webpage-graphicThe recent election of Donald Trump has thrown compliance professions to wonder, if not outright worry, about what the future may hold. What does the incoming administration have in store for the Foreign Corrupt Practices Act (FCPA), the compliance profession and the compliance community going forward? I recently explored some of these questions in a series of blogs. I also dedicated an entire episode of the Everything Compliance podcast to this issue.

Everything Compliance is my most recent podcast, where I bring together four of the top commentators on the FCPA, compliance and privacy issues from the US and UK. In a recent episode the podcast panelists, Mike Volkov, Matt Kelly, Jay Rosen and Jonathan Armstrong, together with myself, discussed and debated the effect of the President Elect and his nominee for Attorney General (AG), Jeff Sessions, on the FCPA, the Department of Justice (DOJ), the Securities and Exchange Commission (SEC), anti-corruption enforcement and compliance. What about issues more global, such as privacy and data security? What about international enforcement? These are just some of the initial questions we tackled.

As each of us had written on where we think the compliance discipline is headed, I wanted to assemble our collective writings together in an eBook for the greater FCPA compliance community. In the eBook I write about why I think FCPA enforcement is not only in the interest of the US as a country but also in the interests of US businesses. Mike Volkov writes about the FCPA and its enforcement from an ex-prosecutor’s perspective. Matt Kelly looks at both the DOJ and SEC under a Trump administration. Jay Rosen considers how businesses have incorporated compliance into standard business practices, which will not change no matter who is President. I pitched the idea of an eBook on our collective musings to Maurice Gilbert, Founder of Corporate Compliance Insights (CCI) and Managing Director of Conselium Executive Search, who immediately grasped its significance to the compliance community.

Gilbert stated, in the forward to the eBook, “The election of Donald Trump has caused us all to wonder — and worry– about what the future may hold for compliance professionals. To help answer these questions, five top commentators on the FCPA, compliance and privacy issues have crafted essays highlighting their initial reactions and predicting the election’s impact on FCPA enforcement, the compliance profession and compliance practice generally.

How did this conversation begin? Tom Fox’s “Everything Compliance” Podcast was the springboard for this continuing dialog. When we all woke up to a new world on November 9, 2016, Tom responded by asking leading compliance commentators what they think FCPA enforcement and compliance might look like under the new administration. Tom dedicated an entire podcast episode to these issues and wisely recognized the need to compile these experts’ early reactions and to share them — in an on-going way — with the greater compliance community.

As a leading voice in compliance, Tom will continue this conversation as the story takes shape. We look forward to sharing it with you.”

Yet Gilbert, in what can only be called an inspired request, said that as much as he wanted to publish the eBook, he wanted a continued dialogue by some of the top commentators in compliance on this subject going forward. So we have all agreed to continue the conversation.

So as the book cover says “Analysis, Predictions and the Occasional Rant from the Everything Compliance podcast.” Further, and to emphasize the ongoing nature of the dialogue, this volume is entitled Trump and Compliance, with the subtitle, “The Conversation is Just Getting Started…Part 1, It’s Not the Apocalypse (Yet)”.

 This means that every quarter or so, the Everything Compliance podcast gang will continue the discussion and CCI will publish the upcoming eBooks on the topic. It will be as Gilbert noted; analysis, predictions and the occasional rant. I hope you will join the Everything Compliance crew on this journey, along with Gilbert and his team at CCI.

To download a free copy of the eBook Trump and Compliance, click here.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Show Notes for Episode 31, week ending December 2, 2016-the Government Speaks edition

  1. Justice Department Assistant Attorney General Sally Yates remarks at 33rd annual ACI National FCPA Conference;
  2. Head of SEC Enforcement Andrew Ceresny remarks at 33rd annual ACI National FCPA Conference;
  3. Richard Bistrong interview of Barry Vitou on the future of the SFO, on the FCPA Blog;
  4. Release of new eBook on Trump and Compliance by the Everything Compliance podcast gang, published by Corporate Compliance Sights;
  5. Matt Ellis releases new book on The FCPA in Latin America;
  6. With help from US, Dutch enter the global fight against terrorism in a big way, see article by Geert Vermeulen, on the FCPA Blog;
  7. Bloomberg News is reporting a potential settlement by Brazilian & US authorities with Odebrecht for $2.5bn over corruption allegations unearthed in Operation Car Wash;
  8. Reflections on the First FCPA Mock Trial Institute;
  9. New DOJ site on Individual Accountability; and
  10. How ‘bout them 11-1 Cowboys and the impact of Gronk’s injury on the Patriots.

qtq80-AnPoaxMatt Stephenson, myself and others have engaged in a dialogue about where Foreign Corrupt Practices Act (FCPA) enforcement may be headed under the incoming administration. I have tried to focus on why compliance with anti-corruption laws, such as the FCPA, will not lessen. The discussions at ACI’s 33rd International Conference on the FOREIGN CORRUPT PRACTICES ACT (ACI-FCPA Conference) demonstrate why compliance will remain an important part of the business process of any US company doing business internationally.

The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have worked quite diligently to increase professionalism around anti-corruption enforcement in jurisdictions outside the US. At the ACI-FCPA conference Kara Brockmeyer, Chief, FCPA Unit, Division of Enforcement at the SEC, and Daniel Kahn, Chief, FCPA Unit, Fraud Section, Criminal Division at the DOJ, articulated an additional reason, which was the increase in international cooperation and enforcement.

Over the past few years, the DOJ and SEC have worked to create a network of international cooperation in the global war against bribery and corruption. In addition to forming liaisons, they have put on three conferences dedicated to the training of foreign prosecutors on investigations, best practices around anti-corruption compliance program and cooperation between countries in sharing of documents and other evidence. Both speakers remarked about the increased sophistication of foreign prosecutors in both investigations of bribery and corruption and in understanding compliance programs around anti-corruption laws.

While I had previously considered such training as a way for US authorities to garner relationships to assist US based FCPA investigations, both speakers talked about more joint and coordinated international investigations. This point towards to not only to parallel investigations but also coordinated resolutions. While the OECD is a large part of how the US makes such connections it is these formal trainings that have allowed US regulators to also make inroads into increasing prosecutions of such conduct.

Yet, in addition to this increased cooperation with US authorities, many other countries’ anti-corruption regulators are now actively prosecuting bribery and corruption as well. Obviously Operation Car Wash in Brazil is a prime example but the speakers pointed not just to increased assistance with the US but also enforcement, in the words of Brockmeyer, “going global”. She pointed towards two 2016 enforcement actions as prime examples.

As set forth in the SEC Press Release in the VimpelCom enforcement action there was cooperation from the following regulatory and enforcement authorities outside the US: “Public Prosecution Service of the Netherlands (Openbaar Ministrie), National Authority for Investigation and Prosecution of Economic and Environmental Crime in Norway (ØKOKRIM), Swedish Prosecution Authority, Office of the Attorney General in Switzerland, and Corruption Prevention and Combating Bureau in Latvia.  Other valuable assistance was provided by the British Virgin Islands Financial Services Commission, Caymans Islands Monetary Authority, Bermuda Monetary Authority, and Central Bank of Ireland, Estonia Financial Supervisory Authority (Finantsinspektioon), Comisión Nacional del Mercado de Valores (Spain), Latvian Financial and Capital Market Commission, UAE Securities and Commodities Authority, Banking Commission of the Marshall Islands, and Gibraltar Financial Services Commission.” The final resolution required VimpelCom to pay $167.5 million to the SEC, $230.1 million to the DOJ, and $397.5 million to Dutch regulators.

As set forth in the SEC Press Release in the Embraer enforcement action, the following regulatory bodies and enforcement agencies were involved: “the Brazilian Federal Prosecution Service, the Brazilian Federal Police, Brazil’s Comissão de Valores Mobiliários, the South African Financial Services Board, the Swiss Financial Market Supervisory Authority (FINMA), the Banco Central del Uruguay, the Spanish Comisión Nacional del Mercado de Valores, and the French Autorité des Marchés Financiers. In this matter the total fines and penalties paid by Embraer were pay a $107 million penalty to the Justice Department as part of a deferred prosecution agreement, and more than $98 million in disgorgement and interest to the SEC. Embraer received a $20 million credit on the amount of disgorgement based upon its payment to Brazilian authorities in a parallel civil proceeding in Brazil.”

Another interesting concept the speakers put forth was the one pie concept. They explained that increasingly, enforcement authorities were moving towards one total cost to anti-corruption violators which would be equitably split up by authorities where the corruption occurred or by the countries which had jurisdiction. Kahn said that companies who self-disclosed to multiple regulators and extensively remediated, along the lines laid out in the FCPA Pilot Program, were more likely to garner credit with US regulators for fines paid to overseas authorities. A contra example was Alstom, which tried to settle piecemeal with a variety of countries and entities such as the World Bank. Under this approach, Alstom did not received credit from US authorities for any of their other payments. For this, and other reasons, Alstom now stands at Number 2 on the Top Ten list of FCPA settlements, paying a whopping $772MM.

All of this means that the SEC and DOJ, together with the OECD, created an active and robust international anti-corruption enforcement regime, which is moving literally across the globe. Any US company doing business outside the US must have a compliance program in order to prevent, detect and remedy any corruption issues. Furthermore, if they want to receive the maximum credit from multiple regulatory bodies they will need such a best practices compliance program.

Indeed in some jurisdictions such a compliance program can be defense to a criminal charge against corporations if there are employees engaging in bribery and corruption. Yet even in the UK, where such a defense is available, a company must actually do compliance, not just have a paper program in place and call it a day’s work done.

All of this means doing compliance is even more important than ever and will be going forward. Even with a Trump administration.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

st-marks-basilicaI conclude my travel themed posts from Venice by considering the revelations seen in the renovations to St. Mark’s Basilica on St. Mark’s Square. On my previous trips to Venice, the front face of the church was covered in scaffolding for renovations which were under way. On this trip, the scaffolds were gone and the front face of the Basilica revealed glorious frescos across the top of the church, immediately under the eaves. They shimmered as the fleeting sunlight popped through the clouds from time-to-time to reveal gold inlays which literally shined in the wonderful, but all too brief, sunshine. It was truly awe-inspiring to see the church with the grime and soot cleaned away to show some of its true glory.

This week I am exploring the JP Morgan Chase (JPM)  and its subsidiary, JPMorgan Securities (Asia Pacific) Limited (JPM-APAC), (collectively ‘the company’) Foreign Corrupt Practices Act (FCPA) enforcement action which resulted in a Non-Prosecution Agreement (NPA) together with a penalty of $72MM from the Department of Justice (DOJ), a Cease and Desist Order (Order) from the Securities and Exchange Commission (SEC), consisting of profit disgorgement and interest of $135MM, and an agreement with the Federal Reserve Bank (Fed) for a Consent Cease and Desist Order (Fed Order) to put in place a best practices compliance program and pay a penalty of $61MM. The total fines and penalties paid by JPM for its violations of the FCPA was $268MM. Today I want to end this consideration with an exploration of what has been revealed and the lessons to be drawn for the Chief Compliance Officer (CCO) and compliance practitioner.

Pilot Program Cause and Effect

As I laid out in some detail yesterday, the FCPA Pilot Program is not only functioning but doing so clearly to the benefit of companies which comply with its requirements. Before the Pilot Program, the reasons such companies such as Hewlett-Packard (HP) and Parker Drilling received penalties below the low end of the minimum range of the US Sentencing
Guidelines was not clear from the resolution documents. That deficiency has been largely cleared up since the implementation of the Pilot Program. On top of the lower overall DOJ assessed penalty is the stunning result of a NPA achieved by JPM. While they admitted to the criminal conduct, as set out in the NPA, they skated on receiving even a Deferred Prosecution Agreement (DPA). Of course, this matter arose long before the Pilot Program came into existence which demonstrates the non-stratified approach of the DOJ in using the tools available to it, to reward companies which engage in such behavior. The Pilot Program is certainly changing the calculus for many companies and this enforcement action will be one more piece of tangible evidence the Pilot Program is working to create an incentive for greater compliance.

Hiring of Family Members of Foreign Official

One thing that this FCPA resolution decidedly does not stand for is the proposition that a company can never hire a family member of a foreign government official or employee of a state owned enterprise. Indeed, it was one JPM-APAC compliance officer (albeit a new one) in 2013 who stopped the entire Sons and Daughters program with the following reason for denying a family member a position at the company, writing, “I’m afraid from an anti bribery [sic] and corruption standpoint, we cannot create positions to accommodate client requests….”. This statement clearly shows that when an official refers a family member for hire, a red flag should go up. It also demonstrates why compliance should be involved in any FCPA high risk endeavor. If there is no position which the candidate can fill based upon their own qualifications at your company, that should be the end of the discussion, full stop (or mike drop for more dramatic effect).

Matthew C. Stephenson, in a blog post entitled “Does an FCPA Violation Require a Quid Pro Quo? Further Developments in the JP Morgan “Sons & Daughters” Case”, analyzed the question of whether there should be prosecutions under the FCPA for the hiring of family members of foreign government officials and employees of state owned enterprises. He wrote, “The three key considerations, to my mind, ought to be (1) the degree of connection between the job offer and a particular official decision, or set of decisions (as distinct from general goodwill and connections); (2) the degree to which the official indicated that he very much hoped the firm would hire the relative (even if there was not enough evidence of agreement to establish a quid pro quo); and (3) the degree to which the firm relaxed its ordinary standards to hire the official’s relative.”

I adapted this approach for Human Resources (HR) and the compliance practitioner with three questions to analyze re the hiring of a family member of foreign official or employee of a state owned enterprise. They can also be installed as internal controls. I would phrase the three questions in the following order and manner:

  1. Does the candidate meet your firm’s hiring criteria?
  2. Did the foreign official whose family member you are considering for hire demand or even suggest your company hire the candidate?
  3. Has the foreign official made or will make a decision that will benefit your company?

If the answer to the first question is No and the second two inquiries YES, you may well be in a high-risk area of violating the FCPA. You should investigate the matter quite thoroughly and carefully. Finally, whatever you do, Document, Document, and Document your investigation, both the findings and the conclusions.

As I mentioned they can be set up as internal controls. This is another example of how a company can operationalize compliance and burn it into the fabric and DNA of an organization. Further, it provides another level of oversight or “a second set of eyes” on the hiring process around hires that are high-risk under the FCPA or other anti-bribery/anti-corruption regime such as the UK Bribery Act.

More to Come?

There has now been three FCPA enforcement actions involving the hiring of family members of government officials or employees of state owned enterprises, Qualcomm Inc. and The Bank of New York Mellon, the reported JPM resolution amount will dwarf those settlements. But there may be others in the works as regulatory files indicate that other banks are under FCPA scrutiny, including Citigroup Inc., Credit Suisse Group AG, Deutsche Bank AG, Goldman Sachs Group Inc., HSBC Holdings PLC, Morgan Stanley and UBS Group AG. So watch this space.

A Happy Thanksgiving to All!

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

death-in-veniceToday, I consider Commissario Guido Brunetti, the lead character in Donna Leon’s murder-mystery series set in Venice. My wife and I took a tour of Brunetti’s Venice with Dr. Toni Sepeda who leads the only Leon authorized tour of the local areas where these great stories take place. Dr. Sepeda is a good friend of the author and intersperses her walking tours with incidents from various stories and quotations which bring to life the soul of the Commissario and the allure of this most beautiful and unique city. I highly recommend both the Leon’s books and Dr. Sepeda’s tour.

I want to use a scene from the Brunetti adventure Death and Judgment where Brunetti investigates a case involving sex trafficking. He determines the identity of the bad guy (or more appropriately bad girl) when she loses her glasses, which find their way to him. He recognizes they are from Carroro eyewear. Signore Carroro keeps scrupulous records and is able to identify the owner and this puts the good Commissario on the road to solving the case.

 

This leads into my continued exploration of the JP Morgan Chase (JPM) and its subsidiary, JPMorgan Securities (Asia Pacific) Limited (JPM-APAC) resolution its Foreign Corrupt Practices Act (FCPA) matter last week. In doing so JPM, secured a Non-Prosecution Agreement (NPA) from the Department of Justice (DOJ) with a penalty of $72MM, agreed to a Cease and Desist Order (Order) from the Securities and Exchange Commission (SEC), with a penalty consisting of profit disgorgement and interest of $135MM, and reached an agreement with the Federal Reserve Bank (Fed) for a Consent Cease and Desist Order (Fed Order) to put in place a best practices compliance program and pay a penalty of $61MM.

Today I will consider the superior result achieved by JPM in its FCPA resolution. Not only did it receive a 25% discount off the bottom of the US Sentencing Guidelines fine range but it received a NPA and not even a Deferred Prosecution Agreement (DPA) and no outside monitor was required of the company going forward. While some of this result is due to having excellent defense counsel, a large part is due to the cooperation by JPM and the remediation engaged in by the company.

While the fines and penalties are higher in this matter than most cases resolved in 2016, the resolution follows the pattern laid out by the FCPA Pilot Program, announced by the DOJ back in April. To recap, a company can receive up to a 50% discount off the bottom end of lowest range under the US Sentencing Guidelines if it (1) self-discloses to the DOJ, (2) provides significant cooperation with the government, (3) extensively remediates the underlying issues which led to the violation and (4) disgorges all profits from its ill-gotten gains. The NPA, Order and Fed Order all lay out how the penalties under this matter follow this framework, even though the case arose far before the implementation of the Pilot Program.

First and foremost, under this Pilot Program framework, the company did not self-disclose the matter to the DOJ or SEC. It was not stated in the NPA or Order how the matter came to the attention of US authorities. However, once the government’s investigation began the NPA noted “the Company received full credit for its… cooperation with the Offices’ investigation, including conducting a thorough internal investigation, making regular factual presentations to the Offices, voluntarily making foreign-based employees available for interviews in the United States, producing documents to the Offices from foreign countries in ways that did not implicate foreign data privacy laws, and collecting, analyzing, and organizing voluminous evidence and information for the Offices.” By the end of the investigation, the company had provided “all relevant facts known to it, including information about the individuals involved” to government authorities. These actions met Prong II of the FCPA Pilot Program.

One can only say that the company engaged in extensive remediation during the pendency of the investigation. According to the NPA the company took the following steps:

  • ended the employment relations with five employees who participated in the misconduct;
  • fired another employee “who failed to identify issues with referral hiring and failed to take appropriate steps to mitigate risks”;
  • disciplined an additional 23 “employees who failed to detect the misconduct, failed to supervise effectively those who were engaged in the misconduct, failed to take appropriate steps to mitigate corruption and compliance risks, and/or who were lower-level employees engaged in the misconduct at the direction of supervisors”;
  • “imposed more than $18.3 million in financial sanctions on former or current employees”;
  • conducted individualized training for remaining employees;
  • adopted “heightened controls related to their hiring programs, including standardizing hiring programs and requiring that every application for a hire be routed through a centralized human resources application process”;
  • more than doubled company resources devoted to compliance, particularly in the Asia-Pacific region; and
  • requiring improved FCPA training;

The SEC Order specifies additional remedial conduct engaged in by the company more geared towards internal controls, specifically around HR and the role of compliance in high risk hires. These remediation actions included:

  • Enhancing its anticorruption compliance program and hiring practices on a global basis,

making changes to its Anti-Corruption Policy to further address the hiring of government

officials’ relatives;

  • Requiring that every hire with the company, including Referral Hires, be routed through a centralized human resources application process;
  • Establishing a control function role for human resources with respect to hiring;
  • Requiring that company’s anticorruption office reviews and approves each hire of a candidate referred by a client, potential client, or government official; and
  • Instituting procedures and practices for the monitoring and auditing of referral hiring.

Although not a part of the DOJ or SEC resolution, but certainly in concert with those two settlements, the Fed Order also had some interesting points about the company’s conduct going forward which certainly contributed to the favorable result achieved by JPM. There would be senior management oversight which would “ensure that senior management periodically reassesses risks associated with the Firm’s Referral Hiring Practices to proactively identify practices vulnerable to legal and reputational risks”; and ensure senior management’s effective oversight of Firm’s Referral Hiring Practices.

There would be a compliance management risk program which would create and implement “written policies and procedures governing the appropriate evaluation of, and processes for, vetting referred candidates consistent with the Firm’s anti-bribery policies and procedures” tying FCPA compliance to Human Resources (HR). Within the HR function itself, there would written policies and procedures designed to ensure compliance with applicable anti-bribery laws and policies within all business lines; and training “regarding appropriate hiring practices and compliance with applicable anti-bribery laws and policies.”

Internal audit was also assigned an enhanced role going forward. It was designated to conduct audits on a regular basis, business of line controls and compliance detection and monitoring processes, “designed to identify and prevent potential misconduct in connection with the Firm’s Referral Hiring Practices”. Moreover, such audits are to be conducted by “qualified parties who are independent of the Firm’s business lines and compliance functions”. There are to be “enhanced escalation procedures for the timely resolution of material audit exceptions and recommendations in connection with the Firm’s Referral Hiring Practices”. Finally, and sounding right out of the COSO 2013 Framework for internal controls, there is to be a “periodic review of risk assessments to ensure emerging risks associated with the Firm’s Referral Hiring Practices”.

Tomorrow I will review the lessons learned from the JPM enforcement action.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016