In honor of the Thanksgiving Holidays which will be soon upon, this week we have a bit of a compliance smorgasbord of topics. I was recently in London and had the opportunity to sit down to be  interviewed by Jonathan Armstrong, a partner at Cordery Compliance.

We considered when disruptive companies, such as Uber, Lyft and other should institute a compliance program, even during its start up phase. We explored whether the simple fact a company is disruptive make compliance antithetical to its business approach. We both believe that disruptives and start-ups need to institutionalize compliance sooner rather than later.

We then consider the disruptions of political events such as the ongoing antics of the Trump Administration and continued non-negotiations in the Brexit miasma. We discuss where might compliance be going in the future. We conclude with a discussion of the internationalization of anti-corruption investigations and enforcement and why compliance is the key to wading through the minefield of multiple jurisdictions and regulators. It is a veritable smorgasbord of compliance topics for you to enjoy this Thanksgiving Week and into the holidays going forward.

Join me for the Doing Compliance Master Class in NYC on November 28 & 29. Registration and information here.

 

Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories of the week, in our special holiday edition.

  1. The DOJ/SEC FCPA Guidance turned 5 years old this week. For the compliance practitioner, it is the seminal document on how to do compliance. See Tom’s article in the FCPA Compliance Report.
  2. Wal-Mart reserves $283MM to settle its outstanding FCPA matter. See article by Dick Cassin in the FCPA Blog. Henry Cutter reports in the WSJ Risk and Compliance Journal.
  3. Tom Fox and Matt Kelly explore the intersection of shareholder activism and the structure of a compliance program. See Matt’s blog posts on Radical Compliance Part I and Part II. See Tom’s blog post here. Finally Tom and Matt took a deep dive into the issue in Episode 60 of Compliance into the Weeds.
  4. The FIFA trial is ongoing in NYC. It has featured anonymous jurors, threat against witness and claims that Fox Sports paid bribes. See stories in the WSJ Risk and Compliance Report, The Daily Mail, and Reuters.
  5. Mike Volkov has a four-part series on putting ethics back into corporate culture. Part I; Part II; Part III and Part IV.
  6. Tom visited with Marc Havener and Bryan Belknap about using movie clips to expand your compliance training classroom. See Tom’s blog post here.
  7. Will there ever be another corruption conviction of a politician in the US? Sam Rubenfeld explores this question in light of the hung jury in the Menedez mistrial in WSJ Risk and Compliance Journal.
  8. SEC report indicates hundreds of millions in whistleblower bounty awards coming. See article in National Law Review.
  9. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In November, I consider how a 360-degree view of communications can enhance your compliance program. This month’s sponsor is the Dun & Bradstreet. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. The Everything Compliance gang put together an eBook of their reflections from the recent SCCE 2017 Compliance and Ethics Institute. It is available for download free on JDSupra. It is also available on the Affiliated Monitors site by clicking here.

The joint Department of Justice (DOJ) and Securities and Exchange Commission (SEC) 2012 FCPA Guidance came out five years ago this month. As a commentator focusing on the doing of compliance, we should pause to once again thank the government regulators and prosecutors who had a part in drafting this most remarkable of documents. I submit it is the best government generated source regarding what constituted at the time (and probably still does) a best practices compliance program. For anyone interested in exploring the lessons learned about Foreign Corrupt Practices Act (FCPA) compliance programs and what the government expects to see, the 2012 FCPA Guidance is the best document you can start with.

As a ‘Nuts and Bolts’ guy I found the DOJ/SEC formulation of their thoughts on what might constitute a best practices compliance program, denominated the “Ten Hallmarks of an Effective Compliance Program”, as the most useful part of the FCPA Guidance. While the Guidance cautions that there is no “one-size-fits-all” compliance program, it recognizes a variety of factors such as size, type of business, industry and risk profile a company should determine for its own needs regarding a FCPA compliance program. But the Guidance made clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

  1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states, “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
  2. Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. Importantly, the Guidance made clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model.
  3. Oversight, Autonomy, and Resources. This section begins with a discussion on the assignment of a senior level executive to oversee and implement a company’s compliance program. Equally importantly, the compliance function must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Finally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall, the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
  4. Risk Assessment. The Guidance states, “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.” The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.”
  5. Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high-risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
  6. Incentives and Disciplinary Measures. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.”
  7. Third-Party Due Diligence and Payments. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
  8. Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
  9. Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
  1. Mergers and Acquisitions.Pre-Acquisition Due Diligence and Post-Acquisition Integration.Here the DOJ and SEC spelled out their expectations in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information was not something on which most companies had previously focused. A company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

What is the significance of these Ten Hallmarks today? Earlier this year, the DOJ released the Evaluation of Corporate Compliance Programs (Evaluation), based on these Ten Hallmarks. In April 2016, they released the FCPA Pilot Program, through which it further refined and clarified many of the specific Hallmarks from the 2012 FCPA Guidance. Indeed, in every speech since the release of the 2012 FCPA Guidance, where the DOJ has discussed its views on compliance best practices, it is always in reference to the 10 Hallmarks of an Effective Compliance Program.

While others have leveled a variety of criticism about the 2012 FCPA Guidance, they miss the essential point that for the compliance practitioner, it is an excellent resource about operationalizing compliance by putting into the business process of your organization. Here’s to the Guidance at the ripe of age of 5. Thanks for coming into all of our (compliance) lives.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

 

Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories of the week, including:

  1. Justice Department announces 4 guilty pleas and one indictment as follow on prosecutions from the Rolls Royce corruption case. See Tom’s article in the FCPA Compliance Report. See Sam Rubenfeld’s article in WSJ Risk and Compliance Report.
  2. Dick Cassin asks if the SEC is targeting foreign companies for FCPA enforcement. See article by Dick Cassin in the FCPA Blog.
  3. Hui Chen suggests there should be more FCPA enforcement of US domestic companies, reviews monitorships and the FCPA Pilot Program. Henry Cutter interviews Chen in the WSJ Risk and Compliance Report.
  4. Saudi Arabia has a corruption crackdown. What does it mean for the compliance practitioner? See Tom’s article in FCPA Compliance Report.
  5. What happens if your General Counsel is also your CCO? Joe Murphy explores this conundrum in the SCCE Blog.
  6. What will become of the DOJ’s Evaluation of Corporate Compliance Programs? Matt Kelly explores in Radical Compliance.
  7. What do the Paradise Papers mean for the compliance practitioner. Sam Rubenfeld considers in the WSJ Risk and Compliance Journal.
  8. Mike Volkov has a two-part series on the intersection of COSO and compliance. Part I on the framework; Part II on using the framework to break down siloes.
  9. AML concerns. Adam Davidson returns to the Compliance Report-International Edition podcast to explain the intersection of money-laundering and the Trump business empire. DAG Rod Rosenstein discusses the intersection of FCPA, AML prosecutions and international investigations in a speech to Clearing House 2017 Annual Conference.
  10. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In November, I consider how a 360-degree view of communications can enhance your compliance program. This month’s sponsor is the Dun & Bradstreet. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  11. FCPA Master Class Training in NYC on November 28 & 29. For information and registration, go here.

Acting Assistant Attorney General Ken Blanco spoke yesterday at FCPA/OECD Anniversary Conference at the NYU School of Law. His remarks made clear not only the importance of enforcement of laws against bribery and corruption but also internationalization of this fight, led by the efforts of the Organization for Economic Cooperation and Development (OECD) and the US government. His remarks, taken together with a speech the previous day by Rod Rosenstein, should make clear to all that no matter how wayward Donald Trump’s misconceptions of the Foreign Corrupt Practices Act (FCPA) might be, the professionals in the US government understand it is in the interest of the United States to continue to not only be a part of this fight but to lead it as well.

The event was held around the 40th birthday of the FCPA and 20th anniversary of the OECD Anti-Bribery Convention. Both acts have become tied together for it was the US that led the initial fight against bribery and corruption by passing the FCPA in 1977 and the US once again facilitated the passage of the Anti-Bribery Convention. Now there are some forty-three nations which are signatories to the Anti-Bribery Convention. Each signatory country has passed laws that criminalize the bribery of foreign officials. Through these “international norms created by the Convention, many other countries have passed similar legislation and more are in the process of doing so. This international approach has dramatically advanced our collective efforts to uncover, punish and deter foreign corruption.”

Blanco and the Department of Justice (DOJ) have increasingly recognized that bribery and corruption are not simply a business issue and the fight has expanded far beyond the place it began when the FCPA was passed in 1977. He stated, “Bribery threatens national security, good governance, sustainable growth and development, and democratic processes. It undermines the rule of law and breeds distrust and instability. It facilitates organized crime and empowers authoritarian rulers and can destabilize entire regions. It corrodes public trust in countries rich and poor, inflicting particular harm on emerging economies. Corruption punishes honest and ethical companies, unfairly and unjustly rewarding those companies willing to break the rules to get ahead, hurting our economy, businesses, investors, the ability of people to advance in life, harming society as a whole.”

American businesses have come to understand that the FCPA protects them as a class from not only unfair competition but also unscrupulous foreign officials or similarly challenged state-owned enterprises. One need only recall Secretary of State Rex Tillerson schooling Trump that Exxon did not engage in bribery and corruption to obtain lease concessions to see what a powerful tool the US had become for US businesses.

Yet the Anti-Bribery Convention also recognizes the power of such anti-corruption laws. Blanco noted, “The commitment of the signatories to the Convention is grounded in the recognition of these harms and a collective desire to stand firm against them, united in our efforts. But what makes the OECD Convention so unique, and so effective, is that it not only requires its signatories to affirm their commitment to fighting transnational corruption, or even that they pass laws to do so, but it also encourages cooperation and a collaborative approach. Each of the signatories to the Convention has agreed to abide by strong provisions for mutual assistance, peer evaluation, and systematic monitoring. In particular, the comprehensive peer review process motivates countries to ensure the highest level of compliance with the Convention and to take concrete action to fight foreign bribery and corruption.”

Blanco went on to provide three concrete examples of this international cooperation. The first was the Odebrecht case. It “paid an unparalleled amount of bribes to high-level officials in a dozen countries to secure billions of dollars’ worth of projects around the globe. The United States, Brazil and Switzerland were able to achieve the largest global fine ever imposed in a corruption case.” Approximately 80 people have been charged in connection with the case so far and the “company pleaded guilty in the United States and is required to cooperate with the respective countries’ ongoing investigations of individuals, as well as to retain an independent compliance monitor for three years.”

Blanco noted that through the countries’ cooperation they not only “assisted one another in gathering evidence and building the case, but made sure to credit the fines and penalties paid to each country, rather than imposing duplicative fines and penalties. This ensures fairness to the companies and provides the right incentives for companies to cooperate fully with the relevant jurisdictions implicated in the case.”

The second matter is Rolls Royce Ltd (RR), which interestingly is still ongoing, even this week. RR “paid about $170 million in U.S. penalties as part of an $800 million global resolution to investigations in three countries – the United States, the United Kingdom and Brazil.” Earlier this week the DOJ announced it had secured four guilty pleas and issued one indictment for individuals involved in the company’s bribery and corruption schemes for one project.

September brought the resolution of the Telia Company FCPA violations. Here the US, Netherlands and Sweden secured another “large-scale global corporate settlement against Stockholm-based telecommunications company Telia. That case followed on the heels of the 2016 settlement against Amsterdam-based Vimpelcom; both of these companies admitted to paying over $440 million in bribes to a corrupt official in Uzbekistan.” Swedish prosecutors have brought individual criminal charges against the former President of the Company as well as the former Country Manager and Regional Vice President (VP).

Yet Blanco also recognized there are new and additional tools which the US and other countries and are beginning to deploy. He specifically mentioned the DOJ’s “Money Laundering and Asset Recovery Section’s Kleptocracy Asset Recovery Initiative, which is specifically designed to target and recover the proceeds of foreign official corruption that have been laundered into or through the United States, has proven to be an incredibly valuable tool to fight corruption.” Blanco called the results of this initiative “outstanding”. He pointed out that “Just this year, additional complaints were filed in that case, bringing the total amount that we are working to recover to well over $1.7 billion.”

Blanco also pointed out that other international partners are on the horizon, ready to pick up the mantle of this international fight against bribery and corruption. He specifically mentioned Argentina which, he commented, he had been “meeting with the highest levels of the Macri government, and with their Chief Justice of the Supreme Court. For the last year, we have been working closely with the Argentines in the areas of corruption, organized crime and money laundering. I am impressed with their strong commitment and the actions they are taking, towards rooting out corruption in all its forms. We share a common commitment to continue working closely together.”

When you couple Blanco’s speech with the remarks of Rod Rosenstein, also made at the same conference, where he tied the intersection of corruption, money-laundering and international investigations to US leadership in prosecutions, you can clearly see that FCPA enforcement is not going away; largely through the efforts of the DOJ and Securities and Exchange Commission (SEC) to foster the OECD Anti-Corruption Initiative and to train other international investigators and prosecutors in anti-corruption prosecutions. These efforts saw significant payoffs last year and will continue to do so in the future.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017