What a Long Strange Trip It’s Been – The First 1000 Blog Posts

Yes, indeed the Grateful Dead can and does inform your compliance regime as today is my 1000^th blog posting on the FCPA Compliance and Ethics Blog. To say that I ever thought I would see this day or this many blog posts, would portend a level of clairvoyance that even Carnac the Great could not conceive of pontificating upon. I had struggled with a theme for this momentous accomplishment but my sublimely-grounded English wife brought me down from the ethereal clouds with the following suggestion, “Even an old dog can learn new tricks.” Nothing like being married to a younger woman.

So today, I want to write about some of the things I have learned on this 4+ year journey, which began in late 2009/early 2010 after a serious automobile/bicycle event (Box Score: Hummer-1 Tom-0) where about the only thing I had on my hands was time while I was at home convalescing. I started to explore the world of social media, engaging on Twitter, webinaring from my home office and blogging. I was so un-savvy in this arena that about the only positive thing my teenaged daughter could say about me was “Dad, you are so unhip, you are retro. But that is cool too.” The first thing I learned was that even a complete computer misfit and social media idiot could set up a blog on WordPress. It is not only easy but free. I cannot say with any pride that some of my early blogs were very good but I can say that for a lawyer, whose only skill was to be able to perform word processing in Microsoft Word, I could type and then upload a blog post into WordPress. At that point in my blogging career, that was a major accomplishment.

Although it did take some time, I learned how to stop writing like a lawyer, with full citations in each blog, coupled with as much lawyerese as I could manage, by finally adjusting to a blogging format. I also relearned an old lesson, which says that if you really want to learn about a subject, write on it. I remember one of the first things I learned when researching the Travel Act was that this Kennedy era law, passed largely through the efforts of Bobby Kennedy, was designed to help in the fight against organized crime. So who would say a 60 year old law cannot be used for a 21^st century purpose? Or maybe even a Watergate-era like the Foreign Corrupt Practices Act (FCPA) could not have an expansive use, beyond that for which it was passed in 1977? I also learned that if you put out solid content people will read and listen to what you have to say.

I learned there are some great people out there blogging in the ethics and compliance space. I have met some fabulous colleagues through my blogging who have not only been incredibly supportive but whom I now cherish as good friends. Some of them include Mike Koehler, the FCPA Professor, for his scholarly rigor and continued intellectual challenges. Dick Cassin, the Dean of FCPA bloggers, for his unflinching support to myself and so many others. Mike Volkov, former prosecutor and DC-insider, who is always around to bounce a tough question off. Howard Sklar, who was my This Week in FCPA podcast partner, until we lost him to the corporate world. Francine McKenna, a great and generous mentor for myself and many others and the go-to person all issues in and around the accounting world. Jim McGrath, the internal investigations guy, who brings a former state prosecutor’s perspective to how investigations should be handled and critiqued. Matt Ellis, whose focus on and insights into South America (as in – it’s not a country) continue to shine a light on anti-corruption issues south of the border. Matt Kelly, Editor of Compliance Week, who saves some great witticisms for his weekly blog posts. These are but a very few of the folks I am now privileged to call friends because of my blogging.

I learned that there is way too much white noise in the FCPA space. The FCPA Professor calls them FCPA Inc. and Mike Volkov derides them as the FCPA paparazzi. Whatever you might call them, they put out reams and reams of information, sometimes useful but many times not. What I have tried to do is synthesize some of the most useful for the Chief Compliance Officer (CCO), compliance practitioner or anyone else who does the day-to-day work of anti-bribery/anti-corruption compliance. There are many, many things you can know but a far smaller subset of what you need to know. I try to bring to the compliance practitioner what they need to know. That is why the subtitle of my blog is ‘The Nuts and Bolts of FCPA Compliance’. I have tried to write about things which the compliance professional can use in the everyday practice of compliance.

I have learned that blog posts, which I thought were the most important, may turn out to be the least viewed blogs. Conversely, posts I did not think would be of great interest turned out to have the largest number of one-day hits. For instance, the largest single number of one-day hits I had was an article from two years ago about the SNC-Lavalin corruption investigation in Canada. [For a blog about FCPA compliance-go figure.] The second largest number was a recent blog post using the GM internal investigation as an exploration in the differences between a corporate legal function and its compliance function.

I have learned that by committing to something, you become much better at it. My first year of blogging, I tried to put out 2-3 blogs per week but beginning in 2011, I committed to a daily blog post. Once I made that commitment, blogging became a part of my workday. Once it became a part of my workday, it was like any other project or assignment. I had to set aside the time to work on it. It has made me a much more efficient and better writer to know that I need write something, during my workday. Yes there have been times I was up at 5 AM to write a post or stayed up way past my school-night bedtime trying to crank something out but those situations have become few and far between as I became more disciplined about my blogging.

But most of all I have learned that blogging is fun. It is fun because it is a challenge to write about something in an informative and engaging manner. It is fun to tie a Shakespeare play to a compliance and ethics theme. It is fun to read a week’s worth of Sherlock Holmes’ stories and tie a compliance topic to a story each day for one week. It is fun to find out what happened this day in history and use it as a hook to grab your readers’ attention. It is fun to engage in a debate with the FCPA Professor on a topic of mutual interest, where we look at the same thing, yet see it from different perspectives. And it is fun when you meet someone for the first time and after you introduce yourself, they say to you “When is a rose, not a rose? When it’s a FCPA violation”.

Where will the next 1000 blogs posts take me? I have no clue but if they are as much fun as the first 1000 posts have been I hope that you will continue to join my on This Long Strange Trip.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

The Harvest Moon Will Shine a Light on Compliance

The Harvest Moon is generally considered to be the full moon closest to the Autumn Equinox; the day in the fall when night and day are most equal in length. In folklore, the Harvest Moon was a symbol of fruitfulness allowing farmhands light to work on harvesting through the night or having a long roll in the hay, if one believes in the fertility enhancing properties of such events.

While I cannot speak directly to the latter, I can delineate some compliance related news on the former. As many of you might remember, I was privileged to have been part of the This Week in FCPA podcasts with Howard Sklar. Howard went off to the wide world of corporate compliance. This week I started a new compliance related podcasts series, The FCPA Compliance and Ethics Report, which can be found here. In this podcast series I will bring you the latest compliance, Foreign Corrupt Practices Act (FCPA), Bribery Act or any news related to other laws or topics regarding anti-corruption and anti-bribery. I will also be interviewing many of the leading compliance practitioners, compliance and ethics thought leaders, compliance product and service providers and others who impact the growing field of anti-corruption and anti-compliance. So if you are interested in being interviewed, give me a shout.

My first two podcasts are up. In Episode 1, I review the compliance related news of the summer, beginning with the GlaxoSmithKline PLC (GSK) matter and up through the revelations that JPMorgan Chase is being investigated for possible FCPA violations in regards to its hiring of the sons and daughters of Chinese government officials. In Episode 2, I interview Matt Ellis, founder of FCPAméricas blog. Matt discusses the new Brazilian anti-corruption law and relates how it may play out for US and other western companies in the upcoming rollout to the world’s grandest sporting events in the next three years, the World Cup in 2014 and the Summer Olympics in 2016.

Speaking of Matt Ellis, he has recently begun a site which is long overdue for the Spanish and Portuguese speaking compliance practitioner. Matt has added two well-known compliance practitioners as contributors to this new site. They are Carlos Ayres who specializes in anti-corruption and compliance issues, with a particular focus on Brazil and other regions of Latin America. He is an attorney with the law firm Trench, Rossi e Watanabe Advogados and co-chair of the Anti-Corruption and Compliance Committee of IBRADEMP (The Brazilian Institute of Business Law) in São Paulo. The second is Matthew Fowler, a seasoned FCPA attorney with over 12 years of experience as both outside counsel in leading law firms and internal counsel at a major defense company. He currently covers anti-corruption issues for the Inter-American Development Bank in Washington, D.C.

Beginning this month, the FCPAméricas Blog will regularly offer its new posts in Spanish and Portuguese. Matt’s translation partner for this new fabulous resource is the international translation company Merrill Brink. To get the ball rolling Matt has gone back and translated some of the most popular posts from his archives. So go over and check out the site. If your company has operations in Portuguese or Spanish speaking companies you might have your compliance team in those venues subscribe to this new resource.

If you are interested in how to manage your third parties in the FCPA context, please listen in on a webinar in which I am participating next week, entitled “Engaging With Confidence: Mitigating the Risk of Third-Party Relationships”. It is sponsored by Compliance Week and Datacert. This webinar will explore best practices for mitigating third-party risk, informed by latest government guidance and enforcement actions. Attendees will learn how technology can help prioritize and target due diligence efforts and facilitate ongoing monitoring to support a sustained state of compliance. The webinar is complimentary and will be held next Tuesday, September 10 at 1 PM CDT. Information and registration is available by clicking here.

Lastly, I am extremely pleased to announce that my most recent book, Best Practices Under the FCPA and Bribery Act, is now available on Kindle. The price is only $9.99 and is available at amazon.com. If you have not picked up the hard copy version, this is your chance for the electronic version. You can purchase the book by clicking here.

And last, but not least, pro-football is back…proving once again…there is a God.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

A Cornucopia of Great FCPA Articles for Your Friday Consideration

It has been a great couple of weeks for article regarding the Foreign Corrupt Practices Act (FCPA). While I have resisted having a Friday Round Up of all things FCPA compliance related because both the FCPA Professor, on his site and Dawn Lomer on iSight.com have two of the best, some of the articles that I have read over the past are well worth a post about. So with a tip of the hat to both of these blogging colleagues, I submit for your Friday consideration the three following authors with their superior articles.

The FCPA Professor

The FCPA Professor has published two excellent articles over the past two weeks on the FCPA. The first was his 80 page tome, “The Story Of The Foreign Corrupt Practices Act”. In this article, published in the Ohio State Law Journal, the Professor explored the more than two years of investigation, deliberation, and consideration, which led to the passage of the FCPA in 1977. Noting that it was  “a pioneering statute and the first law in the world governing domestic business conduct with foreign government officials in foreign markets” the Professor wove together “information and events scattered in the FCPA’s voluminous legislative record to tell the FCPA’s story through original voices of actual participants who shaped the law.” In his article I learned who supported legislation aimed at stopped the bribing of foreign government official and how the final legislation came into being after a long and arduous process.

This week, the Professor published his review of the Department of Justice FCPA Guidance, which came out last month, entitled “Grading the Foreign Corrupt Practices Act Guidance“. It was published in Bloomberg / BNA’s White Collar Crime Report. As you have come to expect from the Professor, his review is proactive. His abstract details some of the items he discusses, such as “(i) the enforcement agencies’ motivations in issuing the Guidance and the fact that it should have been issued years ago; (ii) the utility of the Guidance from an access-of-information perspective and how the Guidance can be used as a measuring stick for future enforcement agency activity; (iii) how the Guidance is an advocacy piece and not a well-balanced portrayal of the FCPA as it is replete with selective information, half-truths, and, worse information that is demonstratively false; (iv) how, despite the Guidance, much about FCPA enforcement remains opaque; and (v) how, despite the Guidance, FCPA reform remains a viable issue.”

As I once said about Dick Cassin and his FCPA Blog, “If the FCPA Blog didn’t exist, someone would have to create it and fortunately for us Dick has done so.” To this list I now must add the FCPA Professor, so to paraphrase Paul Samuelson, when asked to comment about Milton Friedman winning the Nobel Prize in Economics, “if the FCPA Professor didn’t exist, we would have to invent him.” You can agree or disagree with the Professor but he stirs debate and puts out topics for dialogue, which as the son of Professor, is what I think that academicians should do.

 Alexandra Wrage

For the longest time, my This Week In FCPA colleague Howard Sklar crowed to me about Alexandra and how he was such a big fan. Of course I knew of her and her work as President of Trace. Like many of us, I bemoaned the fact she no longer blogs on a regular basis. She does speak on a regular basis and early this year I heard her speak at the Beacon Events Corruption and Compliance South and Southeast Asia Summit. Fortunately she spoke after I did because she is a very dynamic speaker. In addition to her numerous speaking engagements, she does publish articles from time-to-time and yesterday we were treated to a most timely article on gift giving and gift receiving. It was published on the Corporate Insider blog site of Corporate Counsel and was entitled, “‘Tis the Season When Gifts Become Bribes”. In her article, Wrage explored the receipt of gifts by employees in the context of corruption. The article is certainly worth your time to read but she listed the points that any company or compliance professional needs to consider in a gift giving or gift receiving policy:

• Gifts should be modest, tokens of esteem.
• Ideally, they should bear the corporate logo or reflect the company’s products and they should be provided openly and transparently.
• Delivering to an office is preferable to sending to a home address.
• One gift-giving holiday or event should be observed. It doesn’t matter if it’s Diwali, Eid, the Lunar New Year, July 4th, or Christmas, but pick (only) one.
• Perishable gifts of flowers or food are generally thought to be less risky, in part because they can’t be resold.
• Give consistently and without regard to pending or recent procurement or other official decisions.
• Follow corporate policy.
• Document everything.
• Give in good faith and without expectation of any quid pro quo.
• A moderate annual affirmation of both new and longstanding relationships is not a bribe.

Good ideas to follow any time of the year.

Jim McGrath

Jim is a former prosecutor and chief legal officer of a federally funded drug task force so he comes with a different perspective than my civil law background. Jim blogs on his own site, the Internal Investigations Blog and as you may discern from the name of his blog, he tends to look at the investigative side of things. He did so again in a post entitled, “Little Things Mean A Lot: The FCPA Guide on Internal Investigations”. McGrath looked at the DOJ FCPA Guidance from his investigative perspective and came up with the following nugget: “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation. Companies may employ, for example, anony­mous hotlines or ombudsmen. Moreover, once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” From this he wrote that the “text mandates that companies not only have “in place an efficient [and] reliable . . . process for investigating [an] allegation”, but that it be “properly funded” as well.  [italics in original]

McGrath believes that this language should raise concerns for Chief Compliance Officer “across the land, since “properly funded internal investigation” has now been added to the pile of ill-defined terms such as “foreign official”, “instrumentality”, and “anything of value”. Further he raised the following questions:

• What happens if the unforeseeable occurs and the wheels come off in far greater severity than anticipated when the CCO stocked the internal probe war chest?
• Will that shortcoming be considered a hallmark of a less-than-effective compliance program and militate against a non-prosecution or deferred prosecution agreement or will it factor into a higher culpability score and greater penalties?
• And who – as if practitioners didn’t know – will decide these issues?

I recommend all of these articles and authors to you. Each brings a different perspective and each can help you build, create or enhance your compliance program to meet best standards. A good Friday to all and let us hope that the Texans can recover from their debacle in Boston.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The Red Scare: Knowledge and the Importance of Due Diligence

 Ed. Note-we continue our series of guest posts from our colleague Mary Shaddock Jones, who today looks at the importance of due diligence.

At midnight on November 9, 1989, East Germany’s rulers gave permission for the Berlin Wall, separating East and West Berlin, to be opened up.  Ecstatic crowds immediately began to clamber on top of the Wall and hack large chunks out of the 28-mile barrier.  I remember viewing the scene on T.V.  It was a momentous moment in world history.  For those of you who may not know, while East Germany never officially adopted a “red flag” for its country, on most official buildings, the national flag (black-red-gold with hammer and circle) was flown with a solid red flag flown next to it!  Twenty-two years later the “fall of the Red Flag of East Berlin”, seems like distant memory.  However, for businesses doing business internationally the “red flag” has once again come to represent a warning or a threat in terms of liability under the FCPA

The Lay Person’s guide to the FCPA published by the Department of Justice warns U.S. firms about their choice of overseas partners and agents. A bad choice is someone who is likely to make corrupt payments. That likelihood, the DOJ says, is usually indicated by warning signs called “red flags.” If there are red flags to start with, and if the intermediary does bribe a foreign official to help the business, the company will have trouble arguing it shouldn’t be responsible for an FCPA violation based on an indirect corrupt payment.

Red flags, as the name suggests are easy to spot, and include such things as: (1) unusual payment patterns or financial arrangements;  (2) a history of corruption in the country;  (3) a refusal by the foreign joint venture partner or representative to certify that it will not take any action that would cause the U.S. firm to be in violation of the FCPA; (4) unusually high commissions; (5) Lack of transparency in expenses and accounting records; (6) An apparent lack of qualifications or resources on the part of the joint venture partner or  representative to perform the services offered; and, (7) a recommendation from the local government of the intermediary to hire this particular third party.

Although red flags are often relatively easy to discover, the failure to look may result in a company being subject to severe penalties.  As a result,  prior to dealing with any third party, companies should conduct Due Diligence in an  attempt to discover whether the third party is involved in any prohibited corrupt practices or has some connection to a foreign government official that you may not be aware of.  Due diligence is thus an essential tool, as it allows one to acquire knowledge of any existing or potential “red flags”, thus enabling entities to make informed decisions on whether or not to interact with or transact business with certain persons and entities.

The practical pointer for today’s blog is this- The undeniable truth is that Companies must know who they are doing business with and, as importantly, why they are choosing to do business with this particular entity.  This requires the accumulation of information! In order to collect adequate information concerning prospective third-party Agents or Business Partners, many companies are now using a consistent set of tools, for example: (1) questionnaires requiring the person within the company who is recommending the retention of a third party to provide basic information such as the reasons for engagement, the specific services required, how prospective third-party individuals or companies were selected for possible service, relevant experience and capabilities of the prospective third party, whether the prospective third-party would need to interact with government officials, how much and in what manner the third party should be compensated, etc.; (2) a questionnaire submitted to the prospective third party requesting significant information regarding the ownership, physical location, management, experience, relationship to foreign government officials, references of the third party and an assurance by the third party that it understands and is willing to comply with anti-corruption laws and regulations; (3) some method of vetting the reputation and background of the prospective third-party representative or business partner. Ultimately,  the level of due diligence required will generally be commensurate with the level of perceived risk.

When conducting due diligence of high-risk third parties, one should typically employ the services of  third party professionals.  These professionals can help insure that the high risk third party does not pose potential FCPA liability through the use of various means such as: checks of corporate filings and business records, legal proceedings, Internet searches, and adverse media checks.  Furthermore,  many emerging markets and developing countries pose such a great risk of FCPA liability, that additional due diligence procedures including “in-country” (a/k/a “boots on the ground”) searches may be required such as: conducting searches of localized public records, phone interviews, site visits, and reference checks.

Consider the following policy language:

Under the U.S. FCPA,  the Company and its Personnel could be liable for indirect offers, promises of payments, or payments to any Government Official (or to private entity if the UK Bribery Act is involved) if such offers, promises, or payments are made through an Agent or Partner with the knowledge that a Government Official will be the ultimate recipient. As a result, it is important that the Company, through the Company Compliance Officer, consider the necessity of conducting anti-corruption due diligence on a prospective Agent or Partner. If after performing a risk assessment the Company concludes that a due diligence investigation should be conducted, then the extent of the investigation must be determined.  The degree of due diligence the Company will perform depends upon a lot of factors, including the dollar value of the arrangement, the expected contact with government officials, and the country at risk.  In making the determination, the Company will consider whether the transaction raises “red flags”.

Examples of common “red flags” with third parties are as follows:

• The prospective acquisition target, Agent, or Partner insists that its identity remain confidential or refuses to divulge the identity of its owners, directors, or officers.
• Family, business or other ‘special’ ties with government or political officials.
• Reputation for violation of local law or company policy, such as prohibitions on commissions, or currency or tax law violations. Also negative press, rumors, allegations, investigations or sanctions.
• The transaction or the prospective acquisition target, Agent, or Partner is or operates in a country where there is widespread corruption or a history of bribes and kickbacks
• Requests from government officials or agencies to engage or hire specific third parties.
• Inadequate credentials for the nature of the engagement or lack of an office or an established place of business.
• Missing or inadequate documentation to support services and invoices. Unsupported charges or expenses, requests for payment of non-contracted amounts.
• Convoluted or complex payment requests, such as payment to a third party or to accounts in other countries, requests for payments in cash or requests for upfront payment for expenses or other fees.
• Requests for political, charitable contributions or other favors as a way of influencing official action.
• Third party has a reputation for getting ‘things done’ regardless of circumstances or suggests that for a certain amount of money, he can fix the problem or “make it go away”.

All due diligence investigations conducted by the Company will include an analysis of potential “red flag” issues.  Investigations of potential “red flag” issues should be carefully documented and relevant documents, such as due diligence, questionnaires, reports, and compliance certificates, should be maintained by the Company Compliance Officer or his or her designee.

On Monday, we will examine contractual language to consider when contracting with approved Agents and Partners.  Stay tuned.

 Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries.  She was of the first individuals in the United States to earn TRACE Anti-bribery Specialist Accreditation (TASA).  She can be reached at msjones@msjllc.com or 337-513-0335. Her associate, Miller M. Flynt, assisted in the preparation of this series.  He can be reached at mmflynt@msjllc.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor.

 

Internally Funding Your Compliance Program

Big banks are not doing too well these days in the compliance arena. From Barclay’s and the burgeoning LIBOR manipulation scandal; to HSBC and its money-laundering operations for drug cartels over the past several years; to the ongoing reckoning of JP Morgan and its $5 bn+ trading loss that it is still trying to extricate itself from several months after publicly announcing the loss, big banks seem to be more in the news these days for compliance failures rather than successes.

I saw an article in The Rector Factor section of the July 27 Houston Business Journal, entitled “Prepared company perspective for lenders, investors”, by columnist Bruce Rector that discussed some ideas that companies might draw upon when looking for financing. I thought it would be helpful for the compliance practitioner to use as a guide when putting together a budget, or other, request for funding a compliance initiative.

Rector wrote about the materials a company should put together and have ready when they are seeking financing from banks, investors or other financial institutions. He set out a list of information that a company should have prepared and be ready to present to such institutions because any entity or person who may provide funding is going to want to know some specific details about your company. He believes that management needs to anticipate such requirements and prepare in advance for it. He cautions not to wait until the last minute to put the information together or when you seek funding as “waiting until you need money is never the best time to go out and get it.” While you can be so mundane as to call this a “loan application” Rector believes that if you lay out the information in a coherent manner, it would allow an outsider to get some “perspective on the company”. Further, he believes that such information is actually “multipurpose and can be used to inspire and sell stakeholders – you, your bankers and investors, and your employees – on the business and its prospects” for your company. I have modified Rector’s recommendations for a ‘good application’ to steer them towards a Compliance Department.

• Executive Summary. This should be no more than three (3) pages and it should convey excitement and impact. It must spell out your compliance mission and clearly state the opportunities that are presented for your compliance group to not only further the goals of compliance with the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act but how these opportunities will result in increased earnings and profits.
• The Industry. Here is an opportunity for bench-marking within your industry. You should use credible research from recognized authorities or collect the information from your colleagues in other companies directly, if such information is available to you. You should focus on the size, growth and significance of compliance within your industry and the opportunities for growth within your company.
• The Company. Here you should walk the reader through how your compliance program has grown; this could include organic growth, detailing areas that you may have engaged in as best practices have evolved, and growth of your compliance regime through acquisitions. You should also share major victories and tie all of these into your company values as set out in your published Code of Conduct.
• Management and Ownership. Here is an opportunity for you to recognize the persons in your compliance organization. You should have an organizational chart, biographies of key personnel and anticipated hiring needs.
• Financial Information/Projections. Here you should create a three-year forecast using best, probable and worst-case scenarios for each year on a cash basis. In this section you should include historical return on investment (ROI) figures from prior initiatives, to the extent that you have any and end with a current balance sheet that will indicate and extend top and bottom-line growth for your compliance department.
• Purpose of the Investment. Here you need to be short, compelling and to the point. You should spell out precisely what you are asking for and reiterate what you will do with the funding.

My This Week in FCPA partner, Howard Sklar, often talks about the “internal marketing” of compliance. I believe that Rector’s suggestions in putting together information for financial investment would be a good way for a compliance practitioner to think about internally marketing compliance and internally seeking funding for compliance initiatives.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Third Party Checkup

In a January 29, 2012 editorial in the New York Times (NYT), entitled “Made in the World”, columnist Thomas Friedman wrote about the end of ‘outsourcing’; his thesis being the “world is now so integrated that there is no “out” and no “in” anymore. In their businesses, every product and many services now are imagined, designed, marketed and built through global supply chains that seek to access the best quality talent at the lowest cost, wherever it exists.” However, the ‘cheapest’ does not necessarily mean the best for your company.

What are your company’s risks for not knowing such information? Clearly anti-corruption legislation has remedies for civil and criminal liability. However, equally great may be reputational damage, “even from public investigations into a third party.” Put another way, how do you think the folks at Apple felt when they woke up on the morning of January 25, 2012 to find the following headline on the front page of the NYT “In China, Human Costs are Built into an iPad”?

In a recent White Paper, entitled “Third Party Essentials: A Reputation/Liability Checkup When Using Third Parties Globally”, authors Marjorie Doyle and Diana Lutz posit that in most foreign business partner relationships, your company will be held responsible for the actions of third parties which work for and with your company. The new global expectation is that “you know who they are, you have vetted them and you are in control of the activities for which you hired them.” They further believe that such is even more important when anti-corruption and anti-bribery laws, such as the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other OECD based legislation, are applicable. They note, “Gone are the days when organizations could wash their hands of liability or damage to reputation from outsourced work due to ethics and compliance failure.”

To help companies navigate through the issues, the authors have prepared a checklist to test an “organizations health status concerning your relationship to your third parties.” It is as follows:

1. Do you have a list or database of all your third parties and their information? Does your company have a full list of all third parties including such basic information as name, location, type of services provided, contract files and dates, principals of the third party and primary contact, due diligence files and any other information you might need to manage the third party relationship going forward?
2. Have you done a risk assessment of your third parties and prioritized them by level of risk? You need to know which third party services present the greatest risk to your company by asking some of the following questions: (a) Is the third party’s service critical to your business?; (b) Is the third party’s service performed with little company supervision or oversight?; (c) Does the third party have access to any company funds, resources or assets?; (d) Can the third party fund the company contractually?; and (e) Does the third party obtain any foreign governmental licenses, certifications or other approvals for your company?
3. Do you have a due diligence process for the selection of third parties, based on the risk assessment? You should use the information determined through the risk assessment to “tailor the level of diligence to the level of risk.” Assign a risk profile to categories, such as high, medium and low. The higher the risk, the more due diligence will be required to vet the third party.
4. Once the risk categories have been determined, create a written due diligence process. Here you need to have a written policy and defined procedures to implement that policy. The policy should include the following: (a) who is responsible for implementation; (b) list of red flags and how such red flags are to be dealt with and cleared; (c) a procedure to pay for any due diligence performed; (d) reference checks on third parties; (e) procedures for in-person interviews for third parties in a high risk category; (f) conflicts of interest checks, and (g) process for documentation and storage of all of the above information.
5. Once the third party has been selected based on the due diligence process, do you have a contract with the third party stating all the expectations? In addition to your standard commercial terms, your third party contract should also include compliance terms and conditions, which should including the following: (a) anti-corruption and anti-bribery certification; (b)requirement that the third party maintain accurate books and records and that your company has audit rights; (c) indemnity rights; (d) anti-corruption and anti-bribery training for the third party’s employees; (e) an anonymous reporting mechanism for ethics complaints; (f) require the third party to obtain pre-approval to subcontract out any of its work for your company; (g) require the third party to report any ownership change back to your company, and lastly (h) clear termination rights.
6. Is there someone in your organization who is responsible for the management of each of your third parties? Just as your company would never have an employee who is not supervised, your company should not have a third party which does not have company oversight. You should designate a manager to maintain the third party relationship with your company. Such relationship manager should maintain and update documentation on the third party, work with Internal Audit to schedule and perform audits, meet regularly with the third party and oversee adherence to the third party’s contract with your company.
7. What are “red flags” regarding a third party? Red flags are generally recognized as signs or situations which should give rise to further investigation by your company. While there are innumerable questions which can be asked and answered, I believe that red flags are generally organized into some or more of the following categories: (a) something seems out of the ordinary; (b) reluctance of party to supply information/difficulty of verifying information; (c) the company/services/principals are not verifiable by data, only anecdotally; and (d) mismatch in business experience with the product or services offered. Whatever red flags you list, if they are undiscovered or left unresolved, it could certainly cost a reputational loss or worse for your company.

Many companies understand the maxim “Know Your Customer (KYC)”, nevertheless, in today’s global economy this maxim may well need to be expanded to “Know Your Third Party”. The authors conclude by agreeing with Thomas Friedman’s observation in his Op-Ed piece “that there is no “out” and no “in” anymore” and that “the rule is: Source everywhere, manufacture everywhere, sell everywhere.” However, with this opportunity brings potential costs. Your company should “apply the same rigor in selecting, training and managing third parties” as it does for its own employees. A good place to start is with a third party checkup.

============================================================================================
Episode 29 of This Week in FCPA is up. Howard Sklar and I visit with the winning defense lawyers in the O’Shea case.

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

10 Global Compliance Trends for 2012

Many commentators looked back at the events of 2011 in the compliance arena and have looked forward into 2012. However, most of the commentators in the United States focused on the US Foreign Corrupt Practices Act for both their retrospective and Great Carnac tea leaf readings. This lack of international focus is rectified in the January, 2012 issue of the Compliance Week Magazine, in an article entitled, “Ten Global Compliance Trends to Watch in 2012” by Neil Baker. The issues presented on the list are matters which any compliance professional from a US company, which has international operations should review and be prepared to face.

1. Britain loses its voice in Europe. The author believes that Britain’s veto of France and Germany’s plans to bring closer governance of EU members will reduce the UK influence in compliance matters. He believes that this may lead to more Euro-centric regulatory zeal against US-style capitalism.
2. Tougher corporate governance rules. The author believes that the European Commission will adopt more detailed regulations on how companies should constitute their Boards of Directors, make decisions and manage risk generally.
3. Big 4 challenged? Baker believes that 2012 may be the end of the Big Four accounting firms domination of the international audit market. He believes that some firms may be split up and all firms will no longer be able to offer audit and consulting services.
4. Stricter data protection. Companies will face new rules on how they “capture, store and use personal information.” Levels of encryption may well need to be increased but most ominously, companies will be required to “notify regulators and member of the public if they discover a data breach.”
5. Bribery Act gets tested. Baker quotes my This Week in FCPA colleague Howard Sklar for the following, “Compliance Officers now have to ensure that rules are adhered to” [regarding the Bribery Act]. Or as Howard might also say, “At 12 months, take the over.”
6. Fair competition enforcement up. Baker believes that businesses’ anti-competitive behaviors became more pronounced due to the global recession. Now regulators are catching up to these behaviors and he anticipates greater enforcement.
7. Executive pay scrutiny continues. Baker believes that the UK government will “introduce new regulations on [executive] remuneration in 2012.” This legislation could include requiring shareholder vote and approval of executive compensation.
8. Japan gets governance. Independent Directors come to Japan Inc. Baker believes so but I have to disagree with him on this prediction. (See Olympus)
9. IT security more complex. The increase in the use of personal computing devices and persons working from home, will lead to significant data security headaches. Baker quotes Andy Fisher that “unless it is managed it will create a compliance time bomb.”
10. Cloud computing becomes the norm. The increase in cloud computing can lead to questions regarding which countries laws control data security; the home country of the company or the country where the data is stored.

This list that Baker has put together clearly portends greater compliance convergence. A Compliance Officer well versed in anti-corruption legislation across the world will have a myriad of laws to navigate to keep his company on the right side of anti-corruption laws. However, the Compliance Officer may well have a broader remit in 2012. Baker ends his piece with this cheery note, “There’s never a good time for a company to suffer a compliance failure, but 2012 would be a particularly bad time.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Ten Compliance Issues from 2011

I have seen several lists of the Top Foreign Corrupt Practices Act (FCPA) issues of 2011. Sam Rubenfeld and Chris Matthews at the Wall Street Journal’s Corruption Currents have been interviewing several of the top legal practitioners on their thoughts. The ever-present Mike Volkov has weighed in with his list and his “Person of the Year”, the Chief Compliance Officer. Howard Sklar and I even got into the video act by discussing our most significant issues in “This Week in FCPA”. So as part of the compliance commentariati, I submit, for your consideration, my Top Ten anti-corruption and anti-bribery issues over the past 12 months.

1.         Amendments to the FCPA? The Senate ended 2010 with hearings focusing on why there were not more individual prosecutions under the FCPA. In June, the House Judiciary Committee focused on ways to ease up on or gut the anti-corruption provisions of the FCPA in the name of US “competitiveness” overseas. Then in a stunning turnaround, the House Judiciary Chair asked the Department of Justice (DOJ) representative if the DOJ would support a ban on all commercial bribery, not just a ban on bribing foreign governmental officials. Then again he did say was drafting amendments to the FCPA which we haven’t heard about since the great theater in June.

2.         UK Bribery Act goes live. For many in the anglophile world, the event of the year was the marriage of Prince William to Kate Middleton. However, for us in the anti-corruption and anti-bribery world, it was effective date of the UK Bribery Act, July 1. While some had opined that the Bribery Act was “the FCPA on steroids” the initial prosecution under the Bribery Act was for a £500 bribe paid to a UK court clerk. Perhaps it just takes awhile for UK steroids to kick in.

 3.         Crystal Ball Reading. One does not have to read a crystal ball or tea leaves to know what should constitute a best practices compliance program. The DOJ continues to respond to calls for information by practitioners and the commentarati by providing solid information through which you can implement or enhance your compliance program. In addition to continuing to list the 12 points in a minimum best practices compliance program in each Deferred Prosecution Agreement (DPA)/Non-Prosecution Agreement (NPA) released; the DOJ has provided ‘enhanced compliance obligations’ in DPAs which provide information on evolving standards. Back in January, the DOJ provided information on areas of risk which should be assessed to inform your compliance program.

4.         Chief Compliance Officer Upgrade. With the effective changes in the federal sentencing guidelines from November, 2010 and the DOJ comments this year, it has become clear that companies must give a more prominent role to the Chief Compliance Officer and separate that function from that of the General Counsel.

5.         Investigating Private Equity. Both the DOJ and Serious Fraud Office (SFO) announced that they would be looking at private equity, in conjunction with anti-bribery and anti-corruption. Well known for cost reductions through cutting corporate budgets, they may become a prime and profitable set of targets for enforcement agencies.  Additionally, their unique structure of separately operating portfolio companies may greatly increase ownerships control and person risks. If you are in private equity and are reading this and have no clue what I am talking about, get on the phone to one of Howard Sklar’s recommended FCPA counsel ASAP.

6.         It Just Can’t Get any Weirder. Just when you think you have seen it all in the FCPA world, News Corp., is accused of bribing Scotland Yard to further its newspaper business and it is also alleged that a lawyer representing a US company in Mexican litigation attempts to bribe a court official to obtain a favorable ruling. Then, of course there is Olympus, which not only fires its whistle-blowing Chief Executive Officer (CEO) for questioning Red Flag payments to agents, which reveals that it has been engaged in a decade long corporate fraud. But here’s the topper in my book, someone posted a comment to my blog post about Tyson’s Foods paying bribes to the wives of Mexican food inspectors to obtain ‘favorable treatment’. She said the following “The meat being TIF-certified for export was not meat distributed to U.S. The meat was being exported to countries such as Japan and other Asian destinations.” I am sure that is of great comfort to the folks in “Japan and other Asian destinations”. Memo to Tyson: Call Gini Dietrich at Spin Sucks for some serious PR help.

7.         Plaintiff’s Bar gets that old time (FCPA) religion. The FCPA was used, in a somewhat novel manner, in three civil actions which may portend an entire new wave of private and civil FCPA litigations. In SciClone a shareholder derivative action was filed after the announcement of a FCPA investigation. During the pendency of a FCPA investigation, this civil action was settled with the company agreeing to implement a best practices compliance program. In Alba v. Alcoa a company whose employees were allegedly paid bribes (Alba) sued the alleged bribe-payor (Alcoa) for damages in driving up the costs for products sold because of the corrupt acts of Alcoa. In ICE, the Costa Rican telecom company sought to use the victim restitution component to allow it to participate in the DOJ’s FCPA settlement with Alcatel-Lucent.

8.         Rule of Law. Several DOJ prosecutions of individuals under the FCPA have brought a plethora of legal rulings to flesh out legal standards under the FCPA. In the spring, there were district court rulings on whether a state owned enterprise is covered by the FCPA and an analysis of what constitutes a state owned enterprise. These cases will probably be appealed so we may have the first US court of appeals’ interpretation of the FCPA in quite some time.

9.         Wide World of Enforcement. More countries are implementing new anti-corruption laws and more resources are being dedicated to enforcement. The US has had significant cooperation with the UK SFO and Financial Services Association (FSA) and this will increase with the go live date of the Bribery Act. However, the BRIC countries have passed, or are considering, significant anti-corruption laws. The US is starting to coordinate and share more information with these countries — China being the most significant.  For global companies, this increase will portend greater numbers of fines and penalties and will complicate international settlement efforts.

10.       Year of the FCPA Trial. This was the year that the DOJ brought out the big trial guns for three very high profile FCPA trials: the Gun Sting cases; Lindsey Manufacturing; and Haitian Telecom. The resolution results have been mixed, with convictions in Lindsey and Haitian Telecom; mistrial in the first of four Gun Sting trials and some dismissals in the second Gun Sting trial. However, the government has taken a black eye for some procedural missteps, particularly the judge throwing out the entire guilty verdict for prosecutorial misconduct in the Lindsey Mfg. case.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The SEC Whistleblower Program: A Game-Changer for FCPA Violations

Ed. Note-today we host a post by Jordan A. Thomas.

In August, the Securities and Exchange Commission (SEC) finalized and implemented a whistleblower program enacted under Dodd-Frank, which will dramatically alter the landscape for public and private companies alike. This program, and its first cousin, the SEC cooperation program, will have a game-changing impact on the detection, punishment and deterrence of violations of the Foreign Corrupt Practices Act (FCPA). Indeed, in the SEC’s November 2011 release highlighting enforcement activity over the fiscal year ending in September, the agency’s Foreign Corrupt Practices Act Unit, formed in 2009, recorded its first 20 FCPA enforcement actions in the fiscal year.

During my tenure as a senior attorney at the SEC, I played a leadership role in drafting the provisions of the whistleblower program and served as the first National Coordinator of the cooperation program. Both programs emerged as a response to the serial misconduct pervading the commercial marketplace.  And, importantly, both programs recognize that for law enforcement to be more proactive and effective in identifying unlawful conduct in domestic markets and abroad, it needs greater participation from the public at large.

While the private sector’s role in the broader enforcement context is an established part of American jurisprudence, that role has diminished in recent years.  Some of this can be attributed to recent court decisions that limit the role of private litigants in securities enforcement.  But another reason likely rests on the fact that coming forward to report misconduct has historically rendered the whistleblower persona-non-grata at best, and, worse, exposed to tremendous personal and professional risk.

In this way, the whistleblower program is revolutionary.  The program provides significant financial incentives (10-30% of the monetary sanctions collected) to whistleblowers providing original information about possible violations of the federal securities laws.  The new anti-retaliation protections are also robust, protecting qualified whistleblowers for up to 10 years, regardless of whether their good-faith reports are ultimately verified.  Additionally, whistleblowers may remain anonymous until they wish to receive their award – if they are represented by counsel.

The broad reach of these regulatory developments creates serious implications for business across the globe.  The reported misconduct may occur anywhere.  Any violation of US federal securities laws qualifies.  International organizations and individuals that do business or have personal contacts with the US can be subject to jurisdiction.  A whistleblower may be any individual or group of individuals, regardless of citizenship, that provides information not known to the SEC or solely derived from public sources.

Given that FCPA violations are both common and the subject of increased law enforcement focus, it is a safe bet that numerous FCPA enforcement actions will be initiated as a result of whistleblowers.  (This trend is certainly confirmed in my own law practice.)  Furthermore, since the monetary sanctions in this area are large and headline-grabbing, whistleblowers will have a greater incentive to come forward. Consider the record Siemens settlement in 2008, under which the company resolved FCPA charges for $1.6 billion in fines, penalties and disgorgement of profits, including $800 million to US authorities.  A qualified whistleblower, meeting the various eligibility requirements, could have received up to $240 million under the new SEC whistleblower program. 

This is an area of serious multi-agency scrutiny.  FCPA enforcement actions have doubled since 2009.  According to the SEC’s website, in the first half of 2011, ten different enforcement actions have reaped half a billion in penalties from blue-chip companies, including Johnson & Johnson and IBM.  Significantly, because many FCPA actions have parallel proceedings by DOJ, whistleblower awards, which extend to related actions, are likely to be even higher.

Illustrating the financial significance of the parallel proceedings for whistleblowers, in April 2011, the SEC announced a settlement with Johnson and Johnson to resolve charges that the global giant violated the FCPA by bribing public doctors in several European countries and paying kickbacks to Iraq to illegally obtain business.  J&J agreed to pay more than $48.6 million in disgorgement and prejudgment interest to settle the SEC’s charges and an additional $21.4 million to DOJ to settle criminal charges.

Also in April, the SEC and Comverse Technology, Inc. reached a settlement in connection with alleged FCPA violations. Comverse offered to pay approximately $1.6 million in disgorgement and prejudgment interest to the SEC and $1.2 million in criminal penalties to the Department of Justice.

In May 2011, the SEC entered into its first ever Deferred Prosecution Agreement (DPA) under the cooperation program with Tenaris S.A.  The investigation focused on allegations that the global manufacturer violated the FCPA by bribing Uzbekistan government officials during a bidding process to supply pipelines for transporting oil and natural gas.  Under the terms of the DPA, Tenaris must pay $5.4 million in disgorgement and prejudgment interests and an additional $3.5 million criminal penalty in a Non-Prosecution Agreement with the Justice Department.

As US enforcement bodies ante up their efforts and expand their reach, the trend is gaining traction in other jurisdictions.  The UK Bribery Act, finalized this past July, extends to any company with a UK office, employees who are UK citizens, or a company that provides services to a UK organization.  The fines are unlimited and the Act has a broad jurisdictional reach, affecting the majority of US public companies.  In addition, in October of this year, the UK Serious Fraud Office launched “SFO Confidential,” a hotline for insiders to report fraud and corruption.  This development marked a major shift in position because the Financial Services Authority has historically discouraged external reporting and does not guarantee confidentiality to whistleblowers.

These parallel developments in the UK signal a larger recognition that regulators need to think outside of geographic and investigative boundaries.  As both the FCPA and Bribery Act have extraterritorial reach, so too does the recognition that whistleblowers can and should play a key role in reporting such violations.

What’s a company to do?  Invest.

As business grows ever more global, expansion into emerging markets is an exciting and promising commercial reality.  But it is also rife with exposure.  Companies need to invest in transparency, invest in compliance and invest in their people.  Even companies with top-notch corporate compliance programs must be on their guard.  Given the significant retaliation protections and major financial incentives, whistleblowers will come forward to report FCPA violations.  People with original information should be encouraged to report internally, protected from retaliation when they do, and assured their reports will be properly addressed.

This is a bare minimum of corporate integrity.  In a world where FCPA enforcement actions are on the rise, and reputational damage can level a company, not meeting this bare minimum is a cost no company can afford.

=============================================================================================

Jordan A. Thomas is a partner with Labaton Sucharow and Chairs its Whistleblower Representation Practice.  He previously served as a senior attorney with the SEC and DOJ.   He can be reached via email at jthomas@labaton.com and via phone at 212-907-0836.

=============================================================================================

Episode 23 of This Week in FCPA is up. Check Howard Sklar and myself as we discuss the Lanny Breuer speech at the ACI National FCPA Conference, Olympus, the Bribery Act and more.

Succession Planning from the Compliance Perspective

My “This Week in FCPA” colleague, Howard Sklar and I often call the News Corp matter the case that keeps on giving. However, the same might be said about the ongoing issues surrounding Hewlett-Packard (HP). From a bribery and corruption scandal centered in Germany, the announcement of which was broken by the Wall Street Journal and has mushroomed into a wider geographic investigation; to the less than one year tenure of its [now] former Chief Executive Officer (CEO) Léo Apotheker; to a Board of Directors, some of whom never even met Mr. Apotheker before he was hired because, as one Board member who was quoted in the New York Times said, “we were just too exhausted from all the infighting” from the decision to separate from the prior CEO Mark Hurd.

In a foreword by Noel Tichy, to the article by author A.G. Lafley, in the October issue Harvard Business Review, entitled “The Art and Science of Finding the Right CEO”, Tichy focuses on HP’s lack of succession planning as one of its key shortcomings. Lafley’s article discusses the issue of succession planning during his tenure as the CEO of Procter & Gamble (P&G). Many of the concepts and issues that Lafley discusses within the context of succession planning in general are applicable to the concern of compliance within this area.

Lafley’s article makes clear that succession planning requires the same “coherence, discipline and thoroughness as governance, enterprise risk and strategic oversight.” In other words, it is just as important. Sadly, many companies fail to give it the attention it requires. Indeed, in a PricewaterhouseCoopers survey, cited in the foreword, nearly one-half of the more than 1,000 directors gauged reported dissatisfaction with their companies’ succession plans. Imagine what that number would be if they took into account the compliance aspect of succession planning.

Borrowing from Lafley, I have adapted his box for an analysis of some of the characteristics that should be considered in succession planning from the compliance perspective.

	Personal Judgment	Team Judgment	Organizational Judgment	Stakeholder Judgment
People	Personal judgments about overall compliance goals	Judgments regarding your team members regarding compliance	Judgments on organizational systems for assessing compliance with the organization	Judgments about how to engage stakeholders regarding compliance
Strategy	Personal judgments regarding compliance in your career	Judgments about how your team evolves in its compliance approaches are new compliance challenges arise	Judgments about how to engage and align all organization levels in compliance	Judgments in leading stakeholders to execute compliance strategies
Crisis	Personal judgments regarding compliance in times of crisis	Judgments in how your team operates regarding compliance in times of crisis	Judgments about how to work with your overall organization in compliance in times of crisis	Judgments about dealing with key stakeholders regarding compliance in times of crisis

Lafley makes clear that succession planning does not begin at the time a CEO decides to retire. It should being at the time that a CEO is hired. This is to prevent a decision at the last minute or, worse yet, “to be left with effectively no decision.” As well as the process being started at the time of the hiring a new CEO it must also fully engage the Board of Directors. Lafley provides several key points, all of which are applicable to the compliance component of succession.

Compliance is a Continuous and Evolving Process

Lafley defines the criteria that the evaluation process is an ongoing, not episodic process. In addition to a “broad and deep pipeline of qualified leaders” the candidates should be put through a variety of roles. In the compliance context, this would provide an opportunity to review the initiatives and responses in several different areas. In addition to running large and small business units, such candidates should oversee several different functions, as broadly as the Chief Financial Officer (CFO) to Human Resources (HR).

Define the Compliance Criteria and Measure People against It

In many ways, evaluating a compliance criterion is as much an art as it is science. However, Lafley states that a specific list of “must-haves” is appropriate. It is not as simple  as whether there was a violation or not. It is broader than that calculus. I often write about Paul McNulty’s three ‘maxims” which are (1) what did you do to prevent it; (2) what did you do to detect it; and (3) what did you do when you found out about it? Compliance for the CEO candidate is more than the third prong. How did you inculcate compliance into the business unit that you are managing? What controls did you put in place? And then what did you do when you found out about it?

 Explore Multiple Compliance Scenarios

Lafley defines this as “how the future might look”. You might explore a new geographic market with a candidate or a new product line, either of which might bring new compliance challenges. Being a part of a team to perform a risk assessment might indicate that new or different compliance safeguards need to be considered. Should monitoring, through continuous controls monitoring or other more sophisticated tools, be utilized as the compliance program evolves be considered?

Remain Flexible but Focused on Compliance

Lafley points out that the choice of “a successor isn’t a done deal until the votes are cast and the announcement is made.” He advocates continuing to provide challenging projects, which would include those in the compliance arena, which can continue to provide feedback and guidance from the compliance perspective. As one division President told me “You are always being evaluated.” And so it should be. The selection of a new CEO is a substantial investment by a large company. Having the right person in the position from the compliance perspective is an important element in an overall evaluation. Remember – it all starts with the “Tone from the Top”.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011