In this episode, Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories, including:

  1. We discuss our highlights from the recently concluded SCCE 2017 Compliance and Ethics Institute. See Tom’s blogs, here, here, here and here. Click here for a report from Matt Kelly.
  2. Mike Volkov explores ISO 37001 in a week-long series? See the full week’s series on his site, Corruption Crime & Compliance. Henry Cutter reports on the standard’s slow acceptance in the WSJ Risk and Compliance Report.
  3. What is the status of your Board’s training for compliance? Ben DiPietro reports in the WSJ Risk and Compliance Report.
  4. Italian prosecutor charges Shell and former execs with overseas bribery. Dick Cassin reports in the FCPA Blog.
  5. Revenue recognition rules change in December. Auditors are under orders to ‘show no mercy’ to companies which have not prepared for the changeover. Tammy Whitehouse reports in Compliance Week.
  6. Continued chaos in the Trump Administration. Matt Kelly is back with addition ethical considerations from HHS Secretary Tom Price in Radical Compliance.
  7. Astros come home down 3-2 to the NY Yankees. Will they overcome?
  8. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In October, I consider compliance with business ventures such as in the M&A context, joint ventures, distributors, channel ops partners, teaming agreements and all other manner of business venture. The third week I continue to take a deep dive into JVs under the FCPA. This month’s sponsor is the Volkov Law Group. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  9. The Everything Compliance gang recorded a podcast at the 2017 Compliance and Ethics Institute, with special guest Roy Snell sitting in for Mike Volkov. The podcast will go up Thursday October 26th.
  10. Tom premiers an exciting new service offering the Doing Compliance Master Class.
  11. AMI SVP Eric Feldman is speaking in Houston on November 2, at 1:30. If you are in Houston, please plan to join us. For more information see the GHBER website for details and registration.
  12. Jay previews the Rosen Weekend Report.

As I conclude this section on joint ventures, I want to emphasize again the risk they pose under the FCPA. Mike Volkov has stated, “A joint venture requires the integration of disparate company cultures. It can be successful, and is usually one of the significant reason for the joint venture itself.” Both parties should assess each other and decide that the joint venture is a good fit, meaning that each side will benefit. Too much time is spent on looking at the joint venture partner’s compliance toolbox (e.g. policies, procedures, and controls), and not enough time is spent on identifying compliance strengths and weaknesses. You must bring it all together with one format.

While the 2012 FCPA Guidance only provided that “companies should undertake some form of ongoing monitoring of third-party relationships”. This means that you must have an experienced compliance and audit team, actively engaged in the corporate office and in the business units, to ensure that financial controls and compliance policies are followed and that remedial measures for violations or gaps are tracked, implemented and rechecked, as additional detection and prevention. Caldwell noted it is a more encompassing “sensitization” to anti-corruption compliance that is needed. There are several ways for you to do so in a joint venture relationship. 

The starting point for the both the compliance and business management of a joint venture, is a Relationship Manager for every joint venture with which your company does business. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the joint venture. Some of the duties of the Relationship Manager may include:

  • Point of contact with the joint venture for all compliance issues;
  • Maintaining periodic contact with the joint venture;
  • Meeting annually with the joint venture to review its satisfaction of all company compliance obligations;
  • Submitting annual reports to the company’s Compliance Oversight Committee summarizing services provided by the joint venture;
  • Assisting the company’s Compliance Oversight Committee with any issues with respect to the joint venture.

Just as a company needs a subject matter expert in compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, joint ventures also need such access to such a resource. A joint venture may not be large enough to have its own compliance staff so a company should provide such a dedicated resource to joint venture, if so required. I do not believe that this will create a conflict of interest or that there are other legal impediments to providing such services. The US partner can also include compliance training for the joint venture, either through onsite or remote mechanisms. The compliance professional should work closely with the Relationship Manager to provide advice, training and communications to the joint venture. 

A company should have a Compliance Oversight Committee review all documents relating to the full panoply of a joint venture’s compliance program. It can be a formal structure or some other type of group but the key is to have the senior management put a ‘second set of eyes’ on any joint ventures. In addition to the basic concept of process validation of your risk management of joint ventures, this is a manner to deliver additional management of that risk going forward.

After the commercial relationship has begun the Compliance Oversight Committee should monitor the joint venture on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplemental risk associated with any negative information discovered from a review of financial audit reports on the joint venture. The Compliance Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company’s of joint venture’s Code of Ethics. In addition to the above remedial review, the Compliance Oversight Committee should review all compliance-impacted payments by the joint venture to assure such payment are within the company guidelines and are warranted by the contractual relationship with the joint venture. Lastly, the Compliance Oversight Committee should review any request to provide the joint venture any type of non-monetary compensation and, as appropriate, approve such requests.

A key tool in managing the affiliation with a joint venture post-contract execution is auditing. Audit rights are a key clause in any compliance terms and conditions and must be secured. Your compliance audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed. Noted fraud examiner expert Tracy Coenen described the process as (1) capture the data; (2) analyze the data; and (3) report on the data, which is also appropriate for a compliance audit. 

In addition to monitoring and oversight of your joint ventures, you should periodically review the health of your joint venture management program. The robustness of your joint venture management program will go a long way towards preventing, detecting and remediating any compliance issue before it becomes a full-blown FCPA violation. As with all the steps laid out, you need to fully document all steps you have taken so that any regulator can review and test your metrics. The Evaluation of Corporate Compliance programs lays out what the DOJ will be reviewing and evaluating going forward for your compliance program. You should also use these metrics to conduct a self-assessment on the state of your compliance program for your joint ventures. 

Three Key Takeaways

  1. It all starts with a Relationship Manager.
  2. Have company oversight of all joint ventures. Couple this with a Compliance Oversight Committee for a second set of eyes.
  3. Audit, monitor and remediate (as appropriate) your joint ventures on an ongoing basis.

 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

For this Friday’s installment of the October compliance Classic Monster Movie fest, I combine two installments in the 1940s reimaging of the 1932 classic; The Mummy’s Tomb and The Mummy’s Ghost. I combine them both as they are essentially sequential follow-ons to the 1940 film The Mummy’s Hand.

The Mummy’s Tomb picks up the story thirty years after the conclusion of the previous film. It begins with Steve Banning reciting the story of Kharis to his family and evening guests one night. He relates the destruction of the creature, at the tombs back in Egypt. However, surviving their supposed demise, Andoheb explains the legend of Kharis, (now played by Lon Chaney, Jr.) to his follower, Mehemet Bey. Andoheb passes on instructions for the use of the tana leaves and assigning the task of terminating the remaining members of the Banning Expedition and their descendants. Bey and Kharis leave Egypt for the journey to the United States to fulfill their destiny, which they largely accomplish, killing nearly everyone involved in the original expedition.  

The Mummy’s Ghost picks up with Andoheb, the aging High Priest, summoning Yousef Bey to the Temple of Arkam to pass on the duties of High Priest. He explains the legend of Kharis to Bey and informs Bey that Kharis still lives and that Yousef’s mission is to retrieve Kharis and the body of Ananka and return them to their rightful resting place in Egypt. Back in Mapleton, Massachusetts, where the last Mummy rampage occurred and where Kharis is located, a student, Tom Hervey, meets up with his girlfriend Amina Mansori, a beautiful woman of Egyptian descent. She will become the immortal love interest of Kharis.

Kharis senses Amina as the carrier of Ananka’s soul and kidnaps her. Tom tries to rescue her but is fought off by Kharis. Unfortunately, Amina ages to become the same vintage as Kharis as he lumbers off with her where they sink into quicksand in a swamp. Tom’s last anguished sight of Amina is that of a 3,000-year-old Egyptian Princess as Kharis and Ananka disappear under the water, united in death.

What is the connection of compliance and these two installments in the Mummy oeuvre? It is professional development (don’t worry – it will be clear by the end). My good friend Corina Manea wrote a great post yesterday over on Spin Sucks, entitled “How to Build Your Professional Development Plan for Habit”, which I have purloined and adapted for the compliance professional. There are only eight working weeks left in the year. What have you achieved against the professional development goals you set in January? It is very easy to stuck in the details of our day job.

Too often your learning goals suffer because you are too busy or too tired to even think about it. Or because you have no time and have other obligations. Yet there is no job, particularly the compliance profession, in which you can function if you do not focus and invest in your professional development now. One of the clear themes of this year’s SCCE 2017 Compliance and Ethics Institute (CEI) was the need for professional development.

Professional Development is a Must for Every Compliance Professional

I want you to look around…really look around you. Artificial intelligence (AI) is gaining ground and will be a part of the compliance practice in a very short time. Can you read a spreadsheet? If not, you probably will not ever be a CCO.

Blockchain has been called the new internet and will certainly be one of the most important tools in compliance down the road. Your work must be measured but you have no idea how to read the data in front of you. Professional development is a must for every compliance professional no matter how much – or how little – experience you have. Things are moving much more quickly and it is hard to keep up with technology, not to mention stay ahead of trends. Which brings me back to investing in your professional development now, as opposed to later.

Treat Professional Development as a Client

The key insight is that as a compliance professional, you must treat your professional development as if it were a client. This means to give it the same attention, dedication, and passion you have for your day-to-day work. In time and with hard work (there is no way around that), it will pay off. Take your career into your own hands and invest in your professional development. It starts with a plan, one that will help you create the habit. Your plan should include, at a minimum:

  • How much time per day you will spend learning;
  • The top five publications, blogs, or online magazines you want to read every day;
  • Online courses you want to take in the next three months; and
  • The top three conferences you want to attend next year.

Do not forget to include digital networking, as well. Once you have your plan in place, it’s time to split each goal into monthly and weekly tasks. Schedule a meeting with yourself at the end of each week – actually put it on your calendar – to review your progress, see what worked and what did not work for your development and adjust for the following week. Apply the same strategy at the end of each month and quarter. Write down your weekly and monthly results and progress. There is no bigger motivator than getting results from your efforts. Do not treat it lightly; write it down; all of it and then commit to it. 

How can you achieve all of this? A good way to start would be to join me next week for my inaugural Doing Compliance Master Class Series. You a trusted partner who delivers relevant content, which can be used to solve a wide variety of issues, even those outside the anti-corruption compliance space. This series delivers timely topical information you can trust, is relevant to the compliance business function, and comes at a reasonable cost.  As the Compliance Evangelist, I bring a unique insight into what many companies have done right and many have done not so well over the years. This professional experience enables me to put together a unique training program for any professional who wants to succeed in compliance. For more information, check out Doing Compliance Master Class Series. 

The lesson from the two Mummy movies that opened this piece are that lifelong learning is something you must engage in as a compliance practitioner. The compliance world will not sit still and neither should you. Manea was right, you must treat your professional development with the same seriousness that you treat your internal customers and clients; i.e. your employees. Set out a plan, follow it, measure your actual progress against the plan and adjust as needed.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

For instance, the joint venture may interact with foreign government officials or employees of a state-owned enterprise; then leverage those relationships for an improper benefit either contracts, regulatory licenses, permits or customs approvals. It is difficult to regulate a joint venture’s interactions with foreign government officials when you partner is a state-owned enterprise, or where your company is relying on the local company for its local contacts and expertise for business development and/or regulatory knowledge and experience.

The risks are compounded when the US company does not exercise control of the joint venture. This is further compounded by the fact there is no minimum threshold for a FCPA enforcement action against a US company for the actions of a joint venture in which it holds an interest. If a company holds something less than majority rights, it must to urge, beg and plead for the majority partner to adhere to anti-corruption compliance standards and controls. Often, these requirements are established in the joint venture agreement but the success in securing such contract protections depends on the importance of the global company to the joint venture itself.

Another set of issues comes from the joint venture when it seeks to retain third party agents and/or distributors. Depending on the amount of control, the US company usually can impose its set of standards for conducting due diligence of third party agents and distributors. These risks become more difficult when the joint venture partner brings to the joint venture a proposed third party agent or distributor and vouches for the agent or distributor. If the joint venture partner is a state-owned enterprise, the issues become even more complicated as such referral creates an obvious red flag for a government-sponsored referral.

Now add on the fact that the foreign joint venture partner may not be proficient in English as a first language. The US company may not have financial personnel with requisite language skills in the foreign country. Some companies have a policy that English will be used throughout the world in its business dealings. However, even with such an English only policy in place, the risks represented by such lack of effective oversight by the multinational extend not only to potential FCPA violations, but to other corrupt acts, including kickbacks, fraud and theft.

At this point you have engaged in due diligence prior to the create of the joint venture agreement. The agreement itself has a robust set of compliance terms and conditions, including the right to audit. Mike Volkov has called the exercise of the right to audit one of the key elements in the risk management process around joint ventures. He advocates that any audit take a deep dive into the payments made by the joint venture to a wide range of persons and entities, including agents, suppliers, customers or any others. This would be particularly important for payments made to do business or otherwise operate legally in the joint venture’s locations. This means there should be an inspection of the joint ventures books and records to see if facilitation payments are properly recorded as facilitation payments.

Volkov noted that one interesting area which requires greater review is around payments to colleges or universities outside the US. If there are payments for research or other projects you need to audit the payments and services with an eye towards determining that the rate paid is not out of line with the local payment rate. The same holds true around gifts and entertainment as the local tradition of your foreign partner may be quite different than the expectations of an American company operating in a country such as China.

Another area for audit is if the foreign partner receives a management fee, which can be used for improper purposes. Several FCPA enforcement actions were based on this or similar payment schemes. Such fees may simply be based upon a percentage of joint venture revenue or profit, and often are not required to correspond to defined tasks, or specific efforts or hours. Most usually, there are no substantive billings associated with such fees, they simply become due. Under this type of arrangement, it is almost impossible to justify this fee if requested by the DOJ. If the foreign partner does receive such a fee, this will need to be closely scrutinized in the audit process.

Volkov advocates using a wide-range of investigation techniques in any audit of a foreign joint venture. He said that a trip to the joint venture headquarters is mandatory, as are onsite interviews with key joint venture personnel such as joint venture CEO, CFO, head of audit, head of HR and compliance. A key interview is always the head of sales for the joint venture and any head of sales who might deal with foreign governments or state-owned enterprises. Phone interviews can be used to supplement these in person interviews where appropriate.

Volkov stated that “what we were trying to put together was a product that can stand up to subsequent scrutiny, particularly by the Justice Department and the SEC.” Yet there are other key reasons for the audit; these include education, training and communication. Every time you meet with someone, you have the chance to not only listen to them but give them information on the compliance program and expectations thereunder. Equally important is the ease and (hopefully) comfort the participants in the joint venture will feel about your compliance efforts and their compliance obligations going forward.

As a baseline, I would suggest that any audit of a joint venture include, at a minimum, a review of the following:

  1. the effectiveness of existing compliance programs and codes of conduct;
  2. the origin and legitimacy of any funds paid to Company;
  3. books, records and accounts, or those of any of its subsidiaries, joint ventures or affiliates, related to work performed for, or services or equipment provided to, Company;
  4. all disbursements made for or on behalf of Company; and
  5. all funds received from Company in connection with work performed for, or services or equipment provided to, Company.

If you want to engage in a deeper dive you might consider evaluation of some of the following areas:

  • Review of contracts with joint ventures to confirm that the appropriate FCPA compliance terms and conditions are in place.
  • Determine that actual due diligence took place on the joint venture.
  • Review FCPA compliance training program; both the substance of the program and attendance records.
  • Does the joint venture have a hotline or any other reporting mechanism for allegations of compliance violations? If so how are such reports maintained? Review any reports of compliance violations or issues that arose through anonymous reporting, hotline or any other reporting mechanism.
  • Does the joint venture have written employee discipline procedures? If so have any employees been disciplined for any compliance violations? If yes review all relevant files relating to any such violations to determine the process used and the outcome reached.
  • Review employee expense reports for employees in high-risk positions or high-risk countries.
  • Testing for gifts, travel and entertainment that were provided to, or for, foreign governmental officials.
  • Review the overall structure of the joint venture’s compliance program. If the company has a designated compliance officer to whom, and how, does that compliance officer report?
  • How is the joint venture’s compliance program designed to identify risks and what has been the result of any so identified?
  • Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the joint venture.
  • Regarding any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and apply analytical procedures and testing.

Finally, is your follow up after the audit. If there are any red flags which were not fully investigated during the audit process, that must be accomplished in this phase. Additionally, if there were action items for remediation they should be completed in a timely manner. There may be some issues which may bear greater scrutiny during the year, such as gift, travel and entertainment expenses which can be noted as well. 

Three Key Takeaways

  1. Joint Venture present unique risks FCPA risks and must be managed accordingly.
  2. Your final report needs to consider the final viewer of the document, potentially the DOJ or SEC.
  3. Be sure to follow up on any red flags raised but not cleared and action items for remediation or additional scrutiny.

 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

In this episode, I visit with branding expert Linda Justice. We discuss the role of a Board of Directors in corporate branding. We discuss ‘what is branding?’

  • Perception of a company?
  • The customer experience?
  • The stakeholders’ experience?
  • Investors experience?
  • Employees experience?
  • Is it found in print, advertising, word of mouth?
  • Or is it LIVE—as in Twitter, Customers complaining or praising in real time?

Linda explains how branding is all of these things. She explains why a Board should care about branding as it helps to grow the company and protects (or harms) the company’s reputation. She also explains how With a STRONG BOARD and a STRONG ETHICAL BACKBONE and CULTURE, this enhances branding for Customers, Employees and other stakeholders. Justice also relates that a company grows on the strength of its employees and on customers buying their products and services and concludes on the note that ethics must be part of the brand to sustain and grow both.