Maurice Gilbert, CCI and Ten Questions A Board Should Consider About Compliance

For those of you in the compliance world who do not know Maurice Gilbert, you should. I could probably write an entire post on the number of hats that he wears. For the Chief Compliance Officer (CCO) or compliance practitioner, two of the most significant are as Managing Director at Consileum Inc., which I consider to be one of the premier compliance related search firms in America and as Founder and Managing Editor of Corporate Compliance Insights, known as CCI in the compliance world (full disclosure – I blog and write for CCI). If you are looking for some of the country’s top compliance talent for a corporate compliance position Maurice should be about the first person you call when even thinking about such a task. He can help you to define the scope of the position and then craft the position to attract some great talent for you to consider. Of course, you should always know one of the country’s top compliance talent recruiters because you never know when the right opportunity might be presented by a client to Maurice and you could perfectly fill the bill.

However it is his other hat that I want to highlight today. As Founder and Managing Editor of one of the top online compliance resources, Maurice leads a team that continually generates and posts some of the most insightful and useful pieces of information around the entire panoply of issues related to compliance. From my world of anti-corruption compliance, to trade-compliance, corporate boards and governance, auditing and much more, CCI is a resource you should have on your favorites toolbar. It was through Maurice and CCI that I was introduced to the writings and assorted wisdom of Jim DeLoach, who is one of my favorite contributors to read on CCI.

DeLoach is a Managing Director with global consulting firm Protiviti. He regularly writes and blogs on issues relating to Enterprise Risk Management (ERM). He put out such great material and a plethora of it that Maurice persuaded him to put it together for us in an eBook, entitled “Making Risk Management Work for You”. In the section entitled “10 Questions You Should Ask About Risk Management”, DeLoach lists 10 questions he says that a board and senior management should think about when considering ERM. I have used this section as a basis to reformulate the questions from a compliance perspective.

• What are the company’s top compliance risks, how severe is their impact and how likely are they to occur? – Just as managing enterprise risk at a strategic level requires focus, the same is true for compliance. This requires you limiting your top risks to a handful so they can accurately be assessed and managed. DeLoach suggests that you should be emphasizing no more than five to 10 risks. Furthermore, “Day-to-day risks are an ongoing operating responsibility.”
• How often does the company refresh its assessment of the top [compliance] risks? – As the Department of Justice (DOJ) continually reminds us, your compliance risk assessment process should be responsive to change in the business environment. It is now mandatory that teams have in place “a robust process for identifying and prioritizing the critical [compliance] risks, including emerging [compliance] risks, is vital to an evergreen view of the top risks.”
• Who owns the top compliance risks and is accountable for results, and to whom do they report? – While this might seem self-evident in any best practices compliance program it is not always opaque within an organization. Clearly your CCO should own the top compliance risks and manage them but there should also be proper board oversight and reporting. DeLoach warns, “Gaps and overlaps in risk ownership should be minimized, if not eliminated.”
• How effective is the company in managing its top [compliance] risks? – Just how effective is your compliance regime is a key question that any CCO or compliance practitioner needs to be thinking about on a regular basis. However, for the board and senior management level, there should be “a robust process for managing and monitoring each of the critical [compliance] risks.” Moreover, your “risk management capabilities must be improved continuously as the speed and complexity of business change.”
• Are there any organizational “blind spots” around [compliance] warranting attention? – Some practitioners believe that the entire Foreign Corrupt Practices Act (FCPA) enforcement regime is a failure because companies are still engaging in bribery and corruption. But the simple fact is that since corporations are made up with people there will always likely be wrongdoers. DeLoach notes that “Cultural issues and dysfunctional behavior can undermine the effectiveness of [compliance] risk management and lead to inappropriate risk taking or the undermining of established policies and processes.” He cites several examples including “lack of transparency, conflicts of interest, a shoot-the-messenger environment and/or unbalanced compensation structures may encourage undesirable behavior and compromise the effectiveness of risk management.”
• Does the company understand the key assumptions underlying its [compliance] strategy and align its competitive intelligence process to monitor external factors for changes that could alter those assumptions? – You might not think it could happen in a compliance regime but if a company fails to recognize that its business paradigm is changing, it could be too late to affect an appropriate compliance strategy for a new product line/service offering or breaking into a new geographic territory. Here DeLoach believes that while “no one knows for sure what will happen that could invalidate the company’s strategic assumptions in the future, monitoring the validity of key assumptions over time as the business environment changes is a smart thing to do.”
• Does the company articulate its risk appetite and define risk tolerances for use in managing the business? – This is one area that always bears discussion. For some companies there is enough business in the middle of the road that they feel like they do not have to go up to the line of a FCPA violation to garner sales, while other companies have done deals that may have been lawful but, at the end of the day, had awful consequences for the business. Just because you can do something does not mean you should do it and a large part of such a calculus is round your risk appetite dialogue. DeLoach believes such ongoing conversations can assist to “bring balance to the conversation around which risks the enterprise should take, which risks it should avoid and the parameters within which it should operate going forward. The risk appetite statement is decomposed into risk tolerances to address the question, “How much variability are we willing to accept as we pursue a given business objective?” For example, separate risk toler­ances may be expressed differently for objec­tives relating to earnings variability, interest rate exposure, and the acquisition, develop­ment and retention of people.”
• Does the company’s [compliance] risk reporting provide management and the board information they need about the top risks and how they are managed? – Compliance reporting should begin with relevant information about the critical compliance risks and how those compliance risks are managed. DeLoach believes that some of the questions you should be asking under this prong are along the lines of the following: “Are there opportunities to enhance the [compliance] risk reporting process to make it more effective and efficient? Is there a process for moni­toring and reporting critical [compliance] risks and emerging [compliance] risks to executive management and the board?”
• Is the company prepared to respond to extreme [compliance] events? – DeLoach calls it an extreme event but I would ask, what will you do if your company is on the front page of the New York Times (NYT), Wall Street Journal (WSJ), Financial Times (FT) or any other similar media outlet for a compliance related violation or issue? Do you have a response plan in place? More so “Has it prioritized its high-impact, low-likeli­hood risks in terms of their reputational effect, velocity to impact and persistence of impact, as well as the enterprise’s response readiness?”
• Does the board have the requisite skill sets to provide effective [compliance] risk oversight? – This goes to the heart of frustrations from both the compliance function side and the board side of the equation. Does your board and senior management have specific FCPA or other relevant anti-corruption training and understand your business model well enough to provide input regarding critical compliance risk issues on a timely basis? From the board’s perspective they may feel the information they receive is asymmetrical and that they do not receive enough material information to render good decision-making. From the CCO or compliance practitioner’s perspective, they may feel that they cannot get enough time in front of the board, audit committee or senior management to properly educate them on the issues.

I have only scratched the surface of DeLoach’s thoughts on ERM. I urge you to go to the CCI site and download the entire work. Did I mention the best thing about CCI and DeLoach’s book? It is free on the CCI site. So after you download DeLoach’s book, stick on the site and noodle around to find something that interests you or could be of assistance in your compliance practice. Don’t forget to check out CCI’s job listing because Maurice has that other hat that he wears as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Interview with the Founder-Maurice Gilbert of Conselium and Corporate Compliance Insights

1.         Where did you grow up and what were your interests as a youngster?

I grew up in Detroit, Michigan, and my interests as a youth centered on playing competitive tennis. My dream was to make it on the Pro tour.  My other interest was listening to Motown music:  Marvin Gay, Supremes, Temptations, etc.

2.         Where did you go to college and what experiences there led to your current profession?

I went to Eastern Michigan University; I studied sociology and general business. I also played on the tennis team.  On summer breaks I taught tennis at camps and tennis clubs.  What eventually lead me to the executive search business were primarily two things: first, my knowledge of business, having spent 20 years in corporate America with the likes of GE, and second, my desire to coach and mentor professionals with their career. I remembered how gratifying it was teaching tennis and helping with a person’s development.  In short, I took my passion for coaching and applied it in the business setting I became familiar with.

3.         Can you explain the philosophy of Conselium and what do you believe makes it stand out from similar firms?

When our clients engage us they usually are already experiencing exposure to risk by not having the appropriate hire on board.   That means there’s a level of urgency about filling a position. For us, exceptional customer service means putting our client first and responding to that urgency.  We work weekends, holidays — whatever it takes to meet or exceed expectations.

Another unique factor that contributes to our success is that we have developed our brand by specializing in a very narrow niche: our focus is placing Compliance Officers and Legal Counsel in highly regulated environments. The narrower your focus, the more you set yourself up as subject matter experts. We have even developed our brand on a global footprint due to our specialization.  I recommend anyone interested in the subject of branding read “The 22 Immutable Laws of Branding” by Al Ries.

The third thing I think that makes our search firm unique is the development of Corporate Compliance Insights. Having this online publication has afforded us an opportunity to expand the network of the search business while developing relationships with Compliance and Legal professionals throughout the world. CCI gives compliance experts a place to come together every day to share ideas and opinions.  It keeps all of us on top of the issues that are important in this niche, and it gives Conselium access to the best and the brightest.

4.         What led you to start Corporate Compliance Insights and what do you hope to bring to the compliance community through this resource?

We decided to develop the publication because we met several GRC professionals like you with a wealth of information who needed a platform to share ideas and showcase their knowledge.  CCI has really exceeded our expectations, which for us reinforces that there was a void in this space.  As we look to the future, we see CCI as a leader in providing rich content for useful/practical solutions to fellow GRC practitioners, an aggregator of GRC events and an aggregator of GRC jobs.  We also have a vision of building a CCI community that facilitates greater interaction among our readers, because we sense there’s a desire in the compliance community to have regular, meaningful dialogue about issues and best practices.

5.         With your dual roles at Conselium and CCI, where do you see the compliance field going in 2013 and beyond?

The compliance field is still in the “toddler” stage, and there is still much to be done.  I am a real proponent of education; specifically the Compliance Officers have to educate management about the benefits of having a robust ethical & compliant (E & C) environment.  There is information available that having a robust E & C actually contributes to the bottom line.   Think about it: a solid program attracts employees, vendors, investors, customers, etc.  It’s just good for business.  We must do a better job at educating so that more compliance officers have a seat at the “C” suite.  Having a Compliance Officer report to the General Counsel or other management executive and not directly to the Board has the potential for significant conflicts of interest.

So what I am saying is there is significant opportunity to grow our profession provided we are vigilant in educating those around us.   Speaking of education, there are some universities that provide some undergrad courses on ethics/compliance.  We at CCI have developed a relationship with the HAAS School at UC Berkeley in helping their visibility with an Executive Ethics & Compliance Program.  It is the hope of the HAAS program to get sufficient interest to create a graduate program in Ethics & Compliance.   We do need a feeder system from our universities much the way we have law schools and other graduate programs that provide young professionals with the basics before entering the workforce.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

CCI: Background and Criminal Allegations-Part I

The US anti-bribery/anti-corruption and compliance world has literally been “a-twitter” over the filing of a brief which puts squarely before a federal district court the questions of just what is an “instrumentality” of a foreign government and who is a foreign government official under the Foreign Corrupt Practices Act (FCPA).

The individual defendants were all former employees of the California valve-maker Control Components Inc., (CCI), of Rancho Santa Margarita, California. While the case has been ongoing for over two years, we thought that it might be a propitious time to review the background facts of the case and the allegations against the individual defendants. Today we will discuss the background facts and the plea of the company. In tomorrow’s post, we will discuss the criminal allegations, separate and apart from the FCPA allegations against the individual defendants.

I. The Underlying Facts

CCI designs and manufactures service control valves for use in the nuclear, oil and gas, and power generation industries. It is owned by British-based IMI plc., which trades on the London Stock Exchange under the symbol IMI.L. In July 2009, CCI pled guilty to violating the anti-bribery provisions of the FCPA and the Travel Act. It admitted bribing foreign officials in a decade-long scheme to secure contracts in about 36 countries. CCI’s plea agreement requires it to pay a criminal fine of $18.2 million, implement an anti-bribery compliance program, retain a compliance monitor for three years, serve a three-year term of organizational probation and cooperate with the Department of Justice’s (DOJ) ongoing investigation.

As reported in the FCPA Blog, CCI admitted that from 2003 through 2007, they  made about 236 corrupt payments to foreign officials in more than 30 countries amounting to $4.9 million. The corrupt payments were made to foreign officials at state-owned entities including Jiangsu Nuclear Power Corp., Guohua Electric Power, China Petroleum Materials and Equipment Corp., PetroChina, Dongfang Electric Corporation (China), China National Offshore Oil Corporation, Korea Hydro and Nuclear Power, Petronas (Malaysia) and National Petroleum Construction Company (United Arab Emirates). The bribes resulted in sales that produced net profits of about $46.5 million.

II. Charges Against the Individual Defendants

a.     Settling Defendants

In addition to CCI’s guilty plea, two former executives pleaded guilty in 2009 to conspiring to bribe officers and employees of foreign state-owned companies on behalf of the valve company. Mario Covino, CCI’s former director of worldwide factory sales, pled guilty on January 8, 2009 to one count of conspiracy to violate the FCPA and admitted to causing the payment of $1 million in bribes to officers and employees of several foreign state-owned companies.

Richard Morlok, CCI’s former finance director, pled guilty on February 3, 2009 to one count of conspiracy to violate the FCPA and admitted to causing the payment of $628,000 in bribes to officers and employees of several foreign state-owned companies. Morlok said in his plea agreement that CCI earned about $3.5 million in profits from contracts obtained through the bribes. Illegal payments, he said, went to employees at China National Offshore Oil Company, PetroChina, Jiangsu Nuclear Power Corporation (China), KHNP (Korea), Rovinari Power (Romania) and Safco (Saudi Arabia), among others. Morlok also admitted that during a 2004 audit he provided false and misleading information about CCI’s commission payments to agents.

b. Non-Settling Defendants

On April 8, 2009, six former CCI executives were charged in a 16-count indictment with violating the FCPA and the Travel Act. They are: Stuart Carson, CCI’s former chief executive officer, Hong (Rose) Carson, CCI’s former director of sales for China and Taiwan, Paul Cosgrove, CCI’s former director of worldwide sales, David Edmonds, CCI’s former vice president of worldwide customer service, Flavio Ricotti, CCI’s former vice-president and head of sales for Europe, Africa and the Middle East, and Han Yong Kim, the former president of CCI’s Korean office. As reported by the FCPA Blog the charges against the individual defendants are as follows:

• Stuart Carson – charged with one count of conspiracy to violate the FCPA and the Travel Act, and two counts of violating the FCPA;
• Hong (Rose) Carson – charged with one count of conspiracy to violate the FCPA and the Travel Act, five counts of violating the FCPA and one count of destruction of records in connection with a matter within the jurisdiction of a department or agency of the United States;
• Paul Cosgrove – charged with one count of conspiracy to violate the FCPA and the Travel Act, six counts of violating the FCPA and one count of violating the Travel Act;
• David Edmonds – charged with one count of conspiracy to violate the FCPA and the Travel Act, three counts of violating the FCPA and two counts of violating the Travel Act;
• Flavio Ricotti – charged with one count of conspiracy to violate the FCPA and the Travel Act, one count of violating the FCPA and three counts of violating the Travel Act; and
• Han Yong Kim – charged with one count of conspiracy to violate the FCPA and the Travel Act, and two counts of violating the FCPA.

As reported by the FCPA Professor, defendant Ricotti was arrested on February 14, 2010, in Frankfurt, Germany and was extradited to the US in connection with his alleged participation in a conspiracy to secure contracts by paying bribes to officials of foreign state-owned companies as well as officers and employees of foreign and domestic private companies. He arrived in the United States on July 2, 2010.

In tomorrow’s post we will review the criminal allegations brought against the defendant for violations of the Travel Act and the federal obstruction of justice charge against defendant Hong Carson.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

 

 

 

 

Robert Kennedy, the Travel Act and the FCPA

Robert Kennedy, the Travel Act and the FCPA

What does Robert Kennedy have to do with the Foreign Corrupt Practices and how has a nearly 50 year old statute aimed at US based organized crime now impacted the FCPA? It turns out quite a bit and perhaps it will be quite a bit more in significantly widening the scope of the FCPA.

Robert Kennedy’s contribution is that while Attorney General, he urged Congress to enact the Travel Act in 1961 which was passed as part of the same series of bills as the Wire Act and was a part of his program to combat organized crime and racketeering. The Travel Act is aimed at prohibiting interstate travel or use of an interstate facility in aid of a racketeering or an unlawful business enterprise. It prohibits the use of communications and travel facilities to commit state or federal crimes, but until now was mostly known for its use in prosecutions for domestic crimes. Its impact to the FCPA is that the Travel Act applies to foreign as well as interstate commerce; it can be also used to prosecute those US companies and individuals which engage in bribery and corruption of foreign officials AND commercial bribery and corruption of private foreign citizens.

The Travel Act elements are: (1) use of a facility of foreign or interstate commerce (such as email, telephone, courier, personal travel); (2) with intent to promote, manage, establish, carry on, or distribute the proceeds of: (3) an activity that is a violation of state or federal bribery, extortion or arson laws, or a violation of the federal gambling, narcotics, money-laundering or RICO statutes. This means that, if in promoting or negotiating a private business deal in a foreign country, a sales agent in the United States or abroad offers and pays some substantial amount to his private foreign counterpart to influence his acceptance of the transaction, and such activity may a violation of the state law where the agent is doing business, the Justice Department may conclude that a violation of the Travel Act has occurred. For instance, in the state of Texas there is no minimum limit under its Commercial Bribery statute (Section 32.43, TX. Penal Code), which bans simply the agreement to confer a benefit which would influence the conduct of the individual in question to make a decision in favor of the party conferring the benefit. As noted below, the state of California bans payment of more than $1,000 between private parties for the purposes of influencing a business decision.

The Travel Act was most recently used when four executives of Control Components, Inc. (“CCI”) were indicted on April 8, 2009 for alleged violations of the FCPA’s anti-bribery provision and the Travel Act. According to the indictment, the defendants conspired to make hundreds of corrupt payments with the purpose of influencing the recipients to award contracts to CCI or skew technical specifications of competitive tenders in CCI’s favor. The Travel Act came into play as the DOJ alleged the CCI employees violated or conspired to violate California’s anti-bribery law (California Penal Code section 641.3), which bans corrupt payments anywhere of more than $1,000 between any two persons, including private commercial parties. In the indictments, the Travel Act charges relied on alleged violations of California’s anti-corruption law.

On July 31, 2009, CCI itself pleaded guilty to substantive FCPA anti-bribery charges and to conspiring to violate both the FCPA and the Travel Act. CCI admitted that, between 2003 and 2007, its employees made more than 150 corrupt payments, totaling approximately $4.9 million, to officials of state-owned enterprises in China, Korea, Malaysia, and the United Arab Emirates, and paid $1.95 million in bribes to officers and employees of foreign and domestic private companies in violation of the Travel Act. CCI agreed to pay a criminal fine of $18.2 million and to retain an independent compliance monitor for three years.

In July 31, 2009 Press Release announcing CCI’s guilty plea, the DOJ referenced the Company’s private overseas bribery. It said:

According to the information and plea agreement, from 1998 through 2007, CCI violated the FCPA and the Travel Act by making corrupt payments to numerous officers and employees of state-owned and privately-owned customers around the world, including in China, Korea, Malaysia and the United Arab Emirates, for the purpose of obtaining or retaining business for CCI. Specifically, from 2003 through 2007, CCI paid approximately $4.9 million in bribes, in violation of the FCPA, to officials of various foreign state-owned companies and approximately $1.95 million in bribes, in violation of the Travel Act, to officers and employees of foreign and domestic privately-owned companies. [DOJ Press Release: http://www.justice.gov/criminal/pr/press_releases/2009/07/07-31-09control-guilty.pdf

The CCI matter was not the first case to use the Travel Act in conjunction with the FCPA. As reported in the FCPABlog, is the mater of U.S. v. David H. Mead and Frerik Pluimers, (Cr. 98-240-01) D.N.J., Trenton Div. 1998. In this case defendant Mead was convicted following a jury trial of conspiracy to violate the FCPA and the Travel Act (incorporating New Jersey’s commercial bribery statute) and two counts each of substantive violations of the FCPA and the Travel Act. In its 2008 article entitled, “The Foreign Corrupt Practices Act: Walking the Fine Line of Compliance in China” the law firm of Jones, Day reported the case of United States v. Young & Rubicam, Inc., 741 F.Supp. 334 (D.Conn. 1990), where a Company and individual defendants pled guilty to FCPA and Travel Act violations and paid a $500,000 fine. In addition to the Mead and Young and Rubicam cases, the DOJ’s website on “A Lay Person’s Guide to the FCPA, specifically states that “other statutes such as the mail and wire fraud statutes, 18 U.S.C. § 1341, 1343, and the Travel Act, 18 U.S.C. § 1952, which provides for federal prosecution of violations of state commercial bribery statutes, may also apply…” to US companies doing business overseas. See: http://www.justice.gov/criminal/fraud/docs/dojdocb.html

What does this mean for US companies doing business overseas? The FCPA Professor and others have written extensively on the broadening of the definitions of who is a ‘foreign official’ and what is a ‘state owned entity’ under the FCPA. However with the incorporation of the Travel Act into FCPA prosecutions, these broad definitions may be completely blurred away if all foreign private citizens can be brought in under the FCPA by application of the Travel Act. US companies doing business overseas, which have a distinction in their FCPA compliance policies between gifts for and travel and entertainment of employees of private companies, and employees of state owned entities or foreign officials should immediately rethink this distinction in approach. The new decade is upon us the Kennedy-era statute of the Travel Act may become as relevant in overseas law enforcement in the 20-teens as it was in the domestic arena for the past 50 years.

——————–
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.

© Thomas R. Fox, 2010