FCPA Compliance and Ethics Blog

June 25, 2015

Custer’s Last Stand and Risk Management

Custer's Last StandOn this day in 1876 one of the greatest failures in risk management took place when Lieutenant Colonel George Armstrong Custer and his entire 7th Cavalry were wiped out at the Battle of the Little Big Horn. Custer had split his command into three wings and he took his battalion of 200 or so men down the center of what he thought would be little resistance. Instead he found that he was facing a far superior force of 3000 largely Sioux warriors who quickly overwhelmed and defeated Custer’s command, with all US troops being killed. There is now some debate on whether all the cavalrymen were actually killed by the Native Americans or took their own lives, saving the last bullet for themselves, in western parlance.

Historians have debated over time the reason for Custer’s defeat. Was it arrogance; bad intelligence; faulty command, just plain stupidity or even a wish for martyrdom by Custer? Whichever the cause, it was the worse defeat of the US Army by Native Americans in the Western campaigns of the later 1800s. Today, it might be termed as a faulty assessment and management of the risks involved.

I thought about Custer and his defeat when I read a recent article in the Harvard Business Review (HBR), entitled “Strategy How to Live With Risks. It presented risk, risk assessments and risk management in a new light, a key acumen being that risk management should be used as a “protection shield, not an action stopper.” It was based upon a research paper by the CEB, entitled “Reducing Risk Management’s Organizational Drag”, which I thought it had some interesting insights for the Chief Compliance Officer (CCO) or compliance practitioner.

The first insight is that, in many instances, companies are assessing risks that are in the rear-view mirror. The author pointed to the Sarbanes-Oxley (SOX) Act, passed in response to the Enron and Worldcom accounting scandals in noting, “In the wake of the 2008 financial crisis many large banks changed their business models, and other companies implemented systems to better manage credit risks or eliminate overreliance on mathematical models.” This type of mentality can lead to what the author says, is “a variation on what military historians call “fighting the last war.” As memories of the recession fade, leaders worry that risk management policies are impeding growth and profits without much gain.” The author went on to quote Matt Shinkman of CEB, a member based advisory company, for the following insight “Firms are questioning whether the models they put in place after the financial crisis are working—and more fundamentally questioning the role of risk management in their organizations.”

This retrospective look back is coupled with what the author says is a decision making process which “is too slow, in part because of an excessive focus on preventing risk” and not managing risk; in other words, companies were slowed down even further by something termed “organizational drag”. Companies need to find new mechanisms to assess and manage risk going forward. The best way to do so, many companies have indicated, is through reorganizing or reprioritizing risk management and the article presented “three best practices” in doing so.

Strike the Right Balance Between Risk and Reward

Recognizing that risk management is often simply ‘just saying no’, the HBR articcle suggests that “Today’s risk managers see their role as helping firms determine and clarify their appetite for risk and communicate it across the company to guide decision making. In some cases this means helping line managers reduce their risk aversion.” The interesting insight I found here is that if an asset is low performing it may be because the management is so risk averse. This may present a CCO or compliance practitioner with an opportunity to increase growth through other risk management solutions that they could implement.

Focus on decisions, not process

This insight is one that CCO and compliance practitioners should think about and try and implement. Recognizing that risk assessments are important, the author believes that risk managers should focus more on decisions concerning risk rather than the process of determining risk. This means, “In addition to relying on paperwork or process, risk managers are turning to tools (such as dashboards that show risks in real time) and training that help employees assess risk. They are also helping companies factor a better understanding of risk into their decision making.”

By having a seat at the senior management’s table, a CCO or compliance practitioner can help identify risk issues early on in planning. This allows a COO to help craft a risk management solution, or even better yet show colleagues how to “spot potential problems and managers see how their projects fit into the company’s overall portfolio of projects, each with its own set of risks.” The author again quoted Shinkman, “This is less about listing risks from a backward-looking perspective and more about picking the right portfolio of risky projects.”

Make employees the first line of defense

The author channels his inner Howard Sklar (water is wet) by stating, “Decisions don’t make themselves, people make them”. However from that insight, the author believes that “smart companies work to improve employees ability to incorporate appropriate levels of risk when making choices.” But this means you must not only adequately train your employees to spot the appropriate risk but you, as CCO must provide them with tools to manage the risk. The author wrote, “Companies are also trying to identify which types of jobs or departments face a disproportionate share of high-risk decisions so that they can aim their training at the right people. They’re focusing that training less on risk awareness and more on simulations or scenarios that let employees practice decision making in risky situations. Finally, risk managers are becoming more involved in employee exit interviews, because people leaving an organization often identify risks that others aren’t able or willing to discuss.”

The article ends by noting that the goal is “to transform risk management from a peripheral function to one with a voice integrated into the day-to-day management” of an organization. That is also viewed as a component of CCO 2.0 and a more mature model of improvement. By focusing on training employees on how to spot Foreign Corrupt Practices Act (FCPA) compliance risks and then providing them with the tools to adequately manage that risk, CCOs can deliver greater value.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 24, 2015

Pink Flamingos and the Compliance Audit

FeatherstoneThe creator of one of the most ubiquitous symbols of mid-century Americana died earlier this week. Don Featherstone, the creator of the pink plastic lawn flamingo, the ultimate symbol of American lawn kitsch, has died. He was 79. Featherstone, a trained sculptor with a classical art background, created the flamingo in 1957 for plastics company Union Products, modeling it after a bird he saw in National Geographic. Millions of the birds have been sold. Whether you think of the Pink Flamingo as a symbol of Miami Vice, Jon Waters and Devine or for something less salacious, here is to Featherstone, a true original.

While Featherstone created one of the ultimate symbols of the second half of the 20th century for a generation of South Floridians, the Japanese company Takata Corporation (Takata) continues to be in the news for much less prestigious reasons. As reported in the New York Times (NYT), in an article entitled “Senate Panel Says Tanaka Cut Audits on Safety”, Hiroko Tabuchi and Danielle Ivory said “In the middle of what would become the largest automotive recall in US history, the Japanese airbag manufacturer Takata halted global safety audits to save money”. Interesting (or perhaps ominously might be a better word) Takata responded by saying it had not halted safety audits for products but rather for worker safety. Doesn’t that give you some comfort?

A US Senate committee report found that “Takata halted global safety audits at its manufacturing plants in 2009, a year after Honda had started recalling a small number of cars to replace the airbags.” These audits were later restarted in 2011 but when they found safety issues related to airbag manufacturing in two key plants, “those findings were not shared with Takata’s headquarters in Tokyo, the report said, citing internal emails from Takata’s safety director at the time.” Moreover, “when the safety director returned to the plant months later to conduct a follow-up audit, employees appeared to scramble to create the appearance of a safety committee within the plant.” Finally, and perhaps most damningly, the report cited an internal Takata email which said, “No safety committee, as such, has been formed” at the plants in question.

Foreign Corrupt Practices Act (FCPA) compliance in many ways follows some of the paths laid out by corporate safety departments some 20-30 years ago when safety became much more high profile in US corporations. The safety committee and safety audits became mainstays of any best practices in the area of safety for a company. These techniques inform any anti-corruption best practices compliance program, either under the FCPA, UK Bribery Act or any other anti-corruption regime. Indeed audits are specifically delineated in the FCPA Guidance as a way to assist in the continuous monitoring of your compliance regime. Such an audit can be thought of as a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which the compliance criteria are fulfilled. There are three factors which are critical and unfortunately with Takata seemed to be lacking in its safety audit protocol: (1) an effective audit program which specifies all necessary activities for the audit; (2) having competent auditors in place; and (3) an organization that is committed to being audited.

Auditing can take several different forms in an anti-compliance program. As a matter of course, you should audit the compliance program in your own organization. A forensic audit can collect and analyze accounting and internal-controls evidence in your compliance regime. This information can be used to produce a fact-based report that can inform the decision-making process in inquiries, investigations and dispute resolution. The by-products of a forensic audit can include remediation strategies to help a company mitigate and remedy procedural or internal-controls gaps that allowed the underlying issue to occur. Further, an internal audit can review a compliance process to determine if employees are following prescribed processes or internal controls, in an operational Sarbanes-Oxley (SOX) or FCPA compliance audit.

In addition to the collection and analysis of evidence, an auditor’s objective is to attest to the credibility of assertions that are under examination, such as the material accuracy of financial statements for which the audited company’s management is responsible. Obviously one of the functions of such an audit is to determine if further investigation is warranted.

Now imagine if this scenario had been followed by Takata. The lack of a safety committee is a glaring omission at any manufacturing facility. Simply noting this and reporting it up the chain could have gone some way towards preventing the situation the company now finds itself in; with a worldwide recall of up to 32 million vehicles. The same is true for a compliance audit. Just as monitoring can provide information to you on a more real-time basis; a compliance audit compliments this real-time oversight with a much deeper dive into what has happened on a historical basis.

The recent BHP Billiton FCPA enforcement action is certainly one to look at in this context. Although there was a committee set up to review gifts and travel requests for the company’s 2008 Olympic hospitality program, the committee did not fulfill this charge. It was alleged in the Securities and Exchange Committee (SEC) settlement documents that this committee was never intended to pass muster on the applications for tickets and travel for government officials but was simply there to provide guidance.

Once again this situation points out the difference between having a paper compliance program in place and the actual doing of compliance. Even with an appropriate oversight structure in place BHP Billiton did not do the work of compliance by evaluating the applications for travel and tickets to the Beijing Olympics but left it to the devices of the business unit employees who were making the requests and ultimately most directly benefited from the gifting.

Another area ripe for audit in your compliance program is your third parties. While there is no one specific list of transactions or other items which should be audited when it comes to your third parties below are some of the areas you may wish to consider reviewing:

  • Contracts with supply chain vendors to confirm that the appropriate FCPA compliance terms and conditions are in place.
  • Determine that actual due diligence took place on the third party vendor.
  • Review the FCPA compliance training program for any vendor; both the substance of the program and attendance records.
  • Does the third party vendor have a hotline or any other reporting mechanism for allegations of compliance violations? If so how are such reports maintained? Review any reports of compliance violations or issues that arose through anonymous, hotline or any other reporting mechanism.
  • Does the third party vendor have written employee discipline procedures? If so have any employees been disciplined for any compliance violations? If yes review all relevant files relating to any such violations to determine the process used and the outcome reached.
  • Review expense reports for employees in high risk positions or high risk countries.
  • Testing for gifts, travel and entertainment which were provided to, or for, foreign governmental officials.
  • Review the overall structure of the third party vendor’s compliance program. If the company has a designated compliance officer to whom, and how, does that compliance officer report? How is the third party vendor’s compliance program designed to identify risks and what has been the result of any so identified?
  • Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the third party vendor.
  • With regard to any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and apply analytical procedures and testing.

The compliance function still is behind the safety function in terms of maturity. Because of this there are many lessons which a Chief Compliance Officer (CCO) or compliance practitioner can draw upon from our colleagues in safety. The safety audit is certainly a technique that can be drafted into your compliance program. But as the ongoing Takata air bag debacle demonstrates, your audit only works if you actually perform it. In other words, the protocol is simple, everyone understands you need to audit, but try and cut costs or corners and you will pay for it in the long run.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 22, 2015

George Carlin and Erga Omnes: the Petrobras Bribery Scandal Expands

George CarlinOn this date in 2008 George Carlin died. If you grew up in the late 1960s or early 1970s and you had anti-parental or anti-establishment inklings, which of course all teenagers do, you knew about George Carlin. In the early 1960s, Carlin was a relatively clean-cut, conventional comic. But around 1970, he reinvented himself as an eccentric, biting social critic and commentator. In this new incarnation, Carlin began appealing to a younger, hipper audience. He grew out his hair and added a beard together with a wardrobe in the stereotypically hippie style.

Carlin’s comedy also became counter-culture, not Cheech and Chong, hippy-dippy dopers, but with pointed jokes about religion, politics yet with frequent references to drugs. His second album with his new routine, FM/AM, won a Grammy Award for Best Comedy Recording. My favorite cut was the 11 O’Clock News. But it was his third album Class Clown that had, what I believe, to be the greatest comedy monologue ever, the profanity-laced routine “Seven Words You Can Never Say on Television.” When it was first broadcast on New York radio, a complaint led the Federal Communications Commission (FCC) to ban the broadcast as “indecent.” The US Supreme Court later upheld the order, which remains in effect today. The routine made Carlin a hero to his fans and got him in trouble with radio brass as well as with law enforcement; he was even arrested several times, once during an appearance in Milwaukee, for violating obscenity laws.

Interestingly I thought about Carlin and his pokings of the Establishment (AKA The Man) when I read several articles over the weekend about the recent spate of arrests around the Petrobras bribery and corruption scandal. In article in the Wall Street Journal (WSJ), entitled “Brazil Probe Sweeps Up Corporate Magnates” Will Connors, Rogerio Jelmayer and Paul Kiernan reported that “Brazilian officials arrested the heads of two Latin American construction giants, alleging they helped to mastermind a cartel that stole billions of dollars from state-run oil company Petrobras with the help of corrupt politicians to whom they paid kickbacks.” Also arrested with the heads of the two companies, Marcelo Odebrecht, head of Odebrecht SA and Chief Executive Officer (CEO) of Andrade Gutierrez, Otávio Azevedo.

The WSJ article reported that “Odebrecht is Latin America’s largest construction conglomerate, with business in the U.S., Europe and Africa, and whose head, Marcelo Odebrecht, is a household name in Brazil. Andrade Gutierrez has business in 40 countries. The privately owned companies are deeply involved in the development of stadiums and infrastructure for the 2016 Summer Olympics in Rio de Janeiro.” Moreover, Odebrecht is reported to have “a presence in 21 countries”. Obviously a question is if the company had engaged in bribery and corruption in Brazil, did they do so in any of the other countries in which they are doing business?

Interestingly, these arrests “come months after the heads of other construction companies were detained by Brazilian authorities.” Indeed in a BBC article in , entitled “Petrobras scandal: Top construction bosses arrested in Brazil”, David Gallas said, “Odebrecht had been named by former Petrobras executives as one of the companies that allegedly paid bribes in exchange for contracts with the oil firm, but until now the firm had not been targeted by investigators.” The WSJ article quoted Brazilian prosecutor Carlos Fernando dos Santos Lima who said at a news conference that the executives from the two companies had not been arrested earlier as the entities, “had a more sophisticated system for making the alleged bribe payments, using foreign bank accounts in Switzerland, Monaco and Panama, so it took longer to prove their case.” David Fleischer, a Brasilia based political analyst, quoted in the WSJ article was even more circumspect. He said, “The prosecutors are very careful. If you’re going after big fish you want to make sure you can take them down.”

Brazilian police said the arrests were “Erga omnes” which the WSJ translated from Latin as “towards all”. I thought about that statement in light of the ongoing debate about enforcement of the Foreign Corrupt Practices Act (FCPA) here in the US. On one side is the Chamber of Commerce and their allies who raise the ever-burgeoning cry that the Department of Justice (DOJ) needs to prosecute the invidious ‘Rogue employees’ who violate the FCPA. You will notice they never want the DOJ to look at the executives who might facilitate payment of bribes in the first place; whether through faux commitment to doing business in compliance, failing to properly allocate resources to compliance and ethics, simply rewarding those employees who git ‘er done no matter what the circumstances or (my favorite) putting a paper program in place and calling it a best practices compliance program.

Indeed those progenitors of relaxed enforcement want the DOJ to back off and let them do business the old fashioned way. However, if the bribery and corruption news from the first half of this year has told the world anything, it is about the dire effects of allowing such illegal conduct to take place and warning against slacking off laws which mandate doing business without bribery and corruption. In another WSJ article, entitled “Roots of a Brazilian Scandal That Weighs Heavily on the Nation’s Economy, Politics”, Marla Dickerson noted, “The scandal has crippled Petrobras, Brazil’s largest and most important company. In late April, the company wrote off more than $16 billion related to losses from graft and overvalued assets. The company’s woes have all but paralyzed the nation’s oil and gas sector. Hurt by slumping oil prices and strapped for cash, Petrobras has slashed investments, sparking a wave of credit downgrades, bankruptcies and layoffs among its suppliers that the weighed on Brazil’s economy.”

I wonder what George Carlin might have thought about all of this. He might have said that what else would you expect but I am relatively certain he would have done so while also sticking his thumb in the eye of The Man. 

For a YouTube version of the 11 O’Clock News, click here.

For a YouTube version of the 7 words you can never say on television, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

June 19, 2015

Tribute to John David Crow and an Innovation Strategy for Your Compliance Program

John David CrowJohn David Crow died Wednesday. Until Johnny Football, he was the only football player from Texas A&M University to win the Heisman Trophy. He played under the legendary Paul ‘Bear’ Bryant at A&M and for all of Bryant’s success, Crow was the his only player to win the award given annually to the nation’s best collegiate football player. Crow had a productive professional football career making the Pro-Bowl four times. He was also the Athletic Director at A&M from 1989 to 1993. So here’s to John David Crow, one of the Junction Boys and one of the greatest players in the history of Texas A&M. Finally, let me say something I almost never say, Gig ‘Em, John David.

I thought about John David Crow and his legacy of greatness when I read an article in the June issue of the Harvard Business Review (HBR), entitled “You Need an Innovation Strategy”, by Gary P. Pisano. While Pisano’s article dealt more generally with innovation in marketing, I found it highly relevant for the Chief Compliance Officer (CCO) or compliance practitioner, particularly in the context a Foreign Corrupt Practices Act (FCPA) compliance program. Earlier this week, the Department of Justice (DOJ) announced the resolution of a FCPA investigation involving IAP Worldwide Services, Inc. (IAP) via a Non-Prosecution Agreement (NPA). In the NPA, the company committed to implementing and enhancing a best practices FCPA compliance program. Listed at element 18 of its compliance program is the following: “The Company will conduct periodic reviews and testing of its anti-corruption compliance code, policies, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, policies, and procedures, taking into account relevant developments in the field and evolving international and industry standards.”[Emphasis supplied]

This means that the DOJ expects innovation in your compliance program to keep up with evolving international and industry standards. This requires you to implement an innovation strategy. While Pisano’s article does not specifically focus on compliance, I found that its concepts would help a CCO or compliance practitioner sustain the mandate for innovation in a compliance regime. Pisano’s article begins by stating the problem that many companies face is that “innovation remains a frustrating pursuit.” While acknowledging that failure to execute is an issue, Pisano believes the issue is deeper than simply a failure to execute, he believes there is a “lack of an innovation strategy.”

I found some of his basic definitions most useful for the compliance practitioner to think through innovation in the compliance function. Pisano wrote, “A strategy is nothing more than a commitment to a set of coherent, mutually reinforcing policies or behaviors aimed at achieving a specific competitive goal. Good strategies promote alignment among diverse groups within an organization, clarify objectives and priorities, and help focus efforts around them. Companies regularly define their overall business strategy (their scope and positioning) and specify how various functions – such as marketing, operations, finance, and R&D – will support it. But during my more than two decades studying and consulting for companies in a broad range of industries, I have found that firms rarely articulate strategies to align their innovation efforts with their business strategies.”

The key to success is something that every CCO or compliance practitioner should take to heart. Paraphrasing Pisano for the compliance practitioner is that the compliance function “should articulate an innovation strategy that stipulates how their [compliance] innovation efforts will support the overall business strategy.” Moreover, “creating an innovation strategy involves determining how innovation will create value for customers [of compliance, i.e. Employees], how the company will capture that [compliance] value, and which types of [compliance] innovation to pursue.”

Pisano posed several questions around this key area of connecting innovation to strategy. Initially he asked, “How will innovation create value for potential customers?” In my formula, customers become employees or others who will make use of your compliance innovation going forward. Here you should focus on the benefit for your end-using customer. Your innovation can make compliance faster, easier, quicker, more nimble and so on. But focus on that creation of value going forward. Pisano’s next question was “How will the company capture a shore of the value its innovations generate?” He suggests companies think through how to “keep their own position in the [compliance] ecosystem strong” through innovation. Pisano next asked, “What types of innovation will allow the company to create and capture value, and what resources should each type receive?” Here Pisano notes two major forms of innovation equally applicable to the CCO or compliance practitioner. They are a change in technology and a change in a business process. Both are equally valid.

Another problem that Pisano addresses is termed “overcoming prevailing winds” and this means that innovation can be driven downward or backward if there is not sufficient management support. This means not only must there be sufficient resource allocations but management must also incentivize the business units to proceed with implementing the innovations, particularly “when an organization needs to change its prevailing patterns.”

Another area Pisano addresses is “managing trade-offs” because it is inherent in any innovation strategy that there will be trade-offs. Here he terms the two key differences as “supply-push” and “demand-pull”. The supply-push approach comes when your innovation is focused on something that does not yet exist, for example if you are initially implementing a FCPA compliance regime. The demand-pull approach works more closely with your existing customer base to determine what they might need and work to implement innovation around those needs.

Interestingly Pisano ends his article with a discussion about “the leadership challenge”. I say interestingly because I would have thought that was required up front as it is the function of senior management to create the capacity for innovation in the first instance. Pisano writes, “There are four essential tasks in creating and implementing an innovation strategy.” Task 1 is to “answer the question “How are we expecting innovation to create value for customers and for our company?” and then explain that to the organization.” Task 2 “is to create a high-level plan for allocating resources to the different kinds of innovation.” Task 3 is “to manage trade-offs. Because every function will naturally want to serve its own interests, only senior leaders can make the choices that are best for the whole company.” Finally, task 4 dovetails with what almost every DOJ/SEC speaker I have ever heard say when they talk about the basics of any best practices compliance program. It is that “innovation strategies must evolve. Any strategy represents a hypothesis that is tested against the unfolding realities of markets, technologies, regulations, and competitors. Just as product designs must evolve to stay competitive, so too must innovation strategies. Like the process of innovation itself, an innovation strategy involves continual experimentation, learning, and adaptation.”

Pisano’s article provides the CCO or compliance practitioner with a framework to think through to help bring the innovation to a compliance program. I would have put leadership first, both in the compliance department and at senior management level. But however you go about it, you must recognize that your compliance program will have to evolve. That is one of the key differences between those who advocate static compliance standards embodied in a written compliance program and those who advocate that it is Doing Compliance that creates an active, vibrant and effect compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 18, 2015

The War of 1812 and the IAP Worldwide Services Non-Prosecution Agreement

Battle of New OrleansOn this day, 203 years ago, President James Madison signed a Declaration of War against Great Britain inaugurating the War of 1812. The cause of the war was multi-faceted; the formal reason given was the British impressment of American sailors and the economic blockade of Europe. But the real reason may have simply been the warmongers who had been agitating for war against Britain for several years as an excuse to attack (and hopefully take over) Canada. For those of you who did not study geography too closely, that latter hope was forlorn as Canadians twice repulsed American invasions during the war.

That does not mean the War of 1812 was ultimately unsuccessful for the ‘War Hawks’. America got two great songs out of the war. The first was our National Anthem, the Star Spangled Banner, which celebrated victory over the British at Baltimore. The second was the top hit single of 1959, The Battle of New Orleans, which celebrated Andrew Jackson’s defeat of the British in the Battle of New Orleans, which was fought after the signing of the peace treaty that ended the war. Also that peace treaty, which America and Great Britain signed has remained unbroken to this day.

I thought about this view of the results of the War of 1812 when I read the Foreign Corrupt Practices Act (FCPA) enforcement action involving IAP Worldwide Services, Inc. (“IAP” or “the company”) and its former Vice President (VP), James Rama. The company received a Non-Prosecution Agreement (NPA) as a result of the enforcement action but agreed to a fine of $7.1MM. Rama pled guilty to a single count of conspiracy to violate the FCPA and is awaiting sentencing but his sentence will be capped out at “five years of imprisonment, a fine of the greater of $250,000 or twice the gross gain or loss, full restitution, a special assessment, and three years of supervised release” according to his Plea Agreement.

What it is difficult to determine from the company NPA and Rama Plea Agreement is what conduct the company engaged in which led to the NPA because clearly both the company and Rama engaged in conduct that violated the FCPA. In its Press Release the Department of Justice (DOJ) said, “Based on a variety of factors, including but not limited to IAP’s cooperation, the Criminal Division entered into a non-prosecution agreement with the company.” In the NPA these factors were given some meat with the following boilerplate language, “(a) the Company has cooperated with the Offices, including conducting an extensive internal investigation, voluntarily making U.S. and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the Offices; (b) the Company has engaged in remediation, including disciplining the officers and employees responsible for the corrupt payments or terminating their employment, enhancing its due diligence protocol for third-party agents and consultants, and instituting heightened review of proposals and other transactional documents for relevant Company contracts; (c) the Company has committed to continue to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth in Attachment C to this Agreement; and (d) the Company has agreed to continue to cooperate with the Offices in any ongoing investigation of the conduct of the Company and its officers, directors, employees, agents, and consultants relating to possible violations under investigation by the Offices.”

Since I cannot determine from beyond the above description what the company did to achieve its NPA, I will use the same analysis that I did in ascertaining what we Americans got out of the War of 1812. For the NPA did go into detail about the bribery scheme used by the company and Rama, which were clearly violative of the FCPA. Rama was a VP of the company until he signed and became an independent contractor to the organization, through his consulting entity, Ramaco. Ramaco was created, in part, to hide the involvement of IAP in the bidding process with the Kuwaiti Ministry of the Interior to provide nationwide surveillance for the country.

The bid for this project had two phases. In Phase I, a consultant would assist the Kuwaiti government to select the final contractor who would implement the nationwide surveillance for the country in Phase II. By hiding its involvement through Ramaco, IAP could reap the benefits of winning both phases, which it did. However the illegals acts of IAP and Ramaco did not end with this subterfuge but were in fact just beginning.

The Phase I contract awarded to Ramaco was worth $4MM. IAP and Ramaco agreed to rebate one-half of the amount, through a Kuwaiti third party agent back to certain representatives of the Kuwaiti government as bribe payments. In addition to this 50% figure of the contract price, IAP and Ramaco understood that this Kuwaiti third party contractor would “inflate its invoices to IAP by charging IAP for the total amount of both the legitimate services that Kuwaiti Company was providing and the payments that Kuwaiti Company was funneling to Kuwaiti Consultant without listing or otherwise disclosing the payments that were funneled to Kuwaiti Consultant.” According to the NPA, these monies were specifically “provided as bribes to Kuwaiti government officials to assist IAP in obtaining and retaining the KSP Phase I contract and to obtain the Phase II contract.”

The NPA also specified meetings which were held in the company’s headquarters in Arlington VA and that monies to be paid as bribes were wired out of a company bank account in the US to Kuwait.

All of these facts would lead me to opine that this case was egregious. There was a US company, setting up a scheme to pay bribes through both a US person, who was a former employee, and a foreign third party agent. Meetings to facilitate the scheme were held in the US and monies to fund bribes were wired out of a US bank account. There was nothing reported in the NPA which indicated that the company self-disclosed this FCPA violation. While there were statements of cooperation and remediation going forward, there was nothing other than the standard boilerplate language generally seen in NPAs.

So while the NPA does provide the Chief Compliance Officer (CCO) or compliance practitioner a good set of facts to test against in their organization, that would appear to be about it. Other than, of course, it is always better to cooperate than not. So much like what we Americans got out of the War of 1812, not much substance can be ascertained from the company’s NPA and Rama’s Plea Agreement.

For a YouTube clip of Johnny Horton singing The Battle of New Orleans, on the Ed Sullivan Show, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 16, 2015

Like a Rolling Stone and Charitable Donations Under the FCPA

Like a Rolling StoneToday we celebrate one of the seminal achievements in rock and roll for it was on this day, 50 years ago, in 1965 that Bob Dylan recorded his single Like a Rolling Stone. Columbia Records executives initially rejected the song as too long to be released as a single because it came in at over 6 minutes in length. However, through a campaign of subterfuge, Dylan’s manager was able to have it played by New York City DJs. The popularity of the song became so great that the same Columbia Records executives were forced to release it and it went to Number 2 on the Top 40.

According to the site ThisDayInHistory.com, “The most important impact of “Like A Rolling Stone” was not commercial but creative. Rolling Stone magazine said Dylan “transformed popular song with the content and ambition of ‘Like a Rolling Stone.’” Or as Bruce Springsteen said of the first time he heard it, “[it] sounded like somebody’d kicked open the door to your mind.”” And my favorite part is the opening organ riffs played by a 21-year-old Al Kooper who was just sitting in on the session.

I thought about this odd convergence that came together to create what Rolling Stone magazine named as the greatest song of all time in 2004 in the context of the continuing fallout from the ongoing scandal involving the governing body of international soccer, the Fédération Internationale de Football Association (FIFA). In a BBC Online article, entitled “Fifa corruption: South Africa cash ‘worrisome”, Andrew Harding wrote “A key figure in South Africa’s football World Cup bid has broken ranks with the government to suggest there might be some truth to a claim that a $10m bribe was paid to secure the 2010 tournament.” That figure is Tokyo Sexwale who was “a member of both the World Cup bid team and local organising committee”. Sexwale has now questioned whether the $10MM payment made to Jack Warner of Trinidad was truly a donation.

Sexwale went on to ask, “”Where are the documents, where are the invoices, where are the budgets, where are the projects on the ground?””

I thought about those questions in the context of a Chief Compliance Officer (CCO) or compliance practitioner working under a Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance program around charitable donations. There has been a paucity of FCPA enforcement actions around charitable donations. Both the Schering-Plough Corporation and Eli Lilly and Company enforcement actions centered in Poland were Securities and Exchange Commission (SEC) civil enforcement actions based upon violations of the books and records and internal controls provisions to the FCPA. There was no evidence of bribes being paid which rose to criminal conduct.

Generally, it is assumed that if you do the required review of the charitable organization that is due to receive a corporate donation and in this due diligence, there is no tie to a government official or family member, the donation can be made under the FCPA. However consider Sexwale’s comments around the evidence of whether a bribe was paid to Warner or if it was simply because “part of the feeling at the time – it’s a good thing, this [$10MM of] altruism (towards the African diaspora in the Caribbean)”. Yet even Sexwale noted the problem when he added, “The question is going to be: “What was done to make sure that your good intentions – you as the giver – have been realised?””

His comments gave me pause to think that companies who make charitable donations in foreign countries may now have to monitor these donations at a greater level and with greater scrutiny. The starting point may now well be as stated by Sexwale, “What was done to make sure that your good intentions – you as the giver – have been realized?” If this is now a standard of enquiry and oversight the Department of Justice (DOJ) will require validation on how your company can have assurances that your good intentions are realized? Once again you can look to the basic questions that Sexwale posed in the BBC online article, Where are the documents, where are the invoices, where are the budgets, where are the projects on the ground?

There have been four Opinion Releases around charitable donations under the FPCA. Opinion Release 95-01 was a request from a US-based energy company that planned to donate $10MM for equipment and other costs to a medical complex that was under construction near a large construction project. Opinion Release 97-02 dealt with a request from a US-based utility company who planned to donate $100K for construction and other costs to a government entity that proposed to build an elementary school near a facility. Before releasing funds, the utility company required certain guarantees from the government regarding the project, including that the funds would be used exclusively for the school. Also, the donation was directly to the foreign government and not a charity. Opinion Release 06-01 dealt with money to fund a pilot project in which the US Company would contribute $25,000 to the in country Ministry of Finance to improve local enforcement of anti-counterfeiting laws. The contribution was intended to provide incentive awards to local customs officials, needed because the African country involved was a major transit point for illicit trade and the local customs officials have no incentive to prevent the contraband. Finally, Opinion Release 10-02focused on the underlying due diligence engaged in by a US-based Micro Financial Institution (MFI) operating in an unnamed Eurasian country. The Release specified the three levels of due diligence that the US MFI had engaged in on the proposed locals MFIs which were listed as eligible to receive the funding. In addition to the specific discussion of the due diligence performed by the US MFI and noting the controls it had put in place after the funding was scheduled to be made the DOJ also listed several of the due diligence and/or controls that it had previously set forth in prior Opinion Releases relating to charitable donations.

While these Opinion Releases certainly imply a level of scrutiny at the post donation level, their primary focus is on who the donations are being made to and are they a government official. However, the DOJ may well expect both pre and post donation scrutiny, along the lines of Sexwale’s questions, which could demonstrate the legitimacy of the donation. However Sexwale’s questions also raise up something that the DOJ and SEC often say, that being that a good anti-corruption compliance program is really just good business. Shareholders and investors have the right to know how and where their money is begin spent. It would seem to behoove any company to want to the know the same thing that Sexwale wants to know about the $10MM payment to Jack Warner, What was done to make sure that your good intentions – you as the giver – have been realized? 

To hear the original version of Like a Rolling Stone on YouTube, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 7, 2015

Why Should Americans Care About the FIFA Indictments? Part I – Only the US Government Could Do It

DOJA colleague recently posed that question to me. I thought it was an interesting one and although at first blush the response to me might appear self-evident, the fact that it was posed means that my view may not be universal. The more I thought about how to respond to my friend’s query, the longer my response became. So today, I begin a three-part series on why Americans should care about the Department of Justice (DOJ) bringing their indictments against the 14 named defendants who were all associated with the governing body of international soccer, the Fédération Internationale de Football Association (FIFA).

Over the weekend, I went to England to attend the wedding of my sister-in-law. My wife has numerous aunts, uncles, nieces, nephews and cousins and they all attend such family events. One of the more interesting comments I heard was from one of my wife’s cousins who said, “only America was big enough to take on FIFA” and that “you can say what you want about Americans but they get things done.” I realize the sample size may have been small to fully validate these perceptions but consider the headline from the lead editorial in the Sunday Times today which read “JUSTICE 1, FIFA O” where the Times discussed the revelations that Sepp Blatter himself is now under investigation by the US DOJ for direct involvement of the $10MM bribe paid to Jack Warner to swing his vote to award South Africa the 2010 World Cup.

The statement by my cousin-in-law presages something that is not discussed consistently about prosecutions under the Foreign Corrupt Practices Act (FCPA); that is the US government is the undisputed worldwide leader in the global fight against corruption and bribery. For all the discussion about whether it is fair or right to prosecute companies with headquarters outside the US for FCPA violations, the bottom line is if the US government did not engage in such prosecutions, no one else would do so. But these are not companies that lie outside the jurisdiction limit of US justice; these are companies that have voluntarily subjected themselves to US jurisdiction. Remember TOTAL, who howled about how unfair it was that the US government was prosecuting them? It turned out that they wired part of their bribes through the US banking system. Alstom was another company that fought the DOJ over jurisdiction. Yet it has listed securities on certain US exchanges which invoked FCPA jurisdiction, engaged in illegal conduct in the US and involved US citizens in the bribery and corruption allegations against it.

This fact of US leadership in the global fight against corruption and bribery was driven home even more so with the FIFA indictments. The Sunday Times had been investigating FIFA through investigative journalism for years. As far back as 2010, the Sunday Times published evidence that votes of FIFA executives could be purchased for votes to secure World Cup tournaments. The Sunday Times handed over wire tapes, videotapes and transcripts confirming these allegations to FIFA officials. FIFA’s response was to discipline those who had talked with reporters from the Sunday Times. Most amazingly, in May 2011 the Sunday Times provided this evidence to a British Parliamentary commission.

Did anything come about from this evidence being handed over to the UK government? A generous response might be not that we know of, as yet. This is in the face that the UK has arguably the strongest anti-corruption law on the books, the UK Bribery Act, which makes illegal the paying and receiving of bribes in both the public and private sector. So the laws are in the books in the UK, if the UK government wanted to enforce them.

The DOJ has made clear they will use all tools available to them in the fight against international corruption and bribery. For US companies or others subject to the FCPA, that means using a supply-side law, which criminalizes the conduct of the bribe payor. But there are numerous other laws that criminalize the conduct of the bribe receiver. We saw a couple of those at play with the FIFA indictments. These include money laundering and tax evasion, with tax evasion first. Ever since the conviction of Al Capone, the government has made use of laws against evading taxes on monies you are paid for criminal activity. Under FCPA cases, the companies seem to report the income from their ill-gotten gain accurately so we have not seen that tool used in FCPA prosecutions. However individuals who receive bribe payments generally do not report the income because they cannot account for receiving it for any honest or legal services. Since they do not report it, they do not pay taxes on it.

Anti-money laundering (AML) laws are an important tool in the fight against international bribery and corruption. My colleague Mike Brown, no doubt channeling his inner Woodward and Bernstein, often says that when it comes to bribery and corruption, you should “follow the money”. This is the basic truth about money laundering and why it is such an important tool in the fight against corruption. We have seen it used occasionally as an adjunct to FCPA prosecutions. Most recently was the money laundering charge against María de los Ángeles González de Hernandez, the official at a state-owned Venezuelan bank, Banco de Desarrollo Económico y Social de Venezuela (BANDES) who was paid upward of $5MM in bribes to win bond trading work. She was extradited to the US and pled guilty.

The bottom line is that only the US government has the wherewithal to engage in such a worldwide investigation and coordinate the actions of numerous of countries in providing assistance. Do you think the Swiss police would have been so involved if it was not for the US government lead in this investigation? From President Obama on down, the US government has made clear that it will lead the international fight against bribery and corruption. The FIFA indictments are yet one more indication that they will continue to do so.

But the US is no longer alone in this fight. Witness the large numbers of countries that have passed domestically and internationally focused laws against bribery and corruption. Whatever the motives behind the Chinese government prosecution of GlaxoSmithKline PLC (GSK) in China, the fact of the prosecution sent shock waves through western companies doing business in China that the old ways of bribing officials was no longer acceptable. The effect was that western companies doing business in China beefed up their compliance function and oversight of compliance. The same has been true from the burgeoning Petrobras corruption scandal in Brazil. Brazil itself has only recently enacted domestic anti-corruption legislation and it may have been the political fallout from the Petrobras corruption scandal that finally led the President of the country to accede to having the law made effective.

FIFA is the biggest sports empire in the world. The National Football League (NFL) is downright paltry when it comes to the monies, numbers and passions around international soccer. However the US government became aware of the inherent corruption at FIFA; whether through the investigative work of The Sunday Times, a whistleblower, an unrelated investigation into other criminal activities or some other means, Americans should care about the FIFA indictments because it shows the US government continues to lead the world’s fight against bribery and corruption.

Why should Americans care about the FIFA indictments? First as a measure of national pride, we have a Justice Department that has the wherewithal to take on the world’s largest sports organization, particularly one which thought itself above the law. While the US certainly did not bring the indictments against FIFA alone, it clearly was the leader in this effort to continue the fight against global corruption and bribery. For if America does not lead, others will not follow in this fight so Americans should care greatly that the DOJ is continuing to lead this fight with the laws available to it.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 4, 2015

FIFA, the DOJ and the Global Fight Against Corruption

DOJThe Department of Justice (DOJ) gave the global fight against anti-corruption a huge boost last week when it announced it was bringing charges against 14 members or persons associated with Fédération Internationale de Football Association (FIFA). To say that the scope and breadth of the charges were breathtaking really does not capture this moment in history for the anti-corruption advocates around the globe. FIFA had held itself above the law for so long, that it finally took the DOJ to start the process of rooting out the corruption that appears to have been endemic in the organization.

My FCPA Blog contributor colleagues Mike Scher and Alistair Craig, both writing in the FCPA Blog, respectively asked why we in the compliance community had not protested against FIFA corruption louder and what took the DOJ so long to prosecute? I have to disagree with both positions. The compliance community had worked to be a part of the solution at FIFA for some time. Both Transparency International and Alexandra Wrage at TRACE International worked to help bring transparency and accountability to FIFA. Both were summarily shown the door by FIFA and specifically Sepp Blatter. Just as an alcoholic cannot get sober until they become ready and willing, FIFA has not, until very recently, been willing or able to face its issues of corruption.

Moreover, even when FIFA gave the appearance about somehow even being remotely concerned about bribery and corruption, it was all for show. It asked former federal prosecutor Michael Garcia to internally investigate allegations of bribery and corruption around the awarding of the 2018 World Cup to Russia and the 2022 World Cup to Qatar, then summarily obstructed his investigation. Finally when Garcia did produce a report, FIFA shelved it and released a sham summary that Garcia promptly disavowed. Garcia resigned from FIFA due to the organization’s conduct over his report and its burial.

Even when national governments tried to do something about the bribery and corruption endemic in FIFA, they were stymied. Nigeria (of all places) tried to investigate allegations of match fixing around its national soccer federation. FIFA’s response? It decreed that Nigeria could face the ultimate sanction of being expelled from FIFA if the organization determined there had been unacceptable government interference. How’s that for playing ball?

Clearly FIFA demonstrated it was an organization that was unable to replace an institutional structure that fostered bribery and corruption when it re-elected Blatter last Friday for yet another five-year term as President. Yet Blatter resigned this week. Why did he do so? In an article in the BBC online it reported that Blatter said the mandate he was given at the time of his re-election (last Friday) no longer “seemed to be supported by everyone in the world of football.” He was reported to have said the organization need “profound restructuring.” Time was much blunter when it said, in an article entitled “FIFA’s Sepp Blatter Is Under Investigation for Corruption, Reports Say, that “FIFA president Sepp Blatter is himself in the crosshairs of the corruption investigation that saw several of the organization’s top brass indicted over the past week, with U.S. officials reportedly saying that he was a target of their probe into world soccer’s governing body. The New York Times says that it was told by officials, speaking on condition of anonymity, that investigators hoped to work their way up to Blatter with the cooperation of the FIFA officials already taken into custody.”

On NPR’s All Things Considered, there was a report that senior FIFA officials were no longer gong to attend this month’s Women’s World Cup in Canada for fear of being arrested and extradited immediately to the US. Does that sound like a group of men who have nothing to hide? I am reminded of the 1960s magazine article and movie Suppose They Gave a War and Nobody Came? Truly the inmates are running the asylum.

What about the companies that sponsor FIFA, regional soccer federations and national soccer organizations and their role in all of this? In another BBC article, entitled “Fifa sponsors welcome Sepp Blatter’s resignation”, Emily Young reported that “both Visa and Coca-Cola repeated warnings that they expected a swift overhaul at Fifa. And McDonald’s said it hoped this would be the first step towards “gaining back trust from fans worldwide.”” I found this response by sponsors to be a key part in the international fight against bribery and corruption. Moreover, it demonstrated the role of all parties in fighting bribery and corruption.

Clearly it is not in the interest of any multi-national to be associated with a corrupt entity such as FIFA from a reputational perspective. But more than simply self-interest to protect their own brand name, companies have a role in the fight directly. This can be summed up by Scott Killingsworth in his writings on ‘private-to-private’ (P2P) solutions to the US Foreign Corrupt Practices Act (FCPA) or what I call a business solution to a legal problem. If you want to do business with a company, you should contractually mandate that company has an anti-corruption compliance program under the FCPA, UK Bribery Act or other recognized international standard.

The FIFA international bribery scandal and criminal enforcement action will be around for quite sometime to come. For the Chief Compliance Officer (CCO) or compliance practitioner in a US company there will be many lessons to be learned going forward, even if the initial criminal charges are against the bribe-takers for violations of Racketeer Influenced and Corrupt Organizations Act (RICO), money-laundering laws and tax evasion. Many of these lessons will be applicable to a FCPA or UK Bribery Act based best practices anti-corruption compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

June 2, 2015

Senn on 10 Best Practices in a Cross-Border Investigation – Part I

Babe RuthToday we celebrate a closure for it was on this day in 1935 that probably the best-known baseball player in the history of the game, George Herman ‘Babe’ Ruth, retired. While many of his records were broken with the march of history, his career slugging percentage of .690 remains the highest in Major League history. He was an oversized character in every way, from the mammoth home runs that he hit, to his ingestion of hot dogs. While his lifestyle may not be considered best practices for today’s major leaguer to emulate, his name, nicknames and legend will live on as long as baseball is remembered.

I thought about Ruth as I begin a two-part series on how to formulate an effective best practices cross-border investigation based upon an interview I did with Mara Senn, a partner at Arnold & Porter LLP, who specializes in white collar defense and cases brought under the Foreign Corrupt Practices Act (FCPA). The interview was based on an article that Senn and a colleague, Michelle Albert, published in the FCPA Report, Volume 3, Number 1, entitled “Internal Investigations, How to Conduct an Anti-Corruption Investigation: Developing and Implementing the Investigation Plan”. Today I will review practices one through five.

  1. Offer Interview Translations

Senn believes that most people know English to a certain extent and that it is a very universal language nowadays. While many people outside the US have various levels of capabilities in a non-native language, when you get into the very detailed questions in an interview, they may have enough English skills that you assume they understand everything, but in fact, they do not. You may ask a key question, for example, about expense reports, maybe they understand conversational English, but there’s no reason for them to know expense reports. This makes it important to have someone present in the interview that speaks the witness’s native language, and just assume that there are going to be times where you’re going to need to call on that person. She cautioned that you should make it clear to the witness at the outset of the interview that you do not perceive a problem with their English and they understand the reason for the translator.

  1. Avoid Cultural Pitfalls

Here Senn noted that cultural pitfalls are really truly pitfalls and, unfortunately, they can be big deep holes that you do not know anything about, but you can fall into pretty easily. She provided the issue of personal privacy as an example, where most countries have a different concept of privacy, particularly about whether your work area is your own versus what really belongs to the company. In most states in the US, employees fully understand that your employer can come in and take anything from your office at any time, even if it is personal, because you’ve brought it to work. Yet in many other countries, this is not the case. Things at your desk generally are never touched or looked at by anybody else and that’s considered your sanctum where no one else can come. If you go in and do a regular document sweep, the way that you would do in the US, that could be perceived as horribly offensive. She cautioned you should seek local counsel guidance to understand what needs to be done and also explain to you the best way to do it without offending people.

She explained that you do not want witnesses to begin the interview process with a negative view of you and you want them to be cooperative in the interview. This makes it in your best interest to follow local cultural norms. Otherwise, interviews can become embarrassing and awkward at times, if you do fall into one of these cultural pitfalls.

  1. Observe Data Privacy Restrictions

Most American lawyers are aware of different data privacy restrictions and requirements in countries governed by the European Union (EU) and the US. Senn mentioned that some of that is related to employee and employment law; whether or not they have ownership of certain information, and then other parts of the law that really do have to do with data privacy, which means personal information that no matter what form it is in, it cannot be disseminated. But here the point under this best practice is that your analysis and response must go much further to satisfy the US Department of Justice (DOJ) if you want to claim that you cannot get certain information out of a country because of data privacy restrictions.

For instance if you have personal data that you are routinely sending cross-border yet when an investigation begins you claim that you cannot take it out of that same country, for instance Germany; the DOJ will take a dim view of that claim. Further, even if there is a data privacy law on the books, yet the country does not enforce the law, that could work against any data privacy claim as well. So you will need to be prepared to fully present persuasive evidence on this issue if you try and make such a claim.

  1. Comply with Labor Requirements

Similar to the long-standing Weingarten right of unionized employees in the US to have a representative present for interviews, in many countries outside the US there are Works Council and similar analogs in other countries, where, basically, the Works Council is responsible for the interactions between the employers and the employees. Moreover, employees have certain statutory or labor code based rights as employees, regardless of whether they are members of a labor union or not. These rights can drill down into the types of questions that you can ask or even prevent you from meeting with or interviewing certain employees.

Senn noted that you may well have to work through Works Council to make sure that the way you ask the questions, and those present for the company, are acceptable to Works Council. If you do not have this pre-approval it may be that the Works Council prevents you from meeting with certain employees. For each area that you operate in, you must engage the local legal counsel to determine what is the best way to work with the Works Council, or similar types of organizations, to ensure that you can get done what needs to get done in your investigation.

  1. Be Aware of Other Local Requirements

Points three and four certainly lead into Senn best practice No. 5. She believes it is incumbent that you work with local counsel in the country you are performing the interviews to garner an understanding of the witnesses rights and your obligations during any investigation. She explained that many ways a US lawyer would think about doing an investigation could be problematic in other jurisdictions. She gave the examples of taking pictures or physically removing documents from a location, which could be issues that you might face. You certainly need advice and counsel on what is legal and what might not be going forward.

Ruth and Senn; Senn and Ruth? Even if you do not immediately associate them, Mara Senn has once again provided the compliance practitioner with concrete steps to take around international investigations and their protocol. Tomorrow, I will consider her practices six through ten.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 27, 2015

Economic Downturn Week, Part III – The Desktop Risk Assessment

Economic DownturnI continue my exploration of actions you can take to improve your compliance program during an economic downturn with a review of what my colleague Jan Farley, the Chief Compliance Officer (CCO) at Dresser-Rand, called the ‘Desktop Risk Assessment’. Both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) make clear the need for a risk assessment to inform your compliance program. I believe that most, if not all CCOs and compliance practitioners understand this well articulated need. The FCPA Guidance could not have been clearer when it stated, “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.” While many compliance practitioners have difficulty getting their collective arms about what is required for a risk assessment and then how precisely to use it; the FCPA Guidance makes clear there is no ‘one size fits all’ for about anything in an effective compliance program.

One type of risk assessment can consist of a full-blown, worldwide exercise, where teams of lawyers and fiscal consultants travel around the globe, interviewing and auditing. Of course this can be a notoriously expense exercise and if you are in Houston, the energy industry or any sector in the economic doldrums about now, this may be something you can even seek funding for at this time. Moreover, you may also be constrained by reduced compliance personnel so that you can not even perform a full-blown risk assessment with internal resources.

However if there is one thing that I learned as a lawyer, which also applies to the compliance field, it is that you are only limited by your imagination. So using the FCPA Guidance’s no ‘one size fits all’ proscription, I would submit that is also true for risk assessments. You might try assessing other areas annually, through a more limited focused risk assessment, literally while staying at your desk and not traveling away from your corporate headquarters.

Some of the areas that such a Desktop Risk Assessment could inquire into might be the following:

  • Are resources adequate to sustain a culture of compliance?
  • How are the risks in the C-Suite and the Boardroom being addressed?
  • What are the FCPA risks related to the supply chain?
  • How is risk being examined and due diligence performed at the vendor/agent level? How is such risk being managed?
  • Is the documentation adequate to support the program for regulatory purposes?
  • Is culture, attitude (tone from the top), and knowledge measured? If yes, can we use the information enhance the program?
  • Disciplinary guidelines – Do they exist and has anyone been terminated or disciplined for a violating policy?
  • Communication of information and findings – Are escalation protocols appropriate?
  • What are the opportunities to improve compliance?

There are a variety of materials that you can review from or at a company that can facilitate such a Desktop Risk Assessment. You can review your company’s policies and written guidelines by reviewing anti-corruption compliance policies, guidelines, and procedures to ensure that compliance programs are tailored to address specific risks such as gifts, hospitality and entertainment, travel, political and charitable donations, and promotional activities.

You could assess your company’s senior management support for your compliance efforts through interviews of high-level personnel such as the Chief Financial Officer (CFO), General Counsel (GC), Head of Sales, Chief Executive Officer (CEO) and all Board, Audit or Compliance Subcommittee members to assess “tone from the top” and their actual knowledge about the Foreign Corrupt Practices Act (FCPA) and your compliance program. You can examine resources dedicated to compliance and also seek to understand the compliance expectations that top management is communicating to its employee base. Finally, you can gauge operational responsibilities for compliance.

Such a review would lead to the next level of assessment, which would be generally labeled as communications within an organization regarding compliance. You can do this by assessing compliance policy communications to company personnel but even more so by reviewing such materials as compliance training and certifications that employees might have in their files. If you did not yet do so, you should also take a look at statements by senior management regarding compliance, such as actions relating to terminating employees who do business in compliance but do not make their quarterly, semi-annual or annual numbers set in budget projections.

A key element of any best practices compliance program is internal and anonymous reporting. This means that you need to review mechanisms on the reporting of suspected compliance violations and the actions taken on any internal reports, including follow-ups to the reporting employees. You should also assess whether those employees who are seeking guidance on compliance for their day-to-day business dealings are receiving not only adequate but timely responses.

I do not think there is any dispute that third parties represent the highest risk to most companies under the FCPA, so a review of your due diligence program is certainly something that should be a part of any risk assessment. But more than simply a review of procedures for due diligence on third party intermediaries, you should also consider the compliance procedures in place for your company’s mergers and acquisitions (M&A) team; focusing on the pre-acquisition phase.

One area that I do not think gets enough play, whether in the FCPA Inc. commentary or in day-to-day practice is looking at what might be called employee commitment to your company’s compliance regime. So here you may want to review your compliance policies regarding employee incentives for compliance. But just as you look at the carrots to achieve compliance with your program, you should also look at the stick, in the form of disciplinary procedures for violations. This means you should see if there have been any disciplinary actions for employee compliance violations and then determine if such discipline has been applied uniformly. If you discipline top sales people in Brazil, you have to discipline your top sales folks in the US for the same or similar violations.

This list is not intended to be a complete list of items, you can pick and choose to form some type of Desktop Risk Assessment but hopefully you can see some of the areas you can assess. My suggestion is that you try identifying and focusing on core compliance components in your organization. Obviously there are probably a million things you could fix. However, you cannot fix everything, so you must make a decision about your primacies, and then act on them. A Desktop Risk Assessment may well help you to do so.

As with the other suggestions I have put forward during the Economic Downturn Week series, if you perform an annual Desktop Risk Assessment with a full worldwide risk assessment every two years or so, you should be in a good position to keep abreast of compliance issues that may change and need more or greater risk management. Moreover, when funds and resources do become available to you and the compliance function, you will have a stronger program and one which move towards best-in-class. Finally, do not forget that the FCPA Guidance ends its section on risk with the following, “When assessing a company’s compliance program, DOJ and SEC take into account whether and to what degree a company analyzes and addresses the particular risks it faces.” By using the Desktop Risk Assessment during an economic downturn, you can answer any regulator who asks what have you done to manage the risks in your company, by using the resources and tools that were available to you.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,348 other followers