Bonnie Prince Charlie, Charlie Chaplin and Proportionate Procedures

Continuing our UK theme this week, we note a birthday anniversary and the anniversary of an event involving two quite different Charlie’s. The first is the anniversary of the Battle of Culloden, where in 1746 the English forces, led by the Duke of Cumberland, defeated the Scottish Jacobites, who supported the last serious Stuart Pretender to the English throne, Bonnie Prince Charlie. This battle not only cemented the House of Hanover’s seat on the English throne but also led to the decimation of the Scottish Highland Clans. In a very different anniversary celebration, we also note the birthday of Charlie Chaplin, born in 1889. Yes, the Little Tramp was a Brit.

Whilst flying over to the UK I caught up on some reading, including the Saturday Wall Street Journal (WSJ). In an article, entitled “Why Airport Security is Broken-And How to Fix It”, Kip Hawley, the former head of the US Transport Security Administration (TSA) provides his prescription on how to fix what he calls “the national embarrassment that our airport security remains”. Pretty strong language by someone who has been “to the top of the mountain.” While I find the security checks we all now go through only mildly inconveniencing, Hawley writes that the US airport security remains “hopelessly bureaucratic and disconnected from the people whom it is meant to protect.”

Hawley believes that the TSA has an incorrect approach to proportionality of the risk faced. He says that by attempting to eliminate all risk, the system is not only a “nightmare for U.S. and visitors from overseas” but that this system is “brittle where it needs to be supple.” In the aftermath of the post 9-11 attacks the system was designed so every passenger could avoid harm while traveling. Hawley believes that some of the risk factors which led to the 9-11 attacks have been remedied, such as box cutters or a small knives that could breach a cockpit door; more Federal Air Marshalls traveling on flights and greater passenger awareness and willingness to respond to such an emergency. He believes that the risk, which is now paramount, to manage is to stop a catastrophic attack. In short the risks have changed but the TSA have not changed to manage new or other risks.

Hawley lays out five changes which he believes would go a long way towards allowing the TSA to properly manage this risk of catastrophic attack:

1. No more banned items. By listing every banned item, you make each X-Ray scan an “Easter-egg hunt” and provide terrorists with the list of items the TSA will look for.
2. Allow all liquids. Hawley believes that “simple checkpoint signage, a small software update and some traffic management are all that are standing between you and bringing all your liquids on a plane. Really.”
3. Give TSA officers more flexibility and rewards for initiative and hold them accountable. There must be more independence for TSA officers ‘on the ground.’ Currently if you initiate independence as a TSA officer, you are more likely to be disciplined rather than rewarded.
4. Eliminate baggage fees. The airlines bags fees cause more passengers to bring bags on planes, which requires more security, increases costs and slows down the process which in turn requires airlines to charge more for tickets because there are more delays.
5. Randomize security. If terrorists know what to expect at airport security, they have a greater chance to evade the system. Hawley’s answer is to randomize more security checks while not subjecting every passenger to the current full security compliment.

I have set out Hawley’s thoughts in some detail because they point to how the UK Ministry of Justice (MOJ) suggests that a company should begin its anti-bribery/anti-corruption compliance program. It discusses what constitutes the Six Principles of an Adequate Procedures compliance program in Principle 1, entitled Proportionate Procedures, the MOJ Guidance states, “A commercial organisation’s procedures to prevent bribery by persons associated with it are proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation’s activities.” In other words, adequate anti-bribery prevention procedures should be proportionate to the bribery risks that a company faces. It all begins with a risk assessment, but the Guidance recognizes that “To a certain extent the level of risk will be linked to the size of the organisation and the nature and complexity of its business.” However, company size is not to be the only determining factor as certainly smaller entities may face quite significant risks and, therefore, need more extensive procedures than their counterparts facing limited risks. The Guidance does recognize that the majority of small organizations are unlikely to need procedures that are as extensive as those of a large multi-national organization.

The level of risk that a business may face will also vary with the type and nature of the persons with which it is has third party relationships. A company that properly assesses it has no risk of bribery on the part of one of its third party relationships will accordingly require nothing in the way of procedures to prevent bribery in the context of that relationship. By the same token the bribery risks associated with reliance on a third party agent representing a company in negotiations with foreign public officials may be assessed as significant and accordingly require much more in the way of procedures to mitigate those risks. This means that companies will be required to select procedures to cover a broad range of risks but any consideration by a “court in an individual case of the adequacy of procedures is likely necessarily to focus on those procedures designed to prevent bribery on the part of the associated person committing the offence in question.”

Near the end of this section of the Guidance it states, “the procedures should seek to ensure there is a practical and realistic means of achieving the organisation’s stated anti-bribery policy objectives across all of the organisation’s functions.” This sounds quite similar to Hawley’s plea that the TSA needs to change its risk management away from protecting every passenger from harm while traveling to preventing a catastrophic attack. But perhaps this final point from the Guidance points up to why the TSA cannot or will not make this change in risk management. They have not received firm guidance from the Executive Branch or from US Congress on what their primary mission is, and hence the primary risk the TSA must manage. In other words, if top management does not support the Compliance Department or forces it to focus on the wrong risks, a Compliance Department may well miss the mark and cause its clients, the business unit personnel to become fed up and just as irritated with the Compliance Department as Hawley believes the traveling public is with the TSA. In other words, tone at the top does matter. Not only must senior management support the compliance function but it should support it, with the appropriate financial resources and tools to manage the correct risks.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

New First Principle of Adequate Procedures: Proportionality

One of the more noticeable changes in the UK Bribery Act Guidance released last month and the Consultative Guidance, released last September, is found in the Six Principles of an Adequate Procedures compliance program. The Consultative Guidance listed Risk Assessment as Principle 1. However, in the recent final Guidance, Risk Assessment has  moved to Principle 3 and the new Principle 1 is Proportionate Procedures, which is defined as follows:

A commercial organisation’s procedures to prevent bribery by persons associated with it are proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation’s activities. They are also clear, practical, accessible, effectively implemented and enforced.

Adequate bribery prevention procedures ought to be proportionate to the bribery risks that a company faces and a company still must assess these risks so an initial assessment of risk across the company is, therefore, a necessary first step. However, proportionality is overlaid above and across all the remaining Principles so if a company has a low risk profile, it may not need as robust an anti-bribery compliance program as a company with a higher risk profile.

The Guidance makes clear that although the level of risk will be linked to the size of the company, and the nature and complexity of its business, size will not be the only determining factor. Small businesses can face quite significant risks and will need more extensive procedures than other businesses facing limited risks. However, small businesses are unlikely to need procedures that are as extensive as those of a large multi-national company.

The level of risk that companies face will also vary with the type and nature of the third parties it may have business relationships with. For example, a company that properly assesses that there is no risk of bribery on the part of one of its associated persons will, accordingly, require nothing in the way of procedures to prevent bribery in the context of that relationship. By the same token the bribery risks associated with reliance on a third party agent representing a company in negotiations with foreign public officials may be assessed as significant and, accordingly, requires much more in the way of procedures to mitigate those risks. Businesses are likely to need to select procedures to cover a broad range of risks but any consideration by a court in an individual case of the adequacy of procedures is likely necessarily to focus on those procedures designed to prevent bribery on the part of the associated person committing the offence in question.

So what does this mean in practice? Since Proportionate Procedures is Principle 1, it takes precedence over all others. I recently attended a conference by Hanson Wade where one of the speakers discussed this concept of proportionality. Based upon his remarks and the text of the Guidance, I have created the following chart to provide some interpretation of what this may mean in practice for various sales models that a company may have in place.

Company Sales Focus	Contract Language	Questionnaire	Level One DD	Level Two DD	Foreign Law Firm Review	Level 3 DD	Foreign Business Partner Training
Large Multinational	Yes	Yes	Yes	Yes	Yes	Likely	Yes
LargeUKExporter	Yes	Yes	Yes	Yes	Yes	Maybe	Yes
Significant UK Company	Yes	Yes	Yes	No	No	No	No
EU OnlySales	Yes	Yes	Yes	No	No	No	No
UKOnlySales	Yes	No	No	No	No	No	No

The left hand column lists the type of business which may be subject to the Bribery Act. The categories across the top are the types of risk tools a company can use to manage its risks.

•  Contract Language  This means legal terms and conditions which protect the company to the greatest extent possible from a foreign business representative engaging in conduct violative of the Bribery Act.
• Questionnaire – This means that both the business person who desires the relationship and the foreign business representative commit certain designated information in writing prior to beginning the due diligence process.
• Level One Due Diligence – This is an electronic database search of the relevant UK and US lists of known criminal, terrorists, money-launderers, etc., it should be used for foreign business representatives in low risk countries only.
• Level Two Due Diligence – This is an electronic database search in the home country of the foreign business representative and should be performed in conjunction with a Level One search for all foreign business representatives in medium to high countries.
• Level Three Due Diligence – This is a “boots-on-the-ground” due diligence investigation. It can include an interview of the proposed Foreign Business Party, its references and bankers, a review by the Commercial Attaché of the appropriate UK Ministry. It should be used in high risk countries and/or when Red Flags cannot otherwise be cleared.
• Foreign Law Firm Review – This is a legal review of both your company’s proposed Foreign Business Partner contract and a legal Memorandum of the rights and obligations of entering into such a relationship in the country in question.
• Agent Training – Where your company should provide anti-bribery training to its Foreign Business Partners.

Many have decried the final Guidance as a cave-in by the UK Ministry of Justice, to UK business interests, to soften, if not gut, the Bribery Act. However, we believe that this Principle of Proportionate Procedures inserts a component of reasonableness due to the fact that what may be appropriate a world-wide multi-national company is not necessarily needed for a UK company selling primary, if not exclusively, in the UK or even in the EU.

===========================================================================================

If you are in San Diego, the World Check FCPA Tour will be in your city this week. Please come out and here about the most current FCPA best practices.

Wednesday, May 4 from 8-10 AM PDT at San Diego Marriott Del Mar: Santa Fe Ballroom, in San Diego, CA. For information and registration details click here.

——————————————————————————————————————————————————————

My colleague Howard Sklar had an interesting idea. It was that he and I do a video chat each week on the past week’s stories from the world of compliance. We have begun this journey and the results are “This Week in FCPA“; which can be found here.

Every week, Howard and I will get together and talk about the week’s events in FCPA. This week, we talk about the UK Bribery Act, and how companies should react; we discuss the Johnson & Johnson deferred prosecution agreement and J&J’s added undertakings; and we discuss the recent challenges to the idea that state-owned entities can be foreign officials. We also talk about what contract provisions should be in every contract, and whether audit rights are a good thing or not.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

UK Bribery Act Guidance: the Six Principles of a Non-Skewered Compliance Program

The UK Bribery Act guidance is out and the reaction has been across the board. Here is just a sampling of it. Mike Volkov, in the FCPA Blog brought up Yogi Berra by noting, “If you don’t know where you are going, you might wind up someplace else.” He used this quote to lead into a piece entitled, “Life after Guidance: No Change”. This complimentary use of an American icon, whose use of the English (American version) language is legendary stands in contrast to Bill Waite, a founder of The Risk Advisory Group, also writing in the FCPA Blog, went further and termed the guidance “questionable”.  Jim McGrath, writing in his Internal Investigations Blog, says that companies subject to the Bribery Act had better “put on a (crash) helmet” for it may well be a bumpy ride. Even the Wall Street Journal got into the act, with an article entitled, “Britain Backpedals on Bribery Act.”

However all of these pundits pale next to the skewering given the Guidance by our colleague Howard Sklar, who is working through the Case Studies on his OpenAir Blog. They make for great reading by the way, so head on over to the Open Air Blog with a tall “cool one” and watch him skewer the Case Studies and then enjoy “Bar-Be-Que Case Studies ala Howard”. You should note that Howard has promised that “I’m going to write my own version of the Guidance. The guidance as it should have been written.” That, my friends will be well worth the wait.

However we do not feel that the Guidance deserves quite so harsh a judgment and indeed welcome the Guidance. The reason is that we welcome any interpretation of new legislative from one of the world’s strongest anti-bribery and anti-corruption regimes; as it puts into the hands of compliance professionals information on current best practices of an anti-bribery and anti-corruption program. We believe that the Guidance fulfills that mission. In this posting we will set out the Six Principles and in subsequent postings we will discuss each Principle in detail.

The Guidance provides valuable information on not only what the UK Ministry of Justice considers a best practices program but it is also a benchmark by which any US compliance practitioner can use to assess their company compliance program. Further they are not, as Lanny Breuer has suggested, “formulaic” but are intended to be “flexible and outcome focused.” With this in mind, we set out the Six Principles listed in the Guidance.

I. Proportionate Procedures-A company’s procedures to prevent bribery by persons associated with it should be proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organization’s activities. They are also clear, practical, accessible, effectively implemented and enforced.

II. Top-Level Commitment-the top-level management of a company, be it a board of directors, the owners or any other equivalent body or person must be committed to preventing bribery by persons associated with it. They foster a culture within the organization in which bribery is never acceptable.

III. Risk Assessment– a company should assess the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.

IV. Due Diligence-a company should apply due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organization, in order to mitigate identified bribery risks.

V. Communication (including training)-a company should seek to ensure that its anti-bribery and anti-corruption policies and procedures are embedded and understood throughout the organization through internal and external communication, including training, that is proportionate to the risks it faces.

VI. Monitoring and Review-a company should monitor and review its procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.

So there you have it. Is it useless, good only for a bar-be-que or make you want to put on a crash helmet? I hope not but even if it does, please stay tuned for out next couple of segments on the Guidance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011