FCPA Compliance and Ethics Blog

December 6, 2013

The Rogue Employee Myth: Prevention and Detection in a FCPA Compliance Program

I cannot think of any criminal enforcement actions against a corporation involving the Foreign Corrupt Practices Act (FCPA) where there was a lone wolf employee engaging in bribery and corruption on his or her own. There might well be some internal investigations and even self-disclosures to the Department of Justice (DOJ) of such conduct but the public usually does not know about them since the DOJ would issue a Declination under such circumstances. The only publicly announced Declination where the company was identified was the Morgan Stanley Declination. In that matter, a Managing Director, Garth Peterson was prosecuted for his individual action in violating the FCPA. But from the information made available, it appears that the company uncovered Peterson’s conduct, investigated and self-reported it to the DOJ.

One of things that Donna Boehme and Jim McGrath regularly rail against is the claim that violations of the FCPA, UK Bribery Act and other anti-corruption laws are the result of some ‘rogue employee’ out there, dreaming up ways to engage in bribery and corruption to obtain or retain business. Organizations such as the US Chamber of Commerce want to limit corporate liability for the criminal actions of their employees saying it is not fair for a company to pay for the sins of these alleged rogue employees.

While I recognize the US Supreme Court may soon make all of the above moot by deciding that corporations have the same rights, obligations and duties of real persons, those individuals making the claim of rogue-ness do not seem to contemplate how much work and effort must go into any ongoing bribery scandal which would result in a FCPA violation and how much is attributable to the company. First if the company, explicitly or implicitly, communicates that the bottom line, quarterly numbers or anything like that is the most important action an employee will be evaluated on, guess what, their numbers, and employees will always find a way to make their numbers. Further, if employees can either manipulate or over-ride a company’s internal controls to help fund or hide the payment of bribes, it is the fault of the company not having robust controls in the first place.

Remember Paul McNulty’s Three Maxims? (1) What did you do to prevent it? (2) What did you do to detect it? (3) What did you when you found out about it? If a company’s internal controls are so porous that employees can slide the payment of bribes through the system, I would say that you have failed to answer Maxim 1 in the affirmative. If your auditing or monitoring is so poor that you cannot find any evidence of bribery and corruption because you didn’t want to (See: Wal-Mart’s initial investigation into its Mexican subsidiary) or because the auditing and monitoring is so poor (See: GSK in China where they somehow missed $500MM in payments to ‘travel agents’); you have also failed to answer McNulty Maxim 2 in the affirmative.

Yesterday I wrote about psychopaths in the guise of Chief Executive Officers (CEOs). I do not think there could be a better example of this than Bernie Madoff. His grandiosity extended to attempting to claim to federal investigators that his multi-decade, multi-billion dollar fraud and Ponzi scheme was all his work alone, that no one else in his company was involved or even knew about it. That outsized claim is being put to the test over the next couple of months in a courtroom in New York where five former employees are currently on trial for participating in this massive fraud.

In fascinating testimony Frank DiPascali, a former top lieutenant to Madoff, reported in a Wall Street Journal (WSJ) article, entitled “Madoff’s Cold Play Outwitted Auditor” by James Sterngold, the schemes used to defraud customers and fool auditors and regulators. Initially, he noted that NONE of the trades recorded in the company’s books and records ever took place and that “a number of staff members spent most of their time producing large volumes of fake documents to convince customers there were earning attractive returns.” To put an explanation point on his testimony, when asked if Madoff’s staff created trades out of thin air, he responded, “Literally, yes.” To confuse and misdirect an auditor from KPMG, when the accounting firm demanded to see “detailed daily trading logs to confirm that the firm was actually engaged in trading”, Madoff’s staff not only created the fake logs but put them in the refrigerator to “cool them down”. Another time, the staff tossed them around “like a medicine ball to make them look used and crinkled.” All of this was presented as evidence in the trial which indicates that more people had to be involved in the fraud.

The clear lesson for the compliance practitioner from the Madoff employees’ trial testimony to-date is that there cannot be one person or the ubiquitous ‘rogue employee’ who decides to engage in bribery and corruption. There has to be more than one person. To circumvent a company’s internal controls takes work. For in any criminal FCPA enforcement matter, it is because the company involved had such weak internal controls that such circumvention could occur in the first place. But more than this circumvention, it means that the company did not employ sufficient systems to detect such bribery and corruption. And if the documentation you are reviewing is cold to the touch that may now constitute a red flag.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

October 23, 2013

Farewell to Bum and Bud: Trends in FCPA Compliance and Enforcement

Sometimes the universe converges in ways that are quite eerie. This past weekend was such an instance when the most beloved figure in Houston professional sports passed on to the great hereafter; only to be followed two days later by the most reviled figure in Houston professional sports history. The most beloved was Bum Phillips, head coach of the Houston Oilers during the Luv Ya Blue era, when the Oilers twice reached the AFC Championship game, losing both times to eventual Super Bowl Champion, the Pittsburg Steelers. The most reviled was the owner of the Houston Oilers, Bud Adams, who not only fired Phillips because he was too popular but also huffed and puffed and picked up his franchise and moved it to Nashville when the City of Houston refused his extortionate demands for a new stadium five years after upgrading the Astrodome at his behest. It sure ought to be a great get together to watch some football upstairs this weekend.

Although one was beloved and one was reviled, they both were innovators so today I will look at five trends in both Foreign Corrupt Practices Act (FCPA) compliance programs and Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcements.

I.                   Transaction Monitoring

In April 2012, the DOJ announced that it was declining to prosecute Morgan Stanley for the FCPA violations of one of its Managing Directors, Garth Peterson, even though Peterson himself pled guilty to FCPA violations. This was the first publicly announced Declination to Prosecute by the DOJ. In announcing the Declination, the DOJ listed several factors including the firm’s extensive compliance policies and notifications thereof, internal controls and training meant to prevent FCPA violations, all of which had been acknowledged by Peterson. However, the one which struck me was that Morgan Stanley’s compliance personnel engaged in transaction monitoring, randomly auditing particular employees, transactions and business units, and testing to identify illicit payments. This was the first time that the DOJ had spelled out transaction monitoring as a key component of a FCPA compliance regime.

In December, 2012, the SEC released its FCPA enforcement action against Eli Lilly and Company (Lilly). Although this was a civil action and not a DOJ criminal enforcement action, I believe that transaction monitoring would have been a key to detecting and preventing the FCPA violations. In Brazil, there was one distributor which received a discounted rate outside the standard discount given. Transaction monitoring parameters could be set to notify internal audit or compliance if such situations occurred. In Poland, there was a clear relationship between the dates of the donations to the charitable entity administered by the Director General who was making the decisions on the sale of Lilly products. Once again transaction monitoring would have correlated this connection and flagged it for further investigation.

II.                International Corruption and Bribery Enforcement

The entry of the Chinese government into the international fight against corruption and bribery is truly a game-changer. While there may be many reasons for this very public move by the Chinese government, it is clear that foreign companies are now on notice. Doing business the old fashioned way will no longer be tolerated. I agree with Mike Volkov that the GlaxoSmithKline PLC (GSK) bribery and corruption investigation will be the Number 1 development for the year in anti-corruption compliance. This means that international (read: western) companies operating in China have a fresh and important risk to consider; that being that they could well be subject to prosecution under domestic Chinese law.

The international component of this investigation may well increase anti-corruption enforcement across the globe. First of all, when other countries notorious for their endemic corruptions, for example India, see that they can attack their domestic corruption by blaming it on international businesses operating in their country, what lesson do you think they will draw? Most probably that all politics are local and when the localities can blame the outsiders for their own problems they will do so. But, when that blame is coupled with violations of local law, whether that is anti-bribery or anti-price fixing, there is a potent opportunity for prosecutions.

III.             Document, Document and Document

The SEC is investigating JPMorgan Chase regarding its hiring practices in China. It appears that JP Morgan Chase hired children of Chinese government officials or heads of state owned enterprises. While such hirings do not violate the FCPA per se, they do raise red flags. The FCPA Professor was quoted in the New York Times (NYT) for the following, “While the hire of a son or daughter itself is not illegal, red flags would be raised if the person hired was not qualified for the position, or, for example, if a firm never received business before and then lo and behold, the hire brought in business.”

This entire episode emphasizes the continuing key concept of the three most important things in any FCPA compliance program; that being Document, Document and Document. If your compliance program does not document its successes there is simply no evidence that it has succeeded. In addition to providing to your company support to put forward to the DOJ, it is the only manner in which to gauge the overall effectiveness of your compliance program. Put another way, if you don’t document it, you cannot measure it and if you cannot measure it, you cannot refine it.

IV.              Risk Management is More Than Simply Risk Assessment

The implementation of an effective compliance program is more than simply following a set of accounting rules or providing effective training. Compliance issues can touch many areas of your business and you need to know not only what your highest risks are but where to marshal your efforts in moving forward. A risk assessment is designed to provide a big picture of your overall compliance obligations and then identify areas of high risk so that you can prioritize your resources to tackle these high risk areas first. Indeed the FCPA Guidance (the Guidance) listed risk assessments as one of the ten hallmarks of an effective compliance program, stating “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.”

In addition to an initial risk assessment to either (1) inform your compliance program or (2) help you to identify high risks and prioritize their remediation, risk assessments should be a regular, systemic part of compliance efforts rather than an occasional, ad hoc exercise cobbled together when convenient or after a crisis. These should be conducted at the same time every year and deputize a consistent group, such as your internal audit department or enterprise risk management team, to conduct the annual review. Such annual risk assessments act as a strong preventive measure if they are performed before something goes wrong. In addition, enforcement trends and government priorities change rapidly so it is vital to stay up to date and conduct regular assessments. Lastly, it avoids a “wait and see” approach.

V.                 Enforcement Actions Against Individuals

Both the DOJ and SEC made clear in the first half of this year that they will aggressively enforce the FCPA against individuals. Mike Volkov has gone so far as to predict that “It is clear that FCPA enforcement for 2013 will go down as the year of criminal prosecutions of individuals.” It is not only significant that the DOJ and SEC are more aggressively prosecuting individuals but also that they continue to use the full panoply of law enforcement tools available to them for actions under the FCPA. These include undercover operations, cooperating witnesses, grand jury proceedings, civil enforcement actions and all other implements at their disposal. It is also clear that the DOJ will give significant credit for substantive cooperation by individuals. Finally, the DOJ will prosecute officials when they have evidence of obstruction or witness tampering and will also use the Travel Act and anti-money laundering (AML) laws to bring enforcement actions.

VI.              Summary

The DOJ and SEC continue to aggressively pursue violators of the FCPA near and far. However, the entry of China into the aggressive enforcement of its domestic anti-corruption legislation may signify a level of increased risk for any company doing business in any of the traditional high risk countries or geographic areas. Further, the individual prosecutions portend an increased risk for persons who engage in corruption and bribery across the globe. Finally, do not forget the basics of any anti-bribery and anti-corruption compliance program remains the same, Document, Document, and Document.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

April 3, 2013

M*A*S*H and Triage in Your FCPA Investigation Protocol

One of the things that I learned from the television series M*A*S*H was the need for triage. In the hospital setting, triage is the process of determining the priority of patients’ treatments based on the severity of their condition. At the Dow Jones Global Compliance Symposium, there were a couple of panels which discussed the need for triage in your compliance program around issues that are reported through a company’s internal reporting mechanism.

Given the number of ways that information about violations or potential violations of the Foreign Corrupt Practices Act (FCPA) can be communicated to the Department of Justice (DOJ) having a robust triage system is an important way that a company can separate the wheat from the chaff and bring the right number of resources to bear on a FCPA problem. Kevin O’Connor, Vice President (VP) for Global Compliance, United Technologies Corp, said that one of the things that this is important in making an initial determination of whether to bring in outside counsel to head up an investigation. It is also important in a determination of the resources that you may want or need to commit to a problem. Ty Cobb, a partner at Hogan Lovells, put it this way “How much information do you need to know before you go to outside counsel? Quite a bit.” Another panelist, Jamie Gorelick, partner at WilmerHale, put it in a different manner when she said “you have to kick the tires” so that you know the circumstances in front of you before you make the decision to go to outside counsel.

But even if you kick the tires and determine that you do need to involve outside counsel, there are still ways in which a corporation can work to control the costs of a FCPA investigation. O’Conner said that United Technologies is able to keep the costs down by having a very robust team of investigators embedded in many departments across the company, outside of the compliance function. O’Connor said that these employees come from employment and professional backgrounds which trained them in the basics of investigations. Many of these United Technologies employees come from law enforcement but there are other professions such as national security, foreign service, the intelligence community, human resources and others.

O’Connor said that the key is to hire people with a background and prior training investigations. These investigators receive FCPA and other compliance training while at United Technologies so that if a major incident arises they can be used to supplement outside counsel personnel who may lead an investigation. In this way, United Technologies is able to keep outside counsel from sending lawyers all over the world and thereby run up the costs of a FCPA investigation. This concept was put another way by another panelist, David Yawman, Senior Vice President & Chief Compliance and Ethics Officer, PepsiCo Inc., who said that he “wants to be building sprinkler systems and not fighting fires”. He explained this meant that he wants to have trained personnel available to him, who can have their primary function outside the compliance group but can be called upon as needed in such a FCPA investigation.

On another panel Paul McNutly, partner at Baker & McKenzie LLP, explained that he believed it would be important for a company’s regular outside counsel to partner more with the entity as a way to help hold down costs. McNulty explained that a law firm could work to help put on the additional FCPA and compliance focused training that O’Connor discussed on a more regular and ongoing training. This partnership relationship would allow the law firm to have confidence that the company’s investigators could handle a large or wide-ranging FCPA investigation. This confidence would help outside counsel in any discussions they might have with the DOJ during the pendency of a FCPA investigation.

McNulty was asked how do you help keep costs from reaching the ‘ridiculous’ level? He also mentioned that a company needs to initially scope any FCPA allegation which may arise through a company’s internal reporting mechanism or other manner. But said another step is to develop a reasonable investigation plan. This can be particularly important if you self-disclose to the DOJ. You will need to go into the DOJ and present your investigation plan so McNulty suggested an early discussion with the government on the scope of the investigation is critical.

Panelist Gorelick stressed that you should engage the DOJ to show not only the scope of your investigation but that it can be limited so that you do not face the dreaded ‘where else’ question. You should develop a logical plan with the nexus to the facts. However, she emphasized that you must have credibility with the government that not only will your investigation will be robust but that facts you have determined in your initial triage are a reasonable interpretation.

I found it very useful that there was a discussion relating to costs of a FCPA investigation that extended over two panels at the conference. Both in-house and outside counsel presented concrete and achievable solutions that can be implemented to help contain costs. But the key is to be prepared, not only in terms of having your investigation and notification protocols in place before the FCPA allegation comes in but also doing the proper triage so that you have an initial understanding of what you may be facing.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

February 1, 2013

Amnesty for Armstrong? Lessons for the Compliance Practitioner

The Lance Armstrong saga continues to provide many lessons for the compliance practitioner. A recent article on ESPN.com, entitled “Lance calls for amnesty program”, reported that Armstrong has come out in favor of those who openly speak about the doping culture of cycling, of course most notably him. The article stated “Now that doping has become such a big problem, Armstrong said a truth and reconciliation program is the “only way” to rid cycling of performance-enhancing drugs, and the sport’s governing body should have no role in the process.” In an interview given to Cyclingnews, it was reported that Armstrong said that the “best way forward is a truth and reconciliation process offering amnesty to riders and officials who detail doping in the sport.”

When asked which anti-doping agency should give this amnesty and which one should take such testimony Armstrong answered that “the program should be run by the World Anti-Doping Agency and not the U.S. Anti-Doping Agency (USADA), the body that produced a scathing report detailing systematic doping by Armstrong and his teams. The USADA report led to Armstrong being stripped of his seven Tour titles and banned from elite sport for life.” Not too surprising that Armstrong does not want to get anywhere near USADA given the report they released on him last summer. Armstrong stated that complete amnesty must be given “otherwise no one will show up.” Any chance that ‘no one’ he refers to would be himself?

While Armstrong’s idea of a ‘Truth and Reconciliation’ program may seem, well shall we say, a tad self-serving, the use of a suspended or lessened sentence has been successfully used to elicit testimony in the cycling world.According to the New York Times, USADA had “the ability to offer other cyclists reduced suspensions if they provided information about Armstrong’s doping. Similar to how prosecutors try to persuade lower-level drug dealers to share information about their superiors, the anti-doping agency sat down one by one with cyclists from Armstrong’s teams. Ultimately, 11 agreed to cooperate.” So I guess people will show up if you offer them some type of amnesty, just not the top banana.

What is the compliance angle to amnesty programs? Siemens used an amnesty program to help it investigate its worldwide bribery scheme. In November 2007, Siemens began an amnesty program relating to possible violations of anti-public-corruption laws in order to expedite the independent investigation and facilitate clarification. According to an article in the FCPA Blog, entitled “Siemens’ Employees Come In From The Cold”, Siemens began this amnesty program because its “internal investigation reportedly had stalled because of stonewalling by managers in various countries.”

In the first three months 66 employees came forward in connection with the amnesty program. In addition, a large number of employees received information about the program. “The amnesty program has been very successful” Peter Y. Solmssen, member of the Managing Board and General Counsel of Siemens AG said. He went on to say “We’re pleased that so many employees have made use of the program and are thereby expediting clarification.” By mid-January, 2008, Siemens’ counsel, Debevoise & Plimpton, said that “[s]ince November 28, 2007, we have obtained significant new information and developed very substantial leads from participants in Siemens’ amnesty program, as well as other sources, regarding topics relevant to our investigation.” Siemens itself said that information provided by the employees who ‘came in from the cold’ through this amnesty program gave it new leads to pursue in its internal investigation. At the end of the day, the Department of Justice (DOJ) lauded Siemens amnesty program, which it characterized as “innovative” in helping to further Siemens internal investigation.

Further, The Wall Street Journal (WSJ) reported in March 2008, in an article entitled “Siemens Amnesty Plan Assists Bribery Probe”, that the amnesty program “was offered to all employees except 300 of Siemens’s top executives and expired at the end of February [2008], prompted about 110 employees to offer information about alleged wrongdoing.” Under the amnesty program, the company did not make claims for damages or unilaterally terminate employee relationships. However, Siemens reserved the right to impose lesser disciplinary measures.

So what about Armstrong and his ‘Truth and Reconciliation’ idea? In the ESPN.com article, he intones that he is really the victim here. First of all, he feels that he is really the fall guy for the sport of cycling, because you know, everybody was doing it. He just did it better. He also said it was unfair that those who testified against him had received “minor off-seasons sanctions versus the death penalty” for himself. He was quoted as saying, “What is relevant is that everyone is treated equally and fairly. We all made the mess, let’s all fix the mess, and let’s all be punished equally.” That certainly sounds like someone who is repentant, doesn’t it?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

January 24, 2013

What is Your FCPA Investigation Protocol?

On Wednesday, at the ACI FCPA Bootcamp, there was an excellent presentation by Jay Martin, Vice President, Chief Compliance Officer (CCO) and the Senior Deputy Counsel for Baker Hughes Incorporated and Jacki Trevino, Senior Manager, Corporate Compliance at Fluor Corporation. I have heard both of them speak and I can assure you that they both know the Foreign Corrupt Practices Act (FCPA) and their compliance stuff. They both also always have a great power point presentation that you can take away from any presentation either one of them makes. Yesterday was no different on either score.

The topic of their presentation was “FCPA Compliance Best Practices: Success Stories of Robust and Effective Anti-Corruption Compliance Programs in High Risk Markets” and as you might guess from such a title, there was a significant amount of information discussed. Today, I wanted to focus on one part which dealt with investigation protocol. I think that one of the key lessons to be drawn from the ongoing Wal-Mart FCPA matter is that back in the 2006 time frame, when the corporate office was made aware of allegations of bribery and corruption regarding its Mexican subsidiary, the corporate office either did not have an investigation protocol in place, or perhaps even worse, it had one and disregarded it when the allegations bubbled up to Bentonville.

Trevino presented the Fluor investigation protocol which consists of the following five steps (1) Opening and Categorizing the Case; (2) Planning the Investigation; (3) Executing the Investigation Plan; (4) Determining Appropriate Follow-Up; and (5) Closing the Case. I recognize that if a case of significant bribery or corruption is uncovered that there may be more or additional steps that you may need to take. However if you follow this basic protocol, you should be able to work through most investigations, in a clear, concise and cost effective manner. Furthermore you should have a report at the end of the day which should stand up to later scrutiny if a regulator comes looking. Finally, you will be able to document, document, and document, not only the steps you took but why and the outcome obtained.

Step 1: Opening and Categorizing the Case. Under this first step, you should categorize the ethics and compliance violation. You should notify the relevant individuals, including those on your investigation team and any senior management members under your notification protocols. After notification, you should assemble your investigation team for preliminary meetings and assessments. This Step 1 should be accomplished in one to three days after the allegation comes into compliance, either through your reporting structure or other means.

Step 2: Planning the Investigation. After assembling your investigation team, you should determine the required investigation tasks. These would include document review and interviews. If hard drives need to be copied or documents put on hold or sequestered in any way, or relationships need to be analyzed through relationship software programs or key word search programs, this should also be planned out at this time. These tasks should be integrated into a written investigation or work plan so that the entire process going forward is documented. Also if there is a variation from the written investigation plan, such variation should be documented and an explanation provided as to why there was such a variation. Lastly, if international travel is involved this should also be considered and planned for at this step. This Step 2 should be accomplished with another one to three days.

Step 3: Executing the Investigation Plan. Under this step the investigation should be completed. I would urge that the interviews not be effected until all documents are reviewed and ready for use in any interviews. Care should be taken to ensure that an appropriate Upjohn warning is issued and that the interviewee clearly understands that whoever is performing the interview represents the company and not the person being interviewed, whether they are the target of the investigation or not. The appropriate steps should also be taken to preserve the attorney-client privilege and attorney work product assertions. This Step 3 should be accomplished in one to two weeks.

Step 4: Determining Appropriate Follow-Up. At this step the preliminary investigation should be completed and you are ready to move into the final phases. In some investigations, it is relatively easy to determine when the work is essentially complete. For example, if the allegation is both specific and narrow, and the investigation reveals a compelling and benign explanation for the conduct alleged, then the investigation typically is complete and you are ready to convene the investigation team and the relevant business unit representatives. This group would decide on the appropriate disciplinary steps or other actions to take. This Step 4 should be completed in one day to one week.

It must be cautioned that at this step, if there are findings of specific or discrete allegations of corruption and bribery, a decision must be made as how to handle such findings going forward.

Step 5: Closing the Case. Under this final step, you should communicate the investigation results to the stakeholders and complete the case report. Everything done in the above steps should be documented and stored, either electronically or in hard copy form together. The case report should be completed. This Step 5 should be completed in one day to one week.

With the growing number of reports to the Securities and Exchange Commission (SEC) Whistleblower program under Dodd-Frank, companies are under increasing pressure to get up and running quickly on any claim of bribery and corruption that is brought forward. By using the Fluor investigation protocol that Trevino has laid out, you will have a ready-made process in place to start from. If your company does not have such a protocol I would suggest that you tailor this process to fit the needs of your company. If your company does have an investigation protocol in place, I would suggest that you review it in need of the one that Trevino has presented to us.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

 

January 23, 2013

The FCPA Guidance on the Ten Hallmarks of an Effective Compliance Program

Many commentators are still mining the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) publication, A Resource Guide to the U.S. Foreign Corrupt Practices Act, (the “Guidance”), which was released last November. I continue to find nuggets to provide to the compliance practitioner, as do others. But as we are a Base 10 culture, today I want discuss the 10 points listed as the ‘Hallmarks of Effective Compliance Programs”. They are a change in style, but not content, from the prior 13 point minimum best practices that the DOJ has in the Deferred Prosecution Agreements (DPAs) since at least November, 2010 and, indeed, from prior information made available by the DOJ.

I.                   Where Have We Been

Beginning with at least the Metcalfe & Eddy Consent and Undertaking, filed in December, 1999, the DOJ has laid out its thoughts on what should go into a Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program. In the Metcalfe & Eddy Consent and Undertaking, the DOJ laid out ten points of an effective FCPA anti-corruption compliance program. This was modified somewhat in Opinion Release 04-02, which laid out a best practices compliance program in 12 points, where the DOJ reviewed the proposal by an investment group who were acquiring certain companies and assets from ABB Ltd. ABB Vetco Gray Inc. and ABB Vetco Gray (UK) Ltd., two of the entities being acquired, had previously pled guilty to FCPA violations. The investment group desired to protect itself from further liability, to the extent possible, by proposing to the DOJ a comprehensive best practices compliance program. While the DOJ noted that this compliance program was not a shield against future violations, the DOJ would not “intend to take an enforcement action [against the investors] for violations of the FCPA prior to their acquisition from ABB.”

In the Panalpina DPA, issued in November, 2010, the DOJ laid out a 13 point minimum best practices compliance program. This number was changed this past summer when the Data Systems & Solutions LLC (DS&S) DPA was announced. In this enforcement action the DOJ listed 15 points on its minimum best practices FCPA anti-corruption compliance program. Then later in the summer, the DOJ moved to a 9 point compliance program in the Pfizer DPA. Even with all these changes in the number, the substance of each compliance program has remained the same.

II.                Where Are We Now? Hallmarks of Effective Compliance Programs

The Guidance cautions that there is no “one-size-fits-all” compliance program. It recognizes that depending on a variety of factors such as size, type of business, industry and risk profile that a company should determine what is appropriate for its own needs regarding a FCPA compliance program. But the Guidance makes clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

  1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states that “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
  2. Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. The Guidance makes clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model. Some of the risks a company should assess include “the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.”
  3. Oversight, Autonomy, and Resources. This section starts with a discussion on whether a company has assigned a senior level executive to oversee and implement a company’s compliance program. Not only must a company assign such a person with appropriate authority but that person, and the overall compliance function, must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Additionally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
  4. Risk Assessment. The Guidance states that “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.” The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.”
  5. Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
  6. Incentives and Disciplinary Measures. This involves both the carrot and the stick. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.” These incentives can take the form of a part of senior management’s bonuses or simply recognition on the shop floor.
  7. Third-Party Due Diligence and Payments. Here the Guidance focuses on the ongoing problem area of third parties. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
  8. Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
  9. Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
  10. Mergers and Acquisitions. Pre-Acquisition Due Diligence and Post-Acquisition Integration. Here the DOJ and SEC spell out what it expects in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information is not something that most companies had previously focused on. Basically, a company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

As I commented earlier in this article, the DOJ and SEC have communicated what they believe are the important parts of a risk based, anti-corruption compliance program for many years. I do not think that a compliance defense could be set out any more succinctly. However, I do like things set out in Base 10 and the “Hallmarks of Effective Compliance Programs” is an excellent compilation of where we are and what you need in place to go forward. I recommend this as a good a starting point for any compliance practitioner to implement a new compliance program or to evaluate the state of an ongoing compliance regime so assess your company’s risks and use these hallmarks as a basis to move forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

January 2, 2013

The Allianz FCPA Enforcement Action – What the Compliance Practitioner Needs to Know

Who is your favorite character from the Iliad? Is it Agamemnon the king who brings the Greek Armada to Troy for his brother’s honor; perhaps Ajax the mountain of a man who is the most loyal Greek warrior; how about Achilles the warrior who single-handedly destroys more Trojans than any Greek; or perchance Nestor the wise old counselor who tries to keep the Greeks united in the face of ten years of war? Perhaps your taste runs to the Trojan characters, Priam, the leader of Troy, Paris, now husband of the most beautiful woman on earth, or Hector, the stalwart son of Priam who dies in a duel with Achilles. In the Iliad, my money is on Odysseus, who is a king like Agamemnon and Priam; a shrewd advisor like Nestor; and a great warrior like Ajax, Achilles and Hector. Lastly, he has, if not the most beautiful wife in the world, certainly the most loyal in Penelope.

On December 17, 2012, the Securities and Exchange Commission (SEC) entered into an agreed Cease and Desist Order (Order) with Allianz SE regarding violations of the Foreign Corrupt Practices Act (FCPA). Much like Odysseus, this Order provides several different types of information for the compliance practitioner to digest. This post will work through some of the information and point out to you the lessons which can be drawn from this enforcement action.

The company is in the insurance business, writing lines including property and casualty, life, and health insurance and also is in asset management. Initially it is to be noted that the FCPA violations involve a subsidiary Allianz created to do business in Indonesia, PT Asuransi Allianz Utama Indonesia Ltd (Utama), through which the illegal payments were made. Allianz was the majority owner of this entity and Utama’s financial reporting was rolled up into the parent’s books and records. The Order reported that Utama secured at least 295 Indonesian government contracts through improper payments of approximately $650,626. From these improper payments, Allianz “realized $5,315,649 in profits.”

I.                   Jurisdiction

While the company is headquartered in Munich, Germany, from November 3, 2000 to October 23, 2009, Allianz’s American Depositary Shares and bonds were registered with the Commission pursuant to Section 12(b) of the Exchange Act and traded on the New York Stock Exchange (“NYSE”). This made Allianz an “issuer” within the meaning of the FCPA and therefore subject to the Act. The conduct at issue occurred when Allianz was a US issuer. Interestingly, in 2009, Allianz voluntarily delisted its securities from the New York Stock Exchange (NYSE).

II.                The Bribery Scheme

Back in 1981, the company opened up a “special purpose bank account” for the payment of agent commissions in Indonesia. However, in February, 2001, the Chief Compliance Officer (CEO) and Chief Financial Officer (CFO) of Utama “opened a separate, off-the-books account in the Indonesian Agent’s name (the “Agent special purpose account”). The Agent special purpose account was used to make improper payments to employees of Indonesian state-owned entities and others for the purpose of obtaining and retaining insurance contracts.” Contemporaneously with the creation of this new Agent special purpose account, Utama contracted with its Indonesian Agent a “Paying Agency Agreement” which established the Agent special purpose account would serve as the slush fund to make bribe payments to foreign officials and others as instructed by Utama.

a.      2001-2005

The scheme worked in this manner. There were two components for the insurance premiums, a “technical premium” which was 75-95% of the cost of the insurance product and the “overriding premium” which was the remaining 5-25% of the premium and was to be paid to the agent for the sale. During this time frame, the Utama Marketing Manager would make payments into the Agent special purpose account and these monies would be used to make improper payments to Indonesian government officials. The Indonesian government purchasing the insurance would be billed the combined total of these two premiums for 100% of the cost of the insurance product. The monies received by Utama would be deposited into one bank account and then the amount of the overriding commission would be transferred into the Agent special purpose account. This money would then be paid to the Indonesian government official who directed the purchase of the insurance product, in cash.

b.      2005-2008

Due to an internal whistleblower and subsequent investigation which will be discussed later, this original bribery scheme was modified in 2005; that is after completion of payments to Indonesian government officials who were owed bribes for insurance products purchased previously, up through 2008. Thereafter, Utama employed a variety of methods to make illegal and improper payments to Indonesian government officials. These methods included “1) booking commissions to an agent that was not associated with the account for the government insurance contract and then withdrawing the funds booked to the agent’s account as cash to pay the foreign official; or 2) overstating the amount of a client’s insurance premium, booking the excess amount to an unallocated account and then “reimbursing” the excess funds to the foreign officials, who were responsible for procuring the government insurance contracts.”

III.             Whistleblower and Internal Investigations

In 2005, an internal whistleblower made a complaint about the Agent special purpose account. This whistleblower apparently provided detailed information on the account and “a number of internal controls weaknesses.” The company initiated an internal audit of Utama and the Agent special purpose account but amazingly limited the scope of the audit to “embezzlement from the Company”. Even with this limited scope Allianz’s internal audit group identified the Agent special purpose account as a “vehicle to pay project development and overriding commissions to the special projects and clients for securing business with Utama” and other indicia of FCPA improper payments however “no additional steps were taken to determine the nature and purpose of the accounts or to identify the recipients of payments from the accounts.” The company did instruct Utama to close the Agent special purpose account but as noted above, not only did Utama continue to make improper payments out of the Agent special purpose account but also widened the scope of its bribery practices.

In 2009, the company’s outside auditor “received an anonymous complaint alleging that an Allianz executive created or initiated slush funds during his tenure with AZAP.” In response to this complaint the company created “a Whistleblower Committee to do an internal investigation and retained counsel to conduct an internal investigation of Utama’s payment practices in Indonesia.” However, Allianz did not self-report either the allegations of improper payments or the results of its internal investigations to the SEC or Department of Justice (DOJ). In 2010, the SEC opened an investigation after receiving “an anonymous complaint of possible FCPA violations.” After some initial delay in the timeliness in reporting to the SEC, the company began cooperation with the SEC and began remedial efforts.

IV.              Lessons Learned

There are several lessons which can be learned from the Allianz enforcement action. The first and foremost is jurisdiction. Simply because you are a foreign based company, do not think you are shielded from FCPA enforcement actions. Foreign companies need to review their US listings to determine if they have inadvertently subjected themselves to FCPA jurisdiction. In Allianz’s situation its American Depositary Shares and bonds were registered with the SEC. That is enough for jurisdiction. So if you are sitting across the Atlantic or Pacific or north or south of the border and have some American interests, holdings or anything else that you own or are a part of the US, you had better get your FCPA compliance house in order.

There is a wealth of information that internal auditors can use from this enforcement action. The first and foremost is that when you turn a rock over and look under it there may well be several things that show up under the light of day. If you are tasked with trying to find one scheme, such as embezzlement and find indicia of another, for example bribery and corruption of foreign government officials, it is in the interest of both you and your company to keep looking. If substantive information comes to a company in any manner, the company has a duty to investigate it and not to bury its collective head in the sand.

The bribery schemes used by Utama are also instructive. Initially, they give internal audit and anyone else looking for that matter, clear red flags to investigate further. If there is a “special purpose fund” of any type, the reason for the fund and justifications for payments out of it, thorough review of backup documentation is mandatory for your review. Additionally, there should be a review of the commissions paid. It is easy enough to do; match up the commission paid with the contract for which it is due under, coupled with the work done by the agent who is alleged to be owed the commission. You should also review the amount of commission paid to ascertain if it is within a reasonable range.

Internal controls must also not only be reviewed but additional monitoring and auditing should be put in place to make sure that any recommendations made are followed. Here Utama was told to close the Agent special purpose account in 2005 but not only did they fail to do so they continued to pay bribes out of it into 2008. Apparently no one at Allianz thought they should follow up to see if the instruction to close the Agent special purpose account was followed.

We started this blog with the question of who was your favorite hero from the Iliad. My favorite is Odysseus. He is the only Greek hero who combines all of the traits I listed in the opening paragraph. I think that the Allianz FCPA enforcement action is similar because there are many different lessons which can be learned. The DOJ and SEC consistently put out solid information that the compliance practitioner can use to evaluate and assess a compliance program or to manage specific risks. You do not have to read the tea leaves or try to go to the Oracle of Delphi to understand what the DOJ and SEC expect in the way of FCPA compliance. The Allianz SEC enforcement action continues this tradition.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

December 14, 2012

A Cornucopia of Great FCPA Articles for Your Friday Consideration

It has been a great couple of weeks for article regarding the Foreign Corrupt Practices Act (FCPA). While I have resisted having a Friday Round Up of all things FCPA compliance related because both the FCPA Professor, on his site and Dawn Lomer on iSight.com have two of the best, some of the articles that I have read over the past are well worth a post about. So with a tip of the hat to both of these blogging colleagues, I submit for your Friday consideration the three following authors with their superior articles.

The FCPA Professor

The FCPA Professor has published two excellent articles over the past two weeks on the FCPA. The first was his 80 page tome, “The Story Of The Foreign Corrupt Practices Act”. In this article, published in the Ohio State Law Journal, the Professor explored the more than two years of investigation, deliberation, and consideration, which led to the passage of the FCPA in 1977. Noting that it was  “a pioneering statute and the first law in the world governing domestic business conduct with foreign government officials in foreign markets” the Professor wove together “information and events scattered in the FCPA’s voluminous legislative record to tell the FCPA’s story through original voices of actual participants who shaped the law.” In his article I learned who supported legislation aimed at stopped the bribing of foreign government official and how the final legislation came into being after a long and arduous process.

This week, the Professor published his review of the Department of Justice FCPA Guidance, which came out last month, entitled “Grading the Foreign Corrupt Practices Act Guidance“. It was published in Bloomberg / BNA’s White Collar Crime Report. As you have come to expect from the Professor, his review is proactive. His abstract details some of the items he discusses, such as “(i) the enforcement agencies’ motivations in issuing the Guidance and the fact that it should have been issued years ago; (ii) the utility of the Guidance from an access-of-information perspective and how the Guidance can be used as a measuring stick for future enforcement agency activity; (iii) how the Guidance is an advocacy piece and not a well-balanced portrayal of the FCPA as it is replete with selective information, half-truths, and, worse information that is demonstratively false; (iv) how, despite the Guidance, much about FCPA enforcement remains opaque; and (v) how, despite the Guidance, FCPA reform remains a viable issue.”

As I once said about Dick Cassin and his FCPA Blog, “If the FCPA Blog didn’t exist, someone would have to create it and fortunately for us Dick has done so.” To this list I now must add the FCPA Professor, so to paraphrase Paul Samuelson, when asked to comment about Milton Friedman winning the Nobel Prize in Economics, “if the FCPA Professor didn’t exist, we would have to invent him.” You can agree or disagree with the Professor but he stirs debate and puts out topics for dialogue, which as the son of Professor, is what I think that academicians should do.

 Alexandra Wrage

For the longest time, my This Week In FCPA colleague Howard Sklar crowed to me about Alexandra and how he was such a big fan. Of course I knew of her and her work as President of Trace. Like many of us, I bemoaned the fact she no longer blogs on a regular basis. She does speak on a regular basis and early this year I heard her speak at the Beacon Events Corruption and Compliance South and Southeast Asia Summit. Fortunately she spoke after I did because she is a very dynamic speaker. In addition to her numerous speaking engagements, she does publish articles from time-to-time and yesterday we were treated to a most timely article on gift giving and gift receiving. It was published on the Corporate Insider blog site of Corporate Counsel and was entitled, “‘Tis the Season When Gifts Become Bribes”. In her article, Wrage explored the receipt of gifts by employees in the context of corruption. The article is certainly worth your time to read but she listed the points that any company or compliance professional needs to consider in a gift giving or gift receiving policy:

  • Gifts should be modest, tokens of esteem.
  • Ideally, they should bear the corporate logo or reflect the company’s products and they should be provided openly and transparently.
  • Delivering to an office is preferable to sending to a home address.
  • One gift-giving holiday or event should be observed. It doesn’t matter if it’s Diwali, Eid, the Lunar New Year, July 4th, or Christmas, but pick (only) one.
  • Perishable gifts of flowers or food are generally thought to be less risky, in part because they can’t be resold.
  • Give consistently and without regard to pending or recent procurement or other official decisions.
  • Follow corporate policy.
  • Document everything.
  • Give in good faith and without expectation of any quid pro quo.
  • A moderate annual affirmation of both new and longstanding relationships is not a bribe.

Good ideas to follow any time of the year.

Jim McGrath

Jim is a former prosecutor and chief legal officer of a federally funded drug task force so he comes with a different perspective than my civil law background. Jim blogs on his own site, the Internal Investigations Blog and as you may discern from the name of his blog, he tends to look at the investigative side of things. He did so again in a post entitled, “Little Things Mean A Lot: The FCPA Guide on Internal Investigations”. McGrath looked at the DOJ FCPA Guidance from his investigative perspective and came up with the following nugget: “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation. Companies may employ, for example, anony­mous hotlines or ombudsmen. Moreover, once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” From this he wrote that the “text mandates that companies not only have “in place an efficient [and] reliable . . . process for investigating [an] allegation”, but that it be “properly funded” as well.  [italics in original]

McGrath believes that this language should raise concerns for Chief Compliance Officer “across the land, since “properly funded internal investigation” has now been added to the pile of ill-defined terms such as “foreign official”, “instrumentality”, and “anything of value”. Further he raised the following questions:

  • What happens if the unforeseeable occurs and the wheels come off in far greater severity than anticipated when the CCO stocked the internal probe war chest?
  • Will that shortcoming be considered a hallmark of a less-than-effective compliance program and militate against a non-prosecution or deferred prosecution agreement or will it factor into a higher culpability score and greater penalties?
  • And who – as if practitioners didn’t know – will decide these issues?

I recommend all of these articles and authors to you. Each brings a different perspective and each can help you build, create or enhance your compliance program to meet best standards. A good Friday to all and let us hope that the Texans can recover from their debacle in Boston.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

September 20, 2012

Antietam Led to the Emancipation Proclamation – Where Will Wal-Mart Lead?

Battle of Antietam.pngSeptember 17 was the 150th anniversary of the single bloodiest day in American history. On that day the Army of Northern Virginia, led by Robert E. Lee met the Army of the Potomac, led by George McClellan. The battle was fought near a railway junction called Sharpsburg on Antietam Creek. On this day more than 23,000 Americans from both the North and South were casualties. As a Texan, I must note that John Hood’s Texas Division had casualties reported at over 90%, the highest ever for any US Division in any war at any time. When asked by a fellow officer where his division was, Hood replied, “Dead on the field.”

While the battle was a tactical draw, it ended the first Southern threat of invasion of the North. More importantly it provided Lincoln the political cover to issue the Emancipation Document, which changed the nature and course of the Civil War. I thought about how the horrific battle of Antietam led to something very different, the Emancipation Proclamation, when I read the latest output by the FCPA Professor, in an article entitled “Foreign Corrupt Practices Act Enforcement As Seen Through Wal-Mart’s Potential Exposure”. The Professor used the lens of the allegations of Foreign Corrupt Practices Act (FCPA) violations brought forward against Wal-Mart, as set out in the New York Times (NYT) article of April 21, 2012. The Professor explored five questions:

  • whether Congress intended in passing the FCPA to capture the type of payments at issue in Wal-Mart;
  • what FCPA case law instructs as to the payments;
  • whether what Congress intended or what courts have concluded even matters; and
  • the politicization of Wal-Mart’s scrutiny and its impact on FCPA reform.

I.                   Congressional Intent

Here the Professor notes that “The first question, and the easiest, is whether, given the SEC’s and DOJ’s current enforcement theories, the Mexican payments in connection with permitting, licensing, and inspection issues can expose Wal-Mart to an FCPA enforcement action?” and that the answer to this question is most likely yes; the Professor believes that the “second, and more important question, is whether Congress in passing the FCPA intended to capture pay payments occurring outside the context of foreign government procurement and involving ministerial and clerical acts by foreign governmental officials.” After reviewing the Congressional record to try and determine some legislative intent the Professor quoted Rep. Robert C. Eckhardt (D-Texas) – a congressional leader on the foreign payments issue, for the following:

Payments to a [foreign official with ministerial or clerical duties] for instance, to complete a form that ought, in equity, to be completed, to give everybody equal treatment, to move the goods off a dock which he will not move without a tip, a mordida, I think, as they call it in the Spanish language, a facilitating payment, or a grease payment would not constitute a bribe.

Based upon his review, the Professor concludes that “answer from the FCPA’s legislative history is no” and Congress did not intend to make facilitation payments illegal under the FCPA.

II.                Case Law

The Professor reviews four cases which he believes touch on the allegations. US v. Durham; US v. Kay (District Court); SEC v. Mattson; and US v. Kay (5th Circuit) in asking the question of whether even if the payments made by Wal-Mart payment do not meet the FCPA’s facilitation payments exception, “in order for there to be a violation of the FCPA’s anti-bribery provisions, the ‘‘obtain or retain business’’ element, among others, must also be met.”

After noting that the Department of Justice (DOJ) lost 3 of the 4 cases, he opines that the fourth, US. v. Kay in the 5th Circuit was equivocal at best. Therefore, any inquiry must be “a highly fact-dependent question whether a payment to a foreign official outside the context of foreign government procurement is subject to the FCPA. A key portion from the Kayruling logically implicated by Wal-Mart’s alleged payments is the following: ‘‘there are bound to be circumstances in which payments outside the context of foreign government procurement merely increase the profitability of an existing profitable company and thus, presumably, does not assist the payer in obtaining or retaining business.’’

III.             Do These Issues Even Matter?

In this section, the Professor notes that the negotiations between Wal-Mart and the DOJ will most likely be “behind closed doors in Washington DC.” In the air of negotiated Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs), the DOJ will assert its claims of jurisdiction and will not, because it cannot test the DOJ’s theories of liability at a trial. The Professor stated, “It will not matter if Wal-Mart’s payments are the type Congress intended to capture in passing the FCPA, nor will it matter what relevant case law instructs as to the payments.”

IV.              The Impact of Wal-Mart’s FCPA Scrutiny

Here the Professor raises fours issues: (1) the loss of stock price; (2) the investigative cost; (3) follow on shareholder derivative civil lawsuits; and (4) the effect this matter will have in others in the retail industry.

While Wal-Mart stock initially dropped 4.7 percent and continued a downward trend with an approximately $20 billion dip in shareholder value, it did rebound. However, the cost for the now worldwide investigation was already up to $51MM by the end of July. The Professor reports that  “at least 12 shareholder lawsuits have been filed against Wal-Mart and/or its officers and directors in the wake of the Times article.” Lastly, regarding a retail industry sweep, the Professor noted that “According to a recent Reuters report, other retail companies have also since reported to U.S. agencies suspicions of their own potential violations, which in turn has the Justice Department and SEC considering a sweep of the entire industry.”

V.                 FCPA Reform

Here the Professor continues his consistent argument that the Wal-Mart matter should encourage, rather than discourage, substantive debate on whether the FCPA should be reformed. However, he does not believe that opponents of FCPA reform “pounced” in heralding that the Wal-Mart matter ended the debate on FCPA reform (including this commentator). He does admit that this case may well have ended Congress’ collective stomach to take FCPA reform head on. He also notes that some Congressmen opened their own separate investigations of Wal-Mart but no person wanted to use the matter to inform the FCPA debate before Congress because as stated by the Chief Counsel of the House Judiciary Committee at a Hanson Wade FCPA conference in Houston, Texas in June of this year, ‘‘practical matter, public opinion matters, what happens in the real world matters,’’ and the atmosphere surrounding FCPA reform after the Times article has made it ‘‘harder for different groups to advocate’’ for FCPA reform.

With all articles published by the FCPA Professor, they are well researched and well written. I have found them to be provocative but in a way that fosters debate. Sort of the role that I think a Professor should have. We know where the bloodiest day in American history led but we do not know at this point, where this Wal-Mart matter will end.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 16, 2012

When to Not Use the F-Bomb? The Standard Chartered AML Settlement

I guess it is appropriate that the word “F-Bomb” will now, as of next week and for the first time, be in the mainstream Merriam-Webster’s Collegiate Dictionary. I say this while thinking about Howard Sklar’s blog post, entitled “Best.Quote.Ever”, in which he cited the following email from Standard Chartered Bank’s (SBC) Group Executive Director to its head of Compliance in New York.

You f…ing Americans. Who are you to tell us, the rest of the world, that we’re not going to deal with Iranians?

[Ed. Note – This is a PG-rated blog so we have edited the curse word. We would note that the family G-rated New York Times (NYT) cut the entire first sentence from its reporting.]

Well, as of yesterday, SBC seems to have found the understanding that if you are going to do business, in at least the state of New York, you had better follow the rules as it agreed to pay a $340MM fine to the New York state Department of Financial Services (DFS) for breaking the law. Unfortunately, the SBC settlement was just one more in long line of settlements by banks for violations of anti-money laundering (AML) laws. In an article in the <>Wall Street Journal (WSJ), entitled “British Bank Settles Iran Money Case”, reporter Liz Rappaport cited figures from the US Department of Treasury and Justice Department regarding the largest US anti-money laundering settlements.

AML Penalty Box of Settlements

Bank Amount (all in $millions) Date of Settlement
ING Bank $619 June 2012
Lloyds TSB Bank $567 December 2009
Credit Suisse $536 December 2009
Royal Bank of Scotland $500 May 2012
Standard Chartered $340 August 2012
Barclays $298 August 2012

We also note, as reported in the WSJ, that HSBC Holding has publicly announced it “has reserved $700 million to pay fines” relating to its AML violations.

While the amount paid by SBC is low on the scale of fines paid to date, Rappaport quoted analysts as saying “the settlement is a good outcome for Standard Chartered. They say the penalty is manageable for a bank that generated nearly $4 billion in profit in the first half of 2012.” However, there were some components of this settlement that could cause SBC further pain down the line. The first, as reported in a Financial Times (FT) article entitled “StanChart settles NY claims for $340m, is that the agreement is with the state of New York regulators only. It does not cover the “US Department of Treasury, Department of Justice, Federal Reserve and Federal Bureau of Investigation” all of whom are “also probing the bank’s transactions with Iran” in long running investigations. Credit Suisse analyst Amit Goel was quoted in another WSJ article, entitled “Standard Chartered Faces a New Normal in New York”, that “We would expect the other regulators to settle in due course, and the fines may be material, but we think the aggregate cost will be below $1 billion and will not require the company to issue any additional equity.”

In addition to these ongoing investigations SBC will have not only an external monitor, appointed by the New York DFS, but also examiners from the DFS installed on site at the bank who “will assess the money-laundering risk controls in StanChart’s New York branch, advise on the implementation of “corrective measures” and report back to the DFS for a full two years.” I can assure SBC that having such compliance monitors, both external and from the DFS, will prove to be very disruptive to their ongoing business operations. A bank spokesman was quoted, in a WSJ article, as saying “the bank said it has no idea how intrusive the installation of monitors might be because the final details have yet to be hammered out.” Indeed.

So how about that idiotic email that started this piece. I would say that SBC needs some serious training on email etiquette. Maybe they could have Bobby Knight come in for sensitivity training? Or maybe, just maybe, they could follow the law.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

« Previous PageNext Page »

Blog at WordPress.com.