FCPA Compliance and Ethics Blog

December 7, 2011

Is Water Wet or is Jack Webb Still ‘The Man’?

I am often asked where I come up with my ideas for blog postings. I respond that there are innumerable sources and resources in the compliance arena, in some ways perhaps too many. Today I will attempt to integrate three of these resources into one coherent article. The first comes from my ‘This Week in FCPA’ cohort Howard Sklar. It is that well known Sklar maxim “water is wet”. This is not simply a plug for Howard (as if he needed a plug) but a useful entree into the next source of inspiration which I found in this month’s Business Ethics column in December issue of the ACC Docket, entitled “Just the Fact, Ma’am”, by James Nortz.  This a reference to the signature line of Jack Webb as Sgt. Joe Friday in the multi-decade running police procedural television standard, Dragnet.

So how do Howard Sklar and the Nortz article tie in together? They converge in one of the areas of a minimum best practices compliance program as set forth by the Department of Justice (DOJ). This convergence is found in best practices No. 9, Ongoing Advice and Guidance, which requires that a Company should establish or maintain an effective system for (c) responding to any reports of violations of a company’s compliance program, i.e. investigations. Nortz says that in responding to such questions, one of the most important things is “understanding the facts”, he  goes on to add that it “is so obvious that it is hardly worth making the observation. But, here’s the point, both our business colleagues and our companies often fail to do so.”  It is so important (and obvious) that Nortz posits that in any investigation, a compliance professional’s first ethical obligation is that it is important to understand the facts before making a decision.

All of the above brings me to my third inspiration for today’s posting, which is an advertisement in the same issue of ACC Docket, where there is a lighthouse, under which is the title “Shine a Light on Compliance Issues”. I am impressed enough with the graphic to identify the advertiser, “WeComply”. I find that Sklar’s maxim, Nortz’s use of the Dragnet adage and WeComply’s lighthouse all tie into 9(a) of the DOJ’s minimum best practices which says that that a Company should establish or maintain an effective system for “(a) Providing guidance and advice to directors, officers, employees, on complying with the Company’s anti-corruption compliance policies, standards, and procedures…” One of the constant refrains for any compliance officer during the day is responding to employees’ compliance based inquiries. These questions come in all shapes and sizes and from all over the world. So continuing the above themes, the compliance professional must try to ascertain the facts to give an intelligent, coherent and, hopefully correct, response. This does not mean a full blown investigation but as any lawyer who has worked in-house either in a corporate legal department or compliance department will recognize, the clients need an answer.

As we lawyers all believe, many business guys will ‘shoot from the hip’ so while all the other facets of a best practices compliance program are important, so is listening, gathering facts and trying to use these facts to provide coherent guidance. This may require you to ask for an email explanation so that an employee can get a comprehensible picture in front of you. However, listening may help provide the simple guidance, as sometimes that is all it takes. If you need to ask a colleague for some advice do so, if only to bounce your proposed solution off them.  Even if a short turnaround time is required, do not let the business guys bully you telling you they need the answer “yesterday”.

So the WeComply lighthouse implies to me that you need to shine a light on the facts. As obvious as this may sound, or as wet as water may be, Nortz reminds us that the first thing to do in responding to inquiries or investigating a compliance issue is to garner the facts before responding. So to answer my own question found in the title of this posting, Jack Webb is still ‘The Man’. Cue the iconic opening Dragnet theme by clicking, here.

Ed. Note-we note the passing of Harry Morgan at the age of 96. For those of us who grew up in the 60s will always be remembered as Jack Webb’s partner, Detective Bill Gannon. For a later generation,  Morgan is well-known for his role as Col. Sherman Potter in M*A*S*H.

======================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

September 14, 2011

Compliance Convergence: US Customs and Border Protection’s Importer Self-Assessment Program

Compliance convergence can have several variations. I have written about the convergence from export controls to anti-corruption controls. Last week I wrote about the Lacey Act, which regulates imports of certain types of wood, among other items. One of the valuable lessons of compliance convergence can be the cross-over of lessons learned from one area of compliance to another. I was reminded of this when reading an article in the September issue of the ACC Docket, entitled “Import Loopholes Avoiding the Customs Audit” by Tiffany Jones. Her article discusses the “Importer-Self Assessment” (ISA) program initiated by the US Customs and Border Protection (CPB). The ISA has a requirement for a company to perform a “self-assessment” which means auditing, reporting results and correcting mistakes and implementing process improvements. This ISA relates to imports but it can be very useful for the Foreign Corrupt Practices Act (FCPA) compliance practitioner.

The CPB looks at five criteria to evaluate whether a company is ISA-ready. These will be familiar to the compliance professional. The terminology is a bit different but the concepts are recognizable. These five criteria lay out a good way for a FCPA compliance practitioner to think through an assessment of a company’s FCPA, Bribery Act or other anti-corruption and anti-bribery program.

I.                   Control Environment

Under this criteria, a candidate must demonstrate its commitment to compliance at the highest levels of the organization. Can you say ‘Tone at the Top’? But more than simply the right words, a company must demonstrate this criteria by actually doing. Therefore, this will include written policies, training for key import personnel and company-wide cross training.

II.                Risk Assessment

At least annually, a company should perform a risk assessment to determine which areas of import compliance are the most subject to error or non-compliance. In addition to assessing traditional high risk areas, a company should consider risk which may “flow from changes in personnel or changes in internal controls.” Additionally both transactions and internal controls should be reviewed.

III.             Control Activity

This criteria is defined as the creation of procedures to ensure that the senior management directives as specified in Criteria I – Control Environment are carried out. While Criteria I speaks to overall policies, Criteria III focuses on the procedures to implement the policies.

IV.              Information and Communication

This criteria has two components. First, company personnel are charged with keeping themselves informed of changes to trade regulations and how any changes might effect a company’s operations. Second, this information must be communicated and disseminated throughout the company to all “departments touching on the trade function.” The author quotes from the ISA Handbook, “Pertinent information related to CPB activities is identified, captured and distributed to the right people in sufficient detail, in the right form and at the appropriate time to enable them to carry out their duties…”  I could not have said it better myself.

There are many aspects to compliance convergence. Many practitioners view it as requiring many different types of compliance. This is certainly a valid view. However it can also be used as an opportunity to bring in compliance expertise that may already exist in your company to assist in an anti-corruption compliance program. This Border and Customs Protection format for self-assessment is a guideline that the FCPA practitioner can use as a basis self-assess a company’s compliance program. If you are implementing an anti-corruption program or looking at an anti-bribery program required under the UK Bribery Act there may be resources which you can tap into which exist within your company.

————————————————————————————————–

They’re Back!!!!!! Howard Sklar and I discuss all things FCPA and compliance (well mostly all things) on the return of This Week in FCPA, Episode 16See and hear Howard go on several rants as we discuss Haiti Teleco, denial of the ICE Mandamus Petition, Oracle’s announcement of a FCPA investigation and the post-trial filings in the Lindsey Mfg. case.

On Thursday, Sept. 15, my colleague Mary Jones and I will discuss how a Best Practices  compliance program can assist you in a FCPA compliance investigation, in a webinar hosted by World-Check and Ethisphere. Mary will discuss her experiences at Global Industries in a multi-year, world-wide FCPA investigation and how Global Industries came out with a Non-Prosecution Agreement. For registration and information, click here.

————————————————————————————————–

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

January 18, 2011

The Swiss Compliance House: a Model for FCPA Compliance?

Filed under: compliance programs,FCPA — tfoxlaw @ 6:45 am
Tags: , ,

In an article in the January/February issue of the ACC Docket entitled “Five Fundamentals for Taking Management Compliance Seriously, author Daniel Lucien Buhr discusses a model for a compliance system which he describes as the “Compliance House”. The Compliance House is a model which has been developed by Swiss businesses to use as the foundation of effective compliance management by ensuring that by “binding values and appropriate compliance management they can safeguard their integrity, and avoid or contain breaches of the law.” Buhr believes that it is the basic legal responsibility of any company board of directors to make certain breaches of law are either avoided or, if they occur, are detected early enough so that the company may remedy the situation.

Buhr begins with a very basic understanding of the term compliance, which he defines it as “ensuring law abidance.” However, the author goes on to expand this definition by noting that both private and public stakeholders of a company will expect that the company shall comply with applicable standards, therefore compliance may also be defined as “the state of integrity expected by stakeholders on the basis of civic responsibility of the companies.” This is a far different version than most US companies would state. Most US companies would try and obey the law but not include a complete culture of integrity.

Buhr states that whatever the size of the company, it all begins with a strategic risk profile or what he terms a “risk map”. This sounds quite similar to the UK Bribery Act’s First Principle of Adequate Procedures, that being a risk assessment where a company regularly and comprehensively assesses the nature and extent of the risks relating to bribery and corruption. It is also the same as the Department of Justice’s (DOJ) admonitions that to follow the US Sentencing Guidelines for a best practices Foreign Corrupt Practices Act (FCPA) compliance program, a company should begin with a risk assessment. Buhr stresses that while there is no single model which will apply to every company, there are five common elements to build the “Compliance House” and they are:

  1. A written Compliance Policy and Code of Conduct is the ‘roof’ of an effective compliance policy. Under this element, the corporate management commits to complete integrity, through complying with FCPA, the UK Bribery Act or other compliance laws and regulations. This must be a key component of corporate culture and the foundations of its business operations.
  2. The structure of the compliance organization is the first pillar upon which the Compliance House is built. This is one of the side walls of the Compliance House. Management must ensure that the company’s Code of Conduct or other implementing statements are effectively implemented by the company’s compliance group. This requires that management fully empower the compliance group with adequate staffing, material and financial resources. This structural component must guarantee that an independent body is created, through a hotline or other mechanism, which allows compliance concerns and violations to be reported in confidence.
  3. The compliance processes are the second pillar of the Compliance House. Together with the confidential reporting mechanism, the compliance processes make up the other pillar of the Compliance House. The pillar includes planned systematic processes such as the regular analysis of compliance risks, the publishing and implementation of internal compliance policies and procedures, training the appropriate staff on compliance issues and the detection and investigations of possible compliance violations.
  4. Appropriate compliance incentives and sanctions. While most US companies are fairly well versed in sanctioning employees for compliance violations, they are less progressive in compliance incentives. This prong requires that a company reward particular achievements relating to compliance. Conversely, compliance breaches must be punished; however a company must make clear that the compliance program will not be sacrificed for commercial incentives. Finally, there should be complete transparency in both rewarding those who do business in a compliant manner and punishing those who violate the company compliance program.
  5. Testing the effectiveness of the Compliance House. As noted by Lanny Breuer, Assistant Attorney General, for the Criminal Division of the US DOJ, a compliance program must be dynamic, not static. This requires constant improvement of the compliance program through measurement and regular testing for effectiveness. Breuer has advocated an annual compliance program assessment by each company. Under the Compliance House model this would allow a company to determine weaknesses in its compliance program and remedy them or take into account changes in a company’s business model, such as moving into a high risk business area. The fifth element completes the Compliance House model.

The Compliance House model provides to the compliance practitioner, whether in a Swiss company or a person who is governed by the FCPA or the Bribery Act, a conceptual framework to develop an overall compliance program. It can also be used as a format to present to a Board of Directors to help them to understand a company’s compliance obligations and how those obligations are being satisfied.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

 

 

Customized Rubric Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,201 other followers