In this first emergency Compliance into the Weeds podcast, Matt Kelly and myself review the information that Michael Cohen was paid by several US and international multi-national organizations for insight on and influence upon the Trump Administration. We consider it from the compliance angle and what steps a company is going to take if it hires the President’s personal lawyer as its paid lobbyist.

For more see Matt’s blog post on Radical Compliance entitled “Oh Lord, Michael Cohen Risk Is Now a Thing

And for even more see Matt’s piece in buzzfeed.com entitled, “It’s Harder To Pay Off Foreign Governments Than The US One

I continue my five-podcast exploration of working with monitors. I am joined by Don Stern, Managing Director, Corporate Monitors and Consulting Services at Affiliated Monitors, Inc. (the sponsor of this five-part series) on working with monitors. Today we consider the various manners in which regulators at all levels, from the federal, to state and local levels, use monitors. We also consider how monitors can be used outside the regulatory context in areas as diverse as mergers and acquisitions, business ventures, IP and licensing.

Most compliance practitioners are aware of the role monitors play in the Foreign Corrupt Practices Act (FCPA) enforcement arena. However, the use of independent monitors is much broader than simply in criminal or civil enforcement actions involving a Deferred Prosecution Agreement, Non-Prosecution Agreement, Corporate Integrity Agreement or other form of resolution. Federal agencies use monitors for a wide variety of roles to ensure compliance with agreements.

At its most basic level, an independent monitor is a way for the government to extend its reach. Both in terms of lengthening out the time that you have true government oversight and in terms through many of the techniques we discussed earlier:  focus group meetings, review documents, talking senior and middle management. It is a very cost-effective way for federal, state and even local governments to extend out their reach. This cost-effectiveness is driven home by that fact that the cost is not borne by the governmental entity or the regulators. The cost is borne by the entity involved.

Stern pointed to the use of an independent monitor by the Federal Communications Commission (FCC) to ensure that the conditions around anti-competitive and other issues, the FCC approved for the merger between AT&T and Direct TV, were fulfilled. He went on to provide an example where “one of the conditions was  they had to offer a discounted broadband service to certain low-income households. The FCC  wanted access to broadband for low income families, particularly for school kids. The monitor assessed the marketing program on this issue, looking at their efforts to provide discounted broadband, low income households.”

Stern provided another example of regulator use of an independent monitors, this time by a state regulator, the Attorney General of Rhode Island in the area of hospital conversions. This is the situation where a non-profit hospital is purchased by a for profit chain. In such situations, the state attorney general in most states will have to approve that transfer of assets from charitable assets to for-profit assets, applying certain conditions. It could be in the area of recruiting  physicians or requiring the acquiring institutions to keep the mental health services open. You don’t have to spend x millions of dollars on new equipment. It is generally around very specific metrics  and it is “increasingly being used by government agencies as a way of not only having confidence that the regulatory decisions are being followed but provides some comfort and confidence to the public knowing that who is looking over the shoulder of the organizations in the public’s interest.”

Yet an independent monitor can be used in non-regulatory areas. One that certainly comes up is pre-acquisition due diligence in the FCPA realm. An independent monitor can be used to assess whether a target or takeover candidate has a robust compliance program. These same concepts also work in the licensing area in pre-acquisition work and even for company which want to test the audit compliance of customers.

The bottom line is independent monitors can come in and look at the system of controls in a wide variety of regulatory and legal areas. This is true because there is no substitute for having somebody independent of the company with some expertise and common sense and practical reality coming in and asking, how are you doing? Stern concluded, “You don’t have to do this all the time. It isn’t something you need to do even every year, but every once in a while, have somebody come in and take a hard look at how you’re doing and then reporting back internally to the company. It is money well spent because you have established that the organization being reviewed has a good program and if you need to fine tune your program in certain ways. Here again, I think that’s all to the good.”

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Today we consider how monitors work. On my podcast, the FCPA Compliance Report, I am visiting with Don Stern, the Managing Director, Corporate Monitors and Consulting Services at Affiliated Monitors, Inc., (AMI) who sponsored the podcast series. To hear Stern’s more complete remarks, click here.

Stern explained that there are variety of tasks and roles a monitor uses when engaging in an independent monitorship. A monitor should understand the type of approaches they will take to make an organization more compliant, starting with understanding the work plan. Many times, the monitor must push the organization along by getting buy-in and building consensus. Finally, there should be an awareness of helping the company to become compliant in the future.

The starting point is understanding what the mission of the monitorship is. As Stern put it, “we really begin at the beginning. We sometimes meet separately with the government agency to get an appreciation and understanding as to why they think things have reached that point, what they see as the problems in the company, what they see as the problems in the industry. And then, of course, we do the same thing with the company.” Such meetings could also include “outside counsel who have been sort of living with whatever the precipitating cause of a problem which led to the settlement with the government or the investigation. They’ve lived with it for years. And in many cases, by the way, the company has already remediated significant portions of the problem.”

A monitor should have a particular focus on a particular goal, a particular set of tasks. Yet from there, Stern explained it is “very much a people exercise. The thing that is often obvious relatively early on, one way or the other is whether the company has a paper program or real program.” Stern indicated that a monitor should spend time at the higher levels and the middle and lower levels of the company. Some of the specific techniques can be one on one interviews, site visits to specific offices and with “focus groups where we get people at the same level so we don’t get middle managers and upper managers together in one room.”

Stern emphasized it is critical that both company management and the regulators not be surprised by a finding. This means the monitor (and team) should literally “pour through the company” to come up an honest final assessment or report for the organization. It is important to give the company credit where it has remediated or shown improvement and this means emphasizing to the government the wins a company’s compliance program may have sustained.

Interestingly, Stern emphasized that in monitorships, as with compliance programs in general, one size does not fit all. A monitor should test whether there is sufficient training on the Code of Conduct, compliance policies and procedures and other issues such as Conflicts of Interest policy. There should also be inquiries into hotline overview and use. Yet there can also be recommendations which arise from the employee interviews, which the monitor may raise to senior management for implementation.

Here Stern presented a simple yet powerful example. It was around having a compliance moment once per week at company meetings. The organization was an engineering company and they took safety very seriously, opening each company meeting with a safety moment. This led to the suggestion of opening meetings with a compliance moment, which employees used not simply to state ethics and compliance issues but to describe situations they faced daily.

A situation arose where an employee was offered tickets to a baseball game by a vendor. The company policy on conflicts of interest prevented the employee from accepting the tickets and he felt conflicted because he wanted to go to the game. More importantly, he did not know what to tell the vendor to make them understand he could not accept the tickets. Through discussing this issue after a compliance moment in a company meeting, there was a dialogue that allowed the company employees to feel that they have an opportunity to be part of the process. It demonstrated that ethics and compliance is not something imposed on them, but something that is part and parcel of their job and part and parcel of their responsibility.

A monitor must literally work with groups as diverse as the Board of Directors to employees on the shop floor. It is incumbent to use a variety of tactics and techniques to fulfill the mission of a monitor. An independent and experienced monitor is required to use a variety of tools to help an organization move forward with a compliance regime. Stern noted, “a monitor should also have the experience to come in and not only look at how your company is doing, but also benchmark against what is happening not only in your industry but in other industries. And at the end of the day it’s a little bit like the making of sausage. At the end of the day we’re going to have some recommendations and the expectation is that your company is going to be top of the heap, that you will have a state of the art compliance and ethics program and you will have contributed to making it better.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

I continue my five-podcast exploration of working with monitors. I am joined by Don Stern, Managing Director, Corporate Monitors and Consulting Services at Affiliated Monitors, Inc. (the sponsor of this five-part series) on working with monitors. Today we consider how monitors work.

Stern explained that there are variety of tasks and roles a monitor uses when engaging in an independent monitorship. A monitor should understand type of approaches they will take to make an organization more compliant, starting with understanding the work plan. Many times, the monitor must push the organization along by getting buy-in and building consensus. Finally, there should be an awareness of helping the company being compliant in the future.

The starting point is understanding what is the mission of the monitorship. As Stern put it, “we really begin at the beginning.” We meet sometimes meet separately with the government agency to get an appreciation understanding as to why they think things have reached that point, what they see as the problems in the company, what they see as the problems in the industry. And then of course we do the same thing with the company.” Such meetings could also include “outside counsel who have been sort of living with the whatever the precipitating cause a problem which led to the settlement with the government or the investigation. They’ve lived with it for years. And in many cases, by the way, the company has already remediated significant portions of the problem.”

A monitor should have a particular focus on a particular goal, a particular set of tasks. Yet from there, Stern explained it is “very much a people exercise. The thing that is often obvious relatively early on, a one way or the other is whether the company has a paper program or real program.” Stern indicated that a monitor should spend time at both the higher levels of the company and at the middle and lower levels of the company. Some of the specific techniques can be one on one interviews, site visits to specific offices and with “focus groups where we get people at the same level so we don’t get middle managers and upper managers together in one room.”

Stern emphasized it is critical that both company management and the regulators not be surprised by a finding. This means the monitor (and team) should literally “pour through the company” to come up an honest final assessment or report for the organization. It is important to give the company credit where it has remediated or shown improvement and this means emphasizing to the government the wins a company’s compliance program may have sustained.

Interestingly, Stern emphasized that in monitorships as with compliance programs in general, one size does not fit all. A monitor should test whether there is sufficient training on the Code of Conduct, compliance policies and procedures and other issues such as Conflicts of Interest policy. There should also be inquiries into hotline overview and use. Yet there can also be recommendations which arise from the employee interviews, which the monitor may raise to senior management for implementation.

Here Stern presented a simple yet powerful example. It was around having a compliance moment once per week at company meetings. The organization was an engineering company and they took safety very seriously, opening each company meeting with a safety moment. This led to the suggestion of opening meetings with a compliance moment, which employees used not simply to state ethics and compliance issues but to describe situations they faced daily.

A situation arose where an employee was offered tickets to a baseball game by a vendor. The company policy on conflicts of interest prevented the employee from accepting the tickets and he felt conflicted because he wanted to go to the game. More importantly he did not know what to tell the vendor to make them understand he could not accept the tickets. Through discussing this issue after a compliance moment in a company meeting, there was a dialogue allowed the company employees to feel that they have an opportunity to be part of the process. It demonstrated that ethics and compliance is not something imposed on them, but something that is part and parcel of their job and part and parcel of their responsibility.

A monitor must literally work with groups as diverse as the Board of Directors to employees on the shop floor. It is incumbent to use a variety of tactics and techniques to fulfill the mission of a monitor. An independent and experienced monitor is required to use a variety of tools to help an organization move forward with a compliance regime. Stern noted, “a monitor should also have the experience to come in and not only look at how your company is doing, but also benchmark against what is happening not only in your industry but in other industries. And at the end of the day it’s a little bit like the making of sausage. At the end of the day we’re going to have some recommendations and the expectation is that your company is going to be top of the heap, that you will have a state of the art compliance and ethics program and you will have contributed to making it better.”

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

The Compliance Evangelist is still on assignment in Brazil. Today, I had the opportunity to speak to a group of lawyers, compliance professionals and others at the Koury Lopes Advogados (KLA) where I was hosted by Isabel Franco. It was a very informed and dynamic group which gathered at the law firm’s offices. My remarks were around the use of data to not only drive compliance into the fabric of your business but also to make your company run more efficiently and more profitably.

Some of the questions I began with were: Can you see the pattern in raked leaves? As a Chief Compliance Officer (CCO) or compliance professional, what data do you have at your disposal? Finally, are you able to even access your own company’s data? The patterns in raked leaves come from the ability to synthesize large amounts of data so that you can see unusual patterns which might present anomalies or red flags for further compliance review. The data you have at your disposal and the access you have to your own company’s data are often questions that bedevil many compliance professionals in beginning this new phase of their compliance program.

I next detailed where you should begin. The first thing you must do is to lay out your strategy in a manner which demonstrates how it will positively impact the business. Next you need to consider who are your customers in this exercise? Obviously, your own employees are the customers of your compliance initiatives but what about any third-parties, distributors, joint venture or other business partners? Finally, how will you capture the innovations in your compliance program which bring greater value to the business.

The next series of considerations turn on not only creating your strategy but implementing it as well. Moving from the final question above on “how are we expecting innovation to create value?”, your next step should be to create a high-level plan for allocating resources to the different kinds of innovation. During the entire process you will be required to manage trade-offs so senior leaders can make the choices that are best for the whole company. Finally, as with your entire compliance program your strategy must evolve as facts and circumstances change in the business.

I next turned to some specific examples from enforcement actions where the use of Artificial Intelligence (AI) could have helped uncover bribery schemes. The first thing to remember about bribery schemes is that the money to fund the bribes must come from somewhere. Deep Throat was right when he told Woodward and Bernstein to ‘follow the money’ during their Watergate Investigation as that maxim holds true in any robust anti-corruption program. The ‘where’ the money comes from is usually theft from the corporation itself.

One of the best and most straight-forward examples of this theft through employee embezzlement was the sordid story of GlaxoSmithKline PLC (GSK) in China. There literally the entire Chinese business unit was in on the scam to create fake events, fake invoices, fake conferences and other non-existent reimbursable events to create a pot of money so great that over some 7 years, it totaled almost $500 million. The GSK in China case brings up two dimensions which AI is suited to help find such unusual patterns. The dimensions of geography and time.

The dimension of geography is simply that the price of gifts, meals and entertainment wildly differs across the globe. A meal in São Paulo, New York or Oslo will obviously be much different in cost than Houston, Birmingham, Lagos or Kuala Lumpur. There will even be regional variations in China. The dimension of time is that there will be increased gift-giving during holiday seasons across the globe. In the US or western Europe, it may be Christmastime. In China, it may be the Chinese New Year. In Vietnam, it may be during Tet. In Brazil, it may be during Carnival. All of these contribute the dimension of time.

Next consider the sales cycle and the steps where corruption could occur in it. Some of the steps may include the following: 1. A pre-sale response to a request for proposal, a bid or simply a sales initiative; 2. In this pre-bid phase there could be gifts, travel and/or entertainment (GTE) spend on any of the customers or potential customers; 3. What is the sales pricing discount range? Is it outside the standard range and have all commercial approvals been granted for any discounts given? and 4. Are there any rebates which have or will be paid to the customer?

Some of the questions you might want to consider include some of the following. What is the aggregate spend on any one foreign government official over a 12-month period by one business development (BD) representative? What was the BD spend on one foreign government official by several company BD representatives? Has there been any travel involved to tour company facilities in a location outside the country where the contract will be performed? What has been the aggregate spend for this sales initiative and was it correlated with other GTE spends? What did that correlation show?

Regarding the contract itself, some of the inquiries you can make from the data include the following. Were any discounts offered outside the standard discount range?
Were these discounts properly vetted through the internal company process?
Was the sales discounting process documented and was there senior management sign-off in place? Was the contract properly vetted by all required internal processes, i.e. by management, legal, and compliance?

Obviously any third parties you might have used could be high-risk. In addition to following a lifecycle management of third parties review, you should consider the commission rate and total compensation paid to the third parties involved. Was it within a standard range or did it exceed what had been previously paid?

Further, a charitable donation review should also be completed. Were there any charitable donations made at or near the time of the contract award? Was there any Corporate Social Responsibility (CSR) requirement written into the contract which applied going forward?
Does compliance have visibility into this or does it go through a company charitable donation group or committee?

Travel after the contract has been signed can also be a place where corruption can creep in. Did the contract specify any travel for the customer? If so did it indicate who would be involved or even make the selection? How about ongoing training and if so where and for how long? Was there a specification of business class or above travel accommodations? If there was travel agreed upon as part of the contract was the spend on these items consistent with prior travel spends?

These are just some of the inquiries you can make with the data that currently exists in your organization. But if you think about these inquiries, they are not simply compliance inquiries but they are a part of your overall business process. Remember it is a sales process and cycle and it is a contract lifecycle. This means these processes can be improved upon. This improvement is fostered by a more robust, qualitive review of your own data by your compliance function.

Thanks again to Isabel Franco and KLA for hosting me.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2018