While dodging black cats, walking under open ladders and looking into broken mirrors, Jay Rosen and myself are back on this Friday the 13thto take a look at some of the top compliance stories from the past week.

  1. Want to take a deep dive into the Credit Suisse FCPA enforcement action? Check out Tom’s 3-blog post series (Part I, Part IIand Part III) and Mike Volkov’s two-part series (underlying factsand lessons learned).
  2. What’s the best way to use data to detect corruption? Enestor Dos Santos, principal economist at BBVA Research writes in Global Anti-Corruption Blog. For the full BBVA Research report clickhere.
  3. Did FCPA enforcement pick up in Q2? William Garrett explores this question in WSJ Risk and Compliance Journal.
  4. Romania’s president removes chief anti-corruption prosecutor. Radu-Sorin Marinas reports in Reuters.
  5. Tony Hayward (yes, that Tony “I want my life back” Hayward) will lead Glencore’s corruption investigation. What could go wrong? Harry Cassin explores in the FCPA Blog. Is Glencore pushing the corruption risk envelope too far? David Pilling opines in the Financial Times. (sub req’d)
  6. Does AI create or simply expose ethical dilimmmas? (Hint-it’s all about the data). Vera Cherepanova explores this question in the FCPA Blog.
  7. The second half thebriberyact.com guys; Richard Kovalevsky QC leaves Chambers to move to Stewart’s. Waithera Junghae reports in GIR. (sub req’d)
  8. Are the administration’s moves against ZTE part of a larger all out trade war strategy against China and/or the rest of the world? Louise Lucas explores this question in the Financial Times. (sub req’d) New management says compliance is the top priority. See report in com.
  9. Tone at the top really does matter. PapaJohn Chairman (and former CEO) resigns from Board after using racial slur in con call with vendor. Vendor fires PapaJohn’s as client. See report in Wall Street Journal.
  10. Uber finally gets a CCO but loses its head of HR. Greg Bensinger and Sadie Gurman report in the WSJon the hire. Bensinger reports on the resignation of the head of HR in WSJas well.
  11. The Red Sox have the best record in baseball at the All-Star break. Can they avoid yet another collapse? Jay and Tom debate.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Last week Credit Suisse Group AG (CSAG) and Credit Suisse (Hong Kong) Limited (CSHK), a subsidiary of CSAFG, settled a Foreign Corrupt Practices Act (FCPA) enforcement action for just over $77 million for the illegal hiring of family members and close personal friends of Chinese government employees and employees in Chinese state-owned enterprises. CSHK obtained a Non-Prosecution Agreement(NPA) from the Department of Justice (DOJ) and CSAG entered into an agreed Cease and Desist Order(Order) with the Securities and Exchange Commission (SEC). Collectively, they paid a criminal fine to the DOJ in the amount of $47 million and disgorgement to the SEC in the amount of $24.9 million with interest of $4.8 million for a total to the SEC of $29.8 million.

The FCPA enforcement matter was concluded with a substantial positive for CSAG given its conduct surrounding the affair. CSHK employees worked actively to circumvent, over-ride and hide their actions; clearly indicating the intent to provide benefits to foreign government officials in return for significant benefits. I have been considering this FCPA enforcement, lessons to be learned for the compliance practitioner and how CSHK was able to garner such a superior NPA result. Today I conclude with some of the factors which led to the DOJ giving a 15% discount on the criminal penalty and steps companies should take around the hiring of family members of foreign government officials and employees of state-owned enterprises.

Even with the intentional acts of CSHK, the (very) bad facts outlined in the prior posts, CSAG obtained what can only be described as a superior result in CSHK receiving a NPA and the US entity agreeing to a Cease and Desist Order. This enforcement action is now one of three from the spring of 2018 which demonstrates the effect of the new FCPA Corporate Enforcement Policy, announced in late November 2017, and the new anti-piling on policy announced in May 2018. The other two enforcement actions were the Declination issued to Dun & Bradstreet, Inc. and the Deferred Prosecution Agreement (DPA) obtained by Panasonic Avionics Corporation. The DOJ and SEC have made clear the benefits to a company which cooperates and remediates, even if they do not so fully and they do not self-disclose the FCPA violation.

The Result

CSHK did not receive any credit for self-disclosing the FCPA violations and “because neither it nor CSAG voluntarily and timely disclosed to the Offices the conduct described in the Statement of Facts”. However, CSHK did receive “partial credit for its and CSAG’s cooperation with the Offices’ investigation, including credit for conducting an internal investigation, making factual presentations to the Offices, voluntarily making foreign-based employees available for interviews in the United States, producing documents to the Offices from foreign countries in ways that did not implicate foreign data privacy laws, providing translations of foreign language documents, and collecting and presenting evidence to the Offices”. Tellingly, it did not receive full credit for its cooperation “because its cooperation was reactive, instead of proactive.”

CSHK did institute significant remediation, including:

(1)   adopting additional compliance internal controls related to their hiring programs;

(2)   implementing procedures in the Asia Pacific region in 2013, and globally in 2015, to ensure the identification of and anti-corruption vetting for all candidates referred for employment by foreign government officials and employees of state-owned enterprises;

(3)   requiring all candidates for employment to be screened by an independent service for connections to government officials, SOE employees and other “politically exposed persons” and verifying the efficacy of this screening;

(4)   requiring additional post-hire controls on employees linked to foreign government officials and employees of SOEs, such as ring fencing them from work involving such officials and SOE employees and requiring compliance personnel to track their performance;

(5)   requiring and conducting periodic reviews of hiring controls, and developing procedures for the regular evaluation of hiring controls;

(6)   conducting yearly headcount reviews to ensure accurate record-keeping concerning hiring; and

(7)   requiring improved FCPA and anti-corruption training for all staff, including job-specific training for bankers, recruiters, human resources, and compliance personnel.

Yet here CSHK did not receive full credit as it did not discipline those within the organization who “engaged in the misconduct, and instead only recorded policy infractions internally and provided notices of infractions”. For all of the above and some other efforts, the company did receive a 15% discount off the bottom range in the Sentencing Guidelines. It is also important to note that the SEC stated in its Order, “Respondent acknowledges that the Commission is not imposing a civil penalty based upon the imposition of a $47 million criminal fine as part of Credit Suisse’s settlement with the United States Department of Justice.”

Going Forward

It is incumbent to note that there is nothing illegal in the hiring of family members of foreign government officials or employees of SOEs. What is illegal under the FCPA is intentionally hiring a family member or close personal friend to influence a decision maker at a foreign government or SOE to confer a benefit. If the answer to that question is yes, then the FCPA is impacted. That benefit can be a new contract, contract renewal, tax benefit, confidential inside information or the wide variety of other conduct which constitutes a benefit under the FCPA.

Moreover, there is nothing in the FCPA which makes illegal or prevents the hiring of a family member or close personal friend of a foreign government official or SOE employee. Admittedly, such a hiring may be more high risk and require greater risk management but there is nothing which prevents any business from such hires. The key is that the hiring goes through the standard hiring process.

It all starts with the hiring criteria. If a candidate does not meet your company’s educational or professional standards for hiring, they should not be considered – full stop. There should not be any waivers or exceptions granted unless it is for a technical position that the candidate is uniquely suited for, all of which must be documented. If such a candidate is hired then they must be ring-fenced from working on any matter related to their family member who is a foreign government official or SOE employee.

What is the criteria Compliance can advise HR on to implement and operationalize the compliance issues in hiring? There are three questions I suggest be used to analyze the hiring of a family member of foreign official or SOEs. They can also be installed as internal controls.

  1. Does the candidate meet your firm’s hiring criteria?
  2. Did the foreign official whose family member you are considering for hire demand or even suggest your company hire the candidate?
  3. Has the foreign official made or will make a decision that will benefit your company?

If the answer to the first question is “No” and the second two “Yes”, you may well be in a high-risk area of violating the FCPA. You should investigate the matter quite thoroughly and carefully. Finally, whatever you do, Document, Document, and Document your investigation, both the findings and the conclusions. Furthermore, these questions can be set up as internal controls. This is another example of how a company can operationalize compliance and burn it into the fabric and DNA of an organization. Additionally, it provides another level of oversight or “a second set of eyes” on the hiring process around hires that are high-risk under the FCPA.

I hope you have enjoyed this short series on the CSAG FCPA enforcement action. For an enforcement south of $100 million there was quite a bit to unpack and more to learn for the compliance practitioner.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

In this episode I podcast favorite James Koukios returns to discuss some of the highlights from the Morrison and Foerster newsletter on Top Ten International Anti-Corruption Developments for April 2018. Some of the highlights include:

  • D&B Declination for FCPA violations-how did the company get such a great result?
  • IMF “Steps Up” Engagement on Governance and Corruption. On April 22, 2018, the IMF announced that its Executive Board had endorsed a new framework for “stepping up” engagement on governance and corruption in its member countries. What does this mean for companies?
  • Individual prosecutions continue related to PDVSA. What does this mean, together with the tightening sanctions against Venezuela for US companies still trying to do business in that country or stuck it out hoping for regime change.
  • Aruban Official and Florida-based Telecom Executive Plead Guilty in Connection with Bribery Scheme. Use these guilty pleas to discuss the bookends of corruption; bribe payor and bribe receiver. How does the DOJ look at this problem and what tools are available to prosecutors?
  • Areas of the globe in which companies currently doing business need to take a close look at their operations. I have suggested South African and Malaysia. Are there others the DOJ might be looking at?.
  • As an added feature we move to a current event, the news of a Subpoena issued to Glencore by the Justice Department, in part related to a FCPA investigation. We consider what delivery of a Subpoena means from the DOJ and company perspective.

For the full Morriston and Foerster April Top Ten International Anti-Corruption Developments for April 2018, click here.

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive back into the proposed changes to the SEC Whistleblower program in light of Digital Realty Trust and the new administration.

The major proposed changes include the following:

  1. More bounty payments for smaller settlements;
  2. A cap on the top end awards of $30 million, no matter how great the settlement;
  3. Requirement that for the purposes of Dodd-Frank Whistleblower anti-retaliation protection, any information must be submitted in writing; and
  4. A widening of the SEC’s discretion to award whistleblower claims based on public information using independent evaluation and analysis.

We unpack of all these points and consider the implications for corporate compliance programs.

For more reading: see Matt’s piece On SEC Whistleblower Reforms

Has Uber turned over a new leaf? For its business in London and globally it certainly should hope so. As reported in a New York Times (NYT) article, entitled “Uber’s Latest Big Test: London”, Adam Satariano wrote about the company’s attempt to overturn its loss of license to do business in one of its biggest markets outside the US. The matter, which was heard in London’s Magistrates’ Court and, as noted by Satariano, “has ramifications far beyond London, and, given changes the city has already wrung from Uber, it could embolden others grappling with how to regulate ride-sharing services. The ruling will offer a hint as to whether governments and regulators are becoming more receptive to Mr. Khosrowshahi’s conciliatory efforts as he seeks to move past the brusque manner associated with his predecessor”.

Uber lost its license in September 2017, barely one month in to the tenure of current chief executive, Dara Khosrowshahi. The ruling was made by Transport for London (TfL), the agency that oversees the city’s underground, buses and taxicabs, declaring that Uber was not sufficiently “fit and proper.” This ruling was based on the conduct of the company under its prior CEO Travis Kalanick. In a statementreleased at the time TfL said, “Uber’s approach and conduct demonstrate a lack of corporate responsibility in relation to a number of issues which have potential public safety and security implications.” The regulator went on to state, “TfL considers that Uber’s approach and conduct demonstrate a lack of corporate responsibility in relation to a number of issues which have potential public safety and security implications. These include:

  • Its approach to reporting serious criminal offences.
  • Its approach to how medical certificates are obtained.
  • Its approach to how Enhanced Disclosure and Barring Service (DBS) checks are obtained.
  • Its approach to explaining the use of Greyball in London – software that could be used to block regulatory bodies from gaining full access to the app and prevent officials from undertaking regulatory or law enforcement duties.”

Uber’s UK team in place at the time of the ruling immediately attacked the ruling as discriminatory and prejudiced towards the London black-cab drivers, who are both highly regulated and highly trained. This team shortly was replaced and Uber then took a more conciliatory approach. The conciliatory approach was continued by the new CEO Khosrowshahi who said in a tweet at the time, “that Uber was “far from perfect” and urged city regulators to work out a solution with the company.” Yet even Khosrowshahi threw in that “3.5mm Londoners depending on us” in the same tweet.

Satariano quoted André Spicer, a professor at the Cass Business School at City, University of London, who has been tracking the case, who said, “The trial is one of the first big tests of Khosrowshahi’s leadership of the company and new approach. The judgment will show whether authorities are willing to accept Uber with some of the harder edges knocked off, or whether there are more fundamental questions about the Uber model.”

Uber has worked to remediate the issues raised in the underlying license revocation. Uber has “introduced limits on how long a driver may continuously be behind the wheel, offered tools to report incidents to the police, and agreed to share traffic data with the city. A new management team was installed to run the company’s London operations, while three independent executives were recruited to a board that oversees operations in Britain.” Immediately after the underlying ruling, Khosrowshahi flew to London and met with regulators to try and begin the repair of the company’s reputation. That in and of itself was a breath of fresh air from the prior CEO.

On Tuesday the Magistrates’ Court ruled in favor of Uber, granting it a provisional 15 month license to operate in London. According to Alistair Smout, reporting in Reuters, said “Judge Emma Arbuthnot said that while Uber had not been fit and proper when that decision was made, an overhaul of its policies in the subsequent months had changed its position. “(Uber) has provided evidence that it is now a fit and proper person… I grant a licence to ULL (Uber London Limited),” she said in her judgment. The judge granted Uber a 15-month “probationary” licence to operate.” London Mayor Sadiq Khan said that it was “clear that the court ruling was no carte blanche for Uber in London.” In a tweet he said, ““No matter how big or powerful you are, you . he said in a tweet. Uber has been granted a 15-month licence to operate in London – but with a clear set of conditions that TfL will closely monitor and enforce.”

One of the most interesting requirements laid upon Uber by the Magistrates’ Court was that Uber must have “an independent assurance audit report every six months.” For this requirement I would suggest Uber engage an independent monitor which would oversee all the requirements laid down by the Magistrates’ Court, similar to the position of a Monitor in Foreign Corrupt Practices Act (FCPA) cases where their role is to report to the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) a company’s progress in implementing the mandated compliance solution agreed to in any settlement documents.

The London hearing was a huge test for Uber and pulled out all the (remedial) stops to garner its license to do business in London back. It is not only true for Uber’s biggest market in Europe but no doubt regulators across the globe were watching the hearing to see if Uber has truly turned a cultural corner and they can be seen as an ethical corporate citizen. For the US market, this hearing is the beginning of a crucial test of steps Uber must take if it wants to go public. Two critical steps it still must take are to hire a Chief Compliance Officer (CCO) and Chief Financial Officer (CFO). Without these positions filled, Uber may well have trouble certifying anything close to a Sarbanes-Oxley (SOX) certification or even giving the investment community comfort that it can move forward with appropriate corporate processes to facilitate both profitability and survival.

Equally important is the role a fulltime CCO would play. The CCO would help lead not only the efforts to reform and revamp the company but would work to continually improve the company’s compliance regime. This would benefit far more than compliance because given the data driven nature of Uber’s business model, that same data could be used for both compliance and to make the company run more efficiently and in compliance.

As a consumer, I am a huge fan of Uber. I have used it multiple times during my most recent trips. I always chat with the Uber drivers about their experiences with the company. They are 99% positive as is my experience as a customer. Yet Uber must get the culture right and then the regulatory response right to move forward from even a hugely success start up to a well-established player in the global transportation market. I hope they do so as I find their services to be such a positive experience. The Magistrates’ Court ruling will go a long way towards answering this and other questions about whether the company’s culture has truly changed.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018