This Week in FCPA-Episode 19, the International Edition

Show Notes for Week ending August 26, 2016

  1. John Kerry: Corruption is ‘root cause’ of terrorism, on FCPA Blog.
  2. Eric Ben-Artzi Op-Ed piece on why he turn down his whistleblower award, as featured in the Financial Times.
  3. Lessons from History-the Tudors on compliance, from the FCPA Compliance Report.
  4. FedEx trial debacle for the DOJ, and Paul Pelletier’s recommendation to fix recent spate of ill-fated and advised DOJ prosecutions, as featured in the FCPA Blog.
  5. Hallmarks 1-5 of the Ten Hallmarks of an Effective Compliance Program, as featured in the FCPA Compliance Report.

TrainingIn a recent Slate article, entitled “Ethics Trainings Are Even Dumber Than You Think, author L.V. Anderson railed against what she termed box-checking training where companies put on training not to actually train employees but simply to check the box that training has occurred. She also spoke against “dumbed-down nature of most compliance courses”.

Certainly recognizing that inane training is simply that – inane training, Anderson missed the larger picture of what constitutes a best practices compliance program. Training is one part of a larger component of how companies manage their compliance with laws, regulations and, most importantly, the ultimate barometer of their value – their corporate reputation through compliance. The role of compliance in corporations was born in 1992 with the enactment of the US Sentencing Guidelines, which laid out the initial standards for corporate compliance and ethics programs, of which training is one part. It was only after these Sentencing Guidelines were put into effect that corporations moved to create Codes of Conduct to publicly state their values.

These Sentencing Guidelines provide a very general outline of what would constitute an effective compliance program. In the latest amendments to the Sentencing Guidelines, in 2010, the stated purpose of training is to “(6) Training – Conduct effective training programs and otherwise disseminate information to ensure that the board of directors, high level personnel and other employees with substantial authority receive information about the standards, procedures, and other aspects of the compliance program”.

One of the most significant areas of the law, where the government has provided specific guidance on compliance programs including training, is the 2012 publication entitled “FCPA – A Resource Guide to the U.S. Foreign Corrupt Practices Act”, which was issued jointly by the Criminal Division of the Department of Justice (DOJ) and the Enforcement Division of the Securities and Exchange Commission (SEC). This FCPA Resource Guide provided the government’s views on what constituted an effective compliance program under the Foreign Corrupt Practices Act of 1977 (FCPA) in the form of the Ten Hallmarks of an Effective Compliance Program.

Hallmark No. 5, Training and Continuous Advice, which says, in part, “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been com­municated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” This Hallmark goes on to state that training should be appropriate for the risk of the persons being trained and tailored to the situations they might find themselves at risk in for their company.

Whether you consider the language of the Sentencing Guidelines or the much more specific FCPA Resource Guide, the proper context to review ethics and compliance training is as a part of an overall holistic approach to compliance and ethics, compliance can be seen in its proper role as a communication tools. The reason a company puts on compliance training is not to solely stop unethical or non-compliant conduct. The role of training is to communicate the standard of values the company wants to set forth.

The training itself should be tailored to risks involved with those employees receiving the training. My wife works at a major oilfield service company in Houston, as an SAP integration specialist in the IT department. The risk that she could engage in non-compliant, unethical behavior, that could put her company at legal risk, is relatively low. So basic training for her on the company’s ethical values is an appropriate reminder.

However, in the same company there are thousands of employees who are in positions oversees which are at much higher risk for non-compliant behavior, particularly under the FCPA. For those employees more focused, specific and in person training is the preferred method. So more than simply asking is something illegal, such training would focus on the specific requirements under the law, what an employee should do if a foreign government official demands a bribe and how to seek help or report such conduct through the company hotline.

Training is not and never has been the all-encompassing way to stop illegal or even non-compliant, unethical conduct. It should be seen as a part of the overall corporate compliance program. Enron is the prime example that simply having one part, the Enron gold standard Code of Conduct and even training on that Code of Conduct, is not enough. It all starts at the top with the tone from the top. If your top management are crooks, in the case of all the former Enron senior managers who are now convicted felons, that speaks to the tone management creates. No rule, regulation, company policy or certainly compliance training should get in the way of the next deal.

Yet even after management sets an appropriate tone, that tone must be communicated to the employees. A corporate Code of Conduct sets out the general values and the policies and procedures lay the specifics of how employees can comply with laws, regulations and ethical concepts. After this communication, a company must set out appropriate incentives and discipline (carrots and sticks) to reinforce these behaviors. Finally, there should be internal controls baked into to all of this, which not only reinforces these concepts but also allows a corporate compliance department to monitor compliance to hopefully prevent any incidents before they become violations and detect them if they occur.

Anderson does get one thing right. If a company is putting on training simply as “just a form of legal ass-covering” then it is probably the type of company which does not put a high value on doing business either (1) ethically or (2) in compliance with existing laws. That alone puts a company in the Enron zone for compliance. Next, I will take a look at her claims about the dumbing down of compliance training.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Get out of jailIt certainly did not take long for companies to see the benefit of the Department of Justice (DOJ) Foreign Corrupt Practices Act (FCPA) Pilot Program around FCPA enforcement as this week there where two public declinations granted by the DOJ for companies that admitted FCPA violations. New Deputy Chief of the DOJ Criminal Division Fraud Section and head of the FCPA Unit, Daniel Kahn, issued letters to both Akamai Technologies, Inc. (Akamai) and Nortek Inc. (Nortek) this week, declining to prosecute both companies for their admitted FCPA violations. Today, I will begin a three-part series on how the companies sustained these results. Today, I will look at the underlying facts and tomorrow I what actions engaged in by the respondents achieved this result under the new Pilot Program. In Part III, I will conclude with lessons to be learned from these two FCPA enforcement actions.

Also, most interestingly, both parties received Non Prosecution Agreements (NPAs) from the Securities and Exchange Commission (SEC). Akamai agreed to profit disgorgement of in the amount of $652,452, together with prejudgment interest thereon in the amount of $19,433 within 15 days of the signing of the NPA. Nortek agreed to profit disgorgement in the amount of $291,403, together with prejudgment interest thereon in the amount of $30,655 within 15 days.

Akamai

What were the underlying facts involving each entity? As set out in the SEC’s NPA Akamai is a US stock listed company which provides cloud services for delivering, optimizing and seeming online content and business applications over the internet (“internet capacity and services”) and maintains operations in North America, Europe, and China. Akamai (Beijing) Technologies, Co. Ltd (“Akamai-China”) is a wholly owned subsidiary of Akamai located in Beijing, China. Akamai-China provides technical and sales support to its local Chinese channel partners for content delivery services, which are resold by Channel Partners in China.

Akamai-China was required to contract with third-party Channel Partners to deliver its services to end customers. From at least 2013 through 2015, a Regional Sales Manager for Akamai-China (the “Regional Sales Manager”) concocted a scheme with a channel party “to bribe employees of three end customers, two of which were Chinese state owned entities, to obtain and retain business. The bribes were paid to induce the end customers’ employees, including the employees of the Chinese state owned entities (hereinafter the “Chinese government officials”), to contract to purchase up to 100 times more network capacity from the Channel Partner than each company actually needed.” To top it off, the Channel Partner would then purchase this capacity from Akamai-China, add its own markup, and sell the capacity to the end customers. It was a very neat way to fund a bribery scheme.

To induce the end user to contract with Akamai-China, the Channel Partner would pay monies from these bogus sales to the Regional Sales Manager’s accounts. As noted in the NPA, “The Regional Sales Manager then paid a portion of these funds, and also provided expensive gifts, to employees of the three end customers. Overall, the Regional Sales Manager paid approximately $155,500 to employees of end customers, including approximately $38,500 in cash to Chinese government officials.”

Yet the bribery scheme did not stop there as employees of “Akamai-China routinely provided improper gifts and entertainment to employees of its end customers, some of whom were Chinese government officials, to obtain or retain business. The gifts and entertainment given to Chinese government officials totaled approximately $32,000 and were provided in violation of Akamai’s corporate governance and internal accounting controls policies. Akamai-China improperly recorded the gifts and entertainment to Chinese government officials as legitimate business expenses.”

As you might opine from such a systemic failure around its anti-corruption program, there were FCPA Accounting Provisions failures in both internal controls and books and records. There were multiple internal controls failures that allowed the Akamai-China bribery scheme to go undetected. The NPA listed the following, including failure “to provide reasonable assurances, among other things, that transactions were executed in accordance with management’s general or specific authorization and transactions were recorded as necessary to maintain accountability for assets. Akamai’s internal accounting control failures included: the lack of formalized due diligence of China-based channel partners; the failure to proactively exercise audit rights to ensure compliance with anti-bribery policies; failure to monitor or review customer usage in high-risk regions; failure to translate anti-bribery and anti-corruption policies into Mandarin; inadequate employee training on compliance and anti-bribery policies; and the lack of effective procedures for reviewing and approving business entertainment.”

Both Akamai-China’s and the parent company’s books and records were inaccurate because Akamai-China had made improper payments, in the form of gifts and entertainment, which were inaccurately recorded as legitimate business expenses. Akamai-China’s books and records. These inaccurate subsidiary financials were subsequently consolidated with Akamai’s books and records, rendering Akamai’s books and records inaccurate.

Nortek

As set out in its NPA, Nortek is a US stock exchange listed company which manufactures and sells a wide variety of products for residential and commercial constructions and remodeling and the personal and enterprise computer markets, including heaters, range hoods, heating, ventilation and air conditioning systems, and garage door and security systems. Nortek had an indirect subsidiary, Linear Electronics (Shenzhen) Co. Ltd. (“Linear China”), which provided manufacturing services for Nortek in China. Both companies had operations in China where they violated the FCPA.

According to its NPA, from at least 2009 to 2014, the Managing Director of Nortek’s Chinese subsidiary, together with the “accounting manager, customs liaison officer, and other employees made or approved improper payments and gifts to local Chinese officials in order to receive preferential treatment, relaxed regulatory oversight, and/or reduced customs duties, taxes, and fees.” There were over 400 illegal payments made and the totaled approximately $290,000. The payments and gifts “to local Chinese officials included cash payments, gift cards, meals, travel, accommodations, and entertainment. Linear China made the illicit payments to local officials from multiple different governmental departments, including customs, tax, fire, police, labor, health inspection, environmental protection, and telecommunications.”

Further, Nortek had a systemic failure in its internal controls that led to these FCPA violations. Its NPA stated, “Nortek failed to devise and maintain a system of internal accounting controls at Linear China sufficient to provide reasonable assurances that, among other things, transactions were executed in accordance with management’s general or specific authorization, and transactions were recorded as necessary to maintain accountability for assets. Linear China made improper payments from multiple accounts, which Nortek failed to review or test. Nortek failed to notice obvious red flags in Linear China’s financial records, including the number and size of Linear China’s meals and entertainment expenses.” Belying the recent criticism of training, “Nortek failed to establish procedures to ensure its Linear China employees were trained in anti-corruption compliance.” Nortek also failed to accurately record these payments on its books and records.

There was no information presented on the size of any specific or particular payment made by either Akamai or Nortek. While it is not clear from the Nortek NPA whether some of the payments made might fall under the facilitation payment exemption to the FCPA, it was clear that the company did not correctly record the payments in its books and records.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Balance SheetOne of the most interesting tag lines I heard at Compliance Week 2016 was the following, if you want to work in my compliance department; you need to learn how to read a balance sheet. I thought that single line encapsulated the change in the compliance function over the past few years more than any other. Why, because it speaks to the change of compliance from being centered in the legal department, run by lawyers as a rules based program, to fully understanding that compliance is a business process that needs to centered in its own discipline. For if you cannot read a balance sheet you cannot bring a positive value to a business unit.

Several different speakers emphasized this point during the conference, each coming at it from different angles. From the regulatory angle, Andrew Weissmann, Chief of the Department of Justice (DOJ) Criminal Division’s Fraud Section, spoke in terms of the operationalization of compliance as a key metric the DOJ will use to evaluate a compliance program under its new Pilot Program. Weissmann said the DOJ wants to know if the if business unit of a company is responsible for at least a part of compliance. Weissmann had an interesting angle on the real problem for a Chief Compliance Officer (CCO) stating that if compliance is not embedded into the business, that problem is that the CCO simply becomes a policeman, telling the business unit what it cannot do. Or as I would say, being Dr. No from the Land of No.

Speaking on the same panel, Stephen L. Cohen, Associate Director of Enforcement, Securities and Exchange Commission (SEC) came at it from the angle of CCO involvement in the overall strategy and budgeting process of an organization. Cohen had several questions he would ask to determine the level of CCO independence within an organization. First and foremost, is the CCO a part of the senior management or the C-Suite? Is the CCO part of regular meetings of this group? He also would want to specifically know if the CCO was a part of overall strategy and company budgetary meetings?

In addition to the foregoing, Cohen had some additional questions he would consider. The first was who could over-rule the decision by a CCO within an organization? He would also inquire into who is making the decisions around salary and compensation for the CCO? Is it the CEO, the GC, the Audit Committee of the Board or some other person or group?

These views are an extension of what the DOJ Compliance Counsel Hui Chen spoke about when she began publicly speaking in her new role, particularly last fall at the New York University Program on Corporate Compliance and Enforcement public forum. At the forum, Chen stated there should be some significant thought put into a company’s compliance program. She expounded that stakeholders need to be a part of your compliance program design process and have input into the compliance internal controls.

Chen also made clear that your compliance program should be tied to the functional unit of a company. This means that Human Resources (HR), Payment, Audit, Vendor Management, IT, Supply Chain and all traditional indirect cost functions need to be involved in the operation of your compliance program in their respective areas of influence. Tied with the operationalization is the evidence that you, as the CCO or compliance practitioner, got out of your office and met with the stakeholders of your compliance program. This is more than simply in your compliance program design, it includes the compliance program implementation. She suggested evidence to show more than compliance simply had a seat at the table but that compliance was actively involved with operational decision-making.

Chen also noted compliance needs to be a part of the discussions around how compensation systems are designed and particularly around discretionary bonus systems. She admitted that compliance’s views on compensation are not always sought but in her mind it is one area that, if utilized, would demonstrate a commitment to compliance by the organization.

Operationalizing compliance requires providing resources to the compliance function. This mean more than monetary resources or even head count. In her remarks, Chen specified the twin resources of attention and commitment. This means how often do you meet personally with your Chief Executive Officer (CEO), Audit Committee of the Board and the full Board of Directors? Chen said that she would inquire into the details of these briefings, so, for instance, are the briefings based on employee surveys, quantitative data or is it simply anecdotal information? She said that it is important that compliance have a real dialogue with the C-Suite and not a rote briefing.

Interestingly another conference session featured three compliance professionals who have had the experience of making presentations to the DOJ where the new Compliance Counsel was present. All three spoke about Chen testing whether the compliance program was “real”, meaning had they been able to operationalize it into the organization. This step of operationalizing your compliance program entails moving far beyond being Dr. No from the Land of No. You have to move your compliance initiatives down into the business functions that oversee each step of the process. This means working with HR, IT, Internal Audit, Finance, Sales, Marketing, Business Development, Supply Chain and all the other corporate functions.

If you want to get into a compliance function, you are going to have to know more than simply the Foreign Corrupt Practices Act (FCPA), other laws, rules and regulations. You have to be seen as a part of the business that actually gets things done. Looking and playing lawyer is not going to get it done because the role of in-house counsel is to protect the company, sometimes from outside forces and sometimes from inside the organization. Operationalizing compliance means embedding the processes of compliance into each unit within the organization. Can anyone consider HR not being a compliance risk after the BNY Mellon and Qualcomm FCPA enforcement actions? Putting anti-corruption compliance processes into HR is mandatory now but if you do not understand how HR works, you will not be able to advise them how to do so.

This is the same with every other functional organization in a company. If you cannot read a balance sheet, you cannot perform the most basic function in a business. So if you want to get into the compliance profession… learn how to read a balance sheet.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016