FCPA Compliance and Ethics Blog

June 18, 2015

The War of 1812 and the IAP Worldwide Services Non-Prosecution Agreement

Battle of New OrleansOn this day, 203 years ago, President James Madison signed a Declaration of War against Great Britain inaugurating the War of 1812. The cause of the war was multi-faceted; the formal reason given was the British impressment of American sailors and the economic blockade of Europe. But the real reason may have simply been the warmongers who had been agitating for war against Britain for several years as an excuse to attack (and hopefully take over) Canada. For those of you who did not study geography too closely, that latter hope was forlorn as Canadians twice repulsed American invasions during the war.

That does not mean the War of 1812 was ultimately unsuccessful for the ‘War Hawks’. America got two great songs out of the war. The first was our National Anthem, the Star Spangled Banner, which celebrated victory over the British at Baltimore. The second was the top hit single of 1959, The Battle of New Orleans, which celebrated Andrew Jackson’s defeat of the British in the Battle of New Orleans, which was fought after the signing of the peace treaty that ended the war. Also that peace treaty, which America and Great Britain signed has remained unbroken to this day.

I thought about this view of the results of the War of 1812 when I read the Foreign Corrupt Practices Act (FCPA) enforcement action involving IAP Worldwide Services, Inc. (“IAP” or “the company”) and its former Vice President (VP), James Rama. The company received a Non-Prosecution Agreement (NPA) as a result of the enforcement action but agreed to a fine of $7.1MM. Rama pled guilty to a single count of conspiracy to violate the FCPA and is awaiting sentencing but his sentence will be capped out at “five years of imprisonment, a fine of the greater of $250,000 or twice the gross gain or loss, full restitution, a special assessment, and three years of supervised release” according to his Plea Agreement.

What it is difficult to determine from the company NPA and Rama Plea Agreement is what conduct the company engaged in which led to the NPA because clearly both the company and Rama engaged in conduct that violated the FCPA. In its Press Release the Department of Justice (DOJ) said, “Based on a variety of factors, including but not limited to IAP’s cooperation, the Criminal Division entered into a non-prosecution agreement with the company.” In the NPA these factors were given some meat with the following boilerplate language, “(a) the Company has cooperated with the Offices, including conducting an extensive internal investigation, voluntarily making U.S. and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the Offices; (b) the Company has engaged in remediation, including disciplining the officers and employees responsible for the corrupt payments or terminating their employment, enhancing its due diligence protocol for third-party agents and consultants, and instituting heightened review of proposals and other transactional documents for relevant Company contracts; (c) the Company has committed to continue to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth in Attachment C to this Agreement; and (d) the Company has agreed to continue to cooperate with the Offices in any ongoing investigation of the conduct of the Company and its officers, directors, employees, agents, and consultants relating to possible violations under investigation by the Offices.”

Since I cannot determine from beyond the above description what the company did to achieve its NPA, I will use the same analysis that I did in ascertaining what we Americans got out of the War of 1812. For the NPA did go into detail about the bribery scheme used by the company and Rama, which were clearly violative of the FCPA. Rama was a VP of the company until he signed and became an independent contractor to the organization, through his consulting entity, Ramaco. Ramaco was created, in part, to hide the involvement of IAP in the bidding process with the Kuwaiti Ministry of the Interior to provide nationwide surveillance for the country.

The bid for this project had two phases. In Phase I, a consultant would assist the Kuwaiti government to select the final contractor who would implement the nationwide surveillance for the country in Phase II. By hiding its involvement through Ramaco, IAP could reap the benefits of winning both phases, which it did. However the illegals acts of IAP and Ramaco did not end with this subterfuge but were in fact just beginning.

The Phase I contract awarded to Ramaco was worth $4MM. IAP and Ramaco agreed to rebate one-half of the amount, through a Kuwaiti third party agent back to certain representatives of the Kuwaiti government as bribe payments. In addition to this 50% figure of the contract price, IAP and Ramaco understood that this Kuwaiti third party contractor would “inflate its invoices to IAP by charging IAP for the total amount of both the legitimate services that Kuwaiti Company was providing and the payments that Kuwaiti Company was funneling to Kuwaiti Consultant without listing or otherwise disclosing the payments that were funneled to Kuwaiti Consultant.” According to the NPA, these monies were specifically “provided as bribes to Kuwaiti government officials to assist IAP in obtaining and retaining the KSP Phase I contract and to obtain the Phase II contract.”

The NPA also specified meetings which were held in the company’s headquarters in Arlington VA and that monies to be paid as bribes were wired out of a company bank account in the US to Kuwait.

All of these facts would lead me to opine that this case was egregious. There was a US company, setting up a scheme to pay bribes through both a US person, who was a former employee, and a foreign third party agent. Meetings to facilitate the scheme were held in the US and monies to fund bribes were wired out of a US bank account. There was nothing reported in the NPA which indicated that the company self-disclosed this FCPA violation. While there were statements of cooperation and remediation going forward, there was nothing other than the standard boilerplate language generally seen in NPAs.

So while the NPA does provide the Chief Compliance Officer (CCO) or compliance practitioner a good set of facts to test against in their organization, that would appear to be about it. Other than, of course, it is always better to cooperate than not. So much like what we Americans got out of the War of 1812, not much substance can be ascertained from the company’s NPA and Rama’s Plea Agreement.

For a YouTube clip of Johnny Horton singing The Battle of New Orleans, on the Ed Sullivan Show, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

June 3, 2015

Senn on 10 Best Practices in a Cross-Border Investigation – Part II

Larry McMurtryToday we celebrate Texas Letters. I know that might sound counter-intuitive for a state that is bunkering down for the anticipated Jade Helm invasion but there is a literary tradition that is certainly well known. On this day 79 years ago in 1936 Larry McMurtry was born in Wichita Falls, Texas. He has many accomplishments over the years, starting at 25 when he published his first novel, Horseman, Pass By (1961), in 1966 he explored small-town society isolation in The Last Picture Show, . In 1983 Terms of Endearment became an award-winning movie and in 1986. He won the Pulitzer Prize for Lonesome Dove, his 1985 bestseller about a 19th century cattle drive.

Today I conclude a two-part series on how to formulate an effective best practices cross-border investigation based upon an interview I did with Mara Senn, a partner at Arnold & Porter LLP, who specializes in white collar defense and cases brought under the Foreign Corrupt Practices Act (FCPA). The interview was based on an article that Senn and a colleague, Michelle Albert, published in the FCPA Report, Volume 3, Number 1, entitled “Internal Investigations, How to Conduct an Anti-Corruption Investigation: Developing and Implementing the Investigation Plan”. Today I will review practices six through ten.

  1. Put Form in Native Translations

Senn noted that in the countries that have strict data privacy laws, there are times that the only way an investigation can collect an employee’s personal information is to obtain affirmative assent. Such information might include work documents, work emails, or similar information. However she cautioned that in this situation it is even more important to put the consent form in the native language. She said that you do not want the employee to later claim they did not understand the consent form or thought they were executing something different. It can be critical that you have informed consent, because if you do not have informed consent, that consent could well turn out to be void.

  1. Preserve the Attorney Client Privilege

I first asked Senn to briefly describe the attorney-client privilege. She responded that the attorney-client privilege is a communication between an attorney and a client for the purpose of seeking legal advice. The reason they have this privilege is to make sure that people are not afraid to go their lawyer. Further, the purpose of attorney-client privilege is set up so that you will be encouraged to have protected conversations with counsel, to make sure you understand the law so you can follow it. The US rule is relatively straightforward. It applies to both in-house and outside counsel.

However the rules outside the US can be quite different and perhaps a little bewildering. In many European countries there is no privilege from an in-house counsel, so if a General Counsel (GC) of a company speaks to the President or Chief Executive Officer (CEO) there is absolutely no privilege under basically any circumstances in Europe. Senn then noted that other jurisdictions have other kinds of laws, each with a slightly different parameter, leading to different attorney-client expectations. She gave one such example; where your client is headquartered in Germany and your in-house client is the GC, you cannot really use them as a point person to help you conduct the interview the way you would with the US in-house counsel, because they do not have the attorney-client privilege.

  1. Prepare for Local Enforcement Actions

Most American lawyers are aware that increasingly, as we have seen other jurisdictions, other countries are becoming more aggressive in their enforcement actions for bribery and corruption, sometimes based upon local and domestic anti-bribery laws. Senn pointed out that information which one government knows, whichever government that is, you should expect and assume that multiple governments are cooperating in some way. This then makes it more likely that there could well be some sort of local enforcement action against your client while you are investigating matters around a FCPA claim or potential FCPA claim.

Senn believes this is another area where your local counsel can be helpful in that they should be aware of the different enforcement agencies in different countries that have different ways of doing things. For instance some countries, such as China, like to perform dawn raids; where essentially they come, they get people when they are asleep or when they are just waking up, and they just arrest them or they come in and seize documents.

Yet there are other countries where that is extremely unlikely to happen and so again, local counsel can give you an idea of what the typical raid would look like. Sometimes they just very politely call you and say, “Can we make an appointment? We’d like you to come by.” While this might not occur if the local government officials are concerned that there is the potential for the destruction of evidence, also different countries have different traditions of what they do, so you must ensure that your client is prepared for whatever may come to pass.

  1. Prepare for Security Risks 

In this situation Senn was referring to personal security, physical and health safety. She gave a couple of examples that sometimes you may be going into situations or countries where it may be war torn. Or consider the recent situation when Ebola was going around Western Africa or Central Africa. If you are conducting an investigation in such ravaged areas you should not send your employees to Liberia at that time to interview people. The same can be true in worn-turn areas like Syria or similar locales.

Senn articulated that the better plan would be to remove the people you are interviewing and bring them to you or to a local hub outside of the impacted areas. That avoids a whole host of issues, as you do not want to have to pay for extra security, for example you do not want your employees to have to walk around with loaded machine guns protecting them; you have to make a judgment call as to where and whether these potential threats need to be addressed in some way.

  1. Protect Whistleblowers

Here Senn had some very practical advice, which while it might seem counter-intuitive on the surface due to certain legal decisions, it might actually provide more protections for companies in the long run. Senn began by noting the 2nd Circuit Court of Appeals ruling in the Liu case, which essentially found that the Dodd-Frank retaliation provisions that protect whistleblowers in the US do not apply abroad, so in other words, a foreign whistleblower brought a case saying, “I was retaliated against and I bring a case under the retaliation provisions of Dodd-Frank,” and they said, “No way, you can’t bring it.”

Senn believes that companies that use the Liu decision as a basis to retaliate against whistleblowers outside the US are wrong for several reasons. First, is that the Securities and Exchange Commission (SEC) has announced they will still pay whistleblower outside the US, who come forward and meet the requirements, the Dodd-Frank bounty of up to 30% of the penalty. This means that even if courts determine that the Dodd-Frank provisions do not apply for retaliation for foreign nationals, the SEC can still honor the communication and compensate the foreign whistleblower.

The second reason Senn listed is that the US Sentencing Guidelines make clear that part of an effective compliance and ethics program includes having a publicized system for employees or agents to report potential or actual criminal conduct without fear of retaliation. These Sentencing Guidelines apply to all US companies, both domestic and internationally. Senn believes that if your company retaliates against foreign whistleblowers, the US government can take that into account, which could be viewed in a negative way, meaning that you don’t have an effective compliance and ethics program.

Senn’s best practices around the issue of cross-border investigations are excellent points for you to review if you have to consider such an investigation. Further, if you retain outside counsel to lead your investigation, you can use her best practices as guideposts to scope, plan and assist your outside counsel going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 31, 2015

The FIFA Indictments and Travel Act Prosecutions under the FCPA

7K0A0075While the indictments last week against 14 individuals who were members or associated with Fédération Internationale de Football Association (FIFA) did not include any alleged violations of the Foreign Corrupt Practices Act (FCPA), it does not necessarily mean that companies subject to the Act are in the clear. There can be another avenue for FCPA liability. It is under the Travel Act. In the 2013 and 2014 FCPA enforcement actions involving Direct Access Partners (DAP) defendants Tomas Clarke, Alejandro Hurtado and Maria Gonzalez were also charged with conspiracy to violate the Travel Act. Hurtado and Gonzalez were charged with substantive Travel Act violations.

As stated in the FCPA Guidance, “The Travel Act, 18 U.S.C. § 1952, prohibits travel in interstate or foreign commerce or using the mail or any facility in interstate or foreign commerce, with the intent to distribute the proceeds of any unlawful activity or to promote, manage, establish, or carry on any unlawful activity. “Unlawful activity” includes violations of not only the FCPA, but also state commercial bribery laws. Thus, bribery between private commercial enterprises may, in some circumstances, be covered by the Travel Act. Said differently, if a company pays kickbacks to an employee of a private company who is not a foreign official, such private-to-private bribery could possibly be charged under the Travel Act.”

The Travel Act elements are: (1) use of a facility of foreign or interstate commerce (such as email, telephone, courier, personal travel); (2) with intent to promote, manage, establish, carry on, or distribute the proceeds of; (3) an activity that is a violation of state or federal bribery, extortion or arson laws, or a violation of the federal gambling, narcotics, money-laundering or RICO statutes. This means that, if in promoting or negotiating a private business deal in a foreign country, a sales agent in the US or abroad offers and pays some substantial amount to his private foreign counterpart to influence his acceptance of the transaction, and such activity may be a violation of the state law where the agent is doing business, the Justice Department may conclude that a violation of the Travel Act has occurred. For instance, in the state of Texas there is no minimum limit under its Commercial Bribery statute (Section 32.43, TX. Penal Code), which bans simply the agreement to confer a benefit which would influence the conduct of the individual in question to make a decision in favor of the party conferring the benefit. As noted further in this article, the state of California bans payment of more than $1,000 between private parties for the purposes of influencing a business decision.

The DAP enforcement action was not the first case to use the Travel Act in conjunction with the FCPA. As was reported in the FCPA Blog there was the matter of U.S. v. David H. Mead and Frerik Pluimers, (Cr. 98-240-01) D.N.J., Trenton Div. 1998. In this case defendant Mead was convicted following a jury trial of conspiracy to violate the FCPA and the Travel Act (incorporating New Jersey’s commercial bribery statute) and two counts each of substantive violations of the FCPA and the Travel Act. In its 2008 article, entitled “The Foreign Corrupt Practices Act: Walking the Fine Line of Compliance in China”, the law firm of Jones Day reported the case of United States v. Young & Rubicam, Inc., 741 F.Supp. 334 (D.Conn. 1990) where a Company and individual defendants pled guilty to FCPA and Travel Act violations and paid a $500,000 fine.

In addition to the Mead and Young and Rubicam cases, the FCPA Guidance specifies that the Department of Justice (DOJ) has “previously charged both individual and corporate defendants in FCPA cases with violations of the Travel Act. For instance, an individual investor was convicted of conspiracy to violate the FCPA and the Travel Act in 2009 where the relevant “unlawful activity” under the Travel Act was an FCPA violation involving a bribery scheme in Azerbaijan. Also in 2009, a California company that engaged in both bribery of foreign officials in violation of the FCPA and commercial bribery in violation of California state law pleaded guilty to conspiracy to violate the FCPA and the Travel Act, among other charges.”

What does this mean for US companies doing business overseas? The incorporation of the Travel Act into a FCPA prosecution could blur away the distinction between bribery of foreign governmental officials and private citizens, if all foreign private citizens can be brought in under the FCPA by application of the Travel Act. US companies doing business overseas, which have a distinction in their FCPA compliance policies between gifts for and travel and entertainment of employees of private companies and employees of state owned entities or foreign officials, should immediately rethink this distinction in their approach.

Further, and more importantly for the burgeoning FIFA scandal, the Travel Act may provide the basis for the DOJ to evaluate the conduct of the US companies who are involved with marketing efforts directly with FIFA, regional soccer federations such as CONCACAF and its former official Jack Warner from Trinidad or national soccer federations such the Brazilian national soccer federation which was the beneficiary.

Indeed, as reported in the Wall Street Journal (WSJ) by Sara Germano, in an article entitled “Nike Says FIFA Indictment Doesn’t Allege Criminal Conduct By Company, the FIFA “indictment didn’t mention Nike but alleged that a representative for a company described as “Sportswear Company A” agreed to be invoiced by the firm and made $30 million in payments to a middleman between 1996 and 1999. Parts of those payments were then used as bribes and kickbacks, according to the indictment. Nike signed a sportswear outfitting deal with the Brazilian federation in 1996, according to the company website. Nike said Wednesday it has cooperated with the authorities and continues to do so.” In the article Nike also denied any involvement in the bribery schemes. Germano wrote, ““The charging documents unsealed yesterday in Brooklyn do not allege that Nike engaged in criminal conduct,” the company said in an emailed statement. “There is no allegation in the charging documents that any Nike employee was aware of or knowingly participated in any bribery or kickback scheme.””

In an article in the New York Times (NYT), entitled “How a Speck in the Sea Became a FIFA Power”, Jeré Longman wrote about the alleged charitable donations made to the Cayman Islands Football Association (CIFA) to construct soccer facilities in the island-nation. Yet many have never been constructed and the money is not accounted for. If the actions engaged in by US company involved in marketing efforts with FIFA, regional soccer federations or national soccer federations violated the state laws regarding commercial bribery where the US companies were headquartered there could be an argument that a FCPA violation could be incorporated through the Travel Act.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 29, 2015

Doing Compliance in an Economic Downturn, Part IV – Testing, Peer Groups and Talent Development

Edmund HillaryToday we celebrate the conquest of what the Tibetans call “Mother Goddess of the Land” and what the rest of us call Mount Everest. For on this date in 1953, Sir Edmund Hillary of New Zealand and Tenzing Norgay, a Nepalese Sherpa, became the first explorers to reach the summit of the highest point on earth. News of the success was rushed by runner from the expedition’s base camp to the radio post at Namche Bazar, and then sent by coded message to London, where Queen Elizabeth II learned of the achievement on June 1, the eve of her coronation. The next day, the news broke around the world. Later that year, Hillary and Norgay were both honored by the queen for their momentous achievement.

One of the things that made Hillary and Norgay’s ascent to the summit of Everest was the overall integration and teamwork of the entire group. The British team was led by Colonel John Hunt who set up a series of camps, allowing the expedition to push its way up the mountain in April and May. A new passage was forged through several previously un-surmounted obstacles to bring the team to about 26,000 feet. The first assault to the summit was launched on May 26 by Charles Evans and Tom Bourdillon, however they had to abandon their assent 300 feet from the top due to malfunctioning oxygen sets. Three days later, Hillary and Norgay were successful. In other words, teamwork and process were key to their success.

The accomplishment achieved by Hillary and Norgay drives the conclusion of my series on the steps you can take to improve your Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program and overall compliance function during a period of economic downturn. So when faced with reduced monetary resources and lessened head count you might want to consider the teamwork of compliance. To that end you might use a strategy of developing compliance talent and relationships for the compliance function. You could initiate a compliance talent development group where you rotate high potential individuals in your company through the compliance function in some manner.

My suggestion would be to work with senior management and your Human Resources (HR) function to identify some of the key talent within your company. They can come from any other area of the company; such as accounting, finance, internal audit, HR itself, sales or any other discipline. From there you can task them to lead a working group on a compliance related project. The project itself can be any project you would like to try and implement when funding becomes more available.

One company I worked at had such an organization called the President’s Team which was an annual group that developed projects for the company Chief Executive Officer (CEO). The concept is the same but the goal is having the high talent employees learn more about compliance. Equally important for you as the compliance practitioner is to develop relationships with such up and comers so you can access to them if they continue to progress up the corporate chain. Remember it is important to have relationships with those in power and those who will be in power.

In addition to the talent development group, you should also revisit your interactions with your Board or Audit Committee. You need to re-emphasize to them their responsibility for compliance going forward and that it will not diminish simply because the price of oil has gone south or any other reason why you may be in an economic downturn. If there are emergency projects or others which you believe should take priority this would be a good time to inform and educate the Board on them so that you can continue to maintain as much funding as is possible. This could come into play if you have a number of whistleblower complaints to triage and review in short order due to employee layoffs. But if you did not establish those relationships ‘yesterday’, you probably cannot call on them ‘tomorrow’ so you need to make sure they are in place now.

Another idea that you can try is something along the lines of a client advisory committee or peer group review. You can put together a peer group to help advise your compliance function. After all, one of your constituent groups is your employee base. So why not turn to that group to find out what is working and perhaps their views on what is not, in their eyes, from the compliance function. If they can provide feedback to you on how to streamline a compliance process you might well be able to incorporate such suggestions going forward. They will be aware of the resource constraints the company is under so it could be an avenue which you have not previously used. Further, as with the talent development group concept, you would have the opportunity to develop relationships with other leaders in your organization. Finally, the group would have greater investment in the compliance function going forward.

Next is one of your highest risks, that of third parties, which most compliance practitioners recognize as their highest risk in any FCPA anti-corruption compliance program. This risk does not lessen simply because of a downturn. My suggestion is that you test and review all of the indicia around the lifecycle of your third party risk management program. This is not a forensic audit or even standards that an auditor might use. But you can test and you can test the documentation around your program at little to no cost.

The lifecycle of a third party is the following: (1) Business justification, (2) Questionnaire, (3) Due Diligence and Evaluation, (4) Contract negotiation, and (5) Managing the relationship thereafter. You can perform testing on all of these steps by reviewing the documentation in your third party database. For each third party you should confirm that there is documentation in each file, which supports each of the five prongs. In addition to the document, document, document aspect of this exercise, you can also use it as a cross-check on your internal control mapping for each validated prong so this can also be considered an internal compliance control.

I hope that you have found some of these ideas for improving your compliance function in an economic downturn useful. Perhaps they have stimulated ideas or discussions within your organizations going forward. If you have any other ideas which you would be willing to share, I hope that you will pass them along to me. We are all in this compliance ride together anything we all can do to move things forward is progress in my mind.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 27, 2015

Economic Downturn Week, Part II – The Golden Gate Bridge and Employment Separation – Hotlines and Whistleblowers During Layoffs

Golden Gate BridgeToday, we celebrate one of the greatest engineering achievements of the century. On this date in 1937, the Golden Gate Bridge opened. At 4200 feet long, it was at the time the world’s longest suspension bridge. But not only was it an engineering and architectural milestone, its aesthetic form was instantly recognized as classical and to this day is one of the most iconic structures in the US if not the world. With just a few years until its 80th birthday, it demonstrates that a lasting structure is more than simply form following function but contains many elements that inform its use and beauty.

I use the Golden Gate Bridge as an entrée to my continued discussion on the series on steps that you can use in your compliance program if you find yourself, your company or your industry in an economic downturn. Whether you are a Chief Compliance Officer (CCO) or compliance practitioner, these steps are designed to be achieved when you face reduced economic resources or lessened personnel resources going forward due to a downturn your economic sector. Yesterday, I discussed mapping your current and existing internal controls to the Ten Hallmarks of an Effective Compliance Program so that you can demonstrate your compliance with the Foreign Corrupt Practices Act’s (FCPA) internal control prong to the accounting procedures. Today I want to discuss the issues surrounding the inevitable layoffs your company will have to endure in a downturn.

In Houston, we have experienced energy companies laying off upwards of 30% of their workforce, both in the US and abroad. Employment separations can be one of the trickiest maneuvers to manage in the spectrum of the employment relationship. Even when an employee is aware layoffs are coming it can still be quite a shock when Human Resources (HR) shows up at their door and says, “Come with me.” However, layoffs, massive or otherwise, can present some unique challenges for the FCPA compliance practitioner. Employees can use layoffs to claim that they were retaliated against for a wide variety of complaints, including those for concerns that impact the compliance practitioner. Yet there are several actions you can take to protect your company as much as possible.

Before you begin your actual layoffs, the compliance practitioner should work with your legal department and HR function to make certain your employment separation documents are in compliance with the recent SEC v. KBR Cease and Desist Order regarding Confidentiality Agreement (CA) language which purports to prevent employees from bringing potential violations to appropriate law or regulatory enforcement officials. If your company requires employees to be presented with some type of CA to receive company approved employment severance package, it must not have language preventing an employee taking such action. But this means more than having appropriate or even approved language in your CA, as you must counsel those who will be talking to the employee being laid off, not to even hint at retaliation if they go to authorities with a good faith belief of illegal conduct. You might even suggest, adding the SEC/KBR language to your script so the person leading the conversation at the layoff can get it right and you have a documented record of what was communicated to the employee being separated.

When it comes to interacting with employees first thing any company needs to do, is to treat employees with as much respect and dignity as is possible in the situation. While every company says they care (usually the same companies which say they are very ethical), the reality is that many simply want terminated employees out the door and off the premises as quickly as possibly. At times this will include an ‘escort’ off the premises and the clear message is that not only do we not trust you but do not let the door hit you on the way out. This attitude can go a long way to starting an employee down the road of filing a claim for retaliation or, in the case of FCPA enforcement, becoming a whistleblower to the Securities and Exchange Commission (SEC), identifying bribery and corruption.

Treating employees with respect means listening to them and not showing them the door as quickly as possible with an escort. From the FCPA compliance perspective this could also mean some type of conversation to ask the soon-to-be parting employee if they are aware of any FCPA violations, violations of your Code of Conduct or any other conduct which might raise ethical or conflict of interest concerns. You might even get them to sign some type of document that attests they are not aware of any such conduct. I recognize that this may not protect your company in all instances but at least it is some evidence that you can use later if the SEC (or Department of Justice (DOJ)) comes calling after that ex-employee has blown the whistle on your organization.

I would suggest that you work with your HR department to have an understanding of any high-risk employees who might be subject to layoffs. While you could consider having HR conduct this portion of the exit interview, it might be better if a compliance practitioner was involved. Obviously a compliance practitioner would be better able to ask detailed questions if some issue arose but it would also emphasize just how important the issue of FCPA compliance, Code of Conduct compliance or simply ethical conduct compliance was and remains to your business.

Finally are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming.

The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you layoff the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.

Just as the Golden Gate Bridge provides more to the human condition than simply a structure to get from San Francisco to Marin County, layoffs in an economic downturn provide many opportunities to companies. If they treat the situation appropriately, it can be one where you manage your FCPA compliance risk going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

 

May 21, 2015

Compliance Week 2015 Wrap Up

Wrap UpCompliance Week 2015 has ended. This year was the tenth anniversary of the annual conference and in many ways I found it to be the best one yet. Matt Kelly and his team put together a conference and experience, which was absolutely first-rate. If you were not able to make this year’s event, I hope you will join us for Compliance Week 2016, which Matt announced the dates for at the conclusion of this year’s event. The dates for 2016 are May 23-26, back of course in Washington DC to be held yet again at the Mayflower Hotel. I wanted to give you some of my thoughts on the highlights of this year’s event and what made it so unique.

At my age, I am somewhat loathe to channel my teenage daughter but the first thing that I noticed was a very different vibe this year over past year’s conferences. From the Cocktail Party reception held on Sunday night, all the way through the conclusion of the event, there seemed to be an air that I have not quite been able to put my finger on. It was more than an acknowledgement and perhaps even an excitement about how far the compliance profession has come in the past ten years. While I have written about the Chief Compliance Officer (CCO) and compliance profession as CCO 2.0, I had the feeling that we may be moving on to CCO 3.0, as that was even the title of a session.

But this vibe was more tangible than simply a feeling. One key ingredient for me was the use of social media into the conference experience. While many events have a conference app, which can provide you information on such things as the agenda, speakers and their presentations, room locations and the like; the Compliance Week 2015 app was fully interactive, allowing you to live tweet, send IM to fellow conference attendees and receive text messages when a room changed or other conference alteration occurred. It also provided a virtual help desk for all attendees.

Many of sessions were led by CCOs from major corporations and they were able to provide a strategic vision of where they were going at their organizations. This was kicked off from the start of the conference, from the first panel on the first day where the CCOs from Boeing, GE and the Director of Compliance for Wal-Mart began the event. Obviously these are three of the largest companies in the US and do business on a worldwide basis. Yet, while sharing their strategic visions, each one was able to provide a solid example from their respective organization that a CCO or compliance practitioner from any sized company could implement. From Wal-Mart with a workforce of 2.2 million employees, it was keep the message simple. From Boeing, it was incorporate any compliance failures as teaching moments or lessons learned into your internal compliance training going forward. From GE, it was how to inculcate and incorporate compliance into your everyday business planning.

The conversations were excellent as usual. I led the FCPA conversation and there were several alumni present, who told me they look forward to attending each year. One of the reasons is that there is no avenue in their hometowns to get together in an environment to discuss issues of mutual concern. It is concept that Mike Snyder and I used in founding the Houston Compliance Roundtable. A place where you can ask any question and have it answered by another compliance professional in an environment where Chatham House rules apply. While I certainly started the discussion, it quickly became fully interactive with all participants sharing their views on a variety of topics. While we have some great compliance talent in Houston at our Roundtable, it cannot top the level of maturity and sophistication present at the Compliance Week annual conference. We all benefited from the experience.

This experience was doubled when I led a breakfast event on Tuesday. While an inducement to attend was a complimentary copy of my book Doing Compliance, there were 25 attendees who joined me for a very engaging and free-flowing conversation about the state of compliance, we practitioners and where enforcement may be heading. Compliance Week treated us all to breakfast and, once again, I probably learned as much as any one. But since Chatham House rules were in effect, I cannot report on any of the substantive things that were discussed. I will share with you that I am excited to lead such a breakfast again next year and I hope you will be one of the 25 to sign up.

As always there were a number of government representatives who spoke at Compliance Week again this year. For me, the parade was led by Department of Justice (DOJ) Assistant Attorney General Leslie Caldwell. While I will be writing further, and in more detail, about Caldwell’s remarks, she said a few things that I think bear emphasis. One was that compliance professionals need to work towards more data analytics in the form of transaction monitoring to assist in moving to a prevent and even predictive and prescriptive mode for your best practice compliance program. Next she emphasized that your compliance program must not be static but must evolve as your business risks evolve. Finally, and much closer to my heart, were her remarks that you need to “sensitize your business partners to compliance.” It was if she was channeling her inner Scott Killingsworth with his groundbreaking work on ‘Private-to-Private’ or P2P compliance solutions. Or, as I might say, she was advocating a business solution to the legal problem of bribery and corruption across the globe.

But Caldwell was not the only DOJ representative as we had Laurie Perkins, Assistant Chief, Foreign Corrupt Practices Act (FCPA) Unit and Kara Brockmeyer, Chief, FCPA Unit; Division of Enforcement from Securities and Exchange Commission (SEC), on a panel moderated by yours truly. First I would urge that if you are ever asked to moderate a panel with FCPA enforcers and regulators, jump at the chance. The reason is that you get to ask the questions you want answers to; even if you get past your prepared questions, when there is a lull in questions from the audience, you can follow up with something you want to know or in my case always wanted to know. So I asked some basic questions like: What is Criminal Information? (to Perkins) and Could you explain the process for the SEC’s Administrative Procedure? (to Brockmeyer). I was certainly enlightened by their answers to both questions.

The event sponsors were of course there to provide information on their solutions to assist any compliance practitioner. If you have never been to an event at the Mayflower Hotel in Washington, the conference rooms are along a wide hall that allows good people flow and adequate room for the sponsors and others to set up, meet attendees and discuss their products and services. I view the sponsors and vendors as a part of the compliance solution going forward and while they are clearly there to sell; they also engage in a fair amount of education. But the education runs both ways with many compliance practitioners communicating needs they have which can be incorporated into new product developments.

Unfortunately Compliance Week 2015 had to come to an end. But the feeling, information and new friends I met will last with me until Compliance Week 2016 next year. I hope you will plan to join me.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 13, 2015

Senn Interview, Part III – Post Incident Remediation

RemediationI conclude my three-part series based upon my podcast interview of noted white-collar defense lawyer and Foreign Corrupt Practices Act (FCPA) practitioner Mara Senn, a partner at Arnold & Porter LLP. In Part I, I considered Senn’s thoughts on conducting internal investigations. In Part II, I looked at Senn’s decision-making calculus around the decision to self-disclose if you have determined that a potential FCPA violation existed. Today, I consider her thoughts on what steps a company should take if it comes to the decision not to self-report a potential FCPA violation. These include the remediation of potential or actual conduct that might arguably violate the FCPA and the actions you should take on an ongoing basis.

One of the things Senn made clear is that whether you decide to self-disclose or not, your company must fully remediate the issue which led to that. She suggested that a company should act as if they will draw government scrutiny. She said, “the best way to go about it is to assume, act as if, the government is breathing down their necks on this very issue and fully remediate. The nice thing is they can decide what that means, fully remediate.”

I inquired as to whether that meant a systemic look at the company’s operations on a global, worldwide basis, particularly in view of Assistant Attorney General Leslie Caldwell’s recent admonition not to ‘boil the ocean’ in the context of your FCPA internal investigation. Senn replied, “It used to be that in the government’s view, fully remediating meant go to 10 different countries, even if there’s no suspicion of any activity going on, just to make sure that everything’s okay. They’re now backing away from that, and in fact, they’re saying that the private sector is the one who started that whole trend, which is not quite consistent with history.”

Recognizing that there is always a risk that the government will come knocking, either via a whistleblower or other mechanism, Senn replied, “you want to be squeaky clean, so that when the government comes to you, if in the future, like a year down the line, you have another problem or the government has a whistleblower or whatever, that you can say, look, in our opinion, we did an analysis, and we thought it was not necessary to self-disclose. On the other hand, we were horrified and very upset by the fact that this potential infraction happened on our watch, and we’ve done the following 5 things, and we’ve remediated.”

She went on to explain, “What you want to do is show to the government, “We understand the problems that caused this, and we got to the root of it. Either it’s a bad apple, and we got rid of that bad apple, or it was really a failure of compliance structures, and we’ve fixed that part of the compliance structures. In fact, we’ve added more, just to double check and make sure that in this particular area or similar areas, depending on what it is, we will detect, prevent, and if we detect something, we will remediate.” They, the government, can feel comfortable that you did what they would have asked you to do anyways. That doesn’t always have to be onerous, sometimes it is depending on the scope of the issue, but that’s what I would say about that.”

Senn listed several actions that a company could engage in to demonstrate that it had taken solid remediation steps. Obviously, a company can “bulk up its compliance program.” But she added that it is important that a company demonstrate action taken against the nefarious party or parties. A company can discipline up to and including discharge. But do not forget lesser forms of discipline including docking pay or suspension without pay or other steps short of termination. I would add that you should consider the FCPA Guidance on this final point where it notes, “A compliance program should apply from the board room to the supply room—no one should be beyond its reach. DOJ and SEC will thus consider whether, when enforcing a compliance program, a company has appropriate and clear disciplinary procedures, whether those procedures are applied reliably and promptly, and whether they are commensurate with the violation.” [emphasis supplied]

Yet more than simply remediating an issue or even violation, Senn believes that a company should work to stay on top of its program thereafter. Certainly if you agree to a Deferred Prosecution Agreement (DPA) or Non-Prosecution Agreement (NPA), your company will either have an external monitor or reporting obligation to the Department of Justice (DOJ) going forward.

I asked her about ongoing monitoring of your compliance program; both the enhancements you might put in place to remedy generally and the specific issues that caused the problem initially. Senn agreed that is an important step going forward, she stated, “Absolutely, but I think that the monitoring requirement has now essentially expanded to the whole program. The government really expects you now to be having ongoing improvement and ongoing monitoring, so it’s not like you put in a policy 3 years ago and don’t do anything and then assume it’s okay. I think maybe you would put in a special extra audit or something like that on that particular situation, but really you should have in your compliance program an overall monitoring function that allows you to do that for all of your programs to various levels and various degrees. Yes, I think so, but it may not be as intensive as your typical external monitor, because you’re going to be integrating that into a program that’s really more holistic than just checking on that one thing. You’re going to be checking on a system-wide basis.”

Clearly this position was articulated in the FCPA Guidance as Hallmark Nine of an Effective Compliance Program. The Guidance states, “An organization should take the time to review and test its controls, and it should think critically about its potential weaknesses and risk areas.” The Guidance ended this Hallmark by stating, “Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity of an organization, the idea behind such efforts is the same: continuous improvement and sustainability.”

To listen to the full Mara Senn interview, go to the FCPA Compliance and Ethics Report, by clicking here, or download it from iTunes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 12, 2015

Senn Interview, Part II – A Discussion of the Decision to Self-Disclosure

Self-DisclsoureIn today’s post, I continue to explore my recent interview of Mara Senn, a partner at Arnold & Porter LLP in Washington DC. Senn is a white-collar practitioner who whose practice includes representing companies in investigations of the Foreign Corrupt Practices Act (FCPA). In Part I, we reviewed Senn’s thought on how to prepare and deal with a FCPA investigation. Today I review her thoughts on the decision to self-disclose if a potential FCPA violation arises.

One of the things that has always been difficult is to quantify the benefits of self-disclosure of a potential FCPA violation by a company to the Department of Justice (DOJ) or Securities and Exchange Commission (SEC). At least for the DOJ, its base line analysis for calculating penalties comes from the US Sentencing Guidelines. As stated in the FCPA Guidance, “To determine the appropriate penalty, the “offense level” is first calculated by examining both the severity of the crime and facts specific to the crime, with appropriate reductions for cooperation and acceptance of responsibility, and, for business entities, addi­tional factors such as voluntary disclosure, cooperation, pre-existing compliance programs, and remediation.”

The Sentencing Guidelines, §8C2.5(g) states that an overall fine can be reduced through the following:

(g)       Self-Reporting, Cooperation, and Acceptance of Responsibility  

If more than one applies, use the greatest:

  • If the organization (A) prior to an imminent threat of disclosure or government investigation; and (B) within a reasonably prompt time after becoming aware of the offense, reported the offense to appropriate governmental authorities, fully cooperated in the investigation, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 5 points; or
  • If the organization fully cooperated in the investigation and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 2 points; or
  • If the organization clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 1 point. 

Both the DOJ and SEC representatives consistently state in speeches and other public commentary on the benefits of self-disclosure. Some commentators, notably Mike Volkov in his blog, caution that any decision to self-disclose should be well thought through and that if an issue can be resolved through an internal investigation, subsequent remediation and ongoing monitoring to make sure it does not happen again, self-disclosure many not be warranted. In my podcast interview with Mara Senn I ask her how she might help a client work through this most difficult issue.

While self-reporting has in many ways become the norm in many situations where a company uncovers what might arguably be a FCPA violation; Senn comes down that self-reporting should be “the exception and not the rule.” She first pointed to the “structure of self-reporting, the thing that I think gets lost in the shuffle is there’s absolutely no legal obligation to self-disclose in FCPA cases, at all. There may be other disclosure obligations, because of a public company or what have you, but under the law of the FCPA, and under criminal law, no company has an affirmative duty to self-disclose.”

She went on to explain unlike in anti-trust or cartel cases, “where the first company who’s the first in to self-report gets immunity. It’s a totally different structure in the FCPA area for many reasons, most of which are appropriate, but you don’t get immunity, you get cooperation credit”. This cooperation credit is based on the Sentencing Guidelines cited above but Senn explained that, from her perspective, “The problem is, a lot of these calculations are very very opaque. Under the sentencing guidelines, you get a 5-point decrease if you self-report, cooperate, and accept responsibility. You get 2 points off if you cooperate and accept responsibility, and then just 1 point for accepting responsibility. Under this system, supposedly, self-disclosure standing alone is worth 3 points, and each of the other ones are worth 1.” This leads her to believe that “in my experience, you get almost as much credit, if not as much credit, for cooperating with the government once they come to you, even if you didn’t disclose in the first place. The myth is that self-disclosure is some kind of really big bump in cooperation credit. I think, in practice, that really doesn’t bear water.” This leads her to believe that “This idea of credibility by self-disclosing is so intangible, and it’s not quantifiable.”

I posed the question of credibility with the government. One of things that I consistently advocate is that you need to have credibility with the DOJ or SEC when you sit across the table at any point during a FCPA investigation. I had thought that self-disclosure would add to that credibility. However Senn explained that it is the lawyer or law firm representing the company that can go a long way towards establishing credibility. She said, “For those of us who regularly appear before the government, we already have credibility, and they understand that the client may or may not agree with recommendations we make, and they know that we’ll be a straight shooter once we’re in front of them, however we get in front of them.” But is more than the lawyer or law firm that brings credibility; it is actions of the company as well. Of course this means the steps the company has taken and its cooperation with the government during the pendency of the FCPA investigation.

Senn even described a visual way to think through this by describing an X and Y-axis that creates four squares. She articulated it as follows, “On one axis, you have the seriousness of the potential violation, and then the likelihood of discovery on the other axis. In both of these areas, both the seriousness and the likelihood of discovery, I draw the line to be in a more rational, but it may be different, than the traditional norm.”

I asked Senn about the plethora of ways that a FCPA violation or issue can be reported now and if that should play a role the calculus to self-disclose or not. I found her response very interesting. She said, “I think that the likelihood of discovery issue is really really important if you think that companies get a lot of credit for self-reporting. If you don’t think that, which I don’t think that they do particularly, then really the focus is on cooperation and not so much on the self-reporting itself.” Even with the wide spread knowledge of Dodd-Frank whistleblower awards and protections Senn believes that “most employees really don’t realize they can get money from the government if they are whistleblowers on these sorts of things. I don’t think it’s been particularly well publicized, and obviously employers are not training their employees to explain to them that they can be whistleblowers.” She even pointed to the recent statistics from the SEC report on whistleblowers, stating, “If you look at the latest SEC whistleblower report, only 4.3% of the tips reported were FCPA cases. It’s not like people are hitting down their door with all these FCPA cases.”

I found Senn thoughts on the issue of self-disclosure certainly an interesting way to consider this most complex and significant issue. For all the criticism of FCPA Inc. and the FCPA Paparazzi, it also demonstrates the importance of having counsel well versed in both the legal issues of the FCPA and representing a company before the government in the event your company is in an investigation.

In Part III of my series on Senn’s interview, I will focus on her thoughts on remediation of any FCPA violation and steps going forward.

To listen to the full Mara Senn interview, go to the FCPA Compliance and Ethics Report, by clicking here, or download it from iTunes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 11, 2015

Senn Interview, Part I – Investigations Under the FCPA

FCPA InvestigationsOne of the things that I am questioned on is when to bring in outside counsel for a Foreign Corrupt Practices Act (FCPA) investigation or simply to take a look at an issue that may have raised a Red Flag but is not yet a FCPA violation. Clearly a reason is retain the attorney client privilege and I think most Chief Compliance Officers (CCOs) and compliance practitioners understand that reason, but one of the things I learned as a trial lawyer is that you need to understand who your ultimate audience will be in work you do as a lawyer. If you draft a contract, you need to think through how it will play out in front of a judge or jury. If you start an FCPA investigation, your ultimate audience may well be the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). I recently had the opportunity to visit with white-collar practitioner Mara Senn, a partner at Arnold & Porter LLP, on this issue. She had several insights that I thought were insightful to assist a CCO or compliance practitioner to think through these issues. Today, I begin a three-part blog post on some of Senn’s thoughts on investigations for potential FCPA violations; tomorrow we will look at the decision (or not) to self-disclose and, finally, remediation if you discover a FCPA violation.

Unfortunately, many investigations being in a crisis situation, where a company may have discovered something that they know is bad but they do not know how bad that particular problem might be or they are not aware just how widespread the problem is. Senn indicated that the first thing she would note is that not every single incident requires outside counsel. There are all kinds of issues that can be handled very efficiently and effectively by in-house counsel. Moreover, there will be other issues and corporate disciplines involved such as the Human Resources (HR) Department. She explained that for a typical compliance blip that may happen, you do not need to call in an outside counsel right away, but if you do have these indicia of larger problems, particularly if you are a public company, it is a good idea to call outside counsel because you may be involved in reporting obligations. She cautioned that even at this early stage, outside counsel does not have to be boots on the ground and may not be required to be intimately involved if it is not a very complicated case.

Even with the above information, I asked Senn if there were any advantages she might see from bringing in outside counsel from the get-go rather than waiting. She articulated a number of things. First, there is more credibility if it is an independent review. If you are working for the company in whatever capacity, the government is not going to believe, as much, that it’s an independent investigation. From the government’s perspective, DOJ and/or SEC, they do not typically know the company involved in the investigation. Further, government regulators and enforcement officials are typically suspicious that a company is going to try to do what is right for the company. Of course there have been documented enforcement actions where companies have either destroyed documents or tried to hide things, such as witnesses or other evidence. In certain situations, an employee may look the other way, either purposefully or not really realizing what they’re seeing, and may take the investigation in the wrong direction. You want to just inoculate against that kind of problem.

Second, Senn said that there are very complicated issues that come up in cross-border situations. She provided four quick examples: privacy laws; labor laws; cultural issues and language issues. It can be very helpful, more cost effective and important from a legal compliance perspective to have somebody who is experienced in those kinds of issues.

Finally, and what I found most interesting, was Senn’s perspective on document preservation. She believes that “probably from the government’s perspective, the most important aspect of setting up an investigation in a way that makes them feel comfortable, is ensuring that all data is locked down.” Some questions that she believes counsel needs to ask are: “Do you have hand held devices? Where are all of your servers? What is your back-up tape situation? Are you trained in forensically retaining information?” Basically you need to get into the technical nitty gritty and if you do not, you could end up having a situation where either information is lost or there’s a possibility or suspicion that information is lost. Unfortunately, that is the situation that leads to a prosecutor’s imagination going wild. Senn ended her thoughts on this key point with the following, “the thing you want to do is just lock down that information, so if it ever comes to a point where the government says, “Well, we want to kick the tires,” you can say, “Okay, don’t worry. We’ve got everything you would have gotten otherwise.”

All of these steps can lead your company, through its investigation counsel, to having credibility with the DOJ and SEC. She made clear that the government will not only put you through your paces but also test the vibrancy of your investigation protocol and steps you might take as an independent assessor. She said that “if they realize, or they think, that all you’re doing is parroting what they consider to be the company line, and you haven’t gone in and independently really taken a look for yourself, you’re just going to come off as less credible, as somebody that they can’t really trust. That is definitely something that a company wants to avoid at all costs.”

I really liked the way Senn phrased the next step, “You don’t want to go too crazy” around scoping out the investigation. After getting the documents and technology locked down you should try and figure out the bad actor(s). Depending on the situation of whether the investigation target is aware of their status, you may be forced into “somewhat of a stealth investigation, where instead of going full bore and sending out document holds and things like that, you first want to essentially get that person’s information and make sure that they’re not going to do anything to their information. If there are a number of people you know are at issue, you want to lock that down, as well.”

The next step is to collect the documents forensically and use the information gleaned from this step in the process to do what Senn called “lay of the land interviews” where you try and obtain enough information to have a basic understanding of the situation, who the key players and who may be involved in the incident. Senn also believes you can garner quite a bit of information from working with your client before the actual interviews begin. You can look at organizational charts; see the number of employees who could have touched the transaction(s) at issue and also the countries involved. Also a review of the company’s financial accounting systems is critical so that you can assess how much will have to be done manually and in-country. (Think Avon)

One of the questions that I have struggled with is at what point in the investigation process is it appropriate to discipline employees, up to and including termination? I was gratified when Senn said this not only was a difficult question but also required a case-by-case analysis. You should begin by taking any persons out of the responsible situation. Paid leave pending an investigation is one option. If you terminate them, they will be gone and you will have zero control over them for initial interviews, follow-up interviews or assistance. She explained, “the government might want to interview that person. If you fired them, and that person has moved away or is now inaccessible to the government, it’s actually worse. My tendency is to keep them around, but just prevent them from continuing to do any of the harm that they may have previously done.”

In my next post, I will review Senn’s thoughts on the subject of self-disclosure.

To listen to the full interview with Mara Senn, go to the FCPA Compliance and Ethics Report, by clicking here, or download it from iTunes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 7, 2015

Doing Compliance – Released in Amazon Kindle and Apple iBook Formats

Doing Compliance 05I am extraordinarily pleased to announce that Compliance Week has released my most recent hardbound book, Doing Compliance: How to Design, Create, and Implement an Effective Anti-Corruption Compliance Program, in both Amazon Kindle and Apple iBook formats. Of course you can also purchase a hard copy to keep on your reference shelf as well. It is the book that a compliance practitioner should use as a one-volume reference for the everyday ‘Nuts and Bolts’ work of anti-corruption compliance.

Just as the world becomes more flat for business and commercial operations, it is also becoming so for anti-corruption and anti-bribery enforcement. Any company that does business internationally must be ready to deal with a business environment with these new realities. Doing Compliance is designed to be a one-volume work that will give to you some of the basics of creating and maintaining an anti-corruption and anti-bribery compliance program that will meet any business climate you face across the globe. The book format is an easy reference to assist you with your compliance program and I have based my discussion of a best practices compliance program on what the Criminal Division of the US Department of Justice (DOJ) and Enforcement Division of the Securities and Exchange Commission (SEC) set out in their jointly produced “A Resource Guide to the U.S. Foreign Corrupt Practices Act” (the FCPA Guidance) and the “Ten Hallmarks of an Effective Compliance Program”.

The FCPA Guidance wisely made clear that there is no ‘one-size-fits-all’ approach when it stated, “Individual companies may have different compliance needs depending on their size and the particular risks associated with their businesses, among other factors.” Thus, the book is written to provide insight into the aspects of compliance programs that the DOJ and SEC assess, recognizing that companies may consider a variety of factors when making their own determination of what is appropriate for their specific business needs.

The book has struck a cord with other well-known figures in the compliance community. Professor Andy Spalding, writing in the FCPA Blog, in a post entitled “Book Review: Tom Fox’s Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program”, said, “Compliance must be thorough, systematic, and highly attentive to detail. But no one ever said it had to be boring. And Tom Fox has proven this yet again. His Doing Compliance provides the most sophisticated and comprehensive compliance guidance available, with a delivery that is witty, lively, and even entertaining.”

The FCPA Professor, in a post entitled “Doing Compliance” – An FCPA Compliance Toolbox”, said, “Fox approaches the FCPA and related topics with a singular goal in mind: analyzing and articulating the vast body of literature on FCPA best practices in a digestible, practical, and workable way to be of value to compliance professionals in the field. In short, Fox is the “nuts and bolts” guy of FCPA compliance who not only offers his own insight and perspective on best practices, but also effectively aggregates the insights and perspectives of others. Fox’s latest book is “Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program” and in it he provides, in his words, “the basics of how to create and maintain an anti-corruption and anti-bribery compliance program to suit any business climate across the globe.” The nine chapters of the book are grouped around topics such as senior management commitment to compliance; written policies and procedures; conducting a risk assessment; training; hiring and other human resources issues; reporting and investigation; and merger and acquisition due diligence. “Doing Compliance” is peppered with many helpful checklists and factors that compliance professionals can use on a daily basis to implement, assess and improve FCPA compliance policies and procedures.”

This book does not discuss the underlying basis of the FCPA, the UK Bribery Act or any other anti-corruption or anti-bribery legislation. The book is about doing business in compliance with these laws. As with all Americans, I appreciate any list that is deca-based, so the format of 10 hallmarks resonates with me. I have used this basic ten-part organization in laying out what I think you should consider in your anti-corruption and anti-bribery compliance program. In addition to presenting my own views in these areas, I also set out the views of both FCPA practitioners and commentators from other areas of business study and review, including Mike Volkov, the FCPA Professor, David Lawler, Stephen Martin, Marjorie Doyle, Russ Berland and Scott Moritz, and many others.

If there is one book on the ‘Nuts and Bolts’ of how to design, create and implement a best practices compliance program, I submit to you this is the one. I hope that you will check it out in one of the new formats now available. Finally, the price is set at a very reasonable $69.95 so if you are a Chief Compliance Officer (CCO) or General Counsel (GC), you can purchase an entire set for your compliance team. You can even buy them for your friends and family if you want them to have a better understanding of what you do at work!

To purchase a copy of Doing Compliance: How to Design, Create, and Implement an Effective Anti-Corruption Compliance Program click on one of the links below:

 Hard copy

Amazon Kindle

 Apple iBook

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

« Previous PageNext Page »

Blog at WordPress.com.