Like a Rolling StoneToday we celebrate one of the seminal achievements in rock and roll for it was on this day, 50 years ago, in 1965 that Bob Dylan recorded his single Like a Rolling Stone. Columbia Records executives initially rejected the song as too long to be released as a single because it came in at over 6 minutes in length. However, through a campaign of subterfuge, Dylan’s manager was able to have it played by New York City DJs. The popularity of the song became so great that the same Columbia Records executives were forced to release it and it went to Number 2 on the Top 40.

According to the site ThisDayInHistory.com, “The most important impact of “Like A Rolling Stone” was not commercial but creative. Rolling Stone magazine said Dylan “transformed popular song with the content and ambition of ‘Like a Rolling Stone.’” Or as Bruce Springsteen said of the first time he heard it, “[it] sounded like somebody’d kicked open the door to your mind.”” And my favorite part is the opening organ riffs played by a 21-year-old Al Kooper who was just sitting in on the session.

I thought about this odd convergence that came together to create what Rolling Stone magazine named as the greatest song of all time in 2004 in the context of the continuing fallout from the ongoing scandal involving the governing body of international soccer, the Fédération Internationale de Football Association (FIFA). In a BBC Online article, entitled “Fifa corruption: South Africa cash ‘worrisome”, Andrew Harding wrote “A key figure in South Africa’s football World Cup bid has broken ranks with the government to suggest there might be some truth to a claim that a $10m bribe was paid to secure the 2010 tournament.” That figure is Tokyo Sexwale who was “a member of both the World Cup bid team and local organising committee”. Sexwale has now questioned whether the $10MM payment made to Jack Warner of Trinidad was truly a donation.

Sexwale went on to ask, “”Where are the documents, where are the invoices, where are the budgets, where are the projects on the ground?””

I thought about those questions in the context of a Chief Compliance Officer (CCO) or compliance practitioner working under a Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance program around charitable donations. There has been a paucity of FCPA enforcement actions around charitable donations. Both the Schering-Plough Corporation and Eli Lilly and Company enforcement actions centered in Poland were Securities and Exchange Commission (SEC) civil enforcement actions based upon violations of the books and records and internal controls provisions to the FCPA. There was no evidence of bribes being paid which rose to criminal conduct.

Generally, it is assumed that if you do the required review of the charitable organization that is due to receive a corporate donation and in this due diligence, there is no tie to a government official or family member, the donation can be made under the FCPA. However consider Sexwale’s comments around the evidence of whether a bribe was paid to Warner or if it was simply because “part of the feeling at the time – it’s a good thing, this [$10MM of] altruism (towards the African diaspora in the Caribbean)”. Yet even Sexwale noted the problem when he added, “The question is going to be: “What was done to make sure that your good intentions – you as the giver – have been realised?””

His comments gave me pause to think that companies who make charitable donations in foreign countries may now have to monitor these donations at a greater level and with greater scrutiny. The starting point may now well be as stated by Sexwale, “What was done to make sure that your good intentions – you as the giver – have been realized?” If this is now a standard of enquiry and oversight the Department of Justice (DOJ) will require validation on how your company can have assurances that your good intentions are realized? Once again you can look to the basic questions that Sexwale posed in the BBC online article, Where are the documents, where are the invoices, where are the budgets, where are the projects on the ground?

There have been four Opinion Releases around charitable donations under the FPCA. Opinion Release 95-01 was a request from a US-based energy company that planned to donate $10MM for equipment and other costs to a medical complex that was under construction near a large construction project. Opinion Release 97-02 dealt with a request from a US-based utility company who planned to donate $100K for construction and other costs to a government entity that proposed to build an elementary school near a facility. Before releasing funds, the utility company required certain guarantees from the government regarding the project, including that the funds would be used exclusively for the school. Also, the donation was directly to the foreign government and not a charity. Opinion Release 06-01 dealt with money to fund a pilot project in which the US Company would contribute $25,000 to the in country Ministry of Finance to improve local enforcement of anti-counterfeiting laws. The contribution was intended to provide incentive awards to local customs officials, needed because the African country involved was a major transit point for illicit trade and the local customs officials have no incentive to prevent the contraband. Finally, Opinion Release 10-02focused on the underlying due diligence engaged in by a US-based Micro Financial Institution (MFI) operating in an unnamed Eurasian country. The Release specified the three levels of due diligence that the US MFI had engaged in on the proposed locals MFIs which were listed as eligible to receive the funding. In addition to the specific discussion of the due diligence performed by the US MFI and noting the controls it had put in place after the funding was scheduled to be made the DOJ also listed several of the due diligence and/or controls that it had previously set forth in prior Opinion Releases relating to charitable donations.

While these Opinion Releases certainly imply a level of scrutiny at the post donation level, their primary focus is on who the donations are being made to and are they a government official. However, the DOJ may well expect both pre and post donation scrutiny, along the lines of Sexwale’s questions, which could demonstrate the legitimacy of the donation. However Sexwale’s questions also raise up something that the DOJ and SEC often say, that being that a good anti-corruption compliance program is really just good business. Shareholders and investors have the right to know how and where their money is begin spent. It would seem to behoove any company to want to the know the same thing that Sexwale wants to know about the $10MM payment to Jack Warner, What was done to make sure that your good intentions – you as the giver – have been realized? 

To hear the original version of Like a Rolling Stone on YouTube, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

CorruptionToday, I continue my four-part series on the above question posed to me recently by a colleague. In Part I, I wrote that only the US government had the wherewithal, tools and will to do so. Yesterday, I focused on corruption on the pitch and how bribery and corruption ‘changes the game’ of soccer (AKA Football). Today is the third of my of my four reasons on why Americans should care about the Department of Justice (DOJ) bringing their indictments against the 14 named defendants who were all associated with the governing body of international soccer, the Fédération Internationale de Football Association (FIFA). Up today is the corruption and US companies.

While there were no US companies specifically identified in the indictments, there were allegations that bribes were paid and pocketed in connection with the sponsorship of the Brazilian national soccer team by “a major U.S. sportswear company.” This company was later determined to be Nike. In an initial statement Nike denied any involvement in the payment of bribes and said they were cooperating with the relevant authorities. However, they later changed this original statement to say, “Like fans everywhere we care passionately about the game and are concerned by the very serious allegations. Nike believes in ethical and fair play in both business and sport and strongly opposes any form of manipulation or bribery. We have been cooperating, and will continue to cooperate, with the authorities.”

Nike is not alone in its World Cup sponsorship as there are numerous other American companies involved, both sportswear manufacturers and other retailers, such as those from the beverage industry. The involvement of US companies and companies subject to the Foreign Corrupt Practices Act (FCPA) brings up the specter of the FCPA for companies involved in FIFA sponsorship and marketing partnerships. I do not see this as an issue so much about level playing fields for business or even the greater benefits that US companies can bring even when they are required to pay bribes. (The latter argument was used by Wal-Mart apologists around the company’s payments of bribes to do business in Mexico as benefiting the people of Mexico. Let us be quite clear-the bribes paid by Wal-Mart benefitted Wal-Mart and its income from its Mexican operations.)

Information in the indictments was quite damning about the involvement of a company identified as ‘sportswear company A or E’. In a Financial Times (FT) article, entitled “Fifa corruption scandal threatens to engulf Nike as sponsors raise pressure”, Joe Leahy and Mark Odell reported one of the cooperating defendants Jose Hawilla, owner of Traffic Group and who has pled guilty, acted as a third party agent for Nike’s landmark 1996 agreement to allow Nike to fit out the Brazilian national soccer team. Moreover, the article noted, “The prosecutors said that additional financial terms between Traffic and the unnamed sportswear company were not reflected in the CBF agreement. Under these terms, the company agreed to pay a Traffic affiliate with a Swiss bank account an additional $30m in ‘base compensation’ on top of the $160m it paid to the CBF. Three days later, the company and Traffic signed a one-page contract saying the CBF had authorized Traffic to invoice Nike directly “for marketing fees earned upon successful negotiation and performance of the agreement”. Anyone see any Red Flags in that scenario?

Beyond the criminal side of the FCPA, there is the civil side enforced by the Securities and Exchange Commission (SEC) through the Accounting Provisions, which consist of the books and records provisions and the internal controls provisions. According to the FCPA Guidance, “The FCPA’s accounting provisions operate in tandem with the anti-bribery provisions and prohibit off-the-books accounting. Company management and investors rely on a company’s financial statements and internal accounting controls to ensure transparency in the financial health of the business, the risks undertaken, and the transactions between the company and its customers and business partners. The accounting provisions are designed to “strengthen the accuracy of the corporate books and records and the reliability of the audit process which constitute the foundations of our system of corporate disclosure.””

As was made clear with the recent BHP Billiton FCPA enforcement action, violations of the accounting provisions do not apply only to brib­ery-related violations of the FCPA. The FCPA Guidance states these provisions “stand alone to help investors have assurance that all public companies account for all of their assets and liabilities accurately and in reasonable detail.” For the books and records provisions this means that US public companies must “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.” For the internal controls provisions, US public companies must provide a system of internal controls that “provide reasonable assurances regarding the reliability of financial reporting and the preparation of financial statements.” In other words, the accounting provisions are designed to protect investors in addition to working towards preventing, detecting and remediating bribery and corruption.

In addition to these basic legal requirements, which are all set out in the FCPA and violation thereof could lead to criminal or civil exposure; there will be the costs. The FCPA Professor has identified “three buckets” of costs relating to an alleged FCPA violation. The first is the pre-resolution investigative and remediation costs, the second is the fine and penalty assessment and the third is the post-resolution implementation costs. It is generally recognized that buckets one and three can be up to two to six times the amount of the fine and penalty.

But with the FIFA scandal, there will be another huge factor for companies to consider and that is the negative publicity. This scandal is the largest worldwide corruption case ever brought. It is also the highest profile corruption case ever brought. It will command attention for years to come. If any US companies are linked to bribery and corruption at FIFA, their name will be dragged through the international press ad nauseum. If there are leaks about information on companies before they investigate or get out ahead of any allegations, which may spill into the press, it will certainly not look good.

For a taste of this you can look to the accounting firm KPMG, who is the auditor for FIFA. In a story originally reported by Francine McKenna at the Wall Street Journal (WSJ) and later reported by the New York Times (NYT), KPMG has blessed FIFA’s books since at least 1999. In the NYT piece, entitled “As FIFA case grows, focus turns to its auditors”, Lynnley Browning wrote that the KPMG audits “only heightens the puzzling disconnect between the different pictures that are emerging of FIFA as an organization: riddled with bribes and kickbacks in the view of prosecutors yet spotless according to the outsider most privy to its internal financial dealings.” How well do you think KPMG will come out of this?

The bottom line is that any US company or any other entity subject to the FCPA had better take a close look at its dealings with FIFA, regional soccer federations such as CONCACAF and national soccer federations. A full review is in order starting with who you did business with and how you did business with them. As Mike Brown would say, “follow the money” and see where it went, if you can account for it and if it was properly recorded on your company’s books and records. Finally, now would be a very propitious time to review your internal controls; for even if you had a robust paper system of internal controls like BHP Billiton did, if it is simply a check-the-box exercise or even worse you do not follow the internal compliance controls you have in place, you should begin remediation now.

As to why Americans should care about US companies engaging in corruption, that answer would seem to be straightforward. Companies which engage in bribery and corruption mislead investors and diminish the marketplace of information to base investments upon. If a company is engaging in bribery and corruption, they never report it in their books and records; they always try to hide it so that it cannot be detected. Usually poor internal controls exist, which can allow bribery and corruption to exist or even the possibility of it, once again demeaning the value of a company if that company cannot assure its investors that funds will be paid out with the approval of management. Further, contracts or other business obtained through bribery and corruption presents a false picture of the true financial health of a company as it allows profits obtained through illegal means to be booked as legitimate. Finally, if a company is engaging in bribery and corruption, the financial cost to the company can be astronomic. There is only one Wal-Mart that can sustain hundreds of millions dollars spent to investigate allegations of bribery and corruption and remediate any issues. Avon spent north of $500MM on its pre-resolution investigation and remediation. All of this does not even get to the issue of inflated stock values and the inevitable shareholder derivative litigation. Lastly, there is reputational damage. If a company is willing to engage in bribery and corruption as a part of a business strategy do you want to invest in the organization?

As an American should I care about US companies involved in the FIFA corruption scandal? If the facts reported in the FT are close to correct, I would certainly think so. If monies were paid by a ‘sportswear’ company in the form of marketing fees to Traffic or even a flat $40MM payment to a Traffic affiliates Swiss bank account, this is something which should not be tolerated.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

 

 

Babe RuthToday we celebrate a closure for it was on this day in 1935 that probably the best-known baseball player in the history of the game, George Herman ‘Babe’ Ruth, retired. While many of his records were broken with the march of history, his career slugging percentage of .690 remains the highest in Major League history. He was an oversized character in every way, from the mammoth home runs that he hit, to his ingestion of hot dogs. While his lifestyle may not be considered best practices for today’s major leaguer to emulate, his name, nicknames and legend will live on as long as baseball is remembered.

I thought about Ruth as I begin a two-part series on how to formulate an effective best practices cross-border investigation based upon an interview I did with Mara Senn, a partner at Arnold & Porter LLP, who specializes in white collar defense and cases brought under the Foreign Corrupt Practices Act (FCPA). The interview was based on an article that Senn and a colleague, Michelle Albert, published in the FCPA Report, Volume 3, Number 1, entitled “Internal Investigations, How to Conduct an Anti-Corruption Investigation: Developing and Implementing the Investigation Plan”. Today I will review practices one through five.

  1. Offer Interview Translations

Senn believes that most people know English to a certain extent and that it is a very universal language nowadays. While many people outside the US have various levels of capabilities in a non-native language, when you get into the very detailed questions in an interview, they may have enough English skills that you assume they understand everything, but in fact, they do not. You may ask a key question, for example, about expense reports, maybe they understand conversational English, but there’s no reason for them to know expense reports. This makes it important to have someone present in the interview that speaks the witness’s native language, and just assume that there are going to be times where you’re going to need to call on that person. She cautioned that you should make it clear to the witness at the outset of the interview that you do not perceive a problem with their English and they understand the reason for the translator.

  1. Avoid Cultural Pitfalls

Here Senn noted that cultural pitfalls are really truly pitfalls and, unfortunately, they can be big deep holes that you do not know anything about, but you can fall into pretty easily. She provided the issue of personal privacy as an example, where most countries have a different concept of privacy, particularly about whether your work area is your own versus what really belongs to the company. In most states in the US, employees fully understand that your employer can come in and take anything from your office at any time, even if it is personal, because you’ve brought it to work. Yet in many other countries, this is not the case. Things at your desk generally are never touched or looked at by anybody else and that’s considered your sanctum where no one else can come. If you go in and do a regular document sweep, the way that you would do in the US, that could be perceived as horribly offensive. She cautioned you should seek local counsel guidance to understand what needs to be done and also explain to you the best way to do it without offending people.

She explained that you do not want witnesses to begin the interview process with a negative view of you and you want them to be cooperative in the interview. This makes it in your best interest to follow local cultural norms. Otherwise, interviews can become embarrassing and awkward at times, if you do fall into one of these cultural pitfalls.

  1. Observe Data Privacy Restrictions

Most American lawyers are aware of different data privacy restrictions and requirements in countries governed by the European Union (EU) and the US. Senn mentioned that some of that is related to employee and employment law; whether or not they have ownership of certain information, and then other parts of the law that really do have to do with data privacy, which means personal information that no matter what form it is in, it cannot be disseminated. But here the point under this best practice is that your analysis and response must go much further to satisfy the US Department of Justice (DOJ) if you want to claim that you cannot get certain information out of a country because of data privacy restrictions.

For instance if you have personal data that you are routinely sending cross-border yet when an investigation begins you claim that you cannot take it out of that same country, for instance Germany; the DOJ will take a dim view of that claim. Further, even if there is a data privacy law on the books, yet the country does not enforce the law, that could work against any data privacy claim as well. So you will need to be prepared to fully present persuasive evidence on this issue if you try and make such a claim.

  1. Comply with Labor Requirements

Similar to the long-standing Weingarten right of unionized employees in the US to have a representative present for interviews, in many countries outside the US there are Works Council and similar analogs in other countries, where, basically, the Works Council is responsible for the interactions between the employers and the employees. Moreover, employees have certain statutory or labor code based rights as employees, regardless of whether they are members of a labor union or not. These rights can drill down into the types of questions that you can ask or even prevent you from meeting with or interviewing certain employees.

Senn noted that you may well have to work through Works Council to make sure that the way you ask the questions, and those present for the company, are acceptable to Works Council. If you do not have this pre-approval it may be that the Works Council prevents you from meeting with certain employees. For each area that you operate in, you must engage the local legal counsel to determine what is the best way to work with the Works Council, or similar types of organizations, to ensure that you can get done what needs to get done in your investigation.

  1. Be Aware of Other Local Requirements

Points three and four certainly lead into Senn best practice No. 5. She believes it is incumbent that you work with local counsel in the country you are performing the interviews to garner an understanding of the witnesses rights and your obligations during any investigation. She explained that many ways a US lawyer would think about doing an investigation could be problematic in other jurisdictions. She gave the examples of taking pictures or physically removing documents from a location, which could be issues that you might face. You certainly need advice and counsel on what is legal and what might not be going forward.

Ruth and Senn; Senn and Ruth? Even if you do not immediately associate them, Mara Senn has once again provided the compliance practitioner with concrete steps to take around international investigations and their protocol. Tomorrow, I will consider her practices six through ten.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Economic DownturnI continue my exploration of actions you can take to improve your compliance program during an economic downturn with a review of what my colleague Jan Farley, the Chief Compliance Officer (CCO) at Dresser-Rand, called the ‘Desktop Risk Assessment’. Both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) make clear the need for a risk assessment to inform your compliance program. I believe that most, if not all CCOs and compliance practitioners understand this well articulated need. The FCPA Guidance could not have been clearer when it stated, “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.” While many compliance practitioners have difficulty getting their collective arms about what is required for a risk assessment and then how precisely to use it; the FCPA Guidance makes clear there is no ‘one size fits all’ for about anything in an effective compliance program.

One type of risk assessment can consist of a full-blown, worldwide exercise, where teams of lawyers and fiscal consultants travel around the globe, interviewing and auditing. Of course this can be a notoriously expense exercise and if you are in Houston, the energy industry or any sector in the economic doldrums about now, this may be something you can even seek funding for at this time. Moreover, you may also be constrained by reduced compliance personnel so that you can not even perform a full-blown risk assessment with internal resources.

However if there is one thing that I learned as a lawyer, which also applies to the compliance field, it is that you are only limited by your imagination. So using the FCPA Guidance’s no ‘one size fits all’ proscription, I would submit that is also true for risk assessments. You might try assessing other areas annually, through a more limited focused risk assessment, literally while staying at your desk and not traveling away from your corporate headquarters.

Some of the areas that such a Desktop Risk Assessment could inquire into might be the following:

  • Are resources adequate to sustain a culture of compliance?
  • How are the risks in the C-Suite and the Boardroom being addressed?
  • What are the FCPA risks related to the supply chain?
  • How is risk being examined and due diligence performed at the vendor/agent level? How is such risk being managed?
  • Is the documentation adequate to support the program for regulatory purposes?
  • Is culture, attitude (tone from the top), and knowledge measured? If yes, can we use the information enhance the program?
  • Disciplinary guidelines – Do they exist and has anyone been terminated or disciplined for a violating policy?
  • Communication of information and findings – Are escalation protocols appropriate?
  • What are the opportunities to improve compliance?

There are a variety of materials that you can review from or at a company that can facilitate such a Desktop Risk Assessment. You can review your company’s policies and written guidelines by reviewing anti-corruption compliance policies, guidelines, and procedures to ensure that compliance programs are tailored to address specific risks such as gifts, hospitality and entertainment, travel, political and charitable donations, and promotional activities.

You could assess your company’s senior management support for your compliance efforts through interviews of high-level personnel such as the Chief Financial Officer (CFO), General Counsel (GC), Head of Sales, Chief Executive Officer (CEO) and all Board, Audit or Compliance Subcommittee members to assess “tone from the top” and their actual knowledge about the Foreign Corrupt Practices Act (FCPA) and your compliance program. You can examine resources dedicated to compliance and also seek to understand the compliance expectations that top management is communicating to its employee base. Finally, you can gauge operational responsibilities for compliance.

Such a review would lead to the next level of assessment, which would be generally labeled as communications within an organization regarding compliance. You can do this by assessing compliance policy communications to company personnel but even more so by reviewing such materials as compliance training and certifications that employees might have in their files. If you did not yet do so, you should also take a look at statements by senior management regarding compliance, such as actions relating to terminating employees who do business in compliance but do not make their quarterly, semi-annual or annual numbers set in budget projections.

A key element of any best practices compliance program is internal and anonymous reporting. This means that you need to review mechanisms on the reporting of suspected compliance violations and the actions taken on any internal reports, including follow-ups to the reporting employees. You should also assess whether those employees who are seeking guidance on compliance for their day-to-day business dealings are receiving not only adequate but timely responses.

I do not think there is any dispute that third parties represent the highest risk to most companies under the FCPA, so a review of your due diligence program is certainly something that should be a part of any risk assessment. But more than simply a review of procedures for due diligence on third party intermediaries, you should also consider the compliance procedures in place for your company’s mergers and acquisitions (M&A) team; focusing on the pre-acquisition phase.

One area that I do not think gets enough play, whether in the FCPA Inc. commentary or in day-to-day practice is looking at what might be called employee commitment to your company’s compliance regime. So here you may want to review your compliance policies regarding employee incentives for compliance. But just as you look at the carrots to achieve compliance with your program, you should also look at the stick, in the form of disciplinary procedures for violations. This means you should see if there have been any disciplinary actions for employee compliance violations and then determine if such discipline has been applied uniformly. If you discipline top sales people in Brazil, you have to discipline your top sales folks in the US for the same or similar violations.

This list is not intended to be a complete list of items, you can pick and choose to form some type of Desktop Risk Assessment but hopefully you can see some of the areas you can assess. My suggestion is that you try identifying and focusing on core compliance components in your organization. Obviously there are probably a million things you could fix. However, you cannot fix everything, so you must make a decision about your primacies, and then act on them. A Desktop Risk Assessment may well help you to do so.

As with the other suggestions I have put forward during the Economic Downturn Week series, if you perform an annual Desktop Risk Assessment with a full worldwide risk assessment every two years or so, you should be in a good position to keep abreast of compliance issues that may change and need more or greater risk management. Moreover, when funds and resources do become available to you and the compliance function, you will have a stronger program and one which move towards best-in-class. Finally, do not forget that the FCPA Guidance ends its section on risk with the following, “When assessing a company’s compliance program, DOJ and SEC take into account whether and to what degree a company analyzes and addresses the particular risks it faces.” By using the Desktop Risk Assessment during an economic downturn, you can answer any regulator who asks what have you done to manage the risks in your company, by using the resources and tools that were available to you.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Golden Gate BridgeToday, we celebrate one of the greatest engineering achievements of the century. On this date in 1937, the Golden Gate Bridge opened. At 4200 feet long, it was at the time the world’s longest suspension bridge. But not only was it an engineering and architectural milestone, its aesthetic form was instantly recognized as classical and to this day is one of the most iconic structures in the US if not the world. With just a few years until its 80th birthday, it demonstrates that a lasting structure is more than simply form following function but contains many elements that inform its use and beauty.

I use the Golden Gate Bridge as an entrée to my continued discussion on the series on steps that you can use in your compliance program if you find yourself, your company or your industry in an economic downturn. Whether you are a Chief Compliance Officer (CCO) or compliance practitioner, these steps are designed to be achieved when you face reduced economic resources or lessened personnel resources going forward due to a downturn your economic sector. Yesterday, I discussed mapping your current and existing internal controls to the Ten Hallmarks of an Effective Compliance Program so that you can demonstrate your compliance with the Foreign Corrupt Practices Act’s (FCPA) internal control prong to the accounting procedures. Today I want to discuss the issues surrounding the inevitable layoffs your company will have to endure in a downturn.

In Houston, we have experienced energy companies laying off upwards of 30% of their workforce, both in the US and abroad. Employment separations can be one of the trickiest maneuvers to manage in the spectrum of the employment relationship. Even when an employee is aware layoffs are coming it can still be quite a shock when Human Resources (HR) shows up at their door and says, “Come with me.” However, layoffs, massive or otherwise, can present some unique challenges for the FCPA compliance practitioner. Employees can use layoffs to claim that they were retaliated against for a wide variety of complaints, including those for concerns that impact the compliance practitioner. Yet there are several actions you can take to protect your company as much as possible.

Before you begin your actual layoffs, the compliance practitioner should work with your legal department and HR function to make certain your employment separation documents are in compliance with the recent SEC v. KBR Cease and Desist Order regarding Confidentiality Agreement (CA) language which purports to prevent employees from bringing potential violations to appropriate law or regulatory enforcement officials. If your company requires employees to be presented with some type of CA to receive company approved employment severance package, it must not have language preventing an employee taking such action. But this means more than having appropriate or even approved language in your CA, as you must counsel those who will be talking to the employee being laid off, not to even hint at retaliation if they go to authorities with a good faith belief of illegal conduct. You might even suggest, adding the SEC/KBR language to your script so the person leading the conversation at the layoff can get it right and you have a documented record of what was communicated to the employee being separated.

When it comes to interacting with employees first thing any company needs to do, is to treat employees with as much respect and dignity as is possible in the situation. While every company says they care (usually the same companies which say they are very ethical), the reality is that many simply want terminated employees out the door and off the premises as quickly as possibly. At times this will include an ‘escort’ off the premises and the clear message is that not only do we not trust you but do not let the door hit you on the way out. This attitude can go a long way to starting an employee down the road of filing a claim for retaliation or, in the case of FCPA enforcement, becoming a whistleblower to the Securities and Exchange Commission (SEC), identifying bribery and corruption.

Treating employees with respect means listening to them and not showing them the door as quickly as possible with an escort. From the FCPA compliance perspective this could also mean some type of conversation to ask the soon-to-be parting employee if they are aware of any FCPA violations, violations of your Code of Conduct or any other conduct which might raise ethical or conflict of interest concerns. You might even get them to sign some type of document that attests they are not aware of any such conduct. I recognize that this may not protect your company in all instances but at least it is some evidence that you can use later if the SEC (or Department of Justice (DOJ)) comes calling after that ex-employee has blown the whistle on your organization.

I would suggest that you work with your HR department to have an understanding of any high-risk employees who might be subject to layoffs. While you could consider having HR conduct this portion of the exit interview, it might be better if a compliance practitioner was involved. Obviously a compliance practitioner would be better able to ask detailed questions if some issue arose but it would also emphasize just how important the issue of FCPA compliance, Code of Conduct compliance or simply ethical conduct compliance was and remains to your business.

Finally are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming.

The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you layoff the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.

Just as the Golden Gate Bridge provides more to the human condition than simply a structure to get from San Francisco to Marin County, layoffs in an economic downturn provide many opportunities to companies. If they treat the situation appropriately, it can be one where you manage your FCPA compliance risk going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015