FCPA Compliance and Ethics Blog

June 25, 2015

Custer’s Last Stand and Risk Management

Custer's Last StandOn this day in 1876 one of the greatest failures in risk management took place when Lieutenant Colonel George Armstrong Custer and his entire 7th Cavalry were wiped out at the Battle of the Little Big Horn. Custer had split his command into three wings and he took his battalion of 200 or so men down the center of what he thought would be little resistance. Instead he found that he was facing a far superior force of 3000 largely Sioux warriors who quickly overwhelmed and defeated Custer’s command, with all US troops being killed. There is now some debate on whether all the cavalrymen were actually killed by the Native Americans or took their own lives, saving the last bullet for themselves, in western parlance.

Historians have debated over time the reason for Custer’s defeat. Was it arrogance; bad intelligence; faulty command, just plain stupidity or even a wish for martyrdom by Custer? Whichever the cause, it was the worse defeat of the US Army by Native Americans in the Western campaigns of the later 1800s. Today, it might be termed as a faulty assessment and management of the risks involved.

I thought about Custer and his defeat when I read a recent article in the Harvard Business Review (HBR), entitled “Strategy How to Live With Risks. It presented risk, risk assessments and risk management in a new light, a key acumen being that risk management should be used as a “protection shield, not an action stopper.” It was based upon a research paper by the CEB, entitled “Reducing Risk Management’s Organizational Drag”, which I thought it had some interesting insights for the Chief Compliance Officer (CCO) or compliance practitioner.

The first insight is that, in many instances, companies are assessing risks that are in the rear-view mirror. The author pointed to the Sarbanes-Oxley (SOX) Act, passed in response to the Enron and Worldcom accounting scandals in noting, “In the wake of the 2008 financial crisis many large banks changed their business models, and other companies implemented systems to better manage credit risks or eliminate overreliance on mathematical models.” This type of mentality can lead to what the author says, is “a variation on what military historians call “fighting the last war.” As memories of the recession fade, leaders worry that risk management policies are impeding growth and profits without much gain.” The author went on to quote Matt Shinkman of CEB, a member based advisory company, for the following insight “Firms are questioning whether the models they put in place after the financial crisis are working—and more fundamentally questioning the role of risk management in their organizations.”

This retrospective look back is coupled with what the author says is a decision making process which “is too slow, in part because of an excessive focus on preventing risk” and not managing risk; in other words, companies were slowed down even further by something termed “organizational drag”. Companies need to find new mechanisms to assess and manage risk going forward. The best way to do so, many companies have indicated, is through reorganizing or reprioritizing risk management and the article presented “three best practices” in doing so.

Strike the Right Balance Between Risk and Reward

Recognizing that risk management is often simply ‘just saying no’, the HBR articcle suggests that “Today’s risk managers see their role as helping firms determine and clarify their appetite for risk and communicate it across the company to guide decision making. In some cases this means helping line managers reduce their risk aversion.” The interesting insight I found here is that if an asset is low performing it may be because the management is so risk averse. This may present a CCO or compliance practitioner with an opportunity to increase growth through other risk management solutions that they could implement.

Focus on decisions, not process

This insight is one that CCO and compliance practitioners should think about and try and implement. Recognizing that risk assessments are important, the author believes that risk managers should focus more on decisions concerning risk rather than the process of determining risk. This means, “In addition to relying on paperwork or process, risk managers are turning to tools (such as dashboards that show risks in real time) and training that help employees assess risk. They are also helping companies factor a better understanding of risk into their decision making.”

By having a seat at the senior management’s table, a CCO or compliance practitioner can help identify risk issues early on in planning. This allows a COO to help craft a risk management solution, or even better yet show colleagues how to “spot potential problems and managers see how their projects fit into the company’s overall portfolio of projects, each with its own set of risks.” The author again quoted Shinkman, “This is less about listing risks from a backward-looking perspective and more about picking the right portfolio of risky projects.”

Make employees the first line of defense

The author channels his inner Howard Sklar (water is wet) by stating, “Decisions don’t make themselves, people make them”. However from that insight, the author believes that “smart companies work to improve employees ability to incorporate appropriate levels of risk when making choices.” But this means you must not only adequately train your employees to spot the appropriate risk but you, as CCO must provide them with tools to manage the risk. The author wrote, “Companies are also trying to identify which types of jobs or departments face a disproportionate share of high-risk decisions so that they can aim their training at the right people. They’re focusing that training less on risk awareness and more on simulations or scenarios that let employees practice decision making in risky situations. Finally, risk managers are becoming more involved in employee exit interviews, because people leaving an organization often identify risks that others aren’t able or willing to discuss.”

The article ends by noting that the goal is “to transform risk management from a peripheral function to one with a voice integrated into the day-to-day management” of an organization. That is also viewed as a component of CCO 2.0 and a more mature model of improvement. By focusing on training employees on how to spot Foreign Corrupt Practices Act (FCPA) compliance risks and then providing them with the tools to adequately manage that risk, CCOs can deliver greater value.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 24, 2015

Pink Flamingos and the Compliance Audit

FeatherstoneThe creator of one of the most ubiquitous symbols of mid-century Americana died earlier this week. Don Featherstone, the creator of the pink plastic lawn flamingo, the ultimate symbol of American lawn kitsch, has died. He was 79. Featherstone, a trained sculptor with a classical art background, created the flamingo in 1957 for plastics company Union Products, modeling it after a bird he saw in National Geographic. Millions of the birds have been sold. Whether you think of the Pink Flamingo as a symbol of Miami Vice, Jon Waters and Devine or for something less salacious, here is to Featherstone, a true original.

While Featherstone created one of the ultimate symbols of the second half of the 20th century for a generation of South Floridians, the Japanese company Takata Corporation (Takata) continues to be in the news for much less prestigious reasons. As reported in the New York Times (NYT), in an article entitled “Senate Panel Says Tanaka Cut Audits on Safety”, Hiroko Tabuchi and Danielle Ivory said “In the middle of what would become the largest automotive recall in US history, the Japanese airbag manufacturer Takata halted global safety audits to save money”. Interesting (or perhaps ominously might be a better word) Takata responded by saying it had not halted safety audits for products but rather for worker safety. Doesn’t that give you some comfort?

A US Senate committee report found that “Takata halted global safety audits at its manufacturing plants in 2009, a year after Honda had started recalling a small number of cars to replace the airbags.” These audits were later restarted in 2011 but when they found safety issues related to airbag manufacturing in two key plants, “those findings were not shared with Takata’s headquarters in Tokyo, the report said, citing internal emails from Takata’s safety director at the time.” Moreover, “when the safety director returned to the plant months later to conduct a follow-up audit, employees appeared to scramble to create the appearance of a safety committee within the plant.” Finally, and perhaps most damningly, the report cited an internal Takata email which said, “No safety committee, as such, has been formed” at the plants in question.

Foreign Corrupt Practices Act (FCPA) compliance in many ways follows some of the paths laid out by corporate safety departments some 20-30 years ago when safety became much more high profile in US corporations. The safety committee and safety audits became mainstays of any best practices in the area of safety for a company. These techniques inform any anti-corruption best practices compliance program, either under the FCPA, UK Bribery Act or any other anti-corruption regime. Indeed audits are specifically delineated in the FCPA Guidance as a way to assist in the continuous monitoring of your compliance regime. Such an audit can be thought of as a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which the compliance criteria are fulfilled. There are three factors which are critical and unfortunately with Takata seemed to be lacking in its safety audit protocol: (1) an effective audit program which specifies all necessary activities for the audit; (2) having competent auditors in place; and (3) an organization that is committed to being audited.

Auditing can take several different forms in an anti-compliance program. As a matter of course, you should audit the compliance program in your own organization. A forensic audit can collect and analyze accounting and internal-controls evidence in your compliance regime. This information can be used to produce a fact-based report that can inform the decision-making process in inquiries, investigations and dispute resolution. The by-products of a forensic audit can include remediation strategies to help a company mitigate and remedy procedural or internal-controls gaps that allowed the underlying issue to occur. Further, an internal audit can review a compliance process to determine if employees are following prescribed processes or internal controls, in an operational Sarbanes-Oxley (SOX) or FCPA compliance audit.

In addition to the collection and analysis of evidence, an auditor’s objective is to attest to the credibility of assertions that are under examination, such as the material accuracy of financial statements for which the audited company’s management is responsible. Obviously one of the functions of such an audit is to determine if further investigation is warranted.

Now imagine if this scenario had been followed by Takata. The lack of a safety committee is a glaring omission at any manufacturing facility. Simply noting this and reporting it up the chain could have gone some way towards preventing the situation the company now finds itself in; with a worldwide recall of up to 32 million vehicles. The same is true for a compliance audit. Just as monitoring can provide information to you on a more real-time basis; a compliance audit compliments this real-time oversight with a much deeper dive into what has happened on a historical basis.

The recent BHP Billiton FCPA enforcement action is certainly one to look at in this context. Although there was a committee set up to review gifts and travel requests for the company’s 2008 Olympic hospitality program, the committee did not fulfill this charge. It was alleged in the Securities and Exchange Committee (SEC) settlement documents that this committee was never intended to pass muster on the applications for tickets and travel for government officials but was simply there to provide guidance.

Once again this situation points out the difference between having a paper compliance program in place and the actual doing of compliance. Even with an appropriate oversight structure in place BHP Billiton did not do the work of compliance by evaluating the applications for travel and tickets to the Beijing Olympics but left it to the devices of the business unit employees who were making the requests and ultimately most directly benefited from the gifting.

Another area ripe for audit in your compliance program is your third parties. While there is no one specific list of transactions or other items which should be audited when it comes to your third parties below are some of the areas you may wish to consider reviewing:

  • Contracts with supply chain vendors to confirm that the appropriate FCPA compliance terms and conditions are in place.
  • Determine that actual due diligence took place on the third party vendor.
  • Review the FCPA compliance training program for any vendor; both the substance of the program and attendance records.
  • Does the third party vendor have a hotline or any other reporting mechanism for allegations of compliance violations? If so how are such reports maintained? Review any reports of compliance violations or issues that arose through anonymous, hotline or any other reporting mechanism.
  • Does the third party vendor have written employee discipline procedures? If so have any employees been disciplined for any compliance violations? If yes review all relevant files relating to any such violations to determine the process used and the outcome reached.
  • Review expense reports for employees in high risk positions or high risk countries.
  • Testing for gifts, travel and entertainment which were provided to, or for, foreign governmental officials.
  • Review the overall structure of the third party vendor’s compliance program. If the company has a designated compliance officer to whom, and how, does that compliance officer report? How is the third party vendor’s compliance program designed to identify risks and what has been the result of any so identified?
  • Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the third party vendor.
  • With regard to any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and apply analytical procedures and testing.

The compliance function still is behind the safety function in terms of maturity. Because of this there are many lessons which a Chief Compliance Officer (CCO) or compliance practitioner can draw upon from our colleagues in safety. The safety audit is certainly a technique that can be drafted into your compliance program. But as the ongoing Takata air bag debacle demonstrates, your audit only works if you actually perform it. In other words, the protocol is simple, everyone understands you need to audit, but try and cut costs or corners and you will pay for it in the long run.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 23, 2015

Fraud and the Detection of the Sources for Bribery

 

Detection of FraudIn a recent White Paper authored by Peter Smith for OFS Portal, entitled “Procurement and Fraud in the Supply Chain”, where he examined “fraud linked to procurement and supply chain activities.” Smith focuses on where fraud can occur in the procurement process. From this starting point, he suggests “mitigating actions that organisations can take to protect themselves against fraud.” I found this article to be an excellent review of Supply Chain (SC) activities which the Chief Compliance Officer (CCO) or compliance practitioner could put to good use in reviewing their company’s Foreign Corrupt Practices Act (FCPA) anti-corruption and anti-bribery regime.

A. The Problem – How Does Fraud Happen?

Smith starts by classifying fraud in way which will assist the reader in understanding how it occurs. He believes there are “three critical factors to consider: the perpetrator(s), the plan and the point of failure.” The perpetrator is the one “behind the fraud and either executes it directly or through others.” In the anti-corruption world of the FCPA, this can be through an agent or a supplier who is working to help execute the fraud.

Interestingly, in the area of these third parties (and hence the greatest area of risk for FCPA compliance practitioners to consider) Smith notes that “The plan and point of failure factors are linked in that often the plan relies on the point of failure. In other words, most frauds take advantage in some weakness in the process, technology, policy or systems of combination of those.” Smith writes that there are three key phases “in the procurement life-cycle that can be considered; (1) the supplier selection phase; (2) the contract negotiation and award phase; and (3) the contract delivery management phase.”

Phase I – Supplier Selection and Qualification

This phase should be well known to the compliance practitioner as a part of the third party life-cycle management step denominated as due diligence. But Smith asks that you consider factors other than simply whether someone is on the Denied Parties List (DNP) or is a Politically Exposed Person (PEP). He suggests that you consider misrepresentation by the third party in the nature of “concealing the true nature of its business, history or ownership when it bids for the work.” He also points out that through collusion and cartels, persons or entities can work to control a market. If you did any work with Petrobras over the years, you will certainly recognize that many if its approved suppliers operated in this manner. Given what we now know about how corrupt Petrobras was, this is not too surprising.

But Smith also suggests that employees may be involved in skewing the selection process towards a corrupt agent or other partner. He recommends reviewing the bid process to see if there was bias in the competition, which would push an otherwise arms-length award to a corrupt partner. This could occur through biased competition through specification, where an employee would “construct a specification that makes it likely or inevitable that a particular supplier will win the competitive process.” The next is biased competition through tailoring the evaluation process which gives weight to the specific strengths of a corrupt third party. Finally, Smith points out that there can be biased competition through information leakage when a company employee will leak confidential information to a third party to give them an advantage in the bidding process.

Phase II – Contracting

Smith says the “next critical point at which fraud can take place is during the contract negotiations and in agreeing the detailed terms and conditions.” Moreover, Smith believes this stage is critical if often overlooked because “the seeds are often sown at the contracting stage.” Scenarios can include where there is a certain level of ‘local content’ required “but without any clear contractual mechanism to explain how it will be measured or policed.” As any CCO or other FCPA compliance practitioner would recognize, local content is one of the easiest ways to get into FCPA high risk so managing that risk is critical. I found Smith’s concern with setting out the clear legal terms and conditions around any such requirement as a good way to manage the high risk.

Phase III – Contract Delivery and Management

Here Smith laid several different fraud schemes which could facilitate a bribery plan. The first is fake invoices which can rely on “poor processes within an organisation” to spot. However this scheme can also rely on a company insider to approve such fabrications. Next is “volume over-invoicing”. In this scheme, while a supplier does supply some goods or services, the invoice is raised for more than has been delivered. If there is a scheme to create a pot of money to be used to fund bribes, there will need to be an internal company accomplice to “smooth the way by authorizing receipts or invoices.” Next there is “price-related over-invoicing” the third party will over-price the goods or services, above what is allowed under the contract. Another scheme set out by Smith is “invoice diversion” where “a legitimate payment that should go to a certain supplier is diverted to a third party fraudulently.” Another scheme can simply be to ease the contract terms and conditions which allow the third party to receive a benefit with nothing in return being delivered back to the company. Finally, there is what Smith details as one of the “toughest frauds to detect”, that being the delivery of lower quality products than is contractually specified.

B.The Solution – How to Reduce Fraud

Smith believes that fraud prevention can be built around a troika of concepts. (1) You need to have “effective procurement and spend management policies in place. (2) You must “use appropriate and robust processes”. (3) Finally “applying the right technology to support and manage those processes.” In his paper he followed the same outline on how to reduce the instances of fraud.

Phase I – Supplier Selection and Qualification

While a clear procurement policy is the starting point, it is only the starting point. Having a transparent process is important as well as adequate supplier qualification details. He notes that multiple sign-offs should be in place to ensure that one person does not control the entire process. This should also be incorporated into the communications trail with the competitors to ensure that no one third party receives confidential information. Obviously an appropriate level of due diligence should be applied to confirm that not only are the third party’s who they represent themselves to be but that they are also qualified to do the work or deliver the services. Finally, there should be controls around onboarding “so that firms who are actually going to be suppliers go through more rigorous checks before they are accepted onto” the Vendor Master List.

Phase II – Contracting

Obviously the starting point for any business relationship should be a well-drafted contract. However, for larger organizations Smith believes that “a contracts database or contract lifecycle management system is essential.” To the greatest extent possible there should be standard compliance and legal terms and conditions, coupled with an “appropriate level of sign-off and approvals management for contracts.” Finally, segregation of duties (SOD’s) “to make sure that there are checks and balances and that no one person holds too much power in the process.”

Phase III – Contract Delivery and Management

As I often say in the lifecycle management of third parties, the real work begins when the contract is signed. Smith believes that many of the routes of fraud, “can be closed off by taking a few precautions” which include some of the following steps. First and foremost is “no purchase order, no pay” but this also means there should be an invoice from the vendor which is matched to the contract for accuracy. Once again checks and balances, SOD’s for sign-offs and approvals must be built into your payment system. There should be controls around changes to the contract and, more importantly, changes to any payment details. Lastly, ongoing oversight and monitoring through controls analytics and auditing should be employed on the back end to verify delivery of goods or services.

I found Smith’s White Paper to be an excellent review for the CCO or compliance practitioner around not only the mechanism of how fraud occurs but a review of the techniques for fraud prevention. While his concepts may seem like a review for the compliance practitioner, it also allows you to think through how corruption might take place in your organization. The briber has to get the money from some source and Smith’s White Paper can give you insights on where you might look.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

June 22, 2015

George Carlin and Erga Omnes: the Petrobras Bribery Scandal Expands

George CarlinOn this date in 2008 George Carlin died. If you grew up in the late 1960s or early 1970s and you had anti-parental or anti-establishment inklings, which of course all teenagers do, you knew about George Carlin. In the early 1960s, Carlin was a relatively clean-cut, conventional comic. But around 1970, he reinvented himself as an eccentric, biting social critic and commentator. In this new incarnation, Carlin began appealing to a younger, hipper audience. He grew out his hair and added a beard together with a wardrobe in the stereotypically hippie style.

Carlin’s comedy also became counter-culture, not Cheech and Chong, hippy-dippy dopers, but with pointed jokes about religion, politics yet with frequent references to drugs. His second album with his new routine, FM/AM, won a Grammy Award for Best Comedy Recording. My favorite cut was the 11 O’Clock News. But it was his third album Class Clown that had, what I believe, to be the greatest comedy monologue ever, the profanity-laced routine “Seven Words You Can Never Say on Television.” When it was first broadcast on New York radio, a complaint led the Federal Communications Commission (FCC) to ban the broadcast as “indecent.” The US Supreme Court later upheld the order, which remains in effect today. The routine made Carlin a hero to his fans and got him in trouble with radio brass as well as with law enforcement; he was even arrested several times, once during an appearance in Milwaukee, for violating obscenity laws.

Interestingly I thought about Carlin and his pokings of the Establishment (AKA The Man) when I read several articles over the weekend about the recent spate of arrests around the Petrobras bribery and corruption scandal. In article in the Wall Street Journal (WSJ), entitled “Brazil Probe Sweeps Up Corporate Magnates” Will Connors, Rogerio Jelmayer and Paul Kiernan reported that “Brazilian officials arrested the heads of two Latin American construction giants, alleging they helped to mastermind a cartel that stole billions of dollars from state-run oil company Petrobras with the help of corrupt politicians to whom they paid kickbacks.” Also arrested with the heads of the two companies, Marcelo Odebrecht, head of Odebrecht SA and Chief Executive Officer (CEO) of Andrade Gutierrez, Otávio Azevedo.

The WSJ article reported that “Odebrecht is Latin America’s largest construction conglomerate, with business in the U.S., Europe and Africa, and whose head, Marcelo Odebrecht, is a household name in Brazil. Andrade Gutierrez has business in 40 countries. The privately owned companies are deeply involved in the development of stadiums and infrastructure for the 2016 Summer Olympics in Rio de Janeiro.” Moreover, Odebrecht is reported to have “a presence in 21 countries”. Obviously a question is if the company had engaged in bribery and corruption in Brazil, did they do so in any of the other countries in which they are doing business?

Interestingly, these arrests “come months after the heads of other construction companies were detained by Brazilian authorities.” Indeed in a BBC article in , entitled “Petrobras scandal: Top construction bosses arrested in Brazil”, David Gallas said, “Odebrecht had been named by former Petrobras executives as one of the companies that allegedly paid bribes in exchange for contracts with the oil firm, but until now the firm had not been targeted by investigators.” The WSJ article quoted Brazilian prosecutor Carlos Fernando dos Santos Lima who said at a news conference that the executives from the two companies had not been arrested earlier as the entities, “had a more sophisticated system for making the alleged bribe payments, using foreign bank accounts in Switzerland, Monaco and Panama, so it took longer to prove their case.” David Fleischer, a Brasilia based political analyst, quoted in the WSJ article was even more circumspect. He said, “The prosecutors are very careful. If you’re going after big fish you want to make sure you can take them down.”

Brazilian police said the arrests were “Erga omnes” which the WSJ translated from Latin as “towards all”. I thought about that statement in light of the ongoing debate about enforcement of the Foreign Corrupt Practices Act (FCPA) here in the US. On one side is the Chamber of Commerce and their allies who raise the ever-burgeoning cry that the Department of Justice (DOJ) needs to prosecute the invidious ‘Rogue employees’ who violate the FCPA. You will notice they never want the DOJ to look at the executives who might facilitate payment of bribes in the first place; whether through faux commitment to doing business in compliance, failing to properly allocate resources to compliance and ethics, simply rewarding those employees who git ‘er done no matter what the circumstances or (my favorite) putting a paper program in place and calling it a best practices compliance program.

Indeed those progenitors of relaxed enforcement want the DOJ to back off and let them do business the old fashioned way. However, if the bribery and corruption news from the first half of this year has told the world anything, it is about the dire effects of allowing such illegal conduct to take place and warning against slacking off laws which mandate doing business without bribery and corruption. In another WSJ article, entitled “Roots of a Brazilian Scandal That Weighs Heavily on the Nation’s Economy, Politics”, Marla Dickerson noted, “The scandal has crippled Petrobras, Brazil’s largest and most important company. In late April, the company wrote off more than $16 billion related to losses from graft and overvalued assets. The company’s woes have all but paralyzed the nation’s oil and gas sector. Hurt by slumping oil prices and strapped for cash, Petrobras has slashed investments, sparking a wave of credit downgrades, bankruptcies and layoffs among its suppliers that the weighed on Brazil’s economy.”

I wonder what George Carlin might have thought about all of this. He might have said that what else would you expect but I am relatively certain he would have done so while also sticking his thumb in the eye of The Man. 

For a YouTube version of the 11 O’Clock News, click here.

For a YouTube version of the 7 words you can never say on television, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

June 18, 2015

The War of 1812 and the IAP Worldwide Services Non-Prosecution Agreement

Battle of New OrleansOn this day, 203 years ago, President James Madison signed a Declaration of War against Great Britain inaugurating the War of 1812. The cause of the war was multi-faceted; the formal reason given was the British impressment of American sailors and the economic blockade of Europe. But the real reason may have simply been the warmongers who had been agitating for war against Britain for several years as an excuse to attack (and hopefully take over) Canada. For those of you who did not study geography too closely, that latter hope was forlorn as Canadians twice repulsed American invasions during the war.

That does not mean the War of 1812 was ultimately unsuccessful for the ‘War Hawks’. America got two great songs out of the war. The first was our National Anthem, the Star Spangled Banner, which celebrated victory over the British at Baltimore. The second was the top hit single of 1959, The Battle of New Orleans, which celebrated Andrew Jackson’s defeat of the British in the Battle of New Orleans, which was fought after the signing of the peace treaty that ended the war. Also that peace treaty, which America and Great Britain signed has remained unbroken to this day.

I thought about this view of the results of the War of 1812 when I read the Foreign Corrupt Practices Act (FCPA) enforcement action involving IAP Worldwide Services, Inc. (“IAP” or “the company”) and its former Vice President (VP), James Rama. The company received a Non-Prosecution Agreement (NPA) as a result of the enforcement action but agreed to a fine of $7.1MM. Rama pled guilty to a single count of conspiracy to violate the FCPA and is awaiting sentencing but his sentence will be capped out at “five years of imprisonment, a fine of the greater of $250,000 or twice the gross gain or loss, full restitution, a special assessment, and three years of supervised release” according to his Plea Agreement.

What it is difficult to determine from the company NPA and Rama Plea Agreement is what conduct the company engaged in which led to the NPA because clearly both the company and Rama engaged in conduct that violated the FCPA. In its Press Release the Department of Justice (DOJ) said, “Based on a variety of factors, including but not limited to IAP’s cooperation, the Criminal Division entered into a non-prosecution agreement with the company.” In the NPA these factors were given some meat with the following boilerplate language, “(a) the Company has cooperated with the Offices, including conducting an extensive internal investigation, voluntarily making U.S. and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the Offices; (b) the Company has engaged in remediation, including disciplining the officers and employees responsible for the corrupt payments or terminating their employment, enhancing its due diligence protocol for third-party agents and consultants, and instituting heightened review of proposals and other transactional documents for relevant Company contracts; (c) the Company has committed to continue to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth in Attachment C to this Agreement; and (d) the Company has agreed to continue to cooperate with the Offices in any ongoing investigation of the conduct of the Company and its officers, directors, employees, agents, and consultants relating to possible violations under investigation by the Offices.”

Since I cannot determine from beyond the above description what the company did to achieve its NPA, I will use the same analysis that I did in ascertaining what we Americans got out of the War of 1812. For the NPA did go into detail about the bribery scheme used by the company and Rama, which were clearly violative of the FCPA. Rama was a VP of the company until he signed and became an independent contractor to the organization, through his consulting entity, Ramaco. Ramaco was created, in part, to hide the involvement of IAP in the bidding process with the Kuwaiti Ministry of the Interior to provide nationwide surveillance for the country.

The bid for this project had two phases. In Phase I, a consultant would assist the Kuwaiti government to select the final contractor who would implement the nationwide surveillance for the country in Phase II. By hiding its involvement through Ramaco, IAP could reap the benefits of winning both phases, which it did. However the illegals acts of IAP and Ramaco did not end with this subterfuge but were in fact just beginning.

The Phase I contract awarded to Ramaco was worth $4MM. IAP and Ramaco agreed to rebate one-half of the amount, through a Kuwaiti third party agent back to certain representatives of the Kuwaiti government as bribe payments. In addition to this 50% figure of the contract price, IAP and Ramaco understood that this Kuwaiti third party contractor would “inflate its invoices to IAP by charging IAP for the total amount of both the legitimate services that Kuwaiti Company was providing and the payments that Kuwaiti Company was funneling to Kuwaiti Consultant without listing or otherwise disclosing the payments that were funneled to Kuwaiti Consultant.” According to the NPA, these monies were specifically “provided as bribes to Kuwaiti government officials to assist IAP in obtaining and retaining the KSP Phase I contract and to obtain the Phase II contract.”

The NPA also specified meetings which were held in the company’s headquarters in Arlington VA and that monies to be paid as bribes were wired out of a company bank account in the US to Kuwait.

All of these facts would lead me to opine that this case was egregious. There was a US company, setting up a scheme to pay bribes through both a US person, who was a former employee, and a foreign third party agent. Meetings to facilitate the scheme were held in the US and monies to fund bribes were wired out of a US bank account. There was nothing reported in the NPA which indicated that the company self-disclosed this FCPA violation. While there were statements of cooperation and remediation going forward, there was nothing other than the standard boilerplate language generally seen in NPAs.

So while the NPA does provide the Chief Compliance Officer (CCO) or compliance practitioner a good set of facts to test against in their organization, that would appear to be about it. Other than, of course, it is always better to cooperate than not. So much like what we Americans got out of the War of 1812, not much substance can be ascertained from the company’s NPA and Rama’s Plea Agreement.

For a YouTube clip of Johnny Horton singing The Battle of New Orleans, on the Ed Sullivan Show, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 3, 2015

Senn on 10 Best Practices in a Cross-Border Investigation – Part II

Larry McMurtryToday we celebrate Texas Letters. I know that might sound counter-intuitive for a state that is bunkering down for the anticipated Jade Helm invasion but there is a literary tradition that is certainly well known. On this day 79 years ago in 1936 Larry McMurtry was born in Wichita Falls, Texas. He has many accomplishments over the years, starting at 25 when he published his first novel, Horseman, Pass By (1961), in 1966 he explored small-town society isolation in The Last Picture Show, . In 1983 Terms of Endearment became an award-winning movie and in 1986. He won the Pulitzer Prize for Lonesome Dove, his 1985 bestseller about a 19th century cattle drive.

Today I conclude a two-part series on how to formulate an effective best practices cross-border investigation based upon an interview I did with Mara Senn, a partner at Arnold & Porter LLP, who specializes in white collar defense and cases brought under the Foreign Corrupt Practices Act (FCPA). The interview was based on an article that Senn and a colleague, Michelle Albert, published in the FCPA Report, Volume 3, Number 1, entitled “Internal Investigations, How to Conduct an Anti-Corruption Investigation: Developing and Implementing the Investigation Plan”. Today I will review practices six through ten.

  1. Put Form in Native Translations

Senn noted that in the countries that have strict data privacy laws, there are times that the only way an investigation can collect an employee’s personal information is to obtain affirmative assent. Such information might include work documents, work emails, or similar information. However she cautioned that in this situation it is even more important to put the consent form in the native language. She said that you do not want the employee to later claim they did not understand the consent form or thought they were executing something different. It can be critical that you have informed consent, because if you do not have informed consent, that consent could well turn out to be void.

  1. Preserve the Attorney Client Privilege

I first asked Senn to briefly describe the attorney-client privilege. She responded that the attorney-client privilege is a communication between an attorney and a client for the purpose of seeking legal advice. The reason they have this privilege is to make sure that people are not afraid to go their lawyer. Further, the purpose of attorney-client privilege is set up so that you will be encouraged to have protected conversations with counsel, to make sure you understand the law so you can follow it. The US rule is relatively straightforward. It applies to both in-house and outside counsel.

However the rules outside the US can be quite different and perhaps a little bewildering. In many European countries there is no privilege from an in-house counsel, so if a General Counsel (GC) of a company speaks to the President or Chief Executive Officer (CEO) there is absolutely no privilege under basically any circumstances in Europe. Senn then noted that other jurisdictions have other kinds of laws, each with a slightly different parameter, leading to different attorney-client expectations. She gave one such example; where your client is headquartered in Germany and your in-house client is the GC, you cannot really use them as a point person to help you conduct the interview the way you would with the US in-house counsel, because they do not have the attorney-client privilege.

  1. Prepare for Local Enforcement Actions

Most American lawyers are aware that increasingly, as we have seen other jurisdictions, other countries are becoming more aggressive in their enforcement actions for bribery and corruption, sometimes based upon local and domestic anti-bribery laws. Senn pointed out that information which one government knows, whichever government that is, you should expect and assume that multiple governments are cooperating in some way. This then makes it more likely that there could well be some sort of local enforcement action against your client while you are investigating matters around a FCPA claim or potential FCPA claim.

Senn believes this is another area where your local counsel can be helpful in that they should be aware of the different enforcement agencies in different countries that have different ways of doing things. For instance some countries, such as China, like to perform dawn raids; where essentially they come, they get people when they are asleep or when they are just waking up, and they just arrest them or they come in and seize documents.

Yet there are other countries where that is extremely unlikely to happen and so again, local counsel can give you an idea of what the typical raid would look like. Sometimes they just very politely call you and say, “Can we make an appointment? We’d like you to come by.” While this might not occur if the local government officials are concerned that there is the potential for the destruction of evidence, also different countries have different traditions of what they do, so you must ensure that your client is prepared for whatever may come to pass.

  1. Prepare for Security Risks 

In this situation Senn was referring to personal security, physical and health safety. She gave a couple of examples that sometimes you may be going into situations or countries where it may be war torn. Or consider the recent situation when Ebola was going around Western Africa or Central Africa. If you are conducting an investigation in such ravaged areas you should not send your employees to Liberia at that time to interview people. The same can be true in worn-turn areas like Syria or similar locales.

Senn articulated that the better plan would be to remove the people you are interviewing and bring them to you or to a local hub outside of the impacted areas. That avoids a whole host of issues, as you do not want to have to pay for extra security, for example you do not want your employees to have to walk around with loaded machine guns protecting them; you have to make a judgment call as to where and whether these potential threats need to be addressed in some way.

  1. Protect Whistleblowers

Here Senn had some very practical advice, which while it might seem counter-intuitive on the surface due to certain legal decisions, it might actually provide more protections for companies in the long run. Senn began by noting the 2nd Circuit Court of Appeals ruling in the Liu case, which essentially found that the Dodd-Frank retaliation provisions that protect whistleblowers in the US do not apply abroad, so in other words, a foreign whistleblower brought a case saying, “I was retaliated against and I bring a case under the retaliation provisions of Dodd-Frank,” and they said, “No way, you can’t bring it.”

Senn believes that companies that use the Liu decision as a basis to retaliate against whistleblowers outside the US are wrong for several reasons. First, is that the Securities and Exchange Commission (SEC) has announced they will still pay whistleblower outside the US, who come forward and meet the requirements, the Dodd-Frank bounty of up to 30% of the penalty. This means that even if courts determine that the Dodd-Frank provisions do not apply for retaliation for foreign nationals, the SEC can still honor the communication and compensate the foreign whistleblower.

The second reason Senn listed is that the US Sentencing Guidelines make clear that part of an effective compliance and ethics program includes having a publicized system for employees or agents to report potential or actual criminal conduct without fear of retaliation. These Sentencing Guidelines apply to all US companies, both domestic and internationally. Senn believes that if your company retaliates against foreign whistleblowers, the US government can take that into account, which could be viewed in a negative way, meaning that you don’t have an effective compliance and ethics program.

Senn’s best practices around the issue of cross-border investigations are excellent points for you to review if you have to consider such an investigation. Further, if you retain outside counsel to lead your investigation, you can use her best practices as guideposts to scope, plan and assist your outside counsel going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 31, 2015

The FIFA Indictments and Travel Act Prosecutions under the FCPA

7K0A0075While the indictments last week against 14 individuals who were members or associated with Fédération Internationale de Football Association (FIFA) did not include any alleged violations of the Foreign Corrupt Practices Act (FCPA), it does not necessarily mean that companies subject to the Act are in the clear. There can be another avenue for FCPA liability. It is under the Travel Act. In the 2013 and 2014 FCPA enforcement actions involving Direct Access Partners (DAP) defendants Tomas Clarke, Alejandro Hurtado and Maria Gonzalez were also charged with conspiracy to violate the Travel Act. Hurtado and Gonzalez were charged with substantive Travel Act violations.

As stated in the FCPA Guidance, “The Travel Act, 18 U.S.C. § 1952, prohibits travel in interstate or foreign commerce or using the mail or any facility in interstate or foreign commerce, with the intent to distribute the proceeds of any unlawful activity or to promote, manage, establish, or carry on any unlawful activity. “Unlawful activity” includes violations of not only the FCPA, but also state commercial bribery laws. Thus, bribery between private commercial enterprises may, in some circumstances, be covered by the Travel Act. Said differently, if a company pays kickbacks to an employee of a private company who is not a foreign official, such private-to-private bribery could possibly be charged under the Travel Act.”

The Travel Act elements are: (1) use of a facility of foreign or interstate commerce (such as email, telephone, courier, personal travel); (2) with intent to promote, manage, establish, carry on, or distribute the proceeds of; (3) an activity that is a violation of state or federal bribery, extortion or arson laws, or a violation of the federal gambling, narcotics, money-laundering or RICO statutes. This means that, if in promoting or negotiating a private business deal in a foreign country, a sales agent in the US or abroad offers and pays some substantial amount to his private foreign counterpart to influence his acceptance of the transaction, and such activity may be a violation of the state law where the agent is doing business, the Justice Department may conclude that a violation of the Travel Act has occurred. For instance, in the state of Texas there is no minimum limit under its Commercial Bribery statute (Section 32.43, TX. Penal Code), which bans simply the agreement to confer a benefit which would influence the conduct of the individual in question to make a decision in favor of the party conferring the benefit. As noted further in this article, the state of California bans payment of more than $1,000 between private parties for the purposes of influencing a business decision.

The DAP enforcement action was not the first case to use the Travel Act in conjunction with the FCPA. As was reported in the FCPA Blog there was the matter of U.S. v. David H. Mead and Frerik Pluimers, (Cr. 98-240-01) D.N.J., Trenton Div. 1998. In this case defendant Mead was convicted following a jury trial of conspiracy to violate the FCPA and the Travel Act (incorporating New Jersey’s commercial bribery statute) and two counts each of substantive violations of the FCPA and the Travel Act. In its 2008 article, entitled “The Foreign Corrupt Practices Act: Walking the Fine Line of Compliance in China”, the law firm of Jones Day reported the case of United States v. Young & Rubicam, Inc., 741 F.Supp. 334 (D.Conn. 1990) where a Company and individual defendants pled guilty to FCPA and Travel Act violations and paid a $500,000 fine.

In addition to the Mead and Young and Rubicam cases, the FCPA Guidance specifies that the Department of Justice (DOJ) has “previously charged both individual and corporate defendants in FCPA cases with violations of the Travel Act. For instance, an individual investor was convicted of conspiracy to violate the FCPA and the Travel Act in 2009 where the relevant “unlawful activity” under the Travel Act was an FCPA violation involving a bribery scheme in Azerbaijan. Also in 2009, a California company that engaged in both bribery of foreign officials in violation of the FCPA and commercial bribery in violation of California state law pleaded guilty to conspiracy to violate the FCPA and the Travel Act, among other charges.”

What does this mean for US companies doing business overseas? The incorporation of the Travel Act into a FCPA prosecution could blur away the distinction between bribery of foreign governmental officials and private citizens, if all foreign private citizens can be brought in under the FCPA by application of the Travel Act. US companies doing business overseas, which have a distinction in their FCPA compliance policies between gifts for and travel and entertainment of employees of private companies and employees of state owned entities or foreign officials, should immediately rethink this distinction in their approach.

Further, and more importantly for the burgeoning FIFA scandal, the Travel Act may provide the basis for the DOJ to evaluate the conduct of the US companies who are involved with marketing efforts directly with FIFA, regional soccer federations such as CONCACAF and its former official Jack Warner from Trinidad or national soccer federations such the Brazilian national soccer federation which was the beneficiary.

Indeed, as reported in the Wall Street Journal (WSJ) by Sara Germano, in an article entitled “Nike Says FIFA Indictment Doesn’t Allege Criminal Conduct By Company, the FIFA “indictment didn’t mention Nike but alleged that a representative for a company described as “Sportswear Company A” agreed to be invoiced by the firm and made $30 million in payments to a middleman between 1996 and 1999. Parts of those payments were then used as bribes and kickbacks, according to the indictment. Nike signed a sportswear outfitting deal with the Brazilian federation in 1996, according to the company website. Nike said Wednesday it has cooperated with the authorities and continues to do so.” In the article Nike also denied any involvement in the bribery schemes. Germano wrote, ““The charging documents unsealed yesterday in Brooklyn do not allege that Nike engaged in criminal conduct,” the company said in an emailed statement. “There is no allegation in the charging documents that any Nike employee was aware of or knowingly participated in any bribery or kickback scheme.””

In an article in the New York Times (NYT), entitled “How a Speck in the Sea Became a FIFA Power”, Jeré Longman wrote about the alleged charitable donations made to the Cayman Islands Football Association (CIFA) to construct soccer facilities in the island-nation. Yet many have never been constructed and the money is not accounted for. If the actions engaged in by US company involved in marketing efforts with FIFA, regional soccer federations or national soccer federations violated the state laws regarding commercial bribery where the US companies were headquartered there could be an argument that a FCPA violation could be incorporated through the Travel Act.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 29, 2015

Doing Compliance in an Economic Downturn, Part IV – Testing, Peer Groups and Talent Development

Edmund HillaryToday we celebrate the conquest of what the Tibetans call “Mother Goddess of the Land” and what the rest of us call Mount Everest. For on this date in 1953, Sir Edmund Hillary of New Zealand and Tenzing Norgay, a Nepalese Sherpa, became the first explorers to reach the summit of the highest point on earth. News of the success was rushed by runner from the expedition’s base camp to the radio post at Namche Bazar, and then sent by coded message to London, where Queen Elizabeth II learned of the achievement on June 1, the eve of her coronation. The next day, the news broke around the world. Later that year, Hillary and Norgay were both honored by the queen for their momentous achievement.

One of the things that made Hillary and Norgay’s ascent to the summit of Everest was the overall integration and teamwork of the entire group. The British team was led by Colonel John Hunt who set up a series of camps, allowing the expedition to push its way up the mountain in April and May. A new passage was forged through several previously un-surmounted obstacles to bring the team to about 26,000 feet. The first assault to the summit was launched on May 26 by Charles Evans and Tom Bourdillon, however they had to abandon their assent 300 feet from the top due to malfunctioning oxygen sets. Three days later, Hillary and Norgay were successful. In other words, teamwork and process were key to their success.

The accomplishment achieved by Hillary and Norgay drives the conclusion of my series on the steps you can take to improve your Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program and overall compliance function during a period of economic downturn. So when faced with reduced monetary resources and lessened head count you might want to consider the teamwork of compliance. To that end you might use a strategy of developing compliance talent and relationships for the compliance function. You could initiate a compliance talent development group where you rotate high potential individuals in your company through the compliance function in some manner.

My suggestion would be to work with senior management and your Human Resources (HR) function to identify some of the key talent within your company. They can come from any other area of the company; such as accounting, finance, internal audit, HR itself, sales or any other discipline. From there you can task them to lead a working group on a compliance related project. The project itself can be any project you would like to try and implement when funding becomes more available.

One company I worked at had such an organization called the President’s Team which was an annual group that developed projects for the company Chief Executive Officer (CEO). The concept is the same but the goal is having the high talent employees learn more about compliance. Equally important for you as the compliance practitioner is to develop relationships with such up and comers so you can access to them if they continue to progress up the corporate chain. Remember it is important to have relationships with those in power and those who will be in power.

In addition to the talent development group, you should also revisit your interactions with your Board or Audit Committee. You need to re-emphasize to them their responsibility for compliance going forward and that it will not diminish simply because the price of oil has gone south or any other reason why you may be in an economic downturn. If there are emergency projects or others which you believe should take priority this would be a good time to inform and educate the Board on them so that you can continue to maintain as much funding as is possible. This could come into play if you have a number of whistleblower complaints to triage and review in short order due to employee layoffs. But if you did not establish those relationships ‘yesterday’, you probably cannot call on them ‘tomorrow’ so you need to make sure they are in place now.

Another idea that you can try is something along the lines of a client advisory committee or peer group review. You can put together a peer group to help advise your compliance function. After all, one of your constituent groups is your employee base. So why not turn to that group to find out what is working and perhaps their views on what is not, in their eyes, from the compliance function. If they can provide feedback to you on how to streamline a compliance process you might well be able to incorporate such suggestions going forward. They will be aware of the resource constraints the company is under so it could be an avenue which you have not previously used. Further, as with the talent development group concept, you would have the opportunity to develop relationships with other leaders in your organization. Finally, the group would have greater investment in the compliance function going forward.

Next is one of your highest risks, that of third parties, which most compliance practitioners recognize as their highest risk in any FCPA anti-corruption compliance program. This risk does not lessen simply because of a downturn. My suggestion is that you test and review all of the indicia around the lifecycle of your third party risk management program. This is not a forensic audit or even standards that an auditor might use. But you can test and you can test the documentation around your program at little to no cost.

The lifecycle of a third party is the following: (1) Business justification, (2) Questionnaire, (3) Due Diligence and Evaluation, (4) Contract negotiation, and (5) Managing the relationship thereafter. You can perform testing on all of these steps by reviewing the documentation in your third party database. For each third party you should confirm that there is documentation in each file, which supports each of the five prongs. In addition to the document, document, document aspect of this exercise, you can also use it as a cross-check on your internal control mapping for each validated prong so this can also be considered an internal compliance control.

I hope that you have found some of these ideas for improving your compliance function in an economic downturn useful. Perhaps they have stimulated ideas or discussions within your organizations going forward. If you have any other ideas which you would be willing to share, I hope that you will pass them along to me. We are all in this compliance ride together anything we all can do to move things forward is progress in my mind.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 27, 2015

Economic Downturn Week, Part II – The Golden Gate Bridge and Employment Separation – Hotlines and Whistleblowers During Layoffs

Golden Gate BridgeToday, we celebrate one of the greatest engineering achievements of the century. On this date in 1937, the Golden Gate Bridge opened. At 4200 feet long, it was at the time the world’s longest suspension bridge. But not only was it an engineering and architectural milestone, its aesthetic form was instantly recognized as classical and to this day is one of the most iconic structures in the US if not the world. With just a few years until its 80th birthday, it demonstrates that a lasting structure is more than simply form following function but contains many elements that inform its use and beauty.

I use the Golden Gate Bridge as an entrée to my continued discussion on the series on steps that you can use in your compliance program if you find yourself, your company or your industry in an economic downturn. Whether you are a Chief Compliance Officer (CCO) or compliance practitioner, these steps are designed to be achieved when you face reduced economic resources or lessened personnel resources going forward due to a downturn your economic sector. Yesterday, I discussed mapping your current and existing internal controls to the Ten Hallmarks of an Effective Compliance Program so that you can demonstrate your compliance with the Foreign Corrupt Practices Act’s (FCPA) internal control prong to the accounting procedures. Today I want to discuss the issues surrounding the inevitable layoffs your company will have to endure in a downturn.

In Houston, we have experienced energy companies laying off upwards of 30% of their workforce, both in the US and abroad. Employment separations can be one of the trickiest maneuvers to manage in the spectrum of the employment relationship. Even when an employee is aware layoffs are coming it can still be quite a shock when Human Resources (HR) shows up at their door and says, “Come with me.” However, layoffs, massive or otherwise, can present some unique challenges for the FCPA compliance practitioner. Employees can use layoffs to claim that they were retaliated against for a wide variety of complaints, including those for concerns that impact the compliance practitioner. Yet there are several actions you can take to protect your company as much as possible.

Before you begin your actual layoffs, the compliance practitioner should work with your legal department and HR function to make certain your employment separation documents are in compliance with the recent SEC v. KBR Cease and Desist Order regarding Confidentiality Agreement (CA) language which purports to prevent employees from bringing potential violations to appropriate law or regulatory enforcement officials. If your company requires employees to be presented with some type of CA to receive company approved employment severance package, it must not have language preventing an employee taking such action. But this means more than having appropriate or even approved language in your CA, as you must counsel those who will be talking to the employee being laid off, not to even hint at retaliation if they go to authorities with a good faith belief of illegal conduct. You might even suggest, adding the SEC/KBR language to your script so the person leading the conversation at the layoff can get it right and you have a documented record of what was communicated to the employee being separated.

When it comes to interacting with employees first thing any company needs to do, is to treat employees with as much respect and dignity as is possible in the situation. While every company says they care (usually the same companies which say they are very ethical), the reality is that many simply want terminated employees out the door and off the premises as quickly as possibly. At times this will include an ‘escort’ off the premises and the clear message is that not only do we not trust you but do not let the door hit you on the way out. This attitude can go a long way to starting an employee down the road of filing a claim for retaliation or, in the case of FCPA enforcement, becoming a whistleblower to the Securities and Exchange Commission (SEC), identifying bribery and corruption.

Treating employees with respect means listening to them and not showing them the door as quickly as possible with an escort. From the FCPA compliance perspective this could also mean some type of conversation to ask the soon-to-be parting employee if they are aware of any FCPA violations, violations of your Code of Conduct or any other conduct which might raise ethical or conflict of interest concerns. You might even get them to sign some type of document that attests they are not aware of any such conduct. I recognize that this may not protect your company in all instances but at least it is some evidence that you can use later if the SEC (or Department of Justice (DOJ)) comes calling after that ex-employee has blown the whistle on your organization.

I would suggest that you work with your HR department to have an understanding of any high-risk employees who might be subject to layoffs. While you could consider having HR conduct this portion of the exit interview, it might be better if a compliance practitioner was involved. Obviously a compliance practitioner would be better able to ask detailed questions if some issue arose but it would also emphasize just how important the issue of FCPA compliance, Code of Conduct compliance or simply ethical conduct compliance was and remains to your business.

Finally are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming.

The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you layoff the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.

Just as the Golden Gate Bridge provides more to the human condition than simply a structure to get from San Francisco to Marin County, layoffs in an economic downturn provide many opportunities to companies. If they treat the situation appropriately, it can be one where you manage your FCPA compliance risk going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

 

May 21, 2015

Compliance Week 2015 Wrap Up

Wrap UpCompliance Week 2015 has ended. This year was the tenth anniversary of the annual conference and in many ways I found it to be the best one yet. Matt Kelly and his team put together a conference and experience, which was absolutely first-rate. If you were not able to make this year’s event, I hope you will join us for Compliance Week 2016, which Matt announced the dates for at the conclusion of this year’s event. The dates for 2016 are May 23-26, back of course in Washington DC to be held yet again at the Mayflower Hotel. I wanted to give you some of my thoughts on the highlights of this year’s event and what made it so unique.

At my age, I am somewhat loathe to channel my teenage daughter but the first thing that I noticed was a very different vibe this year over past year’s conferences. From the Cocktail Party reception held on Sunday night, all the way through the conclusion of the event, there seemed to be an air that I have not quite been able to put my finger on. It was more than an acknowledgement and perhaps even an excitement about how far the compliance profession has come in the past ten years. While I have written about the Chief Compliance Officer (CCO) and compliance profession as CCO 2.0, I had the feeling that we may be moving on to CCO 3.0, as that was even the title of a session.

But this vibe was more tangible than simply a feeling. One key ingredient for me was the use of social media into the conference experience. While many events have a conference app, which can provide you information on such things as the agenda, speakers and their presentations, room locations and the like; the Compliance Week 2015 app was fully interactive, allowing you to live tweet, send IM to fellow conference attendees and receive text messages when a room changed or other conference alteration occurred. It also provided a virtual help desk for all attendees.

Many of sessions were led by CCOs from major corporations and they were able to provide a strategic vision of where they were going at their organizations. This was kicked off from the start of the conference, from the first panel on the first day where the CCOs from Boeing, GE and the Director of Compliance for Wal-Mart began the event. Obviously these are three of the largest companies in the US and do business on a worldwide basis. Yet, while sharing their strategic visions, each one was able to provide a solid example from their respective organization that a CCO or compliance practitioner from any sized company could implement. From Wal-Mart with a workforce of 2.2 million employees, it was keep the message simple. From Boeing, it was incorporate any compliance failures as teaching moments or lessons learned into your internal compliance training going forward. From GE, it was how to inculcate and incorporate compliance into your everyday business planning.

The conversations were excellent as usual. I led the FCPA conversation and there were several alumni present, who told me they look forward to attending each year. One of the reasons is that there is no avenue in their hometowns to get together in an environment to discuss issues of mutual concern. It is concept that Mike Snyder and I used in founding the Houston Compliance Roundtable. A place where you can ask any question and have it answered by another compliance professional in an environment where Chatham House rules apply. While I certainly started the discussion, it quickly became fully interactive with all participants sharing their views on a variety of topics. While we have some great compliance talent in Houston at our Roundtable, it cannot top the level of maturity and sophistication present at the Compliance Week annual conference. We all benefited from the experience.

This experience was doubled when I led a breakfast event on Tuesday. While an inducement to attend was a complimentary copy of my book Doing Compliance, there were 25 attendees who joined me for a very engaging and free-flowing conversation about the state of compliance, we practitioners and where enforcement may be heading. Compliance Week treated us all to breakfast and, once again, I probably learned as much as any one. But since Chatham House rules were in effect, I cannot report on any of the substantive things that were discussed. I will share with you that I am excited to lead such a breakfast again next year and I hope you will be one of the 25 to sign up.

As always there were a number of government representatives who spoke at Compliance Week again this year. For me, the parade was led by Department of Justice (DOJ) Assistant Attorney General Leslie Caldwell. While I will be writing further, and in more detail, about Caldwell’s remarks, she said a few things that I think bear emphasis. One was that compliance professionals need to work towards more data analytics in the form of transaction monitoring to assist in moving to a prevent and even predictive and prescriptive mode for your best practice compliance program. Next she emphasized that your compliance program must not be static but must evolve as your business risks evolve. Finally, and much closer to my heart, were her remarks that you need to “sensitize your business partners to compliance.” It was if she was channeling her inner Scott Killingsworth with his groundbreaking work on ‘Private-to-Private’ or P2P compliance solutions. Or, as I might say, she was advocating a business solution to the legal problem of bribery and corruption across the globe.

But Caldwell was not the only DOJ representative as we had Laurie Perkins, Assistant Chief, Foreign Corrupt Practices Act (FCPA) Unit and Kara Brockmeyer, Chief, FCPA Unit; Division of Enforcement from Securities and Exchange Commission (SEC), on a panel moderated by yours truly. First I would urge that if you are ever asked to moderate a panel with FCPA enforcers and regulators, jump at the chance. The reason is that you get to ask the questions you want answers to; even if you get past your prepared questions, when there is a lull in questions from the audience, you can follow up with something you want to know or in my case always wanted to know. So I asked some basic questions like: What is Criminal Information? (to Perkins) and Could you explain the process for the SEC’s Administrative Procedure? (to Brockmeyer). I was certainly enlightened by their answers to both questions.

The event sponsors were of course there to provide information on their solutions to assist any compliance practitioner. If you have never been to an event at the Mayflower Hotel in Washington, the conference rooms are along a wide hall that allows good people flow and adequate room for the sponsors and others to set up, meet attendees and discuss their products and services. I view the sponsors and vendors as a part of the compliance solution going forward and while they are clearly there to sell; they also engage in a fair amount of education. But the education runs both ways with many compliance practitioners communicating needs they have which can be incorporated into new product developments.

Unfortunately Compliance Week 2015 had to come to an end. But the feeling, information and new friends I met will last with me until Compliance Week 2016 next year. I hope you will plan to join me.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,291 other followers