At the recent ACI FCPA Boot camp, held in Houston, there was an interesting new angle presented in the enforcement panel. Clarissa Balmaseda, a special agent in charge of Internal Revenue Service (IRS) criminal investigation, joined Nathaniel B. Edmonds, Assistant Chief from the US Department of Justice’s (DOJ) Fraud Section – Criminal Division, and Jason Rose, Senior Attorney, FCPA Specialization Unit, a representative from the Securities and Exchange Commission (SEC), in discussing the most current Foreign Corrupt Practices Act (FCPA) enforcement trends. This was the first time I had seen an IRS agent participate in a FCPA conference on behalf of the US government.

So what does the IRS bring to a FCPA investigation? Edmonds stated that the IRS has skills and experience in looking at financial patterns and tracing money. He noted that usually FCPA violations are tied to other legal violations, for example money-laundering or fraud, and that the IRS can comb through financial records to find patterns in payments. He also stated that the IRS has significant experience in investigating corporate shell structures which can be part of an ongoing criminal attempt to obtain bribes and then conceal the location of the money.

Agent Balmaseda stated that the IRS would be looking into financial statements for mis-characterization of bribe payments, specifically focusing on tax returns. Similarly, the IRS would also investigate to determine if companies were amending their financial statement filings, including tax returns, to correct such mis-characterizations after disclosure of any such payments. She later added that the same type of analysis would be applied to any monies which were initially mis-characterized on a company’s books and records, such as gifts, travel, entertainment or charitable contributions.

Agent Balmaseda also discussed some of the red flags the IRS will be looking for in any FCPA investigation in which their assistance is requested. These red flags may include the following:

  1. Timing of contract award – Vis-à-vis payment to an agent at, or near, the award of a contract may indicate that monies paid to an agent are being used to pay a bribe.
  2. Amount of contract – Check if contract is increased during its term. If there is no corresponding business justification, this may be evidence of corruption.
  3. How was a payment made and to whom? – This analysis will look that the methods of payment and delivery.
  4. Employee expense reports – While most investigations focus on payments to agents, the IRS may well look more closely at employee expense reports to see if any overall patterns are developing which might indicate corrupt payments are being made elsewhere.
  5. The importance of a strong company Internal Audit investigative team – Here Agent Balmaseda emphasized that during a company’s internal investigation it is important to speak with the business unit controller because they decide how payments are categorized. She also emphasized that tax filings and their amendments are important.

The addition of the IRS to any FCPA investigation brings additional specialization and sophistication to the government’s effort. Agent Balmaseda’s remarks provide a company with clear guidance on the types of analysis that the IRS can, and will, perform. Companies should use this information and begin to perform these types of investigations internally before the government comes knocking. Lastly, a corporate tax return may provide fertile grounds for an investigation. Companies which now perform an internal investigation but do not self-report may find themselves in deeper trouble.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Friday, January 27 was the 45th anniversary of the Apollo 1 disaster. As reported by Brian Vastag, in an article in the Washington Post entitled “45 years after America’s first space tragedy, lessons linger, it was a “launchpad fire which killed three NASA astronauts during testing of the then-new Apollo capsule. Reviews found that the early design of the craft was fatally flawed. Faulty wiring probably sparked the blaze that killed Roger Chaffee, Gus Grissom and Ed White. Among other problems, engineers saved weight by filling the capsule with pure, low-pressure oxygen instead of air, which is 80 percent inert nitrogen.”

One of the clear pieces of guidance from the Department of Justice (DOJ) is that a ‘tick-the-box’ compliance program is not only insufficient; it will not protect a company if a Foreign Corrupt Practices Act (FCPA) violation is discovered. However, many compliance practitioners do not know what should be analyzed regarding foreign business partners. I recently attended the ACI FCPA Boot Camp in Houston, home of the Johnson Space Center. One of the presentations dealt with how to design an overall program to evaluate, contract with, and manage foreign business partners. Furthermore, the presentation focused on how to assess the information obtained through the due diligence process. The presenters discussed a 12 point evaluation process for reviewing, assessing, then contracting with and managing foreign business partners. The steps are as follows:

  1. Consider reputation for corruption in the country. You clearly need to review information from governmental organizations, such as the US Department of Commerce and State. A widely used source is from non-governmental organizations, such as Transparency International. Additionally, there are private sources such as World Check’s Country Check and the FCPA Database that you can use to review and determine a country’s overall reputation for corruption.
  2. Competence of foreign business partner. This is a two-part analysis. It includes a review of the qualifications of the candidate for subject matter expertise and the resources to perform the services for which they are being considered. However, it also in includes an identification of the representative’s expected activities for your company.
  3. Determine the integrity of the foreign business partner. There are several different methods that can and should be employed for this inquiry. Initially there should be an internal point of contact with the potential foreign business representative who can be used to obtain documents and financial, commercial and compliance references. After obtaining this initial information, you should review US and non-US restricted party lists and other media/internet searches. Next you should, at a minimum, obtain comments back from all references and if needed interview these references. Lastly, you should consider conducting an interview with the candidate. This can be done in house or through a company which specializes in investigations.
  4. Identify relationships between agent and foreign governmental official. This inquiry requires a detailed review of the ownership and officers/directors and key employees of the foreign business partner. You will need to obtain and review entity information and documentation. If this is in a foreign language you will need to have it translated. One last point here is that you may now need  to look at customers as well to ascertain past and present relationships with government agencies.
  5. Business justification for use of agent and reasonableness of compensation. Here you should begin the entire process by requiring the relevant business unit which desires to obtain the services of any foreign business partner to provide you with a business justification including current opportunities in territory, how the candidate was identified and why no currently existing foreign business relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.
  6. Ensure that answers provided by the representative or business partner to due diligence questions are accurate and complete. This is the old Ronald Reagan maxim of ‘trust but verify’. You must verify information received from the prospective foreign business partner with interviews of business references and background searches.
  7. Ensure compliance with local laws. This means that both the relationship that you envision is legal within the foreign jurisdiction and that the foreign business partner will comply with all local laws.
  8. Integrate FCPA contract safeguards. You will need to incorporate the DOJ required language, listed in its 13 point minimum best practices compliance program. These compliance terms and conditions are found in Attachment C of all Deferred Prosecution Agreements (DPAs), entered into by the DOJ since at least November, 2010.
  9. Provide for continuing oversight. After you have performed your due diligence, evaluated it and then entered into the contract for services, now the real work begins. You must manage that relationship. I suggest that you do so through a business unit sponsor for all foreign business partners. Such person must be assigned to and be responsible for ensuring continuing oversight of the foreign business partner.
  10. Maintenance of books and records. This requirement also has two parts. Clearly your company must maintain appropriate internal controls over all its foreign business partners but your foreign business partner must also maintain such accurate records. I would go further to add that you should audit these records to ensure compliance.
  11. Seek guidance from DOJ. As I mentioned above there are several different resources available to the compliance practitioner for information relating to foreign business partners. These include the minimum best practices as set forth in Attachment C to each DPA; DOJ Opinion Releases; Securities and Exchange (SEC) enforcement actions. Also remember your company can avail itself of the Opinion Release procedure and request guidance from the DOJ via that mechanism.
  12. Use consistent standards and common sense. You should not check your common sense at the door when you become a compliance officer. The surest way to get into trouble is by ignoring your own internal warning signs. If a relationship feels bad to you, or something does not quite ‘smell right’ about a proposed foreign business partner, listen to that sensation. It may be a situation where more due diligence is required or a situation where you should walk away. Additionally, you should use consistent terms and conditions across industries and services, such as with customs brokers and freight forwarders.

The Apollo 1 tragedy still haunts NASA today. Vastag noted that “The tragedy is still etched on NASA’s collective psyche.” One NASA veteran, Travis Thompson, worries that the commercial companies which now lead most of American’s space efforts “have not absorbed the prime lesson of Apollo 1 — that bad design begets tragedy.” The 12 point program set out above will help your company to work through any issues with foreign business partners and by following it, you may well prevent your company from having its own compliance failure.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Doug CorneliusEd. Note-I read the following post in the January 24 edition of Doug Cornelius’ Compliance Building. I was so impressed with the article that asked Doug if I could repost it in its entirety, which he graciously allowed me to do. 

An acquaintance in the compliance field sent me a copy of Dov Seidman’s How and I let it sit around  for months. (My “To Read” stack has grown very tall.)  I assumed How was vanity book and would rattle on and on about Seidman’s company: LRN. I recently moved and my “To Read” stack was tumbled around in a plain cardboard box.  How resurfaced in the stack and I noticed the forward was by President Bill Clinton. That was enough to catch my eye.

Seidman spends the first half of the book talking about transparency, trust, reputation, and the new inter-connected world. He does a fine job with these topics, but I’ve seen them handled better elsewhere. The second half of the book, which focuses more on Seidman’s philosophy of business, is when the book becomes more valuable.

Seidman highlights an empirical study about reputation using eBay’s seller reputation information. Chrysanthos Dellarocas used eBay as an experiment. In a study selling the same product, in the same way, through eBay sellers with different levels in the site’s reputation scores, the researchers found a measurable difference in price. A seller with a high reputation on average would get a measurable price premium over a seller who did not.

As you might expect, the book is full of stories as examples. One that really caught my eye was the description of four factories as examples of four types of corporate culture. The factories are to be toured and the measuring stick is the use of hard hats. At the first factory, one of lawlessness and anarchy, the factory tour guide does not offer hard hats to the visitors and many workers are seen without hard hats. At the second factory, an example of blind obedience, all workers wear hard hats and the tour guide says everyone has to wear one or they get fired. The tour guide admits that he doesn’t know why he needs to wear it or why the boss also makes him wear blue pants.

The third factory is the next step up the corporate culture ladder as an example of informed acquiescence. Hard hats are there for everyone with big signs saying everyone must wear one. But when one member of the tour group asks to be excused from wearing one, the tour guide scampers off trying to find a higher-up to approve the lack of a hard hat.

At the top of the corporate culture is the fourth factory, an example of Seidman’s self-governance. The tour guide insists that everyone wears a hard hat and when that same member of the tour group asks to be excused the tour guide says no. “I take personal responsibility for what happens to you. I don’t want to offend you, and you can call my boss or the owner if you like, but I believe your safety and the safety of everyone are paramount. “

The how of culture is broken into five parts: how we know, how we behave, how we relate, how we recognize, and how we pursue.

One common theme in the book is an indictment of a rules-based culture. Rules-makers “chase human ingenuity, which races along generally complying with the rules while blithely creating new behaviors that exist outside of them.” The example that caught my eye was the clerk who insisted on wearing ties with cartoon characters. His bosses fought him and finally insisted that he obey the rules on permissible neckwear. The clerk acquiesced and showed up the next day with Tasmanian Devil suspenders.

Ultimately, a rules-based governance focuses on the things you can’t do, while a values-based governance focuses on what is desirable.

This ends up with Seidman’s Leadership Framework. I think that is better left for more to readers of the book.

If this sounds interesting to you, I ended up with a second copy of How. Rahter than have it sitting on my bookshelf, I want to share it with one of my readers. If you are interested, leave a comment on this blog post or send an email to compliancebuilding@gmail.com. I’ll pick a winner on February 1.

============================================================================================Episode 28 of This Week in FCPA is out. Howard and I continue our 2012 discussions of all things FCPA and compliance including the SFO remedy in the Mabey and Johnson enforcement action and the O’Shea acquittal.

———————————————————————————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The editor can be reached at tfox@tfoxlaw.com.

As compliance programs mature, it is becoming increasing clear that one size does not fit all. Moreover, there may be several different approaches to creating the most effective compliance program for your organization. This past week I attended the ACI FCPA Boot Camp in Houston. Many of the presentations dealt programs, procedures and process companies had developed specifically for the compliance issues they have faced around the globe. One of these was in a session entitled “Compliance Programs 2.0” where one of the subjects discussed was who to embed as a local compliance representative in an international business unit.

On this discussion panel were two lawyers, Rick Chapman, Assistant General Counsel at Halliburton and John Lewis, Sr. Managing Counsel – Compliance Global Anti-Bribery Counsel, they presented two distinct views on utilizing local compliance point persons in their company’s respective international anti-corruption and anti-bribery efforts. I found that each company’s approach had merit and that they are both models which you can review to determine which might be best suited for implementation in your organization.

Conduit

Rick Chapman described the structure that Halliburton utilizes as a conduit to the compliance department. The local compliance resource is generally not an attorney or in the company’s Legal Department. The employee is a local business unit employee who Halliburton embeds within the compliance function. Initially the compliance group will identify a person who can handle this role and will then  provide them with specialized compliance training.

Mr. Chapman remarked that two of the main roles of the LCAs are to provide compliance training to other employees in the business unit and also to listen to the compliance concerns of Halliburton employees on the ground. As the local eyes and ears of the compliance group, they can bring day-to-day concerns back to the home office for review and assessment. In this manner they are viewed as a conduit to the compliance group, headquartered in Houston.

First Line

John Lewis contrasted the Halliburton conduit approach with that of Coca-Cola regarding local compliance resources. Coca-Cola utilizes regional counsel from the Legal Department to act as “Legal Ethics Officers (LEOs).” While these LEOs are lawyers, Mr. Lewis made clear that they are employed in the Legal Department and not in the local business unit. In their role, LEOs have authority to make preliminary compliance assessments regarding day-to-day compliance issues. The company views them as the first line of compliance.

Mr. Lewis said that one of the key reasons that the company takes this approach is in dealing with foreign governmental officials. LEOs have authority to make contact directly with foreign government officials and present the company’s position on compliance issues. He stated that this brings one additional level of review and assessment to the company’s compliance regime and that this could be important if a regulator reviewed any decision made by the company in the context of the Foreign Corrupt Practices Act (FCAP), UK Bribery Act or other anti-corruption laws.

I found both of these methods to create and utilize a local compliance representative creative and economically efficient. They are systems to help embed the concept of compliance within the local and international culture of an operation. By utilizing such resources, whether they be in the “conduit” format or the “first line of defense” format, I believe that a company can drive home, on a daily basis, how to conduct business ethically and within the parameters of anti-corruption laws.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

One of the areas moving towards being incorporated into a best practices compliance program is that of the supply chain. While many companies have focused significant compliance program effort towards the sales chain, the supply chain is now viewed as an area which requires compliance scrutiny. One of the questions I routinely hear is how to endow vendors in your supply chain with the same urgency of compliance initiative that is present in your company. I recently read an article, in the winter 2012 issue of the MIT Sloan Management Review, which provided some guidance on this issue. It also has wider implications for improving compliance not only in the supply chain but also in the sales chain arena of your company. The article is authored by Erica Plambeck, Hau Lee and Pamela Yatsko and is entitled “Improving Environmental Performance in your Chinese Supply Chain.”

The authors break their analysis down into two general areas. The first is “Getting to Know Your Supply Chain” and the second is “Act on Knowledge from Improved Chinese Transparency”.

Getting to Know Your Supply Chain

In this section, the authors suggest five activities which can help your company to foster identification and visibility of compliance into your supply chain.

  1. Provide incentives for identifying, disclosing and addressing problems. The authors note that many companies will audit suppliers, which they term “the checklist approach” but that such an approach does little to change behavior. The authors believe that incentivizing suppliers to do business in a more compliant manner will yield more significant compliance performance.
  2. Collaborate with NGOs to facilitate compliance education and monitoring. You should encourage suppliers to work with non-governmental organizations (NGOs) in the anti-corruption area so that your suppliers will take greater responsibility towards compliance. This can be done by working with TRACE International, Transparency International or a NGO which works towards a global business ethic of anti-corruption and anti-bribery.
  3. Make use of changing governmental attitudes towards corruption. Just as the Chinese government has changed its tune on environmental issues, it has recently done so regarding anti-corruption. This change can be used as a signal to Chinese companies of the need for increased awareness and importance.
  4. Work with multi-brand forums to standardize compliance audits. This is an interesting concept which would allow a supplier to receive a compliance audit which could then be used as a reference point in the compliance due diligence portion of your supplier approval process.
  5. Encourage anti-corruption transparency as an efficiency tool. While many believe that transparency means additional costs and slows down a sales or production cycle, many have found the opposite to be true. Companies which operate with greater compliance transparency not only do so more efficiently but also in a more cost effective manner.

Act on Knowledge from Your Supply Chain

With visibility into the five areas identified above, your company is now poised to improve performance. Once again, the authors are focusing on improving environmental performance, but I believe that their seven listed action steps work in the compliance arena as well; they are as follows:

  1. Encourage training of compliance professionals. US companies can work towards training Chinese compliance professionals at their home companies. I realize that many out there will proclaim that such training cannot be done but several US companies provide such training to their third party business partners.
  2. Put skin in the game. Prospects for the greatest compliance improvements and conducting business in an ethical manner come from locations where both the US Company and Chinese supplier have a stake in the outcome. Not only is training a key, as noted above, but insert a compliance component into the financial of the relationship. Also work with the Chinese company to improve its compliance function through audits and assessments.
  3. Learn from your suppliers and facilitate learning among your suppliers. US companies need to confront directly the cultural differences between both cultures. Additionally, a successful compliance program does not simply ram a US law, here the Foreign Corrupt Practices Act (FCPA), down the throats of local suppliers. Learn the nuances of local culture regarding gifts and entertainment from your suppliers and incorporate that knowledge into your training.
  4. Collaborate with other US companies to drive change across suppliers. Work with industry groups to mandate that any supplier conducts business in an ethical manner.
  5. Build collaborative training centers. This will not require your company to violate the Sherman Anti-Trust Act. Be a leader in your company and set up collaborative learning or training centers for compliance. Just as compliance is the most open business function within the US business community in terms of sharing best practices, use this compliance community to lead to ethical business in local suppliers.
  6. Use your suppliers to train Tier 2 suppliers. This is a key component of the authors’ thesis. You should be able use your direct suppliers to train their suppliers. By creating such multi-stakeholder approaches, the DNA of compliance will be driven further down the supply chain.
  7. Tailor programs to local realities. Similar to step 3 above, you must tailor your message to your local audience. This includes your message roll out. Your compliance program roll out must take into account both human resources constraints and other local conditions while providing incentives to suppliers to take ownership of compliance.

This program may not be easy. However, the authors have provided a framework from which you can design an overall approach to inculcating compliance in your supply chain. I believe it portends a growing trend towards partnering with your business relationships to ensure compliance with not only international anti-corruption and anti-bribery regimes, such as the FCPA and UK Bribery Act, but also local anti-corruption laws. The article is well worth a look.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012