Winslow AZAs I end my week’s exploration of the intersection of bribery and corruption in international sports, I have also ended a week of solid listening to The Eagles 1970s studio albums. In honor of Glenn Frey, I will also end this week with a final tribute to Frey and his work with this seminal band from the 70s. Today, it is a tribute to the first Eagles hit, Take It Easy. While Jackson Browne was the primary author of this song, Frey stepped in to finish it when Browne could not complete it. The Eagles also opened their first album, titled The Eagles, with this cut.

I cannot think of anyone born after about 1970 who does not instantly recognize the opening cords from Bernie Leadon’s lead guitar on this iconic song. If this song alone does not make you want to go to Winslow Arizona, well probably nothing will. In fact the song made the town so famous that the city of Winslow erected a life-size bronze statue and mural commemorating the song, at the Standin’ on the Corner Park. The statue stands near a lamp post, the male figure securing an acoustic guitar between his right hand and the shoe of his right foot. Above his head, a metal sign, crafted in the style of US Route shields, displays the words “Standin’ on the corner”.

As I have noted this week, the world of sports continues to provide ample lessons to be learned for the Chief Compliance Officer (CCO) or compliance practitioner. Although we no longer have the sad sack Astros to kick around, there are many other candidates out there you can draw inspiration from for your compliance regime. For today, I want recap some of these lessons.

Perhaps the clearest sign from the scandals reviewed this week and the ongoing Fédération Internationale de Football Association (FIFA) scandal is the role of regulators such as the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) in leading the international fight against bribery and corruption. Only the US had the wherewithal to bring the charges against FIFA. While the Swiss have tagged along, they certainly did not take anything like the lead in this matter. Further, the allegations of FIFA’s bribery was publicized in Britain as long ago as 2010 and the Serious Fraud Office (SFO) never brought charges against FIFA or its cronies.

The bottom line is that only the US government has the ability and, more importantly, the will to engage in such a worldwide investigation and coordinate the actions of numerous countries in providing assistance. Do you think the Swiss police would have been so involved if it was not for the US government lead in this investigation? From President Obama on down, the US government has made clear that it will lead the international fight against bribery and corruption. The FIFA indictments are yet one more indication that they will continue to do so.

From the International Association of Athletics Federations (IAAF) scandal there are certain aspects similar to FIFA but made even more invidious. Not only was a there a long entrenched self-serving and self-congratulatory cabal running the organization, but they even out did FIFA by allegedly extorting money from athletes who they expected of using performance enhancing drugs to suppress positive drug tests. These officials were allowed to not only run rampart but also engage in essentially self-government of themselves. Kind of like having the foxes guard the henhouse.

I think the lesson is the checks and balances required in any best practices compliance program that form the basis of compliance. While some of these checks and balances are in the form of multiple internal levels of oversight, such as a Compliance Committee, which might be made up of senior managers from various disciplines; another level is brought about by internal controls and the concept of the segregation of duties (SODs). No one person should be allowed have so much discretionary power that they can approve vendors, approve contracts; then approve invoices for payments on those same vendors and contracts they have previously approved.

In the corporate world this is fairly standard in the US but there continues to be Foreign Corrupt Practices Act (FCPA) enforcement actions, emanating from outside the US, where a Country or Regional Manager can make such multiple approvals. This is not only a recipe for disaster financially but also allows the creation of a pot of money to pay a bribe much easier. Internal controls also work towards having continuous oversight, if a technology solution is used it can facilitate both the prevent and detect prongs of a best practices compliance program.

The lesson for the US company which does not have a compliance program in place is that the basic forms of corporate governance are not only mandatory for a compliance and ethics regime but they are also the basics for any minimums of corporate governance in the 21st century. The level of any fraud, including bribery and corruption under the FCPA, can be low, yet the attendant costs can be far in excess of any fine or penalty. For FIFA and the IAAF, their cost will be played out in the international press and court of world public opinion for some time to come. For the former heads and senior members of those organizations, the cost may well be more pedestrian, with jail terms for felony criminal violations.

Finally, from the allegations around offers of bribes to throw matches in professional tennis is the clear lesson that employees that are offered bribes need to have an avenue to be able to report such conduct. For the CCO, it is important that employees have confidence and trust in the organization so they are willing to make such reports. To stop the scourge of bribery and corruption in any international sports group, the management must take the lead in communicating that such actions will not be tolerated and that anything less would result in expulsion and banishment. That is similar to any top management that must clearly set the expectation that it is more important for employees to follow the law than to make their quarterly numbers. For if management does not do so and communicates that making your quarterly numbers are more important, employees will find a way to make their quarterly numbers.

Moreover, it is important any company knows if a vendor, sales agent or any other party has offered or demanded a bribe to do business. Even if your employees tosses them out of the office on their collective ear, it is incumbent you be made aware of the demand/offer so you can bring it to the attention of the counter-party and take appropriate remedial action. Indeed, in many industries the number of agents or other representatives is small enough that they can be known. If there is a collective refusal to do business with such corrupt third parties, it can be a powerful driver of business behavior.

So I end this week with a fond farewell to Glenn Frey and I hope you are taking it easy about now. For a YouTube clip of The Eagles playing Take It Easy, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

2016Greetings from Venice where my wife and I are spending the next few days so this blog post is my first Travel Edition of 2016. Last week I wrote about my thoughts on some of the significant Foreign Corrupt Practices Act (FCPA) criminal and civil enforcement actions from 2015 and some of the larger corruption stories across the globe. Today I want to peer into the not-to-distant veiled future of 2016 to see where enforcement and compliance may be headed going forward.

Regarding FCPA enforcement first and foremost on everyone’s mind is Wal-Mart. There are currently two versions of the Wal-Mart FCPA investigation. The first was articulated by the Pulitzer Prize winning New York Times (NYT) and its 2012 stories about massive corruption in its Mexican subsidiary, all leading to the subsidiary contributing 20% profit to the company’s bottom line for over five years. The converse version was articulated by the Wall Street Journal (WSJ) in an article from 2015 that basically said there was little evidence of bribery by the company in Mexico, although the company’s internal investigation did turn up some instances of very small bribes being paid in India. At this point it is unclear which version, if either, is correct.

What is clear is that Wal-Mart has spent massively to upgrade its compliance function, with some reports that the costs are north of $600MM. Moreover, Wal-Mart has taken its rightful place as an industry leader in talking about not only compliance but also ethics as part of its overall business strategy going forward. For those who have claimed the Wal-Mart scandal has always been much ado about nothing, they seemingly miss this key point that it is the doing of compliance that leads to more robust compliance. It was only after the NYT broke its story that Wal-Mart brought its compliance program forward into the 21st Century through this massive spending. I somehow doubt the company would be the industry leader in compliance it is today, if the NYT had not broken its story. Whatever the final fine and penalty may be, the creation of a best in class compliance program may well be the final legacy of the Wal-Mart FCPA scandal.

The Yates Memo caused quite a stir when it was announced and in subsequent Department of Justice (DOJ) public commentary throughout the fall and winter. The parameters of its mechanics are still being worked out. However the commentaries have raised some serious questions about how it will all work out in practice. One school of thought says that companies will now rush to throw lower level employees under the bus as soon as possible to protect senior level employees. Another school says that the implication is to demean the importance of an effective compliance program because you do not even get to that issue until you have identified culpable individuals and turned over that information to the DOJ. Yet another school of thought suggests that the focus of internal investigations may change from a root cause analysis to determine what happened so that remedial actions could be brought to bear; to naming names first and foremost, with the issues of underlying cause and attendant remedy to make sure the conduct does not continue or happen again moved to the back burner.

The one thing I am confident of at this point is that the Yates Memo will put even more pressure on internal investigations. Companies which may have assigned investigations to internal functionaries, whether in-house lawyers or other investigators, may now have to go to outside counsel much sooner rather than later, if they want cooperation credit going forward. Coupled with the expansion of whistleblower protections and whistleblower complaints to Securities and Exchange Commission (SEC) and other regulators, a company must focus significant resources on putting together a robust investigation protocol and following it.

The announcement of the new DOJ Compliance Counsel was something that had been reported back in the summer. The position was filled by Hui Chen, an ex-DOJer and corporate compliance practitioner, who will evaluate compliance programs for companies under FCPA investigation. She will use articulated metrics to evaluate the state of a company’s compliance program, at the time the incident occurred. The difficulty for any company is that you are always measured at the time of disclosure and review, not the three to five years back when the incident arose so a company is held to a standard which did not exist at the time.

This means there will be even more pressure on Chief Compliance Officers (CCOs) and compliance practitioners to institute a best practices compliance program sooner rather than later. It also means that your program must evolve and you must be able to show evolution and change (i.e. Document, Document, and Document). Further one of the specific metrics is resources so any corporate claim that ‘we spent all we could’ will be very closely scrutinized and if your program does not meet minimum standards, securing any credit for having a compliance program in place will be very difficult to achieve.

I think the first British Deferred Prosecution Agreement (DPA) by the Serious Fraud Office (SFO) under the UK Bribery Act will help the SFO move forward in its enforcement of the world’s most robust anti-corruption law. Not only should the SFO be able to turn back the annual attacks on it and calls to weaken the law but companies clearly now see value in self-disclosure. It could well portend a greater and more aggressive prosecutorial stance by the SFO particularly if SFO Director David Green has his term extended in 2016.

Finally, I think the compliance function will move to become much more integrated into and a more important corporate discipline within every organization of significant size going forward into 2016 and beyond. The 30 day period beginning with the Yates Memo to the Schrems decision by the European Court of Justice invalidating the safe harbor provision for the transfer of certain data from Europe to the US, to the Volkswagen (VW) scandal all make clear the need for not only robust compliance functions but also the elevation of the CCO to the ranks of any Chief Executive Officer’s (CEO’s) key and most trusted advisor.

Donna Boehme and others led the fight make the structural move and to get the CCO function out of the shadow and realm of the General Counsel’s (GC’s) office and the legal department. This debate should be fully closed now after these portentous events. Simply put, the legal function in a corporation is designed to protect the company. The compliance function’s role, as laid out by Roy Snell, is to “prevent, find and fix problems.” Put another way, the role of legal is to tell the truth. The role of compliance is to tell the whole story. VW is never going to pull out of the spiral its is currently in by playing legal games with regulators, states attorneys general or John Q. Public by hiding behind the law. It is only through transparency that VW will regain its prominence. That is one of the reasons that I believe the Wal-Mart FCPA enforcement action is so significant. It demonstrates that as bad as the facts are, may be or were even reported, a company can make a comeback with all three groups by putting in place a robust compliance function.

It is this new importance on the compliance function, the CCO and compliance practitioners that I see as the biggest happening going forward into 2016.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

ZeitgeistHaving gone through the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcement year for the Foreign Corrupt Practices Act (FCPA), I would now like to turn to my Top Five compliance related events of this year. Clearly the quantity of the DOJ’s FCPA enforcement actions dropped in the past year, but that did not mean the quality of overall FCPA enforcement dropped. Indeed as I noted in my prior posts, there were several significant lessons for the compliance practitioner not only to learn but also to put in place in any corporate anti-corruption compliance regime.

Even with this paucity of enforcement actions, there were some significant events which occurred last year that I believe portend some of the greatest changes not only compliance but FCPA enforcement going forward.

The Yates Memo

In her speech announcing the new policy, Assistant Attorney General Sally Yates said the following, “we have revised our policy guidance to require that if a company wants any credit for cooperation, any credit at all, it must identify all individuals involved in the wrongdoing, regardless of their position, status or seniority in the company and provide all relevant facts about their misconduct. It’s all or nothing. No more picking and choosing what gets disclosed. No more partial credit for cooperation that doesn’t include information about individuals.” This statement ties directly into the first point of the Yates Memo, which states, “To be eligible for any cooperation credit, corporations must provide to the Department all relevant facts about the individuals involved in corporate misconduct.”

For the Chief Compliance Officer (CCO) or compliance practitioner, this means the entire focus of your investigative protocol must now change. Previously an investigation was to determine how conduct that might have violated the FCPA occurred and then focus on how to remedy it. The first step a CCO or compliance practitioner would take when sufficient evidence was developed would be to fix the problem so that it did not re-occur going forward. If there were compliance program or internal control weaknesses, they would be immediately fixed so that neither the original perpetrators could continue the conduct but also so others could not take advantage of any such structural weakness.

DOJ Compliance Counsel 

The hiring of Hui Chen marked a key change by the DOJ. Chen is a former DOJer who went into the corporate compliance world. She has great knowledge about cutting edge best practices compliance programs. Chen has publicly announced she will be looking at several factors not usually considered, when evaluating compliance programs for credit. These inquiries include, (1) the amount of resources dedicated to compliance; (2) how thoughtfully your compliance program was designed; (3) how well your compliance program is operationalized in your company; and (4) how well compliance communicates with all stakeholders in an organizations.

Stephen Martin, the Managing Director and founder of Baker & McKenzie’s compliance consulting practice, has said, “Historically, it has been difficult for compliance professionals to explain the “return on investment” in compliance programs to senior management and Board of Directors. Companies questioned whether DOJ and SEC really credited a pre-existing compliance program or enhancements done during an investigation and/or resolution… For companies, the “return on investment” is clear…the benefits of an effective compliance program far outweigh the costs of the program and help mitigate government enforcement and compliance related risks. For compliance professionals, the DOJ’s increasing focus provides the rationale for helping companies truly move to instituting and maintaining a practical, best practices compliance program that meets the rising expectations of the DOJ.”

First British DPA 

In late November, the UK Serious Fraud Office (SFO) announced its first Deferred Prosecution Agreement (DPA) entered into under the Bribery Act. It involved the British banking institution ICBC Standard Bank Plc. The bank was charged with failing to prevent the payment of a bribe obtain business from the government of Tanzania. This was a huge win for the SFO and perhaps a game changer in compliance for prosecutions under the UK Bribery Act.

SFO Director David Green said: “This landmark DPA will serve as a template for future agreements. The judgment from Lord Justice Leveson provides very helpful guidance to those advising corporates. It also endorses the SFO’s contention that the DPA in this case was in the interests of justice and its terms fair, reasonable and proportionate. I applaud Standard Bank for their frankness with the SFO and their prompt and early engagement with us.” Unlike in the US, the judiciary participated fully in this process. Also most interesting was a separate surcharge by the SFO for its “reasonable costs … in relation to the investigation and subsequent resolution of the DPA.” If this is a self-funding mechanism for the SFO, it is also a departure from enforcement actions under the FCPA. From where I sit, if you have a violation, it would certainly be better to get in line now, before the SFO comes knocking.

FIFA Corruption Scandal

In an era of increasing large and all-encompassing corruption scandals (2012 – Wal-Mart, 2013 – GSK, 2014 – Petrobras) Fédération Internationale de Football Association (FIFA) stands out as the world’s biggest sports scandal, touching literally every continent and almost every country on the planet. Yet only three US citizens have been criminally charged at this point and some Americans asked why they should care about corruption in international soccer.

The FIFA prosecutions were a creative use by the DOJ of the Racketeer Influenced and Corrupt Organizations (RICO) statute to fight an international scourge. Frankly only the DOJ has the wherewithal to take on the world’s largest sports organization, particularly one which thought itself above the law. While the US certainly did not bring the indictments against FIFA alone, it clearly was the leader in this effort to continue the fight against global corruption and bribery. For if America does not lead, others will not follow in this fight so Americans should care greatly that the DOJ is continuing to lead this fight with the laws available to it.

Moreover, corruption is a global scourge. It is a component of political instability and terrorism. The FIFA scandal shows how corruption, which may appear to be victimless and not appear to hurt anyone, can, does and has destroyed the fabric, if not the soul, of some of the world’s greatest institutions. As Americans we should all want to fight the scourge of corruption wherever it might appear and we certainly believe that there should be a level playing field for all who want to compete.

Volkswagen and the Zeitgeist of Compliance

The Volkswagen (VW) scandal may well become the world’s largest compliance scandal ever (at least until the next one). It was so large it damaged not only VW’s competitors but also the German national brand of quality and honesty. First, and foremost, is the VW emissions-testing scandal. Going from the most trusted car manufacture in the world to an organization that does not seem know not only its left hand from its right hand but even where either hand resides. This is much more than a death of a thousand cuts where information dribbles out on a daily basis. This is a company which cannot seem to make clear what cars, in what countries, or even what engines may be part of the scandal.

I have always been fascinated with the zeitgeist. In the world of anti-bribery and anti-corruption compliance one rarely has the chance to observe the zeitgeist in action. However we are now seeing it play out in Germany in a very public way. It all involves the Made in Germany brand. Ulrich Grillo, the president of the BDI, the German global industry association, was quoted in Financial Times (FT) when he urged companies to check their “management processes, including compliance and control systems.” He suggested the question to ask should be “Are we doing everything right?” This is where the zeitgeist comes in. When you have the President of a national industrial association saying compliance is the answer, the zeitgeist has arrived. You need to sit up and take notice.

In my next post, I will discuss what it all may mean going forward, with some predictions for 2016.

TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

7K0A0223Last Friday, the FCPA Professor reported:

“According to this Global Investigations Review article:

“According to two people familiar with the matter, the US Department of Justice (DoJ) has hired Hui Chen, Standard Chartered’s former head of anti-bribery and corruption compliance, as its new compliance counsel. […] Before joining Standard Chartered, Chen served as an assistant general counsel at US pharmaceutical company Pfizer between June 2010 and September 2013. In this position, she oversaw the drug-maker’s internal investigations in the Asia-Pacific region, and also led compliance reviews in Latin America, Europe and the Middle East. Chen previously worked for Microsoft for 13 years, serving first in the intellectual property litigation team and later as a compliance officer in China. During the 1990s, Chen worked as a DoJ trial lawyer in Washington, DC, and as an assistant US attorney in Brooklyn.”

I recognize it is better to cite to the original source but as Global Investigations Review is a subscription only service, I could not view the full article, so you will have to make do with a secondary cite. Of course, if you cannot trust the FCPA Professor to report something correctly, whom can you trust?

There was much ink spilled earlier this summer about the efficacy of such a position; with a spectrum ranging from substantive, that the Department of Justice (DOJ) attorneys who do not need someone to instruct them on what a best practices compliance program is to the procedural that the compliance counsel position is not a government employee but only a contractor. However, I think those criticisms and the others leveled miss the point of the effect of the creation of this position on the compliance discipline in the corporate environment.

The creation of this position portends that the DOJ will be looking more closely at Foreign Corrupt Practices Act (FCPA) anti-corruption compliance programs to see if they meet the minimum standards or are closer to best practices. This requires companies to actually do compliance and not simply put a paper program in place and say they have an effective compliance program.

I asked Stephen Martin, the Managing Director and founder of Baker & McKenzie’s compliance consulting practice and someone who helps companies proactively enhance corporate compliance programs what he thinks the creation of this new DOJ compliance consultant position. Martin is one of the few experts out there that has a similar background to Hui Chen, having been a former federal prosecutor in Washington and in-house counsel/compliance officer helping WorldCom, Qwest and Adelphia wade through and recover from significant compliance failures and major government investigations.

“Historically, it has been difficult for compliance professionals to explain the “return on investment” in compliance programs to senior management and Board of Directors. Companies questioned whether DOJ and SEC really credited a pre-existing compliance program or enhancements done during an investigation and/or resolution. The DOJ and SEC listened to the compliance community and publicly released the rationale in the Morgan Stanley declination as resulting from the effectiveness of Morgan Stanley’s compliance program.

Now, the DOJ is furthering its focus on the importance of compliance by clearly signaling how intently DOJ will be evaluating compliance programs in charging decisions, resolutions and monitorships. By retaining a compliance consultant with previous DOJ and in-house compliance experience, DOJ is sending a strong message to senior management and Boards of Directors that it is now critical that companies have a robust, effective and sophisticated compliance program covering both FCPA and non-FCPA risk areas.

For DOJ, this is a great step forward in being able to actually understand compliance programs and how they operate in the real world, in difficult environments when investigating and resolving matters. For companies, the “return on investment” is clear…the benefits of an effective compliance program far outweigh the costs of the program and help mitigate government enforcement and compliance related risks. For compliance professionals, the DOJ’s increasing focus provides the rationale for helping companies truly move to instituting and maintaining a practical, best practices compliance program that meets the rising expectations of the DOJ.”

As Martin makes clear, having a robust demonstrable program in place is now even more critical. The foundational elements of a best practices compliance program are well known and available to anyone looking. Of course, I would say one of the best place to start is my book Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program which is based on the 10 Hallmarks of an Effective Compliance Program, as laid out in the FCPA Guidance. But you can use other formulations such as Martin’s Five Elements of an Effective Compliance Program, the OECD 13 Good Practices or even the UK Six Principles of Adequate Procedures as the basis for your compliance program.

Whichever formulation you use, the steps are straightforward. Top management must commit to having an effective compliance program and that commitment must be transmitted down throughout the organization. You need to assess the risks to your organization around anti-corruption and to manage those risks accordingly. The specifics of the compliance expectations must be set out in a policy and sufficient procedures must be implemented to all the policies to be followed. There must be a compliance function, with sufficient resources, authority and visibility within your company to lead this area, with appropriate board oversight. You must provide training on not only the company’s expectations around compliance, but also how to do compliance. There must be sufficient incentives in place, around hiring and promotion. There must be a mechanism for reporting of violations and then an appropriate response, through investigations and reporting of any violations of your compliance program. Additionally resources need to be placed around the management of compliance risks involving third parties and mergers and acquisitions (M&A). A company must have a mechanism to keep abreast of and then implement appropriate technological and business improvements as well as any legal or business related changes in anti-corruption compliance. Finally, all of the above must be thoroughly documented.

This new compliance counsel position at the DOJ makes implementing and documenting the above steps all the more important. But it also gives companies a greater chance to avoid potential FCPA liability through a DOJ Declination to Prosecute if they can demonstrate they have an effective compliance program. With the announcement last week of the Yates Memo and the increased focus on corporate internal investigations to identify senior executives for prosecution, it is now even more important that companies have a robust compliance program in place. As Mike Volkov often says, the DOJ clearly communicates the direction they are heading. The message could not be clearer.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

great pyramid of giza

I continue my Great Structures Week with a focus on great structures from the earliest times, ancient Egypt and Greece. I am drawing these posts from The Teaching Company course, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. From Egypt there are of course the Pyramids, of which Ressler says, “They’re important, not just because they’re great structures, but also because they represent some of the earliest human achievements that can legitimately be called engineering. The Great Pyramid of Giza stands today as a testament to the strength and durability of Egyptian structural engineering skills.”

From Greece we derive what Vitruvius called the “Empirical Rules for Temple Design” which define a “single dimensional module equal to the radius of a column in the temple portico, then specify all other dimensions of the building in terms of that module.” These rules are best seen in Greek temples, largely consisting of columns, which are defined as “a structural element that carries load primarily in compression” and beams, which are “structural elements subject to transverse loading and carry load in bending.” My favorite example of the use of columns is seen in the Parthenon; the most famous of all Greek temples still standing.

In many ways these two very different structures stand as the basis of all structural engineering and Great Structures that come later throughout history. For any anti-corruption compliance regime based on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery statutes, the same is true for a Code of Conduct and written policies and procedures. They are both the building blocks of everything that comes thereafter.

In an article in the Society for Corporate Compliance and Ethics (SCCE) Complete Compliance and Ethics Manual, 2nd Ed., entitled “Essential Elements of an Effective Ethics and Compliance Program”, authors Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, state that your company’s Code of Conduct “should demonstrate a complete ethical attitude and your organization’s “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” Your Code of Conduct must be aimed at all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.” This would also include all “management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.”Parethnon

There are several purposes identified by the authors that should be communicated in your Code of Conduct. Of course the overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating what is required of them, to provide a process for proper decision-making and then to require that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. To that end, I suggest that your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

The written policies and procedures required for a best practices compliance program are well known and long established. As stated in the FCPA Guidance, “Among the risks that a company may need to address include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company and Procedures are the documents that implement these standards of conduct.

Another way to think of policies, procedures and controls was stated by Aaron Murphy, now a partner at Foley & Lardner, in his book “Foreign Corrupt Practices Act”, when he said that you should think of all three as “an interrelated set of compliance mechanisms.” Murphy went on to say that, “Internal controls are policies, procedures, monitoring and training that are designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Borrowing from an article in the Houston Business Journal (HBJ) by John Allen, entitled “Company policies are source and structure of stability”, I found some interesting and important insights into the role of policies in any anti-corruption compliance program. Allen says that the role of policies is “to protect companies, their employees and consumers, and despite an occasional opposite outcome, that is typically what they do. A company’s policies provide a basic set of guidelines for their employees to follow. They can include general dos and don’ts or more specific safety procedures, work process flows, communication guidelines or dress codes. By establishing what is and isn’t acceptable workplace behavior, a company helps mitigate the risks posed by employees who, if left unchecked, might behave badly or make foolhardy decisions.”

Allen notes that policies “are not a surefire guarantee that things won’t go wrong, they are the first line of defense if things do.” The effective implementation and enforcement of policies demonstrate to regulators and the government that a “company is operating professionally and proactively for the benefit of its stakeholders, its employees and the community it serves.” If it is a company subject to the FCPA, by definition it is an international company so that can be quite a wide community.

Allen believes that there are five key elements to any “well-constructed policy”. They are:

  • identify to whom the policy applies;
  • establish the objective of the policy;
  • explain why the policy is necessary;
  • outline examples of acceptable and unacceptable behavior under the policy; and
  • warn of the consequences if an employee fails to comply with the policy.

Allen notes that for polices to be effective there must be communication. He believes that training is only one type of communication. I think that this is a key element for compliance practitioners because if you have a 30,000+ worldwide work force, the logistics alone of such training can appear daunting. Consider gathering small groups of employees, where detailed questions about policies can be raised and discussed, as a powerful teaching tool. Allen even suggests posting Frequently Asked Questions (FAQ’s) in common areas as another technique. And do not forget that one of the reasons Morgan Stanley received a declination to prosecute by the Department of Justice (DOJ) was that it sent out bi-monthly compliance reminder emails to its employee Garth Peterson for the seven years he was employed by the company.

The FCPA Guidance ends its section on policies with the following, “Regardless of the specific policies and procedures implemented, these standards should apply to personnel at all levels of the company.” Allen puts a bit differently in that “it is important that policies are applied fairly and consistently across the organization.” He notes that the issue can be that “If policies are applied inconsistently, there is a greater chance that an employee dismissed for breaching a policy could successfully claim he or she was unfairly terminated.” This last point cannot be over-emphasized. If an employee is going to be terminated for fudging their expense accounts in Brazil, you had best make sure that same conduct lands your top producer in the US with the same quality of discipline.

For a review of what goes into the base structures of a best practices compliance program, I would suggest you check my book Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week. You can review the book and obtain a copy by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015