King ArthurI have been studying the legend of King Arthur and thought it would be good idea to have a week of blog posts around the legend of King Arthur, the Roundtable and his knights. Today I begin with King Arthur and some leadership lessons that might apply to a Chief Compliance Officer (CCO), compliance practitioner or others who might be responsible for an anti-corruption compliance program based on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or similar anti-bribery law.

According to the legends, King Arthur achieved quite a bit in one lifetime. He, established a kingdom, ruled his castle, Camelot and brought peace and order to the land based on law, justice, and morality. He founded an order known as the Knights of the Round Table where in all knights are seated as equals around the table, symbolizing equality, unity, and oneness. Nicole Lastimado, in a blog post entitled “Characteristics of a Good Leader :), identified five characteristics that she believed made Arthur a good leader.

Adapting Lastimado King Arthur was (1) Honest, in that he displayed sincerity, integrity, and candor in his actions. (2) Intelligent, because he read and studied. (3) Courageous, because he had the perseverance to accomplish a goal, regardless of the seemingly insurmountable obstacles. (4) Imaginative because he adapted by making timely and appropriate changes in his thinking, plans, and methods. Finally, (5) Inspiring, because through demonstrating confidence, he inspired his knights and those in his Kingdom to reach for new heights. I would add as a separate category that Arthur led from the front.

I thought about those qualities when I read a couple of recent articles in the Houston Chronicle. The first was by the Chronicle Business Columnist, L. M. Sixel, entitled “Leaders possess the keys to safety”, and the second was an Op-Ed entitled “Trust Shaken”. Both articles discussed corporate issues that have led to catastrophic injuries or even deaths and more importantly how the entities involved reacted. The first article discussed safety at the workplace and the second health issues in the processing of food products.

In her article Sixel, wrote, “A company truly interesting in making sure its workers are safe has to come up with ways to make it easy and risk-free to bring up potential safety problems.” Moreover, the corporate attitude which fosters this “starts with leadership.” She cited to Frank Reiner, the president of the Chlorine Institute, who recently said in a speech to the group’s annual conference in Houston “You have to eliminate the fear.” Additionally, “Once the cause is identified, similar accidents can be prevented, he said. The message that people are free to come forward to talk about what went wrong and why has to come from the top down. Identifying problems not only is everyone’s responsibility but also a companywide expectation.”

Equally important is for a company to learn from its mistakes. Obviously there should be a root cause analysis after a disaster. At the same conference, the Keynote Speaker, John E. Michel, a retired U.S. Air Force brigadier general and author of The Art of Positive Leadership: Becoming a Person Worth Following, said “After a disaster, there is a big investigation to find out why it happened and fix the problem before it can happen again. Sometimes, whole fleets are grounded after an airline crash.” However Michel noted that it is important to keep learning even if there is no disaster. Michel “likes to pay attention to “near misses” and learn from the times things could have gone horribly wrong but didn’t” and that “There are debriefing sessions even when things go well on a flight mission and there are always tweaks to be made.”

Another speaker at the conference Mark Briggs, area director of the Houston South office for OSHA, noted it was important for employees to feel their suggestions and comments around safety are considered by management, saying “You have to show you care and that’s its not just a one-month project.” If management shows that it takes employee recommendations around safety seriously, it will help employees down the chain feel more secure about bringing them to management’s attention.

The Chronicle Op-Ed piece focused on one of the most beloved institutions in the great state of Texas – Blue Bell Ice Cream. Unfortunately for Blue Bell, in March there were five cases of listeria in Kansas, linked to a Blue Bell plant. Three of those persons died, “although a Kansas health official stated that the listeriosis was not the cause of death.” The Chronicle piece noted that after that initial discovery, “multiple strains of listeria have been found in its Brenham and Oklahoma plants, almost 500 miles apart, according to the CDC [Center for Disease Control and Prevention]. Possible explanations include lax safety standards, extremely bad luck striking twice or some undisclosed manufacturing issue.”

A The Texas Tribune article by Terri Langford, entitled “State Health Tests Prodded Blue Bell Recall, said, “The crisis for Blue Bell began on March 13, when Kansas officials determined that Listeria-tainted portions of the company’s ice cream made it into products served to five hospital patients between January 2014 and January 2015. Of the five who became ill, three died. By March 24, Kansas officials traced the source of the listeria to Blue Bell’s plant in Broken Arrow, Okla., built by the Texas company in 1992. On April 3, the Centers for Disease Control had traced Blue Bell’s Listeria strain to six other patients going back to 2010. Four had been hospitalized in Texas for unrelated problems when they became sick from listeria. Five days later, on April 8, the CDC had identified two clusters of Blue Bell listeria victims. The strains were traced to the plants in Oklahoma and Texas.”

Yet it was not until Blue Bell was notified by a representative from the Texas Department of State Health Services, that “lab tests on two Blue Bell ice cream flavors — Mint Chocolate Chip and Chocolate Chip Cookie Dough — came back “presumptive positive” for the deadly bacteria Listeria monocytogenes” that the company announced it was pulling product from its shelves for testing.

What are the lessons from for the CCO or compliance practitioner? You should channel your inner King Arthur and lead. You have to lead management to understand that one of the best sources of information on your own business is your employees. There is a reason the FCPA Guidance lists internal reporting as one of the Ten Hallmarks of an Effective Compliance Program. You must give employees a way to report misconduct and then you must use that information to investigate and communicate to employees going forward. If there are lessons to be learned use those lessons for in-house compliance training. If a true catastrophe or disaster befalls the company, do not wait to remediate. Do so as soon as is practicable, not when the government calls.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Rolls RoyceJust as the GlaxoSmithKline PLC (GSK) case in China heralded a new day in international anti-corruption enforcement, the Petrobras case may be equally important going forward. The scope and breadth of the investigation is truly becoming worldwide. Last fall, one of the first questions raised was why was the US Securities and Exchange Commission (SEC) was investigating the company as it is headquartered in Brazil. While there is subsidiary Petrobras USA, which is a publicly listed company, it was not immediately apparent what role the US entity might have had in the bribery scandal, which was apparently centered in Brazil. However some recent revelations from across the pond may shed some light on the topic.

As with any corruption scandal there are both bribe payors and bribe receivers. The Petrobras corruption scandal initially focused on the bribe receivers in Petrobras. But last month one of the key bribe receivers, who is now cooperating with the Brazilian authorities, Pedro Barusco has identified the UK Company Rolls-Royce Group PLC as a bribe payor. As reported in the Financial Times (FT) by Samantha Pearson and Joe Leahy, in an article entitled “Rolls-Royce accused in Petrobras scandal”, Barusco has “told police he personally received at least $200,000 from Rolls-Royce — only part of the bribes he alleged were paid to a ring of politicians and other executives at the oil company.”

However the allegations moved far beyond simply Rolls-Royce. The article also reported, “Brazil’s authorities are already investigating allegations that Petrobras officials accepted bribes from SBM Offshore, a Netherlands-based supplier of offshore oil vessels. SBM has said it is co-operating with the investigation. Units of two Singaporean companies, Keppel Corporation and Sembcorp Marine, along with three Brazilian shipbuilders with large Japanese shareholders, have also been accused of participating in the bribes-for-contracts scheme.” Finally, they reported that “Mr Barusco alleged that his friend Luiz Eduardo Barbosa, a former executive of Swiss engineering group ABB, was responsible for organising bribes from Rolls-Royce, SBM and Alusa, a Brazilian construction company.”

Rolls-Royce is currently under investigation by the UK Serious Fraud Office (SFO) and Department of Justice (DOJ) for allegations of corruption in several countries. Katherine Rushton, reporting in The Telegraph in an article entitled “Rolls-Royce investigated in US over bribery claims”, said “Rolls-Royce is being investigated by the US Department of Justice (DoJ), following allegations that its executives bribed officials in Indonesia, China and India in order to win lucrative contracts.” She cited to the company’s annual report for the following, ““The group is currently under investigation by law enforcement agencies, primarily the Serious Fraud Office in the UK and the US Department of Justice. Breaches of laws and regulations in this area can lead to fines, penalties, criminal prosecution, commercial litigation and restrictions on future business.””

But more than simply Rolls-Royce, readers will recognize several names from a rogue gallery of companies either implicated with corruption violations or under investigation. SBM Offshore was a poster child last year for the DOJ deferring to foreign authorities to prosecute claims of bribery and corruption. I wonder if SBM Offshore attested in its settlement documents with the relevant Netherlands authorities that it had not engaged in any other bribery and corruption beyond that which was the basis of its settlement? I wonder if the company made any such averments to the DOJ? I wonder if the DOJ will make any such deferments again given the SBM Offshore settlement with the Dutch authorities? What about ABB?

In addition to the above, SBM Offshore may be the most relevant example in the debate of an international double jeopardy standard. Jordan Moran, writing in the Global Anti-Corruption Blog, has consistently argued that international double jeopardy is a bad idea. Most recently, in an article entitled “Why International Double Jeopardy Is a Bad Idea”, he said, “when it comes to the global fight against transnational bribery, double jeopardy probably isn’t all it’s cracked up to be. To begin, most arguments calling for the U.S. and other OECD member countries to recognize international double jeopardy are nonstarters.”

Also interesting was the reference to ABB as the company went through its own Foreign Corrupt Practices Act (FCPA) enforcement action. As reported by Dick Cassin, in a 2010 FCPA Blog post entitled “ABB Reaches $58 Million Settlement (Updated)”, the company “reached a settlement Wednesday with the DOJ of criminal FCPA charges and will pay a fine $19 million. And in resolving civil charges with the SEC, the company will disgorge $22.8 million and pay a $16.5 million civil penalty. ABB Ltd’s U.S. subsidiary, ABB Inc., pleaded guilty to a criminal information charging it with one count of violating the anti-bribery provisions of the FCPA and one count of conspiracy to violate the FCPA. The court imposed a sentence that included a criminal fine of $17.1 million.” There was no information at that time as to whether the individual that Barusco named as the bribe payment facilitator, one Luiz Eduardo Barbosa, was involved in the prior ABB enforcement action in any way.

We have one or more companies, who are under current DOJ investigations, now being investigated in connection with the Petrobras bribery scandal. There are also companies that have gone through prior bribery and corruption enforcement actions now identified in the scandal. All of this now leads me to have some type of understanding of why the SEC might be investigating Petrobras USA. First, and most probably, it would be to see if the US entity was involved in the apparent decade long bribery scheme that the Brazilian parent now finds itself embroiled in. What if the US subsidiary was paying bribes to its parent to obtain or retain a benefit? Next would be any evidence of violations of the accounting provisions or internal controls requirements found in the FCPA. Finally, the SEC might be looking at Petrobras USA to see who its suppliers might be and if those companies merited investigation. Similar to looking that the Panalpina customer lists the SEC could review the Petrobras USA contractor list.

Just as GSK heralded the first time the Chinese government prosecuted a western company for violation of Chinese law, I believe the Petrobras bribery scandal will be a watershed. The outpouring of information and allegations at this time point to a multi-year, truly worldwide, bribery scheme. While it may in part have been Petrobras officials shaking down contractors for payments, it really does not matter under the FCPA or UK Bribery Act. If any company subject to either or both of those laws paid monies to Petrobras I expect they will be fully prosecuted. Further, given the arguments against an international double jeopardy standard made by Moran and others AND the apparent recidivism of prior bribery offenders, some companies may be in for a long and expensive ride.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Mr. SpockLeonard Nimoy died last Friday. He will be forever associated with the role of Mr. Spock in the original Star Trek television show which premiered in 1966. The original series ran for only three years but had a full life in syndication up through this day. He also reprised the role in six movies featuring the crew of the original series and in the recent reboot.

Mr. Spock was about a personal character for me as I ever saw on television. For a boy going through the insanity of adolescence and the early teen years, I found Mr. Spock and his focus on logic as a way to think about things. He pursued this path while dealing with his half human side, which compelled emotions. This focus also led me to explore Mediations by Marcus Aurelius. But more than simply logic and being a tortured soul, Mr. Spock and his way looking at things and Star Trek with its reach for the stars ethos inspired me when it came out and still does to this day.

Mr. Spock and his pursuit of logic inform today’s blog post. Every compliance practitioner is aware of the need for a risk assessment in any best practices compliance program; whether that program is based on the US Foreign Corrupt Practices Act (FCPA), UK Bribery Act or some other compliance law or regime. While the category of risk assessment is listed as Number 3 in the Ten Hallmarks of an Effective Compliance Program in the FCPA Guidance, both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) intone that your compliance journey begins with a risk assessment for two basic reasons. The first is that you must know the corruption risks your company faces and second, a risk assessment is your road map going forward to manage those risks.

Interestingly Risk Assessment is the second objective in the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Cube. In its volume entitled “Internal Control – Integrated Framework”, herein ‘the Framework Volume’, it recognizes that “every entity faces a variety of risks from external and internal sources.” This objective is designed to provide a company with a “dynamic and iterative process for identifying and assessing risks.” For the compliance practitioner none of this will sound new or even insightful, however the COSO Framework requires a component of management input and oversight that was perhaps not as well understood. The Framework Volume says that “Management specifies objectives within the category relating to operations, reporting and compliance with such clarity to be able to identify and analyze risks to those objectives.” But management’s role continues throughout the process as it must consider both internal and external changes which can effect or change risk “that may render internal controls ineffective.” This final requirement is also important for any anti-corruption compliance internal control. Changes are coming quite quickly in the realm of anti-corruption laws and their enforcement. Management needs to be cognizant of these changes and changes that its business model may make in the delivery of goods or services which could increase risk of running afoul of these laws.

The objective of Risk Assessment consists of four principles. They are:

Principle 6 – “The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to the objectives.”

Principle 7 – “The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.”

Principle 8 – “The organization considers the potential for fraud in assessment risks to the achievement of objectives.”

Principle 9 – “The organization identifies and assesses changes that could significantly impact the system of internal control.”

Principle 6 – Suitable Objectives 

Your risk analysis should always relate to stated objectives. As noted in the Framework Volume, it is management who is responsible for setting the objectives. Rittenberg explained, “Too often, an organization starts with a list of risks instead of considering what objectives are threatened by the risk, and then what control activities or other actions it needs to take.” In other words your objectives should form the basis on which your risk assessments are approached.

Principle 7 – Identifies and Analyzes Risk 

Risk identification should be an ongoing process. While it should begin at senior management, Rittenberg believes that even though a risk assessment may originate at the top of an organization or even in an operating function, “the key is that an overall process exists to determine how risks are identified and managed across the entity.” You need to avoid siloed risks at all costs. The Framework Volume cautions that “Risk identification must be comprehensive.”

Principle 8 – Fraud Risk 

Every compliance practitioner should understand that fraud exists in every organization. Moreover, the monies that must be generated to pay bribes can come from what may be characterized as traditional fraud schemes, such as employee expense account fraud, fraudulent third party contracting and payments and even fraudulent over-charging and pocketing of the differences in sales price. This means that is should be considered as an important risk analysis. It is important that any company follow the flow of money and if the Fraud Triangle is present, management be placed around such risk.

Principle 9 – Identifies and Analyzes Significant Change

It really is true that if there is one constant in business, it is that there will always be change. The Framework Volume states, “every entity will require a process to identify and assess those internal and external factors that significantly affect its ability to achieve its objectives. Rittenberg intones that companies “should have a formal process to identify significant changes, both internal and external, and assess the risks and approaches to mitigate the risk” in a timely manner.

Today’s blog post is a tribute to Mr. Spock as he, Star Trek and its characters continue to teach us lessons which we can apply in business going forward. It is the process of compliance which informs your program going forward. A risk assessment is recognized by sources as diverse as the DOJ, SEC and COSO as a necessary step. Just as Mr. Spock, the Science Officer onboard the Enterprise, was required to assess the risk to the ship and crew from a scientific perspective, a risk assessment can give you the tools to not only assess the corruption compliance risk to your company but a road map to managing that risk. So farewell to my long time friend Mr. Spock, you gave to me more than I ever gave back to you. I can think of no more fitting tribute to Spock than to say Live Long and Prosper.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Gulliver's TravelsThere was once a man named Gulliver who traveled widely and wrote a book about his adventures called Gulliver’s Tales. During his first voyage, Gulliver is washed ashore after a shipwreck and finds himself a prisoner of a race of little people, who live in the country of Lilliput. After giving assurances of his good behavior, Gulliver becomes a resident in Lilliput and becomes a favorite of the court. From there, the book follows Gulliver’s observations on the Court of Lilliput. He is also given the permission to roam around the city on a condition that he must not harm their subjects and otherwise engage in illegal, immoral or unethical conduct.

I am continually amazed at how life imitates art because if I told you the following tale you might accuse me of simply making up things to write about. Imagine there is a corporate banking Chief Executive Officer (CEO), whose company signed one of the largest Deferred Prosecution Agreements (DPA) ever a little over two years ago giving assurances of good behavior going forward. Now imagine I tell you that the same CEO has been hiding money for years in a Swiss bank account through a shell corporation for ‘his privacy’ (IE., Hiding money from the Lilliputians of this world). Unfortunately for the real Stuart Gulliver, the CEO at the banking giant HSBC, these facts are true. While his company is in yet another scandal involving its illegal conduct, while under a DPA for its past sins, it turns out the CEO was hiding approximately $7.7MM in a Swiss bank account. To compound this effort to conceal his monies, he did so through a shell Panamanian company.

Yet, just like the fictional Gulliver, the real Gulliver has a very simply explanation for this practice. According to Jenny Anderson, in an article in the New York Times (NYT) entitled “HSBC Chief Defends Swiss Bank Account Worth $7.7 Million”, Gulliver said “This has an everyday explanation to it” and said the explanation was that he was trying to hide the money so his co-workers would not know he much money he made. Or as Anderson wrote, “In an effort to protect his privacy — he was the bank’s top earner — he put the money in Switzerland to hide it from the prying eyes of his Hong Kong colleagues. But he then had to hide it from his curious Swiss colleagues, so he created an anonymous Panamanian company.”

So it turns out that Gulliver was not only trying to hide his money from his co-workers but also from the Swiss by creating a shell corporation to launder the money into before depositing it in Switzerland. Similar to those pesky Lilliputians, who might want to find out something about him that he did not want them to know, as when the fictional Gulliver agreed to not violate the law or engage in otherwise unethical conduct. Of course the real Gulliver has protested that such arrangements were not illegal at the time he engaged in them, side-stepping the question of whether his conduct was unethical (Ethical bankers, does that topic belong in the fiction section?).

Gulliver also went on a charm offensive essentially claiming that not only him but the entire banking industry in general was being picked on. Channeling his inner Mother Theresa, Gulliver was quoted in an article in the Financial Times (FT), entitled “Standards for bankers higher than for bishops, claims HSBC chief Gulliver” by Martin Arnold and George Parker, as saying “It seems to me that we are holding large corporations to higher standards than the military, the church or civil service.” While I am not quite certain as to the pay scale of UK church leaders, I am relatively certain that those in the civil service and military do not have an extra $7.7MM laying around that they need to launder through a Panamanian corporation to hide in a Swiss bank account.

The real Gulliver should have just channeled his fictional Gulliver and said that when in the land of Lilliput, you do not have to tell the Lilliputians the truth, even if you have sworn in a pesky DPA to do so. From the real Gulliver’s statement about bankers being held to higher standards, he obviously thinks that the church, military and civil service (and probably the rest of us mere mortals) have Lilliputian ethical obligations compared to him.

What does all this mean for prosecuting HSBC in the newly erupted money laundering through its Swiss subsidiary scandal? Well it is great to know your CEO has first hand knowledge of the mechanics of such activities. The appropriate UK authorities or even the US Department of Justice (DOJ) could interview the real Gulliver as a subject matter expert (SME) on not only how to hide money from your fellow employees, but also from the Swiss and even gain insight into such machinations to hide money from your own national tax authorities. The real Gulliver may be a real find for the DOJ as an expert witness, at the trial of his company for breach its DPA.

Further, just think of the credibility the real Gulliver would have in negotiations with the DOJ on whether HSBC broke its promises to do business in compliance with US anti-money laundering (AML) laws when it signed its DPA back in 2012. He could go right into the meeting and say, “Lads, let me dispel any misconceptions you might have about Swiss bank accounts. They exist to hide money. At least that is how I use them personally.” He could then walk the lowly civil servants who work in the DOJ Fraud Section and who have lower standards than the whiter-than-white bankers through how the real world of money laundering works, or at least the real world of multi-millionaires who, for some reason, want to protect their own privacy.

The real Gulliver could answer yet another rhetorical question that he posed, and was reported in the FT article, when he asked, “Can I know what every one of 257,000 people is doing? Clearly, I can’t. If you want to ask the question could it ever happen again – that is not reasonable.” The real Gulliver could then go on to respond to this rhetorical flourish along the lines of the following, But I can tell you what is reasonable, to ask me if I know what I am doing and how I am doing it. I am hiding money in my Swiss bank account through a shell Panamanian company. He might even add, How brilliant is that?

Since the fictional Gulliver lived and traveled over 300 years ago, he may be distantly related to the real Gulliver of HSBC today. Nevertheless for a bank CEO to have laundered his own money through a shell corporation into a Swiss bank account ‘for privacy’ is one of those convergences where truth surely is stranger than fiction.

TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Selfie-StickGreetings from Venice and a big thanks to Joe Oringel at Visual Risk IQ for allowing my to post his five tips on working with data analytics while I was on holiday in this most beautiful, haunting and romantic of cities. While my wife and I have come here several times, we somehow managed to arrive on the first weekend of Carnivale, without knowing when it began. On this first weekend, the crowds were not too bad and it was more of a local’s scene than the full all out tourist scene.

As usual, Venice provides several insights for the anti-corruption compliance practitioner, whether you harbor under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act, both, or some other such law. One of the first things I noticed in Venice was the large number of selfie-sticks and their use by (obviously) tourists. But the thing that struck me was the street vendors who previously sold all manner of knock-off and counterfeit purses, wallets and otherwise fake leather goods had now moved exclusively to market these selfie-sticks. Clearly these street vendors were responding to a market need and have moved quickly to fill this niche.

While the economics, inventory, bureaucracy, market-responsiveness of such businesses may be a bit more nimble than the more traditional US entity doing business overseas it does bring up a very good lesson for the compliance practitioner. A risk assessment is a tool for a variety of purposes. Certainly moving into a new geographic area is an important reason to perform a risk assessment. However, it can also be used for a new product offering, such as a selfie-stick. As stated in the FCPA Guidance, “As a company’s risk for FCPA violations increases, that business should consider increasing its compliance procedures, including due diligence and periodic internal audits. The degree of appropriate due diligence is fact-specific and should vary based on industry, country, size, and nature of the transaction, and the method and amount of third-party compensation. Factors to consider, for instance, include risks presented by: the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs. When assessing a company’s compliance program, DOJ and SEC take into account whether and to what degree a company analyzes and addresses the particular risks it faces.”

So what if your company comes to market with a new product or, in the case of the Venetian street merchants, move to sell a product for the first time even if the product is not exactly ‘new’. Obviously you will need to consider all government touch points that could bring you into potential violation under the FCPA. You should determine not only what licenses you will need but also how you will obtain them. Avon has come to over $500MM in FCPA grief by paying bribes to obtain licenses (and then doubling down by going full Watergate in its cover-up). Wal-Mart is alleged to have gotten into hot water in Mexico for paying bribes to obtain permits to do business in that country. So will your company obtain these licenses directly or use a third party to obtain them?

What about continued quality control of your new product? If you are in the food product industry this will mean continued inspections of your products to assure they meet government standards. Make sure that you have a hiring process in place to weed out the wives, sons or daughters of any food service inspectors. Of course, do not hire such inspectors for jobs directly either, especially if they do not have to show up or perform any duties to get paid by your company.

If you are not going to manufacture your selfie-stick equivalent in the country where these new products will be sold, how will you import them? Who will be interfacing with the foreign government on tax issues for importing of products? Will they be there permanently or on a temporary basis? All questions that have gotten US companies into FCPA trouble when they paid bribes to answer, assuage or grease some or all of the answers.

It turns out the compliance practitioner can learn quite a bit from the selfie-stick; not all of it is simple self-indulgence. Your compliance program must respond to your business initiatives. To do so, you also need to have a seat that the big boy table where such initiatives are discussed. But that is another lesson from Venice for a different day. Until then, ciao.TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015