FCPA Compliance and Ethics Blog

February 25, 2015

Doing Less with Less and the Unification of Germany

Sqeezed Piggy BankI am attending the SCCE Utilities and Energy Conference in Houston this week. As usual, the SCCE has put on a great event for the compliance practitioner. This year there is live blogging by Kortney Nordum so there should be much about the conference up on the SCCE blogsite, this week and into the future. Lizza Catalano has put together a first rate program for compliance practitioners of many stripes. As an added benefit, SCCE Chief Executive Officer (CEO) Roy Snell has brought some cold weather down to Houston for the event for our late February enjoyment. While it was 80 on Saturday, today is was a balmy 36 courtesy of our Minnesotan guests.

As you might guess the current economic downturn is on everyone’s mind and a subject of much conversation. Last week I wrote a post about the depression of oil and gas prices in the energy space and some of the increased Foreign Corrupt Practices Act (FCPA) or other anti-corruption risks that might well arise from this economic downturn. Over the next couple of days, I want to explore how a Chief Compliance Officer (CCO) or compliance practitioner might think through responses to this increased compliance risk. Today I will focus on doing less with less. Tomorrow I will suggest some technological solutions.

I have been around long enough to see more than one of these economic events in the energy space. While not suggesting that we Texans never learn not to repeat our mistakes, they do seem to have a pattern. Prices drop precipitously, companies who are overstocked, over-leverage or generally over-panic; over-react and cut head count and spending dramatically to some level that is not based on rational economic analysis. Then they get some handle on where the numbers might be heading and the cuts start to flatten out and some type of equilibrium is reached.

Right now, in the energy space, we are in the cutting phase. That means loss of personnel (head count) and loss of resources even if it was calculated last year based on a summer or fall 2014 economic projection in your annual budgeting process. This means one thing you will need get for a quarter or two will be financial resources to place the personnel your compliance function may have lost. This means that you will have to figure out a way to accomplish more with fewer resources. While I often advocate that the compliance function can and should draw on other disciplines such as Human Resources (HR), IT, Internal Audit and Marketing for support; those functions have most probably been ‘right-sized’ as well so they may not be able to assist the compliance function as much they could have previously.

Now would be a very good time to put into practice what Dresser-Rand CCO Jan Farley often says, “Don’t sweat the small (compliance) stuff.” Farley often speaks about the need not to waste your scarce compliance resources on areas or matters that are low compliance risks. But to do this, you need to understand what are your highest compliance risks. Since you will not have additional resources to perform such an analysis, I would suggest now would be a very good time for you to assess your compliance program and your business model to see what are your highest risks. If you believe there are several, you can fprioritize them. This exercise will give you the basis to deliver your ever-scarcer compliance resources to your highest risk areas.

While I do not believe the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) will be sympathetic to some unsubstantiated claim along the lines of ‘I did my best with what I had’; they also made clear in the FCPA Guidance that “An effective compliance program promotes “an orga­nizational culture that encourages ethical conduct and a commitment to compliance with the law.” Such a program protects a company’s reputation, ensures investor value and confidence, reduces uncertainty in business transactions, and secures a company’s assets. A well-constructed, thought­fully implemented, and consistently enforced compliance and ethics program helps prevent, detect, remediate, and report misconduct, including FCPA violations.” (emphasis supplied)

So while the DOJ and SEC will not accept you bald-faced claims that our company simply did not have the money to spend on compliance, they will most-probably consider a compliance program where you have looked at your risks, in the context of this economic downturn, and delivered the compliance resources you do have to those risks. But the key is Document, Document, and Document your decision-making calculus and your implementation. (Stephen Martin would probably add here that if your annual spend on Yellow Post-It Notes is a factor of 10X your compliance spend, this approach would not be deemed credible.)

In her On work column in the Financial Times (FT), Lucy Kellaway wrote about this the concept of doing less with less for the corporate executive personally, in an article entitled, “No need to ‘lean in’ when laziness can be just as effective”. She cited to the Prussian General Helmuth von Moltke for “devising one of the world’s fist management matrices” when he assessed his officers on two scales: “clever v. dim and lazy v. energetic.” From this he came up with four permutations:

  • Dim and lazy – Good at executing orders.
  • Dim and energetic – Very dangerous, as they take the wrong decisions.
  • Clever and energetic – Excellent staff officers.
  • Clever and lazy – Top field commanders as they get results.

The point of Kellaway’s article has direct implications for the CCO or compliance practitioner currently facing an economic downturn, “It is only by being lazy that we become truly efficient, and come to see what is important and what is not.” Kellaway cautioned “the sort of laziness to encourage is not the slobbish variety that means you do bad work. That is not laziness: it is stupidity. Instead, we need the clever version that comes from knowing there is an opportunity cost to every minute we spend working, so we must use our time wisely.”

From the compliance perspective, this translates directly into using your compliance resources wisely. So whether you want to cite the Prussian general who unified Germany, columnist Kellaway, Dresser-Rand CCO Farley or this article’s theme of doing less with less, I would suggest to you there is a manner to maintain “A well-constructed, thought­fully implemented, and consistently enforced compliance and ethics program helps prevent, detect, remediate, and report misconduct, including FCPA violations” even in an economic downturn.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

February 20, 2015

Assessing Internal Compliance Controls – Part II

Assessing Internal Controls IIn this blog post I continue my exploration of how you should assess your compliance internal controls using the Committee of Sponsoring Organization of the Treadway Organization (COSO), publication “Internal Controls – Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Controls” (herein ‘the Illustrative Guide’), as a starting point and basis for discussion. You will recall from my series on compliance internal controls under the COSO 2013 Framework there are five objectives: (1) Control Environment; (2) Risk Assessment; (3) Control Activities; (4) Information and Communication; and (5) Monitoring Activities. Today I will review issues around compliance internal control assessments on Control Environment and Risk Assessments.

First are some general definitions that you need to consider in your evaluation. A compliance internal control must be both present and functioning. A control is present if the “components and relevant principles exist in the design and implementation of the system of [compliance] internal control to achieve the specified objective.” A compliance internal control is functioning if the “components and relevant principles continue to exist in the conduct of the system of [compliance] internal controls to achieve specified objectives.”

I. Control Environment

Under the objective of Control Environment there are five principles which you will need to assess. The five principles are:

  1. The organization demonstrates a commitment to integrity and ethical values. Here you can look to see if there is a training program to help make employees cognizant of the importance of doing business ethically and in compliance with the standard’s of your company’s Code of Conduct. Also is there specific training on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other relevant anti-corruption/anti-bribery legislation which may govern your organization? Next does your company have in place any process to evaluate “individuals against published integrity and ethics policy”? Finally, do you have in place any process to “identify and address deviations in the organization”?
  2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Under this Principle you must DOCUMENT the active involvement of your company’s Board of Directors. So not only must risk assessments be performed and evaluated by senior management, they must also be evaluated by the Board, separate and apart from senior management. A Board must also document its review of any remediation plans and monitoring activities.
  3. Management establishes, with board oversight, structures, reporting lines and appropriate authorities and responsibility in pursuit of the objectives. This Principle deals primarily with reporting lines and structures so you will need to consider not only the structure of your business but also whether or not both clear and sufficient reporting lines have been established throughout the company. The next analysis is to move down the chain to see if there definitions and assignments for your compliance function. Lastly you need to assess whether there are sufficient parameters around the responsibilities of the compliance function and if there are limitations which should be addressed.
  4. The organization demonstrates a commitment to attract, develop and retain competent individuals in alignment with the objectives. Under this Principle you will need to review the policies and procedures to make sure you have the minimum required under a best practices compliance program and then evaluate and address any shortcomings. This Principle also has a more personnel focus by requiring you to consider whether your organization attracts, develops and retains sufficient compliance personnel and is there an appropriate succession plan in place if someone ‘wins the lottery’ on the way to work.
  5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of the objective. Under this Principle review is required to determine whether the Board established and communicated the mechanisms to hold employees accountable for your compliance internal controls. As suggested in the FCPA Guidance, there should be both a carrot and stick approach, so for the carrot is there some type of Board, senior management or employee compensation based on whether they did their assignments in compliance with your Code of Conduct or are bonuses based strictly on a sales formulation? For the stick, have any employees ever been disciplined under your compliance regimes?

II. Risk Assessment

This objective has four Principles that require assessment. They are (numbers follow the COSO Framework):

  1. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives which include Operations Objectives, External Financial Reporting Objectives, External Non-Financial Reporting Objectives, Internal Reporting Objectives and Compliance Objectives. Here I think the key is the documentation of several different topics and issues relating to your company and how it operations. This means you will need to assess such diverse concepts as what are your senior management’s choices for business and compliance? You will need to consider and assess tolerances for risk as demonstrated by such issues as operations and financial performance goals. Finally, it can be used as a basis for committing of compliance resources going forward.
  2. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. This Principle requires you to take a look at not only your compliance organization but also your business structure including entity, subsidiary, division, operating unit, and functional levels. You should assess the involvement of your compliance function at each point identified and the appropriate levels of management therein. Finally, from the compliance perspective, you should attempt to estimate not only the significance of compliance risks identified in the risk assessment but also determine how to respond to such identified compliance risks.
  3. The organization considers the potential for fraud in assessing risks to the achievement of objectives. Bribery and corruption can be categorized as forms of fraud. Rather than being fraud against the company to obtain personal benefits it can be fraud in the form of bribery and corruption of foreign government officials. For the compliance internal control assessment around this Principle I would urge you to ‘follow the money’ in your organization and consider the mechanisms by which employees can generate the funds sufficient to pay bribes. Many of these are simply fraud schemes so you should consider this within the compliance context and assess incentive and pressures on employees to make their numbers or be fired. You should also assess your employees’ attitudes and rationalizations regarding same.
  4. The organization identifies and assesses changes that could significantly impact the system of internal control. This Principle speaks to the need of your organization to maintain personnel competent to use the risk assessment going forward. But it also requires you to assesses changes in the external environment, assess changes in the business model or other significant business changes and, finally, to consider any changes in compliance leadership and how that would impact this Principle.

I often say that good compliance is simply good business. These COSO objectives are not only important from the compliance perspective but they also speak to the issue of overall process in your organization. The more you can burn these activities into the DNA of your company, the better run your organization will be going forward. Auditing against the COSO standards will provide your management with greater information on the health of your organization and satisfy your legal requirements under the FCPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

February 19, 2015

Assessing Compliance Internal Controls – Part I

Assessing Internal Controls II have recently detailed the COSO 2013 Framework in the context of a best practices compliance regime. However there is one additional step you will need to take after you design and implement your internal controls. That step is that you will need to assess against your internal controls to determine if they are working.

In its Illustrative Guide, the Committee of Sponsoring Organization of the Treadway Organization (COSO), entitled “Internal Controls – Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Controls” (herein ‘the Illustrative Guide’), laid out its views on “how to assess the effectiveness of its internal controls”. It went on to note, “An effective system of internal controls provides reasonable assurance of achievement of the entity’s objectives, relating to operations, reporting and compliance.” Moreover, there are two over-arching requirements which can only be met through such a structured post. First, each of the five components are present and function. Second, are the five components “operating together in an integrated approach”? Over the next couple of posts I will lay out what COSO itself says about assessing the effectiveness of your internal controls and tie it to your compliance related internal controls.

As the COSO Framework is designed to apply to a wider variety of corporate entities, your audit should be designed to test your internal controls. This means that if you have a multi-country or business unit organization, you need to determine how your compliance internal controls are inter-related up and down the organization. The Illustrative Guide also realizes that smaller companies may have less formal structures in place throughout the organization. Your auditing can and should reflect this business reality. Finally, if your company relies heavily on technology for your compliance function, you can leverage that technology to “support the ongoing assessment and evaluation” program going forward.

The Illustrative Guide suggests using a four-pronged approach in your assessment. (1) Make an overall assessment of your company’s system of internal controls. This should include an analysis of “whether each of the components and relevant principles is present and functioning and the components are operating together in an integrated manner.” (2) There should be a component evaluation. Here you need to more deeply evaluate any deficiencies which you may turn up and whether or not there are any compensating internal controls. (3) Assess whether each principle is present and functioning. As the COSO Framework does not prescribe “specific controls that must be selected, developed and deployed” your task here is to look at the main characteristics of each principle, as further defined in the points of focus, and then determine if a deficiency exists and it so what is the severity of the deficiency. (4) Finally, you should summarize all your internal control deficiencies in a log so they are addressed on a structured basis.

Another way to think through the approach could be along the following lines. A Principle Evaluation should consider “the controls to effect the principle” and would allow internal control deficiencies to be “identified along with an initial severity determination.” A Component Evaluation would “roll up the results of the component’s principle evaluations” and would allow a re-evaluation of the severity of any deficiency in the context of compensating controls. Lastly, an overall Effectiveness Assessment which would look at whether the controls were “operating together in an integrated manner by evaluating any internal control deficiencies aggregate to a major deficiency.” This type of process would then lend itself to an ongoing evaluation so that if business models, laws, regulations or other situations changed, you could assess if your internal controls were up to the new situations or needed adjustment.

The Illustrative Guide spent a fair amount of time discussing deficiencies. Initially it defined ‘internal control deficiency’ as a “shortcoming in a component or components and relevant principle(s) that reduces the likelihood of an entity achieving its objectives.” It went onto define ‘major deficiency’ as an “internal control deficiency or combination of deficiencies that severely reduces the likelihood that an entity can achieve its objectives.” Having a major deficiency is a significant issue because “When a major deficiency exists, the organization cannot conclude that it has met the requirements for an effective system of internal control.” Moreover, unlike deficiencies, “a major deficiency in one component cannot be mitigated to an acceptable level by the presence and functioning of another component.”

Under a compliance regime, you may be faced with known or relevant criteria to classify any deficiency. For example, if written policies do not have at a minimum the categories of policies laid out in the FCPA Guidance Ten Hallmarks of an Effective Compliance Program, which states “the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments”, also formulated in the Illustrative Guide, such a finding would preclude management from “concluding that the entity has met the requirements for effective internal controls in accordance with the Framework.”

However, if there are no objective criteria, as laid out in the FCPA Guidance, to evaluate your company’s compliance internal controls, what steps should you take? The Illustrative Guide says that a business’ senior management, with appropriate board oversight, “may establish objective criteria for evaluating internal control deficiencies and for how deficiencies should be reported to those responsible for achieving those objectives.” Together with appropriate auditing boundaries set by either established law, regulation or standard, or through management exercising its judgment, you can then make a full determination of “whether each of the components and relevant principles is present and functioning and components are operating together, and ultimately in concluding on the effectiveness of the entity’s system of internal control.”

The Illustrative Guide has a useful set of templates that can serve as the basis for your reporting results. They are specifically designed to “support an assessment of the effectiveness of a system of internal control and help document such an assessment.” The Document, Document, and Document feature is critical in any best practices anti-corruption or anti-bribery compliance program whether based upon the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or some other regulation. With the Illustrative Guide of these Illustrative Tools, COSO has given the compliance practitioner a very useful road map to begin an analysis into your company’s internal compliance controls. When the Securities and Exchange Commission (SEC) comes knocking this is precisely the type of evidence they will be looking for to evaluate if your company has met its obligations under the FCPA’s internal controls provisions. In subsequent blog posts I will take a look at how you might audit your compliance internal controls.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

February 9, 2015

COSO and Internal Controls – Part III

Dean SmithThis post continues my exploration of internal controls and how companies can demonstrate compliance with the internal controls requirement under the Foreign Corrupt Practices Act (FCPA) by adhering to the Committee of Sponsoring
Organizations of the Treadway Commission (COSO) 2013 Framework. To help introduce today’s topic, I cannot think of a much more appropriate person to honor than Dean Smith, who died yesterday. Smith coached the North Carolina Tar Heels basketball team for 36 years. He retired with 879 victories, a winning percentage of 77.6% and two NCAA championships. He was one of the true giants of college coaching and the game of basketball itself. He will be missed but certainly never forgotten. If there was ever a coach that epitomized internal controls and frameworks, it was Dean Smith.

I restart my discussion of the COSO 2013 Framework with a look at the third component, Control Activities. In its Executive Summary of the 2013 Framework, COSO said these “are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated activities such as authorizations and approvals, verifications, reconciliations, and busi­ness performance reviews. Segregation of duties is typically built into the selection and development of control activities. Where segregation of duties is not practical, manage­ment selects and develops alternative control activities.”

However, as with the other components of the COSO Cube, Control Activities are not to be taken in a vacuum. Larry Rittenberg, in his book COSO Internal Control-Integrated Framework, said the Control Activities “have traditionally received the most attention of the component” but noted that the real-world experience since the initial implementation of the COSO Framework back in 1992 has demonstrated that “the effectiveness of control activities must be evaluated with the context of the other five components.” Moreover, he believes that these conditions are aided by a company’s policies and procedures, which should help to lessen and manage risk going forward. Finally, Control Activities should be performed at all levels in the business process cycle within an organization.

The objective of Control Activity consists of three principles. They are:

(1) Principle 10 – “The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.”

(2) Principle 11 – “The organization selects and develops general control activities over technology to support the achievement of the objectives.”

(3) Principle 12 – “The organization deploys control activities through policies that establish what is expected and procedures to put policies into action.”

A White Paper, entitled “The Updated COSO Internal Control Framework”, emphasized the inter-related nature of the five objectives when it noted “The risk assessment driven by the company’s management provides a context for designing the Control Activities necessary to reduce risks to an acceptable level (Principles 10, 11 and 12). Note that Principle 10 deals with the selection and development of control activities that mitigate risk to the achievement of compliance objectives, and Principle 12 deals with the development of control activities through established policies and procedures. Principle 11 addresses the impact of controls over general technology to the extent they impact the achievement of control activities.”

Principle 10 – Control Activities to mitigate risk

Rittenberg noted that there is no “silver bullet” in selecting the right internal controls. Yet when combined with your risk assessment, this Principle would point to an integration of your policies, procedures and overall corporate responsibilities, which should be chosen “sufficiently to reduce the risk of not achieving the objectives to an acceptable level.” You should consider your relevant business processes, evaluate your mix of control activities and then consider at what levels within your organization they are applied. But Rittenberg cautions that you should not “begin an analysis of control activities with a list of controls and check off whether they are present or not present. Rather, controls should be assessed in relationship to the risk being mitigated.” 

Principle 11 – Control Activities over general technology

Last week I had a series of guest posts from Joe Oringel of Visual Risk IQ regarding the use of data analytics in your compliance program. The use of technology will be greater and more important going forward. I would certainly expect the Securities and Exchange Commission (SEC) to focus on a company’s use of technology in any evaluation of its overall compliance program.

Therefore, under this Principle you will need to determine not only the use of technology in your compliance related internal controls but also the use of such technology in your overall company business process. To do so, you will need to consider your technology infrastructure, around compliance internal controls, security management of the same and then use this information to move forward to obtain and implement the most appropriate technology around your compliance internal controls.

Principle 12 – Control Activities established through policies and procedures

This Principle should be the most familiar one to the compliance practitioner as it points to the establishment of policies and procedures to support deployment of your compliance regime. It also sets out the responsibility and accountability for executing policies and procedures, specifies and assures corrective action as required and mandates periodic reassessment. Interestingly it also directs that there be competent personnel in place to do so. Rittenberg noted, “Responsibilities for control activities should be identified through policies and various procedures. Processes should be in place to ensure that all aspects are implemented and working.”

While the objective of Control Activities should be the most familiar to the Chief Compliance Officer (CCO) or compliance practitioner, you may well think of it in a way that basketball fans thought of Dean Smith’s Four Corners offense; in other words boring. However, just as Smith’s innovation was based on crisp focus and outstanding teamwork, this objective demonstrates the inter-relatedness of all the five COSO objectives. It is your Control Environment and then Risk Assessment that should lead you to this point. It is the Control Activities objective that lays the groundwork for a living, breathing compliance program going forward.COSO Cube. jpg

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 16, 2015

As American as Duck Soup, the Marx Brothers and Stepping In It

Duck SoupI am at the end of my week of Marx Brothers themed posts. As you can tell, I am a huge fan and several of you have asked which is my favorite film. Before answering I must confess that I much prefer their Paramount films to their later MGM work. Their first two films were adaptations of the Broadway shows The Cocoanuts (1929) and Animal Crackers (1930), George S. Kaufman and Morrie Ryskind wrote both. Their third Paramount film, Monkey Business (1931), was their first movie not based on a stage production, and the only one in which Harpo’s voice is heard (singing tenor from inside a barrel in the opening scene). Number four was Horse Feathers (1932), where they brothers satirized the American college system and Prohibition, the amateur status of college football players, and placed them the cover of Time.

But for me it is their final Paramount film, Duck Soup (1933), which was their greatest and my personal favorite. It was directed by the highly regarded Leo McCarey, is the highest rated of the five Marx Brothers films on the American Film Institute’s top 100 years … 100 Movies list. It had slapstick, singing and dancing, atrocious puns and just about every other form of top-notch comedy one can ask for in a movie. The absurdity of the film and the nature of the Marx Brothers comedy seems to me to be summed up in a dispute the film sparked between the Brothers and the village of Fredonia, New York. “Freedonia” was the name of a fictional country of which Groucho was the President and the city fathers wrote to Paramount and asked the studio to remove all references to Freedonia because “it is hurting our town’s image”. Groucho fired back a sarcastic retort asking them to change the name of their town, because “it’s hurting our picture.”

I thought about this comedic phenomenon when I read several articles about JP Morgan Chief Executive Officer (CEO) Jamie Dimon and his whining about how tough regulators have been on him and his poor little bank. An article in the Financial Times (FT) Lex Column, entitled “JPMorgan: comic relief”, said, “A rule of thumb for JPMorgan earnings: the more entertaining chief executive Jamie Dimon is on the conference call, the limper the results. Yesterday, he riffed on [among other things]: what is un-American (the bank being chased by many regulatory bodies rather than just one)”. This was in the face of a report in another FT article by Tom Braithwaite, entitled “High quality global journalism requires investment”, that the bank “said its earnings have been hit by $1.1bn in new legal charges, as it prepares to settle over allegations of foreign exchange manipulation with the Department of Justice. This latest sum takes the total legal charges disclosed by the US’s largest bank since 2010 to more than $25bn, or more than a year’s profits. “Banks are under assault,” said Jamie Dimon, chief executive, as he reported fourth-quarter results on Wednesday.”

Dimon’s seeming insistence that banks following laws is un-American and the attendant cost of doing business in compliance with relevant anti-money laundering (AML) laws still seems to bedevil a fellow mega-bank, HSBC Holdings PLC, which paid a paltry fine of $1.9 billion (paltry that is next to JPMorgan) for its transgressions and violations of that un-American prohibition against money-laundering. In an article in the Wall Street Journal (WSJ) Rachel Louise Ensign and Max Colchester reported that after a two-year monitorship, the independent monitor will issue a report that “will criticize the bank and lay out ways it needs to improve.” This is in the face of the 2014 monitor’s report that HSBC “information-technology systems still lacked ‘integration, coordination and standardization’ and recommending that senior executives have their bonuses docked absent progress.” The monitor also said that “Throwing bodies at it and putting your finger in the dike-that’s not a sustainable system.”

What has been HSBC’s response to this news? Apparently with the same whining as Dimon but rather than focus on the fact they have to follow laws, HSBC focused on the actual doing of compliance. The article said that the new Chief Compliance Officer (CCO) Joe Evan, a former Drug Enforcement Administration official, “surprised some colleagues by spitting tobacco juice into a cup while in the office”; perhaps they are just anti-tobacco. However even such simple messaging techniques as screen savers with the AML reminders to “Ask The Right Question” have been derided at HSBC. Even the head of the bank’s AML compliance was quoted as having said “But money laundering happens in financial institutions. How do you reconcile appetite with reality?”

Now contrast this incessant whining with the recent change in tactics by one of the few remaining financial meltdown enforcement actions left, that being the Department of Justice’s (DOJ) case against Standard & Poor (S&P). In an article in the New York Times (NYT), entitled, “S.&P. Nears Settlement With Justice Over Crisis”, Ben Protess reported that S&P has been accused by the DOJ “of awarding inflated credit rating to mortgage investments that spurred the financial crisis”. S&P initially had aggressively fought the lawsuit, Protess noted, and attacked the government case in the press. S&P had hired noted First Amendment lawyer Floyd Abrams to go on television to claim to link “the federal investigation to S.&P.’s decision in 2011 to cut the United States credit rating below the top grade of triple A.” Unfortunately for S&P they could not prove that defense, even after extensive discovery on the issue. But their tune has recently changed, “After S.&P. mounted a two-year campaign to defeat civil fraud charges — portraying them as retaliation for cutting the credit rating of the United States — the ratings agency is now negotiating with the Justice Department to settle the case, according to people briefed on the matter.”

But the real problem for S&P is that they could have settled two years ago, before suit was filed. Protess said, “The government offered S.&P. roughly the same settlement size, $1 billion plus, before filing suit two years ago. If S.&P. had embraced that offer, instead of fighting accusations that it abused its role as a rating agency, it could have walked away without accumulating tens of millions of dollars in legal fees.” Moreover, by not settling pre-suit, S&P has subjected itself to the new reality of settling suits with an admission of liability, never good for those pesky follow-on shareholder actions. Further, “more than a dozen state attorneys general are demanding that S.&P. pay more than $1 billion to settle the case, the people briefed on the matter said, a penalty large enough to wipe out the rating agency’s entire operating profit for a year.”

Are banks and rating entities inherently arrogant or do they simply face that age-old foe that many people face today, dog excrement? As Dimon said in his earnings call, and was quoted in the FT’s Lex Column, sometimes “even JP Morgan will step into it on occasion”.

If you want to avoid stepping in it this weekend, I suggest you settle in and watch some old Marx Brothers movies.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 15, 2015

The Marx Brothers Mirror Scene: Absurdity and Comments by a SEC Commissioner

Mirror SceneI continue my Marx Brothers’ themed week by today looking at what I and many others believe to be their most cherished routine: the Mirror Scene. Danny Leigh, in his article in the Financial Times (FT), entitled “Souped-up comedy”, wrote, “The set-up is deathlessly simple. Fredonia’s President, Groucho in nightgown and cap finds Harpo, a spy from neighboring Sylvania, in his bedroom. They chase each other down some stairs and face off in front of each other, dressed identically. Harpo, the spy and intruder pretends to be Groucho’s reflection, and the two brothers spend the next three minutes locked in a mad dance of mimicry. The result is flawless, the kind of ecstatic comedy in which the world outside the cinema simply falls away. Variations on the skit had been performed by others before but the brothers raised it to undreamt absurdist heights, claiming it for ever as their own.” So you have Pinky (Harpo), dressed as Firefly (Groucho), pretending to be Firefly’s reflection in a missing mirror, matching his every move—including absurd ones that begin out of sight—to near perfection. In one particularly surreal moment, the two men swap positions, and thus the idea of which is a reflection of the other. The scene is absolutely silent until Chicolini (Chico), also disguised as Firefly, enters the scene and collides with both of them and sound resumes.

Although its appearance in Duck Soup is the best-known instance, the concept of the mirror scene did not originate in this film. Max Linder included it in Seven Years Bad Luck (1921), where a man’s servants have accidentally broken a mirror and attempt to hide the fact by imitating his actions in the mirror’s frame. Charlie Chaplin used a similar joke in The Floorwalker (1916), though it didn’t involve a mirror. This scene has been recreated many times from entertainment as diverse as Bugs Bunny cartoons, to the televisions series Gilligan’s Island and even in a The X-Files episode. Harpo himself did a reprise of this scene, dressed in his usual costume, with Lucille Ball also donning the fright wig and trench coat, in the I Love Lucy episode “Lucy and Harpo Marx”.

I find it to be absurdist comedy at its ultimate height. To this day, I almost cry I laugh so hard when I see that scene. While you may not find it quite as funny as I did, most probably one thing you will also not find funny is an ongoing debate in both academia and in legal circles involving a question on corporate governance as reported in the New York Times (NYT) in the Dealbook column by Andrew Ross Sorkin, in an article entitled “An Unusual Boardroom Battle, in Academia”. The question staggered elections of corporate board members or whether the entire slate of Board members be elected, up or down, each year.

On the side of full Board, up or down voting is Professor Lucian A. Bebchuk, a Harvard Law School professor who has long researched corporate governance issues and has been an outspoken advocate for increased democracy in corporate America’s boardrooms and his group, the Harvard’s Shareholder Rights Project. Professor Bebchuk believes staggered election of Board members “silences shareholders, entrenches management and makes it less likely that suitors or activists will emerge, depressing valuations.”

On the other side of the dispute are Daniel M. Gallagher, a member of the Securities and Exchange Commission (SEC), and Joseph A. Grundfest, a professor at Stanford Law School and a former SEC commissioner, who co-authored a paper entitled “Did Harvard Violate Federal Securities Law? The Campaign Against Classified Boards of Directors.” The paper is in opposition to Bebchuk’s position. Sorkin observed that “Mr. Gallagher and Mr. Grundfest suggest that companies are dropping their staggered board structures — and shareholders are voting to eliminate them — based, in part, on faulty research by Harvard’s Shareholder Rights Project. Worse.” But here is the kicker and what moves this rather arcane academic debate into the realm of the absurd. “They suggest, Mr. Bebchuk’s project committed fraud by not fully disclosing the extent of contradictory research, which they say is a “material omission” by S.E.C. standards.” Yes sports fans, a sitting SEC commissioner suggested in writing that Harvard had engaged in a securities law violation.

As Sorkin noted, “there’s the fundamental issue of whether a sitting member of the S.E.C. should be writing such an incendiary paper in the first place.” Sorkin quoted an email comment made by Professor Robert J. Jackson Jr., from Columbia Law School. Jackson wrote to Sorkin in an email “All should agree that it is wildly inappropriate for a sitting S.E.C. commissioner to issue a law review paper accusing a private party of violating federal securities law without any investigation or due process of any kind. This is a striking, and as far as I know unprecedented, departure from longstanding S.E.C. practice.” Jackson went on to say “Imagine if a sitting S.E.C. commissioner wrote a law review article accusing Goldman Sachs of violating federal law without any S.E.C. investigation of the matter — Goldman and their counsel would quite rightly be outraged.”

Near the end of his article, Sorkin stated, “There are many opposing views on the paper. But here’s one way to think about it: It was a bad precedent for Mr. Gallagher to involve himself in a paper that raises the possibility of fraud in the field he regulates without the due process of a legal complaint. Mr. Grundfest could have written this provocative paper on his own, though it might not have attracted the same amount of attention within the industry.”

I would ask you to imagine if any of the Department of Justice (DOJ) attorneys who work in the Foreign Corrupt Practices Act (FCPA) area were to write an article, law review or other, that said not only is an entity’s position on interpretation of the FCPA wrong, its interpretation in practice is a FCPA violation. Do you think such corporation or entity would feel like they would get a fair shake from such prosecutors? Think any bias might exist going forward? While I have been one of the loudest advocates for the DOJ making more information on its FCPA declinations more public, SEC Commissioner Gallagher’s paper, demonstrates a very good reason for the DOJ not making any such information public: i.e. due process and fairness. Just as bad facts can certainly lead to bad law, this action by a sitting SEC Commissioner to even imply that an entity violated US Securities Laws in an article is not a road that we want to begin to go down.

For a clip of the famous Mirror Scene, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

December 31, 2014

The Avon FCPA Settlement – Part III

Geronimo's CadillacToday I conclude my 2014 blog posts with a final look at the Avon Foreign Corrupt Practices Act (FCPA) enforcement action. Before getting to the key lessons that a compliance practitioner may draw from this enforcement action, allow me to thank you for letting me be a part of your FCPA and greater compliance and ethics experience. This has been a memorable year in social media for me, both in blogging, publishing and podcasting. (If you have not listened to one of my podcasts please head over to the FCPA Compliance and Ethics Report on the web or on iTunes and check it out.) I have learned quite a bit this year, in writing, podcasting and listening. I hope that you will continue to follow me in 2015 through my blogs, podcasts and via some of the other sites and magazines that I write for. I plan to publish more books, in both print and electronic format, and pen more long form articles that will provide a deeper dive into various topics that I think will be of interest to the FCPA compliance and ethics practitioners out there. But I am getting a bit ahead of myself so back to today’s topic and where we are on the Avon FCPA enforcement action, and the big question of what does it all mean for the compliance practitioner and companies worldwide?

And The Money Kept Rolling Out

Unlike Eva Peron and the Foundacion Eva Peron, Avon had the opposite problem; the money never seemed to stop rolling out for Avon. As the FCPA Professor said in his blog post, entitled “Issues to Consider from the Avon Enforcement Action”, “Avon’s FCPA scrutiny was also very expensive. For years, the whisper in the FCPA community was how expensive – and dragged out – FCPA’s internal investigation and pre-enforcement professional fees and expenses were. Not all companies disclose pre-enforcement action professional fees and expenses, but Avon did and those figures were approximately $500 million”. Even the Department of Justice (DOJ) questioned why the company’s investigative costs were so high.

In an article in Bloomberg News, entitled “Avon Bribe-Probe Clean-Up Neared $500 Million as Sales Cratered, Tom Schoenberg and David Voreacos reported, “In a 2010 meeting, government officials took the unusual step of questioning why Avon’s legal costs were so high at that point, according to two people familiar with the meeting who weren’t authorized to discuss it publicly. Avon said its legal bills had ballooned in part because the company operated in more than 100 countries without consolidated transaction records, according to one of the people.” The article quoted Matthew Axelrod, former senior Justice Department official, who said, “Though unusual, DOJ may call in company counsel to discuss when an outside law firm is going too far afield from what is necessary.” He added the “DOJ doesn’t want a company to have to spend unnecessary millions of dollars on an internal investigation any more than the company itself does”.

If there is one over-riding lesson for all companies to take away from this enforcement action it is that the cost can quickly spiral far out of control and beyond anything you might budget for. While the events at issue took place in 2003-08, the clear import is that it is much cheaper to spend the money to have a compliance program in place now rather than roll the dice and wait. This may mean you need to look at your internal financial accounting systems to determine if they can be monitored adequately and efficiently, yet in a cost-effective manner. While I have not reviewed the internal controls component of this FCPA enforcement action, it is also clear that internal controls need to be in place to detect, in a timely manner, when something goes askance. Of course, if it is in your corporate culture to lie, cheat and steal, it really does not matter what the standard of your internal controls is because the powers that be will find a way around them.

Will No One Rid Me of This Meddlesome Priest?

Henry II and his famous dictum surely seemed to exist at Avon corporate headquarters. If management wants sales accomplished in any way possible then that is the message that is communicated down the line to the troops in the field. Avon had a Code of Conduct that prohibited bribery and corruption, yet the company’s own internal investigation revealed that most company employees were not even aware such a document existed. There was no such thing as FCPA training at the time of the events in question. But more than simply the message of ‘Make Your Numbers; Make Your Numbers; (and then) Make Your Numbers’, Avon had a culture that actively hid criminal acts. For when credible information came to light that Avon China was violating the FCPA, the company went into full cover-up mode, even ordering the destruction of soft and hard copies of the Draft Audit Report. The cover-up was accomplished at the highest levels of the company, with the settlement documents noting the involvement of Avon Executive 1, Avon Executive 2 (believed to be the head of Avon’s Internal Audit function when he left the company), Avon Executive 3, another senior executive in Avon’s Internal Audit function, and two lawyers, Avon Attorney 1, who was identified as “a senior executive in the Office of the General Counsel at AVON” and Avon Attorney 2 who was identified as “an executive in the Office of the General Counsel at AVON”.

High Reward = High Risk

In their Bloomberg News article, Schoenberg and Voreacos reported that Avon was “among the first companies to obtain a license to sell products directly to consumers – the cornerstone of its business model – after Chinese authorities ended a ban on direct sales in 2006.” Further, “By July 2006, Avon had hired more than 114,000 door-to-door salespeople in China. [Then Avon CEO Andrea] Jung said at the time the company viewed the country as a potential $1 billion market. Sales in China surged 28 percent to $67.2 million in the company’s fourth quarter that year.” This means that in less than one year after receiving its license to do business in China, Avon China had one quarter of sales in excess of $60MM. That is quite a lot of Ding Dong, Avon Calling plus following up that doorbell ringing with some serious sales.

Here the lesson is that if there is a new business opportunity that results in an explosion of sales it is probably because of some high risk involved. That may be financial risk, it may be political instability risk, it may be weather-related risk, it may be currency fluctuations risk or it may be some other type of risk. When a business is regulated down from the national to the provincial to the municipality level, it probably means multiples of government interactions for permits and licenses to do business. The compliance function must be integrated into the business operations of a company well enough to be put on notice when such an opportunity presents itself, perform some type of risk assessment and then plan out and implement a strategy to manage those risks going forward. If the first time the compliance function hears about something askance from a FCPA perspective is when it is brought up by internal audit, it is already too late.

The Compliance Committee and Geronimo’s Cadillac

Just as Michael Murphy’s song Geronimo’s Cadillac was intended to show every irony he could ever think of about American culture in two words, the Avon Compliance Committee was about as ironic; although and admitted it is three words. For a corporate Compliance Committee is not simply a vehicle to bring and show off when someone might be around to take pictures. A corporate Compliance Committee has to function and be involved, actively, in an appropriate level of oversight. If a Compliance Committee is informed of credible allegations of a FCPA violation, it simply cannot accept information that it is ‘unsubstantiated’ at a later date. A Compliance Committee must be actively involved in the investigation, it must review the investigation protocol, review information and findings as they become known, direct outside counsel in the investigation and, finally, take charge to remediate the issues involved. It has to have real authority, real power and be taken seriously, not simply have a meaningless title of “Compliance Committee”.

As 2014 draws to a close, I for one am glad that the long Avon FCPA saga has at least come to this stage. For bribe payments totaling over $8MM, Avon has or will pay upwards of $750MM to get through the FCPA Professor’s “three buckets” of FCPA enforcement action costs. This staggering cost should be a clear lesson that now is the time to implement or enhance a compliance program. The number of persons effected by the fallout from this case start with the former head of the company, Andrea Jung, several high ranking executives, the company’s balance sheet and perhaps even some of the lawyers involved in the investigation of this matter. One of the first things that Jung’s replacement did was bring in new counsel to advise the company. After all, someone had to come up with the low-ball opening bid to the DOJ and Securities and Exchange Commission (SEC) of $11MM and then advise Avon to negotiate in public with them using that figure.

On that note, I wish everyone a safe New Year’s Eve and prosperous New Year.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 30, 2014

The Avon FCPA Settlement, Part II

Bad ConductI am back from my holiday break and am looking forward to many good ideas for blogs in the coming year. However before we get to 2015, I have to finish out some matters from 2014. Today I continue my look at the Avon Foreign Corrupt Practices Act (FCPA) enforcement action, which was announced earlier this month. In today’s post I will look at the bribery scheme and cover-up that Avon employed. Tomorrow I will conclude with some final lessons to be gleaned from the Avon enforcement action for both the compliance practitioner and greater corporate world. Avon Products (China) Co. Ltd. is referred to as ‘Avon China’ and Avon Products, Inc. (the US parent) is referred to as ‘Avon’.

With a sustained plan that one can only say was well thought out, Avon set out to conquer the Chinese market for door-to-door sales. To do so, Avon had to navigate a bureaucratic maze. This maze began with a Test License obtained in 2005 and later a national direct selling license together with approvals from each province and municipality where the company wanted to sell its products. To obtain the required licenses, the company set a bribery scheme which worked at all levels of the company’s China subsidiary, Avon China, and reached back to the home office in the US, Avon Products. Both of these entities were the subject of the FCPA enforcement action concluded earlier this month. The bribery scheme itself paid out over $8MM in bribes before it was concluded.

To facilitate this process Avon China set up a business unit entitled the Corporate Affairs Group and later a more focused sub-group as part of the scheme called the Direct Selling Special Task Force. These two groups led the company’s efforts to bribe its way into the China market. They did so through a variety of means, as set out in the settlement documents. Unless cited otherwise, the quotes below are from the Avon China Criminal Information.

Gifts

Avon was fond of giving very high priced gifts to various Chinese government officials. Inevitably, Avon China employees would falsely describe the gift itself in the company’s books and record. To add to this deception, Avon China would omit from the books and records not only who the gift was provided to but also the purpose of the gift. This part of the bribery scheme allowed the gifts of Louis Vuitton products to be described as a “public relations expense” and “Public Relations Business Entertainment”; while the gift of a Gucci bag was described as “business entertainment”.

Meals and Entertainment

This part of the bribery scheme was a clear favorite of Avon China. The aforementioned Direct Selling Special Task Force was ubiquitous in the meals and entertainment arena where its members simply used the term “relations” to refer to “things of value provided to government officials or goodwill that had been obtained by giving such things, including non-business meals and entertainment.” Specifically noted in this part of the bribery scheme were payments of approximately $8,100 described as “sales-business entertainment” provided to a government official so he would approve a product that did not meet Chinese government standards. Other false excuses provided were describing such payments as “business entertainment” and “employee ‘accommodation’ expenses”.

Non-Business Travel

Avon China doled out a huge amount of bribes through the mechanism of phony travel for alleged business purposes. Avon China would claim they were bringing various Chinese government officials (also Wives, Girlfriends and other family members) to locations for business-related travel but in reality the trips were mostly sight-seeing excursions, gambling junkets, a beach vacation and other entertainment which had nothing to do with business purposes. So a trip alleged to be a “site visit/study visit” to the corporate headquarters in New York City and the company’s research and development (R&D) facility in upstate New York became a $90,000, 18-day travel extravaganza to “Vancouver, Montreal, Ottawa, Toronto, Philadelphia, Seattle, Las Vegas, Los Angeles and Washington DC.” (Oh, and one half-day at the company’s upstate New York R&D facility.) Other favorite venues for Chinese government officials and their families were the gambling mecca of Macau, Hong Kong, Hainan Island, Guangzhou, Shenzhen and Sanya. Needless to say, none of these locations had any Avon corporate offices, manufacturing or R&D facilities.

Cash

Always a favorite of bribers everywhere, Avon did not neglect to lay out large amounts of cash. Avon China used a variety of orchestrations to hide these payments including simply stealing it from a (apparently) huge petty cash fund, directing Avon China employees to charge for non-existent expenses and keep the reimbursements from corporate, lying in the books and records by calling such bribe payments as “management expenses-government relations expenses” and even submitting “a handwritten certificate, purportedly from a Chinese government agency, falsely stating that the official would give the funds to the government bureau.”

Payment Through Third Parties

Using an entity identified as “Consulting Company A”, Avon China paid a large number of bribes throughout the period in question. Initially it should be noted that this entity raised numerous red flags that were never investigated or cleared. These began with the fact that it was a Chinese government official who recommended the retention of Consulting Company A to perform ‘lobbying’ services for Avon China. Thereafter the company performed no background investigation into the ownership structure of the company, did not include any compliance terms and conditions in the contract, did not even communicate to this third party of Avon’s Code of Conduct prohibition against bribery of government officials. Beyond these issues, in large part Consulting Company A never performed any legitimate services for Avon China. What Consulting Company A did provide to Avon China was a way to funnel bribe payments to Chinese government officials.

Corporate Connivance in Scheme (AKA The Cover-Up)

While all of the above was bad, one thing which catapulted the Avon FCPA bribery scandal into the realm of seriously bad was the company’s discovery of the bribery scheme and resulting cover-up. According to the Criminal Information for Avon Products, in 2005 a senior auditor in Avon’s internal audit group, “reported to Avon’s Compliance Committee, which was comprised of several senior Avon executives, that Avon China executives and employees were not maintaining proper records of entertainment for government officials” and that an Avon China executive had explained the practice “was intentional because information regarding that entertainment was ‘quite sensitive.’” This led to a Draft Audit Report, reviewed at the highest levels of Avon China and Avon in the US, which concluded that Avon China’s Corporate Affairs Group’s expenses included: “(1) high value gifts and meals that were offered to Chinese government officials; (2) the majority of expenses relating to gifts, meals, sponsorship and travel of substantial monetary value was to maintain relationships with government officials; (3) a third party was paid large amounts of money to interact with Chinese government officials but was not contractually required to follow the FCPA, was not monitored by Avon China, and was paid for vague and unknown services; and (4) the payments, and the lack of accurate, detailed records may violate the FCPA or other anti-corruption laws.”

So what was the company’s response to this information? The internal auditors who prepared the report were required to remove the above language and whitewash the report. Evidence of reviewed misconduct was reduced to two hand-written pages, which were then taken out of China and hand-carried to Avon’s corporate headquarters. All copies of the Draft Audit Report were ordered to be retrieved and destroyed. Finally, as noted in the Criminal Information of Avon China, in January 2007, an Avon executive reported to the Avon Compliance Committee “that the matter reported in 2005 regarding the potential FCPA violations by AVON CHINA executives and employees had been closed as “unsubstantiated” which terminated Avon’s investigation into AVON CHINA’s corrupt conduct.”

Tomorrow we take a look at some of the key lessons to be learned from Avon FCPA enforcement action.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014The v

December 22, 2014

Alstom Joins Santa’s Naughty List – In a Very Big Way

Naughty ListThe North Pole for Foreign Corrupt Practices Act (FCPA) enforcement action announcements seems to have temporarily moved south for the month of December. Last week there was the final announcement of the long-standing Avon FCPA enforcement action. On December 22, 2014, the Department of Justice (DOJ) announced settlement of the Alstom enforcement action. Certainly the DOJ is giving out presents to companies that have been very, very naughty. I am currently exploring the Avon enforcement action over several days of blog posts but I had to interrupt those posts to write something about the Alstom resolution for it was extremely significant gift for the Chief Compliance Officer (CCO), compliance practitioner and companies going forward.

The Fine

First and foremost was the fine amount. At $772MM it is the highest criminal fine for FCPA violations in the history of the world. Siemens’ prior of a reported $800MM was a combination of DOJ and Securities and Exchange Commission (SEC) fines and penalties. Alstom was not subject to the jurisdiction of the SEC so there was no component of this amount for either civil books and records or internal controls violations. But for those few remaining dunderheads out there who think their private company status insulates them from FCPA liability; wake up and smell the mistletoe, as the DOJ will be looking for you to smack a big one on. The fine brings the 2014 fine totals up to around $1.5bn, which comes a close second to the record-setting year of 2010, where the total amount of fines was $1.8bn.

Disclosure, Cooperation and Conduct

While I am in the middle of lambasting Avon for its conduct that led to its FCPA violations, one really has to step aside and give some credit to Alstom for some of the worst actions a company can engage in when dealing with bribery and corruption. If there was anyone on the naughty list, it certainly was Alstom. First is the company’s failure to self-disclose its obvious criminal conduct. The second was the clear foot-dragging in dealing the DOJ, during the pendency of the investigation. Finally, to complete this triumvirate of idiocy was the company’s refusal to timely engage in remediation. Dick Cassin, writing in the FCPA Blog, pointed out that Alstom’s conduct included the following:

  • Alstom’s refusal to fully cooperate with the department’s investigation for several years
  • The breadth of the companies’ misconduct, which spanned many years, occurred in countries around the globe and in several business lines, and involved sophisticated schemes to bribe high-level government officials
  • Alstom’s lack of an effective compliance and ethics program at the time of the conduct, and
  • Alstom’s prior criminal misconduct, including conduct that led to resolutions with various other governments and the World Bank.

Individual Prosecutions

Alstom’s conduct was so bad during the investigation that the DOJ obtained indictments against four company executives during the pendency of the investigation. Three of these executives have pled guilty and are awaiting sentencing. Cassin wrote, “Alstom began cooperating only after the DOJ publicly charged several Alstom executives, the government said.” The UK Serious Fraud Office (SFO) has also brought charges against individuals.

Post Acquisition FCPA Liability

I promised a Christmas present for companies out there and neither Santa nor I want to disappoint those not on the naughty list, for the Alstom enforcement action makes clear that the company which is acquiring them, GE, is not responsible for the fine going forward. This enforcement action reinforces the message the DOJ presented in Opinion Release 14-02; that a company which engages in pre-acquisition due diligence, discloses and then remediates the issues after they acquire the entity, can rest easier about purchasing a FCPA violation. For if GE can purchase a company with the clear attitude about doing business in compliance with anti-corruption laws, such as Alstom, with confidence that it will not be subject to a FCPA enforcement action, it means that any other company can do so as well.

Cassin reported, “Alstom SA pleaded guilty to a two-count criminal information in federal court in Connecticut. The DOJ charged the company with violating the Foreign Corrupt Practices Act by falsifying its books and records and failing to implement adequate internal controls. Alstom admitted its criminal conduct…In addition, Alstom Network Schweiz AG, a Swiss subsidiary, pleaded guilty to a criminal information charging it with conspiracy to violate the antibribery provisions of the FCPA.” Finally, “Two U.S. subsidiaries — Alstom Power Inc. and Alstom Grid Inc. — both entered into deferred prosecution agreement with the DOJ. They admitted that they conspired to violate the antibribery provisions of the FCPA.” The settlement documents have not been released as yet but hopefully they will be by the time of the final sentencing hearing before US District Judge Janet B. Arterton in June 2015.

The significance of this enforcement action will reverberate for a long time to come.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

The Avon FCPA Settlement, Part I

AvonIt is finally done. The long awaited Avon Foreign Corrupt Practices Act (FCPA) enforcement action is on the books. I would say what a long, strange trip it has been but that does not really seem to capture everything that went on in this case. Before we only knew such things as a whistleblower contacting the Chief Executive Officer (CEO) of the company with allegations of bribery in the company’s China business unit, to the Head of Internal Audit being caught up directly in the scandal, put on administrative leave and then terminated; to a professional fee burn rate on the case which would rival the Gross National Product (GNP) of many countries; to Grand Jury subpoenas being issued (or threatened to be issued) to corporate executives to secure their testimony in criminal proceedings; to publicly negotiating with the Department of Justice (DOJ) and Securities and Exchange Commission (SEC); we all thought this FCPA matter had it all. But it turns out just how little we knew about the company’s conduct and just how bad it was which led to this settlement because to say it was bad would demean and belittle the word bad. So over the next few blog posts, I will be exploring Avon, its conduct and the FCPA enforcement action.

For the Record

The amount of the total fines and penalties was $135 million. As noted by the FCPA Professor, “the settlement is the third-largest ever against a U.S. company.” The enforcement action included several resolution vehicles, including a Criminal Information against Avon China resolved via a Plea Agreement; a Criminal Information against Avon Products resolved via a Deferred Prosecution Agreement (DPA) with an aggregate fine amount of $67.6MM. There was a separate SEC resolution through a Civil Complaint against Avon Products, which it agreed to resolve without admitting or denying the allegations through payment. The amount of the SEC settlement was $67.4MM. While the company’s internal investigation began in China, it quickly expanded so that it went far beyond China, including Japan, Argentina, Brazil, India and Mexico.

How Did We Get Here?

It all began back in May 2008, when an employee from Avon’s China business unit sent a letter to the head of the company alleging the China entity had engaged in bribery and corruption. In October 2008, Avon reported, in a Statement of Voluntary Disclosure, that it was investigating an internally reported allegation by an undisclosed whistleblower that corrupt payments had been made in its China operations. These allegations claimed that certain travel, entertainment and other expenses might have been improperly incurred. Although the details of the Avon case have not been disclosed, direct selling was not allowed in China under a law passed in 1998. The National Review reported that Avon was able to secure permission in late 2005 to begin direct selling on a limited basis. Later the Chinese government issued direct-selling regulations and granted Avon a broader license in February 2006 to make such sales.

In its 2009 Annual Report, Avon noted that the internal investigation and compliance reviews, which started in China, had now expanded to its operations in at least 12 other countries and was focusing on reviewing “certain expenses and books and records processes, including, but not limited to, travel, entertainment, gifts, and payments to third-party agents and others, in connection with our business dealings, directly or indirectly, with foreign governments and their employees”. The FCPA Professor, citing the Wall Street Journal (WSJ), reported that Avon suspended four employees, including the President, Chief Financial Officer (CFO) and top government affairs executive of Avon’s China unit as well as a senior executive in New York who was Avon’s head of Internal Audit.

One of the significant pieces of information to come out of the Avon matter is the related costs. As reported in the 2009 Annual Report the following costs were incurred and were anticipated to be incurred in 2010:

Investigate Cost, Revenue or Earnings Loss
Investigative Cost (2009) $35 Million
Investigative Cost (anticipated-2010) $95 Million
Drop in Q1 Earnings $74.8 Million
Loss in Revenue from China Operations $10 Million
Total $214.8 Million

Marketwatch also reported that after these investigations were made public Avon’s stock prices fell by 8%. Lastly, in addition to the above direct and anticipated costs and drop in stock value, the ratings agency Fitch speculated about the possibility of a drop in Avon’s credit ratings. But as bad as these numbers appear they only got worse for Avon as by 2012 its spend on professional fees was estimated to be over $247MM. As of this date, the total professional fees are closer to $300MM.

Grand Jury Investigation and Terminations

The WSJ reported in February 2012 that the DOJ had gone to a grand jury with evidence of FCPA violations against US executives at Avon. Joe Palazzolo and Emily Glazer reported that several company employees were terminated for their role in the scandal. They wrote, “The company said it fired Vice Chairman Charles Cramb on Jan. 29 [2012] in connection with the overseas corruption probe and another investigation into allegedly improper disclosure of financial information to analysts. Mr. Cramb couldn’t be reached for comment. In May [2011], Avon said it fired Ian Rossetter, its former head of global internal audit and security and previously Avon’s head of finance in Asia. Mr. Rossetter didn’t respond to requests for comment and his attorney declined to comment. Bennett Gallina, a senior vice president responsible for the company’s operations outside the U.S. and Latin America, left Avon in February 2011, two days after being put on leave in connection with the internal corruption investigation, the company said at the time.”

Negotiating in Public

I do not know who was advising Avon but the decision to try and force the government’s hand by making public its negotiating position was one of the most bone-headed moves I have seen a similarly situated company make. Avon initially announced that it had opened negotiations with the US government over the terms of a resolution in August 2012. In mid 2013, the FCPA Blog reported that Avon low-balled the SEC with an opening offer of $12MM. Later, in 2013, the company reported in an SEC filing that the “Securities and Exchange Commission offered an FCPA settlement last month with monetary penalties that were ‘significantly greater’ than the $12 million the company had offered.” But not to take such government tactics sitting down, Avon publicly announced in the filing that “Monetary penalties at the level proposed by the SEC staff are not warranted.” That certainly was great information to put out to the public enforcing that you are taking a hardball approach with the SEC and telling them their fines and penalties are not deserved for a company that has gone through all Avon has during this FCPA journey.

As I said, this matter was a long strange journey but as strange as things were that we knew about before last week, they became much stranger. Tomorrow we take a look at the facts that came out through the settlement documents to see the nefariousness of Avon’s conduct.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

« Previous PageNext Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,155 other followers