Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a very deep dive into the recent SEC whistleblower award of $54MM to two separate individuals.

Some of the highlights from this podcast are:

  1. What does all this mean for the new proposed SEC whistleblower award basis revisions under consideration?
  2. Apparently there is flexibility in the standards for whistleblower awards.
  3. More information on requirement waivers would assist corporations and compliance practitioners.

We unpack of all these points and consider strategies going forward.

For more reading: see Matt’s piece $54M SEC Whistleblower Award

This week, I am running a five-past podcast series on the assessment of ethics and compliance in the mergers and acquisition (M&A) context. The podcast series was sponsored by Affiliated Monitors, Inc., (AMI). Today I want to finish my short blog post series by tying oversight to an independent integrity monitor in the M&A context. I visited with Don Stern, Managing Director of Corporate Monitoring & Consulting Services, and Rod Grandon, Managing Director of Government Services, of AMI.

Stern believes the best time to bring in an independent is “as early as is practicable”. By doing so there can be preliminary discussions with senior management about the process, sometimes at the Chief Executive Officer (CEO) level and at other times with the Chief Financial Officer (CFO). From these initial meetings an independent monitor could be a part of the acquirer’s team assembled for the project. He also noted there would probably be a due diligence room with documents made available for the acquiring company to review under a nondisclosure agreement (NDA). That could be meetings where teams from one company meet with teams from the other company. Stern reminded us that M&A work to some extent is “a fire drill, as everyone’s working very hard in compressed time schedules, trying to do a lot in a very short period of time.” This means at times issues pop up which may require the companies to further negotiate the terms of an escrow or other risk management protection for the buyer.

A key is the independent nature of the monitor. Part of it is that they have no stake in the outcome, no stock to vest or other remuneration. Also, it is natural for the target company’s employees to have their guard up as they are more than a little wary about anybody coming in and asking a question. Stern said, “I find that people open up, I’m more willing to be forthcoming when somebody’s outside either company comes in and is asking the questions really in a non-threatening way. The independent monitor is just looking for the facts. I find that we are able to get more information than I think we would otherwise get if we were not independent.”

Rod Grandon had two interesting observations as to why mergers fail from the cultural perspective. The first was the unintended consequences of rapid growth, not taking the time to digest and integrate, leaving a gap and lack of understanding of what was expected of the workforce. The second was the problem of completely unforeseen events popping up through complaints to lawsuits to further discovery events.

The first area focuses on the unintended consequences of rapid growth. Grandon said, “many times I have seen companies, particularly smaller companies that have tried to grow very rapidly through acquisitions and mergers. In doing so, the focus was always on the finance and really never on the people’s side or human element. The acquiring entity never takes the time to get it right in terms of ethics and compliance. A cultural compatibility is absolutely critical for the success of the successor entity. Without that what frequently happens or the workforce is demoralized because they do not feel like they’ve been part of the process.”

Grandon continued, “the fact is no one from the acquiring entity listened to them so they really don’t understand the corporate direction. Suddenly many of the employees find themselves in a much more permissive environment than they had before. Maybe in the lack of appropriate leadership and guidance. The risk factors really tend to spin out of control very quickly if there’s not a good plan and a good understanding of what is going on in that transaction and that’s what leads to these unintended consequences.”

The second issue is the ‘pop-up problem’, “which is something, even with reasonably effective diligence, the parties missed. Now you are months down the road post transaction or perhaps even years down the road and a lawsuit pops up. These pop-up problems in many cases have been identified. If the companies would have taken the time to do that deeper dive into that ethics and compliance realm and to understand what the workforce has seen and experienced, these issues may well have been forestalled. It just simply has never surfaced up to senior management or senior leadership levels.”

This tied into Stern’s point in the post-acquisition phase where he emphasized the need to have a plan in place. Obviously, this is important if the government ever comes knocking but equally important for the newly acquired (former target) employees. He said that if you have a plan in place it can help you avoid “some of those problems because people expect there will be training in week three and there will be focus groups in week four, etc.”

We concluded with a discussion of what you should do if a Foreign Corrupt Practices Act (FCPA) or other problem comes up in spite of robust pre-acquisition due diligence. Stern said that it is important to stop the illegal or even unethical conduct as quickly as possible. This has become more important because of the recent addition of the Safe Harbor for M&A to the FCPA Corporate Enforcement Policy. This has incentivized companies to not only remediate but also self-report.

This new FCPA Safe Harbor for M&A re-emphasizes how powerful a tool an independent monitor can be in the M&A context. Stern ended his remarks by noting that the Department of Justice (DOJ) certainly sees it as good practice to have a third party independent involved on both the company side and the reporting side, if required. All of this lends credibility to your ethics and compliance program. If your company finds itself under scrutiny from a M&A transaction, you can take some comfort in the strategies outlined in this series.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2018

Over this series, I am visiting with Eric Feldman, Senior Vice President, Don Stern, Managing Director of Corporate Monitoring & Consulting Services, and Rod Grandon, Managing Director of Government Services, from Affiliated Monitors, Inc., (AMI) who is the sponsor of this series. In it, we explore how to go about assessing ethics and compliance in the mergers and acquisition (M&A) context. In this second episode I visit with Stern on the impact that M&A has on both the acquired entity and the acquirer.

Stern began by noting the inherent risk in the entire M&A process. Yet,  the culture perspective is not often considered in the pre-acquisition phase. Stern believes companies are making a big mistake in doing so. Companies spend huge amounts of resources to hire lawyers, investment bankers, accountants for the pre-acquisition phase. They scrub the financials, look at income and look at revenues and expenses. Yet they often spend almost no time in looking at issues like the ethical culture of the company to be acquired. Stern stated, “I’ve never quite understood that everyone understands the risk of any acquisition. That the company picture may not work out quite as rosy as was expected. They may be some synergies that were expected from an expense point of view that don’t quite work out.”

Stern made clear that in the pre-acquisition phase, a company is not required to reinvent the wheel to perform ethics, cultural and compliance due diligence. He stated, “for example, accountants and other people looking over the books and records of the company to be acquired. The question is, are they looking at it through the right lens? Are they looking at it not just in terms of how robust are the revenues and what’s the revenue stream looks like? And is there a way to trim expenses and to look for some synergies of expenses?” Also what do the payments look like? How are they made to? If they are to third-parties in high risk jurisdictions, what is the target’s level of due diligence and training for third-party agents? Stern concluded, “it is not always a question of a brand new set of considerations. It’s sometimes a question of integrating those considerations and educating the acquiring company as to what they should be looking for.”

Stern believes one of the biggest risks is around ethical culture and cultural fit. One of the reasons is the asymmetrical incentives in place. Most usually the senior management of the target company has a very strong financial incentive to push the envelope when it comes to finances and financial projections. Stern believes this requires the acquirer to assess the human capital of an organization. This is more than just the senior executives but talk to employees out in the field, in the sales organization, in finance and accounts payable to get a much broader and well-rounded sense of the culture of the organization.

Post-closing, whether it is a honeymoon period, a period of terror for the former target or perhaps a little of both, if you as the acquirer do not have a full picture of the culture of your new entity, you may be in for not only quite a shock but some potential exposure as well. Stern provided the example where a large multinational US firm purchased a foreign entity that had a great compliance program on paper. They had their own culture, policies, and people but they were not “really paying attention to what the mothership was telling them. And it took really some very serious problems and the Department of Justice investigation for them to get the picture.”

The lack of knowledge on each parties culture can lead to many problems in the post-acquisition phase. Stern emphasized that the key is to not only come in with a plan but to listen and be attentive while implementing the plan. This can lead to a standoff in accomplishing the integration steps required under the Foreign Corrupt Practices Act (FCPA) or similar legislation. However, this is the situation where an independent monitor can assist both parties. Even after closing, an independent integrity monitor can come in and help to smooth out the process. An independent third party comes in with credibility and experience which allows employees at the acquired entity to communicate their concerns in a way that really is very helpful to the acquiring company. Employees can communicate such basic issues as they do not understand the new training they are required to go through, how things do not seem to fit together or the most basic question of why they are now required to do something. Employees can explain why risk areas may exist in other places but not exist in some others. Someone who is truly independent, with no stake in the game, can help make those explanations in a non-threatening way. The key is that independent third-party expert.

However, in practice this is routinely ignored and can lead to some serious FCPA exposure down the road.

Tomorrow, we consider the need for an integration plan to be implemented.

 

Blockchain technology stretches across a wide selection of corporate industries. This ever-evolving digital ledger chronologically and publicly records transactions, and now has anti-corruption compliance professionals asking how blockchain fits into a broader corporate compliance strategy. Tom welcomes two thought leaders from Ernst & Young: Paul Brody – Principal & Global Innovation Leader, Blockchain Technology, and Alexander Perry – Executive Director of Forensic Technology & Discover Services. Tom, Paul, and Alexander discuss the power of blockchains and how they can be effectively implemented in a compliance practice.

  • What is blockchain? Simply put: a transaction-processing system that allows account-based systems to move items of value (ex. Bitcoin) from point A to B or other accounts.
  • Basically, any company that works together (B2B) can benefit from implementing the blockchain based on these three characteristics:
  • Distributed Ledgers – shares information by making full copies of transaction histories available throughout the blockchain environment. This means you always have the best information reliable and readily available.
  • Programmable Ledgers – shares business processes by integrating shared existing facts.
  • Consensus Algorithm – Allows you to move and track assets securely and reliably without appointing a central digital authority that controls the whole system.

  • In Fraud Magazine’s July/August 2018 Issue, Vincent Walden said, “32 percent of legal, compliance and anti-fraud professionals plan to adopt blockchain and distributed ledger technologies in 2018.”
  • As this technology is relatively young still, Paul estimates the number of early blockchain adopters is currently somewhere between 2-5%. But they’re starting to see industrial implementations now, where businesses use blockchain for more than prototyping, and to implement business processes as well as write compliance rules into smart contracts.
  • Alex shares that one of blockchain’s greatest security feature is it’s unchangeable and immutable nature, meaning it cannot be corrupted without destroying the whole blockchain. Since fraudulent activity depends on manipulating transactions and ledgers after the fact, the immutable features of blockchain are invaluable for security and compliance.

While blockchain shows promising results and returns, no system is perfect. Although blockchains are mostly secure, it is still constantly being tested for weaknesses and improved upon. Public blockchain technology is evolving faster than private blockchain technology due to a higher volume of attacks on the system, which promotes a more rapid learning curve, calibration, and improvements. And there is still much to learn about this encryption technology, both about its structure as much about its wider implications and applications. As businesses and technology shift, so will the fraudsters, and no matter how useful and important blockchain technology becomes to this industry, the struggle between fraud and compliance will likely not have a perfect, one-size-fits-all technical solution.

If you’re a compliance professional looking for a convenient and effective way to fulfill your continuing education requirements, go to FCPAComplianceReport.com/Courses and choose from 4 hour-long training packages that will keep you up to date with the latest developments in the compliance field.

This week I am running a five-part podcast series on assessing ethics and compliance in the mergers and acquisition (M&A) context on the FCPA Compliance Report. For this series, I interviewed Eric Feldman, Senior Vice President, Don Stern, Managing Director of Corporate Monitoring & Consulting Services, and Rod Grandon, Managing Director of Government Services, from Affiliated Monitors, Inc., (AMI) who is the sponsor of this podcast series. It turned into a master class on how to do M&A work to bring your company into the new Department of Justice (DOJ) safe harbor under the FCPA Corporate Enforcement Policy.

Pre-acquisition

A key risk which is not is not often considered in the pre-acquisition phase is the culture perspective of each party. It is a mistake to fail to do so. Companies spend huge amounts of resources to hire lawyers, investment bankers, accountants for the pre-acquisition phase. They scrub the financials, look at income and look at revenues and expenses. Yet they often spend almost no time in looking at issues like the ethical culture of the company to be acquired. Don Stern stated, “I’ve never quite understood that everyone understands the risk of any acquisition. That the company picture may not work out quite as rosy as was expected. They may be some synergies that were expected from an expense point of view that don’t quite work out.”

Stern made clear that in the pre-acquisition phase, a company is not required to reinvent the wheel to perform ethics, cultural and compliance due diligence. He stated, “for example, accountants and other people looking over the books and records of the company to be acquired. The question is, are they looking at it through the right lens? Are they looking at it not just in terms of how robust are the revenues and what’s the revenue stream looks like? And is there a way to trim expenses and to look for some synergies of expenses?” Also what do the payments look like? How are they made to? If they are to third-parties in high risk jurisdictions, what is the target’s level of due diligence and training for third-party agents? Stern concluded, “it is not always a question of a brand new set of considerations. It’s sometimes a question of integrating those considerations and educating the acquiring company as to what they should be looking for.”

Stern believes one of the biggest risks is around ethical culture and cultural fit. One of the reasons is the asymmetrical incentives in place. Most usually the senior management of the target company has a very strong financial incentive to push the envelope when it comes to finances and financial projections. Stern believes this requires the acquirer to assess the human capital of an organization. This is more than just the senior executives but talk to employees out in the field, in the sales organization, in finance and accounts payable to get a much broader and well-rounded sense of the culture of the organization.

Post-Closing

Eric Feldman started with the Department of Justice (DOJ) and the information contained in various resolution documents for the past eight years or so. These documents stressed that an acquiring entity apply or ascertain that its Code of Conduct, policies and procedures regarding corruption are consistent with the acquired company’s policies and processes. If they are not consistent, the acquiring company should apply it’s Code of Conduct and anti-corruption policies and procedures to the newly acquired company within 18 months or “as quickly as is practicable”. Employees from the newly acquired entity must be trained on their new Code of Conduct and policy and procedure. There must also be a forensic audit to see if any FCPA issues pop up. This same language was brought forward into the 2012 FCPA Guidance.

All of these requirements were made more clear in the 2017 Evaluation of Corporate Compliance Programs (Evaluation), which laid out the following manner to think through the issues involved:

  • Due Diligence Process –Was the misconduct or the risk of misconduct identified during due diligence? Who conducted the risk review for the acquired/merged entities and how was it done? What has been the M&A due diligence process generally?
  • Integration in the M&A Process – How has the compliance function been integrated into the merger, acquisition, and integration process?
  • Process Connecting Due Diligence to Implementation –What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures at new entities?

The clear import is that there is a continuum from pre-acquisition into post-closing and that they build on the prior steps. From the pre-acquisition phase, you should be in position to develop your post-closing plan. Moreover, under the recent addendum to the FCPA Corporate Enforcement Policy, the safe harbor provision has now been memorialized in the US Attorney’s Manual. This now memorialized safe harbor makes your planning literally from the time you identify a target, through pre-acquisition to closing and into integration, investigation and reporting even more critical. The DOJ is looking for robustness of process and, of course, how you documented that process through the tenure of events.

Feldman explained that if pre-acquisition due diligence is done correctly, it will identify risks associated with the target and a risk assessment of that company should follow as a part of your pre-acquisition due diligence along the line to your post-acquisition, to give you a roadmap of what areas of risk need to be addressed immediately. Some of the things you would specifically look for in an integration plan are around internal controls. So, “Are you going to use the acquired entities internal controls or are you going to put your company’s internal controls regime in place? If so, how are you going to integrate them? How are you going to address any training and awareness gaps as it relates to ethics and compliance responsibilities of the employees, of the new company that are coming into your company? Do people understand the acquiring company’s anti-corruption posture and their ABC policies and procedures and all of that needs to be well documented into an integration plan.”

Why is the documentation component so important? Feldman responded that if no plan is followed, “it’s very hard to be able to demonstrate the pre and post-acquisition due diligence to an external entity like the Department of Justice. Then necessarily the outcome, but the real issue has to do with how can you demonstrate to a government regulator that you have done everything that you can do as a company to identify risk associated with corruption and misconduct. And then if you do identify the misconduct, that you have taken the right steps to inform the government and make that disclosure.”

What you need to be able to demonstrate to the government is that there has been full integration in the post-acquisition phase and that whether employees understand their responsibilities and are comfortable reporting issues to their new managers under the new company and the new structure. Any training gaps that were identified have been completely filled and whether the company has done an adequate risk assessment of where the post-acquisition risks might lie. This can be used to  demonstrate to the DOJ or anyone else that might be looking, that the company has done adequate due diligence, which is exactly what the government is looking for in a compliance program.


Today is the 17th anniversary of 9/11. Please take a moment today to think of all those who died, those who lost loved ones and how that day changed the world.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018