Water Going Uphill 2Usually the question I am posed is how far down the chain must you go in your due diligence to ensure that your suppliers are in compliance with the Foreign Corrupt Practices Act (FCPA). I would pose that now, after the Petrobras scandal, a company may need to examine the flow in the other direction. I thought about this directional shift when I read an exhaustive report in the Sunday New York Times (NYT) on the Petrobras scandal, entitled “Brazil’s Great Oil Swindle, by David Segal. The article reviews the genesis of and details the ongoing nature of the Petrobras scandal.

While I have previously written about the other Brazilian companies that have been caught up in the scandal, such as Oderbrecht, Camargo Corrêa and UTC Engenharia, Segal’s article detailed a level of immersion in corruption that should concern every US Company subject to the FCPA and catch the eye of Department of Justice (DOJ) prosecutors handling FCPA cases. It appears that the companies that had direct contracts with Petrobras also colluded in the old-fashioned anti-trust sense, so that not only did they control all the subcontract work done on any Petrobras project but they would also demand bribes from the subcontractors which they then passed up the chain to Petrobras executives and eventually Brazilian politicians. If this scheme turns out to be true, it literally could explode potential FCPA exposure for any US Company doing business on any subcontract where Petrobras was the eventual beneficiary.

Segal reported, “according to prosecutors, these companies stopped competing and started to collaborate. They formed a cartel and decided, in advance, which of them would win a particular deal. A charade competition was orchestrated, and the anointed winner could charge vastly more than it would in a free market.” Further, “A document obtained by prosecutors laid out what it called the “rules of the game.” The trumped-up bidding process was labeled a “sports tournament”, with an assortment of rounds and a “trophy.” There was a no-sore-loser codicil, too: “The teams that participate in a round should honor the rules that have been agreed on, even when they are not the winner.”

But the corruption did not stop simply at these non-Petrobras entities. These companies would demand bribes from their subcontractors that they passed up the line to Petrobras. Segal wrote, “From 1 to 5 percent of the value of a given contract was diverted to those on the receiving end of the scheme, a group that included 50 politicians from six parties, according to prosecutors. Money from cartel members took a circuitous route to politicians’ pockets, passing through ghost corporations whose owners made bribes look like consulting fees.”

Think about all of this for a minute. What happens when everyone and every company associated with a National Oil Company (NOC) is in on the corruption? I thought about this question when I read an article in the Financial Times (FT) by Andres Schipani, entitled “We were terrorized by the drop in oil prices, where he discussed how the drop in world oil prices has negatively affected Venezuela more than any other top oil producing company. Part of the country’s trouble is the rampant corruption around its NOC PDVSA. Schipani quoted a former minster for the following, “The design of the political economy here only benefits the corrupt.” Moreover, the country is near the bottom of the Transparency International Corruption Perceptions Index (TI-CPI) coming in at 161st out of 175 countries listed.

Most Chief Compliance Officers (CCOs) and compliance practitioners had focused their third party risk management program around third parties, first on the sales side and then in the Supply Chain (SC). However now companies may well have to look at other relationships, particularly those where the company is a subcontractor involved in a country prone to corruption with a NOC or other key state owned enterprise. Last year the Wall Street Journal (WSJ) in an article entitled “Venezuelan Firm Is Probed In U.S.”, by José De Córdoba and Christopher M. Matthews, reported that a US company ProEnergy Services LLC (ProEnergy), a Missouri based engineering, procurement and construction company, sold turbines to Venezuelan company Derwick Associates de Venezuela SA (Derwick), who provided them to the Venezuelan national power company. The article reported that the DOJ’s “criminal fraud section are reviewing actions of Derwick and ProEnergy for possible violations of the Foreign Corrupt Practices Act”. Derwick was reported to have been “awarded hundreds of millions of dollars in contracts in little more than a year to build power plants in Venezuela, shortly before the country’s power grid began to sputter in 2009”. All of this with a commission rate paid by ProEnergy to Derwick of a reported 5%.

The Brazilian investigation poses far more dire consequences for any US Company that did business with the cartel of Brazilian companies that had locked up the Petrobras work. It means that you need to go back immediately and not only review the underlying due diligence which you did (probably none); then review the contracts with those entities; and, finally, cross-reference to see if there were any contract over-charges which were rebated back to the cartel members. If so, you may well have a serious problem on your hands as any unwarranted rebates, refunds, customer credits or anything else that could have been readily converted into cash to be used to fund a bribe.

This second part is one thing that challenges many compliance officers. The compliance function does not always have visibility into the transactions assigned to specific contracts or projects like your company might be engaged in for Petrobras in Brazil. However it also speaks to the need for transaction monitoring as not simply a cutting edge technique or even best practice but a required financial controls tool that is also applicable to compliance internal controls as well.

As Brazilian prosecutors expand ever outward from Petrobras, US companies subject to the FCPA and UK companies and others subject to the UK Bribery Act would do well to review everything around their Brazilian operations, contracts and dealings. The Petrobras scandal has shown two clear trends to-date. First is that we are far from the end of this scandal. Second, the prosecutors have been fearless so far in following the corruption trail wherever it may go. If they follow it to US companies, they could prosecute them on their own in Brazil for violation of domestic anti-bribery and anti-corruption laws or turn the evidence over to the DOJ. The thing to do now is to get out ahead of this all too certain waterfall.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Social Media 5-IconsTo conclude this week’s posts, I wanted to list some of the more prevalent social media tools, explain what they are and how you might use them in a compliance program. (As usual I got carried away so this series will conclude on Monday of next week.) You need to remember that your compliance customer base are your employees. The younger the work force, the more tech savvy they will be and the more adapted to communicating through social media. According to Social Media Examiner’s 2015 Social Media Marketing Industry Report, the top two social networks for marketing are Facebook and LinkedIn. The three social media tools that hold the top spot for social media planning are LinkedIn, YouTube and Twitter. Marketers report that video streaming is becoming increasingly important tools for markets and that is currently encompassed in Meerkat and Periscope. Finally, I would add that Pinterest is another hot social media app.

Facebook

If you do not know what Facebook is at this point, you may have just transported down from a Borg Cube or perhaps you are a Vulcan looking for First Contact. This is the world’s most ubiquitous social media tool. It combines both personal and business applications. For the compliance practitioner, think about the business uses of Facebook. You can open a Facebook page for your compliance function and share an unlimited amount of information. Equally importantly, you can be responsive when employees comment on your posts, it allows you to interact with them and demonstrate that compliance is listening and responsive. The more regularly you post, the more opportunity you have for connecting with your employee base and building trust.

YouTube 

Much like Facebook, YouTube is one of the most ubiquitous social media tools around. It allows you to upload video and audio recordings for unlimited play. For the compliance practitioner, why not consider creating a YouTube channel for your company’s compliance program. You can put together full training on specific issues or you can create short videos. For an example of short videos, you can check out the training videos I have on my website Advanced Compliance Solutions. If there is any information that you wish to put into a visual format, YouTube is one of the best solutions available to you.

LinkedIn

LinkedIn is almost as ubiquitous as Facebook and YouTube. As with Facebook, you can set up a business site or even a private compliance group for your organization. Your employees are the best place to start adding followers, as they are not only your target audience but they are also your biggest advocates. You can encourage employees to add their compliance profile to their personal profiles. By doing so, they automatically become followers and can like, comment on, and share your company updates to help expand your viral reach. As with Facebook, LinkedIn provides you a platform to communicate with your employee base. It has a chat function that can be used to solicit feedback and comments going forward. You can also tie in with or ‘link to’ other groups and people that can facilitate not only creating but also expanding your culture of compliance.

Twitter

Earlier this week, I wrote about how you can use Twitter to capture information from the marketplace of ideas. However Twitter can also be used for communicating with your employee base. Tweets are publicly visible by default, but senders can restrict message delivery to just their followers. Users can tweet via the Twitter website, compatible external applications or by Short Message Service (SMS) available in certain countries. Retweeting is when users forward a tweet via Twitter. Both tweets and retweets can be tracked to see which ones are most popular. Finally, through the use of hashtags (#) users can group posts to Twitter together by topic.

I believe that Twitter is one of the most powerful tools (and completely underused tools) that is available to the compliance function. If employees follow their company’s name through a hashtag, they can see what trending topics other employees are discussing. Compliance practitioners can help lead that internal discussion through the same technique. Moreover, if the Chief Compliance Officer (CCO) or compliance function regularly monitors Twitter they can keep abreast of any communications and those can be used as a backup communication channel, in case the company hotline or other reporting system is not immediately available or even convenient.

Meerkat and Periscope

Two of the newest and perhaps coolest tools a CCO or compliance practitioner can utilize in the realm of social media are Meerkat and Periscope. Both tools allow you to tell a compliance story in real time, throughout your organization and beyond through the capture and broadcast of video, live through your smartphone. They are both live streaming apps that enable you to create a video and open the portal to anyone who wants to use it. Anybody in your Twitter community can click on that link and watch whatever you’re showing on your phone. The big piece is the mobile aspect. It is as simple as a basic tweet and hitting the “stream” button.

This is one of the more exciting new social media tools I see for the compliance practitioner. You could start a compliance campaign along the lines a campaign that the company Hootsuite initiated called “Follow the Sun” using Periscope. They decided to let their employees showcase what they called #HootsuiteLife. They gave access to different people in every company office around the globe. Throughout the day, it would “Follow the Sun,” and people in different offices would log into the Hootsuite account and walk around and show off their culture, interviewing their friends, etc. They talk about the importance of culture and now they are proving it. The number of inbound applications drastically increased after people got that sneak peek into their company. You could do the same for your worldwide compliance team.

You can live stream video training around the globe. Moreover, if you use either of these tools in conjunction with internal podcasting or other messaging you can create those all important “Compliance Reminders” which were so prominently mentioned in the Morgan Stanley Foreign Corrupt Practices Act (FCPA) Declination. The videos that you create with both of these tools can be saved and stored so a record of what you have created can be documented going forward.

Pinterest

According to Pinterest for Dummies, this tool is an online bulletin board, a visual take on the social bookmarking site, where the content shared is driven entirely by visuals. In fact, you cannot share something on Pinterest unless an image is involved. When you share something on Pinterest, each bookmark is called a pin. When you share someone else’s pin, it’s called a repin. Your group pins together by topic onto various boards, aka pinboards, in your profile. Each board mimics a real-life pinboard. You can share images you find online, or you can directly upload images. Using the “Pin It” button, you can share directly in your browser from any web page. You can also share your pins on Twitter and Facebook.

Although a relatively new social media tool, I find it to be one of the more interesting ones for use by the compliance function as it compliments many of the other tools I discussed above. You can set up your compliance account for your organization and pin items, lists, or other visual information that can be viewed and used by employees. In addition to the enumerated items, you can pin such things as a link, a website, graphics or other forms of information. If you think of it as an online bulletin board, you can consider all of the compliance information that you can post for your customer base and the interactions they can have back with you.

All of these tools can help you as CCO or a compliance practitioner to engage with your customer base. On Monday, I will conclude with some final thoughts on why the compliance function should use social media tools available to them.

Once again please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, the FCPA Compliance and Ethics Report.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2015

Social Media 2I continue my exploration of the use of social media as a tool of doing compliance by looking at some concepts around the sharing of information. In a recent podcast on Social Media Examiner, entitled “Sharing: The Art and Science of Social Sharing”, podcast host Michael Stelzner interviewed Bryan Kramer, a social strategist and author of the book “Shareology: How Sharing is Powering the Human Economy”. Kramer talked about several concepts that I found particularly useful for a Chief Compliance Officer (CCO) or compliance practitioner to think through when considering the use of a social media strategy in a best practices anti-corruption compliance program, under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or some other compliance regime.

Kramer’s book Shareology is a study of how, what, where, when and why people and brands share. For this book, Kramer conducted more than 250 interviews with executives, marketers and social media people, as well as professors of linguistics, psychology, sociology and so on, with the question “why people share” in mind.

The answer came down to one thing: connection. He found that “People all have the desire to reach out and connect with other people, whether it’s through sharing content and having someone reply back or by sharing other people’s content and helping them out.” From this research, Kramer identified six types of people who share:

  • Altruist: Someone who shares something specific about one topic all the time.
  • Careerist: Someone who wants to become a thought leader in their own industry, so they can see their career grow.
  • Hipster: Someone who likes to try things for the first time and share it faster than everyone else.
  • Boomerang: Someone who asks a question so they can receive a comment only to reply.
  • Connector: Someone who likes to connect one or more persons to each other.
  • Selective: This is the observer.

I find all of these categories to be relevant to a CCO or compliance practitioner in considering the use of social media in their compliance program. All of these can describe not only the reasons to use social media but they can also help you to identify who in your organization might be inclined to use social media and how it can facilitate your compliance program going forward.

The Altruist, Hipster and Careerist speak to how a CCO or compliance practitioner can be seen in getting out the message of compliance throughout your organization. Whichever category you might fall into, it is still about the message or content going forward. I find nothing negative in being seen as one or the other if your message is useful. Even if you are my age, there is nothing wrong with incorporating a little Hipster into your communication skills. As my daughter often reminds me, Dad you are so uncool that you are retro, but that is cool too. Applying that maxim to your compliance regime, if you can communicate in a manner your workforce sees as interesting or even hip, it may well help facilitation incorporation of that message into their corporate DNA.

I found the Boomerang, Connector and Selective categories as good ways to think about how your customer base in compliance (i.e. your employees) might well use social media tools to communicate with the compliance function. The use of social media is certainly a two-way street and you, as the compliance practitioner, need to be ready to accept those communications back to you. Indeed some comments by your customer base could be the most important interactions that you have with employees as their comments or questions could lead you to uncovering issues which may have arisen before they become Code of Conduct or FCPA violations. More importantly, it could allow you to introduce a proscriptive solution which moves your program beyond even the prevent phase.

Kramer also has some insights about the substance of your social media message. Adapting his insights to the compliance field, I found a key message to be that the problem is that companies do not write the way they speak, and don’t speak the language of their employee base. In many ways, compliance is a brand and Kramer believes that “brands and the people representing those brands need to change their language. If they focus on the title and the quality of the content, among other things, it’ll resonate more with their audience.” He also advocates using the social media tools and apps available to you. He specifically mentions Meerkat and Periscope, Snapchat, memes and/or videos to raise the value of the content. He was quoted as saying, “If you have a blog and there are no visuals, you might as well shut it down.”

It would seem the thesis of Kramer’s work is that sharing is a primary method to communicate and connect. In any far-flung international corporation this is always a challenge, particularly for discipline which can be viewed as home office overhead at best; the Land of No populated by Dr. No at worst. Kramer says that you should work to hone your message through social media. Part of this is based on experimenting on what message to send and how to send it. Yet another aspect was based upon the Wave (of all things) where he discussed its development and coming to fruition in the early 1980s. It took some time for it to become popular but once it was communicated to enough disparate communications, it took off, literally. Kramer noted, “It’s the same thing with social media. On social media, we think something will go viral because the art is beautiful or the science is full of deep analytics, but at the end of the day it really takes time to build the community.”

This means that you will need to work to hone your message but also continue to plug away to send that message out. I think the Morgan Stanley Declination will always be instructional as one of the stated reasons the Department of Justice (DOJ) did not prosecute the company as they sent out 35 compliance reminders to its workforce, over 7 years. Social media can be used in the same cost effective way, to not only get the message of compliance out but also to receive information and communications back from your customer base, the company employees.

Once again please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, The FCPA Compliance and Ethics Report.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

HemingwayOn this day in 1899, Ernest Hemingway was born. To me, he was the greatest Man of Letters the US has produced. Probably like most of you all, I was introduced to Hemingway in high school through The Son Also Rises. It remains my favorite of his works but I have enjoyed many more of his novels, short stories and non-fiction work. I particularly enjoyed his Nick Adams short stories as I found them crisply written and with a conciseness of language that is not often found today, or perhaps in any other time. Hemingway was awarded the Pulitzer Prize in 1953 and the Nobel Prize for Literature in 1954. He died via suicide in 1962.

I thought about Hemingway and his writing style when reading the most recent Corner Office column by Adam Bryant in the New York Times (NYT), entitled “To Work Here, Win the ‘Nice’ Vote”, where he profiled Peter Miller, the Chief Executive Officer (CEO) of Optinose, a pharmaceutical company. Miller has some interesting leadership concepts that are applicable to the position of Chief Compliance Officer (CCO) 2.0 and how a CCO 2.0 could use influence to lead, not only in the compliance function but also across an organization.

Miller talked about one thing you rarely hear in the corporate world, which is to be nice. He garnered this concept because as a “young sales manager at Procter & Gamble. I had five salespeople working for me, and one of the guys was 55 and another guy was 48. They were really successful salespeople, so I realized that I couldn’t teach these guys anything about selling. Since I couldn’t teach them anything, I tried to cultivate trust and respect by working really hard at figuring out how I could help them in a meaningful way.”

Yet this apparent inability to lead in precisely the area he was tasked in leading led Miller to formulate “a very important core value of mine, which is that you can and should try to create friends at your company.” But more than simply becoming friends, Miller came to the understanding that underlying the friendship “is this concept of trust and respect. When you get that as a team, that’s when great things happen. And that comes from creating a culture of openness, of authenticity, of being willing to have fearless conversations. It’s about being yourself, not being afraid to say what’s on your mind.”

As a CCO, you need to be able to have that type of conversation with those both up and down your chain of command. Certainly it is always beneficial to have type of relationship with your team that allows the full flow of communication. Miller said, “Think about how people are with their best friends. You want them to succeed. And sometimes that means having really hard conversations. If that’s what’s motivating you — and you’re really trying to help everybody around you in a company as if they were great friends of yours — that’s really powerful.”

I was interested in using some of Miller’s insights in the managing up role for any CCO. You have to be able to have some very frank conversations with your CEO and Board members about your compliance program and any issues that may arise under it. As CCO if you “cultivate trust and respect by working really hard at figuring out how I could help them in a meaningful way” as Miller used with his more senior sales team members, it should certainly help you going forward when you have to manage up your chain.

I also thought about this somewhat enlightened approach as contrasted with another style that I read about in a recent On Work column by Lucy Kellaway in the Financial Times (FT) entitled, “Wrong skillset excuse masks coup at the top of Barclays, where she discussed the recent termination of Antony Jenkins from Barclays Bank. The newly installed chairman of the company’s Board, John McFarlane, who simultaneously promoted himself to CEO, Jenkins former position, fired Jenkins. The reason Jenkins was fired; he no longer had the right “set of skills” for the organization. Chairman McFarlane explained to Kellaway that there were four skills going forward which (apparently) were lacking in Jenkins: “a) strategic vision; b) charisma; c) the ability to put plans in place that deliver shareholder value; and d) ability to ensure results were delivered.” Ironically, Kellaway noted that lawyers for Kleiner Perkins had said that Ellen Pao “was an employee who never had a skillset.”

Kellaway noted the obvious when she wrote “To invoke skillsets in hiring is not only ugly, but dangerous. Find the right person to run a very big bank is very hard, and having a list of skills that you are matching an applicant against is not necessarily the best way of going about it.” More ominously, she noted that the head of such bank would have to be able to reign in the traders and investment banker types who brought Barclays its unwanted regulatory scrutiny. More critically from the compliance perspective, I think it says much more about Chairman McFarlane that he did not say anything about a new CEO running the business ethically, in compliance or in any other manner which could help to prevent Barclays from another very large fine or penalty from the regulators.

McFarlane’s dictum is one that will certainly be noted by regulators on both sides of the Atlantic going forward. After the disastrous run by former Barclays’ head Bob Diamond, the bank was moving in the direction of regulatory compliance while securing the profits demanded by shareholders. However, McFarlane’s sacking of Jenkins could well derail the bank’s focus on ethics and compliance and engender the former attitude which led to the bank’s fine in the LIBOR scandal.

Unlike Peter Miller at Optinose, it does not appear that Chairman McFarlane appreciates the trust and respect style of leadership. I fear things may well turn out badly for Barclay’s yet again with the newly found emphasis on profits, profits and profits.TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Tacoma Narrows BridgeI conclude my Great Structures Week with a focus on structural engineering failures: suspension bridges and the challenges of wind in their construction and maintenance. I am drawing these posts from The Great Courses offering, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. In his chapter on suspension bridges he notes that the “Tacoma Narrows Bridge was the third longest span in the world when it opened to the world, this month of July in 1940.” Yet it collapsed only four months later, in one of the most famous visual images of a bridge’s collapsing. This is due to the “inherent flexibility of cable as a structural form”. A bridge can move in longitudinal vibration, that is up and down and in torsion, where it twists from side-to-side.

Most people recognize unstiffened suspension bridges as old as man and engineering itself. It was not until the 1820s that serious study was brought to bear on the issue of wind-related collapse of suspension bridges. The initial solution was to simply use more weight to reinforce the span. However, while that solution did bring some stability, it reinforced damage as the structure became a textbook example of Newton’s Second Law of Motion, which states that the acceleration of an object is dependent upon two variables – the net force acting upon the object and the mass of the object; meaning that once a heavy weight is in motion, it is more resistant to deceleration.

Yet it was scientific methodology that led to the disaster with the Tacoma Narrows Bridge. An engineer named Leon Moisseiff had developed a theory that long spanned suspension bridges were heavy enough that they did not require stiffening trusses because “their mass stabilized them against wind-induced vibrations.” However this theory failed to take into account how air flows around a bridge and the “dynamic response of the structural system.” Ressler concludes this section by stating, “this case has become a classic symbol of the dangers of arrogance born of overconfidence in science-based design methods, and belt-and-suspenders engineering has made a bit of a comeback.”

I thought about the catastrophic failure of the Tacoma Narrows Bridge in the context of one of the greatest risks in Foreign Corrupt Practices Act (FCPA) compliance; that being third parties. Many non-compliance corporate employees assume that if a third party passes due diligence muster; they are in the clear. After all, you cannot stop a third party from making a bribe or other corrupt payment. Fortunately the Department of Justice (DOJ) does not take such a myopic view as many business types. Under the FCPA, a company is responsible for the actions of its third party representatives.

The real work around your third party compliance program begins after the contract is signed and it is in the management of the third party relationship. While the FCPA Guidance itself only provides that “companies should undertake some form of ongoing monitoring of third-party relationships”. Diana Lutz, writing in the White Paper by The Steele Foundation entitled “Global anti-corruption and anti-bribery program best practices”, said, “As an additional means of prevention and detection of wrongdoing, an experienced compliance and audit team must be actively engaged in home office and field activities to ensure that financial controls and policy provisions are routinely complied with and that remedial measures for violations or gaps are tracked, implemented and rechecked.”

Carol Switzer, writing in the Compliance Week magazine, set out a five-step process for managing corruption risks, which I have adapted for third parties.

  1. Screen – Monitor third party records against trusted data sources for red flags.
  2. Identify – Establish helplines and other open channels for reporting of issues and asking compliance related questions by third parties.
  3. Investigate – Use appropriately qualified investigative teams to obtain and assess information about suspected violations.
  4. Analyze – Evaluate data to determine “concerns and potential problems” by using data analytics, tools and reporting.
  5. Audit – Finally, your company should have regular internal audit reviews and inspections of the third party’s anti-corruption program; including testing and assessment of internal controls to determine if enhancement or modification is necessary.

Additionally there several different functions in a company that play a role in the ongoing monitoring of the third party. While there is overlap, I believe that each role fulfills a critical function in any best practices compliance program. 

Relationship Manager

There should be a Relationship Manager for every third party which your company does business. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the third party.

Compliance Professional

Just as a company needs a subject matter expert (SME) in anti-bribery compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, third parties also need such access. A third party may not be large enough to have its own compliance staff so I advocate a company providing such a dedicated resource to third parties. This role can also include anti-corruption training for the third party, either through onsite or remote mechanisms. The compliance practitioner should work closely with the relationship manager to provide advice, training and communications to the third party. 

Oversight Committee

A company can have an Oversight Committee review documents relating to the full panoply of a third party’s relationship with the company. It can be a formal structure or some other type of group but the key is to have the senior management put a ‘second set of eyes’ on any third parties who might represent a company in the sales side. In addition to the basic concept of process validation of your management of third parties, as third parties are recognized as the highest risk in FCPA or Bribery Act compliance, this is a manner to deliver additional management of that risk.

After the commercial relationship has begun the Oversight Committee should monitor the third party relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the third party. The Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. In addition to the above remedial review, the Oversight Committee should review all payments requested by the third party to assure such payment is within the company guidelines and is warranted by the contractual relationship with the third party. Lastly, the Oversight Committee should review any request to provide the third party any type of non-monetary compensation and, as appropriate, approve such requests.

Audit

A key tool in managing the relationship with a third party post-contract is auditing the relationship. I hope that you will have secured audit rights, as that is an important clause in any compliance terms and conditions. Your audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed.

Perhaps now you will understand why I say that managing the relationship of your third party’s is where the real work of your FCPA compliance program comes to the fore. It also demonstrates a key difference in having a paper compliance program and doing compliance. Having a paper compliance program is simple but doing compliance is not always easy; you have to work at it to maintain an effective program.

I hope that you have enjoyed this week’s offering based around some of the world’s greatest structures, their engineering concepts and innovations and how they all related to a best practices compliance program. I am a huge fan of The Great Courses offerings and if you are interested in learning in a great many areas it is one of the best resources available to you. For a more detailed discussion of how you can develop and implement a best practices anti-corruption compliance program, I hope you will check my book Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week. You can review the book and obtain a copy by clicking here.

For a dramatic video of the collapse of the Tacoma Narrows Bridge on YouTube, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015