Show Notes

In this episode, I visit with Miller & Chevalier Counsel, Saskia Zandieh on the new French anti-corruption law, Sapin II. She discussion how it may improve the nation’s current anti-corruption framework, and review the practical implications gleaned from lessons learned from the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act. Zandieh addresses key changes made by Sapin II, including: (i) expanded jurisdictional reach of French prosecutors in bribery cases; (ii) creation of the “Agence française anti-corruption” (AFA), a new anti-corruption agency; (iii) a new compliance program requirement; (iv) whistleblower protection provisions; (v) the introduction of U.S.-style deferred prosecution agreements to the French legal landscape; (iv) and international double jeopardy considerations.

She notes that with Sapin II, France has the potential to become a major player in anti-corruption enforcement. For more information on the new law see the Newsletter co-authored by Zandieh entitled, “France’s New Anti-Corruption Law: A Game Changer or More of the Same?” by clicking here.

qtq80-1I6LEsIn many ways compliance is about communication. Your role as a Chief Compliance Officer (CCO) or compliance practitioner is to communicate expectations around compliance and responding to questions from the business unit on how to do business in compliance. One of the ways to enhance communications is to market to your customer base. For any CCO or compliance practitioner that primary customer base is the organizations employees. While a compliance function has other customers of your services, such as third parties, employees will almost always be your primary customer base. There are some basic things that your compliance function can do within the corporate setting to market compliance to your primary customer base.

Sterling Miller, in his blog post entitled “Ten Things: How to Market the Legal Department to the Business”, discusses the need to “constantly market the department to the business”, I have adapted his pointers for the compliance function.

  1. Have a great compliance website. Even in the corporate world, the first contact many business folks with have with the compliance function is through your website. So make it a memorable and positive experience. As Sterling says, make it “simple, clean and practical.” He suggests a section with Frequently Asked Questions (FAQs), contact forms, clearly explaining who does what function in the compliance department and articles of interest.
  2. Communicate frequently. Obviously this includes getting out of the office to visit offices in the field. But Sterling here intones, “You ultimately want the department to be approachable and a place where employees know they can go for help.” To help achieve this goal you should strive to “communicate with the entire employee base in some manner on -at least- a monthly basis.”
  3. Send out a client satisfaction survey. You should ask your customer base how you are doing and what you might do better. Sterling suggests this be done on an annual basis to every 15 months. You should share the results with your compliance team and then institute appropriate changes to improve the delivery of compliance services.
  4. Host client compliance boot camps. While many compliance functions may come close to this idea during their annual compliance week celebrations, I think the focus here could be more in-depth for an appropriate level of management or risked base employee selection. But this technique can work as a good two-way street of communication as it allows the business unit to discuss issues which may cause the most problems and further understand how the business unit folks operate. It also continues to allow relationship building with the compliance function and their internal customer basis.
  5. Create a list of ‘What is Going On’. I have one colleague who, the Monday after the New York Times broke the Wal-Mart bribe paying in Mexico story, had created a PowerPoint slide deck for senior management and presented it to them as a lessons learned, tailored to his company’s business. But more than this you should communicate to senior management your compliance successes. Rarely does management know about how you have accomplished this so you should communicate the information to them. Sterling writes this type of communication should be made on a monthly, semi-annual and annual basis.
  6. Get a seat at the business table. This is obviously a key for making compliance a part of the DNA of any business organization. Your CCO should be on the company’s executive leadership team (ELT). But this means more than simply the top of the compliance function. Your compliance team members should be included in staff meetings, project meetings and other similar corporate meetings. This will allow not only greater visibility for compliance, to facilitate greater relationships with the business unit, but it will also allow compliance to understand, assess, evaluate and then manage risks more effectively. By putting compliance into these business processes you continually reinforce the business process nature of the compliance function.
  7. Volunteer projects. I found this to be an interesting suggestion. Jay Rosen often talks about how the volunteer work he does before each year’s SCCE annual Compliance and Ethics Institute has been very meaningful to him. Yet another facet of such work can be to establish a positive aspect to your corporate compliance program. Things you can consider are a mentor club for individuals within your company or outside as well; special projects with your company; some type of annual charity program; and, finally, training programs for employees that are not compliance centric, such as public speaking, better writing and similar themed programs.
  8. Answer the phone. This is the bane of every business person in every corporation in every country around the globe. It all starts with answering the phone and then providing an answer to the question posed. If you receive an email, respond back to it. If you are going to be out of the office or unavailable, put an out of office message on your email response and your internal company voicemail. Be sure and leave clear instructions as to who the caller or emailer can contact for assistance in your absence. As Sterling ends this section, compliance is a “service organization, so put ego and pride to the side and just focus on the fact that this is someone who needs help, what can do to help them.”
  9. Get out of the Ivory Tower. I said before to get out of that Ivory Tower in the corporate headquarters and into the field. There is nothing more powerful in the corporate world than boots on the ground, particularly if they come from a service function such as compliance. The information you receive and the relationships you build will be invaluable going forward. Even if you go to an international location, you can continue to perform work but you should take the opportunity for informal trainings such as a Lunch N’ Learn, office tours and socializing with the local team after hours.
  10. Make a buddy in finance. While this is more important for a legal department than compliance, it brings up an issue not often discussed in the compliance arena; which is budgeting. By having a compatriot in finance you can work in your budgeting forecasts and get insights into what might work but what certainly will not work in this process.

The techniques and tactics described by Miller translate well to the compliance sphere. His larger point is do not be an imperial corporate office function. It will not help you to develop the types of relationships to effectively do compliance inside a corporation. It takes effort to establish yourself and your function as a part of a living, breathing corporate entity. Take those opportunities to do so and the return may well be immeasurable.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

webpage-graphicThe recent election of Donald Trump has thrown compliance professions to wonder, if not outright worry, about what the future may hold. What does the incoming administration have in store for the Foreign Corrupt Practices Act (FCPA), the compliance profession and the compliance community going forward? I recently explored some of these questions in a series of blogs. I also dedicated an entire episode of the Everything Compliance podcast to this issue.

Everything Compliance is my most recent podcast, where I bring together four of the top commentators on the FCPA, compliance and privacy issues from the US and UK. In a recent episode the podcast panelists, Mike Volkov, Matt Kelly, Jay Rosen and Jonathan Armstrong, together with myself, discussed and debated the effect of the President Elect and his nominee for Attorney General (AG), Jeff Sessions, on the FCPA, the Department of Justice (DOJ), the Securities and Exchange Commission (SEC), anti-corruption enforcement and compliance. What about issues more global, such as privacy and data security? What about international enforcement? These are just some of the initial questions we tackled.

As each of us had written on where we think the compliance discipline is headed, I wanted to assemble our collective writings together in an eBook for the greater FCPA compliance community. In the eBook I write about why I think FCPA enforcement is not only in the interest of the US as a country but also in the interests of US businesses. Mike Volkov writes about the FCPA and its enforcement from an ex-prosecutor’s perspective. Matt Kelly looks at both the DOJ and SEC under a Trump administration. Jay Rosen considers how businesses have incorporated compliance into standard business practices, which will not change no matter who is President. I pitched the idea of an eBook on our collective musings to Maurice Gilbert, Founder of Corporate Compliance Insights (CCI) and Managing Director of Conselium Executive Search, who immediately grasped its significance to the compliance community.

Gilbert stated, in the forward to the eBook, “The election of Donald Trump has caused us all to wonder — and worry– about what the future may hold for compliance professionals. To help answer these questions, five top commentators on the FCPA, compliance and privacy issues have crafted essays highlighting their initial reactions and predicting the election’s impact on FCPA enforcement, the compliance profession and compliance practice generally.

How did this conversation begin? Tom Fox’s “Everything Compliance” Podcast was the springboard for this continuing dialog. When we all woke up to a new world on November 9, 2016, Tom responded by asking leading compliance commentators what they think FCPA enforcement and compliance might look like under the new administration. Tom dedicated an entire podcast episode to these issues and wisely recognized the need to compile these experts’ early reactions and to share them — in an on-going way — with the greater compliance community.

As a leading voice in compliance, Tom will continue this conversation as the story takes shape. We look forward to sharing it with you.”

Yet Gilbert, in what can only be called an inspired request, said that as much as he wanted to publish the eBook, he wanted a continued dialogue by some of the top commentators in compliance on this subject going forward. So we have all agreed to continue the conversation.

So as the book cover says “Analysis, Predictions and the Occasional Rant from the Everything Compliance podcast.” Further, and to emphasize the ongoing nature of the dialogue, this volume is entitled Trump and Compliance, with the subtitle, “The Conversation is Just Getting Started…Part 1, It’s Not the Apocalypse (Yet)”.

 This means that every quarter or so, the Everything Compliance podcast gang will continue the discussion and CCI will publish the upcoming eBooks on the topic. It will be as Gilbert noted; analysis, predictions and the occasional rant. I hope you will join the Everything Compliance crew on this journey, along with Gilbert and his team at CCI.

To download a free copy of the eBook Trump and Compliance, click here.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Show Notes for Episode 31, week ending December 2, 2016-the Government Speaks edition

  1. Justice Department Assistant Attorney General Sally Yates remarks at 33rd annual ACI National FCPA Conference;
  2. Head of SEC Enforcement Andrew Ceresny remarks at 33rd annual ACI National FCPA Conference;
  3. Richard Bistrong interview of Barry Vitou on the future of the SFO, on the FCPA Blog;
  4. Release of new eBook on Trump and Compliance by the Everything Compliance podcast gang, published by Corporate Compliance Sights;
  5. Matt Ellis releases new book on The FCPA in Latin America;
  6. With help from US, Dutch enter the global fight against terrorism in a big way, see article by Geert Vermeulen, on the FCPA Blog;
  7. Bloomberg News is reporting a potential settlement by Brazilian & US authorities with Odebrecht for $2.5bn over corruption allegations unearthed in Operation Car Wash;
  8. Reflections on the First FCPA Mock Trial Institute;
  9. New DOJ site on Individual Accountability; and
  10. How ‘bout them 11-1 Cowboys and the impact of Gronk’s injury on the Patriots.

qtq80-0i5583When I was in the corporate world, I cannot begin to recall the number of times senior management had an overly optimistic forecast regarding some transaction; whether the transaction was the purchase of a smaller company, a joint venture (JV), teaming agreement or you name the business venture. Unfortunately, such unrealistic forecasting is not simply limited to business ventures as the UK learned in the run up to the Brexit vote and the US learned in the most recent presidential election. Tim Harford, writing in his Undercover economist column in the Financial Times (FT), said “the truth is once Trump secured the nomination, a Trump presidency was always a strong possibility. The betting markets seemed to recognize this, offering odds of three-to-one a week or so before the” election. Of course, three-to-one shots “happen all the time – or at least, about a quarter of the time.”

What I found interesting was three lessons Harford suggested from the wildly inaccurate polling before the US election. Drawing on research by Guy Mayraz from Oxford University’s Experimental Social Science center, the first lesson is the bias towards predicting what they hope will happen. If you want your business to increase, you have to believe your transaction/investment/deal will always make money. After all, have you have ever seen a business plan that was designed to lose money?

The second lesson derived from something called the Good Judgment project and almost sounds like someone channeled their inner Howard Sklar and his maxim of “Water is Wet”. It is that that “self-critical, open-minded forecasters do a better job than narrow-minded overconfident ones.” He goes on to further note that dwelling on our own fallibility is not something people do very well; whether it involves hanging out with our friends or on cable news. The result is that “Confident, eye-catching forecasts are the snack food of analysis”. Unfortunately, this is even more true in the business world.

Finally, forecasters must always remember that more than one outcome is possible. A strong possibility may be a possibility but it is not a certainty. Harford suggests that one way to overcome this bias is to develop alternative scenarios. My 12 O’Clock High podcast host Richard Lummis calls this the “devil’s advocate” role at the business planning table. Harford further formalizes this contra-concept by suggesting every scenario-planner create at least two contradictory alternatives to their rosier, positive scenario.

Harford’s ultimate point is that in any forecast there must be preparedness for contra-events. Elizabeth Holmes, founder of Theranos, famously said that if you have a Plan B as a back-up, you have already lost. I find that to be worse than not helpful in any setting, particularly the business setting. No matter what your forecasting or scenario planning model shows, prepare for other results. For any Board of Directors overseeing a compliance program or managing any type of risk, it all begins by asking questions.

Just as any compliance program begins with your risk assessment so should a Board begin at this point. However, the Board should start by reviewing what process is being used to identify risks, whether those risk be corruption in violation of such law as the Foreign Corrupt Practices Act (FCPA), violation of anti-trust law such as the Sherman Act or any other risk which might arise in a business segment, product line or geographic area. This risk analysis should be broader than simply a legal/compliance risk assessment and should be tied to other matters, such as business continuity planning, crisis response plans and even basic fraud which led to the sales incentive program which recently laid Wells Fargo low.

The key is that Boards of Directors need to use their expertise and ask the right questions. The problem is that many Board members do not know what questions to ask in this area. Some of the following are good areas to begin your inquiry.

  • What is the risk assessment process? When was the last time your risk assessment was performed? Was it enterprise wide or limited in scope?
  • How effective is your overall risk assessment process? Is it stale? Here you are focusing not so much on the recency of your risk assessment but have corporate circumstances changed so that the risks which were previously assessed?
  • Who is involved in the risk assessment process? Was it performed in-house? Did you bring in a regular service provider who may have created the processes which are now being assessed?
  • Does the risk assessment process take into account any new legal or compliance best practices developments? Technology development speeds along for every business. Even the Justice Department recognizes this in every Deferred Prosecution Agreement (DPA) it enters into for FCPA violations by requiring companies to take into account relevant developments in the field and evolving international and industry standards for best practices in compliance.
  • Are there any new operations that pose substantial compliance risks for the company? Where has your company moved geographically or product-wise? Have there been any significant acquisitions or other business developments which have changed thing for the company?
  • Is your company tracking enforcement trends? 2016 has been one of the most significant years in FCPA enforcement but anti-corruption enforcement is only one of the major risk developments which can be derived from reviewing the FCPA enforcement actions. The aforementioned Wells Fargo fraudulent accounts scandal and the ongoing Volkswagen (VW) emissions-testing scandal continue to resonate throughout the business world.
  • Equally important, are any competitors facing enforcement actions? This piece of information has long been a real source of information to Chief Compliance Officers (CCOs) as they have assessed and opened internal investigations based on enforcement actions involving competitors. In a speech at the recent ACI-FCPA Conference, Securities and Exchange Commission (SEC) Director, Division of Enforcement, Andrew Ceresney again said that hedge funds and private equity companies are and will continue to be under SEC scrutiny for FCPA violations around their hiring practices for family members of foreign government officials, as well as other violations of US securities laws. If you are on the Board of such an entity, you might want to ask some very pointed questions about now.
  • Has the company moved into any new markets which impose new or additional risks? This moves beyond the questions I suggested above to consider such things as supply chain and supplier risk. Even a name and shame law like the California Transparency in Supply Chain Act can cause reputational damage. Moreover, even if some types of enforcements lessen under a Trump administration, aggressive states’ Attorney Generals or other state regulators could well pick up the slack.
  • Has the company developed any new product or service lines which change the company’s risk profile? As there will always be some business development along these lines, what changes have increased risk for your business?

For a Board of Directors to be truly effective and informed it must know where the company stands not only at the present moment, but also known that the company has a strategic plan for the management of risk going forward. Arnold & Porter partner Stephen Martin suggests that such knowledge is encapsulated in a 1-3-5-year compliance game plan. I would add that this formulation should be expanded to encapsulate greater risk management. Yet a compliance program must be nimble enough to respond to new information or actions, such as mergers or acquisitions (M&A), divestitures or other external events. If something dramatically changes, you want to get your Board’s attention on the changes which may need to happen with your risk management program. This type of agility is best accomplished by obtaining buy-in from the Board through its understanding of the role of forecasting a compliance program going forward.

Harford ends his piece with this final lesson from the 2016 UK Brexit vote and US election, “uncertainties are not going away, so it’s not too late to learn.” For every Board of Director or CCO, you need to start a forecasting review now to be ready to respond if an incident arises so that it will not become a full legal violation. Better yet, such forecasting could lead you to prevent such conduct before it even arises and needs detection and remediation.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016