Show Notes for Episode 4, Year End Review, Part I

We turn to the 2016 year in review, in this Part I of a two-part series.

  1. Jonathan Armstrong leads a discussion on a very interesting UK Bribery Act enforcement action out of Scotland involving the Braid Group Ltd. It has some very significant implications for Bribery Act enforcement actions going forward. He also discusses the continued evolution of the UK DPA process and who it all works into the burgeoning global anti-corruption enforcement we saw in 2016.

For Cordery’s piece on the Braid case, click here.

For Cordery’s piece on the continued evolution of the UK DPA practice, click here.

  1. Jay Rosen takes us through a Paul Krugman NYT post on some of the invidiousness of corruption, focusing on the corrupting nature of compliance around undue influence. Rosen explains incentives more than anything else and how such incentives skew the marketplace. He asks a couple of provocative questions. First are there too many FCPA, ethics and compliance conferences? Second, even with the robust FCPA enforcement and maturation of compliance programs, why does corruption still exist? For a link Krugman post, click here.

Rants will return in a couple of weeks.

The members of the Everything Compliance panel include:

  • Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at rosen@ulgroup.com.
  • Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com.

 

 

 

n this episode, I visit with noted FCPA compliance practitioner Mike Volkov on some of his top highlights from 2016 and what he sees into 2017 going forward.

In this episode Mike Volkov and myself take a deep dive into the Odebrecht/Braskem and Teva FCPA enforcement actions. We review the underlying facts, the conduct of the parties, the results obtained and what it all means for the compliance practitioner going forward.

everything-complianceAs many of you knew I am an avid fan of podcasts and today I am thrilled to announce I have added another podcast to the growing network of podcasts available here at the FCPA Compliance Report and on the same named site on iTunes. At the SCCE 2016 Compliance and Ethics Institute, I sat down with four of the top compliance commentators in the field for my first roundtable-style podcast. It was so successful that I persuaded the gang to come back together every couple of weeks for a formal podcast, which is entitled Everything Compliance. The premier episode is available for your listening pleasure today. I will post a new episode every two weeks.

I host these four well-known compliance practitioners and commentators in a roundtable format:

  • Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Jay helps his clients develop efficient and cost effective solutions for Foreign Corrupt Practices Act (FCPA), Ethics & Compliance legal language needs for global investigations and Governance, Risk Management and Compliance (“GRC”) matters. Jay is my podcast partner for our weekly Friday podcast This Week in FCPA. Jay also curates weekly top FCPA and Ethics & Compliance stories for “Jay Rosen’s Weekend Read” which is available on LinkedIn Pulse. Rosen can be reached at rosen@ulgroup.com.
  • Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Mike has over 30 years of experience in practicing law, is a former federal prosecutor and veteran white collar defense attorney, he has expertise in areas of compliance, internal investigations and enforcement matters. Volkov maintains the highly popular FCPA blog – Corruption, Crime & Compliance. He is a regular speaker at events around the globe, and is frequently cited in the media for his knowledge on criminal issues, enforcement matters, compliance and corporate governance. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Matt is an independent compliance consultant who studies corporate compliance, governance, and risk management issues. On his blog,  RadicalCompliance.com, he writes on the intersection of business issues, compliance, governance, and risk topics. Kelly was named as ‘Rising Star of Corporate Governance’ by Millstein Center for Corporate Governance in the inaugural class of 2008 and named on Ethisphere’s ‘Most Influential in Business Ethics’ list in 2011 (no. 91) and 2013 (no. 77). Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out (but certainly not least) is our UK colleague, who is an experienced lawyer with Cordery Compliance Limited in London. His practice concentrates on compliance and technology issues, including advising multinational corporations on matters involving risk, compliance and technology across Europe. He has handled legal matters in more than 60 countries involving allegations relating to bribery, whistleblower complaints, corporate governance, ethics code implementation, reputation, internal investigations and data privacy matters. Armstrong can be reached at armstrong@corderycompliance.com.

The format is a roundtable discussion where I throw out a question to one commentator to lead the discussion. From that starting point we will all join in. I also include an “On My Mind” segment where each participant discusses what is on the forefront of their mind. This podcast is longer than my others, coming in at around 60 minutes, which allows us to explore the week’s issues in depth.

I am pleased to announce the first podcast is up and the inaugural episode includes the following discussion topics:

  1. Mike Volkov leads a discussion of the unintended consequences of the Yates Memo/Pilot Program for internal investigations. We explore the issue of “de-confliction” where the government asks a company to halt its own internal investigation for the government to be the first to interview witnesses. We explore de-confliction in the context of a requirement of cooperation to gain the benefits of the pilot program and how such a request from the Department of Justice (DOJ) could lead companies to be unable to disclose to other agencies or to shareholders and keep a Board in the dark about the alleged wrongdoing. What does this mean for the company and the internal investigator?

For Volkov’s post on conflicts of interest (COI) in internal investigations after the Yates Memo, click here.

  1. Matt Kelly leads a discussion on compliance and corporate governance. We explore the issue of compliance being involved in issues around pricing and sales in companies like Valeant and Wells Fargo. We discuss the role of compliance in areas outside of strict legal compliance but may move towards reputational risk, going into such areas as the new revenue recognition standards and executive compensation.

For Kelly’s blog post on the intersection of CEO pay and Chief Compliance Officers (CCOs), click here.

  1. Jonathan Armstrong leads a discussion of funding and the UK Serious Fraud Office (SFO), in the context of the recent announcement that the SFO has received additional or supplemental funding to investigate Unaoil. Why does the SFO need supplemental funding and how does it obtain it? What does all of this mean for the continued existence of the SFO in light of a former critic now being PM? Finally, Armstrong ties all of this into Brexit, his recent interview of Max Schrems and issues surrounding Privacy Shield.

For Armstrong’s interview with Max Schrems, click here and Cordery’s FAQs on Privacy Shield, click here.

  1. Jay Rosen takes us through the compliance conference scene. For those of you who are avid attenders of the various conferences, he discusses some of the key differences in the types observed, such as the nuts and bolts types (SCCE) and others which focus more on commentary (FCPA Blog NYC Conference). He discusses the relative strengths of each and how a compliance professional should think about selecting one or more to attend. He ends with his thoughts on why compliance certification is a plus (or minus).

For Rosen’s blog post Designing Your 2017 Ethics, Compliance & FCPA Conference Schedule, click here.

This new podcast Everything Compliance joins the four other podcasts I have on different aspects of compliance. The original FCPA Compliance and Ethics Report focuses on the nuts and bolts of compliance. Unfair and Unbalanced – is a podcast I do with SCCE CEO Roy Snell. In it we focus on wide ranging issues for the compliance profession. Compliance into the Weeds – is a podcast I do with Matt Kelly where we take a deep dive into the weeds of a compliance issue, typically technology, internal controls or GRC. We both indulge our inner geekiness in this podcast. Jay Rosen and I wrap up each week in FCPA, compliance and ethics with This Week in FCPA. All of these podcasts are available to you on my site, FCPAcompliancereport.com, and are available on iTunes under the same name.

Finally, I have a separate podcast on business leadership for both the compliance professional and broader business leader, 12 O’Clock High – A Podcast on Business Leadership with Tom Fox. It is hosted by Richard Lummis and each week I take a deep dive into a different area of business leadership; such leadership lessons from Dr. Frankenstein to managing a culture transformation.  It has is hosted on a separate site, click here, and is also available on iTunes under the same name.

Go to the first episode of Everything Compliance

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

qtq80-zp1rJNSometimes I get inspired when writing blog posts and sometimes I get on a roll. It is a bit of both this week and today, as previously this week, I have focused on Department of Justice (DOJ) pronouncements on their view of current standards in a best practices compliance program and the remarks and ideas of the DOJ Compliance Counsel, Hui Chen. Today, I build upon my earlier blog posts of this week which dealt with the remarks of Assistant Attorney General Leslie R. Caldwell and the public pronouncements of Chen, by reviewing remarks by noted Foreign Corrupt Practices Act (FCPA) thought leader and expert Mike Volkov made in a recent presentation to the Greater Houston Business and Ethics Roundtable (GHBER). Volkov presented some of his views regarding what he called “the evolving standard for compliance programs.”

Volkov believes with the hiring of Chen and the pronouncements in the FCPA Pilot Program, announced in April, 2016, the DOJ is slowly but surely raising the bar for corporate compliance programs. From the FCPA Pilot Program and remarks by Chen, Volkov identified that the key element is your company’s operationalization of its compliance program. This would lead Chen to make an inquiry into how far down your compliance program is burning into the fabric of your organization.

He went on to describe the increased importance of technology in any best practices compliance program. He believes that companies must look at automated systems because the government knows the vendors are making tools available. Another area Volkov believes that Chen is focusing on is consistency in your approach to contracting. He further explained this means consistency in the compliance terms and conditions of your contracts and purchase orders.

Borrowing from the arena of internal financial controls and Sarbanes-Oxley (SOX) 404 reporting, Volkov believes there is a new importance for invoicing, verification of accounts payable (AP) and segregation of duty (SOD) conflicts. He phrased it as “money should not go out the door unless legitimately provided and verified”. He went on to further explain that AP should have a deficient payment systems trigger for compliance red flags with the over-arching goal of invoice verification and justification. Volkov believes, “coordination strengthens internal controls and culture of compliance.”

Volkov noted an increased importance moving from the fact of performing due diligence to the quality of a company’s due diligence, risk management and review process. A company must ascertain beneficial ownership in any basic due diligence investigation. He cautioned you should never leave any red flags unresolved or even fail to act in the face of issues. Some of the key areas of inquiry he mentioned were: allegations or reputation of corruption or misconduct; large or unusual compensation arrangements; close ties to existing or former foreign official(s); lack of transparency of ownership structure; and no track record in industry – lack of qualification/business justification.

Chen has consistently talked about operationalizing your compliance program. He pointed to the PetroTiger declination and Qualcomm FCPA enforcement action as examples to show that stakeholders must work together and coordination among compliance, legal, audit, Human Resources (HR), finance – as well as senior management – is critically important.

In the area of oversight of foreign subsidiaries Volkov believes, “you should never operate on an island”. He pointed to the Johnson Controls FCPA enforcement action and the Nortek Non-prosecution agreement (NPA) for the proposition that corporate compliance programs must work to incorporate “tightly” foreign subsidiaries into their overall structure. This includes dedicated compliance resources in high-risk jurisdictions and placement of compliance personnel into the foreign subsidiaries. Simply put, one annual visit by compliance personnel responsible for China is insufficient. Similarly, with joint ventures (JVs) he pointed to the recent Hitachi and Och-Ziff enforcement actions which re-emphasized not only the importance of overall JV oversight but due diligence, training and monitoring of these entities during the pendency of the JV relationship.

Another area Volkov focused on was regarding high-risk third parties. Auditing, monitoring and training of third parties is also something he believes the government is focusing upon. He pointed with approval to the SAP enforcement action and the HMT LLC declination for the following insights; you should implement policies for risk-ranking third parties (vendors and suppliers, agents, and distributors); work to distinguish between agents and vendors/suppliers based on representation risk; consider in-person training for high-risk areas; and, finally, your compliance function should work with the accounting function to monitor expenditures and strengthen controls.

One area Volkov noted surprise on is the number of cases which turn on gifts, travel and entertainment issues. Somewhere there is still a disconnect between legitimate promotional activities vs. corrupt gifts, hospitality, and travel. He believes that companies must demonstrate updated training, awareness, and approval procedures around gifts, travel and entertainment and that a corporate compliance function must work with accounting to monitor and review expenditures.

Moving to the impact of the Yates Memo, Volkov believes that the DOJ has consistently called for more prompt and robust internal investigations in recent matters including Nortek, Akamai Technologies, and Johnson Controls. Cursory investigations, derailing internal investigations or internal audits and turning away from clear signs of FCPA violations are sure ways to invite regulatory sanction. Related to this is the requirement for companies to conduct regular internal audits including scheduling periodic audits, particularly for high-risk geographic regions, the timely investigate reports of improper activity and when warranted, broadening the scope of an investigation if signs of systematic misconduct are present.

Another area which both the DOJ and Chen have emphasized is the quality of your remediation. Volkov pointed to the recent Johnson Controls and HMT LLC declinations as examples of companies that engaged in proper remediation for their deficient compliance programs including disciplinary actions of recalcitrant employees. Johnson Controls terminated 16 employees, including high-level executives at a Chinese subsidiary, who were involved in misconduct. HMT LLC terminated 8 employees, including two regional managers and a director of business development and sanctioned ten employees through suspensions, pay freeze, bonus suspensions and reductions of responsibilities.

He contrasted these companies, which received the excellent result of a declination, with that of Embraer, which received only a 20% credit because of incomplete remediation. He said that the company disciplined employees and executives engaged in the misconduct, but “did not discipline a senior executive who was (at the very least) aware of bribery discussions in emails in 2004 and had oversight responsibility for the employees engaged in those discussions.”

In the area of cooperation and voluntary disclosure he noted that the “stakes remain high” on whether to do so. While companies can still receive some cooperation credit without voluntary disclosure, cooperation credit is a threshold requirement to significant benefits. These benefits include: a possible declination; potential for 50% reduction in fines; ability to secure Deferred Prosecution Agreement (DPA) or NPA and avoid guilty plea, and the absence of a corporate monitor.

Throughout his presentation, Volkov cited to the Compliance Evangelist mantra of Document, Document, and Document for all of the above. I would add you should test your compliance program against these evolving standards laid out by Volkov. The DOJ is becoming much more sophisticated in determining the difference between doing compliance and simply having a paper program. If you have not moved to some or all of these standards laid out in this post and those of the previous two days, you may well find yourself not only in the middle of a substantive FCPA investigation and enforcement action; but you may also be well behind the proverbial 8-ball if you have ignored these most public pronouncements by not evolving your compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016