7K0A0246Tone at the top is the single most ubiquitous phrase in compliance. However, I heard it phrased in a manner last week which not only made sense but explained why it is the most used phrase. It came from Vanessa Rossi, FCPA Due Diligence Compliance Counsel at Baker Hughes Inc. Rossi says the phrase which resonates with her is ‘tones at the tops’ because for every employee, the top is not the company Chief Executive Officer (CEO) but the supervisor immediately above them and it is this immediate ‘top’ which sets the company’s tone for the employee. It is also that supervisor who will set not only the true culture of an employee but will address any complaints that employee has about violations of the company’s self-professed culture. Finally, it may also mean there is more than one ‘tone’ in any organization. Rossi’s insight certainly explains quite a bit about the Wells Fargo scandal.

Today, I continue my exploration of the Consumer Financial Protection Bureau (CFPB) enforcement action against Wells Fargo. Yesterday, I wrote about how something as benign as the cross-selling of banking products and services can become a very high risk proposition if not managed properly. Today I want to consider the culture at Wells Fargo and how it contributed to the bank creating some 2 million false and fraudulent accounts which led to some 5,300 employees being fired and the CFPB (and others) fine of $185MM.

On its public website, Wells Fargo has a Code of Conduct available for inspection and download. The document is entitled Our Code of Ethics & Business Conduct – Living Our Vision & Values. In his cover letter introducing the document, CEO John Stumpf says the following, “We are all responsible for maintaining the highest possible ethical standards in how we conduct our business and serve customers. After all, our culture is centered on relationships, and those relationships are built on trust. Our customers have high expectations of us, and we have even higher expectations of ourselves.”

The Code itself has a section entitled Ethics, subtitled “Our ethics are the sum of all the decisions each of us makes every day”, the first sentence reads, “We have a responsibility to always act with honesty and integrity.” In the next section entitled What’s right for customers, subtitled “We want to be approachable and caring, exceed our customers’ expectations, and invest in relationships that last a lifetime”, the first three sentences read, “Our customers are always our priority. Our customer focus is one of the characteristics that distinguishes us from our competitors. We do what’s right for our customers”. The very next section, entitled Making the Right Choice, has a first sentence which reads, “If you’re faced with an ethical dilemma and you’re not sure what to do, ask these questions:

 

The section ends with the following, “If your answer to any of these questions is “No,” don’t do it.” So it appeared that Wells Fargo said the right things. Indeed, CEO Stumpf, in a Wall Street Journal (WSJ) article by Emily Glazer and Christina Rexrode, entitled “Wells Boss Says Staff at Fault for Scams”, says, “It was the employees’ fault” and “There was no incentive to do bad things.”

Wells Fargo did not have a ‘paper Code’ like Enron; sitting there for all to see but never trained upon. In a New York Times (NYT) article, entitled “Warned About Excesses, Then Prodded to Sell”, Michael Corkery and Stacy Crowley wrote, “The message to the dozens of Wells Fargo workers gathered for a two-day ethics workshop in San Diego in mid-2014 was loud and clear: Do not create fake bank accounts in the name of unsuspecting clients. Similar warnings were being relayed from corporate headquarters in San Francisco to regional bankers in Texas, as senior management learned that some Wells employees had been trying to meet exacting sales goals by creating sham bank accounts and credit cards instead of making legitimate sales.”

Yet, in spite of this training, statements made by Stumpf to the WSJ and the sections on ethics in the Wells Fargo Code of Conduct point to a clear disconnect between the values articulated in the corporate headquarters with those out in the field, in the branch offices selling consumer banking products across America. This points to a major disconnect between the corporate office and the field. What was important at the corporate office as a cultural value was not so important to those with their jobs on the line out in operations. The WSJ quoted one former Wells Fargo teller who was critical of this corporate message, who was quoted in the piece, said, “It was all management, their boss, then their boss, then their boss. They are putting pressure on employees and it’s sad. People need their jobs.”

The reason company employees continued to break the law is seemingly straightforward. The pressure put on employees was to cross-sell, cross-sell and then cross-sell. The NYT piece said, “Wells continued to push sales goals that caused employees to break the rules in the first place.” Moreover, “The biggest problem, the former employees say, has been Wells Fargo’s aggressive sales culture, which was nurtured and honed over decades at the bank’s highest levels.” The pressure to cross-sell was relentless. One former Wells Fargo employee, Sharif Kellogg, was cited stated, ““The branch managers were always asking, ‘How many solutions did you sell today?’ They wanted three to four a day. In my mind, that was crazy — that’s not how people’s financial lives work.””

Wells Fargo apparently noticed something was askance several years ago. The Los Angeles Times first reported on scam allegations coming out of Los Angeles branches back in 2013. The company knew it had a problem and hence the compliance and ethics training. But branch managers (the immediately tops above the consumer sales force) continued to push cross-selling. The NYT piece noted, “former Wells employees swapped grim stories about the dichotomy between their ethics training — where they were formally told not to do anything inappropriate — and the on-the-job reality of a relentless push to meet sales goals that many considered unrealistic.” Another former employee said, “During our training we go through SO much training about ethics and how you CANNOT do that. I got threatened to be fired as a teller with them because I wasn’t meeting my numbers. I told them I didn’t believe in trying to convince someone to spend money they don’t have, get what they don’t need.”

The bottom line was that Wells Fargo employees were hounded by the immediate managers to meet clearly unrealistic sales quotas. What was the pressure those branch managers were under? Going in another direction, one former Wells Fargo employee basically said the branch managers were getting rich off the back of their employees when they joked on a YouTube spoof video, ““If tellers and bankers make those sales numbers each day, at the end of the month everybody in the branch will get a $5 gift card to McDonald’s. The district manager will get a $10,000 cash bonus.””

Even with a robust and specific Code of Conduct, a CEO allegedly committed to doing business the right way and specific training the ‘tone’ of the organization came from the employees’ immediate bosses. If a branch manager wanted you to cross-sell products to customers who did not want them, did not need them, could not afford them or did even know they had been assigned the products; that is what the employees did. If not, they would be fired. In the corporate world, that is the clearest statement of culture a company can have.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Show notes for week ending August 19, 2016

  1. Tom Fox posts on Key Energy FCPA enforcement action: Part I, Part II and Part III.
  2. More Och-Ziff FCPA news as its “Fixer” is arrested for FCPA violations. See this FCPA Blog report.
  3. EU’s to Olympic committee arrested and charged with ticket scalping in Rio. See BBC story.
  4. SEC has second enforcement action against company attempting to prevent employees from going to the SEC with complaints of illegal conduct. This time in a post-employment separation agreement. See Dan Marshall story in the FCPA Blog.
  5. Keppel executives alleged to have known about their agent’s bribery to obtain Petrobras business. See Petro Global News story.
  6. Compliance is a business. See blog post.

ARodAlex Rodriguez announced his retirement from baseball, effective Friday, August 12. In a New York Times (NYT) article he said, “Saying goodbye may be the hardest part of the job,” “But that’s what I’m doing today. As far as 700 [home runs], or any of those type of milestones, I would have had an unbelievable, fun time going after them, those are not the cards I was dealt.” So, in other words, the Yankees released a player, who at one time had the richest contract in baseball.

One of the cards with which Rodriguez was dealt was to be one of the greatest natural talents to hit a baseball in the past 50 years. The card he personally added to the mix was the use of performance enhancing drugs, usually claiming that he did not take them but occasionally admitting so on the public stage as well. The real problem for Rodriguez is that at 41 he is washed up as a major league baseball player. He will end his career with 656 home runs and I for one am glad that such a public cheater did not become the fourth person to slam 700 home runs. Not even the New York Yankees, who still owe him $21MM through the end of next season, could put up with his lack of performance any longer. He will be a ‘Special Advisor’ to the club which is the business world equivalent of an unwanted senior executive being moved to ‘Special Projects’. Still on the payroll but released from any real work.

Rodriguez’s sorry exit from baseball forms the basis for today’s blog post and most interestingly the NYT had another article in its Sunday edition from which every Chief Compliance Officer (CCO) and compliance practitioner should draw a valuable lesson. It was found in the Corner Office column where Adam Bryant interviewed Kevin Warren, the Chief Operating Officer (COO) for the Minnesota Vikings, in a piece entitled “Championships Are Won in the Details. In the business (and compliance world) this translates to execution. It does not matter how impressive your paper compliance program might be, if you do not execute the program going forward, you will not be doing compliance. Baker Hughes, Inc. (BHI) CCO puts it more colloquially when he says that execution is where the rubber meets the road.

Yet Warren has some additional insights from his position that I think apply to the CCO or compliance practitioner. When asked about his leadership style, he said that it had evolved. He described this evolution through an interesting analogy saying, “in the first part of my life and my career, I was rolling through stoplights. I was so busy. And now in my position, I stop at a stoplight and really take an opportunity to observe the surroundings. Maybe there’s someone on the side of the road who needs some help. Maybe there’s someone in a rush that needs to go ahead. That’s where I am now. There are more demands on my time, but I’ve become a much better listener. I’ve slowed down my thought process and tried to make sure I’m there for everyone.”

As a compliance leader, you must be available to employees literally from the Boardroom to the shop floor. If a compliance matter comes up, there must be someone there to advise, even if that advise is only to confirm the employee’s understanding of doing business in compliance or that their plan of action is within your company’s anti-corruption risk management parameters. The other observation is that compliance is one of the few corporate disciplines which is literally “there for everyone.” In my podcast series Unfair and Unbalanced, I have debated my co-host Roy Snell on this point but I have come around to Roy’s point of view. In many ways, compliance is becoming the key corporate discipline as it moves into the fabric of an organization. This is because it is the fulcrum by which so many corporate disciplines intersect.

Warren had a couple of additional insights for any compliance practitioner. One was around hiring. As you might expect for someone at his corporate level, by the time a candidate gets to him for an interview, the candidate has been thoroughly vetted in technical competence. So Warren wants to obtain a fuller measure of the candidate. He does so by inquiring into their passion for the position and whether they will give a top effort. These are excellent points for any CCO as well. Most compliance practitioners are passionate about compliance. They view it as more than simply a job. As a leader in compliance, you should inquire into this and if you find it in your employees, not only work to harness that passion but also use it going forward. That is one way to become a great leader.

Conversely, Warren intoned that when it comes to advice for employees “I think the best thing is for people to be really honest with themselves. Step off the treadmill a little bit and be honest with yourself about what you really want to do, what you want your legacy to be, what you want your life to look like. And people should really focus on nirvana. I’ve been blessed to reach nirvana because in my quiet times along this journey, I would sit and dream and write things down that I wanted to do. You most likely can’t reach a goal that you have not already achieved in your head. If, in your mind, the best you focus on is running an eight-minute mile, you will never run a six-minute mile.”

There are many people new to the compliance profession. One of the things that struck me at the recent Compliance Week 2016 was how many first time attendees were present. There are many new faces in compliance. If this is what you want to do, get out there and do it. You can attend conferences and meet others in the compliance profession. You can go the 2016 SCCE Compliance and Ethics Institute this September in Chicago, where there is a specific event designed to provide mentorships. The SCCE has one of, if not the top compliance certification programs going and you can become a certified compliance professional. Not only will such a certification give you personal satisfaction but it also provides a market differentiator when you are interviewing so your own personal brand will profit.

If you remember Rodriguez from the 90s during his tenure with the Mariners, you recall one of the greatest raw talents of all-time. Rodriguez chose to waste all of that by using steroids and ruining his legacy forever. He denied, then admitted, and then denied again that he used performance enhancing drugs. He later filed an appeal for his 2014 season long suspension for such use but when the day came for him to testify in an arbitration proceeding, he literally ran out of the hearing room as he would have been required to testify under oath for the first time in his life about steroid use. That to me will always be his lasting legacy.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Innovation 5I have been exploring innovation in the compliance function this week. For my final piece I want to consider the innovation process itself. In an article in the MIT Sloan Management Review, entitled “Finding a Lower-Risk Path to High-Impact Innovations”, authors Joseph V. Sinfield and Freddy Solis came up with a different method to view the innovation process. They posited something called the ‘Lily Pad’ approach, which they believe can be a lower risk stratagem to innovation. I found that this approach had some interesting applications for the compliance discipline.

The authors begin with the premise, which is found in the traditional risk-reward theory, when they noted, “Innovation initiatives and the funding programs that support them are generally viewed as “investments,” with an expectation that taking higher risks should be rewarded with higher returns. At the low-risk, low-return end of the spectrum, we tend to see investments that drive incremental innovation or development of innovations that are already proven. At the opposite extreme are corporate “skunk works” that seek to drive innovation in technology and business models to develop whole new product or service categories.” Compliance initiatives can fall anywhere along this spectrum for the reason that if they fail, it can create the conditions for a more systemic failure, which could bring the catastrophic consequences of a Foreign Corrupt Practices Act (FCPA) or other legal violation.

The authors believe that an incremental approach, which they designate as the ‘Lily Pad’ approach, “are developed and introduced opportunistically in application spaces that are ready for adoption. Progress in one lily pad garners resources/cash flow earlier in the development process and can create a pathway for subsequent lily pads in other application spaces.” This allows innovations to break out from their initial breakthrough at an organization, through the period where “decisions about which capabilities to develop and which application contexts to pursue” are made by the development team. All this leads to a progressive cascade of innovation moving forward, as visualized by the authors, as leaping from one lily pad to the next.

The authors list some characteristics of innovations, which they believe leaders should consider for investment. I have adapted them for the compliance function. Does the innovation “offer multiple pathways from first principles to impact” and how relevant is the innovation to multiple business lines or units? Will the innovation change the perspective of employees and even move towards reconfiguring the compliance ecosystem? Finally, is there potential for both growth and improvement in the innovation going forward?

After you have gone through and answered these questions, you should be ready to move forward with what the authors called ‘enabling actions’ and implement one or more of the innovations. By using their approach, the authors write that “Lily pad applications for an enabling innovation provide opportunities to match capability, purpose, and context in a manner that advances select performance dimensions of the innovation, aligns elements of ecosystems, and/or begins to shift” employee views across your organization. But more than simply the singular innovation, the lily pad approach allows your company to reduce the time and cost to jump to the next iteration of development.

Finally, the authors believe that you must “understand and proactively shape the ecosystem”, which for the Chief Compliance Officer (CCO) or compliance practitioner, means working with the business teams so that they understand how and why the innovation will help them achieve their corporate goals. Simply put employees can get stuck in the same rut of doing the same thing the same way. Yet it is a maxim that your compliance program must evolve to meet new risks and new demands. The authors’ lily pad approach allows for an incremental growth of change in ways that can demonstrate effectiveness and allow not only feedback but also acceptance from the employee base.

An example of such an approach could be around the use of data driven analysis from the compliance perspective of all dramatic growth in sales. Recall that there is no materiality level under the FCPA, so the business unit that experiences a dramatic growth in sales, even if non-material within the entire organization, could be the basis of a FCPA enforcement action. By focusing your innovation on one business unit that has experienced a dramatic growth, even if it is in a province of one country or a relatively small country in one larger geographic region, you can use this approach to demonstrate the usefulness of such data monitoring.

The lily pad approach would inform the presentation going forward as every business would want to know and understand how a dramatic growth occurred. Was it product driven? Was it personnel driven? Was a new sales campaign employed? Did a new or different product come to market? Of course, if the sales spike was due to nefarious activity such as bribery, corruption, financial fraud, accounting fraud or other egregious behavior then it can be reviewed and remediated as appropriate. For corporate management the initial results obtained by such a review could be the start of an entire innovation process around any portion of the sales cycle that might have been impacted by such stunning sales growth. It could certainly lead to better and more robust business forecasting going forward.

The authors end their article with four key questions, which I found to be an appropriate manner to end this series on innovation in compliance. First, do you understand the role of innovation in your compliance strategy? Second can you spot the innovations as this may well require you to think differently, particularly if you come from the legal department or have legal training, which certainly does not favor or foster innovation. Next, do you have the ability to adapt to innovations in your compliance function to the company as a whole? Put another way, can you demonstrate how an innovation in compliance will help the company do business more efficiently and in compliance with applicable laws. Of course it all begins with the willingness to engage in innovation and that starts with the top of your organization.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Battle of the Somme II have not written much in honor of the centennial of the First World War (WWI). However this week I will to remedy this oversight by focusing on the Battle of the Somme, leading up to the first day of the long battle, which began on July 1, 1916. I cannot say precisely why this one battle has long held such fascination for me. Perhaps because I first read a detailed account of it in John Keegan’s seminal work The Face of Battle back in 1976. I subsequently read other, more detailed works on the battle.

In many ways the Battle of the Somme was a defining moment in British history. Perhaps only Waterloo (defeat of Napoleon) was as important and certainly only Hastings (1066 and all that) was more important. In raw numbers, no other battle in British history comes close to the horrific slaughter of British manhood, with 20,000 killed and another 40,000 wounded on the opening day of the campaign. The campaign lasted five months and cost the British nearly 420,000 casualties. Many authors have struggled to explain the battle and its costs. As a reader, I have struggled to understand the same issues as a reader. Yet there are lessons to be learned from the battle and its aftermath, which I will use as an introduction to my blog posts this week.

Last week the Securities and Exchange Commission (SEC) announced a resolution of an outstanding Foreign Corrupt Practices Act (FCPA) action involving the company Analogic Corporation (Analogic) and Lars Frost (Frost), a former Chief Financial Officer (CFO) of its wholly-owned Danish subsidiary BK Medical ApS (BK Medical). Separately BK Medical settled its outstanding FCPA enforcement action with the Department Of Justice (DOJ) via a Non-Prosecution Agreement (NPA). BK Medical agreed to pay a fine of $3,402,000. In a settlement with the SEC, Analogic agreed to pay $7.7 million in disgorgement and $3.8 million in prejudgment interest. Frost agreed to a fine of $20,000.

Analogic is a medical device manufacturer headquartered in Massachusetts, primarily manufacturing ultrasound equipment. Its sales method into Russia, as well as other countries, was through its Danish subsidiary BK Medical and then through distributors. It was through this mechanism that the bribery and corruption was facilitated. And what a bribery scheme it was.

As stated in the SEC Order, “From at least 2001 through early 2011, BK Medical participated in hundreds of highly suspicious transactions at its distributors’ direction which posed a significant risk of bribery or other improper conduct. The suspicious transactions involved BK Medical’s distributor in Russia, as well as, to a lesser extent, its distributors in Ghana, Israel, Kazakhstan, Ukraine, and Vietnam. The transactions routinely involved fictitious invoices issued by BK Medical at inflated prices, overpayments to BK Medical from the distributors against the inflated invoices, and subsequent payments by BK Medical out of the distributors’ excess funds to unknown third parties all over the world for unknown reasons. In short, for at least nine years, BK Medical acted as a conduit for its distributors to funnel money to parties, and for reasons, unknown to BK Medical. Approximately $20 million flowed through BK Medical from these distributors, with over $16 million from BK Medical’s Russian distributor.”

Down in his CFO office at BK Medical, Frost “personally authorized approximately 150 conduit payments to unknown third parties during his tenure at BK Medical despite knowing that the payments violated BK Medical’s internal accounting controls. Frost also submitted numerous false quarterly sub-certifications to Analogic.”

False Contracts and Bogus Invoices

The SEC Order gave exacting detail on how the illegal payments were created and funded. “The first step involved the creation of one or more fictitious documents reflecting an inflated purchase price for the product or products BK Medical was selling to the Russian distributor.” From there, “the Russian distributor would request that BK Medical create a fictitious, second invoice at an inflated price. The Russian distributor would send BK Medical a template invoice with the inflated price, which was regularly well in excess of 100% of the original, agreed-upon price. BK Medical’s distributor sales staff understood the inflated price to reflect the price the ultimate end user would pay to the distributor.”

BK Medical would then “cut and paste BK Medical’s logo onto the template invoice and complete other pertinent fields, such as an invoice number. These steps were taken outside BK Medical’s standard invoice-generation system, in violation of BK Medical’s internal accounting controls. The fictitious, second invoice would subsequently accompany the ultrasound products when they were shipped to Russia. An invoice prepared by BK Medical’s standard invoice generation system reflecting the agreed-upon, actual price would also be sent to the Russian distributor”.

Next the Russian distributor would send BK Medical a bogus contract at this higher price that the Danish-subsidiary would approve it. The Russian distributor would then pay against the bogus contract and invoice. BK Medical would book the true or original contract price and credit the excess amount to the Russian distributor.

As set out in the NPA’s, in addition to these fake contracts, with their attendant payments, the Russian distributor “would send BK Medical an invoice that purported to be from the third-party entity that was to receive a payment from BK Medical. These invoices referred to services being rendered to BK Medical as, among other things, “marketing,” “logistic service,” and “commission.” BK Medical employees have confirmed that none of these entities actually rendered any services to BK Medical and that they understood this fact at the time these invoices were received by BK Medical.”

Payments Based on False Documents

 Of course this excess amount had to be sent somewhere for a bribe to be paid and sent somewhere the payments were. The SEC Order stated, “Then, at some point weeks or months later, the Russian distributor would direct BK Medical to make a wire payment out of the excess funds to a third party that was otherwise unknown to BK Medical. BK Medical complied with the directives, despite not knowing the purpose of the payments or the nature of the payees.” The payees were largely shell companies located in the usual locations for suspicious payments: Belize, the British Virgin Islands, Cyprus and the Seychelles and made payable “to specific individuals in Russia.”

All of these payments were made outside of and in violation of Analogic’s internal controls. Over a 10-year period, these payments totaled approximately $16.1 million and BK Medical recorded over $21.6 in profits from these transactions. There were other countries where this or a similar distributor-based bribery funding mechanism was used. These countries were “Ghana, Israel, Kazakhstan, Ukraine, and Vietnam” to the tune of some $3.8 million.

As blatant as all of the above was in terms of an overt bribery program, it did not pass unnoticed. As early as 2004, BK Medical’s Vice President (VP) of Sales asked the purpose of the payments. He was told “Russian market conditions.” Moreover, in 2008, Analogic recognized the potential for FCPA violations by BK Medical. The parent corporation provided training to BK Medical but it stopped there and did not inquire further into the Russian agent. So red flags were identified and raised yet there was no follow up action by the corporate parent.

Tomorrow, I will consider more lessons from the Battle of the Somme and how a company, which engages in such a blatant bribery program, can achieve the rather stunning result that Analogic sustained.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016