US Sentencing Guidelines | FCPA Compliance and Ethics Blog

May 12, 2015

Senn Interview, Part II – A Discussion of the Decision to Self-Disclosure

Filed under: Department of Justice,FCPA,Mara Senn,Self-Disclosure,US Sentencing Guidelines — tfoxlaw @ 12:01 am
Tags: Department of Justice, DOJ, FCPA, Foreign Corrupt Practices Act, Sentencing Guidelines

In today’s post, I continue to explore my recent interview of Mara Senn, a partner at Arnold & Porter LLP in Washington DC. Senn is a white-collar practitioner who whose practice includes representing companies in investigations of the Foreign Corrupt Practices Act (FCPA). In Part I, we reviewed Senn’s thought on how to prepare and deal with a FCPA investigation. Today I review her thoughts on the decision to self-disclose if a potential FCPA violation arises.

One of the things that has always been difficult is to quantify the benefits of self-disclosure of a potential FCPA violation by a company to the Department of Justice (DOJ) or Securities and Exchange Commission (SEC). At least for the DOJ, its base line analysis for calculating penalties comes from the US Sentencing Guidelines. As stated in the FCPA Guidance, “To determine the appropriate penalty, the “offense level” is first calculated by examining both the severity of the crime and facts specific to the crime, with appropriate reductions for cooperation and acceptance of responsibility, and, for business entities, additional factors such as voluntary disclosure, cooperation, pre-existing compliance programs, and remediation.”

The Sentencing Guidelines, §8C2.5(g) states that an overall fine can be reduced through the following:

(g) Self-Reporting, Cooperation, and Acceptance of Responsibility

If more than one applies, use the greatest:

If the organization (A) prior to an imminent threat of disclosure or government investigation; and (B) within a reasonably prompt time after becoming aware of the offense, reported the offense to appropriate governmental authorities, fully cooperated in the investigation, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 5 points; or
If the organization fully cooperated in the investigation and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 2 points; or
If the organization clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 1 point.

Both the DOJ and SEC representatives consistently state in speeches and other public commentary on the benefits of self-disclosure. Some commentators, notably Mike Volkov in his blog, caution that any decision to self-disclose should be well thought through and that if an issue can be resolved through an internal investigation, subsequent remediation and ongoing monitoring to make sure it does not happen again, self-disclosure many not be warranted. In my podcast interview with Mara Senn I ask her how she might help a client work through this most difficult issue.

While self-reporting has in many ways become the norm in many situations where a company uncovers what might arguably be a FCPA violation; Senn comes down that self-reporting should be “the exception and not the rule.” She first pointed to the “structure of self-reporting, the thing that I think gets lost in the shuffle is there’s absolutely no legal obligation to self-disclose in FCPA cases, at all. There may be other disclosure obligations, because of a public company or what have you, but under the law of the FCPA, and under criminal law, no company has an affirmative duty to self-disclose.”

She went on to explain unlike in anti-trust or cartel cases, “where the first company who’s the first in to self-report gets immunity. It’s a totally different structure in the FCPA area for many reasons, most of which are appropriate, but you don’t get immunity, you get cooperation credit”. This cooperation credit is based on the Sentencing Guidelines cited above but Senn explained that, from her perspective, “The problem is, a lot of these calculations are very very opaque. Under the sentencing guidelines, you get a 5-point decrease if you self-report, cooperate, and accept responsibility. You get 2 points off if you cooperate and accept responsibility, and then just 1 point for accepting responsibility. Under this system, supposedly, self-disclosure standing alone is worth 3 points, and each of the other ones are worth 1.” This leads her to believe that “in my experience, you get almost as much credit, if not as much credit, for cooperating with the government once they come to you, even if you didn’t disclose in the first place. The myth is that self-disclosure is some kind of really big bump in cooperation credit. I think, in practice, that really doesn’t bear water.” This leads her to believe that “This idea of credibility by self-disclosing is so intangible, and it’s not quantifiable.”

I posed the question of credibility with the government. One of things that I consistently advocate is that you need to have credibility with the DOJ or SEC when you sit across the table at any point during a FCPA investigation. I had thought that self-disclosure would add to that credibility. However Senn explained that it is the lawyer or law firm representing the company that can go a long way towards establishing credibility. She said, “For those of us who regularly appear before the government, we already have credibility, and they understand that the client may or may not agree with recommendations we make, and they know that we’ll be a straight shooter once we’re in front of them, however we get in front of them.” But is more than the lawyer or law firm that brings credibility; it is actions of the company as well. Of course this means the steps the company has taken and its cooperation with the government during the pendency of the FCPA investigation.

Senn even described a visual way to think through this by describing an X and Y-axis that creates four squares. She articulated it as follows, “On one axis, you have the seriousness of the potential violation, and then the likelihood of discovery on the other axis. In both of these areas, both the seriousness and the likelihood of discovery, I draw the line to be in a more rational, but it may be different, than the traditional norm.”

I asked Senn about the plethora of ways that a FCPA violation or issue can be reported now and if that should play a role the calculus to self-disclose or not. I found her response very interesting. She said, “I think that the likelihood of discovery issue is really really important if you think that companies get a lot of credit for self-reporting. If you don’t think that, which I don’t think that they do particularly, then really the focus is on cooperation and not so much on the self-reporting itself.” Even with the wide spread knowledge of Dodd-Frank whistleblower awards and protections Senn believes that “most employees really don’t realize they can get money from the government if they are whistleblowers on these sorts of things. I don’t think it’s been particularly well publicized, and obviously employers are not training their employees to explain to them that they can be whistleblowers.” She even pointed to the recent statistics from the SEC report on whistleblowers, stating, “If you look at the latest SEC whistleblower report, only 4.3% of the tips reported were FCPA cases. It’s not like people are hitting down their door with all these FCPA cases.”

I found Senn thoughts on the issue of self-disclosure certainly an interesting way to consider this most complex and significant issue. For all the criticism of FCPA Inc. and the FCPA Paparazzi, it also demonstrates the importance of having counsel well versed in both the legal issues of the FCPA and representing a company before the government in the event your company is in an investigation.

In Part III of my series on Senn’s interview, I will focus on her thoughts on remediation of any FCPA violation and steps going forward.

To listen to the full Mara Senn interview, go to the FCPA Compliance and Ethics Report, by clicking here, or download it from iTunes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Leave a Comment

August 4, 2014

The Houston Astros and a Compliance Defense in the FCPA

Filed under: Compliance Defense,Department of Justice,FCPA,FCPA Guidance,US Sentencing Guidelines — tfoxlaw @ 12:01 am

It is not as if I have tried not to write about the Houston Astros this year or that I am consciously ignoring them, it is simply that they are so not relevant they rarely seem to exist or at least raise their pathetic head for a compliance lesson or two. Not only are they on track to have the worst record in baseball for the fourth consecutive year but last week they had yet another 0.00 television rating. For those of you keeping score at home, this is the third time in less than one calendar year that no persons, registered through the Nielsen TV-rating system, indicated they watched an Astros game on television. Nevertheless in July the Astros managed to yet outdo themselves again in the field of idiotic statements and actions that were so profound they once again inform your compliance program and indeed those advocating the appending of a compliance defense to the Foreign Corrupt Practices Act (FCPA).

For the privilege of having the worst record in baseball over the past 3+ seasons, the Astros had the right to the No. 1 selection in this year’s baseball draft. With this year’s selection they took a high school pitcher, Brady Aiken. But for reasons only known to the Astros, they managed not to sign this year’s first round pick, for only the third time since the amateur draft began back in 1968. The sordid tale was laid out in a Grantland article entitled “Houston You Have a Problem” by Michael Baunmann.

After drafting Aikens, he and the Astros reached a handshake deal for a contract worth $6.9MM. Shortly thereafter, a medical examination “revealed that his left UCL (the ligament that gets replaced during Tommy John surgery) is unusually small.” Note this examination did not reveal any damage to the nerve or any injury, simply that Aikens’ UCL was small. So what did the Astros do? They reneged on their agreement (as in our word is really not our word) and then offered Aikens $3.5MM. Why would the Astros go back on their word? As explained by Baunmann “Tiny UCL Affair of 2014 was actually a smoke screen to cut Aiken’s bonus and use the savings to help sign other players. MLB regulates how much teams can spend on draft picks, and the Astros entered post-draft negotiations with an overall signing budget just north of $13 million. The league places a dollar amount on each draft pick in the first 10 rounds, so if you add up the numbers for each pick, you get the total salary cap each team is allowed to spend on its draftees. If one player signs for less than the recommended slot, the team can use the savings to sign other picks to richer bonuses, including players in the last 30 rounds, who’d ordinarily only be able to sign for $100,000. If a team goes over its spending limit, the league taxes the overage. If a team goes over by enough, it loses draft picks in coming years.” But it all backfired on the Astros who ended up with a big Nada.

In other words, the Astros were trying to game the system by underpaying its first round pick so they could use the saved money to pay to other picks. However, when they did not sign their No. 1 pick, under MLB rules they could not use any of the saved money on other picks. The Astros were accused by the Players Union of illegal action under the Collective Bargaining Agreement and a formal grievance has been filed against the Astros. But perhaps the most damning was this statement by Buanmann, “This isn’t about sabermetrics or how the Astros chose to rebuild. This is distinctly about the human element. If your word is not your bond, if you’re willing to brazenly exploit teenagers to gain an edge, endangering their educational and professional futures out of spite, you might lack an appreciation for the human element. I’d say you lack humanity altogether.”

I know you have all been waiting for the compliance angle to all of this so here it is. The Astros act like a corporation and like almost all corporations they look to pay the absolute cheapest that they can to get something. Those who advocate that there be a compliance defense added to the FCPA miss this fundamental tenet of the corporate world. Corporations that are unwilling to spend money to put a best practices or even adequate compliance program in place now, will not do so simply because an amended FCPA says they will have a defense if they do so. It is not a matter of having a compliance program in place, but doing compliance because doing compliance costs money. Since the Supreme Court has told us that corporations have the same rights as people, it makes sense that cheap corporations will not put in effective compliance programs, simply because they are cheap. If your business model for the past 35+ years has been that you are too cheap to follow the law and put in an effective compliance program, as required by the existing law, simply by amending the FCPA to add a compliance defense will not change your basic nature.

It costs time, money, effort and commitment to put a compliance program in place. By simply having language that says you will get credit for having a defense in place, corporations who are not committed to compliance will not magically get committed. These companies who are too cheap to follow the law now will simply throw a paper excuse up and then crow to the world that they have an adequate compliance program. The Astros, reported last year to be the most profitable baseball team of all-time and “a multimillion-dollar corporation that could find $3.4 million in the change jar on the nightstand, tried to nickel and dime a kid who’s trying to break into an industry that’s stacked the deck against him, and then they tattled on him to the NCAA once they failed to get their way.” If a compliance defense was amended to the FCPA, corporations will give even less money to the compliance function because they will sit smugly behind their paper compliance program and not devote the time, money or commitment required to having an adequate compliance program.

The Department of Justice (DOJ) has continually made clear that company’s will receive credit for having a compliance program in place even where a potential FCPA violation occurs. The Morgan Stanley declination is but the most prominent publicly announced statement on the matter. Additionally, there are the six examples cited in the FCPA Guidance where declinations were issued, with the company identifying information scrubbed from the facts presented. Moreover, the US Sentencing Guidelines also touches directly on this point. So the importance of not only complying with a 35+ year old law but how to do so is easily apparent to any company which might be researching the issue.

It is not the lack of knowledge of how to comply with the FCPA which keeps a company from putting an effective compliance program in place but what might charitably be called a cost-aversion ethos. Just as with the Astros, cost-aversion exists in a wide number of areas outside FCPA compliance. In an article in the New York Times (NYT), entitled “Valeant’s Cost-Cutting Ethos May Yet Give Wall Street Indigestion”, Jesse Eisinger reported on the company’s attempt to rebrand the drug Sculptra for use as a “cosmetic touch-up” treatment when it had been approved for use by HIV patients with “facial wasting”. Valeant had purchased the drug from another pharmaceutical company, Sanofi, and also the “inherited the responsibility for conducting the study when it purchased the drug”

However, Valeant did not want to go through the time and expense of conducting the required clinical trials to have the drug approved for this new use. Eisinger wrote, “From the start, Valeant executives were concerned the study would cost too much, according to three current and former executives who spoke on condition of anonymity. The five-year safety study could cost $25 million to $40 million, according to Tage Ramakrishna, Valeant’s chief medical officer. According to the executives, the message was clear and emanated from Mr. Pearson: The company should try to avoid having to perform the study. Ryan Weldon, who until recently was the head of Valeant’s aesthetics business, said to one executive that “we’re not going to spend money on that,” referring to the study.” Eisinger also reported that even though the company never completed the required study, “the company sold the treatment.”

Beyond putting a compliance program in place, a company must actually do compliance. This means putting in a compliance function commensurate to the size and risk a company has with its business model. Not only must money be spent but compliance professionals hired and given real authority to help the company prevent, detect and remediate FCPA violations that may arise. Once again, if a company is not incentivized to follow a 35 year old law with as much enforcement publicity as the FCPA, saying they will be given credit for something they could already receive credit for, in the form of a compliance defense, is not going to change conduct or even attitudes.

I cannot think of a better way to sum this up than to pass along the Astros gift to their fan base, which they announced on Friday. They are raising ticket prices in 2015.

© Thomas R. Fox, 2014

Leave a Comment

July 22, 2014

Code of Conduct, Compliance Policies and Procedures-Part I

For the remainder of this week, I will have a four-part episode on your Code of Conduct and anti-corruption compliance policies and procedures. In today’s post I will review the underlying legal and statutory basis for the documents as a foundation of your overall anti-corruption regime. In subsequent posts, I will review how to go about drafting your Code of Conduct and anti-corruption compliance policies and procedures and how to assess, review and revise them on a timely basis.

The cornerstone of a US Foreign Corrupt Practice Act (FCPA) compliance program is its written protocols. This includes a Code of Conduct, policies and procedures. These requirements have long been memorialized in the US Federal Sentencing Guidelines (FSG), which contain seven basic compliance elements that can be tailored to fit the needs and financial realities of any given organization. From these seven compliance elements the Department of Justice (DOJ) has crafted its minimum best practices compliance program, which is now attached to every Deferred Prosecution Agreement (DPA) and Non-Prosecution Agreement (NPA). These requirements were incorporated into the 2012 FCPA Guidance. The FSG assumes that every effective compliance and ethics program begins with a written standard of conduct; i.e. a Code of Conduct. What should be in this “written standard of conduct? The starting point, as per the FSG, reads as follows:

Element 1

Standards of Conduct, Policies and Procedures (a Code of Conduct)An organization should have an established set of compliance standards and procedures. These standards should not be a “paper only” document, but a living document that promotes organizational culture that encourages “ethical conduct” and a commitment to compliance with applicable regulations and laws.

In the FCPA Guidance, the DOJ and Securities and Exchange Commission (SEC) state, “A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, DOJ and SEC will review whether the company chapter has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.”

In each DPA and NPA over the past 36 months the DOJ has said the following as item No. 1 for a minimum best practices compliance program.

Code of Conduct. A Company should develop and promulgate a clearly articulated and visible corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable foreign law counterparts (collectively, the “anti-corruption laws”), which policy shall be memorialized in a written compliance code.

Stephen Martin and Paul McNulty, partners in the law firm of Baker and McKenzie, developed one of the best formulations that I have seen of these requirements in their Five Elements of an Effective Compliance Program. In this formulation, they posit that your Code of Conduct, policies and procedures should be grouped under the general classification of ‘Standards and Procedure’. They articulate that every company has three levels of standards and controls. First, every company should have a Code of Conduct, which should, most generally express its ethical principles. But simply having a Code of Conduct is not enough. So a second step mandates that very company should have standards and policies in place that build upon the foundation of the Code of Conduct and articulate Code-based policies, which should cover such issues as bribery, corruption and accounting practices. From the base of a Code of Conduct and standards and policies, every company should then ensure that enabling procedures are implemented to confirm those policies are implemented, followed and enforced.

FCPA compliance best practices now require companies to have additional standards and controls, including, for example, detailed due diligence protocols for screening third-party business partners for criminal backgrounds, financial stability and improper associations with government agencies. Ultimately, the purpose of establishing effective standards and controls is to demonstrate that your compliance program is more than just words on a piece of paper.

In an article in the Society for Corporate Compliance and Ethics (SCCE) Complete Compliance and Ethics Manual, 2^nd Ed., entitled “Essential Elements of an Effective Ethics and Compliance Program”, authors Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, state that your company’s Code of Conduct “should demonstrate a complete ethical attitude and your organization’s “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” Your Code of Conduct must be aimed at all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.” This would also include all “management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.”

There are several purposes identified by the authors which should be communicated in your Code of Conduct. Of course the overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating what is required of them, to provide a process for proper decision-making and then to require that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. To that end, suggest that your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

As I often say, the three most important things about your FCPA compliance program are ‘Document, Document and Document’. The same is true of communicating your company’s Code of Conduct. You need to do more than simply put it on your website and tell folks it is there, available and that they should read it. You need to document that all employees, or anyone else that your Code of Conduct is applicable to, has received, read, and understands the Code. For employees, it is important that a representative of the Compliance Department, or other qualified trainer, explains the standards set forth in your Code of Conduct and answers any questions that an employee may have. Your company’s employees need to attest in writing that they have received, read, and understood the Code of Conduct and this attestation must be retained and updated as appropriate.

The DOJ expects each company to begin its compliance program with a very public and very robust Code of Conduct. If your company does not have one, you need to implement one forthwith. If your company has not reviewed or assessed your Code of Conduct for five years, I would suggest that you do in short order as much has changed in the compliance world.

© Thomas R. Fox, 2014

Leave a Comment

December 3, 2013

The Weatherford FCPA Settlement, Part II

Yesterday, I reviewed the Weatherford International Limited (Weatherford) Foreign Corrupt Practices Act (FCPA) settlement. Today I will take a more focused look at the bribery schemes involved and the failure of the company to bring internal controls up to standard or even follow its own compliance program. Weatherford’s compliance program was a joke but worse was its conduct, which many in the company knew was illegal and reported internally but the company did not stop the conduct. The company also, early on in the investigation, actively impeded regulators access to personnel and documents. However, and this is one of the key messages from the Weatherford FCPA enforcement action, the company truly ‘turned it around’. Tomorrow we will explore how the company made this dramatic turnaround.

The bribery schemes had four basic scenarios and, for those of you keeping score at home, I have summarized them below.

I. Corrupt Conduct

Weatherford Bribery Box Score

Country	Bribery Scheme	Government or SOE Official Involved	Amount of Bribe Paid
Angola	Payments through 3^rd parties	Sonagol Drilling Manager	$250K
Angola	JV Partners	Government Ministers, wives and other relatives	$810K
Congo	Payments thru 3^rd parties	SOE officials	$500K
Middle East Countries	Unauthorized distributor discounts	SOE officials	$11.8MM
Algeria	Improper travel and entertainment	SOE officials	$35K
Albania	Misappropriation of company funds	Tax Auditors	$41K

Angola

In Angola two separate bribery schemes were used. The first involved payment of a $250,000 bribe to the Sonagol Drilling Manager. To funnel the bribe the company retained a Swiss agent who paid the money. This Swiss agent billed Weatherford for non-existent and fraudulent services. He would retain a percentage of the total he billed as a commission and would pass the remainder to the Sonagol Drilling Manager. The bribery of the Drilling Manager also included a week long, all-expenses paid trip to Italy and Portugal, where only one of the days was business related.

The company continued this further creativity when it set up a joint venture (JV) which had two local JV partners, JV Partner A and JV Partner B. Partner A consisted of Sonagol government officials, their wives and other relatives and held a 45% stake in the overall JV. JV Partner B’s principals included the relative of an Angolan Minister, the relative’s spouse, and another Angolan official. It held 10% of the overall JV interest. Neither of these JV Partners contributed capital, expertise or labor to the JV. In addition to the straight quid pro quo of awarding Weatherford 100% of the Angolan well screens market, these JV Partners had contracts which were awarded to Weatherford competitors, revoked after the initial award and then awarded them to Weatherford.

Congo

In the Congo, Weatherford made over $500,000 in commercial bribe payments through the same Swiss Agent they had utilized in the initial Angolan bribery scheme to employees of a commercial customer, a wholly-owned subsidiary of an Italian energy company, between March 2002 and December 2008. The Swiss Agent’s role in the scheme included submitting false invoices and sending payments to individuals as directed by Weatherford Services Limited (WSL) employees and others. WSL employees created and sent false work orders to the Swiss Agent. The Swiss Agent, WSL employees and others knew the services would not be performed and that the work orders were a pretext to funnel money to the Swiss Agent. The Swiss Agent forwarded the money, less a commission, once again based on fraudulent invoices for non-existent services.

The Middle East

In certain un-named Middle Eastern countries between the years of 2005 and 2011 another Weatherford subsidiary employed another bribery scheme to funnel payments to officials of state owned National Oil Company (NOC). This bribery scheme entailed the awarding of improper “volume discounts” to a company that served as an agent, distributor and reseller which supplied Weatherford products to a state-owned and controlled NOC, believing that those discounts were being used to create a slush fund with which to make bribe payments to decision makers at the NOC.

The Securities and Exchange Commission (SEC) Complaint noted that as early as 2001, officials at the un-named national oil company directed Weatherford to sell goods to the company through a particular distributor. Prior to entering into the contract with the distributor, Weatherford did not conduct any due diligence on the distributor, despite: (a) the fact that the distributor would be furnishing Weatherford goods directly to an instrumentality of a foreign government; (b) the fact that a foreign official had specifically directed the company to contract with that particular distributor; and (c) the fact that Weatherford executives knew that a member of the country’s royal family had an ownership interest in the distributor. In late 2001, the company entered into a representation agreement with the distributor to sell its Completion and Production Systems products to the NOC.

Thereafter, the distributor created a slush fund by providing the distributor with unauthorized volume and pricing discounts, in addition to the agent’s 5% commission. Company employees intended that the slush fund would be used to pay officials at the un-named NOC. The “volume discounts” to the distributor were typically between 5-l0% of the contact price. The discounts allowed the distributor to accumulate funds which were used to pay bribes to the NOC officials.

Algeria

Weatherford also provided improper travel and entertainment to officials of the Algerian NOC, Sonatrach, which did not have any legitimate business purpose. The SEC Complaint detailed the following improper travel and entertainment provided to Sonatrach officials:

June 2006 trip by two Sonatrach officials to the FIFA World Cup soccer tournament in Hanover, Germany;
July 2006 honeymoon trip of the daughter of a Sonatrach official; and
October 2005 trip by a Sonatrach employee and his family to Jeddah, Saudi Arabia, for religious reasons that were improperly booked as a donation.

In addition, on at least two other occasions, Weatherford provided Sonatrach officials with cash sums while they were visiting Houston. For example, in May 2007, Weatherford paid for four Sonatrach officials, including a tender committee official, to attend a conference in Houston. Further, the company provided an approximate $24,000 cash advance for the trip where there was no evidence of any legitimate business purpose or promotional expenses.

Albania

In Albania, Weatherford had a tax evaluation problem. To deal with this issue the general manager and financial manager of the company’s Italian subsidiary misappropriated over $200,000 of company funds, to fund a bribery scheme involving Albanian tax auditors. The general manager, financial manager and the Albania country manager made $41,000 in payments to Albanian tax auditors who questioned details of the company’s accounts and demanded payment to close out the audit or speed up the certification process in 2001, 2002 and 2004.

The general manager and financial manager misappropriated the funds by taking advantage of Weatherford’s inadequate system of internal accounting controls. They misreported cash advances, diverted payments on previously paid invoices, misappropriated government rebate checks and received reimbursement of expenses that did not relate to business activities. A memo drafted by the general manager and financial manager in the months after their co-worker confronted them discussed the misappropriated funds and indicated that funds were paid to tax auditors in Albania and others for the benefit of Weatherford. This was the bribery scheme which was reported to the company and the internal whistle-blower employee was terminated.

II. Program Deficiencies Lack of Cooperation

The DPA laid out in equally stark terms the complete and utter disregard, non-existence of and/or complete failure of any systemic compliance program, prior to 2008. These deficiencies included:

Failure to establish internal accounting controls to prevent bribery and corruption;
Failure to perform due diligence on any prospective third parties, including who they were, ultimate beneficial ownership and business justifications;
Failure to perform due diligence or in any meaningful manage joint venture partners;
Failure to have any meaningful internal controls for gifts, travel and entertainment;
No effective internal reporting system for FCPA violations or issues; and
(Most amazingly) No Chief Compliance Officer or even compliance professionals in a multi-billion dollar, multi-national company in the energy industry.

In addition to all of the above, Weatherford engaged in active conduct to impede the investigations of both the SEC and DOJ. In one instance, the company told investigators that a key witness was dead when he was not only still alive and well but working for Weatherford. In other instances, the company, emails were deleted by employees prior to the imaging of their computers. It was also noted that Weatherford failed to secure important computers and documents and allowed potentially complicit employees to collect documents subpoenaed by the staff.

Tomorrow, the Weatherford compliance comeback.

© Thomas R. Fox, 2013

Comments (2)

July 11, 2013

What is ‘Acceptance of Responsibility’ Under the US Sentencing Guidelines?

Filed under: Best Practices,compliance programs,Culture,Department of Justice,Ethical Leadership,Ethics,FCPA,FCPA Guidance,FCPABlog,News Corp,Tone at the Top,US Sentencing Guidelines,Wall Street Journal — tfoxlaw @ 1:01 am
Tags: best practices, compliance programs, Foreign Corrupt Practices Act, Sentencing Guidelines, Wall Street Journal, WSJ

One of the things that I am often asked is how are fines and penalties calculated for Foreign Corrupt Practices Act (FCPA) violations? The Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance has the following explanation. First, the offense level is calculated pursuant to the US Sentencing Guidelines (USSG) §§2C1.1 or 2B1.1, by starting with the base offense level and increasing it as warranted by any applicable specific offense characteristics. The next reference is made to the organizational guidelines found in Chapter 8, which lay out the structure for determining the final advisory guideline fine range for organizations. The base fine itself consists “of the greater of the amount corresponding to the total offense level, calculated pursuant to the guidelines, or the pecuniary gain or loss from the offense.”

The base fine is then multiplied by “a culpability score that can either reduce the fine to as little as five percent of the base fine or increase the recommended fine to up to four times the amount of the base fine.” As described in USSG §8C2.5, this culpability score is determined by taking into account numerous factors “such as the size of the organization committing the criminal acts; the involvement in or tolerance of criminal activity by high-level personnel within the organization; and prior misconduct or obstructive behavior.” The culpability score can be reduced if the “organization had an effective preexisting compliance program to prevent violations and if the organization voluntarily disclosed the offense, cooperated in the investigation, and accepted responsibility for the criminal conduct.”

I thought about some of the basis for the calculations in the context of the ongoing reports about News Corp’s chairman, Rupert Murdoch, and his remarks which were recorded in March of this year when he spoke to a group of journalists from The Sun, a News Corp entity. The FCPA Blog, in a post entitled “On secret tape, Murdoch reportedly acknowledges Fleet Street’s ‘corrupt culture‘, reported that “A covert recording from March seems to capture News Corporation chairman Rupert Murdoch suggesting that bribery is part of the Fleet Street culture.” The Guardian, in an article entitled “Rupert Murdoch revealed – tape exposes the media mogul’s real opinions”, detailed further excerpts from the recording by noting he was annoyed with the police who he believes are “incompetent”, additionally he was not sure that setting up the Management and Standards Committee (MSC) which performed the company’s internal investigation was a good idea and, finally, Murdoch “lays into lawyers, accusing them of getting rich by trawling through millions of emails.” Just when you think it cannot get any worse (or better – depending on your perspective) The Guardian states, “He talks of the News of the World in personal terms: “We got caught with dirty hands, I guess” before launching into a further attack on the police: “The cops are totally incompetent … It’s just disgraceful what they’re doing … It’s the biggest inquiry ever, over next-to-nothing.””

How is that for ‘tone-at-the-top’? Even the News Corp owned Wall Street Journal (WSJ), in an article entitled “Murdoch Recording Piques Interest of Police, Lawmakers”, said “Mr. Murdoch’s remarks in the meeting sharply contrast with his public contrition over the newspapers’ alleged use of illegal reporting tactics.” But more than just this general statement how would Murdoch’s statements be analyzed under the culpability score used in FCPA cases? Would an admission by Murdoch that there was a culture of bribery and corruption on Fleet Street weigh under the factor of “tolerance of criminal activity by high-level personnel within the organization”? How about the potential reduction for accepting responsibility for the criminal conduct?

Murdoch’s remarks are in stark contrast to other reports of the actions taken by News Corp. In an article in the July issue of Corporate Counsel magazine, entitled “Doubling Down”, reporter Sue Reisinger profiled News Corp General Counsel (GC) and Chief Compliance Officer (CCO) Gerson Zweifach. In her article, Reisinger discussed the MSC, which led the company’s internal investigation of not only the bribery allegations but also the phone hacking scandal. It was information discovered in the course of the MSC’s internal investigation, and later turned over to the relevant government authorities, which led to many of the arrests of News Corp employees. The MSC and its work have clearly been one of the aggressive approaches taken by News Corp during the investigation. But The Guardian reported Murdoch may feel differently about such cooperation now when it stated, “He admits to a measure of panic as the reason for setting up the MSC to provide information to the police: “The police were about to invade this building … it was done to protect the business.””

Reisinger also reported that the FBI has opened its own investigation of News Corp. She also reported that the DOJ “has said that it’s examining whether the company accessed voicemails of 9/11 victims, as well as whether it violated the Foreign Corrupt Practices Act”. So it is probably very helpful to News Corp that it instituted a new compliance program, based in part on the settlement of a shareholder derivative lawsuit. Reisinger said “A commitment to the program is included in the settlement document. The program seeks a more centralized approach to managing risk while still allowing for local autonomy.” Putting together a best practices compliance program during the pendency of a FCPA investigation is certainly one of the most powerful steps a company can take to help to ameliorate a potential FCPA penalty, the Parker Drilling enforcement action has certainly made that clear.

I would normally say that actions speak louder than words. But what is the DOJ to make over the taped remarks of Murdoch? The Guardian article ends with the following “But the real significance of the tape is that it reveals the true, unexpurgated Rupert Murdoch. As I have said often since the hacking scandal first broke, as the man at the top I believe he has been responsible for the journalistic culture at Wapping. This tape appears to prove my point.” I no longer think it is a question in the News Corp investigation “What did the President know and when did he know it?” If such a culture existed and the person who knew about it and tolerated it is still at the helm, does this impact the DOJ’s analysis under either the USSG or the culpability score? Further, does it matter if you belittle your own internal investigation, even up to the point where you suggest it should have never been done?

We do know that the DOJ takes quite a dim view of any company which settles and then claims that, you know we really didn’t do anything wrong. Standard Chartered shows us what the DOJ’s response was when its chairman claimed that the bank had engaged in “no wilful act to avoid sanctions; you know, mistakes are made – clerical errors” related to its myriad of conduct in doing business with Iran, in violation of US trade sanctions. The response was that two weeks later, he was required to eat those words when he “said those comments were “both legally and factually incorrect”” and retracted them. “Standard Chartered Bank unequivocally acknowledges and accepts responsibility . . . for past knowing and wilful criminal conduct in violating US economic sanctions laws and regulations”.

But that was after all a Bank which had admitted to its violations, agreed to a Deferred Prosecution Agreement (DPA) and to pay a large fine. Here News Corp has made no such admission or agreement. And since acceptance of responsibility is only one factor under the culpability score, perhaps News Corp can garner more credit for its cooperation and creation of a best practices compliance program. Then again perhaps it is all simply a misunderstanding. The Guardian also reported that “A statement released by Murdoch’s spokesman said: “Mr Murdoch welcomes the opportunity to return to the Select Committee and answer their questions. He looks forward to clearing up any misconceptions as soon as possible.”

© Thomas R. Fox, 2013

Leave a Comment

July 2, 2013

Gettysburg Day 2: Dan Sickles, Political Generals and the CCO Position

Filed under: Best Practices,Chief Compliance Officer,compliance programs,Department of Justice,FCPA,FCPA Guidance,SCCE,SEC,US Sentencing Guidelines — tfoxlaw @ 1:01 am
Tags: best practices, compliance, compliance programs, Department of Justice, DOJ, FCPA, Foreign Corrupt Practices Act, SCCE, SEC

Day 2 at Gettysburg saw the fighting swing south of the village, along a ridge line that formed a fishhook at its end on an outcropping called the Little Round Top. This was the far south end of the Union line and its defense was made famous in the book, “The Killer Angels”, which focused on the last stand by the 20^th Maine led by Joshua Chamberlain. However, for today’s post I would like to focus on one of the more fascinating characters in the Civil War; that being Union General Daniel Sickles.

Sickles was a New York politician, who became one of the most prominent political generals of the Civil War. Prior to the war, Sickles was involved in a number of public scandals, most notably the killing of his wife’s lover, Philip Barton Key II, son of Francis Scott Key. He was acquitted with the first use of temporary insanity as a legal defense in US history. His appointment as a Union General was controversial as he had no military experience. Unfortunately, this lack of military training showed on July 2, 1863, when after the Army of the Potomac commander Major General George G. Meade ordered Sickles’ corps to take up defensive positions on the southern end of Cemetery Ridge, anchored in the north to the II Corps and to the south on the hill known as Little Round Top. Sickles violated these orders by marching his III Corps almost a mile in front of Cemetery Ridge. This had two effects: it greatly diluted the concentrated defensive posture of his corps by stretching it too thin, and it created a salient that could be bombarded and attacked from multiple sides. His III Corps was virtually wiped out and this insubordination effectively ended Sickles military career.

I. Requirements for a CCO Position Under the USSG

There has never been an adequate explanation of Sickles departure from his clear orders. Was it insubordination or incompetence? We will probably never know. I thought of Sickles in particular and Lincoln’s general problem of the ‘Political Generals’ in the context of a compliance program under the US Sentencing Guidelines, which under §8B2.1. specifies that under Subsection 2 of an “Effective Compliance and Ethics Program” the following is required:

(A) The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.

(B) High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program.

(C) Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.

II. Requirements for a CCO Position under the Ten Hallmarks of an Effective Compliance Program

The Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance specifies that when appraising a compliance program, they will consider whether a company has assigned responsibility for the oversight and implementation of a company’s compliance program to one or more specific senior executives within an organization. Those individuals must have appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively. Adequate autonomy generally includes direct access to an organization’s governing authority, such as the Board of Directors or an appropriate Committee such as the Audit Committee.

Further, depending on the size and structure of an organization, it may be appropriate for day-to-day operational responsibility to be delegated to other specific individuals within a company. However, the reporting structure will depend on the size and complexity of an organization. Moreover, the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls the DOJ and SEC will typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.

Debbie Troklus, Greg Warner, and Emma Wollschlager, writing in the Society of Corporate Compliance and Ethics (SCCE) “The Complete Compliance and Ethics Manual”, relate that as both anti-corruption compliance and Compliance are still relatively new fields many compliance officers will not have extensive previous experience in this field. Consequently, a Chief Compliance Officer (CCO) position “requires an individual who understands the nature of the business or industry, is capable of understanding and questioning financial and billing statements, is knowledgeable of applicable legal requirements and sanctions that may be imposed in the industry for wrongdoing, has strong written and verbal communication skills, and is firm yet approachable. Whatever the tenure or the educational level, the compliance officer, as “focal point” of the program, must be a figure respected and trusted throughout the organization. Strong interpersonal skills, good listening abilities, and discretion are mandatory.”

III. The SCCE Code of Ethics

They also note that CCOs are stewards of a public trust, and, therefore, the services provided must be of the highest standards of professionalism, integrity, and competence. To this, the SCCE has developed a Code of Ethics for Compliance and Ethics Professionals that addresses three principles, which are broad standards of an aspirational nature.

Principle I: Obligations to the Public — Compliance and ethics professionals should abide by and promote compliance with the spirit and the letter of the law governing their employing organization’s conduct and exemplify the highest ethical standards in their professional conduct in order to contribute to the public good.

Principle II: Obligations to the Employing Organization — Compliance and ethics professionals should serve their employing organizations with the highest sense of integrity, exercise unprejudiced and unbiased judgment on their behalf, and promote effective compliance and ethics programs.

Principle III: Obligations to the Profession — Compliance and ethics professionals should strive, through their actions, to uphold the integrity and dignity of the profession, to advance the effectiveness of compliance and ethics programs, and to promote professionalism in compliance and ethics.

So what about General Sickles, the Political Generals and the CCO position? Did Sickles have the moral authority to command troops after the shooting of Key? After all he was acquitted so perhaps the answer is ‘maybe’. But as to his lack of military experience, by not obeying Meade’s explicit orders, Sickles risked both his III Corps and the army’s defensive plan on July 2 as the Confederate assault smashed the III Corps and rendered it useless for further combat. Gettysburg campaign historian Edwin B. Coddington assigns “much of the blame for the near disaster” in the center of the Union line to Sickles.

I think that the message from the DOJ/SEC in their collective FCPA Guidance is clear regarding the CCO position. They will evaluate the person, the position within an organization and the resources dedicated to the CCO, his department and his staff to determine if it is sufficient for the specific organization at issue. The US Sentencing Guidelines also make clear such an analysis will be made when making a determination of whether to or what sentencing should be for a Foreign Corrupt Practices Act (FCPA) violation. Don’t be a Dan Sickles.

© Thomas R. Fox, 2013

Leave a Comment

April 18, 2013

What’s the Message from BizJet? Self-Disclose and Cooperate

Filed under: Deferred Prosecution Agreement,Department of Justice,Enforcement Actions,FCPA,FCPA Professor,FCPABlog,Federal Sentencing Guidelines,US Sentencing Guidelines — tfoxlaw @ 9:13 am
Tags: BizJet, Department of Justice, DOJ, FCPA, FCPA Blog, FCPA Professor, Foreign Corrupt Practices Act

Over the past week there has been a plethora of Foreign Corrupt Practices Act (FCPA) enforcement actions released. One group was the four enforcement actions involving individuals concerning BizJet. While I cannot say that the enforcement actions against the individuals were stunning, perhaps what was surprising were the penalties that two of the individual received. The lineup of those three BizJet executives and one employee involved in these enforcement actions is as follows:

Bernd Kowalewski – President and Chief Executive Officer (CEO);
Peter DuBois – Vice President of Sales and Marketing;
Neal Uhl – Vice President of Finance; and
Jald Jensen – Regional Sales Manager

Defendants DuBois and Uhl pled guilty in January, 2012 and had their pleas unsealed on April 5, 2013. Defendants Kowalewski and Jensen were charged by Criminal Indictment, also in January, 2012 but are still at large today. The Department of Justice (DOJ) Press Release states that “The two remaining defendants are believed to remain abroad.”

BizJet Bribery Box Score

From the previously released Bizjet Deferred Prosecution Agreement (DPA) and the recently released documents, I have updated the “BizJet Bribery Box Score”.

BizJet Executive or Employee Named	Payment Made To	Amount of Payment	Others Involved
Jald Jensen	Official 6	Cell Phone and $10K	Peter DuBois and Neal Uhl
Jald Jensen	Official 3	$2K	Peter DuBois
Peter DuBois, Neal Uhl and Jald Jensen	Official 2	$20K
Neal Uhl	Official 2	$30K	Jald Jensen
Peter DuBois	Mexican Federal Police Chief	$10K	Neal Uhl and Jald Jensen
Neal Uhl	Official 5	$18K	Jald Jensen
Jald Jensen	Official 4	$50K
Jald Jensen	Mexican Federal Police	$176	Neal Uhl
Jald Jensen	Official 4	$40K
Jald Jensen	Mexican Federal Police	$210K	Neal Uhl
Jald Jensen	Official 5	$6K	Neal Uhl
Neal Uhl	Official 5	$22K

The above bribes were characterized as “commission payments” and “referral fees” on the company’s books and records. Payments were made from both international and company bank accounts here in the United States. In other words, this was as clear a case of a pattern and practice of bribery, authorized by the highest levels of the company, paid through US banks and attempts to hide all of the above by mis-characterizing them in the company’s books and records.

Penalty Box Score

As bad as the conduct of the BizJet executives and sales manager was – and it was very bad – the thing that stood out in the enforcement actions announced last week was the sentences. So without further ado here is the “Penalty Box Score” for defendants DuBois and Uhl.

Individual	Fine or Disgorgement	Potential Incarceration	Actual Incarceration
Peter DuBois	$159,950	108 to 120 months in jail	8 months home incarceration, 60 month’s probation
Neal Uhl	$10,000	60 months in jail	60 month’s probation

The clear import of the BizJet DPA was that a company can make a comeback in the face of very bad facts. In the BizJet DPA, the calculation of the fine, based upon the factors set out in the US Sentencing Guidelines, ranged between a low of $17.1MM to a high of $34.2MM. The final agreed upon monetary penalty was $11.8MM. This was a significant reduction from the suggested low or high end, or as was noted by the FCPA Blog “BizJet’s reduction was 30% off the bottom of the fine range, and a whopping 65% off the top of the fine range.” Finally, BizJet was able to avoid having an external monitor put in place.

Cooperation is the Key

What led to these sentence reductions? Quite simply the answer is full cooperation with the DOJ. The FCPA Professor stated, in a post entitled “Unsealed Documents In Enforcement Acton Against Former BizJet Executives Reveal A Trove Of Information”, that “As part of his plea agreement, DuBois worked in an undercover capacity for the government. The motion specifically states as follows. “As part of his work in an undercover capacity, Mr. DuBois has recorded conversations with former BizJet executives and other subjects of the government’s ongoing investigation.” Later, the motion to seal states that “public identification of Mr. DuBois as a defendant who likely is cooperating with the government may jeopardize the undercover aspect of the government’s investigation.”

In addition to his work as an undercover operative, the Professor quoted from the DOJ Sentencing Memorandum that “assisted in the investigation from the outset and cooperated fully with the government throughout its investigation. DuBois submitted to multiple interviews by the government and has assisted in every way that the government has asked. DuBois told the truth to the government from the outset and continued to do so up until this very day. DuBois’ cooperation not only assisted the government in connection with its investigation into BizJet, but also led to the investigation of another maintenance, repair, and overhaul company engaged in a similar scheme to pay bribes to government officials overseas.”

With regarding to UHL, the Professor quoted from the DOJ Motion for a Downward Departure as follows, “Uhl “agreed to a voluntary proffer session and, when confronted by the government, admitted to the illegal conduct. Throughout the course of the investigation, Uhl was cooperative and provided truthful information that substantially assisted the government in confronting other co-conspirators and witnesses. Uhl offered to assist in any way that he could.”

In another post, entitled “Where Was the BizJet Board?”, the FCPA Professor noted that the conduct engaged in by BizJet was “egregious” and I would certainly second that, perhaps adding that it was about as bad as it could get in the FCPA world. He goes on to state that “Yet, BizJet was allowed to resolve the enforcement action via a deferred prosecution agreement, meaning that should it abide by the terms and conditions of the agreement, BizJet will never be required to plead guilty to anything.” He went on to pose the question, “If that is the DOJ position, then it must be asked – does corporate criminal liability actually mean anything if a company like BizJet – given the DOJ’s allegations – is not actually criminally prosecuted or required to plead guilty?” He ended his post with the following, “In short, the resolution vehicles the DOJ has created and championed has again lead to a “facade of enforcement” – albeit an instance on the opposite end of the spectrum that I normally highlight.”

I think that there is another way to look at the BizJet enforcement action and the individual enforcement actions against DuBois and Uhl. BizJet self-disclosed to the DOJ, engaged in what the DOJ termed “extraordinary cooperation” and remediated the people and conduct in question. Further, DuBois and Uhl not only offered themselves up but actively worked with and assisted the DOJ in its investigation going forward. If one of the goals of the DOJ is to achieve greater compliance with the FCPA, I think that the BizJet cases is a clear demonstration that if a company has FCPA violations they can self-disclose and be given credit for working very diligently in conjunction with the DOJ to remedy the conduct at issue and move the investigation forward.

I believe the same is true for individuals who have engaged in FCPA violations. If a person provides the same level of cooperation as DuBois and Uhl and the DOJ then prosecutes them to the full extent of the US Sentencing Guidelines, how much cooperation do you think the DOJ will engender going forward once the word gets out in the white collar defense bar?

© Thomas R. Fox, 2013

Leave a Comment

July 19, 2012

Halliburton Shareholder Derivative Action Settlement: Lessons for Enhancements to Your Compliance Program

Filed under: Best Practices,compliance programs,Sentencing Guidelines,US Sentencing Guidelines — tfoxlaw @ 9:48 pm
Tags: compliance programs, FCPA, USFSG

In a story first reported in the Wall Street Journal (WSJ), entitled “Halliburton Says Court Approved Corruption Lawsuit Settlement”, Sam Rubenfeld reported that Halliburton has settled a shareholder derivative action which had been filed in state district court in Houston, Texas. The lawsuit, the consolidation of actions brought by two institutional shareholders and one individual shareholder against the company and its Board of Directors individually, had alleged that “the board’s failure to stop the activity caused the company to have to pay hundreds of millions of dollars in settlements and fines, and it damaged Halliburton’s reputation”.

The settlement is interesting for several reasons. Initially, it should be noted that Halliburton will not pay any damages but more than that, Rubenfeld reported that “the plaintiffs said in the settlement they faced “very steep hurdles” in establishing that the directors named in the suit were liable for the illegal activity, and that it was unlikely they would win damages “even closely approaching” what they sought in litigation”. In the settlement, Halliburton agreed to make changes to its corporate governance structure “including a clawback of compensation for board members who were involved in or approved the activity, beefing up its compliance program and strengthening the roles of its board members.” In other compliance areas, the company agreed to publish “newsletters and internal bulletins to include at least six articles per year addressing ethics and compliance issues.” Finally, Halliburton agreed that it’s “code of conduct has to be revised so as a layperson can understand it, and it has to be changed to specifically prohibit the use of bribes and kickbacks.”

I. Clawback Provisions

There were several specific provisions relating to clawbacks which may well now become standard provisions for officers and directors of companies going forward. They related to both monetary compensation and non-monetary compensation, such as stock. All the provisions turn on the following:

If an officer or director is named for “substantially participating in a significant violation of the law”;
And either a company investigation determines the officer’s or director’s conduct was “not indemnifiable”; OR
The officer or director “does not prevail at trial, enters into a plea arrangement…or otherwise admits to the violation in a legal proceeding.”
Then the clawback is triggered.

II. Greater Oversight of Compliance

The settlement specifies several steps the Audit Committee of the Board should take to enhance its role in the compliance function including holding more regular meetings and reporting to the full Board on issues relevant to compliance and risk management in general. The settlement also specified that a Management Compliance Committee shall be created and detailed investigation and reporting protocols for any “Significant Violation of any federal or state law”.

III. Compliance Program Enhancements

Here the settlement specified that for employees working in high risk countries “who have job descriptions associated with business development and procurement activities [emphasis mine] they should have annual compliance training. The settlement also specified Halliburton to rewrite its Code of Business Conduct in plain English “so that it is written in a manner as is commonly understood by a layperson.” The Code of Business Conduct rewrite is to be expanded to make clear that foreign bribery and kickbacks are prohibited and will not use agents recommended by foreign governmental officials, unless such agents are screened through appropriate due diligence. As noted by Rubenfeld’s article Halliburton agreed to publish newsletters and provide email updates and intranet postings, which will address compliance at least six times per year. The company agreed to strive to maintain a ratio of one “Audit Service position for every 5,000 employees” and to certain restrictions in hiring a Chief Financial Officer (CFO).

In a section specified “To assure that its compliance program be deemed “effective” under the revised Federal Sentencing Guidelines” the company agreed to have a compliance program which would be designed to detect an offense “before discovery outside of the organization or before discovery was reasonably likely”. If there is a determination that such conduct occurs the company will take steps to prevent it from reoccurring. Halliburton agreed to take “reasonable steps to remedy the harm from criminal conduct”. Lastly, the Chief Compliance Officer (CCO) was given direct reporting authority to the Board and directed to report “no less than annually on the implementation and effectiveness of Halliburton’s compliance program.”

This settlement is a welcome addition for the compliance practitioner. First and foremost, the no payment of damages is a welcome change from such claims. Moreover, the enhancements agreed to by Halliburton give both compliance practitioners and company specific guidance on good corporate government practices in the compliance arena and specific ways to tie a compliance program to the US Federal Sentencing Guidelines.

Leave a Comment

June 20, 2012

DS&S DPA: Lessons Learned for the Compliance Practitioner

On Monday, June 18, the Department of Justice (DOJ) announced the resolution of a matter involving violations of the Foreign Corrupt Practices Act (FCPA) by Data Systems & Solutions LLC (DS&S), a US entity based in Virginia. The settlement resulted in the company agreeing to a two year and 7 day Deferred Prosecution Agreement (DPA). The case was interesting for a number of reasons and it has some significant lessons which the compliance practitioner can put into place in a corporate compliance program. The charges related to DS&S’s business included the design, installation and maintenance of instrumentation and controls systems at nuclear power plants, fossil fuel power plants and other critical infrastructure facilities. In reading the Criminal Information, I can only say that this was no one-off or rogue employee situation but this was a clear, sustained and well known bribery scheme that went on within the company.

I. The Criminal Information

The bribery scheme involved payments made to officials at a state-owned nuclear power facility in Lithuania, named Ignalina Nuclear Power Plant (INPP). The payments were made to allow DS&S to obtain and retain business with INPP. The Information listed contracts awarded to DS&S in the amount of over $30MM from 1999 to 2004. Significantly, DS&S did not self-disclose this matter to the DOJ but only began an investigation after receiving a DOJ Subpoena for records.

The Players Box Score

DS&S Officials	INPP Officials	Subcontractors
Exec A – VP of Marketing and Business Development (BD)	Official 1 – Deputy Head of Instrumentation and Controls Department	Subcontractor A – Simulation Technology Products and Services
	Official 2 – Head of Instrumentation and Controls Department	Subcontractor B – Beneficially owned by Official 1 and which employed INPP Officials
	Official 3 – Director General at INPP	Subcontractor C – Shell company used a funneling entity to pay bribes
	Official 4 – Head of International Projects at INPP
	Official 5 – Lead SW Engineer at INPP

The bribery scheme used by DS&S recycled about every known technique there is to pay bribes. The Information listed 51 instances of bribes paid or communications via email about the need to continue to pay bribes. The bribery scheme laid in the Information reflected the following techniques used by:

Payment of bribes by Subcontractors to Officials on behalf of DS&S;
Direct payment of bribes by DS&S into US bank accounts controlled by INPP Officials;
Creation of fictional invoices from the Subcontractors to fund the bribes;
Payment of above-market rates for services allegedly delivered by the Subcontractors so the excess monies could be used to fund bribes;
Payment of salaries to INPP Officials while they were ‘employed’ by Subcontractor B;
Providing travel and entertainment to Officials to Florida, where DS&S has no facilities and which travel and entertainment had no reasonable business purpose; and last but not least…
Purchase of a Cartier watch as a gift.

II. The Deferred Prosecution Agreement

I set out these details with some specificity for two reasons. The first is that the Information is a must read for anyone in Internal Audit who reviews books and records. It gives you the precise types of Red Flags to look for. But secondly is the fact that DS&S received a discount of 30% off the low end of the penalty range as calculated under the US Sentencing Guidelines. The calculation as listed in the DPA is as follows:

Calculation of Fine Range:

Base Fine $10,500,000

Multipliers 1.20(min)/2.40(max)

Fine Range $12,600,000/$25,200,000

The ultimate fine paid by DS&S was only $8.82MM, which the DPA states is “an approximately thirty-percent reduction off the bottom of the fine range…” So for the compliance practitioner the question is what did DS&S do to get such a dramatic reduction? We know that one thing they did NOT do was self-report as the DPA notes that this case began as a DOJ investigation and DS&S received Subpoenas “in connection with the government’s investigation.” However, after this initial delivery of Subpoenas DS&S engaged a clear pattern of conduct which led directly to this 30% discount of the low end of the fine range. The DPA reports that DS&S took the following steps:

Internal Investigation. DS&S initiated an internal investigation and provided real-time reports and updates of its investigation into the conduct described in the Information and Statement of Facts.
Extraordinary Cooperation. DS&S’s cooperation has been extraordinary, including conducting an extensive, thorough, and swift internal investigation; providing to the Department searchable databases of documents downloaded from servers, computers, laptops, and other electronic devices; collecting, analyzing, and organizing voluminous evidence and information to provide to the DOJ in a comprehensive report; and responding promptly and fully to the DOJ’s requests.
Extensive Remediation. The number of steps DS&S took in regard to remediation included the following:
- Termination of company officials and employees who were engaged in the bribery scheme;
- Dissolving the joint venture and then reorganizing and integrating the dissolved entity as a subsidiary of DS&S;
- Instituting a rigorous compliance program in this newly constituted subsidiary;
- Enhancing the company’s due diligence protocols for third-party agents and subcontractors;
- Chief Executive Officer (CEO) review and approval of the selection and retention of any third-party agent or subcontractor;
- Strengthening of company ethics and compliance policies;
- Appointment of a company Ethics Representative who reports directly to the CEO;
- The Ethics Representative provides regular reports to the Members Committee (the equivalent of a Board of Directors in a LLC); and
- A heightened review of most foreign transactions.
- Enhanced Compliance Program. More on this in the next section.
- Continued Cooperation with DOJ. The company agreed to continue to cooperate with the Department in any ongoing investigation of the conduct of DS&S and its officers, directors, employees, agents, and subcontractors relating to violations of the FCPA and to fully cooperate with any other domestic or foreign law enforcement authority and investigations by Multilateral Development Banks.

III. Enhanced Compliance Obligations

One of the interesting aspects of the DS&S DPA is that there are 15 points listed in the Corporate Compliance Program, attached as Schedule C to the DPA, rather than the standard 13 items we have seen in every DPA since at least November 2010. The new additions are found on items 13 & 14 on page C-6 of Schedule C and deal with mergers and acquisitions. They read in full:

13. DS&S will develop and implement policies and procedures for mergers and acquisitions requiring that DS&S conduct appropriate risk-based due diligence on potential new business entities, including appropriate FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. If DS&S discovers any corrupt payments or inadequate internal controls as part of its due diligence of newly acquired entities or entities merged with DS&S, it shall report such conduct to the Department as required in Appendix B of this Agreement.

14. DS&S will ensure that DS&S’s policies and procedures regarding the anticorruption laws apply as quickly as is practicable to newly acquired businesses or entities merged with DS&S and will promptly:

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to DS&S, on the anti-corruption laws and DS&S’s policies and procedures regarding anticorruption laws.

b. Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.

This language draws from and builds upon the prior Opinion Release 08-02 regarding Halliburton’s request for guidance during an attempted acquisition and the Johnson and Johnson (J&J) Enhanced Compliance Obligations which were incorporated into its DPA. While the DS&S DPA does note that it is specifically tailored as a solution to DS&S’s FCPA compliance issues, I believe that this is the type of guidance that a compliance practitioner can rely upon when advising his or her clients on what the DOJ expects during Mergers and Acquisitions (M&A). The five keys under these new items, 13 & 14 highlighted above, are: (1) develop policies and procedures for M&A work prior to engaging in such transactions; (2) full FCPA audit of any acquired entities “as quickly as practicable”; (3) report any corrupt payments or inadequate internal controls it discovers in this process to the DOJ; (4) apply DS&S anti-corruption policies and procedures to the newly acquired entities; and (5) train any persons who might “present a corruption risk to DS&S” on the company’s policies and procedures and the law.

IV. Summary

The DS&S DPA provides some key points for the compliance practitioner. First and foremost, I believe that it demonstrates the reasonableness of the DOJ. The bribery scheme here was about as bad as it can get, short of suitcases of money carried by the CEO to pay bribes. The company did not self-report, yet received a significant reduction on the minimum level of fine. The specificity in the DPA allows a compliance practitioner to understand what type of conduct is required to not only avoid a much more significant monetary penalty but also a corporate monitor. Lastly, is the specific guidance on FCPA compliance in relation to M&A activities, to the extent that if anyone in the compliance arena did not understand what was required in the M&A context; this question would seem to be answered in the DS&S DPA.

Leave a Comment

April 12, 2012

How the DOJ Looks at Compliance Programs in an Enforcement Action – Part II

Filed under: Best Practices,compliance programs,Department of Justice,Facilitation Payments,FCPA,Federal Sentencing Guidelines,US Sentencing Guidelines — tfoxlaw @ 1:01 am
Tags: compliance programs, DOJ, FCPA, FCPA enforcement, USFSG

Today’s post is Part II in our two-part series of how the Department of Justice (DOJ) looks at compliance programs during the pendency of an enforcement action. Today we will review how a prosecutor may review the existence and effectiveness of a Foreign Corrupt Practices Act (FCPA) compliance program based upon the Principles of Federal Prosecution of Business Organizations (“the Principles) and an analysis of what is an effective compliance program under the US Sentencing Guidelines (“the Guidelines). Both yesterday and today’s post are based upon the tract “Complying with the Foreign Corrupt Practices Act: A Practical Primer” (herein “the Primer”), published by the ABA Criminal Justice Section, Global Anti-Corruption Task Force.

Independent Evaluation of Compliance Programs

The Primer reports that under this analysis, prosecutors look into three broad categories to make a determination if a compliance program was in existence and effective “at the time of the FCPA violation.” These categories and their specific inquiries are as follows:

The Existence and Design of the Compliance Program

(a) Whether a compliance program is adequately designed for maximum effectiveness in preventing and detecting wrong doing by employees;

(b) Whether the compliance program is designed to detect the particular types of misconduct most likely to occur in a particular corporation’s line of business;

(d) Whether the compliance program has established corporate governance mechanisms that can effectively detect and prevent misconduct.

2. The Administration of the Program

(a) Whether the company’s management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct to achieve business objectives;

(b) Whether a compliance program is being applied earnestly and in good faith;

(d) Whether a compliance program is merely a ‘paper program’ or whether it was designed, implemented, reviewed and revised, as appropriate, in an effective manner;

(e) Whether the company has provided for a staff sufficient to audit, document, analyze, and utilize the results of the company’s compliance efforts; and

(f) Whether the company’s employees are adequately informed about the compliance program and are convinced of the corporation’s commitment to it.

3. The Misconduct in Question

(a) The extent and pervasiveness of the misconduct in question;

(b) The nature and level of the corporate employees involved in the misconduct;

(d) Whether a corporation has taken remedial actions including discipline against past violators and revisions to the company’s compliance program in light of lessons learned; and

(e) The promptness of any disclosure of wrongdoing to the government.

As the Primer points out, these factors are “not exhaustive and are often overlapping but they do provide insight into how DOJ prosecutors conduct investigations and determine whether to bring charges under the FCPA.”

I find this final section on how the DOJ analyzes compliance programs the most helpful for the compliance practitioner, particularly when they must explain to management what is required and why the resources need to be expended. Remember, this analysis is performed based upon your company’s compliance program at the time the FCPA violation arose, not after program remediation. So just think about some of the questions posed above:

Have we trained the appropriate employees?
If so, how do we prove it?
Has anyone ever been disciplined for a Code of Conduct violation or more appropriately a compliance program violation?
If so, is it documented?
Prior to our FCPA violation, had the company ever audited or even reviewed the state of its compliance policy?
If so, were any changes made to the compliance program? What changes were made and why?
Our Chief Executive Officer (CEO) signed a cover letter, written by the Legal/Compliance Department, which introduced our compliance program when we rolled it out (fill in the blank) years ago. What evidence is there of the CEO’s continued commitment to the company’s compliance program since roll-out that can be documented?
Have we opened any new business lines or gone into any new geographic areas since the compliance program roll-out? Did we assess these new business initiatives?
When was the last time we did a comprehensive compliance risk assessment?
Do we have effective internal controls?
If we believe so, how do we know?
When was the last time a compliance audit was conducted?
What were the results or lessons learned?
Did the company incorporate any of these lessons learned into an enhanced or modified compliance program?
What criteria is the sales team evaluated upon?
Is there a compliance component to their annual review/evaluation?
What is the budget for the Compliance Department?
Is a senior person assigned to lead the company’s compliance efforts or is it everyone’s responsibility? (i.e.: if everyone is in charge then no one is in charge.)

These are just some of the questions that come to my mind in looking at how a prosecutor might review a compliance program. There are obviously many, many others. I highly recommend that you consider some of these questions plus any that you can develop. I would also urge you to download, read and then keep handy the Primer. It is free and one of the best FCPA compliance resources around.

US Sentencing Guidelines

The Primer notes that the Principles are not the only source of authority which a prosecutor might refer to in evaluating a company’s compliance program during an enforcement action. The US Sentencing Guidelines note that one of the two factors which can mitigate downwards in determing the amount of a fine and penalty is “the existence of an effective compliance and ethics program”. Further under the Amended November 2010 Guidelines, the Primer says that the “government may now significantly reduce fines and other sanctions if an organization takes reasonable steps to achieve compliance with its standards, e.g., by utilizing monitoring and auditing systems reasonably designed to detect criminal conduct by its employees and other agents.”

The Guidelines provide in broad parameters how a prosecutor will evaluate compliance programs during the pendency of a FCPA enforcement action. As such they also provide guidance to the compliance practitioner on DOJ thinking. While there is not a specific program listed, the Guidelines place “an emphasis on the results of a program—that is, whether it is reasonably designed, implemented and enforced so that [it] is generally effective in preventing and deterring criminal conduct.” The Primer goes on to note that an effective compliance program consists of documentation that an organization “exercise[s] due diligence to prevent and detect criminal conduct; and otherwise promote[s] an organizational culture that encourages ethical conduct and a commitment to compliance with the law.”

One of the key factors is that the Guidelines do rely on the existence of a written compliance program. This means that a prosecutor’s primary focus is on the effectiveness of a company’s compliance program. The Primer lists out the following parameters, which the Guidelines suggest that a compliance program should minimally include and I cite from the Primer in its entirety:

The organization to “establish standards and procedures to prevent and detect criminal conduct.
The “organization’s governing authority . . . be knowledgeable about the content and operation of the compliance and ethics program and . . . exercise reasonable oversight . . .
High-level personnel of the organization . . . ensure that the organization has an effective . . . program . . . .
Specific individual(s) within the organization . . . be delegated day-to-day operational responsibility for the . . . program . . . [and] shall report periodically . . . on the effectiveness of the . . . program.
To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority.
The “organization . . . use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known . . . has engaged in illegal activities or other conduct inconsistent with an effective . . . program.
The “organization . . . take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the . . .program . . . by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities, to “members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents.
The organization . . . take reasonable steps . . . to ensure that the organization’s . . . program is followed, including monitoring and auditing to detect criminal conduct.
The organization . . . take reasonable steps . . . to evaluate periodically the effectiveness of the organization’s . . . program.
The organization shall take reasonable steps . . . to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.
The organization’s . . . program . . . be promoted and enforced consistently throughout the organization through appropriate incentives to perform in accordance with the . . . program; and appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct
After criminal conduct has been detected, the organization . . . take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s . . . program
And in doing all of the above, “the organization . . . periodically assess the risk of criminal conduct and . . . take appropriate steps to design, implement, or modify each [above] requirement . . . to reduce the risk of criminal conduct identified through this process.

I believe that the DOJ has presented significant information to the compliance practitioner about not only it’s most current thinking on what may constitute a minimum best practices compliance program in recent Deferred Prosecution Agreements (DPAs) and Non Prosecution Agreements (NPAs) but with through the Principles and the Guidelines, the DOJ provides guidance of how a prosecutor will look at and analyze a company’s compliance program.

Leave a Comment

FCPA Compliance and Ethics Blog

May 12, 2015

Senn Interview, Part II – A Discussion of the Decision to Self-Disclosure

August 4, 2014

The Houston Astros and a Compliance Defense in the FCPA

July 22, 2014

Code of Conduct, Compliance Policies and Procedures-Part I

December 3, 2013

The Weatherford FCPA Settlement, Part II

July 11, 2013

What is ‘Acceptance of Responsibility’ Under the US Sentencing Guidelines?

July 2, 2013

Gettysburg Day 2: Dan Sickles, Political Generals and the CCO Position

April 18, 2013

What’s the Message from BizJet? Self-Disclose and Cooperate

July 19, 2012

Halliburton Shareholder Derivative Action Settlement: Lessons for Enhancements to Your Compliance Program

June 20, 2012

DS&S DPA: Lessons Learned for the Compliance Practitioner

April 12, 2012

How the DOJ Looks at Compliance Programs in an Enforcement Action – Part II

January

Blogroll

Pages

Admin

Read by Email

Recent Posts from FCPA Compliance and Ethics Report: FCPA Compliance and Ethics Report

Episode 240-Bill Coffin on Compliance Week 2016

Episode 239-Jonathan Armstong On EU Privacy Shield

Episode 238-John Allen on HR Touch Points in Compliance

Episode 237-Steve McCalmont on the Avior Risk Management Platform

Episode 236-Adam Turteltaub and SCCE CCO Survey