What are the obligations of a Board member regarding the FCPA? Are the obligations of the Compliance Committee under the FCPA at odds with a director’s “prudent discharge of duties to shareholders”? Do the words prudent discharge even appear anywhere in the FCPA? In the the case of Stone v. Ritter is found the proposition that “a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate exists.” From the case of In re Walt Disney Company Derivative Litigation, she drew the principle that directors should follow the best practices in the area of ethics and compliance. The Board has the role of monitoring the performance of the compliance function, including monitoring the performance of it using customary economic metrics, and by overseeing compliance with applicable laws and regulations. While the Board is not responsible for auditing or ferreting out compliance problems, it is responsible for determining that the company has an appropriate system of internal controls. The Board should also monitor company policies and practices that address compliance and matters affecting the public perception and reputation of the company. Every company should ensure that it conducts appropriate compliance training for employees and conducts regular compliance assessments. Finally, the Board must take appropriate action if and when it becomes aware of a material problem that it believes management is not properly handling.

There is no reference to prudent discharge in the FCPA itself. However, a Board member might well think more than twice about the prudent discharge of duties to the shareholders as both the DOJ and SEC now might well wish to look into a Board’s prudent discharge of duties under the FCPA.

Three key takeaways:

  1. What is prudent discharge?
  2. What is your process for doing compliance at the Board level?
  3. A Board must have active rather than passive engagement around compliance.

This month’s sponsor is Affiliated Monitors, Inc.

This week, we return to Sherlock Holmes-themed blog posts. We finished the review of The Adventures of Sherlock Holmes and now move on to The Memoirs of Sherlock Holmes. Today we move on to The Adventure of the Stock-Brokers Clerk. Leslie Klinger, in “The New Annotated Sherlock Holmes Volume 1”, said, “The world of money has changed little in 100 years, and the ‘The Stock-Broker’s Clerk’ tells a thrilling tale of ‘identity theft’ that might be drawn from today’s headlines.”

In a case which sounds suspiciously close to The Red-Headed League and The Three Garridebs a stockbroker’s clerk is lured away from his place of employment so that imposters can try and rob it. The clerk, Hall Pycroft, consults Holmes with his suspicions concerning a company that has offered him a very well-paying job. He was approached by one Arthur Pinner, who offered him a managership with a newly established hardware distribution company, to be based in France.

Pycroft is sent to Birmingham to meet Pinner’s brother and company co-founder, Harry Pinner. He is offered a very well-paid post with £100 in advance and is asked to sign a document accepting the post and is also asked not to send a letter of resignation to his would-be employers. He immediately commences his duties, but he is concerned about the unprofessional aspects of the business and their sparse offices. (Sounding resoundingly like The Red-Headed League?)

Holmes deduces that the whole point of the exercise was to obtain an example of Pycroft’s handwriting so that a ‘fake’ Pycroft may be employed at his stock brokerage firm to keep a vast stock of valuable securities and be the safebreaker. Holmes and Watson subsequently learn that the stock brokerage has sustained an attempted robbery, but that the criminal had been captured, although the weekend watchman has been murdered. Beddington, the forger and cracksman, was the miscreant, masquerading as Pycroft. American railway bonds worth nearly £100,000 were taken, together with a large amount of scrip in mines and other companies, but the police recovered them from the would-be thief.

I thought about this story as an introduction into the topic of foundational nature of a Code of Conduct and why it is so important to a compliance program in general. A Code of Conduct should be used as way to capture the risks and the issues that the organization faces. These are the major concerns that the organization has in terms of the type of business it is in, where it is operating and other factors of that nature. Obviously, this can be a wide variety of things such as anti-corruption, anti-money laundering (AML), trade sanctions, anti-trust, anti-discrimination and harassment and a myriad of others.

Moreover, by capturing these major issues within a training experience that is delivered across the organization and to all employees, it helps to level set everybody within the company in terms of what are those issues. It literally puts them at the top of mind for the company as employees understand the highest risk areas they need to be focused on. Additionally, the Code of Conduct is a source of that information and also about where to go for more help. In many cases, a Code of Conduct will point to other policies or procedures or other resources that serve to provide the support that employees might need as they go about their day-to-day business. It can also help the speak up culture of an organization by providing information on internal reporting, a commitment to non-harassment going forward and a recitation of the company’s values.

One of the key themes of the 2020 Update was of the importance of a risk assessment for all aspects of your compliance program. Additionally, the 2020 Update made clear the relationship between risk assessment and Code of Conduct training going forward. A risk assessment informs the content of the company’s Code of Conduct itself by identifying the topics and the issues that relate to the risks that the organization faces.

When you consider Code of Conduct training as the foundation of all of the compliance training to be delivered within the organization; it becomes clear that everybody in the company needs to be familiar, even if only at a high level, with the risks that the company faces on a day-to-day basis. Through aligning Code of Conduct training with the results of the risk assessment, you can ensure that the right content and messaging is being presented as part of that foundational Code of Conduct training. Moreover, by using your risk assessment to pinpoint key areas for training, you can have both a more focused and more effective Code of Conduct training.

I hope you will join me tomorrow where I consider The Adventure of the Gloria Scott.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2020

In today’s edition of 31 Days to a More Effective Compliance Program, I am joined by Vin DiCianni, founder of Affiliated Monitors. Vin provides insights into how the use of data can facilitate the management of third-parties after the contract is signed.

3 Key Takeaways:

  1. the process of collecting data cleans up much risk and provides cost savings.
  2. More reliable data about third-parties will facilitate their more effective management.
  3. Using data to management third-parties will further operationalize your compliance program.

This week, we return to Sherlock Holmes-themed blog posts. We finished the review of The Adventures of Sherlock Holmes and now move on to The Memoirs of Sherlock Holmes. We began the adventure by considering one of the darkest of tales in the Holmes canon, today we move on to The Adventure of the Yellow Face. The story deals with racial prejudice and, in a rare instance, a failure of Holmes’ keen intellect. Leslie Klinger, in “The New Annotated Sherlock Holmes Volume 1”, said Holmes was so taken in by Munro’s wife that he instructs Watson to whisper “Norbury (the location of the mystery) whenever he becomes too arrogant.”

Holmes, suffering from boredom due to a want of cases, returns home from a walk with Dr. Watson to find he has missed a visitor but that the caller has left his pipe behind. From this, Holmes deduces that he was disturbed of mind (because he forgot the pipe); that he valued it highly (because he had repaired, rather than replaced it, when it was broken); that he was muscular, left-handed, had excellent teeth, was careless in his habits and was well-off.

When the visitor, Mr. Grant Munro, returns, Holmes and Watson hear the story of Munro’s deception by his wife Effie. She had been previously married in America, but her husband and child had died of yellow fever, whereupon she returned to England and met and married Munro. Their marriage had been blissful when out of the blue, she asked for a 100 pounds and begged him not to ask why. Two months later, Effie was caught conducting secret liaisons with the occupants of a cottage near the Munro house in Norbury. Munro has seen a mysterious yellow-faced person in this cottage. Overcome with jealousy, he breaks in and finds the place empty. However, the room where he saw the mysterious figure is very comfortable and well furnished, with a portrait of his wife on the mantelpiece.

Holmes and Watson, believe it is her former husband come to England to blackmail Munro. However, the person is a young girl who is half-black and the daughter of Effie and her first husband, who is dead. Effie used the money to bring Lucy and her nurse to England, installing them in the cottage near the Munro house. She feared, however, that Munro might stop loving her if he found out that she was the mother of a mixed-race child, so she made every endeavor to keep Lucy’s existence a secret.

Yet Munro rises to the occasion, when he “lifted the little child, kissed her and then, still carrying her, he held his other hand out to his wife and turned towards the door. He said, “We can talk more comfortably at home.””

I thought about this story as an introduction into the topic of managing your third-party relationships. Most compliance professionals are aware of the need to audit third-parties and to engage in ongoing monitoring through review of billing. But there are other strategies you can pursue to help manage your third parties after the contract is signed. The key is to have a strategic approach to how you structure and manage your third-party relationships during the full lifecycle of the contract. This may mean more closely partnering with your third-parties to help manage the anti-corruption compliance risk. It would certainly lead towards enabling your company to  manage the bribery and corruption risk while optimizing the performance of your third-parties. Some of the key steps you can take are the following.

Keep tabs on subcontracted work. This is one area that requires an appropriate level of management. If your third-party has the right or will need to subcontract out work, you need to have visibility into this from the compliance perspective. You will need to require and monitor that the third-party has your approved compliance terms and conditions in their contracts with subcontractors. You will also need to test that proposition, in other words, you must require trust and then verify.

Keep track of your third-parties’ financial health. This is one area that is not usually discussed in the compliance arena around third-parties, but it seems almost self-evident. You can certainly imagine the disruption that could occur if your primary third-party supplier in a country or region went bankrupt; but in the compliance realm there is another untoward red flag that is raised in such circumstances. Those third-parties under financial pressure may be more easily persuaded to engage in bribery and corruption than third-parties that stand on a more solid financial footing. You can do this with a simple requirement that your third-party provide annual audited financial statements.

You should take advantage of automated financial tracking tools to keep track of material changes in a third-parties’ financial stability. You should also use your in-house Relationship Manager to regularly visit key third-parties, so an on-the-ground assessment can be a part of an ongoing conversation between your company and its third-parties.

Formalize incentives for third-party compliance performance. Or as the 2020 Update stated, “How does the company incentivize compliance and ethical behavior by third parties?” One of the key elements for any third-party contract is the compensation issue. If the commission rate is too high, it could create a very large pool of money that could be used to pay bribes. It is mandatory that your company link any commission or payment to the performance of the third-party. If you have a long-term stable relationship with a third-party, you can tie compensation into long-term performance, specifically including long-term compliance performance. This requires the third-party to put skin into the compliance game so that they have a vested, financial interest in getting things done in compliance with anti-corruption compliance regimes.

By linking contractual compensation to compliance performance, there should be an increase in third-party performance. This is especially valuable when agreed upon key performance indicator (KPI) metrics can be accurately tracked. This would seem to be low hanging fruit for the compliance practitioner. If you cannot come up with some type of metric from the compliance perspective, you can work with your business relationship team to develop such compliance KPIs.

You should rank third-parties based upon a variety of factors including performance, length of relationship, benchmarking metrics and KPIs. This is a way for the compliance practitioner to have an ongoing risk ranking for third-parties that can work as a preventative and even proscription prong of a compliance program and allow the delivery of compliance resources to those third-parties that might need or even warrant them.

I hope you will join me tomorrow where I consider The Adventure of the Stock-Brokers Clerk.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2020