webpage-graphicThe recent election of Donald Trump has thrown compliance professions to wonder, if not outright worry, about what the future may hold. What does the incoming administration have in store for the Foreign Corrupt Practices Act (FCPA), the compliance profession and the compliance community going forward? I recently explored some of these questions in a series of blogs. I also dedicated an entire episode of the Everything Compliance podcast to this issue.

Everything Compliance is my most recent podcast, where I bring together four of the top commentators on the FCPA, compliance and privacy issues from the US and UK. In a recent episode the podcast panelists, Mike Volkov, Matt Kelly, Jay Rosen and Jonathan Armstrong, together with myself, discussed and debated the effect of the President Elect and his nominee for Attorney General (AG), Jeff Sessions, on the FCPA, the Department of Justice (DOJ), the Securities and Exchange Commission (SEC), anti-corruption enforcement and compliance. What about issues more global, such as privacy and data security? What about international enforcement? These are just some of the initial questions we tackled.

As each of us had written on where we think the compliance discipline is headed, I wanted to assemble our collective writings together in an eBook for the greater FCPA compliance community. In the eBook I write about why I think FCPA enforcement is not only in the interest of the US as a country but also in the interests of US businesses. Mike Volkov writes about the FCPA and its enforcement from an ex-prosecutor’s perspective. Matt Kelly looks at both the DOJ and SEC under a Trump administration. Jay Rosen considers how businesses have incorporated compliance into standard business practices, which will not change no matter who is President. I pitched the idea of an eBook on our collective musings to Maurice Gilbert, Founder of Corporate Compliance Insights (CCI) and Managing Director of Conselium Executive Search, who immediately grasped its significance to the compliance community.

Gilbert stated, in the forward to the eBook, “The election of Donald Trump has caused us all to wonder — and worry– about what the future may hold for compliance professionals. To help answer these questions, five top commentators on the FCPA, compliance and privacy issues have crafted essays highlighting their initial reactions and predicting the election’s impact on FCPA enforcement, the compliance profession and compliance practice generally.

How did this conversation begin? Tom Fox’s “Everything Compliance” Podcast was the springboard for this continuing dialog. When we all woke up to a new world on November 9, 2016, Tom responded by asking leading compliance commentators what they think FCPA enforcement and compliance might look like under the new administration. Tom dedicated an entire podcast episode to these issues and wisely recognized the need to compile these experts’ early reactions and to share them — in an on-going way — with the greater compliance community.

As a leading voice in compliance, Tom will continue this conversation as the story takes shape. We look forward to sharing it with you.”

Yet Gilbert, in what can only be called an inspired request, said that as much as he wanted to publish the eBook, he wanted a continued dialogue by some of the top commentators in compliance on this subject going forward. So we have all agreed to continue the conversation.

So as the book cover says “Analysis, Predictions and the Occasional Rant from the Everything Compliance podcast.” Further, and to emphasize the ongoing nature of the dialogue, this volume is entitled Trump and Compliance, with the subtitle, “The Conversation is Just Getting Started…Part 1, It’s Not the Apocalypse (Yet)”.

 This means that every quarter or so, the Everything Compliance podcast gang will continue the discussion and CCI will publish the upcoming eBooks on the topic. It will be as Gilbert noted; analysis, predictions and the occasional rant. I hope you will join the Everything Compliance crew on this journey, along with Gilbert and his team at CCI.

To download a free copy of the eBook Trump and Compliance, click here.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Show Notes for Episode 31, week ending December 2, 2016-the Government Speaks edition

  1. Justice Department Assistant Attorney General Sally Yates remarks at 33rd annual ACI National FCPA Conference;
  2. Head of SEC Enforcement Andrew Ceresny remarks at 33rd annual ACI National FCPA Conference;
  3. Richard Bistrong interview of Barry Vitou on the future of the SFO, on the FCPA Blog;
  4. Release of new eBook on Trump and Compliance by the Everything Compliance podcast gang, published by Corporate Compliance Sights;
  5. Matt Ellis releases new book on The FCPA in Latin America;
  6. With help from US, Dutch enter the global fight against terrorism in a big way, see article by Geert Vermeulen, on the FCPA Blog;
  7. Bloomberg News is reporting a potential settlement by Brazilian & US authorities with Odebrecht for $2.5bn over corruption allegations unearthed in Operation Car Wash;
  8. Reflections on the First FCPA Mock Trial Institute;
  9. New DOJ site on Individual Accountability; and
  10. How ‘bout them 11-1 Cowboys and the impact of Gronk’s injury on the Patriots.

qtq80-AnPoaxMatt Stephenson, myself and others have engaged in a dialogue about where Foreign Corrupt Practices Act (FCPA) enforcement may be headed under the incoming administration. I have tried to focus on why compliance with anti-corruption laws, such as the FCPA, will not lessen. The discussions at ACI’s 33rd International Conference on the FOREIGN CORRUPT PRACTICES ACT (ACI-FCPA Conference) demonstrate why compliance will remain an important part of the business process of any US company doing business internationally.

The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have worked quite diligently to increase professionalism around anti-corruption enforcement in jurisdictions outside the US. At the ACI-FCPA conference Kara Brockmeyer, Chief, FCPA Unit, Division of Enforcement at the SEC, and Daniel Kahn, Chief, FCPA Unit, Fraud Section, Criminal Division at the DOJ, articulated an additional reason, which was the increase in international cooperation and enforcement.

Over the past few years, the DOJ and SEC have worked to create a network of international cooperation in the global war against bribery and corruption. In addition to forming liaisons, they have put on three conferences dedicated to the training of foreign prosecutors on investigations, best practices around anti-corruption compliance program and cooperation between countries in sharing of documents and other evidence. Both speakers remarked about the increased sophistication of foreign prosecutors in both investigations of bribery and corruption and in understanding compliance programs around anti-corruption laws.

While I had previously considered such training as a way for US authorities to garner relationships to assist US based FCPA investigations, both speakers talked about more joint and coordinated international investigations. This point towards to not only to parallel investigations but also coordinated resolutions. While the OECD is a large part of how the US makes such connections it is these formal trainings that have allowed US regulators to also make inroads into increasing prosecutions of such conduct.

Yet, in addition to this increased cooperation with US authorities, many other countries’ anti-corruption regulators are now actively prosecuting bribery and corruption as well. Obviously Operation Car Wash in Brazil is a prime example but the speakers pointed not just to increased assistance with the US but also enforcement, in the words of Brockmeyer, “going global”. She pointed towards two 2016 enforcement actions as prime examples.

As set forth in the SEC Press Release in the VimpelCom enforcement action there was cooperation from the following regulatory and enforcement authorities outside the US: “Public Prosecution Service of the Netherlands (Openbaar Ministrie), National Authority for Investigation and Prosecution of Economic and Environmental Crime in Norway (ØKOKRIM), Swedish Prosecution Authority, Office of the Attorney General in Switzerland, and Corruption Prevention and Combating Bureau in Latvia.  Other valuable assistance was provided by the British Virgin Islands Financial Services Commission, Caymans Islands Monetary Authority, Bermuda Monetary Authority, and Central Bank of Ireland, Estonia Financial Supervisory Authority (Finantsinspektioon), Comisión Nacional del Mercado de Valores (Spain), Latvian Financial and Capital Market Commission, UAE Securities and Commodities Authority, Banking Commission of the Marshall Islands, and Gibraltar Financial Services Commission.” The final resolution required VimpelCom to pay $167.5 million to the SEC, $230.1 million to the DOJ, and $397.5 million to Dutch regulators.

As set forth in the SEC Press Release in the Embraer enforcement action, the following regulatory bodies and enforcement agencies were involved: “the Brazilian Federal Prosecution Service, the Brazilian Federal Police, Brazil’s Comissão de Valores Mobiliários, the South African Financial Services Board, the Swiss Financial Market Supervisory Authority (FINMA), the Banco Central del Uruguay, the Spanish Comisión Nacional del Mercado de Valores, and the French Autorité des Marchés Financiers. In this matter the total fines and penalties paid by Embraer were pay a $107 million penalty to the Justice Department as part of a deferred prosecution agreement, and more than $98 million in disgorgement and interest to the SEC. Embraer received a $20 million credit on the amount of disgorgement based upon its payment to Brazilian authorities in a parallel civil proceeding in Brazil.”

Another interesting concept the speakers put forth was the one pie concept. They explained that increasingly, enforcement authorities were moving towards one total cost to anti-corruption violators which would be equitably split up by authorities where the corruption occurred or by the countries which had jurisdiction. Kahn said that companies who self-disclosed to multiple regulators and extensively remediated, along the lines laid out in the FCPA Pilot Program, were more likely to garner credit with US regulators for fines paid to overseas authorities. A contra example was Alstom, which tried to settle piecemeal with a variety of countries and entities such as the World Bank. Under this approach, Alstom did not received credit from US authorities for any of their other payments. For this, and other reasons, Alstom now stands at Number 2 on the Top Ten list of FCPA settlements, paying a whopping $772MM.

All of this means that the SEC and DOJ, together with the OECD, created an active and robust international anti-corruption enforcement regime, which is moving literally across the globe. Any US company doing business outside the US must have a compliance program in order to prevent, detect and remedy any corruption issues. Furthermore, if they want to receive the maximum credit from multiple regulatory bodies they will need such a best practices compliance program.

Indeed in some jurisdictions such a compliance program can be defense to a criminal charge against corporations if there are employees engaging in bribery and corruption. Yet even in the UK, where such a defense is available, a company must actually do compliance, not just have a paper program in place and call it a day’s work done.

All of this means doing compliance is even more important than ever and will be going forward. Even with a Trump administration.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Show Notes:

What is risk and how should it be evaluated? What is the data that should be reviewed to determine if an increase in sales is based on unethical or even illegal behavior? Finally, what happens when you migrate company personnel who have been involved in such illegal or unethical behavior to other locations, does their nefarious conduct spread throughout the organization or is it curtailed? In this episode Matt Kelly and I explore some of these questions and others.

Every Chief Compliance Officer (CCO) and compliance practitioner understands that the sales side of a business is where the highest risk is located because that is most generally the side of the business which generates the most money and potential profit. Yet looking at sales numbers are not something which compliance professionals will generally have access to as a part of a compliance program.

Sales spikes in low performing regions can and should be reviewed by a wide variety of disciplines within an organization, including compliance. One would think that companies would want to know and understand the reasons for any sales increase so that it could be determined if such strategies might work in other areas of a company’s operations. This is true for the compliance function as well. As far back as the December 2012, in the Eli Lilly Foreign Corrupt Practices Act (FCPA) enforcement action brought by the Securities and Exchange Commission (SEC), I raised the issue that a dramatic sales increase should be reviewed by compliance to determine if there were any corruption issues involved. This same logic works for sales in the US over products as benign as debit cards. Moreover, if you consider whether the issue should be reviewed by a Board of Directors, it certainly would be material for one state region going from worst to first in sales.

One CCO told me that every time he hears an employee who wins a sales award for making numbers wildly far above plan, he wonders what might have led to such remarkable attainment. Sales spikes is data that increasingly becomes more important for compliance to consider. Just as the Key Energy FCPA enforcement specifically mentioned transaction monitoring around massive increases in gift giving in a geographic region where sales had spiked.

qtq80-vTJzwGThe FCPA Guidance specifies that “a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its custom­ers, the laws that govern its actions, and the standards of its industry. In addition, compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.”

Continuous improvement requires that you not only audit but also monitor whether employees are staying with the compliance program. In addition to the language set out in the FCPA Guidance, two of the seven compliance elements in the US Sentencing Guidelines call for companies to monitor, audit, and respond quickly to allegations of misconduct. These three activities are key components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs.

One tool that is extremely useful in the continuous improvement cycle, yet is often misused or misunderstood, is ongoing monitoring. This can come from the confusion about the differences between monitoring and auditing. Monitoring is a commitment to reviewing and detecting compliance variances in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis across a wide spectrum of data and information.

Auditing is a more limited review that targets a specific business component, region, or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. However, you should not assume that because your company conducts audits that it is effectively monitoring. A robust program should include separate functions for auditing and monitoring. Although unique in protocol, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For instance, if you notice a trend of suspicious payments in recent monitoring reports from Indonesia, it may be time to conduct an audit of those operations to further investigate the issue.

Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. Many compliance practitioners understand you should be checking in routinely with local Finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. These ongoing efforts demonstrate that your company is serious about compliance.

Yet ongoing monitoring is not limited to the financial component of compliance. The Red Flag Group (RFG) has developed an ongoing monitoring approach for the human part of the compliance equation. This is through a cost-effective approach to email review through email sweeps. The concept is straightforward; at regular intervals you can sweep through your company email database for identified key words that can be flagged for further investigation, if required. The beauty of this approach is that does not require an extensive eDiscovery software tool or license purchase. It can be accomplished generally in two days or less. Also it is not limited to anti-corruption compliance but any of the risk factors identified for your company.

The objective of this approach is to ‘find the smoke’ which may be the evidence of a compliance breakdown (and related fire) by sweeping through emails is to uncover those that may contain real issues. From this starting point, you can assess and prioritize, by checking and verifying that there are issues worth investigating. From here you can identify the issues you want to investigate first. Further, and if warranted, you can invoke your investigation protocol, with all the requisite protections and securities.

In addition to the cost effectiveness of this approach, in that you are only paying for the services when you need them and as they are delivered, this approach satisfies the Tom Fox mantra of Document, Document, and Document because everything you have done can be verified and audited. Finally, as the regulators continue to evolve in their understandings and appreciation of a best practices compliance program, you will evolve your compliance program to a new level of detection that could well allow you to have a more robust prevent mode. When your compliance program has a strong prevent prong, it can be the most effective to stave off anything issues from becoming Foreign Corrupt Practices Act (FCPA) violations.

Continuous improvement through continuous monitoring will help keep your compliance program abreast of any changes in your business model’s compliance risks and allow growth based upon new and updated best practices specified by regulators. A compliance program is a continuously evolving organism, just as your company is continually improving its business processes. The FCPA Guidance makes clear the “DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered. Similarly, undertaking proactive evaluations before a problem strikes can lower the applicable penalty range under the U.S. Sentencing Guidelines. Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity of an organization, the idea behind such efforts is the same: continuous improve­ment and sustainability.”

For more information on the RFG email sweep monitoring program, please join me and my RFG colleague Juliet Lui for a webinar on this topic, Tuesday, December 6 at 10 CST. For more information and registration, click here.

TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016