Interview with Jon Rydberg

Ed. Note-today I continue with my series of interviews with thought leaders in the compliance arena. Today, I post an interview of Jon Rydberg, CEO and Founder of Orchid Advisors.

Where did you grow up and what were your interests as a youngster?

I spent the majority of my life in Connecticut but lived in the Los Angeles area for approximately nine years. My wife and I moved back to the east coast in 2009 to be with family. Growing up the son of two teachers and a two-time valedictorian meant my childhood was destined to be focused on academics, leaving little time for other interests such as golf and soccer. My true childhood passion was entrepreneurship, only I didn’t know it at the time. My parents would say that I was good at generating ideas, starting a project and then losing focus only to do it all over again with another new idea. I guess you could classify my childhood to resemble that of a early-stage venture capitalist.

Where did you go to college and what experiences there led to your current profession?

My father was a teacher at the local high school. So, naturally that meant I had to attend the local preparatory school, Avon Old Farms. It was an incredible experience being surrounded by the best and brightest of student athletes and tenured professors. After high school, I received a BS in Mechanical Engineering and an MBA in Corporate Finance from Bucknell and Rensselaer, respectively. And, I was only a few classes short of a Masters in Accounting before my career escalated and my free time for academic interests became hard to come by

How did my current career spawn from that? It likely began with my first job, designing packaging for explosive devices in accordance with DOT regulations. Shortly after I was managing R&D efforts for tactical weaponry that were destined for Aerospace & Defense giants such as Lockheed, Boeing and United Technologies. In the early 2000s I led the A&D industry segment a global audit and consulting firm Protiviti and had a similar client service role for Ernst & Young. Almost every product I’ve touched since day one has been subject to a federal or state regulation. Today, I am the CEO of a national consulting practice focused on Transforming the Compliance Ecosystem^TM.

You have worked both in Big 4 accounting firms and in corporations. What lessons did you learn from these different types of employment experiences?

#1 – The concepts of compliance, internal control and internal audit are too often misunderstood, including amongst top executives. Unfortunately, the concepts are thought of us impediments, not enablers, of high-end business performance or beneficial elements of the corporate governance structure – until it is too late. The Orchid team offers an open invitation to any person or firm that wishes to partner on our initiative to enhance the perceived value of these functional areas.

#2 – Achieving compliance, comfortably, means establishing it as an equal business metric to quality, safety and financial performance. Human nature will drive people to focus on incentivized areas, obviously. So, concepts like a ‘balanced scorecard’ add value to ensuring the long-term viability of the organization and protects owner interests.

#3 – Don’t be afraid of recognizing when help is needed, no one knows everything. Take the opportunity to learn from those who’ve seen both the good and the bad elsewhere.

You have worked with a variety of US governmental agencies. Are there any general guidelines that you can give the compliance practitioner to who might be presenting to or working with a government agency for the first time?

Yes, I think it can be summed up with my favorite phrase – there is a big difference between being compliance and having a compliance program. The point is, Federal and State agencies have a job to do in both establishing new legislation and then regulating it. The role of a regulator isn’t loved but there’s not much we can do about it. A best practice approach is to build trust, be honest and transparent and recognize that continuous improvement begins with a self assessment and ends with a written compliance plan.

What led you to found Orchid Advisors and how do you hope to change the Compliance Ecosystem^TM?

I had worked with a number of high-profile attorney’s on various compliance projects who knew the law inside and out but who had little practical implementation experience. It was clear to me that someone, or some firm, had to be created to bridge the gap between those who could recite the regulations chapter and verse and those who make and ship widgets on a daily basis. Orchid Advisors was launched to ‘operationalize’ compliance with a proprietary methodology called the Compliance Ecosystem^TM.

The Compliance Ecosystem^TM takes the concept of compliance (as a department or impediment to execution) to a whole new level. Much like the Japanese approach to manufacturing processes and total quality development, the Compliance Ecosystem embeds compliance control into: (1) Business strategy; (2) Corporate culture; (3) Process and technology; and (4) Continuous improvement. Furthermore, it emphasizes the importance of managing compliance not only within the four walls of your business, but also at your suppliers, distributors and other supply chain partners.

And, the beauty of our methodology is that it applies to every industry, any company size or structure and any regulation. That being said, our initial focus includes: Anti-bribery (FCPA, UK Bribery, etc.); ATF firearms compliance; ITAR compliance; Import / Export compliance and Sarbanes-Oxley compliance.

You recently released the book “Anti-Bribery Leadership”, authored with myself. Who do you think should read this book and why?

Our book is unique. As Matt Kelly, Editor of Compliance Week stated, “it isn’t Shakespeare and it’s not intended to be.” This guide is specifically designed to be short and laser focused for high-level corporate executives, board members and corporate attorneys. In 60 pages we’ve provided:

• A list of questions that those executives should be asking their own organizations;
• A compliance methodology accepted by the Federal Government;
• Examples of high-risk areas drawn from our own Department of Justice and Securities and Exchange Commission investigations; and
• Tools to govern the ongoing operations of the business.

Anti-Bribery Leadership: Practical FCPA and U.K Bribery Act Compliance Concepts for the Corporate Board Member, C-Suite Executive and General Counsel is available in both bound and eBook versions. You can purchase a bound copy by clicking here and an eBook version on Kindle by clicking here. The eBook version is currently a Top Ten best-seller.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

From China to Poland and Brazil-The Lilly FCPA Enforcement Action- Part II

In Parts II and III of my review of the Eli Lilly and Company (Lilly) Foreign Corrupt Practices Act (FCPA) enforcement action brought by the Securities and Exchange Commission (SEC), I will discuss some the processes and procedures which you can use in your Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance program which should enable you to prevent or detect FPCA violations, similar to those Lilly sustained, as discussed in Part I of these blog posts on the Lilly enforcement action. Today, in Part II, I will discuss the FCPA issues that Lilly faced in China, Brazil and Poland.

As it is a New Year, I would like to start out with listing Paul McNulty’s Three Maxims regarding the effectiveness of a FCPA compliance program. I have been privileged to hear Paul speak many times for several years. These Maxims were the questions he posed to companies when he was in his role as the United States Deputy Attorney General. First, what did you do to prevent it? Second, what did you do to detect it? Third, what did you do to remedy it?

With the McNulty Maxims in mind, Lilly got into FCPA hot water for using four different styles of bribery schemes in four separate countries. In China, the corruption involved employees and bribery payments which were falsely labeled as reimbursement of expenses. In Brazil, the corruption involved a distributor which received a larger than normal discount for Lilly products. The additional revenues generated from this discount were used to pay a bribe. In Poland, the corruption involved charitable donations which were falsely labeled in Lilly’s books and records. These charitable donations were used to induce a Polish government official to approve the purchase of Lilly products; and, finally, Lilly’s subsidiary in Russia, paid bribes to Offshore Agents who were domiciled outside Russia and who performed no services for the compensation they received.

I.                   China

According to the SEC Complaint, in China the FCPA violations centered around various sales representatives who submitted false expense reports to cover bribes which were paid or their supervisors who instructed them to do so. The SEC Complaint noted that although the dollar amounts for the gifts provided to Chinese officials “generally small, the improper payments were wide-spread throughout the [Chinese] subsidiary.” To prevent such actions, a company must train its employees about the requirements of the FCPA, or any other relevant anti-corruption law, regarding what is and is not allowed under such laws. A company must then follow up to monitor and audit such activities. In a sales model which is employee based, internal audit must review the expense reports of its sales representatives as they represent the highest risk of corruption.

II.                Brazil

In Brazil, Lilly used the distributor model to market its drugs through third-party distributors who then resold these products to public and private entities. As noted by Matt Ellis, in his post entitled “Eli Lilly’s Distributor in Brazil: The Non-Obvious FCPA Risk”, the discounts that distributors typically receive from manufacturers such as Lilly can be problematic under the FCPA because “enforcement officials can see these discounts as potential “loose money” that can be used for bribe payments. This is especially the case when the distributor is engaging in other activities on behalf of the producer, like marketing, licensing, and customs clearance.” This was the situation that Lilly found itself in as the standard range of discounts given to distributors was “between 6.5% and 15%, with the majority of distributors in Brazil receiving a 10% discount” but in early 2007, at the request of a Lilly sales manager, the company awarded an unusually high discount of between 17% and 19% to a distributor for the sale of a Lilly drug to the government of one of the states of Brazil. The distributor used approximately 6% of this additional discount to create a fund to pay Brazilian government representatives to purchase the Lilly drugs from him.

a.      Prevent

In the area of prevent, the SEC Complaint noted the following “Lilly-Brazil’s pricing committee approved the discounts without further inquiry. The policies and procedures in place to flag unusual distributor discounts were deficient.” Lastly, as stated by Ellis, “It noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.” Indeed Kara Brockmeyer, the SEC’s chief FCPA enforcer, stated in the SEC Press Release announcing the matter:

Eli Lilly and its subsidiaries possessed a “check the box” mentality when it came to third-party due diligence. Companies can’t simply rely on paper-thin assurances by employees, distributors, or customers. They need to look at the surrounding circumstances of any payment to adequately assess whether it could wind up in a government official’s pocket.

All of this means that if a discount is outside the normal range typically given to a distributor, a red flag is raised as to why the increased discount was allowed. Simply basing a management decision on the representations of a sales manager is not a sufficient mechanism to clear such a red flag.

b.         Detect

From the detect prong, internal audit needs to follow up with ongoing monitoring and auditing. Internal audit can be used to help determine the reasonableness of a commission rate outside the accepted corporate norm. Further, as noted by Jon Rydberg, of Orchid Advisors, in an article entitled “Eli Lilly’s Remedial Efforts for FCPA Compliance – After the Fact”, the company should be “implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption” for the distributor sales model.

III.             Poland

Here Lilly used charitable donations to a charitable foundation which was, as stated in the SEC Complaint, “founded and administered by the head of one of the regional government health authorities at the same time that the subsidiary was seeking the official’s support for placing Lilly drugs on the government reimbursement list.” There were a total of eight payments made to the charitable foundation. In addition to the charitable donations made, Lilly “falsely characterized the proposed payments”. Lilly had a group which reviewed the request for such donations called the “Medical Grant Committee [MGC]” which approved the payments “largely based on the justification and description in the submitted paperwork.”

a.      Prevent

From the prevent prong, it is clear that if the MGC had adequately reviewed the donation request, it would have determined that the charitable foundation was administered by the same person making the decision over the sale of Lilly products. Indeed, the largest request was made just two days after the government decision maker authorized a large purchase of Lilly products. The SEC Complaint also noted that of there were different corporate justifications for the eight requests for the charitable donations made. So, as noted by Rydberg, there was a failure of corporate governance and financial controls. In its FCPA Guidance, the Department of Justice (DOJ) lists five questions which a company should ask when considering a charitable donation. They are: (1) What is the purpose of the payment? (2) Is the payment consistent with the company’s internal guidelines on charitable giving? (3) Is the payment at the request of a foreign official? (4) Is a foreign official associated with the charity and, if so, can the foreign official make decisions regarding your business in that country? (5) Is the payment conditioned upon receiving business or other benefits?

b.      Detect

From the detect prong, there are several things which can be incorporated into a FCPA compliance program regarding charitable donations. The DOJ has issued several Opinion Releases on charitable donations and based on Opinion Release 10-02, some of the protections a company can do to comply with the FCPA regarding charitable donations are as follows:

1)      Certifications by the recipient that it will comply with the requirements of the FCPA;

2)       Due diligence to confirm that none of the recipient’s officers or directors are affiliated with the foreign government at issue;

3)      A requirement that the recipient provide audited financial statements;

4)      A written agreement with the recipient restricting the use of funds to humanitarian or charitable purposes only;

5)      Steps to ensure that the funds were transferred to a valid bank account;

6)      Confirmation that contemplated activities had occurred before funds were disbursed; and

7)      Ongoing auditing and monitoring of the efficacy of the program.

These protections allow an audit trail which can be monitored or audited by the company’s audit team.

Tomorrow I will take a look at Lilly’s FCPA violations in Russia and use that information to set forth some minimum best practices which you can use in your compliance program to help you both prevent, detect and then FCPA compliance violations.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013