After last week’s guest announcers, Jay and I return for a wide-ranging discussion on some of the week’s top compliance related stories, including:

  1. The first Declination of the Session’s Justice Department, Linde gas.
  2. The son of Equatorial Guinea’s president went on trial this week in France for embezzlement of funds from the country.
  3. The UK SFO charges four former senior executives at Barclays Bank criminally around funding issues in the 2008 financial crisis.
  4. Embattled Uber CEO Travis Kalanick resigns under pressure. Will there be a backlash, who will run the company?
  5. Compliance in the 21stcentury, welcome to ComTech.
  6. Hui Chen departs the Justice Department with a flurry of tweets.
  7. Jay previews his weekend report.
  8. We preview the upcoming episode of Everything Compliance which is in production and will be released next Thursday. Topics include Matt Kelly on Uber and the need for policies and procedures, Jonathan Armstrong on fake news around GDPR, Mike Volkov on blockchain and how it may change compliance, and Jay Rosen, Linde notwithstanding, on the dearth of recent DOJ FCPA activity. For a sneak peak, listen to Matt Kelly’s rant at the end of this podcast.



Ed. Note-Today we have a guest post from Luciana Silveira, who is a Ph.D. Candidate at the Catholic University of São Paulo, Brazil. This past semester, she was a Fulbright Visiting Researcher at American University, Washington College of Law.

In the early 70’s the Lockheed corruption scandals came into light. Millions of dollars had been paid by the US aircraft corporation to public officials to guarantee contracts for military aircraft in Germany, Italy, Japan, Netherlands, and Saudi Arabia. These investigations, together with the Watergate scandal that uncovered slush funds in several US corporations and millions of dollars paid as bribe overseas, lead to the passage of the Foreign Corrupt Practice Act (FCPA) in 1977.

At first, some US companies thought they had a competitive disadvantage because the US was the only country that outlawed and prosecuted foreign bribery. Others, however, appreciated the FCPA because it gave them a shield against solicitations for bribery in foreign markets. Although the US was the first country to criminalize foreign bribery, this initiative was followed by an international movement that resulted in treaties such as the OECD Anti-Bribery Convention and the UN Convention against Corruption, as well as the adoption of similar anticorruption legislations such as the UK Bribery Act and the Brazilian Clean Company Act.

The precise impact of the FCPA to US business abroad is very hard to determine. Many scholars have attempted to isolate the effect of the FCPA to trade and FDI flows, but the results are yet a lot more suggestive rather than conclusive. One undisputable effect of the FCPA, though, was the promotion of a compliance business culture. Based on a stick and carrot approach, the FCPA provides for mitigating factors when a company that holds an effective compliance program is investigated for illicit payment overseas. More recently, the DOJ Pilot Program (2016) brought substantial guidelines on this matter, and so did the sample topics and questions put it together by the DOJ Compliance Expert on the “Evaluation of Corporate Compliance Programs” (2017).

Shortly after the passage of the FCPA, a study developed by the Department of Commerce (1980) showed that US corporations doing business abroad viewed the uncertainty and the lack of clear guidelines in the Act as a barrier to their activities. The General Accounting Office (1981) also developed a study with 250 of the largest US corporations, and noted that 75% of the respondents had implemented internal measures to comply with the FCPA, almost half of them reported an increase in costs averaging from 11% to 35%, and 56.4% of the companies argued that the costs exceeded the benefits. Later on, Prasad (1993) surveyed and interviewed 336 companies out of which 150 reported the FCPA as an “important” or “highly important” factor that affects business abroad.

The survey-based reports developed by Control Risks (2002, 2006 and 2015) also provide interesting pieces of information regarding the US compliance culture. The first report showed that 76% of the US companies surveyed thought the FCPA helped them resist corruption abroad, and this number rose to 80% in 2006. In 2015, 54% of the US companies surveyed indicated that tough anticorruption laws such as the FCPA make it easier to operate in high-risk markets. Also, 42% of the US companies survey in 2002 decided not to go forward with a foreign investment due to the host country corruption risk, and this number decrease to 38% in 2006 and 29% in 2015. Although the figures are still high, Control Risks attributed this trend to companied acquiring more experience and getting better at factoring corruption risks into their strategic plans. In other words, some US companies are turning their compliance programs and internal control measures into a strategic advantage.

As a legislation that criminalizes foreign bribery, the scope of the FCPA’s enforcement is very much focused on international trade transactions. The Fulbright research I am developing focus on better understanding the interaction of these two area, and it will use the US experience as reference to the potential impacts of the Clean Company Act, a similar anticorruption legislation that came into force in Brazil in January 2014. To complement a quantitative analysis regarding merchandise trade flows, I am using a 15-questions survey, available at to developed to measure personal opinion of corporate employees of how the FCPA impacted their corporations’ business abroad. It is confidential, there is no question that requires strategic corporate data, and it will hopefully provide the compliance community with more specific and updated answers regarding the impact of the FCPA. Participation from all corporate employees is welcome and encouraged.

On the verge of completing 40 years, the FCPA has gone through important amendments that helped clarifying the statute, and FCPA enforcement actions rose significantly since the early 2000s. Moreover, decisions concerning corporate liability became even more elaborated in light of the mitigating factors of an effective compliance program. The FCPA certainly changed the US business culture and this can be a great example to other countries.

Luciana Silveira is a Ph.D. Candidate at the Catholic University of São Paulo, Brazil. This past semester, she was a Fulbright Visiting Researcher at American University, Washington College of Law. Luciana can be reached at and connected with on Linkedin at


I urge you to assist Luciana in her academic work and this is your chance as a compliance professional to make a real difference in a country which is bringing compliance and ethics to the business community. Please go Luciana’s site and complete the short survey. Once again the link is

On a completely different note, to the anonymous fan who sent me the “World’s Best Blogger” mug, pictured to the left, many thanks. It is great to be so recognized by my peers.

In this episode, James Koukios, a partner at Morrison & Foerster returns to discuss the firm’s newsletter Top Ten International Anti-Corruption Developments for April 2017. In this episode we highlight the three following matters for discussion and what lessons can be garnered from them.  

World Bank Veteran to Change Positions.The World Bank announced that Pascale Helene Dubois would become the new head of the World Bank Group’s Integrity Vice Presidency, known as INT. The INT is an independent unit within the World Bank Group that investigates and pursues sanctions related to allegations of fraud and corruption in World Bank Group‑financed projects. Dubois is well known in the anti-corruption community and has long been a thought leader in this space. In her current post, she has worked to increase transparency and due process at the World Bank generally and in the Office of Suspension and Debarment specifically. Koukios relates how Dubois’s work and that of INT has helped foster greater cooperation between the World Bank and law enforcement agencies around the world.

Engineering Firm and Its Executive Debarred by World Bank for Bribery in Southeast Asia.

In April the World Bank Group announced the debarment of Denmark-based Consia Consultants ApS and its managing director. According to the World Bank, INT’s investigation revealed evidence that the company made payments to officials to influence contract awards in connection with the World Bank-financed Strategic Road Infrastructure Project in Indonesia. The World Bank stated that the company further failed to disclose its agreement and commissions paid to its agent in connection with the project and misrepresented the availability of key staff it has claimed would be assisting with the execution of its technical assistance contract under the project. The World Bank also said it found evidence that the company made corrupt payments in Vietnam in connection with the Hanoi Urban Transport Development Project, in addition to fraudulent misconduct relating to the Second Northern Mountain Poverty Reduction Project. The World Bank debarred the company for 14 years and its managing director for 3.5 years.

Former Diplomat Pleads Guilty to FCPA Charges in United Nations Bribery Case, While Judge Denies Motion to Dismiss FCPA Charges against Another Defendant.

On April 28, 2017, Francis Lorenzo, a former deputy ambassador from the Dominican Republic, pleaded guilty in the Southern District of New York to conspiring to violate the FCPA and to pay and receive bribes and gratuities in a bribery scheme allegedly involving Ng Lap Seng, a Chinese national and real estate developer accused of bribing former U.N. General Assembly President John Ashe. Lorenzo pleaded guilty to related charges in 2016 and is expected to testify against Seng at trial, currently set to begin May 30, 2017. Two days before Lorenzo’s guilty plea, on April 26, 2017, Southern District of New York Judge Vernon S. Broderick denied Seng’s motion to dismiss FCPA and related charges against him, finding that the superseding indictment sufficiently presented the essential facts underlying the charges and that the prosecution had made sufficient disclosures concerning the nature of the charged offenses by other means, including through the various complaints filed in the case, extensive discovery, agent affidavits, and a written response to Seng’s letter request for a bill of particulars.

To read a full copy of the firm’s newsletter, click here.

This week, as their tribute to their Dad, we are guest hosted by Jay’s daughters, Millie and Michela. They lead us through a wide-ranging discussion on some of the week’s top compliance related stories, including:

  1. The Covington and Burling report on corporate culture at Uber. For what it means to the compliance practitioner, see Tom’s piece in the FCPA Compliance & Ethics Blog. For another view on the car crash of corporate governance at Uber, see Matt Kelly’s piece in Radical Compliance. Finally for an article the on investor who took on both Uber and Silicon Valley for similar issues, see this article on NPR.
  2. Swiss banker, Jorge Luis Arzuaga pleads guilty to laundering money for FIFA officials. See article by Dick Cassin in the FCPA Blog.
  3. DOJ files civil forfeiture complaints Thursday against an additional $540 million in assets allegedly bought with money looted from a Malaysian sovereign wealth fund, 1MDB. See article in the WSJ by clicking here.
  4. Adnan Khashoggi, the Saudi arms dealer in the middle of the giant 1970s bribery scandal that led to enactment of the FCPA died this past week. See article by Dick Cassin in the FCPA Blog.
  5. CCOs still struggle with outdated technology, siloed data. See article by Aarti Maharaja in the FCPA Blog. See Ethisphere-Convercent Report, by clicking here.
  6. Brazilian prosecutor-turned-lawyer under ethics investigation following J&F settlement. See article by Michael Griffiths in GIR by clicking here (sub req’d)
  7. Jay previews his weekend report.
  8. Tom continues to talk about the release of his new book 2016 – The Year in Corporate FCPA Enforcement. For more information and to purchase, click here.
  9. Happy Father’s Day to all you dads out there.

I continue my blog post series on the Holder Report (Report) to the Board of Directors of Uber Technology, Inc. (Uber) where the Board asked Holder’s law firm, Covington & Burling LLP (Covington), to evaluate three issues: (1) Uber’s workplace environment as it related to the allegations of discrimination, harassment, and retaliation; (2) whether the company’s policies and practices were sufficient to prevent and properly address discrimination, harassment, and retaliation in the workplace; and (3) what steps the company could take to ensure that its commitment to a diverse and inclusive workplace was reflected not only in the company’s policies but made real in the experiences of each of Uber’s employees.

As usual, once I start considering a subject I get carried away in writing about it so what I thought would be a two-part series has morphed into something longer. Where it will end, I am not sure. Yesterday, I considered the corporate governance suggestions, Board Ethics committee proposal and the recommendations to tie some portion of executive compensation to ethics and compliance. Today, I want to look at the internal controls aspect of the Report.

According to the International Federation of Accountants, “Proper risk management and internal control help organizations understand the risks they are exposed to, put controls in place to counter threats, and effectively pursue their objectives. They are therefore an important aspect of an organization’s governance, management, and operations.” Internal controls not only help companies recognize the risk they face but also work to protect against that risk. The Report listed several different areas of risk at Uber where internal controls could help in both areas.

At the Board

The Report noted the Uber Board “should take steps to enhance the size, role, and independence of the Audit Committee” believing the Audit Committee could be enhanced through expansion to include more independent directors and a clear articulation of the oversight role that the Audit Committee is intended to play. Some of the key “potential roles that the Audit Committee could play is to have a direct reporting line from Uber’s Compliance organization, an appointed ombudsman, and/or Uber’s internal auditor.” Most interestingly, the reason for “this structure would be to ensure that the person(s) playing those roles will have the ability to bring significant compliance or harassment issues to the attention of the Audit Committee without having to go through management or the CEO.” It ended with the notation that the Audit Committee should be empowered to oversee the final resolution, including commissioning a full investigation, if warranted.

This paragraph is fairly remarkable when you consider this final recommendation, basically that employees must be protected from both senior management, up to and including the Chief Executive Officer (CEO). It also specifies reporting lines from compliance and internal audit up to the Board. While you might not recognize reporting lines as an internal control, such are clearly contemplated in the COSO 2013 Internal Control Framework Update. Under the first objective, Control Environment; Principle 3 – Structures, reporting lines, authority and responsibility, a company must consider all of the structures throughout an organization and then move to define the appropriate roles of compliance responsibility. This Principle also requires establishment of the appropriate authority within the compliance function. Here your auditors must be able to assess whether compliance responsibilities are appropriately assigned to establish accountability.

Policies and Procedures

As dull and mundane as policies and procedures may seem, in reality, they form the backbone of a culture of compliance. The Report makes clear “Uber should take steps to enhance its internal controls with respect to policy compliance.” With yesterday’s notation that illegal drug use and excessive alcohol consumption during working hours it is probably no surprise that the company had similar problems during company-sponsored travel. The Report stated, “In particular, Uber should review its policies and procedures with respect to travel and expense reimbursements and enhance such policies to ensure that items that are inconsistent with Uber policies and procedures are not reimbursable and not reimbursed, and that proper controls are put in place to ensure compliance.” Rather amazingly the level of control detail went down “into the weeds” to expense reimbursement, stating “these procedures should require that Uber personnel at every level of the organization submit receipts as a condition to receiving reimbursement.” One might reasonably wonder how any auditor would approve reimbursement of business expenses where receipts were not provided.

Finally, the Report recommended training, stating “Uber should provide training to senior management and other employees regarding these new policies and procedures.” Training and communications more generally are always listed as a component in any best practices compliance program. Yet here it is listed as an internal control. The effect is not only to put employees on notice of the enhancements but also to set the standard which must be followed.

HR Internal Controls

One thing the past year in the Foreign Corrupt Practices Act (FCPA) enforcements has taught the compliance profession is the need for internal controls around the Human Resources (HR) function. The JPMorgan Chase and Qualcomm FCPA enforcement actions were replete with non-existent HR internal controls, failures of HR internal controls and over-ride of HR internal controls by non-HR executives. While the Report did have some recommendations around hiring controls, it focused on keeping track of the employment agreements the company had with its employees, stating “All settlement and separation agreements with employees should be logged and tracked to ensure proper record-keeping, compliance with the agreements, and consistency in terms.”

The Report was even more damning around the company’s HR function in its core function of preventing discrimination and harassment. It was clear from the blog post by Susan Fowler back in February, which led to the retention of Covington, that the Uber HR function acted as department to protect those alleged to have engaged in discrimination and harassment. So not only did the Report posit better tracking of complaints but also personnel records and employee data. One can only imagine what type of slipshod HR function existed at Uber where the company must be told to keep better track of personnel records. The Report had the following (almost chilling) recommendation that “Uber should also emphasize the importance of record-keeping to all Human Resources staff, and impose consequences for failure to adhere to record-keeping requirements.”

How bad was the environment for discrimination and harassment? This section of the Report gives a hint when it noted HR internal controls should “easily identify whether prior complaints have been lodged to ensure that appropriate action is taken with respect to repeat offenders. Likewise, organizations or managers give rise to multiple complaints such that intervention with the manager is needed.”

The lack of and failure around internal controls at Uber tells quite a sordid tale. Yet the Report makes clear the importance of internal controls in turning things around for the company. For the compliance practitioner, the Report is a useful way to consider the internal control regime in your company and how it can work to operationalize compliance in your business.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017