TrainingIn a recent Slate article, entitled “Ethics Trainings Are Even Dumber Than You Think, author L.V. Anderson railed against what she termed box-checking training where companies put on training not to actually train employees but simply to check the box that training has occurred. She also spoke against “dumbed-down nature of most compliance courses”.

Certainly recognizing that inane training is simply that – inane training, Anderson missed the larger picture of what constitutes a best practices compliance program. Training is one part of a larger component of how companies manage their compliance with laws, regulations and, most importantly, the ultimate barometer of their value – their corporate reputation through compliance. The role of compliance in corporations was born in 1992 with the enactment of the US Sentencing Guidelines, which laid out the initial standards for corporate compliance and ethics programs, of which training is one part. It was only after these Sentencing Guidelines were put into effect that corporations moved to create Codes of Conduct to publicly state their values.

These Sentencing Guidelines provide a very general outline of what would constitute an effective compliance program. In the latest amendments to the Sentencing Guidelines, in 2010, the stated purpose of training is to “(6) Training – Conduct effective training programs and otherwise disseminate information to ensure that the board of directors, high level personnel and other employees with substantial authority receive information about the standards, procedures, and other aspects of the compliance program”.

One of the most significant areas of the law, where the government has provided specific guidance on compliance programs including training, is the 2012 publication entitled “FCPA – A Resource Guide to the U.S. Foreign Corrupt Practices Act”, which was issued jointly by the Criminal Division of the Department of Justice (DOJ) and the Enforcement Division of the Securities and Exchange Commission (SEC). This FCPA Resource Guide provided the government’s views on what constituted an effective compliance program under the Foreign Corrupt Practices Act of 1977 (FCPA) in the form of the Ten Hallmarks of an Effective Compliance Program.

Hallmark No. 5, Training and Continuous Advice, which says, in part, “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been com­municated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” This Hallmark goes on to state that training should be appropriate for the risk of the persons being trained and tailored to the situations they might find themselves at risk in for their company.

Whether you consider the language of the Sentencing Guidelines or the much more specific FCPA Resource Guide, the proper context to review ethics and compliance training is as a part of an overall holistic approach to compliance and ethics, compliance can be seen in its proper role as a communication tools. The reason a company puts on compliance training is not to solely stop unethical or non-compliant conduct. The role of training is to communicate the standard of values the company wants to set forth.

The training itself should be tailored to risks involved with those employees receiving the training. My wife works at a major oilfield service company in Houston, as an SAP integration specialist in the IT department. The risk that she could engage in non-compliant, unethical behavior, that could put her company at legal risk, is relatively low. So basic training for her on the company’s ethical values is an appropriate reminder.

However, in the same company there are thousands of employees who are in positions oversees which are at much higher risk for non-compliant behavior, particularly under the FCPA. For those employees more focused, specific and in person training is the preferred method. So more than simply asking is something illegal, such training would focus on the specific requirements under the law, what an employee should do if a foreign government official demands a bribe and how to seek help or report such conduct through the company hotline.

Training is not and never has been the all-encompassing way to stop illegal or even non-compliant, unethical conduct. It should be seen as a part of the overall corporate compliance program. Enron is the prime example that simply having one part, the Enron gold standard Code of Conduct and even training on that Code of Conduct, is not enough. It all starts at the top with the tone from the top. If your top management are crooks, in the case of all the former Enron senior managers who are now convicted felons, that speaks to the tone management creates. No rule, regulation, company policy or certainly compliance training should get in the way of the next deal.

Yet even after management sets an appropriate tone, that tone must be communicated to the employees. A corporate Code of Conduct sets out the general values and the policies and procedures lay the specifics of how employees can comply with laws, regulations and ethical concepts. After this communication, a company must set out appropriate incentives and discipline (carrots and sticks) to reinforce these behaviors. Finally, there should be internal controls baked into to all of this, which not only reinforces these concepts but also allows a corporate compliance department to monitor compliance to hopefully prevent any incidents before they become violations and detect them if they occur.

Anderson does get one thing right. If a company is putting on training simply as “just a form of legal ass-covering” then it is probably the type of company which does not put a high value on doing business either (1) ethically or (2) in compliance with existing laws. That alone puts a company in the Enron zone for compliance. Next, I will take a look at her claims about the dumbing down of compliance training.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Cuba 4-Managing the RelationshipToday, I continue my exploration of doing business in Cuba from the Foreign Corrupt Practices Act (FCPA) perspective. Yesterday, I made clear that anyone you do business with in Cuba is going to be a foreign official under the FCPA and it will apply to every interaction in which you engage in Cuba. Today I want to work through some of the implications of this and how you might protect your company going forward.

One of the interactions we had on the trip was with four Cuban lawyers. The initial thing that was apparent was their age, from 25-30. Much, much younger than most American firms would put in front of prospective clients or even allow to represent the firm in events. They were all very knowledgeable and enthusiastic about practicing law going forward.

There are three law firms in Cuba that are authorized to do work for foreigners and are owned by the Cuban government. This has several important implications for any foreign entity doing business in Cuba. From the FCPA perspective this means all interactions will be covered by the FCPA. From the attorney/client perspective, it could also be problematic. We did pose this question to each attorney present and they all said they had never been pressured to cede any information which you and I might consider confidential to the government but as the client, you need to understand who the ultimate owner of each law firm is in all of your dealings with any Cuban lawyers.

You will need some form of counsel or advisor to navigate the Cuban laws regarding investments by foreigners. Whether you utilize Cuban lawyers or some other group or entity, such as the Chamber of Commerce, a professor with expertise in the area or another advisor, you will have the same FCPA issue. All of these persons work for entities that are owned by the Cuban government.

Typically in the life cycle of third party management, you would perform background due diligence to determine if any of the owners or beneficial owners are politically exposed persons (PEPs). However, in Cuba, any person or entity of repute that you would consider as a trusted advisor already is an employee of the government; either as a government minister or some type of advisor, such as the lawyers we met with during our trip.

On the one hand, it does make things much clearer if the government does own the entity you select as an advisor. There is no question that the FCPA is involved but more importantly, there is no question that any of the monies generated by the law firm or other entity will be going to line the pockets of a government minister who has discretionary decision making authority over your business opportunity in Cuba. The profits generated by the law firm or other entity will be paid to the Cuban government.

However, due diligence is only one step in a five-step process to manage third parties under the FCPA. The first step is still a business justification. Here it may be somewhat easier as there are so few knowledgeable counselors available to your company to consult with on business opportunities in Cuba. Once again there are only three law firms approved to do legal work in Cuba for foreign entities. Step two in the process is the questionnaire, which is done to obtain basic information on who the owner and beneficial owner of your third party is, see if the person or entity is generally aware of the FCPA and anti-corruption compliance, see if they have received any type of training, have they been involved in any compliance related incidents and, finally, they agree to release any claims of privacy around such information requests.

While it may be apparent from the tenor of this blog post what the answers to most, if not all, of these areas of inquiry will be; I think there is an added purpose to this FCPA questionnaire. It is another step in the communication to the third party of your company’s expectations around FCPA compliance and a zero tolerance for bribery and corruption. Moreover, given the level of sophistication by Cubans around international anti-corruption legislation, the questionnaire process will most probably require detailed and lengthy explanations but you will have the opportunity for some serious education in not only what the FCPA requires but your company’s expectations.

The next iteration in the five-step process is the contract. The FCPA Guidance specifies some minimum compliance terms and conditions which should be included in any contract with a third party consultant. These compliance terms and conditions include audit rights; training requirements around the FCPA and other anti-corruption laws; representations that the consultant will abide by the FCPA and other anti-corruption laws; and ensuring that payments requested by consultant have the proper supporting documentation before they are approved for payment. I would also add that you should include language which makes a FCPA incident a material breach of contract; full cooperation by the consultant with any FCPA investigation and possibly an indemnity for FCPA violation.

All of these compliance terms and conditions are going to be new to any consultant you retain in Cuba, law firm or other. You will need to explain why they are required and how they may be invoked. Many persons and entities outside the US, when they are first confronted with these compliance contract requirements, are insulted, mistakenly thinking you are saying they will engage in bribery and corruption. This can be a delicate educational process but one which you will have to patiently explain.

All of this leads to the final step in the five-step process but one that I have come to believe may well be the most important step; managing the relationship after the contract is signed. I think it is self-evident that you will need to put on your own FCPA compliance training, as there will be no local assets of experts you can retain. While all of the lawyers we met with spoke very good English, my suggestion would be to put on the training in Spanish for more complete understanding by the participants. This means a translator or Spanish speaking FCPA expert (here think of FCPAmericas blog founder Matt Ellis) will be needed.

Finally, you need to consider the payment terms. The FCPA Guidance says that you should look at “how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business.” The FCPA Guidance also specifies, “Moreover, companies may want to confirm and document that the third party is actually performing the work for which it is being paid and that its compensation is commensurate with the work being provided.” This may be hard because there is no historical data for you to compare other than the standard hourly rates charged by the three Cuban law firms for general corporate work.

The FCPA Guidance makes clear that compensating a third party for commercial services rendered is acceptable and well within the parameters of the FCPA. What companies will have to do is to document all of the steps I have laid out. The Fox Mantra of Document, Document, and Document will play out as strongly for any company doing business as anywhere in the world; perhaps even more so. Due to the very unique nature of the Cuban economy the pressure maybe greater for step five, aka managing the relationship after the contract is signed. Finally, you will have to communicate and educate your Cuban business partners on your obligations under the FCPA and the obligations they will find themselves under when they do business with an American or other foreign company subject to the FCPA.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016