criminal Division U.S. Department of Justice Mr. George Terwilliger Partner White & Case LLP Ms. Shana-Tara Regon Director White Collar Crime Policy National Association of Criminal Defense Lawyers

At this point no preview of the witnesses’ testimony has been released. However, other than Greg Andres, the testimony will probably not be a defense of the FCPA or even the need to expand it to meet the anti-bribery and anti-corruption enhancements found in the UK Bribery Act. Indeed it reads like a list of representatives from the US Chamber of Commerce, which has been engaged in a campaign to amend the FCPA.

However in the past 12 months or so many of the complaints which have practitioners have made regarding the FCPA have been addressed by the Department of Justice (DOJ) or by recent court rulings. In a blog entitled, “House Judiciary FCPA Hearing: An Opportunity for Greater Information” I have reviewed the federal district court rulings in the CCI and Lindsey Manufacturing cases, which both discussed the factors which should go into an analysis of what is a foreign governmental instrumentality under the FCPA. So at this point, I thought it might be propitious to review some of the information which has come out from the DOJ on what it considers the current best practices for a FCPA compliance program.

Alliance One/Universal Corp.-actions during the pendency of an investigation

Last July, the DOJ released joint Deferred Prosecution Agreement (DPAs) for two companies in the tobacco industry: Alliance One and Universal Corp. These DPAs started a year-long process by which the DOJ has informed the compliance community about specific steps companies can take to enhance their FCPA compliance program or benchmark their current compliance programs against DOJ suggested best practices. These two DPAs in question provided to companies in the midst of FCPA enforcement actions specific steps that should be implemented during the pendency of an investigation to present to the DOJ, which could reduce the overall penalties at the end of the day. Initially it should be noted that full cooperation with the DOJ at all times during the investigation is absolutely mandatory. Thereafter from the Alliance One matter, the focus was on accounting procedures and control of cash payments. From the Universal case, a key driver appears to be the due diligence on each pending international transaction, and subsequent full due diligence on each international business partner. Next is the management of any international business partner after due diligence is completed and a contract executed. Lastly is the focus on the Chief Compliance Officer position, emphasizing this new position throughout the organization and training, training and more training on FCPA compliance.

Panalpina Settlements-Best Practices

In the DOJ settlement with the freight forwarder Panalpina and all related settlements announced on the same day last November, the DOJ attached as Attachment C (Attachment B to the Noble Non-Prosecution) a list of 13 best practices which included the collective Corporate Compliance Programs provided the FCPA compliance practitioner with the most current components that the Department of Justice believes should be included in a FCPA compliance program. Hence, this information is a valuable tool by which companies can assess if they need to adopt new or to modify existing their internal controls, policies, and procedures in order to ensure that it maintains: (a) a system of internal accounting controls designed to ensure that a Company makes and keeps fair and accurate books, records, and accounts; and (b) a rigorous anti-corruption compliance code, standards, and procedures designed to detect and deter violations of the FCP A and other applicable anti-corruption laws. The Preamble notes that these suggestions are the “minimum” which should be a part of a Company’s existing internal controls, policies, and procedures:

1. Code of Conduct.

2. Tone at the Top.

3. Anti-Corruption Policies and Procedures.

4. Use of Risk Assessment.

5. Annual Review.

6. Sr. Management Oversight and Reporting.

7. Internal Controls.

8. Training.

9. Ongoing Advice and Guidance.

10.  Discipline.

11. Use of Agents and Other Business Partners.

12. Contractual Compliance Terms and Conditions.

13. Ongoing Assessment.

The DOJ goes on to fill in each of these categories so that it a valuable list to create, enhance or benchmark your FCPA compliance program.

Alcatel-Lucent, Maxwell Technologies and Tyson Foods-Risk Assessments

The three enforcement actions, all announced in early 2011, involving the companies Alcatel-Lucent, Maxwell Technologies and Tyson Foods, had common areas that the DOJ indicated were FCPA compliance risk areas which should be evaluated for a minimum best practices FCPA compliance program. In both Alcatel-Lucent and Maxwell Technologies, the Deferred Prosecution Agreements (DPAs) listed the seven following areas of risk to be assessed.

1.         Geography-where does your Company do business.

2.         Interaction with types and levels of Governments.

3.         Industrial Sector of Operations.

4.         Involvement with Joint Ventures.

5.         Licenses and Permits in Operations.

6.         Degree of Government Oversight.

7.         Volume and Importance of Goods and Personnel Going Through Customs and Immigration.

In the Tyson Foods DPA, this list was reduced to the following (1) Geography, (2) Interaction with Governments, and (3) Industrial Sector of Operations. As with all DPAs released since the Panalpina settlements, each DPA has included an Attachment C, compliance program best practices. However these three DPAs give the compliance practitioner the guidance that the DOJ considers a risk assessment to be the starting pointing for any compliance program. In addition to this information on the starting point, there are specific risks which should be assessed listed by the DOJ. 

Johnson and Johnson-self disclosure and enhanced compliance obligations

1. Self-Disclosure

FCPA practitioners have repeatedly asked the DOJ for specific guidance as to what will be the tangible results of self-disclosure. In the Johnson & Johnson DPA this question is clearly answered. Listed under the section “Relevant Considerations” one of the reasons the DOJ entered into the DPA is the following:

a.         J&J voluntarily and timely disclosed the majority of the misconduct described in the [Criminal] Information and Statement of Facts;

So the self-disclosure was one of the reasons that the DOJ entered into the DPA, however, and perhaps more importantly, the self-disclosure brought to Johnson & Johnson a monetary benefit with a tangible reduction in its overall fine and penalty. The DPA reported a reduction by 5 points of the company’s overall Culpability Score with the following:

(g)(1) The organization, prior to an imminent threat of disclosure or government investigation, within a reasonably prompt time after becoming aware of the offense, reported the offense, fully cooperated, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct;  -5

It is not possible to determine from the DPA how much of the reduction was attributable to the self-disclosure and how much was attributed to the conduct thereafter. However, this precise language makes clear that the DOJ places a real value on such self-disclosures and companies should take this as a clear sign that, at the end of the day, it will be better for them to self-disclose.

1. Attachment D-Enhanced Compliance Obligations

The following nine points will not be unfamiliar to the FCPA compliance practitioner. These points are recognized to be in most ‘good to best’ compliance programs. However, the Johnson & Johnson DPA goes much further by adding an Attachment D, entitled “Enhanced Compliance Obligations” which is designed to be in addition to, and to build upon, the commitments made by Johnson & Johnson in Attachment C. These enhanced obligations include the following:

A.        Compliance Department

B.        Gifts, Hospitality and Travel

C.        Complaints and Reports

D.        Risk Assessments and

E.         Acquisitions

F.         Relationships with Third Parties

G.        Training

H.        Annual Certifications

This Attachment D “Enhanced Compliance Obligations” is an excellent road map for the FCPA practitioner in which to establish, enhance, or simply review a company’s FCPA compliance program. As with the Attachment C, the DOJ expands upon each of these categories. The Johnson & Johnson DPA demonstrates that a company’s commitment to ongoing FCPA remediation and program enhancement will help it reduce its overall FCPA liability in a case with facts as bad as those presented in this matter.

These DPAs demonstrate that the DOJ is committed to releasing information on what it believes will constitute a best practices compliance program. It will be interesting to see if any of the witnesses before the House Judiciary Committee will acknowledge the DOJ’s efforts in this area or the recent federal court rulings on what may constitute an foreign governmental instrumentality under the FCPA in their testimony.

———————————————————————————————————————————————————————

Join Me for Following Upcoming Webinars

Tuesday, June 21 at 1 EDT, I am co-presenting on a webinar with Mary Shaddock Jones, former Assistant General Counsel and Director of Compliance at Global Industries, Ltd., on “Supply Chain Relationship Management Under the FCPA and Bribery Act”. The event is co-hosted by Ethisphere and World Check. For information and registration details click here.

Wednesday, June 22 at 1 PM EDT, I am a co-panelist with Henry Mixon, Managing Director of Mixon Consulting, in a webinar hosted by Corporate Compliance Insights, entitled, “Internal Controls Under the FCPA & UK Bribery Act”. For information and registration details click here.

———————————————————————————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

JGC Deferred Prosecution Agreement: Cooperation with DOJ Still Key

I had not, at least in recent years, thought I would be able to say that the Houston Astros have a better record this late in the season than the Boston Red Sox. But at least as of yesterday, now 1-5 Astros no longer share the worst record in baseball, which now belongs to the Red Sox and Tampa Bay Rays, both with a 0-6 starts. So baseball fans, you had best put on your seat belt for it could well be a bumpy ride this season.

All of which brings us to the JGC settlement this week with the Department of Justice (DOJ) regarding the Nigerian Bribery Scandal. JGC agreed to enter into a Deferred Prosecution Agreement (DPA) and agreed to pay a fine of $218 million. This settlement closes out the FCPA chapter (corporate division) on the Scandal where the DOJ obtained fines and penalties in the range of $1.5 Billion. The DPA itself had a couple of interesting features.

The first is that JGC (apparently) did not cooperate with the DOJ as well or as thoroughly as other companies have done in the FCPA investigation. JGC received a -1 credit for reduction in its overall Culpability Score for “clearly demonstrated recognition and affirmative acceptance of responsibility for criminal conduct”. Readers will note that this is the same score received by Alcatel-Lucent in its DPA and the estimated costs to Alcatel-Lucent for this perceived lack of recognition and acceptance ranged between $20MM to $10MM, which ‘only’ paid a monetary penalty of $92MM. Contrast this score with that received by Maxwell Technologies, -5 reduction in its overall Culpability Score for its “Voluntary Disclosure, Cooperation and Acceptance. The clear message here is that full cooperation will bring down a company’s fine and in a very significant amount.

 The next items of interest are that JGC agreed to implement (1) a system of internal controls and (2) a rigorous anti-corruption compliance code consistent with the FCPA, Japanese anti-corruption laws and other applicable anti-corruption laws. This language sounds like the company needs to start at the beginning to create such an anti-corruption program. Attachment C of the DPA fleshes out the specifics of the compliance program the DOJ recommends for JGC.

Last is that instead of a Corporate Monitor, JGC agreed to an “Independent Compliance Consultant, who is to “evaluate JGC’s corporate compliance program with respect to the FCPA, Japanese laws implementing the OECD convention…and other relevant anti-corruption laws. The interesting thing here is that while this position is termed “Independent Compliance Consultant” it really sounds like a Corporate Monitor as the DOJ has the right to choose the candidate, from those proposed by JGC.

 Once again the DOJ has clearly informed the compliance community that cooperation in the investigation and enforcement process can pay dividends in terms of a lower fine. I hope companies are getting the message.

For a copy of the JGC Deferred Prosecution Agreement, click here.

For a copy of the JGC Criminal Information, click here.
 This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Additional Proposed Amendments to the Foreign Corrupt Practices Act

Ed. Note-we are pleased to post a guest article by our colleague James McGrath.

A fortnight ago, the US Chamber Institute for Legal Reform issued a white paper entitled “Restoring Balance – Proposed Amendments to the Foreign Corrupt Practices Act”.  Written by Andrew Weissmann and Alixandra Smith, it is the Institute’s response to stepped-up FCPA enforcement activities over the past five years that have highlighted deficiencies in the statute.  These shortcomings make for onerous investigations, prosecutions, and penalties seemingly beyond its legislative intent.  This article suggests two additional amendments not in response to any textual deficiency, but rather, to evolving government enforcement philosophy.       

The FCPA is only a small part of the larger effort to get American business entities to behave ethically and police themselves, thereby ensuring good corporate citizenship. Since 1991, Chapter Eight of the United States Sentencing Guidelines has provided the framework for these efforts by mandating that companies institute and maintain vibrant compliance and ethics programs to ensure that corporations and their employees are trained in, and adhere to, morally-sound practices within their industries.  When there are ethical lapses, as infamously seen with Enron, et al., the Guidelines mandate that companies to respond to these breakdowns. 

These responses require businesses to impartially investigate what happened and why, and then to take remedial action to ensure that such breakdowns do not recur.  Remedial action may include retraining of employees, wholesale or partial re-vamping of compliance and ethics programs, self-reporting of perceived law-breaking to enforcement authorities, or a combination of these.  When companies do self-report and are prosecuted in criminal or civil actions brought by the government, resulting prison sentences, fines, and other penalties – including the disgorgement of profits – can be reduced significantly by cooperating with a federal agency’s investigation of the same.    

The problem with the current state of the FCPA is it’s imprecision.  An anti-bribery statute, it prohibits U.S. companies from giving, promising, or authorizing the giving of anything of value to a foreign official in order to secure a business advantage in a foreign country.  See 15 U.S.C. §78dd-1 through 15 U.S.C. §78dd-3. However, the statute specifies no culpable mental state such as “intentionally” or “knowingly”, provides little guidance as to what constitutes “anything of value”, and is vague in its definition of a “foreign official”.  Further, it contains no provisions defining a company’s liability for the prior acts of a company that it has later acquired or for that of a subsidiary acting without the parent’s knowledge.

Compounding this muddy state of affairs is the DOJ’s very aggressive stance on FCPA enforcement.  In recent years, it has essentially taken the positions that: (1) the FCPA is a strict liability offense, (2) the value threshold can be very low, even de minimus, (3) a foreign official can be almost any foreign national, and (4) successor and subsidiary liability is unlimited.  This makes tough sledding for companies doing business overseas, and DOJ Criminal Division Assistant Attorney General Lanny Breuer’s promise at Compliance Week 2010 of even more heightened FCPA enforcement surely influenced the US Chamber Institute’s formulation of its proposed amendments to that statute. 

The Institute white paper suggests five changes to the law: (1) addition of an affirmative “compliance defense”, (2) limiting corporate liability for prior acts of a company it has later acquired, (3) positing “willfulness” as the culpable mental state under the statute, (4) limiting a company’s liability for the acts of its subsidiaries, and (5) more clearly defining a “foreign official”. 

All of these are excellent proposals, and amending the FCPA by their incorporation would clarify the statute and go a long way toward leveling the enforcement playing field.  However, given statements made in the aforementioned May 27, 2010 address, two more amendments should be considered.  

As noted earlier, an effective compliance and ethics program requires companies to conduct internal investigations into possible FCPA violations.  In his presentation, Mr. Breuer advised that when a possible violation has been discovered, the corporation should (1) seek the government’s input on the front end of its internal investigation, (2) describe its work plan for conducting the inquiry, and (3) be responsive to DOJ questions, suggestions, and requests to expand the scope of the investigation.

From an internal investigations perspective, this “call first” demand constitutes a seismic shift in the government’s perception of its role in the process and should present tremendous business and legal concerns for a company in its crosshairs.  What the DOJ is asking for is access to the inner workings of private-sector companies and how they conduct themselves in a way that has heretofore not been seen.  

At present, when an FCPA violation occurs, there is generally the following investigatory timeline: (1) occurrence of the perceived corporate wrong, (2) performance of the company’s internal investigation, and (3) determination by the company of whether to self-report and cooperate with the government’s parallel investigation and potential litigation. 

In this sequence, the company conducts its own inquiry before making the critical decision to implicate itself or not.  Because these internal investigations are usually conducted by outside counsel, if no wrong is found by that independent investigation, its results are protected from disclosure to third parties by operation of the attorney-client privilege.  See: Upjohn Co. v. United States, 449 U.S. 383 (1981).  This safeguard to the company is vital.  In an era of global markets and instant information, the protection of an exonerated company’s reputation may very well save it from complete ruin, as the mere specter of dirty laundry can be damning on Wall Street.  

Alternatively, if a company contacts and co-ordinates its internal investigation from the outset with the DOJ, its ability to protect the direction, yield, and publicity of any such inquiry will be nil.  Dirty or not, it will have waived attorney-client privilege and laid open it entire operation to government investigators.  That should be unnerving to even the most ethical company. 

A line of cases beginning with Coolidge v. New Hampshire, 403 U.S 443 (1971) stands for the proposition that government  agents need not ignore evidence of other illegal activities they happen upon when they are lawfully present, even on an unrelated matter.  This “plain view” exception to the probable cause and warrant requirement is never lost on law enforcement.  It is therefore not difficult to imagine aggressive government investigators with access to a company’s every last document and memoranda hunting until they find wrongdoing to prosecute, be it the FCPA violation that they were invited in on, or something else. That is a daunting prospect to consider.

 This is not to advocate that companies should be able to hide their illegalities and avoid prosecution.  Quite the contrary.  The USSG laudably balances the sometimes-competing and sometimes-cooperating interests of ensuring self-policing, respecting corporate privacy, and doing justice by prosecuting wrongdoers.  To establish a precedent where the government is called into, and becomes a partner in, every FCPA internal investigation flies in the face of Chapter Eight of the USSG by eradicating the self-policing that is its purpose.  

To be clear, adhering to Mr. Breuer’s suggestion of early government involvement in a company’s internal investigation is not always going to be unacceptable or ill-advised.  Whether to do so or not is a business and legal decision that is best made by corporate leadership.  However, allowing his present request to ripen into a future demand, and then into a policy that over the course of time and through stare decisis becomes the law of the FCPA land, usurps the authority of Congress and is wrong. 

As a result, any prospective legislation amending the FCPA should protect the balance of interests in corporate criminal and civil prosecutions already struck by the USSG.   Involving the DOJ at the outset of the internal investigation process as mandatory for receiving cooperation credit under the Guidelines should be expressly prohibited.  And for those companies that do invite the government in as investigatory partners from the beginning, there should be some transactional or use immunity – or at least some limitation on penalties and sanctions – for other wrongs uncovered during the course of the FCPA investigation in recognition of their good-faith efforts to cooperate with the government.  

While neither of the foregoing proposals can nor will remedy the adverse publicity aspect of early DOJ involvement where elected, the former does safeguard corporate privacy and attorney-client privilege interests, while the latter fairly and justly limits the impact of a “corporate plain view” violation.    These are adviseable as counterweights to continued and vigorous government FCPA enforcement activity and will maintain a level playing field between companies seeking to ethically do business abroad and the DOJ. 

James J. McGrath is a former prosecutor and the managing partner of McGrath & Grace, Ltd., a law firm that specializes in conducting independent corporate internal investigations. He can be reached at james.mcgrath@mcgrath.grace.com.