I conclude my five-part series on the soft skills a Chief Compliance Officer (CCO) needs to employ when working through the remediation component of a potential Foreign Corrupt Practices Act (FCPA) compliance violation. I have been joined this week by Dan Chapman, well-known in the compliance community for his in-house compliance roles at Baker Hughes Inc. and his CCO roles at Parker Drilling and Cameron International. Today I will consider step five: post resolution.

If you have successfully navigated the four prongs of the Department of Justice’s (DOJ’s) 2016 FCPA Pilot Program of (1) self-disclosure; (2) extensive cooperation; (3) thorough remediation; and (4) profit disgorgement; you should have been able to make a resolution with the government. While you would certainly hope to achieve a declination with disgorgement, it may be there was a penalty assessed as well.

Whatever your result your company will, in all likelihood, be required to have ongoing reporting obligations to the government. This can be in the form of an independent monitor, retained to ensure adherence to the obligations set forth in the resolution documents, such as Deferred Prosecution Agreement (DPA), Non-Prosecution Agreement (NPA) or other forms of settlement. It can also be the company reporting to the government on its continuing remediation efforts after resolution. In this area, I want to focus on two aspects, transparency and feedback, as I believe they are inter-related and tie into the DOJ’s 2017 Evaluation of Corporate Compliance Programs (Evaluation).

In the area of transparency, this is something which should have overlaid your entire remediation effort and, indeed, your interactions with the government during the investigative phase. But this is not simply ‘opening the kimono’ to be open and honest with the government. In the post settlement phase this means having clear reporting lines for compliance. This is important so there is both accountability and action-ability. The accountability comes from know who to go to in an organization to implement and then enforce a compliance issue. In my final corporate position, that was one of the clearest requirements from our corporate monitor, demanding know who was responsible.

The corporate monitor wanted to know how compliance initiatives, monitoring and assessment were done on an ongoing basis, and he worked to assess that transparency. He made clear there should be not be any inconsistency between our company’s organizational charts, what supervisory lines would infer and what happened in practice. If there was an issue regarding the hiring of a third party, whether on the sales side or through the Supply Chain (SC), the monitor wanted to be able to go directly to the responsible person and determine if the compliance requirements had been fulfilled. He would do so via the written record and then follow up with an in-person interview. If the person interviewed had not done the appropriate compliance steps, it was immediately apparent.

This ties into the final topic noted by Chapman, feedback. When you consider the Evaluation’s emphasis on feedback through the questions it poses and the few public remarks of former DOJ Compliance Counsel Hui Chen; it is clear that not only must you ask substantive questions and obtain data, but you must use that data as well. Two of the topics found under Prong 9 of the Evaluation (Continuous Improvement, Periodic Testing and Review) are as follows: 

Control TestingHas the company reviewed and audited its compliance program in the area relating to the misconduct, including testing of relevant controls, collection and analysis of compliance data, and interviews of employees and third-parties? How are the results reported and action items tracked? What control testing has the company generally undertaken?

Evolving UpdatesHow often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries?

It is clear how important the DOJ considers this for any compliance program. For one just coming out of a FCPA enforcement action, it is even more critical.

Chapman emphasized this criticality in the post-settlement phase, noting, “you have to show that the feedback loop works by obtaining data through solid testing and taking corrective action based upon that data.” It is also critical that you actually “test your testing methods” to demonstrate that the validity of the data going into this feedback loop. Chapman noted that unfortunately “not a lot of people think about this,” but that it is critical. Chapman provided an example around the area of compliance training, stating “if you are using a questionnaire to assess the strength of training, you need to be able to show and demonstrate that your sample for gathering this data is sufficient. You simply did not ask five people about training when you’ve trained 2,000, that you did sample testing of at least, a reasonably appropriate percentage of trainees, and you need to be able to explain how you selected these trainees for their feedback and your survey methods used in developing and deploying the questionnaire.”

This type of information is clearly important when you begin your initial discussions with the government. Yet this requirement extends through the life of the enforcement action and into the post-settlement phase.  Chapman concluded by saying, “You do have to show that your input into that feedback loop has been sufficiently tested and that your data is solid.” It is not limited to training but in all areas of your compliance program, as expressed in the Evaluation.

As Chen stated, in an interview with Matt Kelly on his podcast Radical Compliance, “We wanted people to see that we put a lot of emphasis on evidence and data. Don’t just tell us that you have a hotline. Show us how you know it’s working and how you’re using the information that you gain from these hotlines. When you say you have a great compliance portal, don’t just show us screenshots of it. Show us the hit rates and how you use that data to help you refine how you communicate with your audience.” The same is true for the requirement of strong leadership by senior management and tone from the top. Chen related, “If you tell us you have a strong, talented top, show us what concrete actions your leaders have taken personally to demonstrate that. It’s not just some words that they say” but show the evidence. That is the essence of a feedback loop.

I hope that you have enjoyed this week-long exploration of some of the key soft skills needed in any compliance program remediation. There are many offerings on the technical aspects of performing an extensive remediation during a FCPA investigation, but I think this series demonstrates that the soft skills not taught in law school or business school are equally important. This is yet another reason it is critical for any company which is facing such a challenge to have top notch compliance talent in the CCO seat and compliance function. My other suggestion would be for you to get in contact with Dan Chapman.

 

Dan Chapman can be reached at jdanielchapman@gmail.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

In this episode I visit with James Koukios, a partner at Morrison and Foerster on the firm’s newsletter, Top Ten International Anti-Corruption Developments for May 2017. Our topics include:

  1. FCPA Assistant Chief BJ Stieglitz has been selected for detail to UK Financial Enforcement Authorities. We discuss how does a prosecutor work overseas, what this might mean for prosecutions going forward both in the US and UK and what is the relationship of the DOJ with its British counterparts?
  2. The DOJ has moved to terminate its DPA over Hewlett-Packard. We discuss what it means to have a DPA terminated and what is the role of the DOJ in this phase? We also consider what is the decision-making process if a DPA has to be extended due to continued or new conduct by a company under such an agreement.
  3. Finally, we consider some of the difficulties of some of the DOJ’s Challenges in Obtaining Foreign Evidence, through a recent ruling in Civil Forfeiture Case. On May 9, 2017, In the case of United States v. Prevezon Holdings Ltd., Southern District of New York Judge William H. Pauley III, ruled that certain evidence obtained by prosecutors from foreign sources was admissible in a civil asset forfeiture case, notwithstanding that the documents lacked the requisite certifications under the Federal Rules of Evidence. We consider the process for getting information from overseas; why it takes so long, what happens if it does not meet US evidentiary or even admissibility standards?

To see a full copy of the firm’s publication, Top Ten International Anti-Corruption Developments for May 2017, click here.

In this episode, Matt Kelly and I discuss the recent Second Circuit Court of Appeals decision in HSBC v. Moore. In this case a federal district court had ordered the release of redacted monitor’s report in the HSBC money-laundering Deferred Prosecution Agreement (DPA), based upon the request of an interested citizen. Both the Department of Justice (DOJ) and HSBC appealed the order and the Court of Appeals supported their position in overturning the trial court’s decision. The case is about a hook, line and sinker overturning of any trial court jurisdiction as one can have. The district court tried to claim it did not have the same role as a “potted plant” but the Court of Appeals left no doubt that is the only role it sees for any district court where a DPA is filed. We discuss the implications for the compliance practitioner, FCPA enforcement and any potential changes going forward.

I take a break from my series on the new standard for revenue recognition to honor George Romero who passed away this weekend. If you have watched any monster/zombie picture over the past 50 years, you have witnessed the influence of Romero. According to his obituary in the New York Times (NYT), Romero basically “created the modern zombie genre with his 1968 cult film, Night of the Living Dead, which has influenced generations of horror enthusiasts.” Romero went on to add installments to the “Dead” series, including Dawn of the Dead in 1979 (my personal Romero favorite) and Day of the Dead, released in 1985. The NYT reported that “film critic Roger Ebert called “Dawn of the Dead” “one of the best horror films ever made.’’”

Romero himself said in an interview with NPR, “I have a soft spot in my heart for the zombies. They are multipurpose, you can’t really get angry at them, they have no hidden agendas, they are what they are. I sympathize with them.” He felt vampires were more villainous so generally shied away from them, stating “I grew up on the famous monsters of film land, so to me they’ve just been the villains all along. There are a few sort of ‘O.K.’ vampires in the story, but most of them are the oppressors.” My suggestion is you sit down with the original Night, then move sequentially to Dawn and Day. It will be a rollicking good film fest.

Romero and his zombies seems like a good way to introduce todays topic of the recent Second Circuit Court of Appeals decision in HSBC v. Moore. In this case a federal district court had ordered the release of redacted monitor’s report in the HSBC money-laundering Deferred Prosecution Agreement (DPA), based upon the request of an interested citizen. Both the Department of Justice (DOJ) and HSBC appealed the order and the Court of Appeals supported their position in overturning the trial court’s decision.

As a part of its approval of the underlying DPA, the court had ordered “the parties “to file quarterly reports with the Court to keep it apprised of all significant developments in the implementation of the DPA”. The DOJ filed quarterly reports with the court apprising it of “the Monitor’s progress and findings.” The DOJ asked for these reports to be filed under seal and the court agreed to this request. A member of the public, Moore, then asked for the reports to be made public which the district court agreed to in redacted form.

The court of appeals made short shrift of the district court’s entire basis for its handling of the case and the release of the Monitor’s report, finding it did not have the power to even supervise the “implementation of the DPA in the absence of a showing of impropriety.” Since the trial court had no legal basis to exercise supervision over the implementation of the DPA, the trial court could have no role in the Monitor’s report. The Court of Appeals stated, “At least in the absence of any clear indication that Congress intended courts to evaluate the substantive merits of a DPA or to supervise a DPA’s out‐of‐court implementation, the relative functions and competence of the executive and judicial branches counsel against” any role for the trial court. The Court of Appeals concluded, “In sum, because the district court has no freestanding supervisory power to monitor the implementation of a DPA, the Monitor’s Report cannot be deemed “relevant to the performance of the judicial function” on that basis.”

That is about a hook, line and sinker overturning of any trial court jurisdiction as one can have. The district court tried to claim it did not have the same role as a “potted plant” but the Court of Appeals left no doubt that is the only role it sees for any district court where a DPA is filed. Indeed the Court of Appeals held the trial court did not have the authority to order the government to even file the Monitor’s report with the trial court.

One Court of Appeals judge concurred with some interesting comments. Judge Pooler, adding his comments to those trial court judges who have bemoaned not only their non-existent roles in DPAs (i.e. potted plants) but also the complete lack of transparency and oversight by the court in their implementation, stated “The prosecution retains sole discretion to decide if the corporation adequately complied with the agreement, allowing the prosecution to act as prosecutor, jury, and judge”. He went on to state “I respectfully suggest it is time for Congress to consider implementing legislation providing for such review.” He cites to a 2014 bill introduced in the House of Representative which would “among other things, require the development of public, written guidelines for DPAs; require the text of DPAs to be placed on a Justice Department website; and require DPAs to be submitted to district courts for review.”

For any of those readers who might think this Congress would be able to pass such legislation, I would suggest you sit down with Romero’s trio of zombie movies Night of the Living Dead, Dawn of the Dead and Day of the Dead. You will have a much better chance of living through all three movies than Congress actually doing something.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

This week, Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories, including:

  1. HSBC monitor report protected from release. See article in Reuters by clicking here.
  2. The Odebrecht scandal continues to resonate across South America. See Dick Cassin’s post in the FCPA Blog.
  3. The first half of 2017 has brought the final resolutions of only two FCPA matters from the new administration, but they were both declinations. Both declinations have significantly strengthened the FCPA Pilot Program as a clear path forward for every company that finds itself in FCPA hot water. See Tom’s article in Compliance Week.
  4. Roy Snell says it’s not who’s who but who gets it. See article in SCCE Compliance and Ethics Blog.
  5. Tom announces the rollout of the Compliance Podcast Network. It includes This Week in FCPA, FCPA Compliance Report, Compliance Report-International Edition, 12 O’Clock High, Unfair and Unbalanced, Compliance into the Weeds, Across the Board, Everything Compliance, One Month to a More Effective Compliance Program. See Tom’s article in the FCPA Compliance and Ethics Blog.
  6. The next Everything Compliance podcast is in production. Topics include Walter Shaub’s departure from OGE and does it even matter? Jesse Eisinger’s book The Chickenshit Club; the SFO, UK Bribery Act and the Rolls-Royce enforcement action; differences in DPA practice in the US & UK; Trump Administration & FCPA enforcement; EU’s GDPR; and Hui Chen’s departure from Justice Department; both her public rebuke of Trump, and the substance of how she believes her guidance has been mis-interpreted. Part I will go up on Thursday, July 20.