Venice, the US Navy and Red Flags

Today’s post comes from Venice where I am spending a week. It is one of the most unique and beautiful cities on earth. It was a great maritime power for over 1000 years. At the height of its power, it was the richest city on earth, worth almost 10 times more than the entire country of France in 1300. Even today, it is still dominated by the sea in all aspects, from the transportation of its daily food stuffs, to the flooding which is regular occurrence due to the fact the city is sinking into the Adriatic.

Venice’s maritime heritage sets the scene for today’s post which is about the ongoing corruption scandal in the US Navy. The scandal has led the Navy to taking action against seven officers over a criminal investigation into ship supply contracts for the Navy in the Pacific. The supply contracts where all with a company named Glenn Defense Marine Asia. As reported by the New York Times (NYT), the allegations are that the company, led by a Malaysian named Leonard Glenn Francis, won over $200 MM in contracts “to provide fuel, food and other services to warships by submitting extremely low bids.” The company then used bribery and corruption of Navy officers to help inflate the company’s billing and to “cover his tracks.” Apparently complaints were raised by Navy contracting officials as early as 2009 about the company, yet it was awarded three new contracts in June 2011, giving Glenn Defense Marine Asia “control over supplies and dockside services for its [the US Navy’s] fleet across the Pacific.”

For the compliance professional, this scandal involving the US involves some clear and unfortunately stark lessons learned regarding the warning signs of corruption, i.e. Red Flags.

Background Investigation

For any Foreign Corrupt Practices Act (FCPA) compliance program, a mandatory staple is to know with whom you are doing business. This is referred to as due diligence. A variety of sources are reviewed during the due diligence process, including background checks on third parties who do business with a company through the sales chain and supply chain. It turns out that Mr. Francis had spent time in jail on handgun charges. More significantly, the Navy encountered problems with Glenn Defense Marine Asia in its initial contracts with the company.

Rates and Pricing

Most compliance practitioners review contract rates to make sure that the rates do not create such a large amount of money to facilitate the payment of bribes or to create the incentive to pay bribes to win contracts. However, contract pricing and rates can be a significant indicator that something may not be quite right with a third party. In the case of Glenn Defense Marine Asia, it was its low-ball bidding which should have raised a red flag. In the bidding for the 2011 Pacific-wide supply contract, another company, DaeKee Global Company bid $67.9MM, while Glenn Defense Marine Asia bid only $21.6MM. Another NYT article quoted Robert Burton, a former acting administrator for the Office of Federal Procurement who said, “That type of huge price discrepancy is certainly a red flag.” He was further quoted to say, “Contracting officers should have raised questions.” Glenn Defense Marine Asia’s business plan was then to overcharge the US Navy using inflated prices and submit billing for delivery of non-existent goods and services.

Lavish Gift-Giving

To take this next step, the company needed the active assistance of US Naval officers. Once Glenn Defense Marine Asia was able to secure the contract to supply the Pacific-wide stores, it went to work on the naval officers now caught up on the criminal investigation. In one email the company said that “We gotta get him hooked on something” when discussing how to corrupt one naval officer to help Glenn Defense Marine Asia get over-charges paid to make up for the low bid on the contract. The company used lavish gifts and entertainment to cultivate officers who could send additional work in the direction of the company and approve the payment of inflated billing or billing for non-existent work. The gifts ranged from tickets to concerts, first class travel across the globe and payments of up to $100,000 in cash.

While most companies have compliance programs in place to deal with the lavish gift-giving and perform background due diligence on entities with which they do business they do not often focus on pricing. This scandal involving Glenn Defense Marine Asia and the US Navy makes clear that if a potential third party representative using an extra-ordinary low rate to entice your company to do business with it, something may be amiss. As Burton was pointed out in the NYT article, a huge price discrepancy is itself a red flag. If pricing is so low, as not to make business sense, it means the price difference will be made up somewhere else. In the case of the US Navy it was through over-charging for goods and services and billing for non-existent bills and services. If the same happens with a foreign government or state owned enterprise subject to the FCPA, it could well be that your company would be in hot water for going with the lowest bidder to represent your company. This does not mean that your company cannot do business with the lowest bidder, but it does mean that if a bid is so low as to defy commercial expectations, there needs to be further analysis to determine why the bid is so low.

The Glenn Defense Marine Asia/US Navy scandal presents some tangible lessons for the anti-corruption compliance practitioner. Just as Venice grew wealthy through smart trading, it is incumbent to know who you are doing business with, watch out for red flags and manage your business relationships after the contract is signed.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

AML for the Compliance Practitioner: The KPMG 2011 Survey on Anti-Money Laundering

Dick Cassin, writing in his FCPA Blog, has consistently raised the issue of Anti-Money Laundering (AML) in the wider battle against bribery and corruption. He set out some of his thoughts in a post entitled “9/11 and the FCPA”. He also speaks regularly about AML laws as one component of the ongoing battle against world-wide terrorism since 9/11and how that relates to anti-bribery and anti-corruption compliance. I thought about Dick’s writing and ideas while I was reading the survey released yesterday by KPMG, entitled “Global Anti-Money Laundering Survey 2011”. While this survey focused on the banking industry, there were many issues identified that are applicable to the wider compliance field. The survey is one of the continuing releases by KPMG that gives insight into what compliance practitioners are thinking, some of the challenges that they face and provides a summary of best practices which anti-bribery and anti-corruption practitioners can incorporate into their company’s US Foreign Corrupt Practices Act (FCPA) and UK Bribery Act compliance programs.

The part of the survey which struck me as most applicable to the FCPA and Bribery Act compliance practitioner was ongoing monitoring. My ‘This Week in FCPA’ colleague, Howard Sklar, often speaks that he believes a compliance program must be nimble and agile enough to evaluate new risks as they arise or become known to a company. The KPMG survey noted that “This principle [ongoing monitoring] also applies to wider risk management arrangements. Ongoing risk assessment should include intelligence generated internally as well as externally, and a key source for this data is monitoring tools and activities.” Ryan Morgan, Anti-Corruption Specialist at World Compliance, spoke, at the ACI-FCPA Boot Camp held in Houston this past January, about the need to perform ongoing due diligence on parties on more than an annual basis.  This is because such due diligence is simply a snapshot of time going back from the date of the due diligence. Morgan made clear that 3 months, 6 months or 9 months into the future this snapshot might change.

Another reason to do ongoing monitoring relates to Dick Cassin’s work on the connection of compliance programs to anti-terrorism. To assist banks and other financial institutions in the fight against money laundering and terrorist financing KPMG suggests they undertake ‘ongoing monitoring’ of the business relationship with each customer. This ongoing monitoring has two components. First such institutions should monitor all of the transactions involving the customer to ensure that they fall within expectations. This concept has clear resonation in the FCPA compliance area under one of the well-recognized Red Flags regarding third party business partners. If a proposed foreign business partner does not have experience in your company’s field of expectation for the services or products your company offers, or the commission the foreign business partner sought, or has received, do not fall within a range of monetary expectations, these are viewed as ‘Red Flags’.

The second component of ‘ongoing monitoring’ would fall into the category of “Know Your Customer” or as it is known by its acronym ‘KYC’. KPMG notes that this second element of the ‘ongoing monitoring’ requirement is the need to keep relevant KYC data items up-to-date. Without up-to-date data, banks cannot understand their customers, nor screen a company’s principals effectively against sanctions lists. As Ryan Morgan noted in his ACI presentation many times it is difficult to obtain accurate information on officers, directors and related parties in the ownership chain of a foreign business partner because of the inherent inefficiencies in  a foreign governments corporate records filing systems. This means that the tools must be in place but those tools must also be utilized on a regular basis.

The KPMG survey is filled with much information for any banking compliance officer but also solid information for the anti-bribery and anti-corruption practitioner. I heartily recommend it to you for your consideration.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Some Red Flags

Most compliance practitioners have heard the term “Red Flags.”  Red Flags are generally defined as circumstances which could place a reasonable person on notice that illegal or improper conduct has or may occur. A Red Flags does not mean that an action or transaction should immediately be terminated. It does mean that you should engage in an appropriate level of additional due diligence and investigation before moving forward.

In his blog posting yesterday entitled “On Anti-Money Laundering“, our colleague Howard Sklar, discussed a new anti-money laundering initiative from the Asset Forfeiture and Money Laundering Section of the Department of Justice. Howard has previously spoken of “compliance convergence” or the merging of control programs such as anti-bribery and anti-corruption with anti-money laundering. Inspired by Howard’s post and his use of “compliance convergence” this post will list some possible Red Flags that you should consider in three control areas: anti-bribery and and anti-corruption; anti-money laundering and with a nod towards the ever changing economic sanctions being levied against Libya, Red Flags regarding international economic sanctions.

I. Anti-Bribery and Anti-Money Laundering

• Doing business in a high risk county
• Allegations that the party has made facilitation payments to government officials.
• Refusal to warrant compliance with the FCPA or other recognized anti-bribery or anti-corruption law.
• Reluctance to participate in due diligence.
• Allegations of illegal or unethical conduct.
• Convictions for illegal conduct.
• Any suggestion that laws or regulations or company compliance policies need not be followed.
• Any suggestion that unethical conduct is custom or the norm in  country.
• Refusal to follow your code of conduct.
• Use of shell companies.
• Ownership by or close relationship to a governmental official
• Refusal to identify a principal of beneficial owner.
• Recommendation of use by a governmental official
• Refusal to sign a contract.
• Lack of experience in the field.
• Requirement of an usually high commission.
• Insistence on payment in cash.
• Insistence on payment in third party country or to an unrelated third party.
• Request for advances.
• Sharing of compensation with undisclosed parties.
• Refusal to provide adequate invoices.
• Offering to provide false invoices.

II.       Anti-Money Laundering

• Named as a Designated Party, SDN or on any similar list.
• Connections to countries identified as non-cooperative with international efforts against money laundering.
• Providing false or misleading information.
• Refusal to disclose the nature and source of assets.
• Refusal to identify a beneficial owner.
• Acting as the agent for an undisclosed principal.
• Company address is not a physical site but a PO box.
• Use of a shell company.
• Lack of concern regarding risks or transaction costs.
• Structuring transactions to avoid reporting requirements.
• Offering to engage in transaction with no or little business justification.
• A request that funds be transferred to an undisclosed third party or in another jurisdiction.
• Any transaction designed to evade taxes.

III.    International Economic Sanction

• Connections to US or UN sanctions or embargoes, including SDN, Denied Persons, Entity and Debarred Lists.
• Requests that goods be exported to countries on an international boycott list.
• Inaccuracies in any shipping documentation and invoicing.
• Abnormal packing, marking or routing of goods.
• Inconsistencies between goods and services of that usually offered by the company.
• Declination of routine installation or training services.
• Promised delivery dates and locations are vague or out of the way location.
• A freight forwarding firm is listed as the final destination.
• Shipping route is out of the ordinary.

As no one list of Red Flags can be exhaustive or final, you may wish to add Red Flags more specific to the risks appropriate to your company, such as those based upon the industry in which you conduct business, the locations where your company does business or other risk factor. If there are any additional ones you feel our readers should be aware of please list them in the Comments Section.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Foreign Business Representatives: Some Red Flags to Review

Most Foreign Corrupt Practices Act (FCPA) Practitioners are aware that the greater the contacts with a foreign governmental official and the greater amount of money involved, the greater the FCPA risk for a company if a third party is involved. This is more particularly so if the foreign business representative involved does nothing more than simply make an introduction or uses his (or her) connections to get your company in front of “right people.”

This posting will discuss three Red Flags which a company should review regarding a foreign business partner. Many businesses look to the value obtained in the use of a foreign business representative. This simple economic analysis is not sufficient in the FCPA context. There should be a separate analysis on whether the foreign business representative has the substantive skills to perform the services requested. Finally, if the services performed by the foreign business representative are too far out of line with those performed by competitors, this can also present a Red Flag requiring additional scrutiny.

In his recent book entitled, “Foreign Corrupt Practices Act – A Practical Resource for Managers and Executives” noted FCPA specialist Aaron Murphy discussed this issue. Murphy had been in situations where the decision to retain a foreign business representative was based solely upon an economic analysis, with no substantive discussion within the company of whether the proposed foreign business representative had the requisite skills to provide substantive services. He observed that such a decision making process is a “dangerous mentality to adopt when doing business with foreign governments or state owned entities.”

Why

He goes on to discuss the situation where a foreign business representative is recommended by the entity with which your company is attempting to secure a contract. As a threshold issue, Murphy makes the inquiry as to whether such a “recommendation” is really a “requirement”. If your company is informed that the retention of such a foreign business representative would make things go more smoothly, this is clear evidence of a Red Flag on the proposed foreign business representative. Murphy recommends several inquiries which include the following:

• With whom is the proposed foreign business representative related or affiliated?
• What services does the foreign business representative bring to the table which our company cannot provide?
• Was the need for the foreign business representative always contemplated as a part of the transaction?

Murphy focuses on the final question as particularly important. If the “recommendation” for the proposed foreign business representative appeared out of the blue and was not a part of any original bid requirement or tender package, a company should be particularly suspicious. Such a request has the indicia that the proposed foreign business partner is really just a sham and potential conduit for the transfer of money to a foreign governmental official.

What Happened?

A separate issue arises when the services of a foreign business representative is unexplained or vaguely understood. Usually a foreign business representative will perform some service(s) but just exactly what the service(s) are is unclear to your company. Murphy poses this situation as the “What Happened” scenario where a company may have a FCPA internal controls/books and records violation because it simply cannot explain what the service(s) foreign business representative provided. This situation can arise where a service was performed quickly, and apparently efficiently, by a foreign business representative but with little understanding by your company of just how such service(s) were delivered.

Too Good to be True?

Another Red Flag which should be evaluated is where the foreign business representative performs services which are far above that of any competitor or demonstrable success rate. James Min, Vice President, Int’l Trade Law & Corporate Compliance at DHL Americas – Legal Department, has developed a risk matrix model which evaluates the performance of companies in the freight forwarders/express delivery industry. In this matrix, Min analyzes risks by multiplying factors noted herein and thus scoring. The model shows that location should not be the sole criteria for risk. The factors in the Min Model are the performance of your company’s customers clearance brokers and how far that performance varies from the norm your company normally receives. In the below chart, +1.00 equals average clearance time. >1.0 equals faster than average and <1 means slower than average.

The Min Model

Country	TI CPI	Customs  Clearance Performance	Variance from  Average Performance	Risk Score	Risk Rank
A	55	.93	1.21	61.9	1
B	20	.76	0.89	13.5	3
C	54	.29	1.00	15.6	2
D	88	.12	0.7.	7.39	4

Min presented his model at the recent ACI FCPA Bootcamp. The key in this approach is how often the Customs Broker/Express Delivery Service varies above the average for customs clearance times. If the percentage of customs clearance performance is so great that your vendors variance is above 100% most of the time, this could be a Red Flag that bribery or corruption is involved. This should lead to further investigation, due diligence, or asking of questions of your vendor.

Most companies understand the need for and perform due diligence on foreign business partners. Many companies follow this up with a contract, with the foreign business partner, which requires FCPA compliance terms and conditions. However, there should be additional monitoring and review of the services provided to your company during the term of the agreement. The Red Flags listed in this article are not a complete list or dispositive, as each review will be determined by the facts involved in the transaction.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

FCPA Red Flags, Hewlett-Packard and Big Papi

As most readers of this blog know, the author is an avid baseball fan. So it was not without some small interest when a term most often associated with the Foreign Corrupt Practices Act (FCPA) compliance world was used on ESPN’s Baseball Tonight to describe a hitter’s batting characteristics. Recently, commentator and former big league manager, Buck Showalter discussed the current batting slump of Big Papi, David Ortiz, by noting that his inability to hit the off-speed was a Red Flag for what is really ailing him, decreased bat speed. Showalter explained that the reason Big Papi’s failure to hit a curve ball was a Red Flag which indicates a bigger problem; Ortiz has to amp up to hit a fastball so much now that he is susceptible to being quite easily fooled by an off-speed pitch.

In the FCPA compliance world a Red Flag can also be equally indicative of a larger problem. As reported in The Russia Monitor on May 4, 2010, high-level executives at a Hewlett-Packard (HP) subsidiary made payments, through agents, to the Russian Prosecutor General’s office in order to obtain the contract to supply computers to that office. There was a complicated financing scheme used to route payments to offshore accounts beneficially owned or controlled by unnamed Russian officials; funneling the suspected bribes through a network of shell companies and accounts in places including Britain, Austria, Switzerland, the British Virgin Islands, Belize, New Zealand, Latvia, Lithuania, and the US states of Delaware and Wyoming. The bribes were paid through three German agents, who submitted fake invoices for non-existent sales and then paid the money on as bribes to unnamed Russian governmental officials.

On April 15, 2010, the WSJ reported that three middlemen are alleged to have paid invoices; using funds provided by HP for equipment never purchased, to shell companies with bank accounts in Latvia, Lithuania, Austria, Switzerland and Belize. In return, the suspected middlemen allegedly received commissions totaling US$700,000, according to court documents. German authorities reported the investigation, which started in 2007, when a German tax auditor discovered bank records showing that between 2004 and 2006, a HP subsidiary paid €22 million into the account of ProSoft Krippner GmbH, a small computer-hardware company in Leipzig. The records indicated the payment was made for services performed in Moscow. It was the size of the payment to ProSoft that caught the tax auditor’s attention and he red-flagged the matter for transfer to a special prosecution team in Dresden who handle major corruption cases.

To top it all off, at least one witness has said that the above transaction was internally approved by HP through its then existing contract approval process. In the April 15, 2010, WSJ article, Mr. Dieter Brunner, a bookkeeper who is a witness in the probe, said in an interview that he was surprised when, as a temporary employee of HP, he first saw an invoice from an agent in 2004. “It didn’t make sense,” because there was no apparent reason for HP to pay such big sums to accounts controlled by small-businesses such as ProSoft Krippner, Mr. Brunner said. Mr. Brunner then proceeded to say he processed the transactions anyway because he was the most junior employee handling the file, “I assumed the deal was OK, because senior officials also signed off on the paperwork”.

Just how many Red Flags are raised by the above?

• Offshore Companies

In a white paper entitled “Grey Practices in the Russian Business Environment” Control Risks reviewed what it viewed as some of the more routine “day-to-day schemes that erode the integrity of transactions” in Russia. One of the main tactics utilized to disguise the principal who receives a bribe is through the use of offshore companies, usually located in ‘exotic’ locations as per the countries listed in the diagram above, to take advantage of weak disclosure requirements to conceal beneficial ownership. Any monies paid by HP to an agent, which were then sent to an offshore company, should have been flagged for further inquiry.

• Small Sized Agents

As noted, by the temporary HP employee Dieter Brunner, one of the facts that “didn’t make sense” was a large payment to a small-sized business. One of the Red Flags that arises during due diligence on business partners is the size of the company in relationship to the work or services it performs. If a one-man company is receiving a multi-million dollar (or Euro) payment, it should be flagged for further inquiry.

• Faked Invoices for Goods/Services

One of the tests of revenue recognition for hardware and software is whether the goods and services relating thereto are actually delivered. If the middlemen above did not receive the equipment they allegedly purchased, this should have been picked up by an internal company audit or even simple inventory control and flagged for further inquiry.

The above presented Red Flags may not be the only ones found in this series of transactions engaged in by HP. Indeed the overall body of Red Flags is significantly larger than only the three discussed herein. The point in all of this discussion is that the FCPA mandates due diligence before a transaction in a high risk country occurs, due diligence before agents are engaged and then more due diligence thereafter to continue to monitor such transactions. If facts or circumstances arise which cannot be immediately explained, then the matter should be referred to Legal or Compliance for additional investigation. How many additional Red Flags can you spot in this HP transaction? More importantly, if a commentator Baseball Tonight can spot a Red Flag I hope that any US company, subject to the FCPA, has a compliance program in place to spot them as well.

For prior posts on HP and its current FCPA issues, see here and here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010