Today, I continue a five-part series on what a Chief Compliance Officer (CCO) needs to consider when working through the remediation component of a potential Foreign Corrupt Practices Act (FCPA) compliance violation. I am joined in this exploration by Dan Chapman, well-known in the compliance community for his in-house compliance role a Baker Hughes Inc. and his CCO roles at Parker Drilling and Cameron International. Today I will consider step two: project timing.

While noting this was only an initial step, Chapman believes the first thing you need to consider is “what are your goals” and that you should consider your long-term goals in developing your remediation plan. It begins with two considerations; the first is completing the project on time. The second is to maintain the confidence of the Board and C-Suite level executives.

The timing aspect is not only about your planning but also about setting expectations. You need to plan what you hope to achieve and then scale it out for timing. You must take care the overall length is not beyond what people expect. Chapman noted “If people have expectations that aren’t proper, you want to set them right.” And the sooner you set realistic expectations the better.

I found it interesting that Chapman emphasized confidence as a critical element for success. He noted, “maintaining confidence from your Board, maintaining the confidence of senior management and demonstrating some quick wins is important, because that will allow you to repeatedly show that you have accomplished things, things aren’t just lingering.” This also allows you to keep the confidence level high on the medium and longer term aspects of your remediation plan. You must maintain this confidence on both the medium and longer term deliverables of your remediation plan. Once again, as with timing, you need to ascertain that your stakeholders have the same view of high and lower risk that you do or expectations can become skewed.

To begin Chapman advocated to come right out of the box “burning the candle at both ends”, which he further articulated as “you want to attack the low hanging fruit, or the items that can be completed quickly” within six months. Simultaneously you need to begin on your longest-term remediation projects, such as those which might take up to two years. Then mix in medium term projects with a 12-18 month shelf life. With this approach, in six months you will have demonstrated some early successes, moved halfway through to completing some medium-term projects and then should be one-quarter of the way through the longest-term projects.

Chapman cautioned that throughout this time, you must communicate with the stakeholders and manage expectations. He said, “You have to communicate when you reach, before you reach that six-month period, by the way, we are going to get these six months, short term items and quick wins done, so we can show those to the government authorities, and then we are going to move into a period where we’ll begin our medium term, and we’ll continue progress on our longer-term projects, all of which will conclude around 24 months. I say this knowing that no one is going to want to hear that. If you are a board member you are going to say, “So then what you are saying to me is you are going to start up something that’s going to take two years to do.” You are going to do some things that will take six months, but after six months we are not going to see much progress for the next 18 months.”

You will need to overlay your planning process with the expectations of the stakeholders in another manner; which is around the high, medium and low risk categories of tasks. If your Board or C-Suite level executive “believes that training should be your highest profile and you disagree and you do nothing there until six or 12 months, but you didn’t think that optically, don’t appear so important, but you personally believe are important, you are going to lose the confidence of your Board.”

As a CCO, you should be cognizant of known-unknowns and unknown-unknowns in any remediation project during the pendency of a FCPA investigation. In the planning process, this means you need to plan time for the unknown which may become known to you during the investigation or through your remediation efforts. You need to budget time into your remediation plan for new matters which may arise, because, as Chapman succinctly noted, “that’s what we do in compliance.” Moreover, “If you develop a tight schedule in terms of your remediation plan, you should expect that you will not complete on time, because part of the remediation program necessarily is the discovery of areas of improvement and correction of those areas of improvement.”

Chapman concluded that you must plan for the unexpected and this requires close coordination with your investigative counsel if new matters are discovered which need to be added to your remediation list. It may be that some are high-profile and high-priority, which require more immediate attention. It may be that they can be placed into the medium-term or longer-term buckets for completion. The bottom line is that no CCO can predict on Day One what all the remediation issues will be. You may have a sense that you understand the overall problem or that you are only looking at the tip of the iceberg but you must resist the temptation to declare on Day One that you know what all the issues that require remediation are or will be going forward.

Tomorrow I will consider communications with stakeholders in the remediation process.

 

Dan Chapman can be reached at jdanielchapman@gmail.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

In this episode, I visit with Mike Skopets, from Miller & Chevalier on the firm’s Summer 2017 FCPA Report. We discuss the background to the Report and begin with what macro trends the firm identified. We discuss the numbers of resolutions, declinations and investigations and what they might demonstrate. We go into the Linde Gas and CDM Smith declinations with disgorgement and what these two superior decisions portend for the compliance practitioner. We consider the Kokesh decision by the US Supreme Court and what it may mean for not only FCPA enforcement but the compliance professionals decision making calculus for self-disclosure. It is a very interesting wrap up of the first six months of the FCPA world in 2017.

Miller & Chevalier’s Summer 2017 FCPA Report is available at no cost on the firm’s website. You can obtain a copy by clicking here.

In this episode, I visit with Mike Skopets on Miller’s Summer 2017 FCPA Report.

Many Chief Compliance Officers (CCOs) came to the position from the legal department, internal audit or another professional discipline. These professions are technically focused and their training provides little to no soft skills training. Yet when one rises to the level of a CCO soft skills are at least equally important if not more important so than technical skills. Now overlay this need for soft skills with the focus from the Department of Justice’s (DOJ) FCPA Pilot Program on remediation as one of the four prongs required to achieve a fine and penalty reduction and the emphasis in the DOJ’s Evaluation of Corporate Compliance Programs (Evaluation) of operationalizing compliance; it is easy to see that the remediation phase is as important as the investigation phase.

Many have focused on the more technical aspects of the remediation component of a potential Foreign Corrupt Practices Act (FCPA) compliance violation. However, I wanted to explore the soft skills that a CCO must use, both internally and externally, to achieve the goals available under the Pilot Program, though extensive remediation. This week I begin a five-part series on what a CCO needs to consider when working through the remediation in the face of a FCPA investigation or allegation of FCPA violation.

I am joined in this exploration by Dan Chapman, well-known in the compliance community for his in-house compliance role a Baker Hughes Inc. and his CCO roles at Parker Drilling and Cameron International. In the latter two positions, Dan led both companies’ efforts to successful resolution of FCPA issues. Over the coming week, I will be considering five key soft skills, not taught in law schools or other professional schools, for every CCO to consider in the remediation phase of a FCPA inquiry. We will consider the following: (1) The Gatekeepers; (2) Project timing; (3) Communications with stakeholders; (4) When you are done? and (5) Post-resolution.

Chapman believes the first thing you need to begin with when faced with a FCPA investigation and remediation is to assess how the culture at the top of the company will affect your remediation efforts going forward. He noted, “I think the first thing that you want to do is, to gather an assessment or make an assessment regarding the culture at the top, and how it might affect remediation.” To do so, he advocated a three-step inquiry. The first question to consider is “who are your gatekeepers?” The second inquiry is into the level of focus the gatekeepers can give to the remediation. Finally, the third inquiry is to assess the gatekeepers understanding and knowledge of compliance.

Who are the gatekeepers?

While a company may have multiple gatekeepers, including the legal department, compliance function, Supply Chain (SC), Human Resources (HR) or Internal Audit (IA), you need to determine who makes the decisions regarding compliance issues. Some of the compliance activities Chapman suggested you consider are “investigations, training, due diligence, vendor selection, audits, and other compliance subject matters.”

Look beyond paper line reporting and assess lines of communications and information reporting structures to ascertain how decisions and actions are taken regarding compliance issues. Chapman provided the example of budget and spend where he said it is important to understand who authorizes compliance expenditures; the CCO, the Board or Audit Committee or the Chief Executive Officer (CEO) or perhaps other(s).

Level of gatekeeper focus

This inquiry delves into how much time, energy and focus the gatekeepers will be able to give to the compliance function and specifically the remediation. The gatekeeper focus can be a function of interest or of workload. The time of Boards and senior management is usually stretched to the limit, most particularly if large issues or decisions are looming. Often, it is not that the gatekeepers do not have the passion for the subject but they simply do not have the time to prioritize it. Chapman noted, “if a company is dealing with bankruptcy risk or is dealing with a significant corporate transaction such as they’re acquiring a company that is of the same size, that’s going to divert senior management’s time and they’re not going to be able to focus on compliance.” 

Level of gatekeeper understanding

The third inquiry is to assess the level of compliance understanding of your company’s gatekeepers. Here you need to tread carefully because if gatekeepers believe they understand compliance yet have very little appreciation of best practices, doing compliance or the operationalization of compliance and are entrenched in their uninformed views, it may be difficult process to move the company to a point which meets the DOJ requirements for extensive remediation under the Pilot Program. You will need to determine if these gatekeepers will defer to you as the CCO and compliance subject matter expert (SME) or outside consultants as SMEs. Chapman believes the optimal situation is where the gatekeepers are highly knowledgeable but are willing to defer to the CCO as the compliance SME.

You will also need to understand the compliance structure of the organization. If the CCO reports directly to the Board or C-suite, it can allow a more rapid and unfettered response on remediation. However, if the company’s reporting structure is such that compliance reports to personnel at a lower level of the organization, Chapman believes this “can make real compliance change more difficult. Even worse is a situation where you have supervisory lines or organizational structures that infer that compliance decision making is in practice different from what one would expect based on those supervisory lines and organizational documents.” He noted such a structure is “a very dangerous thing.”

These three inquiries speak directly to the soft skills a CCO must have and must employ in this type of situation. Chapman noted, “interpersonal skills and the ability to read between the lines is essential.” Boards and C-Suite level executives are very busy with innumerable pulls on their time so you should respectful of both their time and in your communications with them. Being polite and courteous never hurts.

Knowing which questions to ask to allow you find out this information is critical so you can quickly assess whether someone is a gatekeeper and what is their level of compliance knowledge. Some of the questions he suggested to ask include “How do things really get done here? What are the lines of a communication when it comes to making decisions with respect to compliance? Are compliance personnel truly autonomous, do they have authority to get things done?” Chapman concluded this can be “a very delicate discussion, and one that senior management might not always want to have. Knowing how to push and how not to push in a way that is respectful of the commitments that the senior managers have is going to be critical.”

Tomorrow I will consider project planning and risk assessment for extensive remediation.

 

Dan Chapman can be reached at jdanielchapman@gmail.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories, including:

  1. The SEC charges KPMG and partner with blown oil and gas company audit. See Dick Cassin’s blog post in the FCPA Blog.
  2. BSRG raises its head again as company chief Beny Steinmetz was detained in Israel. See article in the FCPA Blog.
  3. What should be the response of the compliance community to the events in Charlottesville and the administration’s response. Tom and Matt Kelly explored in this week’s edition of Compliance into the Weeds. See Matt Kelly’s blog post, Trump Tests Corporate America’s Values. See Tom’s blog post Time For Compliance to Take a Stand. Finally for a perspective from the compliance profession, see the statement from the Ethics and Compliance Initiative entitled, To the Members and Stakeholders of the ECI Community
  4. Jeff Kaplan considers whether lawyers can be whistleblowers. See Jeff’s article in the Conflict of Interest blog.
  5. Can you do any business in Iran? A new treasury ruling complicates the matter (think Catch 22). Sam Rubenfeld reports in the WSJ Risk and Compliance Journal.
  6. Roy Snell reflects on 20 years in the compliance profession in an interview with Ben DiPietro in the WSJ Risk and Compliance Journal.
  7. This month’s podcast series on One Month to a More Effective Compliance Program is in full production. In August I am reviewing how to have greater continuous improvement in your compliance program. This week’s topics include voluntary monitoring, keeping track of current events, the Desktop Risk Assessment, using big data and controls testing. Affiliated Monitors is this month’s sponsor. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.

In this episode Mike Volkov and I discuss the two official pronouncements from the Sessions’ Justice Department regarding FCPA enforcement. They were both declinations used under the FCPA Pilot Program, which was announced in April 2016. The first declination involved Linde Gas North America LLC and Linde North America Inc. Linde Gas is a wholly owned subsidiary of the Linde Group, a German based entity which is listed on multiple stock exchanges in Germany, but not listed in the US.  The second declination involved CDM Smith Inc. a privately held company, headquartered in Boston MA. As neither company is a US publicly listed entity, neither is subject to jurisdiction of the SEC. Hence both declinations were granted with the notation of declinations with disgorgement. In Linde Gas, the disgorgement amount was $7.8 million and forfeit $3.4 million, for a total of $11.2 million and in the CDM Smith declination the disgorgement amount was $4.037 million. Both declinations were superior results obtained by the companies as both had clearly violated the FCPA, for multiple years in ongoing bribery and corruption schemes.

For more on these two enforcement actions see the following:

  1. Linde in the Republic of Georgia: A Declination and Lessons Learned by Tom Fox;
  2. A Second Superior Result – CDM Smith Obtains a Declination by Tom Fox; and
  3. Justice Department Resolves Two Cases Under FCPA Pilot Program by Mike Volkov.