FCPA Compliance and Ethics Blog

April 30, 2015

King Arthur Week – The Green Knight and the Protection of Whistleblowers – Part IV

Filed under: Jordan Thomas,SEC,Whistleblower,WSJ — tfoxlaw @ 5:41 am
Tags: , ,

Green KnightWe continue our King Arthur themed week with an exploration of one of the most interesting characters in the Arthur canon, The Green Knight, so called because his skin and clothes are green. The meaning of his greenness has puzzled scholars since the discovery of the poem, that identifies him as the Green Man, a vegetation being in medieval art; a recollection of a figure from Celtic mythology; a Christian symbol or the Devil himself. According to Wikipedia, C. S. Lewis suggested the character was “as vivid and concrete as any image in literature” and J. R. R. Tolkien called him the “most difficult character” to interpret in the introduction to his edition of Sir Gawain and the Green Knight. His major role in Arthurian literature includes being a judge and tester of knights, and as such the other characters see him as friendly but terrifying and somewhat mysterious.

In his primary story with Sir Gawain, the Green Knight arrives at Camelot during a Christmas feast, holding a bough of holly in one hand and a battle-axe in the other. Despite disclaim of war, the knight issues a challenge: he will allow one man to strike him once with his axe, under the condition that he return the blow the following year. At first, Arthur takes up the challenge, but Gawain takes his place and decapitates the Green Knight, who retrieves his head and tells Gawain to meet him at the Green Chapel at the stipulated time. One year later, while Gawain is traveling to meet the Green Knight, he stays at the castle of Bercilak de Hautedesert. At Bercilak’s castle, Gawain’s loyalty and chastity is tested, Bercilak sends his wife to seduce Gawain and arranges that they shall exchange their gains for the other’s. On New Year’s Day, Gawain meets the Green Knight and prepares to meet his fate, where upon the Green Knight feints two blows and barely nicks him on the third. He then reveals that he is Bercilak, and that Morgan le Fay had given him the double identity to test Gawain and Arthur.

I thought about this story of testing when I read an article in the Wall Street Journal (WSJ), entitled “SEC Gives More Than $600,000 to Whistleblower in Retaliation Case” by Rachel Louise Ensign. She reported on the Paradigm securities matter where an award was made to the whistleblower, which was settled by the firm late last year. The settlement was for $2.2MM and $600, 000 of that amount was paid to the whistleblower for the firm’s retaliation against him. This was the first award to a whistleblower for retaliation from the act of whistleblowing. The award is 30% of $2.2MM, which is the maximum amount a tipster can get under the program. The agency said the “unique hardships” he faced were a factor in the size of his award. Securities and Exchange Commission (SEC) Enforcement Director, Andrew Ceresney, was quoted in the article as saying ““We appreciate and recognize the sacrifice this whistleblower made and the important role the whistleblower played in the success of the SEC’s first anti-retaliation enforcement action.””

This award to a whistleblower caps a stunning couple of weeks for whistleblowers who have brought information forward under the Dodd-Frank whistleblowing provisions. First there was the KBR pre-taliation fine and Cease and Desist Order.  In this matter, KBR was fined for having language in its internal employee Confidentiality Agreement (CA) that required employees to go to the company’s legal department before releasing certain confidential information to outside parties such as the SEC. The SEC held that such restrictions violated the “whistleblower protection Rule 21F-17 enacted under the Dodd-Frank Act. KBR required witnesses in certain internal investigations interviews to sign confidentiality statements with language warning that they could face discipline and even be fired if they discussed the matters with outside parties without the prior approval of KBR’s legal department. Since these investigations included allegations of possible securities law violations, the SEC found that these terms violated Rule 21F-17, which prohibits companies from taking any action to impede whistleblowers from reporting possible securities violations to the SEC.” This was in the face of zero findings that KBR had actually used such language or restrictions to prevent any employees from whistleblowing to the SEC.

In another part if its Press Release regarding the KBR case Director Ceresney said, “By requiring its employees and former employees to sign confidentiality agreements imposing pre-notification requirements before contacting the SEC, KBR potentially discouraged employees from reporting securities violations to us. SEC rules prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC.  We will vigorously enforce this provision.”

Then we have the case of Tony Menendez, who was profiled by Jessie Eisinger in an article entitled “The Whistleblower’s Tale: How An Accountant Took on Halliburton”. The article told the story of a whistleblower, who took his concerns to government regulators and was then outed by the company as the SEC whistleblower and retaliated against. Interestingly, the SEC took no action on the whistleblower claims and the company argued on appeal that “since the SEC hadn’t brought any enforcement action, his complaint about the accounting was unfounded.” The company also claimed that simply because the whistleblower was identified by name, this alone was not the basis for a “material adverse action” against him. While Halliburton won at the administrative hearing level, it lost at the Fifth Circuit Court of Appeals.

So now there is a Court of Appeals opinion holding that if whistleblowing was a “contributing factor” only to the retaliation. Further, the employee is not required to prove motive. Well-known whistleblower expert Jordan Thomas also explained in the Eisinger article, “Whistleblowers can be victims of retaliation even if they are ultimately proved wrong as long as they have a “reasonable” belief that the company was doing something wrong.”

It appears that the SEC will be more like the Green Knight going forward. It will be a tester to determine if retaliation against whistleblowers occurs. From preventing companies from trying to stop whistleblowing via CA’s, to monetary awards for retaliation even where there is no SEC or government action taken, to the award to whistleblowers as a part of an SEC settlement for retaliation by their former employers; the SEC is making very clear that they will test how your company treats whistleblowers. If the SEC finds your company’s conduct lacking, you may well be facing something like the Green Knight going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 29, 2015

King Arthur Week – The Round Table and Compliance Professionals and Lawyers as Whistleblowers – Part III

Filed under: FCPABlog,SEC,Whistleblower — tfoxlaw @ 12:01 am

Round TableToday we use King Arthur’s Round Table as the entry into our topic. The Round Table is the famous table around which he and his Knights congregated. Its shape implies that everyone who sits there has equal status. Wace, who relied on previous depictions of Arthur’s fabulous retinue, first described the Round Table in 1155. The symbolism of the Round Table developed over time; by the close of the 12th century it had come to represent the chivalric order associated with Arthur’s court, the Knights of the Round Table.

As with all things Arthurian, the origins of the Round Table are a bit murky. One commentator claims Arthur created the Round Table to prevent quarrels among his barons, none of whom would accept a lower place than the others. Others believe it came to prominences as a symbol of the famed order of chivalry that flourished under Arthur. In Robert de Boron’s Merlin, written around the 1190s, the wizard Merlin creates the Round Table in imitation of the table of the Last Supper and of Joseph of Arimathea’s Holy Grail table. This table has twelve seats and one empty place to mark the betrayal of Judas. This seat must remain empty until the coming of the knight of purity and chastity who will achieve the Grail. When the Knight Percival comes to the court at Camelot, he sits in the seat and initiates the Grail quest. Whatever the origins of the Round Table, it may be the single most tangible item associated with King Arthur.

I thought about these concepts surrounding the legend of the Round Table in consideration of the announcement earlier this month of a whistleblower award paid out by the Securities and Exchange Commission (SEC) of between $1.4 to $1.6 MM to a compliance officer. Sam Rubenfeld reported in an article in the Wall Street Journal (WSJ), entitled “SEC Awards More than $1.4 Million to Whistleblower Compliance Officer”, that the award was paid “to a compliance officer who provided information that helped the SEC in an enforcement action against the tipster’s company, marking the second time a compliance professional received an award under the SEC’s whistleblower program.” As stated this was the second award paid out to a compliance officer, the first occurred in August 2014 and was in the amount of $300,000.

This un-named whistleblower took his (or her) concerns internally to management but was not successful in persuading management to cease the illegal practices. Moreover, “The compliance officer had a reasonable basis to believe disclosure to the SEC “was necessary to prevent imminent misconduct” from causing “substantial financial harm” to the company or investors, the SEC said.” The FCPA Blog, in a post entitled “Compliance officer awarded $1.5 million under SEC whistleblower program”, reported, “After that award, Sean McKessy, chief of the SEC’s whistleblower office, said employees who perform internal audit, compliance, and legal functions can be eligible for an SEC whistleblower award “if their companies fail to take appropriate, timely action on information they first reported internally.”” Adding to McKessy was Andrew Ceresney, chief of the SEC’s enforcement division, who said in a statement “This compliance officer reported misconduct after responsible management at the entity became aware of potentially impending harm to investors and failed to take steps to prevent it.”

This second award makes clear that the SEC will treat compliance professionals as all other whistleblowers when it comes to making an award based upon the fine or penalty. In a December 2014 article, entitled “When Should Internal Auditors And Compliance Officers Become SEC Whistleblowers”, Daniel Hurson wrote “while the amount of the [first] award [$300,000] was not particularly hefty, and was dwarfed by several multi-million dollar whistleblower awards given previously, it carried particular significance to astute observers in the corporate legal, internal audit, and compliance communities. Insiders know that compliance officers and internal auditors, beleaguered and sometimes frustrated as they may be, hold the “keys to the kingdom” when it comes to knowledge of corporate ethical and legal lapses within their companies. Prior to this award, it had generally been thought the SEC would continue to discourage such awards on the rationale that it would not want to encourage employees whose job it was to prevent corporate legal and ethical violations to profit from simply doing their jobs.”

Hurson wrote that this initial whistleblower payment to a compliance practitioner marked a change in SEC policy because “It has generally been understood that compliance officers and internal auditors are not permitted to receive whistleblower awards because information they reported to a superior constituting allegations of misconduct was not to be considered “original information” under the Dodd-Frank Act and SEC rules.” He ended his piece with the following, “In the final analysis, however, the real job of a compliance officer is not just training employees to know the FCPA or any of the myriad of laws and regulations that now govern corporate conduct, but doing his or her absolute best to help them comply with the law, and to identify the cases when they fail. An internal auditor is charged with making his or her investigations and reports, but not administering punishment. But the presumption in each case is that the company will take your work seriously and take action to correct and if necessary report the problem to regulatory authorities.

If this does not happen, or the company displays either a lack of good faith or competence in undertaking its end of the bargain, you may have to undertake corrective action, however unpleasant or personally risky. In truth, you owe this to the company, its vast majority of honest employees, and its investors. If certain people in the corporate structure are blind to the “bet the company” risk in ignoring or covering up wrongdoing, your job is to insure that philosophy does not prevail. I suggest with respect that that duty should remain foremost in the personal decision as to whether and when a compliance officer or internal auditor should, if the situation demands and the law allows, become a whistleblower.”

There was nothing in the SEC Press Release or any of the commentary on the 2015 whistleblower award to indicate that the compliance professional involved was a lawyer. However, an equally delicate issue is whether a lawyer can be a whistleblower. In an article entitled “Is the SEC encouraging unethical whistleblowing by counsel?” Nick Morgan explored this issue. Lawyers are also governed by their state bar associations on their ethical obligations, which include confidentiality and loyalty to a client. Morgan noted, “The Dodd-Frank bounty provisions further exacerbated the conflict between federal securities whistleblower law and state attorney ethics requirements by giving attorneys financial incentives to breach attorney-client confidentiality.”

Three state bar organizations, Washington, California and New York, have questioned if SEC regulations trump state bar ethical obligations regarding attorney whistleblowers. Indeed in New York, “the New York County Lawyers’ Association’s committee on professional ethics responded to the development by releasing a formal opinion. It concluded that New York lawyers, presumptively, may not ethically serve as whistleblowers for a bounty against their clients under Dodd-Frank, because doing so generally gives rise to a conflict between lawyers’ interests and those of their clients.”

What happens when federal law is in conflict with state regulations regarding lawyers’ ethical obligations? Morgan reported, “no court has yet found that SEC regulations preempt state ethics rules governing lawyers’ communications with their clients.  In cases in which conflicts of state and SEC law have appeared, federal courts have been receptive to arguments based on lawyers’ ethical obligations under state law and have balanced the state and federal interests. While the Dodd-Frank bounty provisions increase the incentives for attorneys to act as whistleblowers at their clients’ expense, it is unclear whether those incentives outweigh the risks and burdens associated with taking such actions. Aside from the ethical issues, whistleblowers more often than not go uncompensated and incur significant burdens for their trouble, decreasing whatever temptation some attorneys may feel.”

King Arthur’s Round Table may have been designed so that all Knights were treated as equals. As noted in some of the legends the Round Table is part of the Holy Grail quest storyline, requiring purity of heart and chastity to achieve the Grail. Both strands of the Round Table legend inform the debate on whistleblowers. Even if compliance practitioners may report on their own companies to the SEC, it is not clear about the answer when it comes to lawyers. Further, as lawyers have separate legal obligations they fail to meet the second purpose of the Round Table, to find someone to chase the Grail of whistleblowing.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 18, 2014

SEC Sanctions Company for Whistleblower Retaliation

WhistleI drove my daughter to the airport today for her summer exchange program in Spain. On the way she asked me what I was going to blog about tomorrow and I told her whistleblowers. She was not familiar with that term so I explained it to her and her response was ‘Oh you mean a snitch’ which she then followed up with ‘Dad, nobody likes a tattletale.’ I digested these cheery thoughts for a few moments and I realized if that is what a 17 year old thinks about a person who tries to inform the appropriate parties of concerns, we still have quite a ways to go in this area.

In Compliance Week, Joe Mont reported that the Securities and Exchange Commission (SEC) brought its first enforcement action for a company’s retaliation against a whistleblower. On Monday of this week, the SEC “charged an Albany, N.Y.-based hedge fund advisory firm with engaging in prohibited transactions and then seeking retribution against the employee who reported the illicit trading activity.”

The hedge fund in question, “Paradigm Capital Management and owner Candace King Weir agreed to pay $2.2 million to settle the charges. According to the SEC’s order instituting a settled administrative proceeding, Weir conducted transactions between Paradigm and a broker-dealer that she also owns while trading on behalf of a hedge fund client. Advisers are required to disclose that they are participating on both sides of the trade and must obtain the client’s consent. Paradigm also failed to provide effective written disclosure to the hedge fund and did not obtain its consent as required prior to the completion of each principal transaction. The SEC’s order adds that Paradigm’s Form ADV was materially misleading because it failed to disclose the CFO’s conflict as a member of the conflicts committee.”

Regarding the whistleblower, the SEC order reflected, “after Paradigm learned that the firm’s head trader had reported potential misconduct to the SEC, it engaged in a series of retaliatory actions that ultimately resulted in his resignation. Paradigm removed him from his head trader position, tasked him with investigating the very conduct he reported to the SEC, changed his job function from head trader to a full-time compliance assistant, stripped him of his supervisory responsibilities, and “otherwise marginalized him,” the order says.”

The Dodd-Frank Whistleblower provisions not only allowed payment of a bounty for information, which leads to a SEC enforcement action, but also protects employees from retaliation. Sean McKessy, chief of the SEC’s Office of the Whistleblower, said in a statement “For whistleblowers to come forward, they must feel assured that they’re protected from retaliation and the law is on their side should it occur. We will continue to exercise our anti-retaliation authority in these and other types of situations where a whistleblower is wrongfully targeted for doing the right thing and reporting a possible securities law violation.”

The difficulties faced by whistleblowers on Wall Street have been well documented. In an article in the Financial Times (FT), entitled “Wall Street Whistleblowers”, William D. Cohen wrote about three such persons. Oliver Budde, a former legal advisor for Lehman Brothers, who was quoted as saying “When the tone at the top is ‘anything goes’ anything will go.” Eric Ben-Artzi, a former analyst at Deutsche Bank, who was quoted as saying “They accused me of trying to bring down the bank.” Peter Sivere, a former compliance officer at JP Morgan Chase, who was quoted as saying “I wish I had known that the house always wins.” All three men had tried to blow the whistle internally but were not only rebuffed but suffered retaliation.

For his article, Cohen interviewed the three men. He found that all of them had “made allegations of wrongdoing at their banks, made strenuous efforts to report what they had discovered through internal and external channels and all three were either fired from their jobs after trying to share the information they had stumbled upon or quit in frustration.” But, equally importantly, Cohen believes that their stories, “and the details of what happened to them are important. Not only do they illustrate the existential risks that whistleblowers take when they attempt to point out wrongdoing that they uncover at powerful institutions. They also matter because their stories show just how uninterested these institutions genuinely remain – despite the lip service of internal hotlines and support groups – in actually ferreting out bad behaviour.”

The article also quoted Jordan Thomas, a former SEC enforcement official now in private practice at the firm of Labaton Sucharow, where he heads the firm’s whistleblower practice. Thomas thinks that the anonymous reporting provisions of the Dodd-Frank Whistleblower provisions will help protect whistleblowers. He said, “Essentially most whistleblower horror stories start with retaliation and to be retaliated against, you have to be known. The genius of Dodd-Frank was it created a way for people with knowledge to report without disclosing their identity to their employers or the general public. That has been a game changer because now people with knowledge are coming forward with a lot to lose, but they have a mechanism where they can report this misconduct without fear of retaliation or blacklisting.” Thomas also said “the fact that the SEC could award $14m to a single whistleblower whose identity has remained unknown, despite efforts by the media to uncover it, sends a powerful message that whistleblower identities will be protected.”

One person who is uncomfortable with this anonymous reporting is Beatrice Edwards, director of the Government Accountability Project. She pointed to a recent SEC payout to an anonymous whistleblower, where “The SEC didn’t even reveal the nature of the wrongdoing the whistleblower uncovered, so both the company’s shareholders and the public remain in the dark about what was specifically uncovered and where. All that is known is that the SEC did bring a major enforcement action against a financial institution that resulted in a large penalty and the corresponding $14m award to the whistleblower.” Edwards argued that “the SEC is a disclosure agency, so they should have to establish that [not revealing the information] is really required in order to protect the whistleblower, if they’re going to in a sense subvert their mission . . . They really are not able to justify why they are silent about the name of the company or the nature of the fraud.”

Perhaps the SEC bounty program and the Paradigm Capital Management enforcement action will change the way that company’s view and treat whistleblowers. I certainly hope so because a company’s own employees are its best source of information about what is going on inside the company. As to my daughter’s perception about whistleblowers, I asked her if her school had any type of reporting system if a student saw or was subject to inappropriate behavior. She said that you are supposed to report it to a school counselor. When I explained that was a whistleblower system she relented somewhat. But then she added, No one should rat out their friends. Just like the SEC, I guess we have a ways to go.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

October 22, 2013

The Tuck Rule, the Push Rule and Retaliation Against Whistleblowers

Filed under: FCPA,SEC,Whistleblower — tfoxlaw @ 1:01 am
Tags: , , , , ,

I cannot say the missed horse-collar on Johnny Football on the Texas A&M Aggies final series takes the worst officiating call of this past weekend award but the un-sportsman like call against the Patriots on the New York Jets first field goal attempt in overtime ranked as the worst pro-football officiating FUBAR of the weekend. For those of you who missed it, on an otherwise unsuccessful Jets field goal attempt, Patriot Chris Jones was flagged for pushing teammate Will Svitek from behind to violate a rule that says players cannot push teammates on the line of scrimmage into the offensive formation. To say that I am still confused by what happened because after watching about 20 different replays of the play would be an understatement; I still am not sure that actually happened or even if Jones pushed Svitek. I said to my wife that not only had I never heard of that rule, I had never seen a penalty called for such conduct; the TV announcers then said the same thing.

In thinking about that play and the Patriots loss to the Jets, I considered the following: is it now the beginning of the end of the Patriots dynasty which started on an equally obscure rule and penalty, aka “The Tuck Rule”? In the play during a 2001 playoff game, Raiders’ cornerback Charles Woodson sacked Patriots’ quarterback Tom Brady, which in turn, caused a fumble that was eventually recovered by Raiders’ linebacker Greg Biekert, and would have almost certainly sealed the game. Officials reviewed the play and eventually determined that Brady’s arm was moving forward, when it was actually moving backwards, thus making it an incomplete pass. Got it?

It was the first playoff game that Patriot coach Bill Belichick had won as head coach. If the Patriots do not win that game, they do not start a run of three Super Bowl victories in four years and Tom Brady probably never becomes the Golden Boy. Now I wonder if the Patriots 11 year run as one of the NFL’s all-time great franchises has ended with an equally obtuse and obscure rule as the Tuck Rule. I also wonder if the Patriots loss to the Jets portends the beginning of the end of their dynasty; all for the want of a rule no one had ever heard about or had seen enforced. Bookends indeed.

I thought about such obtuseness and obscureness when I ready the Memorandum and Order in Meng-Lin Liu v. Siemens AG, in the US District Court for the Southern District of New York. This case involved a whistleblower, Liu, who claimed that he was discharged by the defendant in retaliation for internally reporting violations of Siemens compliance program in North Korea and China. Liu had brought suit under the Dodd-Frank Act for retaliation against a whistleblower. The New York District Court followed the logic of the Fifth Circuit Court of Appeals in the Asadi decision that the Dodd-Frank Act itself does not explicitly provide for an extraterritorial application of the anti-retaliation provision even though a foreign employee may fall within the definition of a whistleblower for whistleblower award purposes. So even though Dodd-Frank and Sarbanes-Oxley (SOX) protect extraterritorial disclosures, they do not protect extraterritorial employees who make them. Got it, sort of like the Tuck Rule; was his arm moving forward, backwards or does it even matter?

All of this was based in part on the fact that “This is a case brought by a Taiwanese resident against a German corporation for acts concerning its Chinese subsidiary relating to alleged corruption in China and North Korea. The only connection to the United States is the fact that Siemens has ADRs [American Depository Receipts] that are traded on an American exchange.” I guess the Court was unaware of the fact that Siemens paid the largest fine for Foreign Corrupt Practices Act (FCPA) violations in the history of the world, ever. There must have been some US jurisdiction there somewhere.

Next the Court weighs into the “apparent incongruity” that while the Dodd-Frank explicitly incorporates SOX whistleblowing into the anti-retaliation protection provisions; for Dodd-Frank protections to apply there must be a disclosure to the Securities and Exchange Commission (SEC). However, for SOX protections to lie, certain internal disclosures are not only protected but required. The SEC itself promulgated a rule that an employee has anti-retaliation protections if (1) you have a ‘reasonable belief’ that securities has or will occur; (2) you provide that information to the SEC; and (3) report such conduct to “persons or governmental authorities other than the [SEC].”

To further confuse things, the Court accepts a Department of Labor (of all things) interpretation that reporting of FCPA violations does not fall within SOX protections because they are not violations of “any rule or regulation of the Securities and Exchange Commission” or “any provisions of Federal law relating to fraud against shareholders.” The Court then goes on to say that the plaintiff alleges that he reported violations of FCPA-relevant securities laws but the plaintiff’s Compliant does not specifically allege “that rule or specifically address recordkeeping violations.” The Court ends this section by stating that SOX does not “protect disclosures of FCPA violations.”

As the FCPA Professor might say “Say What”? To the plaintiff, they Court is saying that we are dismissing your compliant because you did not list with specificity either the Securities Exchange Act section a company violated in their conduct or address recordkeeping violations. But it really does not matter because even if you had listed them with sufficient specificity, SOX does not protect you, period.

In addition to being a little bit more than confusing, this Court ruling sets corporate compliance programs back on their collective backsides. Corporate America fought long and hard to require that employees report allegations of corruption and bribery internally before they went to the government. The reason that companies made this request was that it was only fair to allow companies to fix problems of which they may not have been aware. While the SEC did not require internal reporting as a prerequisite for Dodd-Frank whistleblowing, it did incentivize such whistleblowers to report internally first before submitting information to the SEC. But now that incentive is worthless if an employee who does so can be terminated at will for internally reporting concerns about bribery and corruption.

Just as the push rule may be the point at which the Patriots begin to tip away from their 11 year run as the best franchise in pro football, the Liu decision may be the bookend with the Asadi decision which portends the end of foreign employee protection against retaliation for internal whistleblowing. It is hard to conceive that neither Congress nor the SEC understood that by its nature, FCPA violations would occur overseas since it is a law which prohibits bribery of foreign government officials, not US government officials. While both the Southern District of New York and the Fifth Circuit Court of Appeals may think they are doing corporations a favor by ruling against international employees who internally report, the reality is that both the Liu and the Asadi decision out of the Fifth Circuit will both hurt corporations in the long run as now employees are only protected if they run to the SEC without giving the companies a chance to investigate, remediate or self-disclose any alleged FCPA violations.

As for the Patriots, the King is dead; long live the [next] King. May your reign be as majestic as the Patriots has been.

================================================================================================

Please join me Tuesday, Oct. 22 at noon CDT for a webinar on what I think are the Five Critical Trends in FCPA Compliance for 2014. It is hosted by The Network and you can attend at no charge. For details and registration, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

April 1, 2013

Ethical Behavior in the Navy – Lessons for the Non-Military Compliance Practitioner

What exactly is doing business in an ethical manner? I believe that the answer is different for each company. Ethical behavior can translate into doing business in a manner that does not jeopardize the safety of others and how you treat co-workers and subordinates. One of the things that I think ethical behavior entails is doing business within the rules, regulations and obligations of your business. For US companies doing business internationally, one of things this means is doing business within the parameters of the Foreign Corrupt Practices Act (FCPA).

But what if your business is named the US Navy? A recent article in the New York Times (NYT), entitled Admiral at Center of Inquiry is Censured”, by reporters C. J. Chivers and Thom Shanker explored some of these issues. The article discussed the discipline action taken against “Rear Adm. Charles M. Gaouette, who led Carrier Strike Group Three, which included the aircraft carrier John C. Stennis, had been accused of using profanity in a public setting and making at least two racially insensitive comments, officials familiar with the investigation said.” The article noted that his “case arrived as a worrisomely large number of senior military officers have been investigated or fired for poor judgment, malfeasance, sexual improprieties or sexual violence over the last year.”

Further, the article reported that due to the number of such cases, the new Secretary of Defense, Chuck Hagel, sent out an internal memo to the Pentagon’s top brass, which was also provided to the NYT. In this memo, Hagel “urging a renewed “commitment to values-based ethical conduct.” Further Hagel said that “Each of us must rededicate ourselves to upholding the principles of sound leadership,” and that “Our culture must exemplify both professional excellence and ethical judgment.”

Interestingly, this discipline of Admiral Gaouette, was instituted by a compliant by Navy Captain Ronald Reis, the commander of the Stennis. Reis himself was accused of not following “normal protocols for driving the ship through busy shipping lanes, and ran a bridge in which the surface officers under his command felt tense and unable to offer their input, the officers said. Three officers and two former officers familiar with the ship’s bridge procedures said the captain tended to act alone and by eye, and not carefully track the Stennis’s position relative to other vessels in crowded seas; one of them said he tended “to fly the ship.””

Lastly, the article quoted the former officer for the following “We’re not talking about how Ron worked with the harbor pilot when docking at a pier. We’re talking about how he was driving through congested seas. People were concerned when he was driving because they were concerned he would hit something.”

According to the article, Gaouette was cleared of any criminal violations but was given a “set of administrative penalties which will effectively end his career” in the Navy as “the full inspector-general’s report was ordered to be attached to the admiral’s service record, where it will block his chances at promotion or future command, officials said.”

I recognize that most compliance practitioners do not work for the military but there are some very valuable lessons for the compliance practitioner that can be gleaned from the article.

Ethical Leadership

The few references in the NYT piece to Hagel’s internal memo are quite telling. Like most military organizations, the US Navy relies on strong discipline throughout the ranks. However, this does not mean that a senior officer can act abusively to lesser ranked officers. The article noted that “Navy officials declined to provide details, or discuss precisely what Admiral Gaouette said that Captain Reis and the inspector general deemed insensitive.” Nevertheless, whatever was said would be appear to outside what the Navy believed was tolerable. So intolerable in fact, that it ended Admiral Gaouette’s career.

Treatment of Whistleblower

It was Captain Reis who filed the complaint against Admiral Gaouette, not the other way around. The article reported that “After Admiral Gaouette had ordered the captain to slow down as the vessel was steaming through ship traffic in the Malacca Strait in excess of 20 knots, the officers said, Captain Reis filed a complaint to the inspector general, claiming the admiral was abusive.” The Navy followed through and investigated a senior officer in a situation where it appeared that the junior officer had engaged in conduct where the junior officer did not follow standard Navy protocols. In other words, the Navy did not blame the person who filed the complaint for his actions which may have even led to Admiral Gaouette’s interactions with the Captain.

Discipline

As noted, the conduct which Admiral Gaouette engaged in was so far out of line or unethical that it ended his Navy career. For any compliance program to work there must be both a carrot and a stick, meaning that violation of a company’s ethical values must be punished. In the Navy, abusing a subordinate is something that violates its standards for ethics based conduct. Nothing speaks more strongly than actions and for the Navy to discipline a senior officer in such a manner speaks directly to its commitment of “upholding the principles of sound leadership” that Hagel spoke about in his internal memo.

I found this article provided many things for the compliance practitioner to think about. It showed the Navy’s commitment to have an organization run with ethics. It may be that your company could learn something from this example.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

February 8, 2013

How Does Your Organization Treat Whistleblowers?

As almost everyone knows, Lance Armstrong spoke for the first time about his performance enhancing drug (PED) use recently on Oprah. On the first night he admitted for the first time that he used PEDs during his seven wins at the Tour De France. The title of my colleague Doug Cornelius’ piece in Compliance Building really said it all in his article “Lance Armstrong – A Lying Liar Just Like Madoff”. Cornelius said “What caught my attention about the Armstrong interview was the window into the mind of a pathological liar. Armstrong had been telling the lie over and over and over. He lied to the public. He lied to the press. He lied to cancer survivors. He lied under oath.”

One of the areas which came up for me was how the people who blew the whistle on Armstrong’s use of PEDs before his admission were treated and how Armstrong subsequently treated them. Armstrong admitted that he was a ‘bully’ to those who said, hinted, or even implied that he had taken PEDs. He attacked ex-teammates; wives of ex-teammates and even a masseur who saw him take such substances. He put on an aggressive PR campaign for the better part of the past decade, to which the wife of ex-Tour De France winner Greg LeMond said “I can’t describe to you the level of fear that he brings to a family.”

While I would hope that most American and European companies have moved past the situation where whistleblowers are ostracized or worse threatened, one can certainly remember the GlaxoSmithKline (GSK) whistleblower Cheryl Eckard. A 2010 article in the Guardian by Graeme Wearden, entitled “GlaxoSmithKline whistleblower awarded $96m payout”, he reported that Eckard was fired by the company “after repeatedly complaining to GSK’s management that some drugs made at Cidra were being produced in a non-sterile environment, that the factory’s water system was contaminated with micro-organisms, and that other medicines were being made in the wrong doses.” She later was awarded $96MM as her share of the settlement of a Federal Claims Act whistleblower lawsuit. Eckard was quoted as saying, “It’s difficult to survive this financially, emotionally, you lose all your friends, because all your friends are people you have at work. You really do have to understand that it’s a very difficult process but very well worth it.”

More recently there was the example of NCR Corp., as reported in the Wall Street Journal (WSJ) by Christopher M. Matthews and Samuel Rubenfeld, in an article entitled “NCR Investigates Alleged FCPA Violations”, who stated that NCR spokesperson Lou Casale said “While NCR has certain concerns about the veracity and accuracy of the allegations, NCR takes allegations of this sort very seriously and promptly began an internal investigation that is ongoing,” regarding whistleblowers claims of Foreign Corrupt Practices Act (FCPA) violations. In a later WSJ article by Matthews, entitled “NCR Discloses SEC Subpoena Related to Whistleblower, he reported that NCR also said “NCR has certain concerns about the motivation of the purported whistleblower and the accuracy of the allegations it received, some of which appear to be untrue.”

Lastly, is the situation of two whistleblowers from the British company EADS. As reported by Carola Hoyos in a Financial Times (FT) article, entitled “Emails tell of fears over EADS payments”, Hoyos told the story of two men who notified company officials of allegations of bribery and corruption at the company and who suffered for their actions. The first, Mike Paterson, the then financial controller for an EADS subsidiary GPT, internally reported “unexplained payments to the Cayman Island bank accounts for Simec International and Duranton International, which totaled £11.5M between 2007 and 2009.” Hoyos reported that Paterson was so marginalized in his job that he was basically twiddling his thumbs all day at work.

The second whistleblower was Ian Foxley, a retired British lieutenant-colonel, who had joined the company in the spring of 2010 stationed in Saudi Arabia, to oversee a £2M contract between the British Ministry of Defence (MOD) and the Saudi Arabian National Guard. In December 2010, Foxley discovered some of the concerns which Mike Paterson had raised. According to Hoyos, “The morning after he discovered Mr. Paterson’s concerns he assessed the emails that Mr. Paterson had told him he had written over the previous three years.” This led Foxley to flee Saudi Arabia with documents of these suspicious payments, which he has turned over to the Institute of Chartered Accountants and the UK Serious Fraud Office (SFO).

What does the response of any of these three companies say about the way that it treats whistleblowers? Is it significantly different from the bullying Armstrong admitted he engaged in during his campaign to stop anyone who claimed that he was doping? While I doubt that companies will ever come to embrace whistleblowers, the US Department of Justice’s (DOJ’s) recent FCPA Guidance stated that “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” However, by marginalizing, attacking or even making a whistleblower fear for their life, such actions can drive a whistleblower to go the DOJ, Securities and Exchange Commission (SEC) or SFO. The Guidance recognized that “Assistance and information from a whistleblower who knows of possible securities law violations can be among the most powerful weapons in the law enforcement arsenal.”

So what is the compliance professional to make of the Armstrong confession and how can it be used for a compliance program? A recent White Paper, entitled “Blowing the Whistle on Workplace Misconduct”, released by the Ethics Resource Center (ERC) detailed several findings that the ERC had determined through surveys, interviews and dialogues. One of the key findings in this White Paper was that that a culture of ethics within a company does matter. Such a culture should start with a strong commitment to ethics at the top, however it is also clear that this message must be reinforced throughout all levels of management, and that employees must understand that their company has the expectation that ethical standards are vital in the business’ day-to-day operations. If employees have this understanding, they are more likely to conduct themselves with integrity and report misconduct by others when they believe senior management has a genuine and long-term commitment to ethical behavior. Additionally, those employees who report misconduct are often motivated by the belief that their reports will be properly investigated. Conversely, most employees are less concerned with the particular outcome than in knowing that their report was seriously considered.

This is the ‘Fair Process Doctrine’. This Doctrine generally recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. Considerable research has shown that people are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at by processes and procedures that are perceived as fair. Adhering to the Fair Process Doctrine in two areas of your Compliance Program is critical for you, as a compliance specialist or for your Compliance Department, to have credibility with the rest of the workforce.

In this area is that of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

This fairness has several components. One would be the use of outside counsel, rather than in-house counsel, to handle the investigation. Moreover, if company uses a regular firm, it may be that other outside counsel should be brought in, particularly if regular outside counsel has created or implemented key components which are being investigated. Further, if the company’s regular outside counsel has a large amount of business with the company, then that law firm may have a very vested interest in maintaining the status quo. Lastly, the investigation may require a level of specialization which in-house or regular outside counsel does not possess.

Phrasing it in another way, Mike Volkov, writing in his blog Corruption, Crime and Compliance, in an article entitled “How to Prevent Whistleblower Complaints”, had these suggestions: (1) Listen to the Whistleblower – In dealing with a whistleblower, it is critical to listen to the whistleblowers concerns. (2) Do Not Overpromise – At the conclusion of an initial meeting with a whistleblower, the company representative should inform the whistleblower that the company will review the allegations, conduct a “preliminary” investigation and report back to the whistleblower during, or at the conclusion of, any investigation. (3) Conduct a Fair Investigation – Depending on the nature of the allegations, a follow up inquiry should be conducted. The steps taken in the investigation should be documented.

I would add that after your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for the violation of any compliance policy. Simply put if you are going to fire employees in South America for lying on their expense reports, you have to fire them in North America for the same offense. It cannot matter that the North American employee is a friend of yours or worse yet a ‘high producer’. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

Lance Armstrong has and will continue to provide the ethics and compliance practitioner with many lessons. You can use his treatment of whistleblowers as an opportunity to review how your company treats such persons who make notifications of unethical or illegal conduct. With the increasing number of financial incentives available to persons to blow the whistle to government agencies, such as the SEC under the Dodd-Frank Act, it also makes very good business sense to do so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

January 23, 2013

The FCPA Guidance on the Ten Hallmarks of an Effective Compliance Program

Many commentators are still mining the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) publication, A Resource Guide to the U.S. Foreign Corrupt Practices Act, (the “Guidance”), which was released last November. I continue to find nuggets to provide to the compliance practitioner, as do others. But as we are a Base 10 culture, today I want discuss the 10 points listed as the ‘Hallmarks of Effective Compliance Programs”. They are a change in style, but not content, from the prior 13 point minimum best practices that the DOJ has in the Deferred Prosecution Agreements (DPAs) since at least November, 2010 and, indeed, from prior information made available by the DOJ.

I.                   Where Have We Been

Beginning with at least the Metcalfe & Eddy Consent and Undertaking, filed in December, 1999, the DOJ has laid out its thoughts on what should go into a Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program. In the Metcalfe & Eddy Consent and Undertaking, the DOJ laid out ten points of an effective FCPA anti-corruption compliance program. This was modified somewhat in Opinion Release 04-02, which laid out a best practices compliance program in 12 points, where the DOJ reviewed the proposal by an investment group who were acquiring certain companies and assets from ABB Ltd. ABB Vetco Gray Inc. and ABB Vetco Gray (UK) Ltd., two of the entities being acquired, had previously pled guilty to FCPA violations. The investment group desired to protect itself from further liability, to the extent possible, by proposing to the DOJ a comprehensive best practices compliance program. While the DOJ noted that this compliance program was not a shield against future violations, the DOJ would not “intend to take an enforcement action [against the investors] for violations of the FCPA prior to their acquisition from ABB.”

In the Panalpina DPA, issued in November, 2010, the DOJ laid out a 13 point minimum best practices compliance program. This number was changed this past summer when the Data Systems & Solutions LLC (DS&S) DPA was announced. In this enforcement action the DOJ listed 15 points on its minimum best practices FCPA anti-corruption compliance program. Then later in the summer, the DOJ moved to a 9 point compliance program in the Pfizer DPA. Even with all these changes in the number, the substance of each compliance program has remained the same.

II.                Where Are We Now? Hallmarks of Effective Compliance Programs

The Guidance cautions that there is no “one-size-fits-all” compliance program. It recognizes that depending on a variety of factors such as size, type of business, industry and risk profile that a company should determine what is appropriate for its own needs regarding a FCPA compliance program. But the Guidance makes clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

  1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states that “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
  2. Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. The Guidance makes clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model. Some of the risks a company should assess include “the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.”
  3. Oversight, Autonomy, and Resources. This section starts with a discussion on whether a company has assigned a senior level executive to oversee and implement a company’s compliance program. Not only must a company assign such a person with appropriate authority but that person, and the overall compliance function, must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Additionally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
  4. Risk Assessment. The Guidance states that “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.” The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.”
  5. Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
  6. Incentives and Disciplinary Measures. This involves both the carrot and the stick. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.” These incentives can take the form of a part of senior management’s bonuses or simply recognition on the shop floor.
  7. Third-Party Due Diligence and Payments. Here the Guidance focuses on the ongoing problem area of third parties. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
  8. Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
  9. Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
  10. Mergers and Acquisitions. Pre-Acquisition Due Diligence and Post-Acquisition Integration. Here the DOJ and SEC spell out what it expects in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information is not something that most companies had previously focused on. Basically, a company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

As I commented earlier in this article, the DOJ and SEC have communicated what they believe are the important parts of a risk based, anti-corruption compliance program for many years. I do not think that a compliance defense could be set out any more succinctly. However, I do like things set out in Base 10 and the “Hallmarks of Effective Compliance Programs” is an excellent compilation of where we are and what you need in place to go forward. I recommend this as a good a starting point for any compliance practitioner to implement a new compliance program or to evaluate the state of an ongoing compliance regime so assess your company’s risks and use these hallmarks as a basis to move forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

January 2, 2013

The Allianz FCPA Enforcement Action – What the Compliance Practitioner Needs to Know

Who is your favorite character from the Iliad? Is it Agamemnon the king who brings the Greek Armada to Troy for his brother’s honor; perhaps Ajax the mountain of a man who is the most loyal Greek warrior; how about Achilles the warrior who single-handedly destroys more Trojans than any Greek; or perchance Nestor the wise old counselor who tries to keep the Greeks united in the face of ten years of war? Perhaps your taste runs to the Trojan characters, Priam, the leader of Troy, Paris, now husband of the most beautiful woman on earth, or Hector, the stalwart son of Priam who dies in a duel with Achilles. In the Iliad, my money is on Odysseus, who is a king like Agamemnon and Priam; a shrewd advisor like Nestor; and a great warrior like Ajax, Achilles and Hector. Lastly, he has, if not the most beautiful wife in the world, certainly the most loyal in Penelope.

On December 17, 2012, the Securities and Exchange Commission (SEC) entered into an agreed Cease and Desist Order (Order) with Allianz SE regarding violations of the Foreign Corrupt Practices Act (FCPA). Much like Odysseus, this Order provides several different types of information for the compliance practitioner to digest. This post will work through some of the information and point out to you the lessons which can be drawn from this enforcement action.

The company is in the insurance business, writing lines including property and casualty, life, and health insurance and also is in asset management. Initially it is to be noted that the FCPA violations involve a subsidiary Allianz created to do business in Indonesia, PT Asuransi Allianz Utama Indonesia Ltd (Utama), through which the illegal payments were made. Allianz was the majority owner of this entity and Utama’s financial reporting was rolled up into the parent’s books and records. The Order reported that Utama secured at least 295 Indonesian government contracts through improper payments of approximately $650,626. From these improper payments, Allianz “realized $5,315,649 in profits.”

I.                   Jurisdiction

While the company is headquartered in Munich, Germany, from November 3, 2000 to October 23, 2009, Allianz’s American Depositary Shares and bonds were registered with the Commission pursuant to Section 12(b) of the Exchange Act and traded on the New York Stock Exchange (“NYSE”). This made Allianz an “issuer” within the meaning of the FCPA and therefore subject to the Act. The conduct at issue occurred when Allianz was a US issuer. Interestingly, in 2009, Allianz voluntarily delisted its securities from the New York Stock Exchange (NYSE).

II.                The Bribery Scheme

Back in 1981, the company opened up a “special purpose bank account” for the payment of agent commissions in Indonesia. However, in February, 2001, the Chief Compliance Officer (CEO) and Chief Financial Officer (CFO) of Utama “opened a separate, off-the-books account in the Indonesian Agent’s name (the “Agent special purpose account”). The Agent special purpose account was used to make improper payments to employees of Indonesian state-owned entities and others for the purpose of obtaining and retaining insurance contracts.” Contemporaneously with the creation of this new Agent special purpose account, Utama contracted with its Indonesian Agent a “Paying Agency Agreement” which established the Agent special purpose account would serve as the slush fund to make bribe payments to foreign officials and others as instructed by Utama.

a.      2001-2005

The scheme worked in this manner. There were two components for the insurance premiums, a “technical premium” which was 75-95% of the cost of the insurance product and the “overriding premium” which was the remaining 5-25% of the premium and was to be paid to the agent for the sale. During this time frame, the Utama Marketing Manager would make payments into the Agent special purpose account and these monies would be used to make improper payments to Indonesian government officials. The Indonesian government purchasing the insurance would be billed the combined total of these two premiums for 100% of the cost of the insurance product. The monies received by Utama would be deposited into one bank account and then the amount of the overriding commission would be transferred into the Agent special purpose account. This money would then be paid to the Indonesian government official who directed the purchase of the insurance product, in cash.

b.      2005-2008

Due to an internal whistleblower and subsequent investigation which will be discussed later, this original bribery scheme was modified in 2005; that is after completion of payments to Indonesian government officials who were owed bribes for insurance products purchased previously, up through 2008. Thereafter, Utama employed a variety of methods to make illegal and improper payments to Indonesian government officials. These methods included “1) booking commissions to an agent that was not associated with the account for the government insurance contract and then withdrawing the funds booked to the agent’s account as cash to pay the foreign official; or 2) overstating the amount of a client’s insurance premium, booking the excess amount to an unallocated account and then “reimbursing” the excess funds to the foreign officials, who were responsible for procuring the government insurance contracts.”

III.             Whistleblower and Internal Investigations

In 2005, an internal whistleblower made a complaint about the Agent special purpose account. This whistleblower apparently provided detailed information on the account and “a number of internal controls weaknesses.” The company initiated an internal audit of Utama and the Agent special purpose account but amazingly limited the scope of the audit to “embezzlement from the Company”. Even with this limited scope Allianz’s internal audit group identified the Agent special purpose account as a “vehicle to pay project development and overriding commissions to the special projects and clients for securing business with Utama” and other indicia of FCPA improper payments however “no additional steps were taken to determine the nature and purpose of the accounts or to identify the recipients of payments from the accounts.” The company did instruct Utama to close the Agent special purpose account but as noted above, not only did Utama continue to make improper payments out of the Agent special purpose account but also widened the scope of its bribery practices.

In 2009, the company’s outside auditor “received an anonymous complaint alleging that an Allianz executive created or initiated slush funds during his tenure with AZAP.” In response to this complaint the company created “a Whistleblower Committee to do an internal investigation and retained counsel to conduct an internal investigation of Utama’s payment practices in Indonesia.” However, Allianz did not self-report either the allegations of improper payments or the results of its internal investigations to the SEC or Department of Justice (DOJ). In 2010, the SEC opened an investigation after receiving “an anonymous complaint of possible FCPA violations.” After some initial delay in the timeliness in reporting to the SEC, the company began cooperation with the SEC and began remedial efforts.

IV.              Lessons Learned

There are several lessons which can be learned from the Allianz enforcement action. The first and foremost is jurisdiction. Simply because you are a foreign based company, do not think you are shielded from FCPA enforcement actions. Foreign companies need to review their US listings to determine if they have inadvertently subjected themselves to FCPA jurisdiction. In Allianz’s situation its American Depositary Shares and bonds were registered with the SEC. That is enough for jurisdiction. So if you are sitting across the Atlantic or Pacific or north or south of the border and have some American interests, holdings or anything else that you own or are a part of the US, you had better get your FCPA compliance house in order.

There is a wealth of information that internal auditors can use from this enforcement action. The first and foremost is that when you turn a rock over and look under it there may well be several things that show up under the light of day. If you are tasked with trying to find one scheme, such as embezzlement and find indicia of another, for example bribery and corruption of foreign government officials, it is in the interest of both you and your company to keep looking. If substantive information comes to a company in any manner, the company has a duty to investigate it and not to bury its collective head in the sand.

The bribery schemes used by Utama are also instructive. Initially, they give internal audit and anyone else looking for that matter, clear red flags to investigate further. If there is a “special purpose fund” of any type, the reason for the fund and justifications for payments out of it, thorough review of backup documentation is mandatory for your review. Additionally, there should be a review of the commissions paid. It is easy enough to do; match up the commission paid with the contract for which it is due under, coupled with the work done by the agent who is alleged to be owed the commission. You should also review the amount of commission paid to ascertain if it is within a reasonable range.

Internal controls must also not only be reviewed but additional monitoring and auditing should be put in place to make sure that any recommendations made are followed. Here Utama was told to close the Agent special purpose account in 2005 but not only did they fail to do so they continued to pay bribes out of it into 2008. Apparently no one at Allianz thought they should follow up to see if the instruction to close the Agent special purpose account was followed.

We started this blog with the question of who was your favorite hero from the Iliad. My favorite is Odysseus. He is the only Greek hero who combines all of the traits I listed in the opening paragraph. I think that the Allianz FCPA enforcement action is similar because there are many different lessons which can be learned. The DOJ and SEC consistently put out solid information that the compliance practitioner can use to evaluate and assess a compliance program or to manage specific risks. You do not have to read the tea leaves or try to go to the Oracle of Delphi to understand what the DOJ and SEC expect in the way of FCPA compliance. The Allianz SEC enforcement action continues this tradition.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

November 11, 2012

Armistice Day, Remembrance Day, Veterans Day

On the 11th minute of the 11th day of the 11th month in 1918, the War to End all Wars ended. While this ending did not accomplish that stated purpose, since that day we have honored all those persons who served in our Armed Forces. As you know Mary Jones has been posting for me over the past week when I had surgery and will continue to do so while am now recuperating. I wanted to thank everyone for their good wishes and I am doing as well as can be expected.

My surgery was performed on Election Day and it was not until the next day I was cognizant enough to ask a Nurse who won the election. Later that day, while still in ICU, I had an interesting conversation with another Nurse, who was from Nigeria, about our freedoms in America and that led me think about some of the things we owe all of our Veterans. I asked this Nurse what he thought about all the negative campaigning and accusations which flew back and forth; as opposed to some type of reasoned debate. He just looked at me and said “Do you know what I would have given back at home to be able to hear those things, or even say them.” The look in his eye reminded me that once again our right to vote, debate in public and otherwise engage in a free flowing dialogue about the future and destiny of our country is a freedom not held in other parts of the world, even in a country which, on paper at least, is a democracy.

I once had the rare privilege of trying a lawsuit in Hidalgo County, Texas, for 6 weeks. It was not a place friendly to defendants or corporations. One of the things I will never forget is the trial judge, Frank Evans, telling the jury panel about their rights and obligations as citizens to sit as jurors, and his comments were related to a Veteran. The Veteran was Harlon Block and he was one of the six men who raised the US Flag on Mount Suribachi on February 23, 1945. His name was enshrined outside the County Courthouse, along with the names of all other residents of Hidalgo County who have died serving our country from the Civil War to the present day. Harlon Block grew up in Weslaco, Texas, and played football at Weslaco High School. In February 1943, the entire team, consisting of 13 members, enlisted in the armed forces on the same day. Two years later, Block was one of the six men who made up one of the most iconic photos which came out of World War II and then he was killed while fighting on Iwo Jima.

The Judge who told this story was also one of those 13 boys. He told this story so that all of us might understand what it took for people to have the right to sit on a jury and judge their peers, whether in the criminal or civil context. As a trial lawyer, I think that one of our greatest freedoms is that of the Seventh Amendment which reads:

Amendment VII – Right to a jury trial

In suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury shall be otherwise reexamined in any court of the United States, than according to the rules of the common law.

I believe that this right to a trial by jury speaks to several rights but one of those is that, in the civil context, an aggrieved party gets to tell his or her story to an independent third party. This is a powerful catharsis for any injured person. But more than getting to simply tell their story they will be judged by a process which is fair and open, through the rules of procedure and evidence. I believe it is this concept that is important for compliance. There must be a way for persons to tell (or report) stories which concern them regarding bribery and corruption. Companies must allow employees to use a helpline, report concerns or even whistle blow internally without disparagement or attacking them in public. Because if companies do not allow such a mechanism a whistleblower can go straight to the Securities and Exchange Commission (SEC) and sign up for a bounty.

However, I think that there is another compelling reason that Amendment VII is so important and how it applies directly to compliance. I call it “the light of day”. By allowing ordinary citizens to not only see but participate in the judicial process, it gives greater credibility to the entire process itself. I still think about the scene from ‘On The Waterfront’ where Terry, played by Marlon Brando, calls out to Johnny Friendly, played by Lee J. Cobb, to tell him that where he is standing “in the light of day” is a much better place to be than hiding in the shadows. Today we call that ‘transparency’ and this is something that you must have in your compliance program. Employees must see that those who make internal whistleblower reports are not attacked, demeaned or marginalized. US society is better because of both sides of Amendment VII, those being the protection for and the participation of its citizens in the judicial process. I would posit to you that transparency extends to internal reporting systems which allow employees to express concerns regarding compliance issues without fear of retaliation.

So today I want to thank all the Veterans in my family. To my Father; to Uncle John and Uncle Alvan and to my Father-in-Law Michael Rudland, who served in the British Navy and helped keep my wife’s mother country safe for its Queen and Country. A big and most heartfelt thank you to all.

And for the rest of you, if you know a Veteran, buy them a cup of coffee today or call them up and say thanks. If you see one, tell him or her thanks. Our country just showed why it is the greatest in the world by having a free election; take some time to celebrate what the men and women in our armed forces have done for us.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 23, 2012

What is Your Integrity Capital?

Compliance practitioners often hear that bribes must be paid in emerging markets to get anything done. Indeed a recent survey by CEB (formerly Corporate Executive Board) of more than 700,000 employees of multinationals around the world, discussed in a Harvard Business Review article, entitled “Greased Palms, Giant Headaches”, by Dan Currell and Tracy Davis Bradley reported that there was a large jump in the payments of bribes, providing or receiving improper gifts and failures to report conflicts of interest in the BRIC (Brazil, Russia, India and China) countries over developed countries. Is bribery really pervasive in those countries or is it simply the perception? On the other hand, as Andre Agassi was found to say “Perception is reality.” Certainly the story by the New York Times (NYT) about Wal-Mart in Mexico paying over $24 million to be the first big box retailer into the Mexican market may lead some credence to that perception. While the authors did not specifically address the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act, they did report that “bribery and corruption is the second leading category of unlawful activity by Western companies in emerging markets”.

However, Currell and Bradley focus their collective attention on the US corporate headquarters in their article. They note that “Our research suggests that one driver originates at headquarters-multinationals’ increasing growth imperative in emerging markets.” While it certainly is a recognized and valid long-term growth strategy to identify and develop new markets, the authors believe that companies are now thinking that they can “meet our targets by increasing revenues quickly in markets” like the BRIC countries. In other words, long-term strategic plans suddenly become “short-term necessities” and this change can increase “the pressure on local employees to make their numbers, tempting some to break the law.”

What is a company to do when short term goals cause pressure, pressure and more pressure for increased revenues? The authors acknowledge that a robust compliance program is a key component for protection against bribery and corruption by employees, but they believe that more is needed. They identify “Integrity Capital” as a key component to “lower levels of misconduct along with higher levels of reporting when employees do witness wrongdoing. Integrity capital is embedded in the culture, not instituted through controls, and it helps shape employee behavior, which could include offering a bribe or defrauding the company.” The authors identify the following as five factors of Integrity Capital:

  1. Management takes action when it becomes aware of misconduct. This means that companies “must insist on a swift response to complaints, unbiased investigations” and even “public hangings” of offenders.
  2. Employees are comfortable speaking up about misconduct and don’t fear retaliation. While this would seem to be self-evident, it is a sad fact that in many companies, whistleblowers are ostracized or even blamed for the conduct in question. Witness the initial response by Wal-Mart management in the 2005 time frame to allegations of corruption made by an employee with knowledge of the conduct. He was blamed for the conduct at issue. Even in the recent allegations brought to light with EADS, the whistleblowers were marginalized or worse by the company.
  3. Senior leaders and managers treat employees with respect. The authors believe that in addition to not mistreating whistleblowers, companies should “praise employees who have the courage to call out wrongdoing.”
  4. Managers hold employees accountable. Simply put, if an employee engages in bribery or corruption, they need to be disciplined or discharged. Allowing high revenue generators or high income generating territories or business units to avoid scrutiny and/or sanctions is a clear recipe to destroy the integrity of a compliance program.
  5. High levels of trust exist among colleagues. Your employees must believe that the company will take allegations seriously and will act on the information that they provide.

The authors conclude their article with three different concepts which they believe will minimize the occurrences of bribery and corruption within an organization. First, a company should use commonsense observation. If an emerging market shows success in “speeding things along”, such as regulatory approvals for the construction of bricks-and-mortar facilities, this made need to be looked at closer. Since regulatory approvals do not happen quickly in BRIC countries, it may be that the skids were greased with cash to pay bribes. The second is that a company must be proactive in seeking out and obtaining information from employees about allegations of bribery and corruption. The authors “advise companies to also proactively solicit information from frontline employees and to use surveys or online tools to guarantee anonymity” in reporting allegations of bribery and corruption. Lastly, the authors insist that companies have organization justice so that if there are credible reports of misconduct they are not swept under the rug.

Currell and Bradley provide interesting observations which can be used by a compliance professional to evaluate the sufficiency of their compliance program. Their thoughts on things to look for from an emerging market provide solid guidance on searching for potential red flags which might warrant further investigation from internal audit or a FCPA based compliance audit team. There are a number of practitioners and ethicists who talk about the need for ethics in any company culture to compliment a compliance program. The article by Currell and Bradley provides some of their guidance on what that may look like.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,244 other followers