I am excited to announce at Compliance Week 2017 the publication of my latest book 2016-The Year in Corporate FCPA Enforcement: Cardinal and Provident, published by Compliance Week. In it I take a look the most prolific year in FCPA enforcement and what it means for the compliance practitioner.

We have never seen and may well never see again a year of FCPA corporate enforcements as we did in 2016. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) combined twenty-seven corporate enforcement actions and nearly $2.48bn in total fines and penalties, the highest since the statute’s enactment in 1977. The vast majority of that amount, some 90 percent, was generated by a few very large and significant FCPA enforcement actions involving the following entities: VimpelCom, Och-Ziff, Embraer, JPMorgan, Odebrecht/Braskem, and Teva. While these cases all involved substantial, company-wide bribery schemes, which led to their massive penalties, the majority of 2016’s FCPA enforcement actions involved relatively small-to-medium-sized penalties which involved less systemic, routine bribery schemes. Yet these smaller cases usually provided some of the most interesting fact patterns, which can be studied by chief compliance officers (CCOs) and compliance professionals to help prevent and detect bribery in their organizations.

What do these enforcement actions signify? More importantly what are the lessons to be drawn from these cases for compliance going forward? What about the FCPA Pilot Program, what does it portend for the future. Finally I consider the public comments of the regulators around FCPA enforcement and compliance. You can parse the facts and figures but if you want to understand what 2016 means going forward for the compliance profession, this is the book for you. If you are a compliance professional, this is the single must have  book around the the most prolific year in FCPA enforcement history.

You can purchase of copy of the book, from Compliance Week by clicking here.

If you are attending Compliance Week 2017, drop by the Compliance Week booth for an autographed copy!

 

In this second of a two-part series, we conclude the panel’s discussion of the first 100 days of the Trump administration as it relates to compliance. This episode concludes with the panelists’ rants.

  1. Matt Kelly opens with a discussion of regulatory enforcement under the Trump administration, how the ‘Trump Effect’ is negatively impacting corporations, industry responses to deregulation issues and lays down some markers around compliance issues under the new administration.

For Matt Kelly’s posts see the following:

Compliance in the Trump Era: More Markers Placed

Trump Administration Whacks Telco Firm for $892 Million

Drone Industry Pan Trump’s Regulatory

Trump Risk Disclosures Start Rolling In

First SEC Whistleblower Award of Trump Era

Sessions Dodges, Weaves, Promises on FCPA

  1. Mike Volkov rounds out the discussion with a review of where the DOJ is currently under AG Sessions, remarks by DOJ officials on FCPA enforcement, the future of the Pilot Program and DOJ Compliance Counsel, Hui Chen.

For Mike Volkov’s posts see the following:

Yates, AG Sessions and Individual Criminal Prosecutions

New E-Book — Moving the Goalposts: The Justice Department Redefines Effective Compliance

FCPA Remediation Focus on Supervisory Personnel

FPCA Pilot Program Motors On

 

For the Cordery Compliance client alerts see the following:

EU conflicts minerals compliance legislation 

DOJ Evaluation of Corporate Compliance: how does it compare to UK Bribery Act 2010?

 

For Jay Rosen’s posts see the following:

 Still in the Enforcement Business and Evaluation of Corporate Compliance Programs

“It Was the Best of Times, It was the Worst of Times,” or “Ignorance is Strength”

 

For Tom Fox’s posts see the following:

The Trump Administration-Kaos is Bad for Business

The Trump Administration-Failures in Leadership and Management

The Trump Administration-Preparing for a Catastrophe

The Trump Administration-the Business Response

DOJ Enforcement of the FCPA and the International Fight against Corruption in the Trump Administration

 

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com

This episode is the first of a two-part series of podcasts dedicated to the first 100 days of the Trump administration as it related to compliance. Today we have Jonathan Armstrong and Jay Rosen. Next week Matt Kelly and Mike Volkov.

  1. Jonathan Armstrong leads a discussion of the Trump administrations devolution of Privacy Shield, GDPR and what they mean for American companies doing business in the UK and EU. He discusses the key differences in the DOJ’s Evaluation of Corporate Compliance Programs in an FCPA analysis and under the Bribery Act, differences in the EU approach to conflict minerals and under the Trump Administration and concludes by giving us his thoughts on what Brexit means for compliance.

For the Cordery Compliance client alerts see the following:

EU conflicts minerals compliance legislation 

DOJ Evaluation of Corporate Compliance: how does it compare to UK Bribery Act 2010?

BREXIT Glossary

  1. Jay Rosen considers what companies the intersection of business and politics under the Trump administration, the business response he has observed to Trump administrations steps and miss-steps, the comments made by DOJ representatives at Q1 conferences and the vibe of compliance conference attendees.

For Jay’s posts see the following:

 Still in the Enforcement Business and Evaluation of Corporate Compliance Programs

“It Was the Best of Times, It was the Worst of Times,” or “Ignorance is Strength”

 For Matt Kelly’s posts see the following:

Compliance in the Trump Era: More Markers Placed

Trump Administration Whacks Telco Firm for $892 Million

Drone Industry Pan Trump’s Regulatory

Trump Risk Disclosures Start Rolling In

First SEC Whistleblower Award of Trump Era

Sessions Dodges, Weaves, Promises on FCPA

For Mike Volkov’s posts see the following:

Yates, AG Sessions and Individual Criminal Prosecutions

New E-Book — Moving the Goalposts: The Justice Department Redefines Effective Compliance

FCPA Remediation Focus on Supervisory Personnel

FPCA Pilot Program Motors On

For Tom Fox’s posts see the following:

The Trump Administration-Kaos is Bad for Business

The Trump Administration-Failures in Leadership and Management

The Trump Administration-Preparing for a Catastrophe

The Trump Administration-the Business Response

DOJ Enforcement of the FCPA and the International Fight against Corruption in the Trump Administration

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com

Show Notes for Episode 51, for the week ending May 5, the Cinco de Mayo Edition

Over some breakfast tacos and Mexican coffee, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss:

  1. Uganda considers a demand side response to corruption. See Tom’s article in Compliance Week. What are the rationales for anti-corruption legislation? See Tom’s post on the rationales underlying the FCPA on the FCPA Compliance Report.
  2. Why due diligence investigations still need the human element. See Scott Shaffer’s article in FCPA Blog.
  3. Kara Brockmeyer joins Debevoise & Plimpton LLP. See Tom’s article in the FCPA Blog.
  4. What has been the fate of whistleblowers at Wells Fargo. See James Stewart considers in his Common Sense column in the New York Times.
  5. Federal jury convicts former Guinea mining minister of laundering bribes. See article in the FCPA Blog.
  6. Astros lead the AL with the second best record in baseball. What does Tony Parker’s injury mean for the Spurs/Rockets playoff series?
  7. The Financial Reporting Council (FRC) investigates KPMG on its audits of Rolls Royce for the firm’s failure to detect bribes paid by the company. See article in the FCPA Blog.
  8. Listeners to this podcast can received a discount to Compliance Week 2017. Go to registrationand enter discount code CW17TOMFOX.

 

 

Today, I conclude my review of FCPA enforcement actions that involved the corporate hiring function. From these three cases I have considered, it is clear that HR must be involved in compliance and if HR hiring controls are over-ridden there must be an appropriate consideration of the risk management issues.

In November 2016, JP Morgan Chase (JPM) and its subsidiary, JPMorgan Securities (Asia Pacific) Limited (JPM-APAC) resolved its FCPA matter, obtaining a NPA from the DOJ with a penalty of $72MM, agreeing to a Cease and Desist Order (“Order”) from the SEC, with a penalty consisting of profit disgorgement and interest of $135MM, and reaching an agreement with the Federal Reserve Bank (Fed) for a Consent Cease and Desist Order (Fed Order) to put in place a best practices compliance program and pay a penalty of $61MM. The total fines and penalties paid by JPM for its violation of the FCPA was $268 MM.

The conduct involved JPM-APAC’s Client Referral Program, named the “Sons & Daughters Program” (Sons and Daughters), which targeted children of high Chinese government officials and employees of state-owned enterprises, other close family members and even close friends and associates of foreign officials and employees of state-owned enterprises for hiring in a blatant attempt to win business. It was designed, created and implemented by the top management of JPM-APAC, which went so far as to keep a tally of those persons hired by JPM-APAC and JPM tied to specific business development. As noted in the NPA, “certain senior executives and employees of (JPM-APAC) conspired to engage in quid pro quo agreements with Chinese officials”. The language quid pro quo is replete throughout the settlement documents because that is the specific language used by JPM-APAC personnel when discussing Sons and Daughters.

These actions led to over $100MM in profit to JPM. While JPM was certainly aware that many of these hires did not meet the companies stringent hiring requirements, there never seemed to be oversight of this illegal program or even investigation into the clear red flags presented by the company’s actions. What is more JPM knew the high-risk in hiring family members of foreign officials as far back as 2001 and indeed, had a written policy prohibiting such conduct. However, in 2006, this program morphed into a targeted program “directly attributable linkage to business opportunity”, and lasted until 2013. Over seven years, over 100 family members went through the program, with parents in more than 10 different Chinese government agencies. The program extended from new hires to summer internships to lateral hires.

JPM-APAC tracked the metrics of Sons and Daughters, the with “a spreadsheet that tracked hires to specific clients, while also tracking revenue attributable to those hires.” This spreadsheet was so detailed that it delineated “columns for each hire, the referring client, the relationship of the candidate, and the amount of revenue generated attributable to the hire in U.S. dollars.” Finally as noted in the NPA, a of the purpose of this level of documentation “was to track deals that resulted from the hires and measure revenue associated with Client Referral Program hires.” So the corruption scheme and the benefits obtained therefrom were fully documented.

The Son and Daughters program began as a FCPA risk management tool and listed five requirements to be considered for hire at JPM-APAC: “(1) whether the applicant was qualified for the position; (2) whether the applicant had gone through the normal interviewing process; (3) whether the referring client/potential client was government-related; (4) whether the firm was actively pitching for any business from the client/potential client; and (5) whether there was an “expected benefit to JPMorgan” for hiring the referred candidate.” These criteria were designed to act as internal control to prevent illegal hiring under the FCPA but it morphed into a program to disguise the true reason for these hires.

Worse, it appears that both the HR and compliance functions were complicit in the scheme to violate the FCPA because on at least one instance where the JPM-APAC business unit sponsor noted on the form “[t]he hiring of this candidate will place JPMorgan in a more favorable position for securing future business from the client.” This business justification morphed into the next iteration, “The candidate will be trained by JPMorgan for couple of years and then go to local bank. Thus, will bring more business”; all because the company’s compliance and HR functions “instructed the JPMorgan-APAC employee to remove the offending language, writing, “[h]iring of the candidate should not be for the purposes of securing future business of the firm. Please remove.” Further damning to the JPM-APAC compliance and HR functions was that of the more than 200 candidates hired through the Sons and Daughters program, none were rejected by either HR or compliance.

In addition to the tying of business to the hiring’s under the Sons and Daughters program, there was the additional problem that these hires did not meet JPM’s basic hiring and retention standards. According to the Order, one JPM-APAC representative described those hired under the program “as a protected species requiring [senior management] input. His reporting line to you is accountable but like national service.” Both the Order and NPA were replete with document evidence that the hires under Sons and Daughters did not meet minimum hiring standards and they often failed to meet minimum standards for retention at the company. The Box Score is a summary from the NPA of some of the candidates which clearly did not meet JPM hiring standards, yet who were hired and where such hires under the Sons and Daughters program brought benefits to JPM.

 

Foreign Official or SOE employee Reasons for hire Candidate deficiencies Deficiencies as JPM employee Benefit tied to hire
Client 1 Maintain good relationship with client $4.82MM profit
Client 2 Quid pro quo for business JPM-APAC lead underwriter on IPO
Client 3 Not very impressive, poor GPA Attitude issue. He doesn’t seem to care about work. Don’t need to have an intern doing nothing JPM-APAC lead underwriter on IPO
Client 4 Promised IPO work Not qualified for job at JPM. Tech and quantitative skills ‘light’ Communication skills and interest in work lagged his peers JPM-APAC lead underwriter on IPO. $23.4MM profit
Government Official 1 Father would go the extra mile to help JPM Worst business analyst candidate ever seen Immature, irresponsible and unreliable. Sent out sexually inappropriate emails JPM-APAC lead underwriter on IPO
Government Official 2 Hire would ‘significantly’ influence role of JPM-APAC Unlikely to meet hiring standard New York not comfortable with his work. Recommends he follow a different career path JPM-APAC lead underwriter on IPO

 

One thing that the resolution decidedly does not stand for is the proposition that a company can never hire a family member of a foreign official or employee of a state-owned enterprise. Indeed, it was one JPM-APAC compliance officer (albeit a new one) in 2013 who stopped the entire Sons and Daughters program with the following reason for denying a family member a position at the company, writing, “I’m afraid from an anti bribery [sic] and corruption standpoint, we cannot create positions to accommodate client requests….”. This statement clearly shows that when an official refers a family member for hire, a red flag should go up. It also demonstrates why compliance should be involved in any high-risk endeavor. If there is no position which the candidate can fill based upon their own qualifications at your company, that should be the end of the discussion, full stop.

What are the criteria compliance can advise to HR to operationalize the compliance issues in hiring? There are three questions I suggest be used to analyze the hiring of a family member of foreign official or state-owned enterprise. They can also be installed as internal controls.

  1. Does the candidate meet your firm’s hiring criteria?
  2. Did the foreign official whose family member you are considering for hire demand or even suggest your company hire the candidate?
  3. Has the foreign official made or will make a decision that will benefit your company?

If the answer to the first question is “No” and the second two “Yes”, you may well be in a high-risk area of violating the FCPA. You should investigate the matter quite thoroughly and carefully. Finally, whatever you do, Document, Document, and Document your investigation, both the findings and the conclusions.

These questions can be set up as internal controls. This is another example of how a company can operationalize compliance and burn it into the fabric and DNA of an organization. Further, it provides another level of oversight or “a second set of eyes” on the hiring process around hires that are high-risk under the FCPA or other anti-bribery/anti-corruption regime such as the UK Bribery Act.

Three Key Takeaways

  1. Never institutionalize your illegal conduct.
  2. Develop a set of HR internal controls around hiring and compliance.
  3. Always put a second set of eyes on any exceptions granted.

 

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.