It is with no small amount of pride that I am able to announce the publication and availability of my 16thbook, The Complete Compliance Handbook, on Monday, May 21, 2018. Written in the space of a little over one-year, this book incorporates the most recent pronouncements and guidance from the Department of Justice  (DOJ), including 2017’s Evaluation of Corporate Compliance Programs (Evaluation) and FCPA Corporate Enforcement Policy, to provide the most up-to-date advice on what constitutes a best practices compliance program. This single volume compendium brings together the top ideas, topics and techniques you can incorporate your compliance program, literally in 365-days to more fully operationalize your compliance regime. If you want one volume to guide you in operationalizing compliance, this is it.

For several years, I have wanted to write a definitive, single volume on what constitutes a best practices compliance program. I decided in 2017 to bite the bullet and dedicate the year to writing it. It turned into a journey of discovery as I was able to interview many of the country’s leading compliance practitioners and others to incorporate the most current thinking into the book. I learned many new things, most particularly about the evolution of the top thinking on what constitutes abest practicescompliance program some five years after the DOJ and Securities and Exchange Commission’s (SEC’s) seminal publication, A Resource Guide to the U.S. Foreign Corrupt Practices Act, which was released in 2012.

Building up the 2012 FCPA Guide’s Ten Hallmarks of an Effective Compliance Program, I wanted to consider the advancements from the legal, regulatory, technological and innovation perspective for the compliance practitioner. The book is designed to provide you with a step-by-step guide to the design, creation, implementation of or enhancement to a compliance program. It begins with 31-days to a more effective compliance program. Each entry presents one thing you can accomplish, at little to no cost, to improve any level of compliance program. There are three key-takeaways for each entry. The final chapter goes through the same process for you to operationalize your compliance program. In between these bookends, The Complete Compliance Handbookfeatures chapters on:

  • Operationalizing Compliance Through Human Resources – Why and how Human Resources (HR) should be a key corporate discipline in operationalizing a best practices compliance program. What are the places in the full employment lifecycle of every employee that HR can bring a compliance component to more fully operationalize your compliance regime?
  • The Role of the Board of Directors and Compliance – In every recent corporate scandal, the question is always, Where was the Board?That role has become increasingly important.
  • 360-Degrees of Communication in Compliance – Compliance communication has evolved. Current best practices are not upward, downward, inbound or outbound but a communication strategy to fully encapsulate all compliance actions and touchpoints with the full spectrum of the compliance customer base. How can you use social media to create a more robust compliance dialogue in your organization?
  • Better Third-Party Risk Management – Still the highest risk in any anti-corruption compliance program. I lay out the specific program under which you can manage the full spectrum of the life cycle of third-party risk management.
  • Reporting and Investigations – How well used is your hotline? Do you receive reliable tips and information from your employee base? How do you triage hotline reports and what is your investigation protocol? Find out the best practices to these and other issues.
  • Internal Controls – How robust are your compliance internal controls? Have you performed a gap analysis to ascertain what you might have in place? Robust compliance internal controls can make your company run more efficiently.
  • Innovation in Compliance – Compliance has become one of the most truly innovative corporate disciplines. What are you doing to keep your compliance program abreast of the most recent innovations in compliance? What innovations from areas outside the compliance profession will have the most impact on compliance programs going forward? How will Artificial Intelligence (AI) make compliance more robust?
  • Written Standards – These form the very backbone of every compliance program. They include your Code of Conduct, policies and procedures. How did you design and tailor these documents to your company’s risks and your corporate culture? When was the last time your written standards were updated? Find out the best practices for all areas of written standards.
  • More Effective Compliance for Business Ventures – The range of business partners and partnerships is only limited by the imagination of the business folks involved. How do you manage the compliance risks in ventures as diverse as joint ventures (JVs), franchises, teaming agreements, 4thtier subcontractors and partnerships? This chapter also considers best practices for mergers and acquisitions (M&A).
  • Continuous Improvement – What are the current best practices for ongoing monitoring and continuous improvement of your compliance program? Most compliance practitioners are aware of auditing and monitoring but how do the new technological tools allow you to literally see “patterns in the raked leaves” of your company’s data. Why is continuous improvement no longer simply a nice-to-have but a mandatory component of any best practices compliance program?

When you couple all of the latest techniques, innovation and advancements in compliance over the past five years, together with the most recent DOJ pronouncements in the form of the Evaluation and FCPA Corporate Enforcement Policy; you can see why I wanted to write this book and why it will be helpful to the compliance practitioner and compliance profession. There is literally no other book out today with the most recent information on what constitutes a best practices compliance program.

I hope you will check it out. If you do, I know you will not be disappointed.

To purchase a copy of The Complete Compliance Handbook on Amazon.com, click here.

To purchase an autographed copy of The Complete Compliance Handbook from the author, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

Sometimes the universe acts in serendipitous ways I cannot simply fathom. Having wrapped up a three-part series inspired by the original gonzo journalist, Hunter S. Thompson; we now find we lose one of Thompson’s key influences, Tom Wolfe. According to his (front page) New York Times (NYT) obituary, Wolfe was “an innovative journalist and novelist whose technicolor, wildly punctuated prose brought to life the worlds of California surfers, car customizers, astronauts and Manhattan’s moneyed status-seekers in works like “The Kandy-Kolored Tangerine-Flake Streamline Baby,” “The Right Stuff” and “Bonfire of the Vanities”. I would add to that distinguished list, “A Man in Full.” His lexicon informs the new US government anti-piling on policy.

Wolfe could turn a phrase like no one else, coining two of my favorite terms Radical Chic and the Me Decade. Praise for Wolfe has long been standard and the NYT obituary quoted several. Two of my favorites were Joseph Epstein, who had previously written in the The New Republic, Wolfe was “As a titlist of flamboyance he is without peer in the Western world”. The indomitable William F. Buckley Jr., “writing in National Review, put it more simply: “He is probably the most skillful writer in America — I mean by that he can do more things with words than anyone else.””

It is hard to even identify one Wolfe book as my favorite. The one I thought was the best was his story of the original seven Mercury astronauts and the race to the moon in “The Right Stuff”. For entertainment, I found “Bonfire of the Vanities” by far the most engaging. However, one that probably affected me the most was “A Man in Full”. Although set in post-Atlanta real estate downturn in the 90s, every one of the characters was well known to me, having lived through the first oil bust in Houston in the ‘80s. That is how universal Wolfe’s writing and character descriptions were in his novels.

Honoring Wolfe seems like an appropriate way to introduce today’s blog post, which was informed by last week’s speech by Department of Justice (DOJ) Deputy Attorney General (DAG) Rod Rosenstein and his ‘anti-piling on’ initiative. Rosenstein delivered his remarks to the New York City Bar White Collar Crime Institute on May 9. Anti-piling on and its evil twin-antithesis ‘piling on’ are phrases with the antecedent from the ‘one-pie’ concept but as Wolfe might intone it is a fuller and richer experience.

In the Foreign Corrupt Practices Act (FCPA) world, the concept of ‘one-pie’ was explained back in 2016 by Kara Brockmeyer, (the then) Chief of the FCPA Unit at the Securities and Exchange Commission (SEC), and Daniel Kahn, (then and current) head of the DOJ FCPA Unit. The concept was that enforcement authorities were moving towards one total cost to anti-corruption violators that would be equitably split up by authorities where the corruption occurred or by the countries that had jurisdiction. Kahn noted that companies who self-disclosed to multiple regulators and extensively remediated, along the lines laid out in the 2016 FCPA Pilot Program, were more likely to garner credit with US regulators for fines paid to overseas authorities.

Some of the examples of this one-pie policy in the realm of international anti-corruption enforcement include the following prosecutions. In 2016, Odebrecht/Braskem, with $2.6 bn in penalties involving US, Switzerland and Brazil; VimpelCom, with $795MM in total penalties, involving the US and The Netherlands. In 2017, Telia Companies AB, with $965MM in total penalties, involving the US and Sweden; Rolls-Royce, with $809MM in total penalties, involving the UK, US and Brazil; Keppel Offshore & Marine Ltd, with $422MM in total penalties, involving the US, Singapore and Brazil.

The one-pie concept has now expanded into a formal DOJ policy, entitled “Policy on Coordination of Corporate Resolution Penalties”, which has been formally incorporated into the US Attorney’s Manual at USAM Title 1, 1-12.100. Announcing this anti-piling on policy, Rosenstein said, it “encourages coordination among Department components and other enforcement agencies when imposing multiple penalties for the same conduct. The aim is to enhance relationships with our law enforcement partners in the United States and abroad, while avoiding unfair duplicative penalties.”

Rosenstein went on to detail four key considerations under the new anti-piling on policy. The first was not a policy change but a reaffirmation “to principles of fairness and the rule of law”. The consideration “affirms that the federal government’s criminal enforcement authority should not be used against a company for purposes unrelated to the investigation and prosecution of a possible crime. We should not employ the threat of criminal prosecution solely to persuade a company to pay a larger settlement in a civil case.”

The second consideration “addresses situations in which Department attorneys in different components and offices may be seeking to resolve a corporate case based on the same misconduct.” The “new policy directs Department components to coordinate with one another and achieve an overall equitable result. The coordination may include crediting and apportionment of financial penalties, fines, and forfeitures, and other means of avoiding disproportionate punishment.”

The third consideration “encourages Department attorneys, when possible”; to coordinate their activities “with other federal, state, local, and foreign enforcement authorities seeking to resolve a case with a company for the same misconduct.” The fourth and final consideration in the new anti-piling on policy employs some of the factors that DOJ attorneys can use in evaluating “whether multiple penalties serve the interests of justice in a particular case.” Rosenstein stated that “sometimes, penalties that may appear duplicative really are essential to achieve justice and protect the public. In those cases, we will not hesitate to pursue complete remedies, and to assist our law enforcement partners in doing the same.”

Rosenstein also laid out what he called “additional factors” the DOJ may take into account, including “egregiousness of the wrongdoing; statutory mandates regarding penalties; the risk of delay in finalizing a resolution; and the adequacy and timeliness of a company’s disclosures and cooperation with the Department.” Most significantly, he also stated, “Cooperating with a different agency or a foreign government is not a substitute for cooperating with the Department of Justice. And we will not look kindly on companies that come to the Department of Justice only after making inadequate disclosures to secure lenient penalties with other agencies or foreign governments. In those instances, the Department will act without hesitation to fully vindicate the interests of the United States.”

He also acknowledged the DOJ’s “ability to coordinate outcomes in joint and parallel proceedings is also constrained by more practical concerns. The timing of other agency actions, limits on information sharing across borders, and diplomatic relations between countries are some of the challenges we confront that do not always lend themselves to easy solutions.”

By incorporating the basics from the one-pie concept into the USAM and adding some of the factors and considerations he articulated in his speech, Rosenstein once again provided solid benefits to companies who step forward and self-disclose potential FCPA violations. With the language of ‘anti-piling on’ Rosenstein has added a Wolfe-inspired phrase to the FCPA lexicon.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2018

As former DAG Sally Yates returns to private practice at King & Spalding, in the words of LL Cool J, “Don’t call it a comeback, I been here for years,” Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. Michael Cohen explodes across the compliance universe. Matt Kelly writes in Radical Complianceand Buzzfeed, Tom and Matt podcast on Compliance into the Weeds, Francine McKenna quotes Matt and Mike Volkov in her piece on Marketwatch.com. Finally Joe Mont considers it from the Bank Secrecy Act compliance angle in Compliance Week(sub req’d).
  2. Sally Yates returns to private practice at King & Spalding in the  Washington Post.
  3. Katie Smith is the first chief ethics and compliance officer at Convercent, and has brought with her some new ideas about how to use technology to improve E&C Corporate Counsel
  4. GIR/JAC– Lawyers laud criminal division’s diversity provision for monitors (Pansonic Avionics DPA)
  5. FCPA Blog– Dick Cassin writes about Colombia investigating a dozen companies for overseas bribery
  6. FCPA Blog– Ankura’s Spinelli and Pilosio: Why is the construction industry so vulnerable to corruption?
  7. WSJ Risk & Compliance Journal– Ben DiPietro — The Morning Risk Report: Companies Need to Look Deeper at Supply Chains
  8. WSJ Risk & Compliance Journal– Henry Cutter — DOJ Targets ‘Duplicative Penalties’ Through Increased Coordination. See full text of Rosenstein remarks here.
  9. Tom reports on a week of speaking to compliance professional in Brazil. See his blog post Reflections on Week of Compliance in Brazil.
  10. Tom announces publication date of his next book, The Complete Compliance Handbook, which will be available on May 21, 2018 on Amazon.com. It is available for PreSale here.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

The Compliance Evangelist is still on assignment in Brazil. Today, I had the opportunity to speak to a group of lawyers, compliance professionals and others at the Koury Lopes Advogados (KLA) where I was hosted by Isabel Franco. It was a very informed and dynamic group which gathered at the law firm’s offices. My remarks were around the use of data to not only drive compliance into the fabric of your business but also to make your company run more efficiently and more profitably.

Some of the questions I began with were: Can you see the pattern in raked leaves? As a Chief Compliance Officer (CCO) or compliance professional, what data do you have at your disposal? Finally, are you able to even access your own company’s data? The patterns in raked leaves come from the ability to synthesize large amounts of data so that you can see unusual patterns which might present anomalies or red flags for further compliance review. The data you have at your disposal and the access you have to your own company’s data are often questions that bedevil many compliance professionals in beginning this new phase of their compliance program.

I next detailed where you should begin. The first thing you must do is to lay out your strategy in a manner which demonstrates how it will positively impact the business. Next you need to consider who are your customers in this exercise? Obviously, your own employees are the customers of your compliance initiatives but what about any third-parties, distributors, joint venture or other business partners? Finally, how will you capture the innovations in your compliance program which bring greater value to the business.

The next series of considerations turn on not only creating your strategy but implementing it as well. Moving from the final question above on “how are we expecting innovation to create value?”, your next step should be to create a high-level plan for allocating resources to the different kinds of innovation. During the entire process you will be required to manage trade-offs so senior leaders can make the choices that are best for the whole company. Finally, as with your entire compliance program your strategy must evolve as facts and circumstances change in the business.

I next turned to some specific examples from enforcement actions where the use of Artificial Intelligence (AI) could have helped uncover bribery schemes. The first thing to remember about bribery schemes is that the money to fund the bribes must come from somewhere. Deep Throat was right when he told Woodward and Bernstein to ‘follow the money’ during their Watergate Investigation as that maxim holds true in any robust anti-corruption program. The ‘where’ the money comes from is usually theft from the corporation itself.

One of the best and most straight-forward examples of this theft through employee embezzlement was the sordid story of GlaxoSmithKline PLC (GSK) in China. There literally the entire Chinese business unit was in on the scam to create fake events, fake invoices, fake conferences and other non-existent reimbursable events to create a pot of money so great that over some 7 years, it totaled almost $500 million. The GSK in China case brings up two dimensions which AI is suited to help find such unusual patterns. The dimensions of geography and time.

The dimension of geography is simply that the price of gifts, meals and entertainment wildly differs across the globe. A meal in São Paulo, New York or Oslo will obviously be much different in cost than Houston, Birmingham, Lagos or Kuala Lumpur. There will even be regional variations in China. The dimension of time is that there will be increased gift-giving during holiday seasons across the globe. In the US or western Europe, it may be Christmastime. In China, it may be the Chinese New Year. In Vietnam, it may be during Tet. In Brazil, it may be during Carnival. All of these contribute the dimension of time.

Next consider the sales cycle and the steps where corruption could occur in it. Some of the steps may include the following: 1. A pre-sale response to a request for proposal, a bid or simply a sales initiative; 2. In this pre-bid phase there could be gifts, travel and/or entertainment (GTE) spend on any of the customers or potential customers; 3. What is the sales pricing discount range? Is it outside the standard range and have all commercial approvals been granted for any discounts given? and 4. Are there any rebates which have or will be paid to the customer?

Some of the questions you might want to consider include some of the following. What is the aggregate spend on any one foreign government official over a 12-month period by one business development (BD) representative? What was the BD spend on one foreign government official by several company BD representatives? Has there been any travel involved to tour company facilities in a location outside the country where the contract will be performed? What has been the aggregate spend for this sales initiative and was it correlated with other GTE spends? What did that correlation show?

Regarding the contract itself, some of the inquiries you can make from the data include the following. Were any discounts offered outside the standard discount range?
Were these discounts properly vetted through the internal company process?
Was the sales discounting process documented and was there senior management sign-off in place? Was the contract properly vetted by all required internal processes, i.e. by management, legal, and compliance?

Obviously any third parties you might have used could be high-risk. In addition to following a lifecycle management of third parties review, you should consider the commission rate and total compensation paid to the third parties involved. Was it within a standard range or did it exceed what had been previously paid?

Further, a charitable donation review should also be completed. Were there any charitable donations made at or near the time of the contract award? Was there any Corporate Social Responsibility (CSR) requirement written into the contract which applied going forward?
Does compliance have visibility into this or does it go through a company charitable donation group or committee?

Travel after the contract has been signed can also be a place where corruption can creep in. Did the contract specify any travel for the customer? If so did it indicate who would be involved or even make the selection? How about ongoing training and if so where and for how long? Was there a specification of business class or above travel accommodations? If there was travel agreed upon as part of the contract was the spend on these items consistent with prior travel spends?

These are just some of the inquiries you can make with the data that currently exists in your organization. But if you think about these inquiries, they are not simply compliance inquiries but they are a part of your overall business process. Remember it is a sales process and cycle and it is a contract lifecycle. This means these processes can be improved upon. This improvement is fostered by a more robust, qualitive review of your own data by your compliance function.

Thanks again to Isabel Franco and KLA for hosting me.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2018

As we celebrate all things Star Wars on the May the Fourth Be With You edition, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. Panasonic settles FCPA enforcement action. Tom spends most of the week on it Background, the Bribery Schemes, a 20% Discountand Lessons Learned. Henry Cutter explores the due diligence and Trace Certification issues in the WSJ Risk and CorruptionJournal as does Kelly Swanson in GIR (sub req’d).
  2. Former VW CEO indicted in emissions-testing scandal. Jack Ewing reports in the NYTand Adrienne Roberts and Christina Rogers report in the WSJ. Dick Cassin reports in the FCPA Blog.
  3. What does the D&B declination mean for self-disclosure? Clara Hudson explores in GIR (sub req’d).
  4. An interesting UK court case considers whether lawyer interviews are privileged when the company agrees to a DPA with the SFO. For an English lawyer perspective, see article in the FCPA Blogby Susan Hawley. For another perspective, see the article by Debevoise & Plimpton lawyers Karolos Seeger, Andrew Lee and Robin Lööf in the NYU Compliance and Enforcement Journal.
  5. Are you using data to power your compliance program? If not you are missing the boat say Ren McEachern and Roy Pollitt in the FCPA Blog.
  6. Two looks at speaking up in a company. Jonathan Marks on how to win back employees trust so they will use a hotline. From an article in Fraud Magazine, he cross-posted on his blog. Henry Cutter interview Public Service Enterprise Group Inc. CCO Antonio Fernández on building a speak up culture in WSJ Risk and Compliance Journal.
  7. Matt Kelly joins us for a special breaking news segment on 5 steps law enforcement officials expect you to engage in if you have a data breach. See Matt’s article in Radical Compliance.
  8. What are the GDPR implications for whistleblowing? Vera Cherepanova explores in the FCPA Blog.
  9. Another week, another declination, this time for Transocean. Kelly Swanson reports in GIR(sub req’d).
  10. Tom announces publication date of his next book, The Complete Compliance Handbook, which will be available on May 21, 2018 on Amazon.com. It is available for PreSale here.
  11. Tom has a busy May planned. Join him at Brazil’s largest compliance conference, the 6th International Compliance Congress, held by LEC – Legal, Ethics and Compliance, May 8 to 10, in São Paulo, Brazil. Registration and information here; Hear him speak to the Houston chapter of ACAMS, from 11:30 -2 PM on Thursday May 17thin Houston on “Driving Compliance and Ethics through Data Analysis”. Information and registration here;and join in a session on Using Frameworks to Prove Compliance Competency at Compliance Week 2018 in Washington DC, May 20-23. Information and registration are here.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.