The Royal Wedding and the End of the ‘Halliburton’ Opinion Release

Today is a Royal wedding in England and in honor of the happy couple and the English House of Windsor we will take a look at the Foreign Corrupt Practices Act (FCPA) in the context of a merger and acquisition (M&A) of a British company.

Until recently, many FCPA practitioners had based decisions in the M&A context on Department of Justice’s (DOJ) Opinion Release, 08-02 (08-02), which related to Halliburton’s proposed acquisition of the UK entity, Expro. However, the recently released Deferred Prosecution Agreement (DPA) of Johnson & Johnson (J&J) may have changed the perception of practitioners regarding what is required of a company in the M&A arena related to FCPA due diligence, both pre and post-acquisition. In this post we will review the genesis of 08-02, the risk based approach that it advocated and the vigorous time frames, which it set forth, to accomplish the agreed to compliance investigations and opine on how these may have changed.

08-02 began as a request from Halliburton to the DOJ from issues that arose in the pre-acquisition due diligence of the target company Expro. Halliburton had submitted the following request to the DOJ specifically posing these three questions: (1) whether the proposed acquisition transaction itself would violate the FCPA; (2) whether through the proposed acquisition of Target, Halliburton would “inherit” any FCPA liabilities of Target for pre-acquisition unlawful conduct; and (3) whether Halliburton would be held criminally liable for any post-acquisition unlawful conduct by Target prior to Halliburton’s completion of its FCPA and anti-corruption due diligence, where such conduct is identified and disclosed to the Department within 180 days of closing.

I.                08-02 Conditions

 Halliburton committed to the following conditions, if it was the successful bidder in the acquisition:

1. Within ten business days of the closing. Halliburton would present to the DOJ a

comprehensive, risk-based FCPA and anti-corruption due diligence work plan which would address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. The Halliburton work plan committed to organizing the due diligence effort into high risk, medium risk, and lowest risk elements.

a. Within 90 days of Closing. Halliburton would report to the DOJ the results of its high risk due diligence.

b. Within 120 days of Closing. Halliburton would report to the DOJ the results to date of its medium risk due diligence.

c. Within 180 days of Closing. Halliburton would report to the DOJ the results to date of its lowest risk due diligence.

d.  Within One Year of Closing. Halliburton committed full remediation of any issues which it discovered within one year of the closing of the transaction.

Many lawyers were heard to exclaim, “What an order, we cannot go through with it.” However,  we advised our clients not to be discouraged because 08-02 laid out a clear road map for dealing with some of the difficulties inherent in conducting sufficient pre-acquisition due diligence in the FCPA context. Indeed the DOJ concluded 08-02 by noting, “Assuming that Halliburton, in the judgment of the Department, satisfactorily implements the post-closing plan and remediation detailed above… the Department does not presently intend to take any enforcement action against Halliburton.”

II.             Johnson & Johnson “Enhanced Compliance Obligations”

In the recently released J&J DPA, there is an Attachment D, which is entitled, “Enhanced Compliance Obligations.” This is a list of compliance obligations in which J&J agreed to undertake certain enhanced compliance obligations for at least the duration of its DPA. With regard to the acquisition context, Johnson and Johnson agreed to:

7. J&J will ensure that new business entities are only acquired after thorough FCPA and anticorruption due diligence by legal, accounting, and compliance personnel. Where such anticorruption due diligence is not practicable prior to acquisition of a new business for reasons beyond J&J’s control, or due to any applicable law, rule, or regulation, J&J will conduct FCPA and anticorruption due diligence subsequent to the acquisition and report to the Department any corrupt payments, falsified books and records, or inadequate internal controls as required by … the Deferred Prosecution Agreement.

 8. J&J will ensure that J&J’s policies and procedures regarding the anticorruption laws and regulations apply as quickly as is practicable, but in any event no less than one year post-closing, to newly-acquired businesses, and will promptly: For those operating companies that are determined not to pose corruption risk, J&J will conduct periodic FCPA Audits, or will incorporate FCPA components into financial audits.

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to J&J, on the anticorruption laws and regulations and J&J’s related policies and procedures; and

b. Conduct an FCPA-specific audit of all newly-acquired businesses within 18 months of acquisition.

These enhanced obligations agreed to by J&J in the M&A context would seem to be less time sensitive than those agreed to by Halliburton in 08-02. In the J&J DPA, the company agreed to following time frames:

a.    18 Month-conduct a full FCPA audit of the acquired company.

b.    12 Month-introduce full anti-corruption compliance policies and procedures into the acquired company and train those persons and business representatives which “present corruption risk to J&J.”

So there is no longer a risk based approach as set out in 08-02 and the tight time frames are also relaxed. Once again we applaud the DOJ for setting out specific information for the compliance practitioner through the release of the J&J DPA. As many have decried 08-02 is a standard too difficult to satisfy in the real world of time constraints and budget cuts, the “Acquisition” component of the J&J DPA should provide those who have made this claim with some relief.

For a copy of Opinion Release 08-02, click here.

For a copy of the Johnson & Johnson Deferred Prosecution Agreement, click here.

We would be remiss if we did not wish Prince William and his bride, Kate, best wishes in their new journey together. No one puts on pomp and circumstance like the Brits so sit back, relax and enjoy the nuptials with a nice cup of tea.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

The FCPA and Tone at the Top

Both the US Sentencing Guidelines and the Organization for Economic Co-operation and Development (OECD) Good Practice Guidance on Internal Controls, Ethics, and Compliance consider one of the key items for a best practices compliance program to be the appropriate “Tone at the Top.” 

The US Sentencing Guidelines reads:

High-level personnel and substantial authority personnel of the organization shall be knowledgeable about the content and operation of the compliance and ethics program … and shall promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law. 

The OECD Good Practices reads 

1. strong, explicit and visible support and commitment from senior management to the company’s internal controls, ethics and compliance programs or measures for preventing and detecting foreign bribery; 

The Foreign Corrupt Practices Act (FCPA) world is riddled with cases where the abject failure of any ethical “Tone at the Top” led to enforcement actions and large monetary settlements. In the two largest monetary settlements of enforcement actions to date, Siemens and Halliburton, for the actions of its former subsidiary KBR, the government specifically noted the companies’ pervasive tolerance for bribery. In the Siemens case, for example, the Securities and Exchange Commission (SEC) noted that the company’s culture “had long been at odds with the FCPA” and was one in which bribery “was tolerated and even rewarded at the highest levels”. Likewise, in the KBR case, the government noted that “tolerance of the offense by substantial authority personnel was pervasive” throughout the organization. 

In addition to the two cases set out above, in a 2003 report, the Commission on Public Trust and Private Enterprise cited a KPMG survey covering selected US industries; found that 37 percent of employees had, in the previous year, observed misconduct that they believed could result in a significant loss of public trust if it were to become known. This same KPMG survey found that employees reported a variety of types of misconduct and that the employees believed this misconduct is caused most often by factors such as indifference and cynicism; pressure to meet schedules; pressure to hit unrealistic earnings goals; a desire to succeed or advance careers; and a lack of knowledge of standards. 

So how can a company overcome these employee attitudes and replace the types of corporate cultures which pervaded at Siemens and KBR and re-set its “Tone at the Top”? In a 2008 speech to the State Bar of Texas Annual Meeting, reprinted in Ethisphere, Larry Thompson, PepsiCo Senior Vice President of Governmental Affairs, General Counsel and Secretary, discussed the work of Professor Lynn Sharp at Harvard. From Professor Sharp’s writings, Mr. Thompson cited five factors which are critical establishing an effective integrity program and to set the right “Tone at the Top”. 

1)      The guiding values of a company must make sense and be clearly communicated.

2)      The company’s leader must be personally committed and willing to take action on the values.

3)      A company’s systems and structures must support its guiding principles.

4)      A company’s values must be integrated into normal channels of management decision making and reflected in the company’s critical decisions.

5)      Managers must be empowered to make ethically sound decisions on a day-to-day basis. 

The subject of management making significant changes in the manner in which a business is run has long been the topic of the business press. Most recently, the current issue of the Harvard Business Review was entitled, “Managing Change: How to do it and When to do it”. In an article entitled, “The Decision-Driven Organization”, it cited the example of Ford Motor Company and its recent business turn around, in explicitly setting out a company’s decision to change a company’s business tone. When Allan Mulally became Chief Executive Officer (CEO) in 2006, he found the company in dire need of a change in business direction. Rather than change the company’s structure and then consider the change which would come thereafter, he made the decision to change the direction of the company and then put the structure in place to facilitate that change. 

In large part the change led by Mulally was based upon the five steps noted above with. Mulally substituting ‘a different way of business’ for ethics, however the message is clear. Just like the change at Ford Motor Company being led by the CEO, the transformation in ethics and compliance must be led by the CEO. Employees take their lead from the very top management of a company. If the CEO takes the opportunity to discuss ethics and compliance at every town hall meeting, in newsletters, posters and other types of communications this message is constantly reinforced.

 It is clear from the Harvard Business Review article that management change can occur. If your company does not have the correct “Tone at the Top” it can make the change. The five points set out by Thompson give a clear path to achieving the right tone to move forward with a FCPA compliance policy. Both the US Sentencing Guidelines and the OECD Good Practices are looking to top management to set a company’s tone for the values of ethics and compliance. But more importantly your employees are too. 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. © Thomas R. Fox, 2010

Nigerian Bribery Box Score

Opening Day of the Baseball season is fast approaching and perhaps it is time to give a baseball statistician’s view to the Nigerian bribery case. Yesterday, Rob Evans in The Guardian reported that a UK court ruled that UK citizen Jeffery Tesler should be extradited to the US to stand trial. District Judge Caroline Tubbs, sitting at Westminster magistrates’ court in London, rejected Tesler’s arguments to fight off the extradition attempt. Judge Tubbs found that American prosecutors had alleged the crimes had a “substantial connection” with the US. She said that the Americans had already convicted one of the companies in the consortium for its part in the decade-long bribery scheme and one of the key executives who organized the corrupt payments. The Guardian, furthermore, reported that Judge Tubbs also rejected Tesler’s argument that it would be “unjust and oppressive” to send him to America as prosecutors had taken a long time to charge him. Tesler had argued that he would no longer be able to get a fair trial in the US. However, the judge rejected this argument, pointing out that he was responsible for part of this delay, as he had hired lawyers to block prosecutors obtaining evidence from Switzerland.

One individual, former KBR CEO Jack Stanley has pleaded guilty to violation of the Foreign Corrupt Practices Act (FCPA) in connection with the matter. He was sentenced to 7 years in prison and is subject to ongoing cooperation with authorities on this issue.

KBR admitted that a consortium of which it was a member paid Nigerian officials at least $132 million in bribes for engineering, procurement and construction contracts awarded between 1995 and 2004 to build liquefied natural gas facilities on Bonny Island, Nigeria. The consortium was named TSJK and consisted of subsidiaries of the following entities: KBR (then owned by Halliburton); Technip, French company; ENI, an Italian company; and JGC, a Japanese company.

SETTLEMENT (or RESERVED FOR SETTLEMENT) BOX SCORE

Entity	Fine, Penalty and Disgorgement of Profits (in $ millions)	Amount Reserved for Resolution (app. in $ millions)
Halliburton (KBR)	$579
ENI		$340
Technip		$330
JGC		None reported
Total	$579	$670

 So for those of you keeping score at home, there has been and could be fines, penalties and profit disgorgement of over $1.2 billion. This figure does not include the amount paid out by these corporations for attorneys’ fees, forensic investigative costs and other professional fees which can be only speculated as priceless.

This amount will most probably be paid to the US government but not to the Nigerian government, the country which is alleged to be the focus of the bribery. The FCPABlog has posed the question that “Some in Nigeria will no doubt ask why the penalty money should end up in the U.S. Treasury and not their country?”. One reason could be that there is no current Nigerian investigation into the matter. In February, MainJustice reported that the Nigerian Senate subcommittee tasked with conducting the inquiry into the bribery scandal announced it was shutting itself down, saying that under the US-Nigeria Mutual Legal Assistance treaty, it could not obtain records from American investigators relevant to the investigation. While it does seem odd to this commentator that Nigeria would end its investigation of so public a scandal, we would only conclude that Nigeria must have its own reasons for doing so.

All of this and Opening Day is less than 10 days away. We can hardly wait.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

RISK-BASED COMPLIANCE

A recent benchmarking survey of Third Party Codes of Conduct was conducted by the Society of Corporate Compliance and Ethics (SCCE) and reported on by Rebecca Walker. The findings indicated that a majority of companies with an otherwise robust compliance program do not extend this to third parties with which they conduct business. The findings revealed the following: 53% of companies do not disseminate their internal codes of conduct to third parties; only 26% require third parties to certify to their own codes; and just 17% of the respondents have any third party codes of conduct.

For those companies which now desire to evaluate their third party business partners for Foreign Corrupt Practices Act (FCPA) compliance, how, and perhaps where, do they begin? The approach that appears to be gaining the most traction both with regulators and learned commentators is to develop a risk based approach to FCPA compliance. There is no specific Department of Justice (DOJ) guidance on any one specific process for a risk based compliance system. However, there is sufficient guidance in other FCPA and analogous compliance areas, such that direction can be provided to US and foreign companies in this area.

Writing in the FCPABlog, Scott Moritz of Daylight Forensic & Advisory suggested that a risk-based approach based upon the regulatory programs in Anti-Money Laundering (AML) governance. In the AML areas, the concept is that certain parties, including vendors, represent a higher compliance risk than others. Geography, nexus to government officials, business type, method of payment and dollar volume – are all risk indicators.

This risk-based approach was commented upon, favorably by the DOJ, in Release Opinion 08-02. In this Release Opinion the DOJ reviewed and approved Halliburton’s proposed acquisition of the UK entity Expro. The DOJ spoke directly to a risk based approach by that Halliburton had agreed to provide the following:

. . . a comprehensive, risk-based FCPA and anti-corruption due diligence work plan which will address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. Such work plan will organize the due diligence effort into high risk, medium risk, and lowest risk elements.

This risk-based approach has also been accepted by UK’s Financial Services Authority (FSA) in its settlement of the enforcement action against the insurance giant AON earlier this year. As a part of the settlement AON agreed to the following:

AON…designed and implemented a global anti-corruption policy … limiting the use of third parties … whose only service to AON is assisting it in the obtaining and retaining of business solely through client introductions in countries where the risk of corrupt practices is anything other than low. These jurisdictions are defined by reference to an internationally accepted corruption perceptions index. Any use of third parties not prohibited by the policy must be reviewed and approved in accordance with global anti-corruption protocols.

How does a company implement this guidance? Scott Moritz suggests that key to any risk-based approach is “the strategic use of information technology, tracking and sorting the critical elements — including risk-ranking, as well as enhanced due diligence and ongoing monitoring of high-risk parties proportionate to their risk profiles.”

The uses of a risk based compliance system can be myriad. The Release Opinion 08-02 system was in response to an international acquisition. Such systems can also be used to rank and assist in the evaluation of business partners or supply chain vendors. But, however such a system is used, the clear import from the DOJ, FSA and learned commentators is that some type of rational system should be put in place and followed.

Conducting Effective Compliance Training-Part II

TYPES OF TRAINING

What type of training is most effective in the ethics and compliance arena. The consensus seems to be that there are three general approaches to ethics and compliance training which have been used successfully. The first is the most traditional and it is in-person classroom training. This gives employees an opportunity to see, meet and speak directly with a Compliance Officer, not an insignificant dynamic in the corporate environment. Such personal training also sends a strong message of commitment to compliance and ethics when training is held away from a corporation’s home office. It gives employees the opportunity to interact with the Compliance Officer by asking questions which are relevant to markets and locations outside the United States. Lastly it can also lead to confidential discussions after such in-person training.

An important part of in-person training is the opportunity to interact with the audience through Q&A. There are a couple different approaches to Q&A. The first is to solicit questions from the audience. However many employees are reluctant, for a variety of different reasons, to raise their hands and ask questions in front of others. This can be overcome by soliciting written questions on cards or note pads. A second technique is to lead the audience through hypothetical examples in which the audience is broken down into small (up to 5 person) discuss groups to discuss a situation and propose a response.

The second approach is on-line training. Rick Chapman, Assistant General Counsel for Halliburton in its Compliance & Ethics Practice Group, has said that online training is a one of several training approaches used by Halliburton in ethics and compliance training. On-line training can be a helpful adjunct to live training because it can permeate a globally distributed organization and lends itself to automatic recordkeeping, tickling, and expiration management. He discussed this approach and its use by Halliburton to enable it to “effectively reach every employee at Halliburton worldwide” in Ethisphere Magazine, June 7, 2007 “Expert Corner” Ethics and compliance courses are tailored to different categories of Halliburton employees and provided in multiple languages to ensure that all Halliburton employees will participate in ethics and compliance related learning activities at least once every two years by taking our general ethics and compliance training and/or issue-specific courses such as FCPA.

A third option has been suggested in Wrageblog. It is a combination of live in-person training followed by a live Q&A session filmed. Such a program can then be shown at other company offices around the world. Such a presentation should be lead in-person by a Compliance Officer who can follow up the filmed presentation by conducting a Q&A teleconference with the Compliance staff in the company’s home office. Wrageblog believes that this approach can be a “very robust and inexpensive way to reach a large number of employees with a clear, tailored and forceful compliance message.”

All three ethics and compliance training approaches should be coordinated and both the attendance and result recorded for the combined approach, online training and traditional training for all types of employees in all countries. Results can be tabulated through short questionnaires immediately following the training and bench-marked through more comprehensive interviewing of selected training participants to determine overall effectiveness.

Whatever approach is used, one of the critical factors is the length of time of the training session. While lawyers and ethics and compliance professionals can (sometimes) sit through 8 hours of such training, it is almost impossible to keep the attention of business and operations employees for such a length of time. The presentation must be kept to a manageable length and number of PowerPoint slides before eyes start to glaze over. My experience in all types of legal and compliance training has led me to believe that 3 hours is about the maximum length of in-person training which can hold the attention of business and operations employees for ethics and compliance training. For on-line training I would suggest a maximum length of one hour.

THE OPENING

As noted in Part I, a company’s ethics and compliance training may well comprise several different audiences and different cultures around the globe. Top notch training should be able to reach all of the learners at such training sessions. One way to do so is to grab the audience’s attention early by demonstrating the commitment of top management to ethics and compliance and make clear to each audience member how compliance laws such as the FCPA pertain directly to them. In his blog, the FCPA Professor has put forward a suggestion in his posting, “FCPA — The First Few Minutes” by proposing that an FCPA training session begin with an opening such as:

“Today, I will be talking about a U.S. law that applies to all of you – regardless of whether you are in the sales and marketing department, the executive office suite, the finance and audit department, or the logistics department. This law can cover a wide range of payments the company makes, or could make, either directly or indirectly, in doing business or seeking business in foreign markets. Your understanding of this law and how it may relate to your specific job function will best ensure that the company remains compliant with this law and is able to achieve its business objectives.”

Another technique to get the attention of the audience simply might be remind the them that hardly anyone looks good in a prison-orange jumpsuit and that you are here to present training to keep them out of such clothing.

THE END OF THE DAY

At the end of the day, an effective training program will incorporate all learning tools available to reach the widest target audience possible. An individual’s understanding of the rules is always important but it should be grounded in a company’s ethical corporate culture. Coupled together, these Approaches listed in Part I, together with types of training discussed in Part II, should embolden employees to make the right decision even if they cannot remember a specific rule governing a situation. More importantly, such effective training provides knowledge about what an employee can and cannot do when confronted those ‘grey areas’ that exist in the real world of international business.

This is the second of a two-part series on ethics and compliance training. Part I was posted on January 19, 2001

——————–
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.

© Thomas R. Fox, 2010