The indictments last week of executives from Takata and Volkswagen roiled many in the business world and ethics and compliance arena. Coming on the heels of the Wells Fargo scandal, one might wonder how corporations can stop the clear ethical lapses which led to these corporate disasters. Let us assume that these corporations were not headed by the type of crooks which led Houston based Enron or WorldCom or any of the other corporations laid low by the accounting scandals of the early 00’s.

Interestingly, there was an article in a recent Harvard Business Journal (HBJ) online publication by Christopher McLaverty and Annie McKee, entitled “What You Can Do to Improve Ethics at Your Company”, which I recommend to every compliance practitioner. The authors surveyed C-suite executives and noted, “More often the dilemmas were the result of competing interests, misaligned incentives, clashing cultures.” Based on this study and their prior work, the authors noted three major obstacles to ethical behavior.

Initially was the issue of corporate change. The authors stated, “Companies can warp their own ethical climate by pushing too much change from the top, too quickly and too frequently. Leaders in the study reported having to implement staff reduction targets, dispose of big businesses in major markets, and lead mergers and acquisitions. Some of these activities included inherent conflicts of interest; others simply caused leaders to have to act counter to their values (loyalty, for example). Many leaders felt poorly prepared for the dilemmas they faced and felt compelled to take decisions they later regretted.”

The second was the age old dilemma of compensation where incentives tended to drive certain behaviors or, as the authors stated, “People do what they are rewarded to do, and most leaders are rewarded for hitting targets.” Of course the most recent example is Wells Fargo where employee compensation was based solely on the number of accounts they opened. Yet such incentive based behavior was not limited to front line employees as the authors stated, “The lure of incentives are a problem in boardrooms too: Bonus payments and executive share schemes are often based on short-term business metrics, which can be counter to long-term success.”

Finally, was an area which may require a Chief Compliance Officer (CCO) or compliance practitioner to think through several different calculi; cross cultural differences. Obviously some countries have gift giving cultures but this is more than simply the value of a gift to give at Christmas, it involves cultures where gift giving may be a part of the overall business relationship. The authors cited examples such as “closing a sales office in Japan, breaking a verbal promise made during after-work drinks in China, or ignoring “sleeping” business partners in a Saudi Arabian deal, all of which have cultural and ethical components.”

An interesting insight was teaching employees how to understand what matters in an organization. This is not simply the written Codes but how things really work. The authors posited three questions: (1) How are employees paid? Obviously a compensation plan is a critical benchmark. If it is solely based on ‘eat what you kill’, focusing on the short term, it may presage problems down the road. (2) Who gets promoted and why? This is not simply whether the high producer gets promoted but how about those who speak up and raise ethical issues. Are they subtly (or not so subtly) discriminated against or held back from promotion? (3) How do employees feel about their organization? Although it seems straight-forward, if your employees are disengaged or worse yet, ashamed about your company, you might be an ethical time bomb waiting to happen.

The authors then turned to initiatives that the interviewees had successfully used in their own organizations to improve the ethical climate. While noting that there is some importance in the corporate governance documents, such as a Code of Conduct and policies and procedures, the authors averred “Companies become ethical one person at a time, one decision at a time.” This means employees need to understand their organizations underlying culture. They stated, “Self-awareness enables you to build and strengthen that inner compass. Organizational awareness enables you to identify the forces in your company’s culture and processes that could drive you and others to do the wrong thing. You also need emotional self-control: it takes courage to step away from the crowd and do the right thing.”

To have such courage, the authors noted many employees who did speak up had a personal network which operates as “an informal sounding board and can highlight options and choices that the leader may not have considered. When making ethical decisions, it’s important to recognize that your way isn’t the only way, and that even mandated choices will have consequences that you must deal with.” This is yet another reason for the breaking down of silos in a corporate organization because “The challenge is that most leaders have networks full of people who think and act like them and many fail to seek out diverse opinions, especially in highly charged situations. Instead, they hunker down with people who have similar beliefs and values. This can lead to particularly dire consequences in cross-cultural environments.”

Finally, and perhaps most intuitively, is speaking up. Here business leaders must encourage not only a speak up culture but also one of no retaliation. But it is more than this as Vanessa Rossi, FCPA Due Diligence Counsel at Baker Hughes Inc. noted in a panel discussion to the Greater Houston Business and Ethics Roundtable, it is more tones at the tops as for many employee’s senior leadership resides in the form of their direct manager. The authors phrase it as “If you find you need to speak up, there will be a number of choices to be made. Do you talk to the boss? Consult with peers? Work with advisory functions such as legal, compliance or human resources? You can draw on your personal network for support and guidance on the right way forward within the context of your unique situation.”

Ethics and compliance blend together in the corporate world. It is not just the responsibility of CCOs and compliance practitioners but of senior managers to support those employees who want to do the right thing. While written protocols are significant in both detection and prevention, one should never lose sight of a corporate culture as a way to positively impact your workforce and company going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

n this episode, I visit with noted FCPA compliance practitioner Mike Volkov on some of his top highlights from 2016 and what he sees into 2017 going forward.

Yesterday, I began an exploration of the Foreign Corrupt Practices Act (FCPA) enforcement action involving Teva Pharmaceuticals Industries Ltd. (Teva). It was brought jointly by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) with total fines and penalties coming in at $519MM, consisting of a criminal fine of $283 MM and profit disgorgement of $236MM. The company entered into a three-year Deferred Prosecution Agreement (DPA) that requires an independent compliance monitor. The SEC issued a Complaint. The company’s Russian subsidiary, Teva LLC, also agreed to a Criminal Information and agreed to enter into a plea agreement pleading guilty to a one-count criminal information, charging the company with conspiring to violate the anti-bribery provisions of the FCPA.

In my previous post, I considered the underlying facts of the bribery schemes used in three separate countries, namely Russia, Ukraine and Mexico. Today I want to consider the penalty range, the corporate monitor, the actions of Teva to obtain the results it secured and what they all mean for the compliance professional going forward.

As laid out in the DPA, the fine range was between $353,971,685 and $707,943,370. Yet Teva paid $283,177,348 for its criminal violation. (The remaining $236MM was assessed by the SEC.) While the underlying facts demonstrated clear business unit involvement in intentional bribery schemes and conscious indifference at best by the Israeli corporate office by burying its head in the sand with the numerous red flags present; the company was still able to obtain a 20% discount from the minimum range of the US Sentencing Guidelines suggested criminal fine.

Loss of Credit

In none of the resolution documents does it reveal how the information about the company’s bribery and corruption was brought to the attention of the US regulators. The DPA specifically notes the company did not self-disclose to the DOJ and “as a result the Company was not eligible for a more significant discount on the fine amount or the form of resolution.” Equally interesting was the comment, “The Company did not receive full credit because of issues that resulted in delays to the early stages of the investigation, including vastly overbroad assertions of attorney-client privilege and not producing documents on a timely basis in response to certain Fraud Section document requests.” If we assume the company lost 25% of the available discount for its lack of self-disclosure, this final line would mean the company lost 5% of the available discount for basically playing games with the DOJ. At $284MM for the total fines, those games cost Teva approximately $14.2MM. I wonder what the additional cost to Teva was in legal fees for the counsel which advised Teva to play such games.

The bottom line from this portion of the DPA emphasizes, yet again, that the DOJ will provide real credit to a company if it follows the simple prescripts of (1) self-disclosure; (2) extensive cooperation; and (3) significant remediation. Even with the fully pervasive corruption schemes, utilized in three countries; Teva was able to receive a significant discount off what was clearly reprehensible and illegal conduct. But even if a company has such sub-optimal counsel which does not advise self-disclosure and then proactively advises on a course of resistance which is based upon bogus legal arguments; the DOJ will still provide a significant credit if the company moves towards a more cooperative stance in the investigation and remediates significantly during the pendency of the investigation.

Credit for Remediation

Next we turn to the positive conduct which did allow the company to obtain its 20% discount. After having changed its tune around cooperation with the DOJ investigation at some point, the company engaged in significant remediation. As laid out in the DPA, the remediation included:

  • removing at least 15 employees who were involved in the conduct at issue from the Company, either through termination, resignation, or they voluntarily departed once the Company’s internal investigation began;
  • enhancing the Company’s compliance function by implementing a number of policies and procedures designed to prevent prohibited conduct, including the establishment of a system to monitor transactions with members of the health care community;
  • adopting an improved anticorruption training program;
  • adopting a standalone third-party due diligence program and terminating business relationships with certain third parties;
  • enhancing the independence of the Company’s control functions and establishing an office charged with addressing reports of misconduct; and
  • establishing a dedicated Global Compliance Audit group and strengthening the Company’s internal audit and investigations teams.

Teva also demonstrated enhancement and commitment to its compliance program and internal controls to meet the requirements of a best practices compliance program.

It is incumbent to recall that Teva did have an anti-corruption compliance program in place at all times during its bribery and corruption scheme. While one might opine that anti-corruption might not have been taken too seriously prior to the investigation, the SEC did note in its Complaint that Teva had investigated allegations of bribery and corruption back in 2007-08 in its Mexico subsidiary. As a result, the company “found credible evidence of illegal payments by Teva Mexico to government officials in Mexico to influence regulatory and formulary approvals, drug purchase decisions, and prescription decisions, and to develop strategic advantages over competitors. Eleven Teva Mexico employees were terminated in connection with the investigation.”

However, even with the specific findings from the investigation and remediation, the Mexico business unit was determined to continue its bribery scheme. Indeed, it went even further than at the senior executive level at Teva to forestall any serious effort at doing compliance. The Compliance stated, “In April 2011, a Teva employee responsible for overseeing the implementation of the anti-corruption compliance program emailed a senior executive responsible for overseeing compliance in Latin America. The email stated that a senior Teva executive had “specifically instructed not to implement a robust system that will enable us to monitor and assure that the same doctor wasn’t invited to a meal more than three times (for example)””.

The Monitorship and Implications

With this type of senior executive (lack of) commitment to compliance it is probably little wonder that the DOJ required a corporate monitor whose “primary responsibility is to assess and monitor the Company’s compliance with the terms of the Agreement, including the Corporate Compliance Program in Attachment C, so as to specifically address and reduce the risk of any recurrence of the Company’s misconduct.” The Monitor, can, but is not required to, rely not only upon the product of Teva’s compliance resources but also use the company’s internal functions such as legal, compliance and internal audit to assist the Monitor in carrying out the mandate in the DPA; provided, however, “that the Monitor has confidence in the quality of those resources.”

Most interestingly, the Monitor’s mandate requires them to use a risk-based approach in review of the company’s compliance program. The DPA specifies the Monitor should consider “risks presented by: (a) the countries and industries in which the Company operates; (b) current and future business opportunities and transactions; (c) current and potential business partners, including third parties and joint ventures, and the business rationale for such relationships; (d) the Company’s gifts, travel, and entertainment interactions with foreign officials; and (e) the Company’s involvement with foreign officials, including the amount of foreign government regulation and oversight of the Company, such as licensing and permitting, and the Company’s exposure to customs and immigration issues in conducting its business affairs.”

It would seem apparent that the hand of DOJ compliance counsel Hui Chen was involved in setting out these obligations. This action also points out another clear import from the DOJ on the importance of compliance programs and the increasing sophistication of the DOJ (and SEC) in understanding what is a best practices compliance program and requiring the same going forward. This push by the compliance counsel will most certainly continue to keep the bar going up and enhance compliance programs into 2017 and beyond.

Much like the Odebrecht/Braskem FCPA resolutions of the same week, the Teva resolution has quite a bit for the compliance practitioner to digest and use in a compliance program going forward. 2016 has been a FCPA year for the ages and with the information communicated by both the DOJ and SEC, the bar for compliance programs will continue to elevate so that compliance will become a more fully functioning corporate discipline.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Ed. Note-today I have a joint posting by myself and Jay Martin, Chief Compliance Officer at Baker Hughes Incorporated. 

Two of the most common compliance focused committees for public companies are those at the Board level and those which sit between the Chief Compliance Officer (“CCO”) and the Board, usually consisting of very senior executives such as members of a company’s executive leadership team. It is noteworthy, however, that Houston-based Baker Hughes Incorporated (“BHI” or “Company”), which has been highly recognized for its effective global compliance program, has adopted additional compliance committees, with strong support from the senior operations leaders in the organization. These new committees will help the Company’s corporate compliance function to more effectively ensure employee and business partner compliance with the Company’s Code of Conduct (“COC”) throughout its global organization by integrating compliance into every aspect of Company’s functions and generating the necessary information to continuously improve the Company’s Compliance Program. These additional committees also operate on multiple planes to fully operationalize compliance in the Company, augment the Company’s internal controls and make the Company a more efficient and profitable entity. BHI has named these additional compliance committees “GeoMarket Ethics and Compliance Committees” (hereinafter “Committees.”)

Purpose

As noted above, most companies have a Board Committee dedicated to ethics and compliance or something like a Board Audit Committee which the CCO will report into. Once again, there are many companies with senior executives populating another level of oversight with a compliance committee between the CCO and the Board. However, the BHI initiative, which involves the formation of numerous additional compliance committees (“Committees”) at the regional Geomarket level, helps to create more direct ownership, accountability, and valuable transparency.  This moves compliance down into all levels of the Company’s operations.  This approach also significantly improves consistency of compliance execution, and helps to ensure that all of Company’s business objectives are achieved in a legally compliant fashion. According to the Company’s Committee Charter, these Committees are designed to “periodically advise and provide information and insights to the CCO (as well as receive compliance information from the CCO and the Ethics and Compliance Director for the relevant GeoMarket) regarding applicable legal and regulatory requirements, industry standards, and the Company’s COC, as well as the Company’s Compliance Program as it relates to the GeoMarket.” The Committee does not have primary responsibility for internal investigations but is charged with reporting any known compliance issues to the CCO should the Committee or a Committee member be made aware of “any matter potentially constituting misconduct or related to legal, financial or HS&E compliance.”

The Committee is designed to “promote clear and frequent compliance-related communication on related matters throughout the GeoMarket and strengthen the Company’s compliance culture.  The Committee therefore is very valuable to the overall performance of the Company’s Compliance Program” within the GeoMarket.” This initiative has caused compliance topics to be more thoroughly discussed at regularly occurring Company operations meetings. Also note these Committees have communication structures designed to facilitate communication up the chain and down the chain. They also allow the CCO to have a more direct set of ‘eyes and ears’ closer to the ground. Finally, the Committees give the compliance function greater visibility within the organization because compliance has been moved further into the middle and lower levels of the organization on a daily basis.

Composition

One of the key elements of the Committees are their makeup, which is GeoMarket centric. The Committee members are: (a) the Vice President of the GeoMarket; (b) the Ethics and Compliance Director for the GeoMarket; (c) the Legal and Compliance Director for the GeoMarket; (d) the HR Director of the GeoMarket; (e) the Finance Director of the GeoMarket and/or audit personnel located in the GeoMarket; (f) the Trade Compliance Director of the GeoMarket; (g) the Supply Chain Director of the GeoMarket; (g) the Sales Director of the GeoMarket and (h) senior representatives of Operations in the GeoMarket. This composition of the Committees, coupled with their structures, allow compliance to be fully operationalized into the Company’s global organization.

Authority and Responsibility

There are multiple delineated responsibilities for each Committee. Some of these responsibilities include:

  • Assisting in identifying not only potential legal and compliance risks in the GeoMarket but also reputational risks to BHI.
  • Establishment of goals and metrics to measure against these legal and compliance goals in the GeoMarket.
  • Exercising oversight of the implementation and effectiveness of the Company’s global compliance program in the GeoMarket. Additionally, to make recommendations to the CCO and suggest improvements to the Company’s compliance practices in the GeoMarket.
  • Reviewing and monitoring implementation of BHI’s COC in the GeoMarket and assisting in the identification of best practices, alternative strategies and local initiatives to enhance the BHI Compliance Program.
  • Assuring to the CCO and the senior leaders of operations that compliance goals and requirements are both established and communicated across the Company.
  • Advice management of its assessment of the Compliance Program, ethics and compliance risks in the GeoMarket and steps taken to both manage and lessen such risks.
  • Reviewing the Company’s Business Helpline complaints and other information to assure the GeoMarket that “appropriate steps are taken to modify the Compliance Program to reduce identified ethics and compliance risks.”

The innovation represented by the formation of the Committees operationalizes compliance into the Company’s GeoMarket operations where the business operates. This sort of approach follows the Department of Justice mandate, articulated in the Department’s FCPA Pilot Program for companies to move the doing of compliance down into the business of the organization. The make-up of BHI’s Committees, while including legal and compliance representatives, is also populated by representatives from other disciplines within the global organization. This allows a fuller, richer and more holistic approach to not only compliance advice but reviews consistent with the Committee’s Charter.

It adds a dimension not often seen or even discussed in the compliance profession. The accountability and oversight down to the GeoMarket level and the compliance monitoring, reviewing, assessing and recommending that is deemed to be necessary will provide additional endorsements up through the organization that it is actually doing compliance. In compliance, it is execution where the rubber meets the road. BHI’s GeoMarket Committee provides a unique structure to perform these functions.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

qtq80-vR9YwkTammy Grimes died earlier this week. For those of you not familiar with that name, you may well know the name of the Broadway musical which catapulted her to fame, The Unsinkable Molly Brown. Grimes garnered a Toni in 1960 for her performance and won a second Toni in 1969 for her performance in the revival of Noel Coward’s Private Lives. According to her obituary in the New York Times, “Ms. Grimes was largely unknown in 1960 when she was cast as Molly, the rags-to-riches turn-of-the-century socialite-philanthropist who survived the sinking of the Titanic. The show’s producers, who clearly considered the music and lyrics by Meredith Willson more marketable than their female lead, declined to put her name above the title, which meant that (because of the Tony regulations of the time) she could be nominated only in the featured-actress category.” Yet she stole the show and made it her own.

Yesterday I concluded a two-part series on the future of stakeholder engagement based upon a Research Report (Report) issued by BSR. In the paper, authored by Alison Taylor and Sara Enright, they argue that transformative engagement for a more inclusive business is not only the right approach to take from a societal perspective but also from the business perspective.

They suggest a number of steps that companies can take to have a deeper, more strategic stakeholder engagement. These steps include companies training both employees and managers to identify pressure points with external stakeholders so they can be engaged in a thoughtful manner. Projects should start with a mapping process of internal stakeholders to ensure that everyone who needs to be involved is informed and prepared. It is better practices for companies to develop engagement plans that account for the whole organization, analyze business-connected activities that affect external stakeholders, and then ensure that the company has feedback mechanisms to capture all grievances and ensure remediation. As with any such initiative it must begin with management support so that key executives will understand the issues and encourage strategic decision-making based on stakeholder input. It is also best practice to form “advisory groups of stakeholders on different strategic issues to help the company engage stakeholders in deep discussions over extended periods of time.”

The steps can help if the company will “proactively reach out to develop a positive relationship with critical stakeholders before a crisis arises. Communicate often, with transparency and integrity, not just when the company needs something.” By committing “to integrating stakeholder input into business-critical decisions and build mechanisms to do so” a company will not only have stronger ties to weather storms but also have the groups in place to provide additional guidance and support when needed.

One of the things Roy Snell and I disagree on is whether a Chief Compliance Officer (CCO) or even the compliance function should be involved in this process. Many think it is too close to Corporate Social Responsibility (CSR) for the compliance function to be involved, let alone take the lead. However, I believe the compliance function is uniquely suited in an organization to help push a company towards the goals as laid out by the Report.

The compliance function should have the most touchpoints within an organization (that is if the CCO gets out of his or her office). By using these corporate connections, a CCO can bring disparate groups together for the engagement. Additionally, the Foreign Corrupt Practices Act (FCPA) compliance community was recently reminded that companies can get into trouble over charitable donations in the Nu Skin FCPA enforcement action. Not knowing to whom you are making a donation can be as FCPA-troubling as not following any other component of your compliance program. You must know the stakeholders you are engaging with and your company must perform a sufficient level of due diligence going forward. Simply reaching out to third parties without following the five-step process for third party management is a recipe for trouble even in the area of stakeholder engagement.

Moreover, what will these stakeholders be doing on your behalf? If they act on your behalf, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) will likely hold your company responsible if they commit a FCPA violation. This also means that the compliance function should train such stakeholders on what their role might be and then monitor the relationship going forward. While these might appear as impediments to a more robust stakeholder engagement, I believe they will actually enhance any such interactions.

Another reason is the stakeholder engagement and CSR are becoming issues which both companies higher in the contracting chain and governments, such as the US government, are requiring of their contracting counter-parties. I call this ‘business solutions to legal problems’. Scott Killingsworth has called this phenomenon “private-to-private” and has stated, “Embodied in contract clauses and codes of conduct for business partners, these obligations often go beyond mere compliance with law and address the methods by which compliance is assured. They create new compliance obligations and enforcement mechanisms and touch upon the structure, design, priorities, functions and administration of corporate ethics and compliance programs. And these obligations are contagious: increasingly accountable not only for their own compliance but also that of their supply chains, companies must seek corresponding contractual assurances upstream. Compliance is becoming privatized, and privatization is going viral.” This includes both CSR initiatives and stakeholder engagement.

I found the key element of the Report was the business applications of increased stakeholder engagement. Through strategic use of key stakeholders, well beyond simply shareholders, companies can not only increase their strategic outreach but also tap into a new source of business intelligence. The FCPA asks companies to know with whom they are doing business and how that business is conducted. These basic business inquiries can make companies more efficient and better run. By bringing the CCO and compliance function into the loop for increased stakeholder engagement, companies can leverage off compliance internal controls to create the best processes.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016