Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories of the week, with a focus of the release of the latest Star Wars movie, The Last Jedi:

  1. There are several FCPA 40th anniversary pieces going up these days. The FCPA Blog is looking at the top FCPA cases and enforcement actions over the past 40 years. Dick Cassin started the series, Jessica Tillipman nominated Siemens as her top case, with a nod towards Walmart.
  2. New revenue recognition rules are here. Tammy Whitehouse provides comments from top accounting practitioners in Compliance Week. Tom Fox and Matt Kelly do a special 5-part podcast series in Compliance into the Weeds. Part I-Introduction, Part II-Transaction Price, Part III-In re: software, Part IV-Auditor issues and Part V-What does it all mean?
  3. In honor the premier of the latest edition in the Star Wars oeuvre, The Last Jedi both Tom Fox and Doug Cornelius have run week-long series on compliance lessons from the Star Wars series. See Doug’s post on Compliance Building and Tom’s posts on the FCPA Compliance Report. Tom and Jay will have a five-part podcast series May the Podcast Be With You running the week of December 11 on the intersection of Star Wars and compliance.
  4. Mike Volkov asks if new FCPA Corporate Enforcement Policy has altered the balance between disclosure and non-disclosure of FCPA violations? See his post in Corruption Crime and Compliance.
  5. Does the US sanctions policy work? Sam Rubenfeld explores this question through an interview with an interview with Richard Nephew, author of The Art of Sanctions on the WSJ Risk and Compliance Journal.
  6. Law-360 runs an Expert Analysis Series of reflections from key players in FCPA enforcement over the past 40 years. The articles come from current and former DOJ prosecutors, a monitor and defense lawyers. One of our favorites was Kara Brockmeyer and Chuck Duross reflecting on their work to help create the 2012 FCPA Resource Guide. Unfortunately, the entire series sits behind a paywall and subscription is required.
  7. HSBC successfully exits its five-year DPA. Sam Rubenfeld reports in the WSJ Risk and Compliance Journal.
  8. Former VW compliance professional Oliver Schmidt sentenced to seven years for his role in the VW emissions-testing scandal. Matt Kelly writes about in in Radical Compliance. Tom and Matt take a deep dive into it on their podcast, Compliance into the Weeds-Episode 62.
  9. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In December, I consider discuss the use of written standards in a best practices compliance program. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. Check out May the Podcast Be With You-the intersection of Star Wars and Compliance. The five-part series premiers on December 11 and a new episode will be released each day at noon CST. The series is sponsored by Affiliated Monitors.

As many of you all know Matt Kelly can rant with the best of them, right up there with Howard Sklar. I was quite intrigued with I read Matt’s December 11, 2017 blog post entitled, “At What Cost Dishonesty? For VW Exec, Seven Years” as it was one of the most strident blogs I have ever read from Matt. I wondered what had him so excised over the sentencing of former Volkswagen regulatory compliance engineer Oliver Schmidt. It turns out quite a bit, yet it was in a different way from his blog post.

In this podcast Matt and I take a deep dive into the compliance weeds to consider Schmidt’s conduct, the sentence and the roles of various parties involved in this unfortunate series of events. We consider at what point Schmidt committed to path of clearly unethical, immoral and illegal conduct? We explore what it means for a compliance professional to stand up and say this is wrong; whether it be on ethical, moral or legal grounds? In short what are some of the philosophical underpinnings of the compliance profession and even the compliance psyche?

We also consider the role of the trial judge who laid down the harsh sentence, the role of regulators such as the SEC and EPA in dealing with individual liability for compliance professionals. We discuss the distinguishing factors in this case but conclude that if a Chief Compliance Officer or compliance professional is a part of the illegal conduct, they will be vigorously prosecuted.

In addition to this episode, Matt and I have put together a five-part podcast series where we explore implications of this new revenue recognition standard, which is running this week. Each podcast is short, 11-13 minutes and deals with one topic on the new revenue recognition standard. The schedule for this week is:

Part 1: Introduction

Part 2: What the logic of your transaction price?

Part 3: Shaking up software revenue recognition.

Part 4: Auditors need to pay attention.

Part 5: What does it all mean for compliance (and everyone else)?

A new episode premiers at 12 noon CST, each day this week.

Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories of the week, in this week’s fire and ice edition:

  1. Former VW Engineer Oliver Schmidt sentenced to 7 years in jail for his role in the VW emssions-testing scandal. See article by Dick Cassin in the FCPA Blog.
  2. U.K.’s Financial Regulatory Council is proposing changes to the governance code in the areas of corporate culture, diversity and sustainable long-term growth. Mara Lamos Stein reports in the WSJ Risk and Compliance Journal.
  3. Transparency International criticizes uses of it Corruption Perceptions Index. Henry Cutter reports in the WSJ Risk and Compliance Journal.
  4. Caterpillar Unit Cheated Customers, Tossed Evidence Into Ocean to Hide It. See article by James Hagerty and James Tita in the WSJ.
  5. Matthew Stephenson asks if it is time to amend US domestic bribery statutes, in light of the US Supreme Court decision in McDonnell in the Global Anti-corruption Blog.
  6. Adam Turteltaub visits with Andy Hinton the CCO at Google on the SCCE podcast, Compliance Perspectives.
  7. Roy Snell and Kristy Grant-Hart share 10 ways to get involved with the SCCE, on the SCCE blog.
  8. The SEC’s Whistleblower’s program is alive and well with three awards in the past week. See articles in the Anti-Corruption Digest and the FCPA Blog.
  9. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In December, I consider discuss the use of written standards in a best practices compliance program. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.

Over the past few posts I have been exploring the Department of Justice’s (DOJ) new policy regarding Foreign Corrupt Practices Act (FCPA) enforcement. Deputy Attorney General Rod Rosenstein, in a speech, called it the FCPA Corporate Enforcement Policy and stated that it is now “incorporated into the United States Attorneys’ Manual.” I have considered what it means for the compliance practitioner and compliance profession going forward. Today, I want to conclude this series with some final thoughts.

The first observation is the process the DOJ went through to come up with this new Policy. The impetus would seem to have been the expiration of the one year FCPA Pilot Program in April 2017. At the conclusion of this one year experiment, the DOJ announced it would assess the Pilot Program. It not only assessed the Pilot Program but made changes which I think make the new Policy even more effective than the Pilot Program. In addition to the enforcement aspects of increasing the discount available to companies which met the requirements of the Pilot Program down to a 100% discount, from a Pilot Program high of a 50% discount; the DOJ made the presumption companies would receive a full declination as the default response to meeting the prescripts of the new Policy. Nowhere else under federal law is there such a presumption when there is a violation of federal criminal law.

Yet beyond the presumption of a full declination, there are additional benefits to companies which fail to disclose or have aggravating factors. Mike Volkov noted these additional benefits consisted of “a guarantee of a 50 percent discount and the probable avoidance of a corporate monitor.” Further, “In the event that a company does not qualify for a voluntary disclosure but cooperates and remediates its compliance program, the company can still earn up to a 25 percent discount from the bottom of the Sentencing Guidelines range.”

As a part of its review of the Pilot Program, the DOJ brought forward language on the expectation of a best practices compliance program, which I previously examined in some depth. There was language brought forward from both the Pilot Program and the 2017 Evaluation of Corporate Compliance Programs (Evaluation). Each of these additions builds upon the 10 Hallmarks of an Effective Compliance Program incorporated through reference into the new Enforcement Policy.

These new additions to a best practices compliance program elevate both the corporate compliance function and the position of the Chief Compliance Officer (CCO) in an organization. Perhaps most importantly, the DOJ made clear there must be compliance expertise on the Board, which signals that companies should now have a compliance program subject matter expert (SME) on their Board of Directors. Hopefully companies like Wells Fargo and Uber will take notice of this new DOJ expectation. Compliance department budgets will also need to be commensurately increased.  There is also now the requirement for not only a root cause analysis but the looping the information obtained during the root cause analysis back into the remediation phase of any corporate compliance program. While myself and others have argued these were DOJ requirements based on the Pilot Program and Evaluation, it is now a part of the US Attorney’s Manual, they will be given the full credence they deserve.

James Koukios, in Episode 360 of the FCPA Compliance Report, characterized these changes as “clarification and consolidation”; another way to consider these changes are of preservation and enhancement. The DOJ preserved the foundational compliance elements found in the 10 Hallmarks of an Effective Compliance Program and enhanced compliance programs through the incorporation of those items from the Pilot Program and Evaluation. Whichever formulation you might prefer, clearly the compliance discipline was moved forward by the DOJ with the new Policy.

All of these new statements, consolidations of prior DOJ publicly released documents and items from other sources are now consolidated in one Policy. Certainly, this is a positive move forward for all parties involved in the process; prosecutors, companies and their counsel. Looking back at the DOJ statements from this year, it is clear how important the compliance function and compliance profession is in FCPA enforcement. In April Attorney General Sessions said, at the Ethics & Compliance Initiative (ECI) Annual Conference, the following about compliance practitioners, “your work seeks to prevent, by building strong cultures of compliance within your companies to deter illegal and unethical conduct. We applaud those efforts. Our department would much rather have people and companies obey the law and do the right thing, so we don’t have to see them in court. Your good work makes our jobs easier, and it makes your companies and our country better. So far, so good. The E&C community is recognized for doing their job of helping companies follow their moral compass.”

Finally, the DOJ has brought everyone into the fight against bribery and corruption. Someone as thoughtful as former Deputy US Attorney General George J. Terwilliger III, writing in the FCPA Blog, said, “The new policy is grounded in the notion that companies and the government have a shared interest in securing the rule of law, which in this context includes global commercial markets freed from the influence and corrosive effects of corruption.” When you can couple such a policy under the rule of law, it is quite an achievement. It is the final concept which makes this new Policy truly unique. Hats off to the DOJ for it.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Last week, the Department of Justice (DOJ) premiered a new policy regarding Foreign Corrupt Practices Act (FCPA) enforcement. Deputy Attorney General Rod Rosenstein, in a speech, called it the FCPA Corporate Enforcement Policy and stated that it is now “incorporated into the United States Attorneys’ Manual.” There are several different points to note about compliance programs under the new Corporate Enforcement Policy. Yesterday, I considered the requirement for a root cause analysis. Today I want to consider what the DOJ says specifically about a compliance expertise.

The first thing is the incorporation of the 10 Hallmarks of an Effective Compliance Program through reference to the 2012 FCPA Resource Guide. Second is the language that makes clear that credit for a best practices compliance program is available for programs which are beyond simply the bare minimum under the US Sentencing Guidelines. Finally, is that language and concepts in this new Policy come from a variety of sources, including the DOJ’s 2016 FCPA Pilot Program and the 2017 Evaluation of Corporate Compliance Programs (Evaluation). This builds upon the 10 Hallmarks of an Effective Compliance Program incorporated through reference into the new Enforcement Policy.

 

Implementation of an effective compliance and ethics program, the criteria for which will be periodically updated and which may vary based on the size and resources of the organization, may include:

  • The company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be   tolerated;
  • The resources the company has dedicated to compliance;
  • The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk;
  • The authority and independence of the compliance function and the availability of compliance expertise to the board;
  • The effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment;
  • The compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors;
  • The auditing of the compliance program to assure its effectiveness; and
  • The reporting structure of any compliance personnel employed or contracted by the company.

I would reorganize these into three general categories: (1) Quality and resources dedicated to the compliance function; (2) ongoing evaluation of a compliance program; and (3) company culture.

Quality and Resources Dedicated to Compliance

Here the DOJ has laid out the following:

  1. The resources the company has dedicated to compliance;
  2. The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk;
  3. The authority and independence of the compliance function and the availability of compliance expertise to the board;
  4. The compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors; and
  5. The reporting structure of any compliance personnel employed or contracted by the company.

1 and the first half of 3 come from the 10 Hallmarks of an Effective Compliance Program. Points 2, the second half of 3, 4 and 5 come from the DOJ’s FCPA Pilot Program, Part 3 entitled, “Timely and Appropriate Remediation in FCPA Matters”. Clearly the DOJ is articulating that it expects true compliance professionals, who understand the way compliance interacts with and supports the business. The days of a law school trained, Chief Compliance Officer (CCO) who cannot read a spreadsheet are consigned to the dustbin of non-compliance. But more than simply compliance professionalism, companies must compensate and promote compliance professionals within their organization. Simply burying someone in the compliance function of a law department because they cannot cut it will no longer suffice.

While part of the first clause of 3 derives from the Hallmark Three of the 10 Hallmarks, which required authority and autonomy for the compliance function; there is a new requirement for compliance professional “independence”. The DOJ has not taken a position on whether a General Counsel (GC) can also be the CCO. However, this new language would seem to signal the death knell for the dual GC/CCO role. It may also signal the larger issue that the CCO should have a separate reporting line to the Board, apart from through the GC.

There is however one new part which I am particularly gratified to see, which is “the availability of compliance expertise to the board.” I believe this is more than simply a reporting requirement, or that the CCO has a direct line to the Board. I believe this is a separate requirement for compliance expertise on the Board. I have long argued that there should be a compliance professional on a Board of Directors. You name any of the most recent corporate scandals; Wells Fargo, Uber Technologies, Volkswagen, Equifax and there was no compliance expertise on the Board. Clearly the better practice is for companies to have a seasoned compliance professional on the Board. I would also add the DOJ may soon expect there be a Compliance Committee separate and apart from the Audit Committee.

Once again for the compliance professional, the new FCPA Corporate Enforcement Policy makes the importance of a best practices compliance program even more critical. Clearly the DOJ is focusing more on the role, expertise and how the compliance function is treated within an organization. Pay your CCO considerably less than your GC? You may now better be able to justify that discrepancy. Legal department budget of three million dollars and compliance department is $500,000; you may be starting behind the 8-ball. Finally, this document may well portend structural changes required at the Board of Directors level, including appointment of a compliance professional and creation of a Compliance Committee. Tomorrow I will consider the requirements for an ongoing evaluation of a compliance program; and issues around company culture.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017