Yesterday, I considered the recently announced Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) enforcement action against Telefônica Brasil S.A., Cease and Desist Order(Telefonica Order). Taken in tandem with the July 2015 SEC enforcement action involving BHP Billiton (BHP), also resolved via Cease and Desist Order (BHP Order), these two enforcement actions can provide some guidance for the compliance practitioner in the risk area of gifts, travel and entertainment (GTE) for high-dollar sporting events such as the World Cup, Olympics, Super Bowl, World Series or the upcoming National Basketball Association (NBA) Championship.

One must start with the Telefônica Order because it made clear that there were no policies and procedures around this process. What I found interesting were the amounts listed in the Telefônica Order. These tickets were purchased for a total amount of $5.1 million and paid in three installments over three years beginning in 2012. The tickets were valued at $2750 per ticket with an additional $454 allotted for hospitality for a total value of $3204 for each ticket handed out. Of these 1860 tickets some 194 were allotted to Brazilian government officials or officials from other governments who were customers of the company. The SEC valued the total amount allotted to Brazilian government officials as $621,576.

Nowhere in the Telefônica Order was there explicit criticism of either the aggregate amount spent or the valuation of the individual ticket price plus hospitality. What Telefônica lacked was any process to manage the risk of spending lavishly on a government official who had contract oversight of Telefônica or the ability to direct work to them. For how such a protocol could work, one must turn to the BHP enforcement action, which revolved around the company’s hospitality program for the Beijing 2008 Olympics. BHP had a paper program that appeared robust. As laid out in the Billiton Order, “BHPB developed a hospitality application which business managers were required to complete for any individuals, including government officials, whom they wished to invite.” The application included these questions to be fully answered:

  • “What business obligation exists or is expected to develop between the proposed invitee and BHP Billiton?”,
  • “Is BHP Billiton negotiating or considering any contract, license agreement or seeking access rights with a third party where the proposed invitee is in a position to influence the outcome of that negotiation?”
  • “Do you believe that the offer of the proposed hospitality would be likely to create an impression that there is an improper connection between the provision of the hospitality and the business that is being negotiated, considered or conducted, or in any way might be perceived as breaching the Company’s Guide to Business Conduct? If yes, please provide details.”; and
  • “Are there other matters relating to the relationship between BHP Billiton and the proposed invitee that you believe should be considered in relation to the provision of hospitality having regard to BHP Billiton’s Guide to Business Conduct?”

Unlike at Telefônica, the right forms were in place and some of them were fully filled out. However, as the BHP Order made clear, an effective compliance program does not end at that point. High risk does not mean you cannot engage in certain conduct. High risk means that you must have an effective compliance program and you have to manage that risk. A basic key to any effective compliance program is oversight or a second set of eyes baked in to your process. BHP formally had this oversight or second set of eyes in the form of an Olympic Sponsorship Steering Committee (OSSC) and Global Ethics Panel Sub-Committee.

Where BHP failed was that “other than reviewing approximately 10 hospitality applications for government officials in mid-2007 in order to assess the invitation process, the OSSC and the Ethics Panel subcommittee did not review the appropriateness of individual hospitality applications or airfare requests. The Ethics Panel’s charter stated that its role simply was to provide advice on ethical and compliance matters, and that “accountability rest[ed] with business leaders.” Members of the Ethics Panel understood that, consistent with their charter, their role with respect to implementation of the hospitality program was purely advisory. As a result, business managers had sole responsibility for reconciling the competing goals of inviting guests – including government officials – who would ““maximize [BHPB’s] commercial investment made in the Olympic Games” without violating anti-bribery laws.”

But there was more than simply a failure of oversight by BHP. The BHP Order noted that not all of the forms were filled out with the critical information around a whether a proposed recipient might have been a government official. Even more critically missing was information on whether the proposed recipient was in a position to exert influence over BHP business. Moreover, BHP did not provide training to the business unit employees who ended up making the call as to whether or not to provide the hospitality on payment of travel and hospitality for spouses. The BHP Order stated that BHP “did not provide any guidance to its senior managers on how they should apply this portion of the Guide when determining whether to approve invitations and airfares for government officials’ spouses.” Finally, there were no controls in place to update or provide ongoing monitoring of the critical information in the forms.

FCPA compliance is a relatively simple exercise. That does not mean it is easy. Telefônica had no compliance policy to direct employees how to entertain government officials and no procedure to accomplish this risk management. If you want to send government officials to high profile sporting events or provide other high dollar hospitality, the FCPA does not prevent you from doing so. But it is a high risk and to be in compliance you must to manage those high risks appropriately, all the way through the process. The Telefônica and BHP enforcement action provides you a detailed road map of what to do and what not to do.



Join me at Compliance Week 2019

I hope you are planning to attend the 14th Annual Compliance Week conference this year, held from May 20-22 in Washington, D.C. at the Mayflower Hotel. It is truly one of the top compliance and ethics conferences of the year. It features not only speakers from compliance, but auditors, lawyers, government regulators, and industry leaders. This year, I am leading a pre-conference workshop on Sunday afternoon about handling internal investigations and performing a root cause analysis. Monday will include keynote address from the always-popular Hui Chen, which sets the tone for speakers throughout the event. To review the full agenda, see who is speaking or to review the registration information click on the appropriate link.

Best of all, if you have read this blog,  you are eligible for a discount on the conference cost. Enter code “TOM300” at checkout to save $300 from your registration.If you only attend one compliance conference in 2019, this is the event for you!

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2019

Innovation comes in many ways, forms and inspirations. Today we consider the basic use of communication as an innovation for compliance. We’re chatting with Ben Adelberg, host of The Back of the Range Golf Podcast, and today he’s sharing his processes, tips, and tricks for innovation and moving forward with whatever it is you’re working on.
Ben’s approach:
Ben interviews a wide variety of people, so before he ever gets on the phone with them, he does a deep dive. He goes through all of their social media channels, websites they might have been on, books they’ve written — anywhere that might have information on them — and finds out every single thing he can that could potentially lead him to different and unique questions to ask his guests. His goal is to go through the entire episode and ask questions they’ve never been asked, which makes The Back of the Range unique and stand out among all the other golf podcasts.
Publicizing the podcast:
Publishing a podcast episode is just half the job. It could be the most entertaining episode, but if nobody really knows about it, it’s just going to sit there. So for every episode, Ben promotes it to his Facebook page, Twitter, Instagram, and uploads every episode on YouTube.
He takes a 30- to 60-second long snippet of the episode and transforms it into what’s called an audiogram: a static picture with audio over it. It goes onto all his social media channels with a link to the episode.
He’ll also make sure to tag the person the episode is featuring and mention anybody else that might have been mentioned in the snippet, so it shows up on anyone following those feeds as well. This increases your reach and gets that 60-second clip in front of as many people as possible.
Leveraging tools:
In this business, you’re trying to capture people’s attention. A post that just says “click on this link” isn’t giving a big reason to listeners or followers to click on the link. Create a captivating photo or video, maybe something comical, or create a poll question on Twitter or a contest on Instagram. Just like anything in life you want to accomplish, you’ve got to put the work in.
Showing value:
Ben read Joe’s autobiography twice, did a deep dive on all his events, and fortunately loved baseball and golf, so he was extremely well-prepared for the episode. With every single guest, he tries to show value and his legitimacy right away by asking different probing questions that show he’s done his research. Once you do that, they respect the fact that you’ve done your work, and armed with that and a clean phone line, the episodes turn out well.
The Back of the Range Golf Podcast

How important is due diligence on those with whom you are doing business? Why does it matter if a company is owned or controlled by a foreign government or a political party member of a foreign government? Under the Foreign Corrupt Practices Act (FCPA) such persons are covered persons and any US entity which pays bribes to such covered persons violates the FCPA. This issue is particularly true in China. Moreover, a couple of recent developments have shown just how hard it is to know whether you are doing business with a covered person when doing business with a Chinese corporation.

Recently Raymond Zhong touched on this in a New York Times (NYT) piece, entitled “Who Owns Huawei? The Company Tried to Explain. It Got Complicated”. This article gives some interesting hints as to why corporate ownership can be so murky in China and why any US company doing business in China must begin with the assumption that any Chinese business is owned or, at the very least, controlled by the Chinese government, making any business transaction in China subject to the FCPA.

Zhong began by citing to a recitation made by Jiang Xisheng, the chief secretary of Huawei’s Board of Directors, to a small group of reporters on Thursday. The goal was to help explain the company’s ownership after two American researchers wrote a report accusing Huawei of being misleading about the issue. Zhong reported, “Mr. Jiang’s explanation boiled down to this: On paper, he said, Huawei is owned by a labor union that solicits donations from employees when their colleagues have health problems and the like. The union also supervises the company basketball club”.

Just like that, one of the world’s largest hardware companies is owned by its employees. Sounds like a good old Employee Stock Ownership Plan (ESOP). But it got even better from there, as “Huawei showed reporters on Thursday what it described as evidence of its independence: a big blue book, kept behind glass and under lock and key in a drab white room at the company’s headquarters in Shenzhen, a southern Chinese city. Within its 10 volumes are said to be the names of all the Huawei employees who hold “restricted phantom shares” in the company — proof, the company says, that no piece of Huawei is owned by the Chinese government.”

First of all, anyone who believes that bald-faced statement should probably Not Pass Go and go directly to the jail of supreme inanity. Xisheng went on to state, “The union has no influence over the company’s business operations. It does, however, supervise after-work activities for employees. That basketball club, for instance. The badminton and table tennis clubs, too.” While “Huawei’s union is registered with the Shenzhen city government’s union and pays dues. But the municipal union has no influence over the Huawei union’s operations or the company, Mr. Jiang said.” Of course, since the Union has no influence over the company there is no need for such messy paperwork as Board meeting minutes or other indicia that a true corporation exists.

All of this double speak and obstruction came after two researchers who wrote a report “questioning Huawei’s ownership — Christopher Balding, a professor at Fulbright University Vietnam, and Donald C. Clarke, a Chinese law expert at George Washington University — say Huawei’s virtual stock program “has nothing to do with financing or control” and is “purely a profit-sharing incentive scheme.”” So, if you sign a contract with Huawei, just whom are you doing business with going forward?

Another NYT story, reported by Li Yuan and entitled “Jack Ma, China’s Richest Man, Belongs to the Communist Party. Of Course”, reported that the Chinese Communist Party itself had identified Ma as a party member. That’s right, the founder of Alibaba Group and the richest Chinese is a card-carrying member of the proletariat. Last November, “The party’s official People’s Daily newspaper included Mr. Ma, executive chairman of the Alibaba Group and the country’s most prominent capitalist, in a list it published on Monday of 100 Chinese people who had made extraordinary contributions to the country’s development over the last 40 years.” One can almost hear him leading the chant, “Workers of the world unite! You have nothing to lose but your chains.”

Clearly under the FCPA, Party member Ma qualifies for FCPA coverage as the FCPA specifically incorporates politicians, political parties and candidates for political offices as foreign government officials for purposes of the Act. In the 2012 FCPA Guidance it states, “The FCPA’s anti-bribery provisions apply to corrupt payments made to (1) “any foreign official”; (2) “any foreign political party or official thereof ”; (3) “any candidate for foreign political office”; or (4) any person, while knowing that all or a portion of the payment will be offered, given, or promised to an individual falling within one of these three categories. Although the statute distinguishes between a “foreign official,” “foreign political party or official thereof,” and “candidate for foreign political office,” the term “foreign official” in this guide generally refers to an individual falling within any of these three categories.”

Additionally, politicians and political parties are incorporated into the FCPA through the accounting provisions of the FCPA. As further stated in the FCPA Guidance, “Additionally, individuals and entities can be held directly civilly liable for falsifying an issuer’s books and records or for circumventing internal controls. Exchange Act Rule 13b2-1 provides: “No person shall, directly or indirectly, falsify or cause to be falsified, any book, record or account subject to [the books and records provision] of the Securities Exchange Act.” And Section 13(b)(5) of the Exchange Act (15 U.S.C. § 78m(b)(5)) provides that “[n]o person shall knowingly circumvent or knowingly fail to implement a system of internal accounting controls or knowingly falsify any book, record, or account ….”. The Exchange Act defines “person” to include a “natural person, company, government, or political subdivision, agency, or instrumentality of a government.”

The opaqueness of Chinese corporate structures is more than simply the inscrutable Far East. When presented with such answers as those from Huawei, there is simply no way for a US company to know precisely the ownership structure to ascertain if even doing business with such persons is legal or violates some sanctions or other rule. Of course, believing there is no government control, ownership or party membership can also lead to violating the FCPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2019

In this five-part podcast series, sponsored by Assent Compliance, I explore supply chain data management. In this series, I visit with several members of the Assent Compliance team to introduce the topic, consider the synergies between several different types of compliance disciplines, the impact on organizations of compliance failures in this area and what are some of the drivers for continued legislation and regulation in this area. In this third episode, I visit with Travis Miller, General Counsel at Assent Compliance Inc. and Director of Assent Compliance USA Ltd. We consider the synergies between the emergence of supply chain risk and the compliance response.

Miller had a very interesting and, indeed, unique perspective on the origins of modern-day compliance programs. He draws the origins of compliance through the US environmental movements. The first of which began in the 19thcentury as the conservation movement. This movement began around the eradication of such animals as the buffalo and carrier pigeons. It also included the creation of our national park system, that started in an attempt to respond to those issues and similar.

Miller identified the second big environmental movement beginning with the publication of “Silent Spring” by Rachel Carson in the early 1960s. There was increased awareness of air and water pollution. This led to the formalization of an environmental movement and such events as Earth Day, which is still celebrated. It also led to US regulatory responses, beginning with the creation of the Environmental Protection Agency (EPA) under the Nixon Administration. Additionally, Congress passed several key pieces of legislation including the Clean Air Act, Clean Water Act, and Endangered Species Act.

All of these US and global environmental initiatives led the need for greater transparency in supply chains. Companies began to be required to disclose the chemicals and ingredients in their products. This type of transparency evolved into different directions to such areas as conflict minerals. Of course, consumers played a role as well through their purchasing power and decisions. Many purchasers of consumer products did not want to purchase products which contained dangerous chemicals or damaged the environment. Miller believes all of this is “really the background that led us to where we are today and what is driving a lot of action and what’s really kind of garnered the ethos of the population.”

All of the above led to supply chain risk emerging as a business continuity risk. From investments in physical plants and facilities outside the US, to other issues of sourcing, labor controls and business practices, have all become key risks in your supply chain. Yet when there is overseas manufacturing there may not be any way to regulate these dangers to consumers or end users. What Miller observed is that “in reaction to all of this regulators and policymakers started to think and they came to the conclusion that what we can regulate is the product and the supply chain which produces that product and the components that were used to produce that product.” It is from this perspective that a compliance response to “supply chain risk really started to develop and there has been a surge over the last 10 years.”

Miller said understanding industry standardization has led to a series of best practices for managing supply chain compliance, you can see not only where supply chain compliance derived but also see where it may well be headed. He stated, “Everything you can think of from the chemical itself, to chemicals which are mixed together, to every single thing is produced from chemicals. It also includes the nut that goes inside the washing machine as well as the washing machine itself and all have disclosure initiatives”. Miller used the following to illustrate this point, “you have a bit of a diamond shape in the supply chain. There are a few people that do extractive. Next are those who turn the extractives into chemicals, which is a larger group. From there it goes into component manufacturing. And then those component manufacturers (also known as the Original Equipment Manufacturers [OEM]) then have to provide information. Basically, anybody that makes anything out of that washer or that nut, and they have to give you all the substance information you need globally.”

This means that every one of those OEMs is going to ask for information in their own format. A company could spend an inordinate amount of time responding to these information requests in non-standardized formats. A key component of supply chain risk management is taking these disparate forms of information and standardizing them across an entire supply chain or even industry. In this manner, there is one document that everybody can ingest or agrees is acceptable. Now you can communicate that to everybody and it gives you a fighting chance to be able to meet the requirements of all these various companies and all of these various industry sectors in silos.

This approach resonates with the business community because it ties two disparate strands  together. First, it allows companies to not only understand their legal obligations but respond to them as well. It also allows companies to move forward in a more business efficient manner. Miller concluded by noting the real advantage of effective supply chain risk management is “you are going to save a bunch of time, a bunch of money, a bunch of internal resources and that’s really what drives the business community to take these types of industry standardized approaches and these types of decisions.”

Join us tomorrow where we explore organizational impacts of compliance failures with Jared Connors. To receive more of the latest news and content on a variety of regulatory and supply chain data management topics click here and sign up for the Assent Compliance newsletter.

In this episode I take things in a bit of a different direction as I am interviewed by Sean Freidlin, Senior Product Marketing Manager, Compliance at Hanzo, on a project commissioned by Hanzo which became a part of the Hanzo Q1 2019 Compliance, Risk, and Regulations Research Roundup. Sean explains what the resulting white paper provides and then queries me on some of the deep dives I took into several areas.  Some of the highlights from the podcast include:

  • What is the Hanzo Q1 2019 Compliance, Risk, and Regulations Research Roundup?
  • The approach in writing the Roundup.
  • What were key macro highlights from the WEF Global risk Report 2019?
  • What were key micro business highlights from the Allianz Business Risk Barometer-Top Business Risks?
  • What are some of the key regulatory enforcement priorities going forward into 2019?
  • Where has compliance been over the past 18 months and where is it headed going forward?
  • Where listeners can go for more information.

To obtain a full copy of the  Hanzo Q1 2019 Compliance, Risk, and Regulations Research Roundup, click here.