VolunteersThere are times when the universe converges in some of the oddest coincidences. It happened one day last week when two members of the original Jefferson Airplane lineup died on the same day. Most people familiar with what my teenaged daughter would call Classic Rock know the name Paul Kantner and his role in co-founding the band, Jefferson Airplane. As reported in his New York Times (NYT) obituary, “seen as the intellectual spokesman for the group, with an ideology reflected in his songs, that combined anarchic politics, an enthusiasm for mind-expansion through LSD and science-fiction utopianism.” Kantner wrote some of their top songs, including Today, Young Girl Sunday Blues and my personal favorite (Woodstock version) Volunteers. He also wrote Wooden Ships with Stephen Stills and David Crosby, which described a group of people escaping a postapocalyptic society to create its own freedom in a time and place unknown.

The second founding member of Airplane is much less well known. Signe Toly Anderson was the original female vocalist for Jefferson Airplane. As reported in Consequence of Sound, an online publication, Anderson joined Jefferson Airplane shortly after their formation in 1965 and sang on their debut album, Jefferson Airplane Takes Off. She left the band following the birth of her first child, due to an unwillingness to tour. Grace Slick replaced her and the Airplane had their classic lineup in place. In a statement another Airplane co-founder, Marty Balin said, “One sweet Lady has passed on. I imagine that she and Paul woke up in heaven and said ‘Hey what are you doing here? Let’s start a band’.”

While I did not purchase all the Airplane studio albums and listen to them as I did when The Eagles co-founder Glenn Frey died last month, I did purchase a couple and grooved out to them over the weekend. One of the clear things expressed to me was the evocative song writing, in a word communication. I have been thinking about communication in compliance programs, specifically around hotlines since I read an article in the most recent edition of Harvard Business Review (HBR) by James R. Detert and Ethan R. Burris, entitled “Can Your Employees Really Speak Freely?” One of the key points from the article was the need to focus on communications throughout your organization; both up and down the line.

They stated the problem, as they saw it, was that while leaders try “to make it easier for employees to share ideas and concerns-they usually end up doing the opposite.” They cited two key reasons: (1) fear of retaliation and (2) lack of responsiveness. They provided a list of several programs and policies that a company could implement which they believed might address these shortcomings. I found their list useful for a Chief Compliance Officer (CCO) or compliance practitioner to consider in not only their whistleblower program but as greater communications enhancements in any company.

Make feedback a regular, casual exchange 

This means get out and meet with the troops. The authors suggest, “Schedule regular meetings with your employees, and don’t cancel every time you don’t have an agenda. In fact, you might occasionally announce that the top item on the agenda will be employee feedback. Tell people in advance what sort of conversation you’ll be having (a brainstorming meeting, for instance, or a planning session), and explain the kinds of problems or possibilities you want to discuss.” Equally important is that you actually implement an appropriate suggestion from such meetings, i.e. bonus points giving credit to the employee who suggested it.

Be transparent 

For a CCO or compliance practitioner, one of the most important things you bring to any employee interaction is credibility. Part of this credibility is in being transparent. The authors suggested a transparent timetable for triage, implementation and feedback. They noted, “Spelling out guidelines and commitments up front made contributing feel less daunting and futile to employees.”

Reach out 

This is more than simply the ‘duh’ moment of getting out of the office. It means to seek out new ideas and new opinions. Yet the authors had a fresh slant on it when they said, “When you do ask for feedback, go to the people who know something you don’t. The folks in your immediate network probably are similar to you in background, perspective, and knowledge—so branch out. Counteract the all-too-common norm of expecting new people to quietly fit in until they understand “how we do things around here.” New people can tell you how other organizations operate and will have a fresh perspective on your firm’s strengths and weaknesses.”

Soften the power cues 

Power can not only squelch communications but can kill it outright. Coming from the energy industry, with its hierarchical nature, I certainly understand the power dynamic. Here the authors are concerned with the symbols and vestiges of power, down to things like the office setting. Of course, there is always the concern when you are seen going into the CCO office so the authors suggest, “take steps to make your guests feel more comfortable. Add a small table with chairs of the same size and quality so that when someone comes to talk, you can sit together. Table shape matters, too. It’s usually easy to guess who has the most power at an oval or a rectangular table, but there’s no “head” at a round table. And consider your attire: Do you really need a tie for meetings with the creative team? You want employees to feel you’re one of them.”

Avoid sending mixed messages 

If you beat up people who present ideas, people will stop presenting them to you. Moreover, if you put constraints on the size and dimension of information that can be presented to you, it may well be seen as a negative signal. The authors wrote, “Even informal “blue-sky” sessions were stifled by reminders to use the company’s standard PowerPoint template and adhere to rules about maximum words per slide, which reinforced the feeling that people needed to stay within certain bounds.”

Be the example 

This does not mean, as Chevy Chase intoned in Caddyshack to be the ball; but instead means advocate for those who bring suggestions. As the authors stated, “Employees feel inspired when they see you advocating for them. That message came through quite clearly when we spoke with people at a real estate firm.” If you cannot advocate for them, explain to them why you cannot do so.

Close the loop 

Feedback, feedback and feedback. One of the surest ways to close down employee input is not to provide feedback or as the authors said, “If you don’t want people to think their ideas went straight to the trash can, make sure you tell them what you did next and what they can expect as a result. In surveys of more than 3,500 employees in multiple companies, we found that bosses’ failure to close the loop increased subordinates’ belief that speaking up was futile by 30%. But if managers had closed the loop in the past, their reports spoke up 19% more frequently—even after we accounted for any increase that happened simply because managers were perceived as open, interested, and willing to make changes.”

While the authors overall attack on hotlines was certainly not merited, they did provide some solid suggestions for any two-way street of communications. The techniques they posit are useful for any compliance practitioner who is communicating up or down the chain.

While you are thinking about it, check out this YouTube clip of Jefferson Airplane playing Volunteers at Woodstock.TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Golden Gate BridgeToday, we celebrate one of the greatest engineering achievements of the century. On this date in 1937, the Golden Gate Bridge opened. At 4200 feet long, it was at the time the world’s longest suspension bridge. But not only was it an engineering and architectural milestone, its aesthetic form was instantly recognized as classical and to this day is one of the most iconic structures in the US if not the world. With just a few years until its 80th birthday, it demonstrates that a lasting structure is more than simply form following function but contains many elements that inform its use and beauty.

I use the Golden Gate Bridge as an entrée to my continued discussion on the series on steps that you can use in your compliance program if you find yourself, your company or your industry in an economic downturn. Whether you are a Chief Compliance Officer (CCO) or compliance practitioner, these steps are designed to be achieved when you face reduced economic resources or lessened personnel resources going forward due to a downturn your economic sector. Yesterday, I discussed mapping your current and existing internal controls to the Ten Hallmarks of an Effective Compliance Program so that you can demonstrate your compliance with the Foreign Corrupt Practices Act’s (FCPA) internal control prong to the accounting procedures. Today I want to discuss the issues surrounding the inevitable layoffs your company will have to endure in a downturn.

In Houston, we have experienced energy companies laying off upwards of 30% of their workforce, both in the US and abroad. Employment separations can be one of the trickiest maneuvers to manage in the spectrum of the employment relationship. Even when an employee is aware layoffs are coming it can still be quite a shock when Human Resources (HR) shows up at their door and says, “Come with me.” However, layoffs, massive or otherwise, can present some unique challenges for the FCPA compliance practitioner. Employees can use layoffs to claim that they were retaliated against for a wide variety of complaints, including those for concerns that impact the compliance practitioner. Yet there are several actions you can take to protect your company as much as possible.

Before you begin your actual layoffs, the compliance practitioner should work with your legal department and HR function to make certain your employment separation documents are in compliance with the recent SEC v. KBR Cease and Desist Order regarding Confidentiality Agreement (CA) language which purports to prevent employees from bringing potential violations to appropriate law or regulatory enforcement officials. If your company requires employees to be presented with some type of CA to receive company approved employment severance package, it must not have language preventing an employee taking such action. But this means more than having appropriate or even approved language in your CA, as you must counsel those who will be talking to the employee being laid off, not to even hint at retaliation if they go to authorities with a good faith belief of illegal conduct. You might even suggest, adding the SEC/KBR language to your script so the person leading the conversation at the layoff can get it right and you have a documented record of what was communicated to the employee being separated.

When it comes to interacting with employees first thing any company needs to do, is to treat employees with as much respect and dignity as is possible in the situation. While every company says they care (usually the same companies which say they are very ethical), the reality is that many simply want terminated employees out the door and off the premises as quickly as possibly. At times this will include an ‘escort’ off the premises and the clear message is that not only do we not trust you but do not let the door hit you on the way out. This attitude can go a long way to starting an employee down the road of filing a claim for retaliation or, in the case of FCPA enforcement, becoming a whistleblower to the Securities and Exchange Commission (SEC), identifying bribery and corruption.

Treating employees with respect means listening to them and not showing them the door as quickly as possible with an escort. From the FCPA compliance perspective this could also mean some type of conversation to ask the soon-to-be parting employee if they are aware of any FCPA violations, violations of your Code of Conduct or any other conduct which might raise ethical or conflict of interest concerns. You might even get them to sign some type of document that attests they are not aware of any such conduct. I recognize that this may not protect your company in all instances but at least it is some evidence that you can use later if the SEC (or Department of Justice (DOJ)) comes calling after that ex-employee has blown the whistle on your organization.

I would suggest that you work with your HR department to have an understanding of any high-risk employees who might be subject to layoffs. While you could consider having HR conduct this portion of the exit interview, it might be better if a compliance practitioner was involved. Obviously a compliance practitioner would be better able to ask detailed questions if some issue arose but it would also emphasize just how important the issue of FCPA compliance, Code of Conduct compliance or simply ethical conduct compliance was and remains to your business.

Finally are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming.

The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you layoff the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.

Just as the Golden Gate Bridge provides more to the human condition than simply a structure to get from San Francisco to Marin County, layoffs in an economic downturn provide many opportunities to companies. If they treat the situation appropriately, it can be one where you manage your FCPA compliance risk going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

 

The symbol of Venice is the Lion of St. Mark. The use of this symbol led to the maxim ‘straight from the lion’s mouth’. This adage came about because the Republic of Venice had its own hotline system where citizens could report misconduct. A citizen could write down his concern on paper and literally put the message into the mouth of statues of lion heads placed around the City. This system was originally set up to be anonymous but later changed to require that a citizen had to write his name down when submitting a message.

I thought about this early form of hotline and how its use portended the hotline systems used today to help companies identify compliance issues which might arise under an anti-corruption law such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Obviously the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) recognize the importance of an internal company reporting system, such as a hotline. In the FCPA Guidance it states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation. Companies may employ, for example, anonymous hotlines or ombudsmen.” I have often heard Chief Compliance Officers (CCOs) speak about how they are able to not only hear about but address employee’s concerns through confidential reporting where it is clear there will be no tolerance for retaliation.

So, once again, using Venice as inspiration for a compliance topic, today I would like to review some best practices regarding a compliance hotline.

  1.  The hotline should be developed and maintained externally. It seems axiomatic that em­ployees tend to trust hotlines maintained by third parties more than they do internally maintained systems. Through the submitting of reports via an external hotline there is a perceived extra layer of anonymity and impartiality compared to a sys­tem developed in-house. A third party provider is also more likely to bring specialist expertise that’s difficult to match within the organization.
  2. The hotline supports the collection of detailed infor­mation. As with most everything else, information is power. If a CCO can gather and re­cord information throughout a complaint life cycle, the company will have greater insight into the situation and a company can protect itself more effectively from accusations of negligence or wrongdoing. A hotline reporting system should provide consolidated, real-time access to data across all departments and locations, plus analytic capabilities that allow you to un­cover trends and hot spots. All reported materials should be consolidated in one comprehensive, chronologi­cally organized file, so a CCO can monitor ongoing progress and make better, more informed decisions.
  3. The hotline must meet your company’s data retention poli­cies. Retaining data in a manner consistent with your internal data retention policies is important. A hotline should offer a secure, accessible report retention database, or you may be faced with making your own complicated and costly arrangements for transmitting and storing older reports to a permanent storage location.
  4. The hotline should be designed to inspire employee confidence. Retaliation or perceived unfairness to those making hotline complaints will destroy the effectiveness of the internal reporting process and poison the corporate culture. A hot­line must be seen to offer the highest levels of protection and anonymity. To encourage employee participation, the hotline should allow them to bring their concerns directly to some­one outside their immediate chain of command or workplace environment – especially when the complaint concerns an immediate superior. The hotline should also enable employees to submit a re­port from the privacy of an off-site computer or telephone. It may seem like a small convenience, but giving employees the freedom to enter a complaint from a location that is safe can make a huge difference to participation rates.
  5. The hotline offers on-demand support from subject matter experts. Opening lines of communication can bring new issues to your compliance group. It is therefore important that once those reports are entered into the system, a person or function has the responsibility to follow up in a timely manner. One of the biggest mistakes you can make is to sit on a hotline complaint and let the employee reporting it fester. Additionally, with the short time frames set out in the Dodd-Frank Whistleblower timelines for resolution before an employee can go the SEC to seek a bounty, the clock is literally clicking.
  6. The hotline provides inbuilt litigation support and avoidance tools. A company must make certain that its hotline is preconfigured to meet the legal requirements for document retention, at­torney work product protection procedures, and attorney privilege. Developing these tools in-house can add signifi­cantly to your costs, and maintaining a hotline without one exposes your organization to unacceptable risk.
  7. The hotline supports direct communication. A hotline should open the lines of communication and give you a di­rect sight-line into the heart of your company. Look for a system that enables you to connect directly, privately, and anonymously with the person filing a complaint. Direct communication also signals to employees that their complaints are being heard at the highest levels.

Like other risk management issues, hotlines must also be managed effectively after implementation and roll-out. Here are some practical tips which will help you make your hotline an effective and useful tool.

Get the word out. If employees do not know about the hotline, they will not use it. Allocate a portion of your time and budget to promoting the corporate hotline through multiple channels. Put up posters and distribute cards that employees can keep in their wallets or desk drawers. Deliver in-person presentations where possible. And do not think of the promotional initiative as a one-time effort. It is important to remind employees regularly, through in-person communications, via e-mail, or through intranets, newsletters, and so on, that this resource is available to them. Some hotlines offer promotional materials to help make the job easier; make sure you ask what type of promotional support may be available.

Train all your employees. Getting employees to use the system is one half of the challenge; ensuring they use it properly is the other half. This is where training becomes essential. Make sure people understand what types of activities or observations are appropriate for reporting and which are not. HR and compliance staff will need training too, to help them understand how the hotline impacts their day-to-day activities. Company leaders also need to understand the role the hotline plays in the organizational culture, and the importance of their visible support for this compliance initiative.

Take a look at the data. Use the data derived from or through the hotline to identify unexpected trends or issues. Examples might be what percentage of employees use the hotline and what issues are they submitting? A healthy hotline reporting system will yield reports from .5 to 2 percent of your employee base. If your reporting patterns are higher or lower, it may indicate mistrust of the hotline, misuse, or a widespread compliance issue. Isolate the data by location and department to identify micro-trends that could indicate problems within a subset of your corporate culture. Analyzing the data can help you stay a step ahead of emerging issues.

Response is critical to fairness in the system. Seeing a hotline system in action in this way can go a long way toward dispelling employee fears of being ostracized or experiencing retaliation because if they see that their concerns are heard clearly and addressed fairly, they will learn to view the hotline as a valuable conduit. If your compliance group responds promptly and appropriately to hotline complaints, you can ensure robust participation and ongoing success. Even when a complaint proves to be unfounded, it can still provide an opportunity to open a dialogue with employees and clear up any misunderstandings. Responding to reported issues also gives compliance officers a chance to prove that issues can be resolved or addressed while protecting the privacy and anonymity of the whistleblower.

As my stay in Venice draws to an end, I am reminded how much the western world has to thank the Republic of Venice for. From the forms of republican democracy that the US Founding Fathers drew from to helping to establish a world-wide trade and banking system which still reverberates today. But, if you look closer, ancient Venice had many good government techniques which also still inform the modern world. Straight from the lion’s mouth to your company’s compliance hotline is just one of them.

A most Happy Thanksgiving to all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

The second day of Hanson Wade Oil and Gas Supply Chain Compliance conference in Houston packed as much solid information into it as did the first day. One of the sessions dealt with utilizing other corporate functions to assist a compliance department in implementing or enhancing a compliance program. There are many resources which currently exist inside your organization and if you are in the position where you must use internal rather than external resources, this post will detail some of the functions which you may be able to call upon inside your organization.

You should start with a basic approach which the speaker termed “Get Out of the Ivory Tower”. He explained that the compliance department must obtain realistic input from geographies, cultures, business units and corporate functions within the company. As he rather succinctly put it to the audience “A procedure which may work in Texas may not work in Indonesia.” He also counseled to train in local languages. This may mean more than translating your talk into one language. He gave the example of his training in Spain where he had dual translations going, from English into Spanish and Catalan.

Part of this translation issue led to his next point, which was not to believe your own story or even worse, your own propaganda. Simply because a Country Manager says something is true means does not mean that it is true. Internal controls, monitoring and auditing are important to test that you are actually doing compliance rather than simply saying you are in compliance.

In determining what other departments might be able to assist the compliance function, the speaker suggested that you should start with three inquiries. They were:

  1. What can yours do? This is the initial assessment that you need to make about what your compliance department can do. What are your resources and budget? Start with this question.
  2. What can theirs do? In looking around your company, next ask this question. What are the functions of the departments? Are there things that they are currently doing which can supplement the compliance function? Are there functions in that department’s core function which can assist the company in the doing of compliance?
  3. How many employees does each of you have? An obvious concern is the number of employees that are available to assist the compliance function.

What are some of the other corporate functions that might assist the compliance department going forward? An obvious starting place is Human Resources (HR). The speaker listed several areas in which HR can bring expertise and, in my experience, enthusiasm to the compliance function. Some of the reasons include the fact that HR is physically located at or touch every site in the company, globally. HR is generally seen as more approachable than many other organizations in a company, unfortunately including compliance. A person’s first touch point with a company is often HR in the interview process. If not in the interview process, it is certainly true after a hire is made. Use this approachability.

Obviously, HR has several key areas of expertise, such as in discrimination and harassment. But beyond this expertise, HR also has direct accountability for these areas. It does not take a very long or large step to expand this expertise into assistance for compliance. HR often is on the front line for hotline intake and responses. These initial responses may include triage of the compliant and investigations. With some additional training, you can create a supplemental investigation team for the compliance department.

Clearly HR puts on training. By ‘training the trainers’ on compliance you may well create an additional training force for your compliance department. HR can also give compliance advice on the style and tone of training. This is where the things that might work and even be legally mandated in Texas may not work in other areas of the globe; advice can be of great assistance. But more than just putting on the training, HR often maintains employee records of training certifications, certifications to your company’s Code of Conduct and compliance requirements. This can be the document repository for the Document, Document Document portion of your compliance program.

Internal Audit is another function that you may want to look at for assistance. Obviously, Internal Audit should have access to your company’s accounting systems. This can enable them to pull data for ongoing monitoring. This may allow you to move towards continuous controls monitoring, on an internal basis. Similarly, one of the areas of core competency of Internal Audit should also be internal controls. You can have Internal Audit assist in a gap analysis to understand what internal controls your company might be missing.

Just as this corporate function’s name implies, Internal Audit routinely performs internal audits of a company. You can use this routine job duty to assist compliance. There will be an existing audit schedule and you can provide some standard compliance issues to be on each audit. Further, compliance risks can also be evaluated in this process. Similar to the audit function are investigations. With some additional training, Internal Audit should be able to assist the compliance function to carry out or participate in internal compliance investigations. Lastly, Internal Audit should be able to assist the compliance function to improve controls following investigations.

A corporate IT department has several functions that can assist compliance. First and foremost, IT controls IT equipment and access to data. This can help you to facilitate investigations by giving you (1) access to email and (2) access to databases within the company. Similar to the above functions, IT will be a policy owner as the subject matter expert so you can turn to them for any of your compliance program requirements which may need a policy that touches on these areas. The final consideration for IT assistance is in the area of internal corporate communication. IT enables communications within a company. You can use IT to aid in your internal company intranet, online training, newsletters or the often mentioned ‘compliance reminders’ discussed in the Morgan Stanley Declination.

Finally, do not forget your business teams. You can embed a compliance champion in all divisions and functions around the company. You can take this a step further by placing a Facility Compliance Officer at every site or location where you might have a large facility or corporate presence. Such local assets can provide feedback for new policies to let you know if they do not they make sense. In some new environments, a policy may not work. If you company uses SAP and you make an acquisition of an entity which does not use this ERP system, your internal policy may need to be modified or amended. A business unit asset can also help to provide a push for training and communications to others similarly situated. One thing that local compliance champions can assist with is helping to set up and coordinate personnel for interviews of employees. This is an often over-looked function but it facilitates local coordination, which is always easier than from the corporate office.

There are many ways to implement or enhance a compliance program in a company. If you do not have the luxury of creating an entire compliance department with an unlimited budget, you may be able to call upon other areas of corporate expertise to facilitate your role. Do not be an Ivory Tower.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

I often write about what can happen to companies who run afoul of the Foreign Corrupt Practices Act (FCPA). Usually enforcement actions focus on companies and not individuals. However, as is often pointed out by commentators other than Mitt Romney, corporations are not humans but consist of people. It is individuals who engage in conduct that violates the FCPA, just as it is individuals who engage in conduct which violates other US securities laws.

I was reminded of this in an article by Loren Steffy, of the Houston Chronicle, entitled “She offers cautionary tale for corporate employees”. In this article Steffy writes about Helen Sharkey, who worked for Dynegy Inc, a Houston company which was involved in energy trading and gas transportation. Sharkey was an accountant who worked on an assignment known as Project Alpha, which Steffy wrote was “a $300 million scheme that inflated Dynegy’s cash flow.”

In an interview with Steffy she told him that she was the lowest of seven employees assigned to the project. According to the Securities and Exchange Commission (SEC) Sharkey and others disregarded the company’s external auditor’s advice that certain forms of risk-hedging involving derivative instruments, such as commodity price swaps and interest rate swaps, would defeat Dynegy’s goal of accounting for Alpha as an ordinary operating contract and require recording it as a financing. As reported by Steffy, “If the banks didn’t have risk, it meant the deal was a loan and required different accounting treatment.”

While the Enron Corporation is the poster child for corporate fraud in Houston, three Dynegy employees went to jail over Project Alpha: Sharkey; Gene Foster, who was Dynegy’s Vice President of Taxation during the relevant period; and Jamie Olis, who was Dynegy’s Senior Director, Tax Planning and International. Foster received a sentence of 15 months in jail. Olis, who went to trial, received a whopping sentence of 24 years by the trial judge, although this was later reduced to six years.

What did Sharkey think about the deal at the time? As quoted by Steffy, “Did I feel in my gut that it was wrong? Absolutely. Did I think it was illegal? No way.” Unfortunately Sharkey did not apparently have a mechanism that she could use to raise this concern that was in her gut.

What are some of the lessons that current compliance practitioners can draw from Sharkey, Dynegy and Project Alpha?

Hotlines

One of the results from the actions that companies like Dynegy, Enron and others was the passage of Sarbanes-Oxley (SOX). SOX required publicly traded companies to set up anonymous hotlines to allow employees to report company wrong-doing. This is enshrined in the FCPA world as one of the Ten Hallmarks of an Effective Compliance Program as set out in the Department of Justice (DOJ)/ SEC FCPA Guidance. Under the section entitled “Confidential Reporting and Internal Investigation”, it states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation. Companies may employ, for example, anonymous hotlines or ombudsmen.”

Generally, employees tend to trust hotlines maintained by third parties more than they do internally maintained systems. By submitting reports through an external hotline there is a perceived extra layer of anonymity and impartiality compared to a system developed in-house. This is because there can be a fear of retaliation by employees. This fear can destroy the effectiveness of the internal reporting process and poison the corporate culture. The hotline must be seen to offer the highest levels of protection and anonymity. To encourage employee participation, the hotline should allow them to bring their concerns directly to someone outside their immediate chain of command or workplace environment – especially when the complaint concerns an immediate superior. A third party provider is also more likely to bring specialist expertise that’s difficult to match within the organization.

Failure to Escalate

In almost every circumstance where a significant FCPA compliance violation has arisen, if the issue had been reported or at least sent up the chain for consideration, there is a good chance that the incident would not have exploded into a full FCPA compliance violation. Matthew King, Group Head of Internal Audit at HSBC, calls this concept “escalation” and he believes that one of the more key features of any successful compliance program is to escalate compliance concerns up the chain for consideration and/or resolution.

This means that in almost every circumstance regarding a compliance issue he had been involved with, at some point a situation arose where an employee did not report a situation or event up to an appropriate level for additional review. This failure to escalate leads to the issue not reaching the right people in the company for review/action/resolution and the issue later becomes more difficult and more expensive to deal with in the company. A company needs to have a culture in place to not only allow escalation but to actively encourage escalation. This requires that both a structure and process for this must exist. Then the company must train, train and train all of its employees. Lastly, while a whistleblower process or hotlines are necessary these should not be viewed as the only systems which allow an employee to escalate a concern.

The starkest example of which I am aware of this failure to escalate in the FCPA arena is the Hewlett-Packard (HP) matter involving its German subsidiary and allegation of bribery to receive a contract for the sale of hardware into Russia. The Wall Street Journal (WSJ) has reported that at least one witness has said that the transactions in question were internally approved by HP through its then existing, contract approval process. That witness, Dieter Brunner, a contract employee who was working as an accountant on the group that approved the transaction, said in an interview that he was surprised when, as a temporary employee of HP, he first saw an invoice from an agent in 2004. “It didn’t make sense,” because there was no apparent reason for HP to pay such big sums to accounts controlled by small-businesses, Mr. Brunner said. He then proceeded to say he processed the transactions anyway because he was the most junior employee handling the file, “I assumed the deal was OK, because senior officials also signed off on the paperwork”.

Training

Why is training of employees regarding a hotline and the ability to escalate important in the context of an anti-corruption/anti-bribery compliance program? Training is recognized as one of the points in the Ten Hallmarks of an Effective Compliance Program and one of the elements under the US Sentencing Guideline’s Seven Elements of an Effective Compliance Program. It is also recognized in Principle 5 of the Six Principles of an Adequate Procedures compliance program as set out by the UK Ministry of Justice (MOJ). Lastly, it is recognized by the OECD in its 13 Good Practices for Internal Controls, Ethics and Compliance.

In the case of HP, think what position the company might be in today if Brunner had been trained on the company’s system for internally reporting compliance issues? If Brunner had escalated his concern that the payment to the agent “didn’t make sense” perhaps HP would not have been under investigation by governmental authorities in Germany and Russia. In the United States, both the DOJ and SEC have announced they are investigating the transaction, for potential FCPA violations. Further, HP is now investigating other international operations to ascertain if other commissions paid involved similar allegations of bribery and corruption as those in this German subsidiary’s transaction.

Dénouement

Steffy penultimate paragraph states, “her story lends insight into one of the most enduring questions that linger from a decade ago – how corrupt corporate cultures encouraged so many who considered themselves law-abiding citizens, to commit crimes, often without realizing it.” One of the things that I emphasize in training to employees is that if their guts turns in knots, the hair on the back of their neck stands up or if something doesn’t smell right, just raise your hand. You don’t have to know the ins and outs of the FCPA, but if something does not feel right, raise your hand and get the matter to someone who does know the ins and outs of the FCPA and who can thoroughly investigate the issue that you do not feel right about. If you do not do so, you may end up like Sharkey and, as Steffy writes as the final sentence of his piece, “The one time she wavered became a mistake she’ll regret the rest of her life.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013