DPA | FCPA Compliance and Ethics Blog

December 8, 2014

DPAs and NPAs – Powerful Tools in the Fight Against Corruption

Filed under: Best Practices,Corporate Monitors,Deferred Prosecution Agreement,Department of Justice,FCPA,FCPA Professor,Hewlett-Packard,HP,Leslie Caldwell,Non-Prosecution Agreements,SEC — tfoxlaw @ 12:01 am
Tags: compliance programs, Department of Justice, DPA, FCPA Professor, NPA

As readers of this blog know the FCPA Professor and I usually look at the same Foreign Corrupt Practices Act (FCPA) enforcement action, item or remark and see different things. Sometimes we even hear the same thing and come away with different interpretations. Last week, we experienced yet another instance of the former where we both looked at the same article, that being one in Global Investigations Review entitled “Caldwell: settlement a “more powerful tool” than convictions” by Rahul Rose, yet came away with different interpretations. After some to-ing and fro-ing, we decided that we would both post our interpretations on the same day. So with a nod to Dan Fogelberg and Tim Weisberg, today we have the first twin posts from different bloggers dual- blog posts. Since we agreed to write our respective posts without seeing the other’s post and hence could not comment on each other’s post, I urge that after you finish reading my blog today, you click on over to the FCPA Professor’s site and see what his thoughts on Caldwell’s remarks might be.

The specific remarks we want to focus on were apparently made by during the Q&A session of Assistant Attorney General Leslie R. Caldwell who spoke at the Launch of the Organization for Economic Co-operation and Development Foreign Bribery Report, note these remarks were not found in the printed remarks of the speech on the Department of Justice (DOJ) website. In her Q&A, Rose reported the following, “Caldwell told the audience in Paris: “Companies cannot be sent to jail, so all a court can do is say you will pay ‘x’. We can say: ‘you will also have a monitor and will do all sorts of other things for the next five years, and if you don’t do them for the next five years then you can still be prosecuted’.” [And for the money shot] “In the United States system at least it is a more powerful tool than actually going to trial,” she said.”

It turns out that I have been thinking along these lines as well. The debate over the usefulness of Deferred Prosecution Agreement (DPAs) and Non-Prosecution Agreements (NPAs) has been long attended. Yet there are a couple of key reasons that DPAs and NPAs are such powerful tools in the fight against anti-corruption and anti-bribery which I do not believe have been fully articulated or explored. The first is that by settling, the DOJ (and Securities and Exchange Commission [SEC]) will have the ability to monitor the company going forward. This process began under the practice of formally appointing a corporate monitor nominated by the company in the throes of the enforcement action and who would be agreed to by the DOJ. This practice is generally referred to as a company having mandatory monitor.

While this specific practice received a fair amount of criticism from a variety of sources, the basic concept was sound. That concept was that a neutral third party would review a company’s compliance with the terms and conditions of a DPA or NPA and report to the DOJ at intervals generally no shorter than annually. This would give the DOJ eyes and ears into a company to oversee its adherence to the terms of the settlement. But what information did Caldwell convey in her statement as to why she thinks settlements are such a powerful tool? I read three pieces of information her statement about why FCPA settlements are such powerful tools.

‘Do All Sorts of Other Things’

Under this prong a settling defendant is required to do “all sorts of other things.” We know from the DPAs and NPAs relating to FCPA enforcement over the past several years, the minimum that a company will be required to institute is a best practices anti-corruption compliance program. While the FCPA Guidance specifies ten hallmarks of an effective compliance program, the DPAs and NPAs have had between 9 to 16 items listed in the best practices anti-corruption compliance programs that settling companies’ have agreed to institute. If the DOJ went to trial and secured a conviction the company would not have to put such a compliance program in place but only pay a fine or some other monetary penalty. Further, by requiring such a best practices anti-corruption compliance program in such a public manner, through a publicly filed DPA or NPA, the DOJ can communicate its current thinking on what it believes constitutes such a program. This provides valuable information to the compliance practitioner going forward and I believe completely disabuses the argument that companies cannot know what their obligations might be to comply with the FCPA or that companies do not know what the DOJ expects from them in the area of a FCPA compliance regime.

‘You will also have a monitor’

David E. Matyas and Lynn Shapiro Snyder from the law firm of Epstein Becker & Green P.C., described the duties of a corporate monitor in their article entitled, “Monitoring the Monitor? The Need for Further Guidance Governing Corporate Monitors Under Pre-Trial Diversion Agreements”. The monitor would meet with “the company’s board and employees. A monitor then develops a work plan which defines the scope, access, and power the monitor will have over the company. The monitor’s work involves frequent visits to the company (including possible on-site accommodations) and broad access to company documents and meetings. The monitor should be knowledgeable about the regulatory aspects of the company’s operations, but that is not necessarily a criterion for selection of the monitor. Indeed, a monitor can hire others to assist in his or her responsibilities at the company’s expense. The monitor files periodic reports with the U.S. Attorney’s Office and makes visits with that office as well as with the company. At the conclusion of a monitor’s term – often 24-36 months – the monitor files a final report that details the activities accomplished and whether the company complied with all the terms of the agreement.”

So the monitor provides the DOJ with continued insight into what the company is doing to satisfy its settlement obligations around the implementation of its compliance program. If the DOJ has high confidence that the company has and will continue to put significant resources and efforts into its compliance program, it may agree to a voluntary monitor, as we have seen with the Parker Drilling and Hewlett-Packard (HP) DPAs. If the DOJ does not have such confidence, it may require a monitor for the length of the DPA, such as we saw in the Total DPA, which was three years. The DOJ may also take an interim position on the mandatory or voluntary nature of the monitor by allowing a company to end a mandatory monitorship half-way through the pendency of a DPA as it did with the Weatherford DPA, which allowed the mandatory monitorship to end at the 18 month mark of a three year DPA, if certain criteria were met.

‘You can still be prosecuted’

This final point is not to be underestimated. Once again if a company is found guilty at trial, a fine and/or penalty will be assessed and payment is the end of it. While it still may be under enhanced scrutiny, it will not have the affirmative obligation to report any FCPA violations going forward, nor will it bear potential liability and prosecution for failure to implement the terms and conditions of the DPA or NPA. Indeed, the company will agree to be prosecuted if there is another violation or it fails to implement as agreed to.

So by using DPAs and NPAs as settlement tools, I believe that the DOJ is able to impact on an ongoing basis, for two to three years, the compliance program of a settling company. This continued oversight usually translates into greater enthusiasm by a settling company to get compliance right so that it does not have to go through the full FCPA investigation and enforcement process. Of course there will always be recalcitrant companies such as Marubeni Corporation, which do not take the agreed to compliance obligations seriously going forward. When they get into trouble as recidivists, the second penalty is usually much higher. But there is also benefit to the compliance practitioner and greater compliance community because the DOJ communicates its expectations in these DPAs and NPAs. So they also work as powerful communication tools. Finally, by requiring a third party to act as the monitor, whether voluntary or mandatory, the DOJ can get some independent insight into what a company is doing compliance-wise.

Not knowing what the Professor has said, I have not tried to anticipate his arguments or rebut them directly. Nonetheless, I have tried to articulate why I agree with Ms. Caldwell’s remarks and why I continue to find the DOJ’s use of DPAs and NPAs as settlement tools a powerful weapon in the fight against bribery and corruption. I also hope that you will find favor with this exercise that the FCPA Professor and I have engaged in because we both believe that ongoing debate over FCPA enforcement is worthwhile for the compliance practitioner and necessary for the long-term success of compliance moving forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Leave a Comment

June 26, 2014

Coolness in Being the Bad Guy? Eli Wallach and GSK

Filed under: Best Practices,Bribery Act,compliance programs,Corruption in China,Department of Justice,Enforcement Actions,FCPA,Financial Times,GlaxoSmithKline,Serious Fraud Office — tfoxlaw @ 12:01 am
Tags: Bribery Act, compliance, compliance programs, Department of Justice, DOJ, DPA, FCPA, FT, GSK, SFO

Eli Wallach died Tuesday. For my money, he was about the coolest bad guy out there. Not tough like Lee Marvin, just cool. My favorite Wallach roles were as Calvera in The Magnificent Seven and as Tuco in The Good, The Bad and The Ugly. An early proponent of method acting, Wallach performed on the stage and in films for over 60 years. Although originally from Brooklyn, Wallach was also a fellow Texas Longhorn, having attended the University of Texas. He served in France as a Second Lieutenant in France during World War II.

I thought about Wallach’s über coolness when considering the most decided uncool position of the UK pharmaceutical giant GlaxoSmithKline PLC (GSK) recently. Last month the Chinese government issued a most very stern warning to GSK when it accused the former head of GSK’s China business of direct involvement in bribery and corruption. But more than this direct accusation, the move was a clear warning shot across the bow of not only western pharmaceutical companies doing business in China but also all western companies. In an article in the Wall Street Journal (WSJ), entitled “Beijing Warns Sernly on Glaxo”, Laurie Birkett quoted Helen Chen, a director and partner at consultancy L.E.K., as saying “Focusing much of the blame on a foreigner sends a strong message to all. Companies will see that if authorities are willing to accuse even a foreigner, who is in senior management, the issue is being taken seriously, it’s a clear message that bribery is unacceptable in the market.” Burkitt went on to say, “Experts say China’s medical system is deeply underfunded, giving doctors, hospitals and administrators an incentive to overcharge and overprescribe. Glaxo, in the past, organized trips for doctors around China and to places such as Budapest and Greece as part of a broader effort involving perks and cash to get doctors to boost drug prescriptions, according to documents previously reviewed by The Wall Street Journal.”

Such reports of endemic corruption are not new. An article, entitled “GSK China probe flags up wider worries”, in the Wednesday edition of the Financial Times (FT) reporters Andrew Jack and Patti Waldmeir discussed not only the endemic nature of corruption in China but how, in many ways, the Chinese health care system is based on such corruption. The piece quoted George Baeder, an independent drug industry advisor, for the following, “Financial flows – both legal and illegal – tied to drug and device sales are funding perhaps 60-80 per cent of total hospital costs. Without this funding, the current system would collapse.” Further, “central and provincial Chinese governments cannot afford to pay doctors a living wage, and may patients cannot afford to pay the true cost of care.” And finally, “Up to now, Beijing has turned a blind eye as pharma companies find ways to subsidise doctor salaries and underwrite their medical education.” How about that for structural corruption?

Intertwined with this structural issue is the problem of the quantity and quality of the drug supply. Many Chinese doctors do not feel that there is an acceptable alternative to foreign pharmaceutical products. This drives up the cost of prescribed medicines, as this quantity is therefore limited. But even where indigenous Chinese generic drugs are available as alternatives, many patients do not trust these medicines. This restricts the quality of drugs available.

But with this recent round of accusations against GSK it appears that the Chinese government has opened a new front. In an article in The Telegraph, entitled “GSK bribery scan could cause ‘irreparable damage’, says China”, Denise Roland reported that “Beijing has apparently issued a warning to all foreign firms, cautioning that the corruption charges against GlaxoSmithKline executives could cause “irreparable damage” to the drug maker’s Chinese operations.” She quoted from the state news agency Xinhua for the following, “GSK’s practices eroded its corporate integrity and could cause irreparable damage to the company in China and elsewhere. The case is a warning to other multinationals in China that ethics matter.”

In addition to these charges against a senior GSK executive, which could lead liability up to the GSK boardroom, Jonathan Russell, also writing in The Telegraph, in an article entitled “GlaxoSmithKline is facing more than double jeopardy”, said that “GlaxoSmithKline’s problems are multiplying fast. In China authorities have identified 46 individuals connected to the company they claim were involved in “massive and systemic bribery”. In the UK the Serious Fraud Office (SFO) marked out its pitch this week, revealing it has opened an official investigation into allegations of bribery; and an internal GSK probe is looking at potential wrongdoing in Jordan and Lebanon.” More ominously, he also noted that “Given the slew of allegations so far it seems a fair assumption that other international law enforcement agencies, notably the US Department of Justice, will be taking a long, close look at the allegations.”

While Russell points to the general UK prohibition against prosecutions, which might invoke double jeopardy, he says “As ever with the law there are exceptions to the principle. However they are limited in scope and rare in number. It may also be the case that the principle of double jeopardy may not be invoked in this case if the alleged offences the SFO is investigating are separate to those under investigation in China. They could relate to matters that took place in Jordan or Lebanon.” Russell also pointed out that “international prosecutors carving up parts of prosecutions so they can all have their pound of flesh. A very painful prospect for GSK.” It will also be interesting to see if GSK is charged under the UK Bribery Act, under the prior law or both. If charges are brought under the Bribery Act, which became effective on July 1, 2011, do you think GSK would try and raise a compliance defense based on the Six Principals of Adequate Procedures? I guess having a compliance defense is pretty useless if your company engages in bribery and corruption.

While Russell talks about the aggressiveness of US prosecutors under the Foreign Corrupt Practices Act (FCPA), he does not discuss what may be GSK’s greatest exposure in the US. GSK was under the equivalent of a Deferred Prosecution Agreement (DPA) called a Corporate Integrity Agreement (CIA) for its prior sins related to off-label marketing. This CIA not only applied to the specific pharmaceutical regulations that GSK violated but all of the GSK compliance obligations, including the FCPA. In addition to requiring a full and complete compliance program, the CIA specified that the company would have a Compliance Committee, inclusive of the Compliance Officer (CO) and other members of senior management necessary to meet the requirements of this CIA, whose job was to oversee full implementation of the CIA and all compliance functions at the company. These additional functions required Deputy Compliance Officers for each commercial business unit, Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified. Further, there was detail down to specifically state that all compliance obligations applied to “contractors, subcontractors, agents and other persons (including, but not limited to, third party vendors)”.

For the compliance practitioner, one clear message from the GSK matter is to monitor, audit and continuously review your Chinese operations. I will have more to say about the China corruption crackdown in an upcoming blog post but just like Eli Wallach as Calvera in The Magnificent Seven told the gunmen hired to protect the Mexican village, you have been warned.

© Thomas R. Fox, 2014

Leave a Comment

February 24, 2014

Commitment to Compliance: the Compliance Committee

Filed under: Best Practices,Chief Compliance Officer,compliance programs,Donna Boehme,Ethical Leadership,Ethics,Oversight Committee,SCCE — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, DPA, SCCE

Sunday was the 69th anniversary the most iconic photo of World War II, at least from the American perspective. Of course it was the raising of the American flag at Mt. Suribachi on Iwo Jima. To say that one photo cannot change the lives of those pictured is belied by this image. The photographer, Joe Rosenthal, won a Pulitzer Prize for the photograph. While three of the six flag-raisers died fighting on Iwo Jima, one survivor, Rene Gagnon appeared during half time at the 1969 Orange Bowl; Ira Hayes was immortalized songs both by Johnny Cash and Bob Dylan and the last remaining flag-raiser, John Bradley, died in 1994.

I once tried a lawsuit in Harlingen County, Texas, where the name of one of the flag-raisers, Harlon Block, is inscribed in the Memorial to the county’s deceased war veterans on the courthouse square. The Judge of the trial used it as an example of civic duty and, years later, when I read James Bradley’s book, “Flags of Our Fathers”, about his father John Bradley and the men who raised this flag, I learned that the Judge in my trial was one of 16 high school seniors from Harlingen High School who all volunteered for enlistment on the same day. Harlon Block was one of the Judge’s classmates and they volunteered together. I am still moved when I think of that story.

One of the commitments I believe can enhance a compliance program is the creation of a compliance committee. As far back as in the 2005 Monsanto Corporation Deferred Prosecution Agreement (DPA) the compliance committee concept appears to have found favor with the Department of Justice (DOJ). In Appendix B to the DPA, Monsanto agreed to, among other things, “the establishment and maintenance of a committee to supervise the review of (I) the retention of any agent, consultant, or other representative for purposes of business development or lobbying in a foreign jurisdiction”, or a Compliance Committee. Later, this concept was used in the settlement of Halliburton’s shareholder action around its Foreign Corrupt Practices Act (FPCA) enforcement action.

The Monsanto DPA provides guidance on this point by stating “The majority of the committee shall be comprised of persons who are not subordinate to the most senior officer of the department or unit responsible for the relevant transaction;” this would indicate that senior management should be involved in the Compliance Committee. It would also indicate that more than one department should be represented on the Compliance Committee. This would include senior representatives from the Accounting (or Finance) Department, Compliance & Legal Departments and Business Unit Operations.

The Society for Corporate Compliance and Ethics (SCCE) Complete Compliance and Ethics Manual suggests the following language in its proposed form of Compliance Committee Charter:

The compliance officer shall have ultimate responsibility for operating the compliance program, with the support and assistance of the compliance committee. The committee shall consist of ### members, representative of each major department or area. The committee may appoint ad hoc members, each to serve at the pleasure of the committee, to assist and advise the committee in carrying out this charter. While the ad hoc members of the committee are not entitled to vote on matters formally considered by the committee, the ad hoc members shall be entitled to call a meeting of the committee and, further, to have any matter included on the agenda of any meeting of the committee. The committee shall designate the proper manner for calling meetings and the setting of agendas thereto.

The compliance officer and committee shall retain a direct line of communication with and a direct reporting responsibility to the board of directors, executive committee, and CEO.

In the November/December issue of the SCCE Compliance & Ethics Professional magazine, Donna Boehme wrote an article entitled “Building a horse and not a camel: The compliance committee”. Where she cautioned that “More often than not, a [compliance] committee that is conceived with all best intentions evolves into something less that ideal: (a) a team of micromanagers that routinely substitutes its judgment for that of the CCO; (b) a source of unnecessary red-tape and ‘make-work’ for the compliance function, (c) a filter between the CCO and the governing body.”

To remedy these potential pitfalls, Boehme recommends three rules for building an effective compliance committee.

The compliance committee should have a clear, written charter that sets out the functionality, goals, and parameters of the group, along the lines discussed above.
The CCO should chair a committee of her peers-senior level officers in a position to make decisions and marshal resources.
The compliance committee should be periodically reviewed for effectiveness and adjusted as necessary to meet the stated goals of the charter.

One of the things Boehme makes clear is that “every compliance structure should be fit-for-purpose.” In other words, if your company’s highest compliance risk is third party relationships, I think you should focus your compliance committee resources on that issue. The scope of this was not fleshed out in the Monsanto DPA. However, it suggested that a company should incorporate both a pre-execution function and a post-execution management function in overseeing the full relationship with any third party. While this would most necessarily focus on FCPA compliance, there should also be a commercial component to this function.

To this end, a compliance committee should review all documents relating the full panoply of a third party’s relationship with a US company. This would begin with a review of any initial requests to engage a new third party. The information presented to the compliance committee would include a Business Unit’s request to engage the third party, the costs and benefits. The next step would be to review the due diligence and all background investigative materials on the prospective third party.

The compliance committee should receive copies of, and approve, all due diligence and background investigative materials before a contract is executed with a third party. Particular attention should be paid to the form of the contract. If there are deviations from the company’s standard form of agreement, with regard to the FCPA compliance issues, there should be a full explanation by the third party or Business Unit. The compliance committee should determine if the company is taking on any unwarranted FCPA compliance risk if non-standard FCPA compliance terms and conditions are used.

After the commercial relationship has begun the compliance committee should monitor this relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations on the third party with at least a minimum of a Level One Due Diligence and higher levels of Due Diligence based upon an appropriate risk rating. There should be an evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the third parties. All FCPA compliance training should be reviewed and certifications confirmed. The compliance committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. As with all things FCPA the three most important words here are Document, Document and Document. If you cannot produce documentary evidence to the DOJ of your annual review and its findings, it is of no use to your company.

In addition to the above remedial review, the compliance committee should review all payments requested by the third party to assure such payments are within the company guidelines and are warranted by the contractual relationship with the third party. Lastly, the compliance committee should review any request to provide the third party with any type of non-monetary compensation and, as appropriate, approve such requests.

The compliance of a third party is one of the key tools that a company can use to prevent and detect any violation of its own Code of Ethics and Compliance and the FCPA. The proper structure of the compliance committee and its full engagement with all aspects of a company’s relationship with a third party is one of the areas that the DOJ will look for in a successful FCPA compliance program.

A compliance committee is a key tool, which can be utilized by a company to manage its relationships with its third parties. Its use has been commented upon favorably by the DOJ through its citation in the Monsanto DPA. A Compliance Committee does not replace any of the other key components of an effective FCPA compliance program but it does provide an additional level of protection, back-up and transparency for all deals with a third party. It should be employed by US companies as an additional protection against any type of FCPA compliance and ethics violation “slipping through the cracks” to become a much larger problem down the road.

But take Boehme’s cautionary words to heart, that the guiding principles of a compliance committee should be that it helps and does not hurt your overall compliance efforts going forward. And then use the raising of the flag on Iwo Jima to think about commitment.

© Thomas R. Fox, 2014

Comments (1)

November 14, 2013

Are DPAs Morally Suspect?

Filed under: Deferred Prosecution Agreement,Department of Justice,Enforcement Actions,FCPA,No-Admission Settlements,SEC — tfoxlaw @ 1:01 am
Tags: Deferred Prosecution Agreement, DPA, FCPA, Foreign Corrupt Practices Act, SEC

You know it is going to be a bad day when you are excoriated in public by a sitting federal district judge. It is even worse when the comments of that federal judge make it into one of the most prominent international business dailies around; the UK based Financial Times (FT). Both of the events occurred this week when US District Judge Jed Rakoff spoke to the New York City Bar Association with his thoughts on the use of Deferred Prosecution Agreements (DPAs) by the Department of Justice (DOJ) to resolve criminal matters involving corporations and his speech was reported by Kara Scannell for the FT in an article entitled “Judge says DOJ agreements are ‘morally suspect’”.

As usual Judge Rakoff pulled no punches when he declared that the DOJ’s “Use of deferred prosecution agreements to resolve criminal investigations without holding individuals accountable is technically and morally suspect.” This criticism was levelled as the “DOJ has signaled to leading banks that it will bring civil charges against them for allegedly mis-selling mortgage backed securities in the lead-up to the financial crisis.” Judge Rakoff noted that the DOJ has “not prosecuted any top Wall Street executive in relation to the financial crisis but has struck deals with companies using deferred prosecution agreement over sanction violations and money laundering without charging any individuals.” Judge Rakoff said that if prosecutors can prove a company violated laws “but do not charge individuals then its application is technically suspect.” He then went on to add that it is “morally suspect because a company is made up of sometimes hundreds of innocent employees.” But Judge Rakoff had further criticisms. He charged that DOJ prosecutors no longer have the “experience or resolve” to pursue individuals and that the current DOJ tactic of only going after individuals is “not the best way to proceed.” Pretty strong words, indeed.

This is not the first time that Judge Rakoff leveled charges at regulators for what he believed were practices “which fell short of legal standards.” Indeed, Judge Rakoff was particularly critical about the shift from the criminal prosecution of individuals to the use of DPAs to allow corporations to settle matters as he charged this change “has led to lax and dubious behaviour on the part of prosecutors.” There was much commentary when the Judge “challenged several Securities and Exchange Commission [SEC] deals that allowed companies and individuals to settle civil fraud charges while not admitting or denying wrongdoing.” These comments and court cases (apparently) led the SEC to change its policy and begin to “require admissions in certain cases that were in the public interest.” Scannell’s article concluded by noting that Judge Rakoff’s dismissed the DOJ claims that “it is hard to prove criminal wrong-doing in the packaging of mortgage-backed securities and that charging entities could have a negative effect on the national economy” as simply “excuses”.

The article on Judge Rakoff’s comments indicated that they were only concerning criminal prosecutions against Wall Street executives. But his comments eerily parallel some of the ongoing debate about the use of DPAs in the Foreign Corrupt Practices Act (FCPA) context. The FCPA Professor has consistently criticized both the use of DPAs and lack of individual prosecutions under the FCPA by the DOJ. He has also said that he believes that the DOJ have become “uncomfortable with traditional notions of corporate criminal liability”. Another commentator, David Uhlmann, has agreed with this notion by the FCPA Professor when stating, “This is about a profound ambivalence in parts of the Department about the very notion of corporate criminality.” Yet another commentator, Anthony Barkow, has said that “getting DPAs and NPAs is easy. It’s a lot easier than charging a company.”

Whether they were answering any of these criticisms or not, I think that the DOJ has certainly made clear that it will prosecute individuals who engage in FCPA violation. I agree with Mike Volkov that 2013 may well go down as “Year of the Individual Prosecution” in the FCPA context. Last spring saw prosecutions against individuals from BizJet, BSGR, Willbros and Alstom. This summer there were prosecutions against individuals in the Direct Access Partners (DAP) matter and only this fall was a prosecution against an individual involved in the Maxwell Technology matter. Based on this, at least in the FCPA context, I would have to say that the DOJ has and will continue to prosecute individuals in the context of foreign bribery.

Additionally, in the area of other types of securities fraud cases, the DOJ has very recently shown that it will aggressively pursue companies for criminal sanctions. Recently SAC Capital pled guilty to criminal fraud charges for insider trading and criminal wire fraud. There was a hefty fine of $1.8bn for this conduct.

Interestingly this week the SEC announced that it had entered into its first DPA. In a SEC Press Release, the agency announced that it had entered into a DPA “with a former hedge fund administrator who helped the agency take action against a hedge fund manager who stole investor assets.” This was due to the cooperation by the Administrator; Scott Herckis, even though Herckis aided and abetted the hedge fund at which he worked with securities law violations. The DPA also specified that Herckis “comply with certain prohibitions and undertakings. Herckis cannot serve as a fund administrator or otherwise provide any services to any hedge fund for a period of five years, and he also cannot associate with any broker, dealer, investment adviser, or registered investment company.” He also had to “disgorge approximately $50,000 in fees he received for serving as the fund administrator.”

What does all of the above mean for the compliance practitioner? I think that when a federal judge says there should be more individual prosecutions in a certain area and his reasons echo noted commentators, it engages the debate. In the FCPA context, the debate centers around the use of DPAs and NPAs (Non-Prosecution Agreements) to settle matters with corporations. I am on record as favoring the continued use of such instruments by prosecutors to help raise compliance generally. Others feel that more individuals should be prosecuted. One thing I can say with certainty is that if you take a DPA/NPA for FCPA violations into Judge Rakoff’s court, you had better be ready to defend it, from both sides – the prosecution and the defense.

© Thomas R. Fox, 2013

Leave a Comment

October 23, 2013

Farewell to Bum and Bud: Trends in FCPA Compliance and Enforcement

Filed under: Best Practices,Bribery Act,compliance programs,Corruption in China,Department of Justice,FCPA,SEC — tfoxlaw @ 1:01 am
Tags: best practices, compliance, compliance programs, Department of Justice, DOJ, DPA, FCPA, FCPA Professor, internal investigations, SEC

Sometimes the universe converges in ways that are quite eerie. This past weekend was such an instance when the most beloved figure in Houston professional sports passed on to the great hereafter; only to be followed two days later by the most reviled figure in Houston professional sports history. The most beloved was Bum Phillips, head coach of the Houston Oilers during the Luv Ya Blue era, when the Oilers twice reached the AFC Championship game, losing both times to eventual Super Bowl Champion, the Pittsburg Steelers. The most reviled was the owner of the Houston Oilers, Bud Adams, who not only fired Phillips because he was too popular but also huffed and puffed and picked up his franchise and moved it to Nashville when the City of Houston refused his extortionate demands for a new stadium five years after upgrading the Astrodome at his behest. It sure ought to be a great get together to watch some football upstairs this weekend.

Although one was beloved and one was reviled, they both were innovators so today I will look at five trends in both Foreign Corrupt Practices Act (FCPA) compliance programs and Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcements.

I. Transaction Monitoring

In April 2012, the DOJ announced that it was declining to prosecute Morgan Stanley for the FCPA violations of one of its Managing Directors, Garth Peterson, even though Peterson himself pled guilty to FCPA violations. This was the first publicly announced Declination to Prosecute by the DOJ. In announcing the Declination, the DOJ listed several factors including the firm’s extensive compliance policies and notifications thereof, internal controls and training meant to prevent FCPA violations, all of which had been acknowledged by Peterson. However, the one which struck me was that Morgan Stanley’s compliance personnel engaged in transaction monitoring, randomly auditing particular employees, transactions and business units, and testing to identify illicit payments. This was the first time that the DOJ had spelled out transaction monitoring as a key component of a FCPA compliance regime.

In December, 2012, the SEC released its FCPA enforcement action against Eli Lilly and Company (Lilly). Although this was a civil action and not a DOJ criminal enforcement action, I believe that transaction monitoring would have been a key to detecting and preventing the FCPA violations. In Brazil, there was one distributor which received a discounted rate outside the standard discount given. Transaction monitoring parameters could be set to notify internal audit or compliance if such situations occurred. In Poland, there was a clear relationship between the dates of the donations to the charitable entity administered by the Director General who was making the decisions on the sale of Lilly products. Once again transaction monitoring would have correlated this connection and flagged it for further investigation.

II. International Corruption and Bribery Enforcement

The entry of the Chinese government into the international fight against corruption and bribery is truly a game-changer. While there may be many reasons for this very public move by the Chinese government, it is clear that foreign companies are now on notice. Doing business the old fashioned way will no longer be tolerated. I agree with Mike Volkov that the GlaxoSmithKline PLC (GSK) bribery and corruption investigation will be the Number 1 development for the year in anti-corruption compliance. This means that international (read: western) companies operating in China have a fresh and important risk to consider; that being that they could well be subject to prosecution under domestic Chinese law.

The international component of this investigation may well increase anti-corruption enforcement across the globe. First of all, when other countries notorious for their endemic corruptions, for example India, see that they can attack their domestic corruption by blaming it on international businesses operating in their country, what lesson do you think they will draw? Most probably that all politics are local and when the localities can blame the outsiders for their own problems they will do so. But, when that blame is coupled with violations of local law, whether that is anti-bribery or anti-price fixing, there is a potent opportunity for prosecutions.

III. Document, Document and Document

The SEC is investigating JPMorgan Chase regarding its hiring practices in China. It appears that JP Morgan Chase hired children of Chinese government officials or heads of state owned enterprises. While such hirings do not violate the FCPA per se, they do raise red flags. The FCPA Professor was quoted in the New York Times (NYT) for the following, “While the hire of a son or daughter itself is not illegal, red flags would be raised if the person hired was not qualified for the position, or, for example, if a firm never received business before and then lo and behold, the hire brought in business.”

This entire episode emphasizes the continuing key concept of the three most important things in any FCPA compliance program; that being Document, Document and Document. If your compliance program does not document its successes there is simply no evidence that it has succeeded. In addition to providing to your company support to put forward to the DOJ, it is the only manner in which to gauge the overall effectiveness of your compliance program. Put another way, if you don’t document it, you cannot measure it and if you cannot measure it, you cannot refine it.

IV. Risk Management is More Than Simply Risk Assessment

The implementation of an effective compliance program is more than simply following a set of accounting rules or providing effective training. Compliance issues can touch many areas of your business and you need to know not only what your highest risks are but where to marshal your efforts in moving forward. A risk assessment is designed to provide a big picture of your overall compliance obligations and then identify areas of high risk so that you can prioritize your resources to tackle these high risk areas first. Indeed the FCPA Guidance (the Guidance) listed risk assessments as one of the ten hallmarks of an effective compliance program, stating “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.”

In addition to an initial risk assessment to either (1) inform your compliance program or (2) help you to identify high risks and prioritize their remediation, risk assessments should be a regular, systemic part of compliance efforts rather than an occasional, ad hoc exercise cobbled together when convenient or after a crisis. These should be conducted at the same time every year and deputize a consistent group, such as your internal audit department or enterprise risk management team, to conduct the annual review. Such annual risk assessments act as a strong preventive measure if they are performed before something goes wrong. In addition, enforcement trends and government priorities change rapidly so it is vital to stay up to date and conduct regular assessments. Lastly, it avoids a “wait and see” approach.

V. Enforcement Actions Against Individuals

Both the DOJ and SEC made clear in the first half of this year that they will aggressively enforce the FCPA against individuals. Mike Volkov has gone so far as to predict that “It is clear that FCPA enforcement for 2013 will go down as the year of criminal prosecutions of individuals.” It is not only significant that the DOJ and SEC are more aggressively prosecuting individuals but also that they continue to use the full panoply of law enforcement tools available to them for actions under the FCPA. These include undercover operations, cooperating witnesses, grand jury proceedings, civil enforcement actions and all other implements at their disposal. It is also clear that the DOJ will give significant credit for substantive cooperation by individuals. Finally, the DOJ will prosecute officials when they have evidence of obstruction or witness tampering and will also use the Travel Act and anti-money laundering (AML) laws to bring enforcement actions.

VI. Summary

The DOJ and SEC continue to aggressively pursue violators of the FCPA near and far. However, the entry of China into the aggressive enforcement of its domestic anti-corruption legislation may signify a level of increased risk for any company doing business in any of the traditional high risk countries or geographic areas. Further, the individual prosecutions portend an increased risk for persons who engage in corruption and bribery across the globe. Finally, do not forget the basics of any anti-bribery and anti-corruption compliance program remains the same, Document, Document, and Document.

© Thomas R. Fox, 2013

Leave a Comment

September 18, 2013

Why a Compliance Defense Will Not Make a Compliance Program Effective

Filed under: Best Practices,Bill Athanas,compliance programs,Deferred Prosecution Agreement,Department of Justice,Enforcement Actions,FCPA,Non-Prosecution Agreements — tfoxlaw @ 1:01 am
Tags: Declination to Prosecute, DOJ, DPA, FCPA, NPA

Ed. Note – this week, I am pleased to join my colleagues David Simon, partner at Foley & Lardner LLP, and William ‘Bill’ C. Athanas, partner at Waller Lansden Dortch & Davis, LLP, in a tripartite debate on the efficacy of the affirmative defense of a compliance program to the Foreign Corrupt Practices Act (FCPA). Today, I will present my views, from the perspective of a former in-house counsel, on why a compliance defense would not help to create greater compliance with the FCPA. Tomorrow, David will discuss his views, from the perspective a white collar defense practitioner, on why a compliance defense under the FCPA would foster greater compliance with the Act. And finally, on Friday, Bill will present his views as a former Department of Justice (DOJ) prosecutor. I hope that you will enjoy our debate.

My starting position is that I do not believe a compliance defense would be effective in giving companies additional clarity or comfort in the design or implementation of their anti-corruption compliance program. I also think that a compliance defense could lead to unintended and adverse consequences that could seriously downgrade the effectiveness of anti-corruption programs.

I. Current Credit in Place

Currently there is credit for an effective compliance, as set out in the DOJ’s prosecution guidelines; the “Principles of Federal Prosecution of Business Organizations”, which is the DOJ’s policy on the factors it considers when instigating a prosecution of a company, it includes a requirement that prosecutors consider “the existence and effectiveness of the corporation’s pre-existing compliance program.” These factors have been borne out in the numerous Declinations to Prosecute granted over the years. While only one of these Declinations, the Morgan Stanley Declination, has been publicly announced, there were six Declinations listed in last year’s FCPA Guidance, with the company identifiers removed. All of this information makes clear that the DOJ currently takes the state and effectiveness of a compliance program into account when making a decision.

II. Trial Lawyers v. Corporations

Both of the two gents I am debating with this week are trial lawyers and I am a recovering trial lawyer. A trial lawyer’s job is to try cases. If you do not want to go to the courthouse, you should not consider yourself to be a trial lawyer. I grew up in a litigation system where there was one lawyer per side at trail. Mano-y-Mano; the two gunslingers on Main Street at High Noon, the King’s Champion – single combat warriors sent out to do battle in the courtroom for their clients. Such is the job of the trial lawyer. Trial lawyers are risk takers and will to push the envelope in front of a judge or jury. If you claim to be a trial lawyer and never go to court it will not instill any fear or much respect from your opposition. You may even turn into a laughingstock. It does not matter how big a jerk you can be in discovery and pre-trial pleading practice, if you are afraid to go to trial, you are useless as a trail lawyer.

Just as trial lawyers are made for trials corporations are not. Corporations do not and will not go to trial in FCPA cases because it is not in their interest to do so. So if a corporation will not go to trial, a compliance defense has as much use as a trail lawyer afraid of the courtroom, in other words it is useless. There are a myriad of reasons that it is not the job of a company to go to trial but I will focus on two: (1) certainty; and (2) the “Arthur Anderson” effect.

A. Certainty

The primary reason for a company, which violates the FCPA, entering into a settlement via a Deferred Prosecution Agreement (DPA), Non-Prosecution Agreement (NPA) or other vehicle, is certainty. The one thing I learned in almost 20 years of trying cases in the US (civil side only) is that nothing is certain when you leave the final decision to an ultimate trier of fact who is not yourself, whether that trier of fact be a jury, judge or arbitrator. The most important thing for a company is certainty and that is even more paramount when a potential criminal conviction looms over its corporate head. Certainty is equally critical for the prosecution. No matter how ‘slam dunk’ the facts are, or appear to be, once a prosecutor turns over the final decision to another trier of fact; the prosecution has also lost certainty in the final decision. Every corporate defendant that goes to trial can, and should, raise all procedural and factual defenses available to it. No prosecutor can ever be 100% certain that it will win every court ruling or that a guilty conviction will be upheld on appeal. However, a settlement brings certainty and for a company that certainty is in its rights and obligations and for the prosecution the same is true.

B. The Arthur Anderson Effect

Arthur Anderson was the auditor for Enron Corporation (Enron). Neither Enron nor Arthur Anderson exists today. The reason that Enron no longer exists is that it was guilty of unsustainable fraud. The reason Arthur Anderson no longer exists is that it destroyed documents relating to its auditing services for that unsustainable fraud – Enron; primarily for countenancing in and/or not detecting the fraud. Arthur Anderson was convicted for these actions. It is of no matter that the verdict was overturned on appeal.

My former This Week in FCPA podcast partner, Howard Sklar, wrote in a piece for forbes.com entitled “Against a FCPA Compliance Defense”, that “Corporations cannot afford to fight these cases through to the stage where an affirmative defense becomes relevant.” He quoted Doug Bain, the former General Counsel (GC) of Boeing Co., for the effect on Boeing if it were to be indicted:

So what’s the impact if we get indicted or convicted?

Besides the normal fines and that kind of stuff, there’s a presumed denial of export licenses, and that would be both on the commercial and the government side. In a moment, I’ll give you an idea of why we are concerned about that one.

We can get re-suspended or all of IDS (Integrated Defense Systems) can be debarred.

We can lose our security clearances.

And one nasty little thing is that the Bureau of Alcohol, Tobacco and Firearms, which has an almost explicit prohibition on possessing explosives. For those of you who are at BCA [Boeing Commercial Airplanes], you might remember that every single door on an airplane has actuators that are triggered by explosives.

Other commentators have attempted to demonstrate quantitatively that the Arthur Anderson effect is not correct. While I do not agree with their analysis, even if I did, simply running the numbers misses the point. Corporate counsel are not trial lawyers, they are in-house corporate counsel. Their job is not to be gunslingers but to protect and preserve the corporation for its stakeholders. So, by their nature, they tend to be less of a risk-taker than trial lawyers and can be more conservative. This difference in philosophy plays out in the following question: Do you want to be the first GC to go to trial and find that the Arthur Anderson effect is real? Or do you want to settle and play it safe? And, of course, as Sklar notes “Even if a company wins eventually, oftentimes the damage is done: see, e.g., Arthur Andersen.”

The value of a compliance defense is suggested in the name, ‘defense’. It is only useful if it is raised as an affirmative defense at trial. If a company says, ‘we have a compliance defense, you cannot get to us’ a rational response from the prosecutors might be, ‘OK, let’s go to trial.’ There would be no credit for an effective compliance program in any settlement discussion because there would not be any settlement. More pointedly, it might make the DOJ even more aggressive in negotiations because they could simply take the position that a company must now prove it had a compliance program and that the compliance program was effective. How many compliance programs could stand the detailed scrutiny which would occur in a criminal case or in civil pretrial discovery? Every company has documents which discuss the areas in which the program is not fully effective. They would certainly be found in discovery. Lastly, no honest compliance officer could ever say that a program is fully “effective.”

Moreover, how would a company prove to a jury that it had an effective compliance program? Bring in an expert to say that simply because a rogue employee, group of rogue employees or entire country sales team paid out multi-million dollars in bribes that we did not detect, we still have an effective compliance program. Remember, both GlaxoSmithKline PLC (GSK) and Wal-Mart claimed to have world class, best practices compliance programs.

III. Two Recent Examples – GSK and Wal-Mart

A. GSK

Consider the following about GSK, a little over one year ago, in July of 2012; GSK pled guilty and paid $3 billion to resolve fraud allegations and failure to report safety data in what the DOJ called the “largest health care fraud settlement in U.S. history”. You would think that any company which has paid $3 billion in fines and penalties for fraudulent actions would take all steps possible not to engage in bribery and corruption. Indeed, as part of the settlement GSK agreed to a Corporate Integrity Agreement (CIA). This CIA not only applied to the specific pharmaceutical regulations that GSK violated but all of the GSK compliance obligations, including the FCPA.

In addition to requiring a full and complete compliance program, the CIA specified that the company would have a Compliance Committee, inclusive of the Compliance Officer and other members of senior management necessary to meet the requirements of this CIA, whose job was to oversee full implementation of the CIA and all compliance functions at the company. These additional functions required Deputy Compliance Officers for each commercial business unit, Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified. Further, there was detail down to specifically state that all compliance obligations applied to “contractors, subcontractors, agents and other persons (including, but not limited to, third party vendors)”. How would you say all of the above helped GSK make its anti-corruption compliance program effective?

B. Wal-Mart

Wal-Mart prided itself on its world-wide FCPA anti-corruption compliance program. Its ethics policy offered this clear direction, “Never cover up or ignore an ethics problem”. What do you think a compliance defense would do for Wal-Mart about now? Do these facts seem like a rogue employee or even junta of rogue Mexican employees going off on their own? And what if Wal-Mart’s corporate headquarters in Bentonville AR was not involved in any illegal conduct or even kept in the dark by Wal-Mart de Mexico? What does that say about having an effective compliance program?

How do these two investigations portend the end of efforts to add a compliance defense to the FCPA? As stated in its Code of Conduct, “The GSK attitude towards corruption in all its forms is simple: it is one of zero tolerance.” and Wal-Mart stated “Never cover up or ignore an ethics problem.” What do you think a compliance defense would do for these two companies in trial? The claim that companies would act more ethically and in compliance if they could rely on a compliance defense would seem to be negated by facts reported about GSK and Wal-Mart. It certainly appears that having a best practice compliance program did not lead to either company doing business more ethically.

IV. False Sense of Security

I also think that the compliance defense would give companies a false sense of security that, combined with other recent regulations, can seriously degrade internal risk management. In an article in the summer 2013 issue of the MIT Sloan Management Review, entitled “Designing Trustworthy Organizations”, by the quartet of authors: Robert F. Hurley, Nicole Gillespie, Donald L. Ferrin and Graham Dietz; they addressed this issue. Their comments seem directly on point for our debate when they intone that that external government regulation, such as a as compliance program required under the FCPA, could be a helpful starting point; but it is not the complete answer in the construction of an ethical organization and one which does business in compliance with relevant anti-corruption legislation, such as the FCPA. That is because such legal requirements can only set a minimum standard. Further, such a reliance on a paper program of compliance could well give organizations “a false sense of security that can lull them and their stakeholders into complacency.” This is the current position of the DOJ in giving credit to companies which have an effective compliance program, rather than simply a paper compliance program.

I think that the DOJ gives credit when a compliance program is effective. While the best practices have clearly evolved, it is not difficult to fully understand what the DOJ considers best practices. But, at the end of the day, the compliance defense will not help a company because no company will go to trial and face a fraud finding from a jury. It is always better to settle and obtain certainty than to risk everything.

© Thomas R. Fox, 2013

Comments (1)

May 9, 2013

DPAs and NPAs – Useful Tools to Achieve Compliance

Filed under: Deferred Prosecution Agreement,Department of Justice,FCPA,FCPA Professor,Michael Volkov,Non-Prosecution Agreements,SEC,Uncategorized — tfoxlaw @ 1:01 am
Tags: compliance, compliance programs, Department of Justice, DOJ, DPA, FCPA, FCPA Professor, Foreign Corrupt Practices Act, Michael Volkov, NPA, SEC

The debate on whether the use of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) has become lively again over the past couple of weeks. Last week, there was a panel hosted by the Corporate Crime Reporter conference at the National Press Club. The panel was moderated by Steven Fagell, a partner at Covington & Burling LLP, and the panelists included Denis McInerney, the Criminal Division’s Deputy Assistant Attorney General, David Uhlmann, the former chief of the Environmental Crimes Section at the Department of Justice (DOJ), and currently a Professor of Law at the University of Michigan, the FCPA Professor, Michael Koehler, Kathleen Harris, a partner at Arnold & Porter LLP in London, and Anthony Barkow, a partner at Jenner & Block in New York.

The FCPA Professor wrote about the conference in two posts this week. The second post, entitled “Seeing the Light from the ‘Dark Ages’”, reported on the panel discussion. In this post, the Professor flatly says that DPAs and NPAs should be abolished in the context of Foreign Corrupt Practices Act (FCPA) enforcement and that a compliance defense should be added to the FCPA. In the other corner stands Mike Volkov, who said in a recent post, entitled “The Continuing Controversy Over DPAs and NPAs”, that DPAs and NPAs are part of the growing arsenal of prosecutorial tools that can be brought to bear by the DOJ and now the Securities and Exchange Commission (SEC).

The Professor previously articulated his views against DPAs and NPAs last fall in a post entitled “Assistant Attorney General Breuer’s Unconvincing Defense Of DPAs / NPAs”. In that post he said that the “use of NPAs or DPAs allow “under-prosecution” of egregious instance of corporate conduct while at the same time facilitate the “over-prosecution” of business conduct.” The ‘under-prosecution’ comes “because they [DPAs and NPAs] do not result in any actual charges filed against a company, and thus do not require the company to plead to any charges, allow egregious instances of corporate conduct to be resolved too lightly without adequate sanctions and without achieving maximum deterrence.” The ‘over-prosecution’ comes “because of the “carrots” and “sticks’ relevant to resolving a DOJ enforcement action often nudge companies to agree to these vehicles for reasons of risk-aversion and efficiency and not necessarily because the conduct at issue actually violates the law.” Volkov, being a former prosecutor, says that “Prosecutors like to have a variety of tools. An up or down decision system – indict or decline to indict – does not give prosecutors any ability to address the hard cases, where they are more inclined to decline prosecution rather than indict.”

However, I am neither a former prosecutor, like Volkov, nor a former white collar defense lawyer, like the Professor. I am a recovering trial lawyer who then went in-house. From this background I think that there is another line of reasoning as to why DPAs and NPAs are useful FCPA compliance enforcement tools and that line of reasoning is certainty. The primary reason for the prosecution and a company entering into a DPA/NPA is certainty. The one thing I learned in almost 20 years of trying cases is that nothing is certain when you leave the final decision to an ultimate trier of fact who is not yourself, whether that trier of fact be a jury, judge or arbitrator. The most important thing for a company is certainty and that is even more paramount when a potential criminal conviction looms over its corporate head. Certainty is equally critical for the prosecution. No matter how ‘slam dunk’ the facts are, or appear to be, once a prosecutor turns over the final decision in a case to another trier of fact; the prosecution has lost certainty in the final decision. Every corporate defendant who goes to trial can and should raise all procedural and factual defenses available to it. No prosecutor can ever be 100% certain that it will win every court ruling or that a guilty conviction will be upheld on appeal. However, a DPA/NPA can bring certainty. For a company, certainty in its rights and obligations, for the prosecution the same is true.

There was another article which considered the panel discussion held at the Corporate Crime Reporter conference entitled “McInerney Defends Deferred and Non Prosecution Agreements”. This article included quotes from David Uhlmann, who said that he believes, “This is about a profound ambivalence in parts of the Department about the very notion of corporate criminality.” Uhlmann believes that it this ambivalence which has driven the use of DPAs. He believes that the DOJ should make an “up or down” decision on whether a corporation should be prosecuted or not. He was quoted as saying “There is no more important role that the Justice Department plays than its role investigating and prosecuting crime. And if the Justice Department believes that a particular case warrants criminal prosecution, it should bring criminal charges. It should not sacrifice criminal prosecution to a private agreement never entered in court, never overseen by a judge in any meaningful way that doesn’t involve any public hearing, that doesn’t involve any corporate officials coming into the courtroom admitting guilt. On the other hand, if the Justice Department doesn’t believe that a criminal prosecution is necessary or warranted, then they should decline. They should decline prosecution in favor of — in most cases they have the option of civil or administrative enforcement.”

The Professor had a slightly different take on the use of DPAs in the context of criminal prosecutions of corporations. He was quoted as saying, “The Department has become so uncomfortable with the traditional notions of corporate criminal liability that they have constructed and indeed championed this alternative reality that is equally problematic.” Further, “These resolutions have had a troubling, distortive and toxic effect on this one area of law,” Koehler concluded. “There is no judicial scrutiny of most fcpa enforcement theories.” And, lastly, “Of course, the Justice Department is in favor of these because it makes their job easier. Of course, the FCPA bar and FCPA Inc. is in favor of these it expands the market for legal services.”

Criminal Division Deputy Assistant Attorney General McInerney made clear that he is not ambivalent at all about corporate criminal liability and specifically stated this. So let me speak from the perspective of a lawyer from Houston, who has represented companies in the energy space for quite some time. The frustration that boiled over from the lack of prosecutions regarding the financial troubles of the recent years should not obscure the fact that the DOJ has and will continue to pursue criminal cases against corporations.

But to paraphrase Joe Jackson, something else is going on ‘round here with prosecutions of corporate criminal conduct and the use of DPAs/NPAs. While one role of the DOJ is to prosecute law breakers; I believe that another role of the DOJ is to increase and encourage compliance with laws. The DPA/NPA debate does not stand in a vacuum. I believe that by offering incentives for companies to self-disclose and cooperate, the DOJ is increasing compliance with the FCPA. If there is no incentive to cooperate, there will be none. Period. If a company will face a criminal indictment or charge if it investigates a matter and self-discloses to the DOJ, how many companies will do so? McInerney was quoted as saying, “You are disincentivizing companies in terms of doing the right thing. You are not crediting companies for doing the right thing.”

Now let me take the flip side; Arthur Anderson. For all the howls that there is no empirical evidence that indicting and convicting companies puts them out of business; I am certainly not persuaded. I saw it happen, here in Houston. Was it in the interest of the US government to put Arthur Anderson out of business? Did it further the policies of this country to go from the Big Four to the Big Three? What about all the Arthur Anderson employees who did not work on the Enron account, what policy did it further to have them lose everything they invested in their professional life? If DPAs/NPAs are less draconian in their effect than destruction of a corporation’s existence, does that make them somehow less useful? If the DOJ wants to put such a factor into their decision making, I find that to be an appropriate calculus.

As to the charge that the FCPA Bar/FCPA Inc. used DPAs/NPAs to expand their market for work? [Full disclosure – I am a member of the FCPA Bar and ergo, FCPA Inc.] I think that it is the job of a lawyer to advise his or her clients on their legal obligations and to assist in fulfilling those obligations. Is it in my own myopic self-interest to advocate compliance with the FCPA? Or am I a part of the FCPA Bar and Inc. which assists companies to comply with a now 35 year old law? Whichever answer you prefer, I believe that there is more compliance now and that the use of DPAs/NPAs is a contributing factor to this increased compliance.

Another panelist, Anthony Barkow posited yet another angle. He said “one the primary policy justifications — or certainly a significant policy justification — is — getting DPAs and NPAs is easy. “It’s a lot easier than charging a company,”” Barkow said. “And it’s a lot easier than charging it and to try to get a plea.” While I do not pretend to know the intricacies of obtaining an indictment or going before a grand jury, it is always easier to settle something rather than try a case. But that does not mean any less work goes on, either from the corporate side or especially from the government side. FCPA enforcement actions are huge, document intensive cases and from what little I know of the process, the DOJ works quite hard to craft an appropriate resolution for each case. Further, there are multiple levels of review in the DOJ so many sets of eyes look at these matters. So while it may be easier to reach a resolution rather than charging and criminally trying a corporation, that does not mean in any way, shape or form that this work is easy. The work is hard, time intensive and takes literally thousands of man-hours by all parties involved to reach any resolution. Simply because a new enforcement tool is available, which is short of a criminal indictment and trial, does not mean that it is not a useful tool and should not be used.

Mike Volkov ended his post with the following, “The debate will continue – I have no doubt of that.” I would certainly second that notion. But from where I sit the use of DPAs/NPAs has improved compliance with the FCPA because their use has given corporations a real incentive to thoroughly investigate allegations of bribery and corruption and then work with the government to appropriately remediate the situation.

Leave a Comment

April 9, 2013

Why Eat Your Words When You Can Eat a Peach?

Filed under: Deferred Prosecution Agreement,Department of Justice,FCPA,FCPA Professor,Financial Times — tfoxlaw @ 1:01 am
Tags: Department of Justice, DPA, FCPA Professor, Standard Chartered

Taken to the woodshed or when should a company have to eat its own words? Remember when President Reagan’s Director of the Office of Management and Budget, David Stockman, was ‘taken to the woodshed’ by White House Chief of Staff James Baker after public comments that Stockman made for an Atlantic Monthly article that questioned the monetary policy which underpinned the entire Reagan Revolution? Stockman was most contrite thereafter.

We had a recent example of this in the context of US federal enforcement actions in the Standard Chartered (StanChart) matter. For those who might not remember, our friends at StanChart agreed to pay approximately $667MM in fines to several US regulators for the bank’s conduct around its breach of US sanctions on Iran. The bank agreed to voluntarily enter into a Deferred Prosecution Agreement (DPA) and as part of that DPA it agreed not to publicly contest the agreement or generally make any public statements contradicting the acceptance of responsibility. There are usually similar clauses in Foreign Corrupt Practices Act (FCPA) DPAs as well.

In an article in the Financial Times (FT), entitled “StanChart trio are called before US regulators”, by Kara Scannell, Patrick Jenkins and Lina Saigol, they reported that Sir John Peace, StanChart chairman said at a March 5 Press Conference that the Bank had engaged in “no wilful act to avoid sanctions; you know, mistakes are made – clerical errors” related to its myriad of conduct in doing business with Iran, in violation of US trade sanctions. This language directly contradicted the terms of the StanChart’s various settlement agreements with US regulators. On March 21, he was required to eat those words when he “said those comments were “both legally and factually incorrect”” and retracted them. “Standard Chartered Bank unequivocally acknowledges and accepts responsibility . . . for past knowing and wilful criminal conduct in violating US economic sanctions laws and regulations”.

According to the article this retraction was the result of a meeting he, Chief Executive Peter Sands and Finance Director Richard Meddings were called to with the Department of Justice (DOJ) and New York district attorney Cy Vance, “Standard Chartered was required to retract the statement or be subject to prosecution,” the DOJ said. The article also reported that “US officials at the meeting emphasised the importance of the terms of a settlement over sanction violations, including the bank’s ongoing co-operation. DoJ officials were concerned because the comments came from the top of the bank and had pushed for a public retraction and email to the entire staff. Sir John told them it was a humiliating day for him personally and for the bank, the person said.” This is the ‘going to the woodshed part’.

But what about these clauses prohibiting such contradictions? The FCPA Professor lets you know where he stands on the issue with his post on StanChart, entitled “The “Muzzle” Clause”, where he poses the question, “Is this an effective system of justice?” when the following exists:

First, the DOJ can use its leverage and its ability to bring criminal charges against a company. Second, the DOJ will can then use an NPA or DPA to insulate its version of the facts and enforcement theories from judicial scrutiny which the risk averse company will more often that not accept. Third, in the resolution agreement, the DOJ can include a “muzzle” clause prohibiting anyone associated with the company from making any statement inconsistent with the DOJ’s version of the facts or its enforcement theories. Fourth, if the DOJ believes, in its sole discretion, that a public statement has been made contradicting its version of the facts or its enforcement theories, the DOJ can “pounce” and threaten to bring criminal charges.

As to the first point, I think that the DOJ would respond that it brings enforcement actions that are appropriate under the facts and circumstances of the case. But as to the second point, I believe that DPAs and Non-Prosecution Agreements (NPAs) are equally preferred, if not more so by companies. The reason is that they bring closure with certainty, which is what company’s desire in any legal proceeding. If there are company’s which want to go to trial and test the Arthur Anderson result, they should go ahead and do so but I certainly do not want to be the first General Counsel (GC) or Chief Compliance Officer (CCO) who makes the wrong call and have my company go poof because I turned down an offer to settle.

As to point three, I am somewhat more concerned with this issue in the context of the First Amendment. Here the Professor cites to Professor Ellen Podgor who asked “whether the government can include such clauses in resolution agreements without infringing on First Amendment rights.” Clearly if a person or company is convicted of a crime they have the right to contest that finding, vocally or otherwise. However, in the DPA context, a company has admitted to conduct and findings so perhaps there is a difference than a person convicted at trial who wants to scream from the highest mountaintop “I didn’t do it”.

On point four, I have to disagree with the Professor. In another FT article, entitled “StanChart chairman forced to eat his words over Iran”, the reports quoted Simon Maughan, an analyst at Olivetree Securities, who with perhaps less delicacy and also with greater English irony, said “StanChart had tried to play hardball with the US regulators and lost.”

I have worked in a company under a DPA for its FCPA violations. I did not find it hard to not contradict the facts and findings in the DPA. In fact, the company used those facts and findings to make itself into a stronger and more financially viable entity. It seems to me, if one cannot even accept the fact that it was your company which engaged in legal violations and not simply some ‘clerical errors’ which caused your company to pay $667MM in fines, you really have not learned very much. Perhaps that is what the DOJ really wants companies to understand.

Eat A Peach is the final studio Allman Brothers album on which both Duane and Greg Allman played before the untimely death of Duane.

Comments (2)

February 13, 2013

Distributors under the FCPA

Filed under: Best Practices,Books and Records,compliance programs,Department of Justice,Distributors,Eli Lilly and Company,FCPA — tfoxlaw @ 1:01 am
Tags: Department of Justice, DOJ, DPA, FCPA, Foreign Corrupt Practices Act, Lilly, Oracle, Smith & Nephew

If there was ever a question that distributors were covered under the Foreign Corrupt Practices Act (FCPA), in 2012, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) made it emphatically clear that this class of entities in a company’s sales chain would be treated that same as any other sales agent, reseller or any other entity which sells a US company’s products outside the United States. While the terms agent, reseller and distributor have distinct definitions in the legal world, they no longer do for FCPA purposes.

The three enforcement actions which made clear that there were no distinctions between agents and distributors in 2012 were the Smith & Nephew, Inc., (S&N) Deferred Prosecution Agreement (DPA) for criminal FCPA violations, the Oracle SEC Complaint for books and records violations and the Eli Lilly and Company (Lilly) SEC Compliant for books and records violations. Each of these enforcement actions had different FCPA violations and they each revealed separate steps which a company should take to both prevent and detect FCPA violations in their company.

Smith & Nephew

On February 1, 2012, the DOJ announced that it entered into a DPA with Smith & Nephew, Inc., a medical equipment manufacturer, for violations of the FCPA. The violations revolved around Greek distributors of S&N who paid bribes to Greek doctors so that they would purchase and use S&N products. According to the Criminal Information, “S&N, certain of its executives, employees, and affiliates agreed to sell to [the] Greek Distributor at full list price, then pay the amount of the distributor discount – between 25 and 40 percent of the sales made by [the] Greek Distributor – to an off-shore shell company controlled by [the] Greek Distributor, in order to provide off-the-books funds for [the] Greek Distributor to pay cash incentives and other things of value to publicly-employed Greek HCPs to induce the purchase of S&N products, while concealing the payments.” Additionally, S&N “falsely recorded or otherwise accounted for the payments to the shell companies on its books and records as ‘marketing services’ in order to conceal the true nature of the payments in the consolidated books and records of S&N and GmbH.”

Oracle

Oracle got into FCPA hot water because its Indian subsidiary directed its distributor to set up a separate slush fund of monies which could be, and were, used to pay monies to persons unknown. As specified in the SEC Compliant, “certain Oracle India employees created extra margins between the end user and distributor price and directed the distributors to hold the extra margin in side funds. Oracle India’s employees made these margins large enough to ensure a side fund existed to pay third parties. “At the direction of the Oracle India employees, the distributor then made payments out of the side funds to third parties, purportedly for marketing and development expenses.” The SEC Compliant noted that “about $2.2 million in funds were improperly “parked” with the Company’s distributors.” To compound this problem, employees of Oracle India concealed the existence of this side fund from Oracle in the US and hence there was an incorrect accounting in Oracle’s books and records.

Lilly

In Brazil, Lilly used the distributor model to market its drugs through third-party distributors who then resold these products to public and private entities. As noted by Matt Ellis, in his post entitled “Eli Lilly’s Distributor in Brazil: The Non-Obvious FCPA Risk”, the discounts that distributors typically receive from manufacturers such as Lilly can be problematic under the FCPA because “enforcement officials can see these discounts as potential “loose money” that can be used for bribe payments. This is especially the case when the distributor is engaging in other activities on behalf of the producer, like marketing, licensing, and customs clearance.”

This was the situation that Lilly found itself in in Brazil, where Lilly sold drugs to distributors who then resold the products to both public and private entities. It was the classic distributor model where Lilly sold the drugs to the distributors at a discount and then the distributors would resell the products “at a higher price and then took their discount as compensation.” There was a fairly standard discount given to the distributors which generally ranged “between 6.5% and 15%, with the majority of distributors in Brazil receiving a 10% discount.”

However, in early 2007, at the request of a Lilly sales manager, the company awarded an unusually high discount of between 17% and 19% to a distributor for the sale of a Lilly drug to the government of one of the states of Brazil. The distributor used approximately 6% of this additional discount to create a fund to pay Brazilian government representatives to purchase the Lilly drugs from him. Further, the Lilly sales manager who requested this unusual discount was aware of the bribery scheme. Moreover, this increase in the discount was approved by the company with no further inquiry as to the reason for the request or to substantiate the basis for such an unusually high discount. If there were any internal controls they were not followed.

Prevention and Detection

These three separate bribery schemes call for three different but overlapping responses. In the case with Lilly, the SEC Complaint noted the following “Lilly-Brazil’s pricing committee approved the discounts without further inquiry. The policies and procedures in place to flag unusual distributor discounts were deficient.” Lastly, as stated by Ellis, “It noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.”

The Lilly enforcement action also makes clear the need for internal audit to follow up with ongoing monitoring and auditing. Internal audit can be used to help determine the reasonableness of a commission rate outside the accepted corporate norm. As noted by Jon Rydberg, of Orchid Advisors, in an article entitled “Eli Lilly’s Remedial Efforts for FCPA Compliance – After the Fact”, the company should be “implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption” for the distributor sales model.

The Oracle enforcement action demonstrates that Oracle needed to institute the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds in the distributor’s account. The Company needed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. Oracle should have sought to either (1) seek transparency in its dealing with the distributor or (2) audit third party payments made by the distributors on Oracle’s behalf, both of which would have enabled the Company to check that payments were made to appropriate recipients.

What are some of the factors that demonstrate the distributors used by S&N were fraudulent and did not have a legitimate business purpose? It was clear that S&N did not perform sufficient due diligence on these distributors nor did they document any. I would note that the distributor was domiciled in a location separate and apart, the UK, from the sole location it was designed to deliver products or services into, Greece. This clearly demonstrated that the entities were used for a purpose that the company wished to hide from Greek authorities. While it is true that a distributor might sell products into a country different than its domicile, if the products are going into a single country, this should have raised several Red Flags.

However, the biggest indicium of corruption was the amount of the commission paid. The traditional sales model for a distributor has been to purchase a product, take the title, and therefore the risk, and then sell it to an end user. Based upon this sales model, there has been a commission structure more generous than those usually accorded a reseller or sales agent, who is usually only a negotiator between the Original Equipment Manufacturer (OEM) and the end user. This difference in taking title, and risk of loss, have led to a cost structure which has provided a deeper discount of pricing for distributors than commission rates paid to resellers or sales agents. The sales structure used by S&N had pricing discounts of between 26-40% off the list price. Further, this money was used precisely to pay bribes to Greek Doctors to use S&N products.

These three enforcement actions make clear that distributors will be treated like any other representative in the sales chain. This means that distributors need to go through the same rigorous due diligence and review, contracts and management going forward as agents or resellers.

Leave a Comment

December 20, 2012

The CCO: Co-Equal to the General Counsel in the Eyes of the DOJ

Filed under: Best Practices,Chief Compliance Officer,compliance programs,Department of Justice,FCPA,FCPA Guidance,SEC — tfoxlaw @ 1:04 am
Tags: best practices, compliance programs, Department of Justice, DOJ, DPA, ethical leadership, FCPA, NPA, SEC

One of the items that the Department of Justice (DOJ) has increasingly focused on in its enforcement actions is the role of the Chief Compliance Officer (CCO) and whether this position has adequate staffing and resources to accomplish its mandated tasks in a minimum best practices compliance program under the Foreign Corrupt Practices Act (FCPA). In the recent Pfizer Deferred Prosecution Agreement (DPA), it stated regarding the CCO position (called Chief Compliance and Risk Officer) that:

Pfizer will:

a. Maintain the appointment of a senior corporate executive with significant experience with compliance with the FCPA, including its anti-bribery, books and records, and internal controls provisions, as well as other applicable anticorruption laws and regulations (hereinafter “anti-corruption laws and regulations”) to serve as Chief Compliance and Risk Officer. The Chief Compliance and Risk Officer will have reporting obligations directly to the Chief Executive Officer and periodic reporting obligations to the Audit Committee of the Board of Directors.

Regarding the resources which should be dedicated to the compliance function, the Pfizer DPA stated:

Pfizer has committed and will continue the commitment of significantly enhanced resources for the international functions of the Compliance Division that have reporting obligations through the Chief Compliance…

The Pfizer DPA is one in a line of DPAs and Non-Prosecution Agreements (NPAs) where the DOJ and the Securities and Exchange Commission (SEC) have made clear that the CCO must be a senior level employee within the company. I think that this requirement is absolutely mandatory to not only set the proper tone within a company but also to give the CCO and the compliance function the clout needed to implement, enhance and run a minimum best practices FCPA compliance program.

Indeed, in the recently released FCPA Guidance, the DOJ and SEC made clear that in appraising a compliance program; [we] “consider whether a company has assigned responsibility for the oversight and implementation of a company’s compliance program to one or more specific senior executives within an organization. Those individuals must have appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively. Adequate autonomy generally includes direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee). Depending on the size and structure of an organization, it may be appropriate for day-to-day operational responsibility to be delegated to other specific individuals within a company. The DOJ and SEC recognize that the reporting structure will depend on the size and complexity of an organization. Moreover, the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, the DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.” [Emphasis supplied]

I think that the DOJ and SEC are moving companies to not only have more robust compliance programs but the CCOs and their programs must be adequately situated within the organization and adequately funded. For CCOs I think that this means they should be at a level in the organization equal to the General Counsel (GC) and compensated at an amount equal to the GC. The reason is clear, the DOJ and SEC expect the compliance function to be a leadership function within the company’s structure and given all the respect due such a position. The days where the compliance function is viewed as something other than legal work are long gone and companies need to have their CCOs at least equivalent to their GCs. I also think that this always means the CCO must sit on a company’s Executive Leadership Team (ELT). Once again the reason is clear, Compliance must not only be shown to be Mission 1A (Safety being Mission 1) but the CCO can only manage the compliance risk if it has a seat at the executive leadership table.

These comments are consistent with the US Sentencing Guidelines which were revised in November 2010. In these revisions, there was a change in the reporting structure in corporations where the CCO reported to the GC rather than a committee on the Board of Directors. The change read “the individual…with operational responsibility for the compliance and ethics program…have direct reporting obligations to the governing authority or any appropriate subgroup… (e.g. an audit committee or the board of directors)”. If a company has the CCO reporting to the GC, who then reports to the Board, such structure most probably no longer qualifies as an effective compliance and ethics program under the amended Sentencing Guidelines. The better practice would now appear to be that the CCO should be a direct report to the Board or appropriate subcommittee of the Board such as compliance or audit.

Equally important are the resources dedicated to the compliance function. My colleague Stephen Martin, a former state and US prosecutor, gives this rather straight-forward example of a question that a prosecutor would ask when confronted by a company that provides limited internal funding to the compliance function. He would ask how much does your company spend on yellow post-it notes (or paper clips or pens)? If the answer is significantly more funding than is afforded to the compliance function, his response would be “Which area is more mission-critical to complying with the FCPA; your compliance function or yellow post-it notes?”

The DOJ is clearly signally the increased importance of the CCO. The position should be viewed as co-equal to the GC. Just as clearly, the DOJ has signaled that an appropriate level of resources should be devoted to the compliance function. By following these evolving best practices you can add to the credibility of your defenses if your company becomes involved in a FCPA investigation or enforcement action.

Leave a Comment

FCPA Compliance and Ethics Blog

December 8, 2014

DPAs and NPAs – Powerful Tools in the Fight Against Corruption

June 26, 2014

Coolness in Being the Bad Guy? Eli Wallach and GSK

February 24, 2014

Commitment to Compliance: the Compliance Committee

November 14, 2013

Are DPAs Morally Suspect?

October 23, 2013

Farewell to Bum and Bud: Trends in FCPA Compliance and Enforcement

September 18, 2013

Why a Compliance Defense Will Not Make a Compliance Program Effective

May 9, 2013

DPAs and NPAs – Useful Tools to Achieve Compliance

April 9, 2013

Why Eat Your Words When You Can Eat a Peach?

February 13, 2013

Distributors under the FCPA

December 20, 2012

The CCO: Co-Equal to the General Counsel in the Eyes of the DOJ

January

Blogroll

Pages

Admin

Read by Email

Recent Posts from FCPA Compliance and Ethics Report: FCPA Compliance and Ethics Report

Episode 240-Bill Coffin on Compliance Week 2016

Episode 239-Jonathan Armstong On EU Privacy Shield

Episode 238-John Allen on HR Touch Points in Compliance

Episode 237-Steve McCalmont on the Avior Risk Management Platform

Episode 236-Adam Turteltaub and SCCE CCO Survey