Achieving Compliance in the Post Acquisition Context – The Key to Which is Building Trust

In a recent article in the Houston Business Journal (HBJ), entitled “Building strong relationships critical to building strong companies”, HBJ Mergers and Acquisitions Columnist Connie Barnaba focused on the nature of trust within a company to posit that “strong businesses are built on strong relationships between the business, its leaders, employees, customers, suppliers, lenders and advisors.” Trust cascades down each level of a company; beginning from the Board of Directors down to employees and then out the door to customers. She believes that this issue of trust is equally important in the Mergers and Acquisition (M&A) context. I believe her ideas are very useful for the compliance practitioner, when integrating a new acquisition into an existing compliance culture.

Barnaba writes that “trusting relationships are developed person to person as individuals in a company gradually develop a network of contacts, associates and advisors inside and outside the company.” But more than this it is “the by-product of responsiveness, reliability and candor or those we reach out to.” Successful companies work to focus on “sustaining and developing new relationships” as a key to the continued growth and successful performance of a business.

I.                   Trust in the M&A Context

In the M&A context, this trust relationship begins with the Letter of Intent (LOI), which should include warranties, representations, covenants and any penalties which might occur if one side pulls out of the transaction. The pre-acquisition due diligence process is designed to “confirm the accuracy of the representations and viability of commitments.” This should lead to a successful merger agreement between the parties and now the work to continue to build trust really begins.

Barnaba notes that the biggest roadblock initially is the element of surprise. Most merger deals are done with some amount of confidentiality. However, one of the hardest issues to manage is the lack of time. There is never enough time to perform all the due diligence that you desire. This is always true in the compliance arena as well. Further Securities and Exchange Commission (SEC) regulations prohibit certain unauthorized disclosures about such transactions and there is usually great sensitivity to timing around any public disclosure regarding the transaction.

This not only impedes the ability to fully vet during the due diligence process but it may impeded company leaders from announcing to their own stakeholders that the company is in such negotiations. This can certainly negatively affect an employee base as top leaders may be confronted with “managing the impact of the (M&A) surprise on stakeholders.” This can also damage the efforts going forward as it can appear as a “top-down imposition of change.”

II.                Compliance in the Post-Acquisition Context

Given the two Department of Justice (DOJ) pronouncements on Foreign Corrupt Practices Act (FCPA) compliance in the M&A context, Opinion 08-02 (the Halliburton Opinion Release) and the Johnson and Johnson (J&J) Deferred Prosecution Agreement (DPA), all of the factors that Barnaba listed may be significantly acerbated and accelerated.

A.     The Halliburton Opinion Release

In this Opinion Release, the DOJ approved Halliburton’s commitment to the following post acquisition conditions to a proposed transaction:

1)      Within ten business days of the closing. Halliburton would present to the DOJ a comprehensive, risk-based FCPA and anti-corruption due diligence work plan which would address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. The Halliburton work plan committed to organizing the due diligence effort into high risk, medium risk, and lowest risk elements.

a)      Within 90 days of Closing. Halliburton would report to the DOJ the results of its high risk due diligence.

b)      Within 120 days of Closing. Halliburton would report to the DOJ the results to date of its medium risk due diligence.

c)      Within 180 days of Closing. Halliburton would report to the DOJ the results to date of its lowest risk due diligence.

d)     Within One Year of Closing. Halliburton committed to full remediation of any issues which it discovered within one year of the closing of the transaction.

B.    Johnson & Johnson Deferred Prosecution Agreement and Enhanced Compliance Obligations

In the April 2011 released J&J DPA there is a list of compliance obligations J&J agreed to take on in the acquisition context:

7.        J&J will ensure that new business entities are only acquired after thorough FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. Where such anti-corruption due diligence is not practicable prior to acquisition of a new business for reasons beyond J&J’s control, or due to any applicable law, rule, or regulation, J&J will conduct FCPA and anti-corruption due diligence subsequent to the acquisition and report to the Department any corrupt payments, falsified books and records, or inadequate internal controls as required by … the Deferred Prosecution Agreement.

8.        J&J will ensure that J&J’s policies and procedures regarding the anti-corruption laws and regulations apply as quickly as is practicable, but in any event no less than one year post-closing, to newly-acquired businesses, and will promptly: For those operating companies that are determined not to pose corruption risk, J&J will conduct periodic FCPA Audits, or will incorporate FCPA components into financial audits.

1. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to J&J, on the anti-corruption laws and regulations and J&J’s related policies and procedures; and
2. Conduct an FCPA-specific audit of all newly-acquired businesses within 18 months of acquisition.

In the J&J DPA, the company agreed to following time frames:

1. 18 Month – conduct a full FCPA audit of the acquired company.
2. 12 Month – introduce full anti-corruption compliance policies and procedures into the acquired company and train those persons and business representatives which “present corruption risk to J&J.”

These very tight time frames, even with the expanded one in the J&J DPA, may well test trust issues in any newly acquired organization. Similarly, the acquiring organization may be under great pressure to uncover and report anything which may even whiff of a FCPA violation. Barnaba concludes her article by warning that if the short term disruption in trust will undermine the long-term changes to the organization; it may not be in either party’s interest to go forward with the merger. Business mergers require linkages at all levels within an organization and this is particularly true with compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

UTStarcom and Gifts and Entertainment Under the FCPA

To close out the FCPA year, on December 31 the telecom equipment maker UTStarcom Inc. agreed to pay the Justice Department $1.5 million in criminal fines and pay the SEC an additional $1.5 in penalties to resolve Foreign Corrupt Practices Act violations in China and Thailand. Other FCPA penalties were agreed to by the company.

As reported in the FCPABlog and the FCPA Professor last week, UTStarcom is alleged to have engaged in conduct which violated the FCPA which included:

1. Arranging and paying for travel to popular tourist destinations in the United States, including Hawaii, Las Vegas and New York City, when such trips were recorded as training expenses at UTStarcom facilities. However UTStarcom had no facilities in these areas. These trips included a cash allowance of between $800 and $3,000 per person.

2. Spending nearly $7 million lavish gifts and all-expenses paid executive training programs in the U.S. for existing and potential foreign government customers in China and Thailand.

3. Presenting expensive gifts to and engaging in entertainment with government agents such as nearly $10,000 on French wine, as a gift to agents of a government customer and spending $13,000 on entertainment expenses for the same customer in an attempt to secure business.

4. Providing foreign government customers or their family members with work visas and purportedly hiring them to work for UTStarcom in the U.S., when in reality they did no work for UTStarcom.

5. UTStarcom was also alleged to have made payments to sham consultants in China and Mongolia while knowing that they would pay bribes to foreign government officials.

Guidelines for Gifts and Entertainment under the FCPA

The UTStarcom matter provides an opportunity to review the application of the FCPA to gifts and business entertainment expenditures to foreign officials. While gift and business entertainment is an area open to vagueness under the FCPA as there are no clear guidelines in the FCPA itself or the legislative history, the conduct of UTStarcom goes far beyond anything that has been previously approved or discussed in any DOJ Release Opinions. While prohibiting payment of any money or thing of value to foreign officials to obtain or retain business, the FCPA arguably permits incurring certain expenses on behalf of these same officials. Under the FCPA, the following affirmative defense regarding the payment of expenses exists:

[it] shall be an affirmative defense [that] the payment, gift, offer or promise of anything of value that was made, was a reasonable and bona fide expenditure, such as travel and lodging expenses, incurred by or on behalf of a foreign official, party, party official, or candidate and was directly related to…the promotion, demonstration, or explanation of products or services; or…the execution or performance of a contract with a foreign government or agency thereof. 15 U.S.C. § 78dd-1(c)(2)(A)-(B).

There is no de minimis provision. The presentation of a gift or business entertainment expense can constitute a violation of the FCPA if this is coupled with the corrupt intent to obtain or retain business. With the above in mind and DOJ Release Opinions, the following are suggested guidelines for gifts and business entertainment.

A. Gifts to Governmental Officials

Based upon the FCPA language and relevant Release Opinions (Opinions 81-01, 81-02 and 82-01), a Company can provide gifts up to an amount of value of $250. Below are the guidelines which the Release Opinions would suggest that a Compliance Policy incorporate regarding gifts:

• The gift should be provided as a token of esteem, courtesy or in return for hospitality.
• The gift should be of nominal value but in no case greater than $250.
• No gifts in cash.
• The gift shall be permitted under both local law and the guidelines of the employer/governmental agency.
• The gift should be a value which is customary for country involved and appropriate for the occasion.
• The gift should be for official use rather than personal use.
• The gift should showcase the company’s products or contain the company logo.
• The gift should be presented openly with complete transparency.
• The expense for the gift should be correctly recorded on the company’s books and records.

B. Business Entertainment of Governmental Officials

Based upon the FCPA language (there are no Release Opinions on this point), there appears to be a threshold that a Company can establish a value for business entertainment of up to the amount of $250. However this must be tempered with clear guidelines incorporated into the business expenditure component of a Compliance Policy, which should include the following:

• A reasonable balance must exist for bona fide business entertainment during an official business trip.
• All business entertainment expenses must be reasonable.
• The business entertainment expenses must be permitted under (1) local law and (2) customer guidelines.
• The business entertainment expense must be commensurate with local custom and practice.
• The business entertainment expense must avoid the appearance of impropriety.
• The business entertainment expense must be supported by appropriate documentation and properly recorded on the company’s book and records.

C. Travel and Lodging for Governmental Officials

A Company should be able to bring foreign officials into the United States for legitimate business purposes. Once again, a key component is guidelines clearly articulated in a Compliance Policy. Based upon Releases Opinions 07-01 and 07-02, the following should be incorporated into a Compliance Policy regarding travel and lodging:

• Any reimburse for air fare will be for economy class.
• Do not select the particular officials who will travel. That decision will be made solely by the foreign government.
• Only host the designated officials and not their spouses or family members.
• Pay all costs directly to the service providers; in the event that an expense requires reimbursement, you may do so, up to a modest daily minimum (e.g., $35), upon presentation of a written receipt.
• Any souvenirs you provide the visiting officials should reflect its business and/or logo and would be of nominal value, e.g., shirts or tote bags.
• Apart from the expenses identified above, do not compensate the foreign government or the officials for their visit, do not fund, organize, or host any other entertainment, side trips, or leisure activities for the officials, or provide the officials with any stipend or spending money.
• The training costs and expenses will be only those necessary and reasonable to educate the visiting officials about the operation of your company.

The incorporation of these concepts into a Company’s Compliance Policy is a good first step towards preventing any FCPA violations from arising, but it must be emphasized that they are only a first step. These guidelines must be coupled with active training of all personnel, not only on a Company’s Compliance Policy, but also on the corporate and individual consequences that may arise if the FCPA is violated regarding gifts and entertainment. Lastly, it is imperative that all such gifts and entertainment by properly recorded, as required by the books and records component of the FCPA. One of the FCPA violations alleged against UTStarcom was that it falsely recorded these trips as ‘training’ expenses, while the true purpose for providing these trips was to obtain and retain lucrative telecommunications contracts. All business gifts, entertainment and expenses must be properly recorded.

——————–
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.

© Thomas R. Fox, 2010

Elements Of An Effective Compliance Program

Elements Of An Effective Compliance Program

In his excellent FCPA Blog, Richard Cassin has written about an effective compliance program. He notes that the purpose of an “effective compliance program” is to prevent and detect criminal conduct. In his listing his suggestions for what constitutes an “effective compliance program” Mr. Cassin based his guidance on the United States Federal Sentencing Guidelines. He suggested the following:

1. A Written Program. A company must have standards and procedures in place to prevent and detect criminal conduct.
2. Board Oversight. A public company’s Board of Directors must be knowledgeable about the content and operation of the compliance program and must exercise reasonable oversight of its implementation and effectiveness.
3. Responsible Persons. One or more individuals among a company’s high-level personnel must be assigned overall responsibility for the compliance program.
4. Operating and Reporting. One or more individuals must be delegated day-to-day operational responsibility for the compliance program. They must report periodically to high-level personnel on the effectiveness of the compliance program. The individuals must have adequate resources, appropriate authority, and direct access to the Board or Audit Committee.
5. Management’s Record of Compliance. A company must use reasonable efforts not to hire or retain personnel who have substantial authority and whom a company knows or should know through the exercise of due diligence have engaged in illegal activities or other conduct inconsistent with an effective compliance program.
6. Communicating and Training. A company must take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance program, to directors, officers, executives, managers, employees and agents — by conducting effective training programs and otherwise disseminating information appropriate to the individuals’ respective roles and responsibilities.
7. Monitoring and Evaluating; Anonymous Reporting. A company must take reasonable steps (a) to ensure that its compliance program is followed, including monitoring and auditing to detect criminal conduct, (b) to evaluate periodically the effectiveness of the compliance program and (c) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby a company’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.
8. Consistent Enforcement — Incentives and Discipline. A company’s compliance program must be promoted and enforced consistently throughout a company through appropriate (a) incentives to perform in accordance with the compliance program and (b) disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.
9. The Right Response. After criminal conduct has been detected, a company must take reasonable steps to respond appropriately and to prevent further similar criminal conduct, including making any necessary modifications to a company’s compliance program.
10. Assessing the Risk. A company must periodically assess the risk of criminal conduct and take appropriate steps to design, implement, or modify its compliance program to reduce the risk of criminal conduct identified through this process.

In the coming weeks, we will review each of these suggested guidelines and provide nuts and bolts recommendations for you to use in crafting your own effective compliance program.

RISK-BASED DUE DILIGENCE FOR SUPPLY CHAIN VENDORS UNDER THE FCPA

Quick, as the Compliance Professional within your organization, which department or group of your company spends the most money annually? Did Supply Chain immediately come to mind? Probably not. Now just as quickly, how much of your compliance efforts are focused on the Supply Chain within your organization? Other than perhaps financial due diligence, such as through Dun & Bradstreet or quality control through your QHSE group, the Supply Chain probably does not command your Compliance Department attention as do other types of third party business partners such as agents, distributors and joint venture partners. This may be coming to an end as most Compliance Professionals recognize that third parties which supply goods or services to a company should be scrutinized similarly to other third party business partners.
There are several methods that could be used to assess risk in the area of supply chain and vendors. The approach suggested by the UK’s Financial Services Authority (FSA) in its settlement of the enforcement action against the insurance giant AON would refer “to an internationally accepted corruption perceptions index” such as is available through Transparency International or other recognized authority. The approach suggested by the Department of Justice, in Release Opinion 08-02 would provide categories of “High Risk, Medium Risk and Low Risk”. Finally, writing in the FCPABlog, Scott Moritz of Daylight Forensic & Advisory LLC has suggested an approach that incorporates a variety of risk-assessment tools, including, “the strategic use of information technology, tracking and sorting the critical elements”.
This commentary proposes an approach which would incorporate all three of the above cited analogous compliance areas into one risk-based assessment program for supply chain vendors. Based upon the assessed risk, an appropriate level of due diligence would then be required. The categories suggested are as follows:
1. High Risk Suppliers;
2. Low Risk Suppliers;
3. Nominal Risk Suppliers; and
4. Suppliers of General Goods and Products.
A. High-Risk Suppliers
A High-Risk Supplier is defined as a supplier which presents a higher level of compliance risk because of the presence of one or more of the following factors:
1. It is based in or supplies goods/services from a high risk country;
2. It has a reputation in the business community for questionable business practices or ethics; or
3. It has been convicted of, or is alleged to have been involved in, illegal conduct and has failed to undertake effective remedial actions.
B. Low-Risk Suppliers
A Low-Risk Supplier is defined as an individual or private entity located in a Low-Risk Country which:
1. Supplies goods or services in a Low-Risk Country;
2. Is based in a low risk country where the goods or services are delivered, it has no involvement with any foreign government, government entity, or Government Official; or
3. Is subject to the US FCPA and/or Sarbanes-Oxley compliance.
C. Minimal-Risk Suppliers
A Minimal-Risk Supplier is an individual or entity which provides goods or services that are non-specific to a particular job or assignment and the value of each transaction is USD $10,000 or less. These types of vendors include office and industrial suppliers, equipment leasing companies and such entities which supply such routinely used services.
D. Suppliers of General Goods and Products
A Supplier of General Goods and Products is an individual or entity which provides goods or services that are widely available to the general public and do not fall under the definition of Minimal-Risk Supplier. These types of vendors include transportation, food services and educational services providers.