Economic DownturnThis week I will present a series on steps that you can take in your compliance program if you find yourself, your company or your industry in an economic downturn. All of the recommendations I will make are ideas that have been put into action by companies currently facing these issues. They are ideas that you can use if you have scarce or lessened economic resources for your compliance function. Today I will take my cue from the recent Securities and Exchange Commission (SEC) enforcement action against BHP Billiton (BHP) as a key indicator of where greater and more rigorous SEC enforcement is heading. That is in the area of the enforcement of internal controls and steps that you can take right now, even with reduced head count and budgetary resources, to improve your Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-corruption compliance program.

However, before we get to that subject, I want to remember Marques Haynes, who died last week. Haynes was a basket baller extraordinaire who played with the Harlem Globetrotters off and on for 40 years. As was set out in his New York Times (NYT) obituary last week, Haynes “whose dazzling ball-handling skills, exhibited for more than 40 years as a member of the Harlem Globetrotters and other barnstorming black basketball teams, earned him a place in the Naismith Basketball Hall of Fame and an international reputation as the world’s greatest dribbler”. He was the first Globetrotter inducted into the Naismith Memorial Basketball Hall of Fame. I saw Haynes play in the later stages of his career with the Globetrotters; both on ABC’s Wide World of Sports and through their non-stop touring when they came to even my Podunk hometown. So here’s to you Marques and I am sure you have called ‘Next’ for that great pickup game in the sky several times now.

As they made clear with several FCPA enforcement actions from last fall, the SEC has placed a renewed interest in the accounting provisions of the FCPA, specifically the internal controls provisions. The BHP enforcement continued this trend, where there was no evidence that bribes were paid or offered in violation of the FCPA, tet the poor internal compliance controls at BHP led to a $25MM fine. Indeed Kara Brockmeyer, the Chief, FCPA Unit; Division of Enforcement of the SEC, who spoke at the recently concluded Compliance Week 2015, in a session entitled “A New Look at FCPA Enforcement”, reiterated that the SEC was committed to protecting investors in US public companies and those which list other securities in the US, through enforcement of the accounting provisions, including internal controls provisions of the FCPA. It would seem that the reason is straightforward; a company with rigorous internal compliance controls is better able to prevent, detect and remedy any FCPA violations that may occur.

So, in the midst of an economic downturn, what can you do around the FCPA’s requirements for internal controls and current SEC emphasis? I would suggest that you begin with an exercise where you map the internal controls your company has in place to the indicia of the Ten Hallmarks of an Effective Compliance Program, as set out in the FCPA Guidance. While most compliance practitioners are familiar with the Ten Hallmarks, you may not be as familiar with standards for internal controls. I would suggest that you begin with the COSO 2013 Framework as your starting point.

As a lawyer or compliance practitioner you may not be familiar with all the internal controls that you have in place. This exercise would give you a good opportunity to meet with the heads of Internal Audit, Finance and Accounting (F&A), Treasury or any other function in your company that deals with financial controls. Talk with them about the financial controls you may already have in place. An easy example is employee expense reports. Every company I have ever worked at or even heard about requires expenses for reimbursement to be presented, in documented form on some type of expense reimbursement form. This is mandatory for IRS reporting; so all entities perform this action. See how many controls are in place. Is the employee who submits the expense reimbursement required to sign it? Does his/her immediate supervisor review, approve and sign it? Does any party in the employee’s direct reporting chain review, approve and sign? Does anyone from accounts payable review and approve, both for accuracy and to make sure that all referenced expenses are properly receipted? Is there any other review in accounts payable? Is there any aggregate review of expense reports? Is there a monetary limit over which additional reviews and approvals occur?

Now if an employee has submitted expenses for activities that occurred outside the US are there are any foreign government officials involved? Were those employees identified on the expense reimbursement form? Was the business purpose of the meal, gift or other hospitality recorded? Can you aggregate the monies spent on any one foreign official or by a single employee in your expense reporting system? All of these are internal controls that can be mapped to the appropriate prong of the Ten Hallmarks or other indicia of your compliance program.

You can take this exercise through each of the five objectives under the COSO 2013 Framework and its attendant 17 Principles. From this mapping you can then perform a gap analysis to determine where you might need to implement internal compliance controls into your anti-corruption compliance program. This can lead to remedial steps that you can take. For example you can recommend procedures be written for all key compliance areas in which there are currently no procedures and your existing procedures can be updated to include compliance issues and clear definition how controls are to be evidenced. Through this you can move from having detect controls in place, to having prevent controls, whenever possible.

As a Chief Compliance Officer (CCO) or compliance practitioner, this is an exercise that you can engage in at no cost. You simply investigate and note what internal controls you have in place and how they may be a part of your anti-corruption efforts going forward. As I said last week, compliance is a straightforward exercise. This does not mean that it is easy; you do have to work at it so that you will simply not have a paper, “check the box”, program. But using the excuse that you have limited resources is simply an excuse and a rather poor one at that. While the clear lesson from the BHP enforcement action is that you are required to have effective internal controls in place, by engaging in this mapping exercise you can then figure out what you have and, more importantly, what internal compliance controls that you do not have and need to institute.

Finally, if you do have resources and need some help, you can reach me at the email below.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Oregon TrailToday we celebrate American exceptionalism. As noted in ‘This Date in History’, on this date in 1834 the first wagon train, made up of 1,000 settlers and 1,000 head of cattle, set off down the Oregon Trail from Independence, Missouri, on the Great Emigration. After leaving Independence, the giant wagon train followed the Santa Fe Trail for some 40 miles and then turned to its northern route to Fort Laramie, Wyoming. From there, it traveled on to the Rocky Mountains, which it passed through by way of the broad, level South Pass that led to the basin of the Colorado River. The travelers then went southwest to Fort Bridger and on to Fort Boise, where they gained supplies for the difficult journey over the Blue Mountains and into Oregon. The Great Emigration finally arrived in October, completing the 2,000-mile journey from Independence in five months.

The settlers who took off on this Great Emigration on the Oregon Trail did not have anything in the way of a road map. Fortunately for the modern day anti-corruption compliance practitioner, you do have road maps that can guide your compliance with the Foreign Corrupt Practices Act (FCPA) going forward. Over the past few years the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have put out significant and detailed information on compliance failures, which have led to FCPA enforcement actions. For any Chief Compliance Officer (CCO) or compliance practitioner, these enforcement actions provide solid information of lessons learned which can be used as teaching points for companies. Further, these lessons can be used as road maps to review compliance programs to see what gaps, if any, may exist and how to implement solutions.

This trend continued with the release of the SEC FCPA enforcement action involving BHP Billiton Ltd. (BHP) this week. First and foremost to note is that it was a SEC enforcement action involving violations of the internal controls provision of the FCPA. There was no evidence of bribery leading to any DOJ enforcement action. Yet as I have been writing and saying for almost one year, SEC enforcement of the internal controls provision of the FCPA is increasing and companies need to pay more attention to this part of the FCPA. A bribe or offer to bribe does not have to exist for an internal controls violation to occur. CCOs and compliance practitioners need to be cognizant of compliance internal controls and put effective compliance internal controls in place that can be audited against to test their effectiveness.

The BHP enforcement action revolved around the company’s hospitality program for the Beijing 2008 Olympics. Every CCO and compliance practitioner should study this enforcement action in detail so that they can craft appropriate compliance internal controls for high dollar entertaining for big time sporting events. For any company that may be planning for high dollar hospitality spends for the 2016 Brazil Olympics, this enforcement action lays out what you should and should not do in your compliance program. But this holds true for any major sporting event such as the Super Bowl, World Cup or you name the event.

BHP had a paper program that appeared robust. As laid out in the Cease and Desist Order, “BHPB developed a hospitality application which business managers were required to complete for any individuals, including government officials, whom they wished to invite.” The application included these questions to be fully answered:

  • “What business obligation exists or is expected to develop between the proposed invitee and BHP Billiton?”,
  • “Is BHP Billiton negotiating or considering any contract, license agreement or seeking access rights with a third party where the proposed invitee is in a position to influence the outcome of that negotiation?”
  • “Do you believe that the offer of the proposed hospitality would be likely to create an impression that there is an improper connection between the provision of the hospitality and the business that is being negotiated, considered or conducted, or in any way might be perceived as breaching the Company’s Guide to Business Conduct? If yes, please provide details.”; and
  • “Are there other matters relating to the relationship between BHP Billiton and the proposed invitee that you believe should be considered in relation to the provision of hospitality having regard to BHP Billiton’s Guide to Business Conduct?”

So the right forms were in place and some of them were fully filled out. However, as the Cease and Desist Order made clear, an effective compliance program does not end at that point. Now would be an appropriate time to recall that high risk does not mean you cannot engage in certain conduct. High risk means that to have an effective compliance program, you have to manage that risk. A basic key to any effective compliance program is oversight or a second set of eyes baked in to your process. BHP formally had this oversight or second set of eyes in the form of an Olympic Sponsorship Steering Committee (OSSC) and Global Ethics Panel Sub-Committee.

Where BHP failed was that “other than reviewing approximately 10 hospitality applications for government officials in mid-2007 in order to assess the invitation process, the OSSC and the Ethics Panel subcommittee did not review the appropriateness of individual hospitality applications or airfare requests. The Ethics Panel’s charter stated that its role simply was to provide advice on ethical and compliance matters, and that “accountability rest[ed] with business leaders.” Members of the Ethics Panel understood that, consistent with their charter, their role with respect to implementation of the hospitality program was purely advisory. As a result, business managers had sole responsibility for reconciling the competing goals of inviting guests – including government officials – who would ““maximize [BHPB’s] commercial investment made in the Olympic Games” without violating anti-bribery laws.”

But there was more than simply a failure of oversight by BHP. The Cease and Desist Order noted that not all of the forms were filled out with the critical information around a whether a proposed recipient might have been a government official. Even more critically missing was information on whether the proposed recipient was in a position to exert influence over BHP business. Moreover, BHP did not provide training to the business unit employees who ended up making the call as to whether or not to provide the hospitality on payment of travel and hospitality for spouses. The Cease and Desist Order stated that BHP “did not provide any guidance to its senior managers on how they should apply this portion of the Guide when determining whether to approve invitations and airfares for government officials’ spouses.” Finally, there were no controls in place to update or provide ongoing monitoring of the critical information in the forms.

All of this led the SEC to state the following, “As a result of its failure to design and maintain sufficient internal controls over the Olympic global hospitality program, BHPB invited a number of government officials who were directly involved with, or in a position to influence, pending negotiations, efforts by BHPB to obtain access rights, or other pending matters.” This led to the following, “BHPB violated Section 13(b)(2)(B) because it did not devise and maintain internal accounting controls over the Olympic hospitality program that were sufficient to provide reasonable assurances that access to assets and transactions were in executed in accordance with management’s authorization.” Perhaps it was stated most succinctly by Antonia Chion, Associate Director of the SEC’s Division of Enforcement, in the SEC Press Release announcing the enforcement action when he said, “A ‘check the box’ compliance approach of forms over substance is not enough to comply with the FCPA.”

There is also clear guidance from the SEC about how BHP was able to obtain the reduced settlement it received. BHP “provided significant cooperation with the Commission’s investigation”. Moreover, the Cease and Desist Order laid out the remedial steps the company took. These steps included: (1) creation of compliance group independent of the business units; (2) review of its anti-corruption program and implementation of certain upgrades; (3) embedding of anti-corruption managers into the business units; (4) enhancements of “its policies and procedures concerning hospitality, gift giving, use of third party agents, business partners, and other high-risk compliance areas”; (5) enhancement of “financial and auditing controls, including policies to specifically address conducting business in high-risk markets”; and (6) enhanced anti-corruption compliance training.

FCPA compliance is a relatively simply exercise. That does not mean it is easy. For travels on the Great Emigration on the Oregon Trail, travel was neither simple nor easy. If you want to send government officials to high profile sporting events or provide other high dollar hospitality, the FCPA does not prevent you from doing so. But it is a high risk and to be in compliance you must to manage those high risks appropriately, all the way through the process. The BHP enforcement action provides you a detailed road map of what to do and what not to do.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Wrap UpCompliance Week 2015 has ended. This year was the tenth anniversary of the annual conference and in many ways I found it to be the best one yet. Matt Kelly and his team put together a conference and experience, which was absolutely first-rate. If you were not able to make this year’s event, I hope you will join us for Compliance Week 2016, which Matt announced the dates for at the conclusion of this year’s event. The dates for 2016 are May 23-26, back of course in Washington DC to be held yet again at the Mayflower Hotel. I wanted to give you some of my thoughts on the highlights of this year’s event and what made it so unique.

At my age, I am somewhat loathe to channel my teenage daughter but the first thing that I noticed was a very different vibe this year over past year’s conferences. From the Cocktail Party reception held on Sunday night, all the way through the conclusion of the event, there seemed to be an air that I have not quite been able to put my finger on. It was more than an acknowledgement and perhaps even an excitement about how far the compliance profession has come in the past ten years. While I have written about the Chief Compliance Officer (CCO) and compliance profession as CCO 2.0, I had the feeling that we may be moving on to CCO 3.0, as that was even the title of a session.

But this vibe was more tangible than simply a feeling. One key ingredient for me was the use of social media into the conference experience. While many events have a conference app, which can provide you information on such things as the agenda, speakers and their presentations, room locations and the like; the Compliance Week 2015 app was fully interactive, allowing you to live tweet, send IM to fellow conference attendees and receive text messages when a room changed or other conference alteration occurred. It also provided a virtual help desk for all attendees.

Many of sessions were led by CCOs from major corporations and they were able to provide a strategic vision of where they were going at their organizations. This was kicked off from the start of the conference, from the first panel on the first day where the CCOs from Boeing, GE and the Director of Compliance for Wal-Mart began the event. Obviously these are three of the largest companies in the US and do business on a worldwide basis. Yet, while sharing their strategic visions, each one was able to provide a solid example from their respective organization that a CCO or compliance practitioner from any sized company could implement. From Wal-Mart with a workforce of 2.2 million employees, it was keep the message simple. From Boeing, it was incorporate any compliance failures as teaching moments or lessons learned into your internal compliance training going forward. From GE, it was how to inculcate and incorporate compliance into your everyday business planning.

The conversations were excellent as usual. I led the FCPA conversation and there were several alumni present, who told me they look forward to attending each year. One of the reasons is that there is no avenue in their hometowns to get together in an environment to discuss issues of mutual concern. It is concept that Mike Snyder and I used in founding the Houston Compliance Roundtable. A place where you can ask any question and have it answered by another compliance professional in an environment where Chatham House rules apply. While I certainly started the discussion, it quickly became fully interactive with all participants sharing their views on a variety of topics. While we have some great compliance talent in Houston at our Roundtable, it cannot top the level of maturity and sophistication present at the Compliance Week annual conference. We all benefited from the experience.

This experience was doubled when I led a breakfast event on Tuesday. While an inducement to attend was a complimentary copy of my book Doing Compliance, there were 25 attendees who joined me for a very engaging and free-flowing conversation about the state of compliance, we practitioners and where enforcement may be heading. Compliance Week treated us all to breakfast and, once again, I probably learned as much as any one. But since Chatham House rules were in effect, I cannot report on any of the substantive things that were discussed. I will share with you that I am excited to lead such a breakfast again next year and I hope you will be one of the 25 to sign up.

As always there were a number of government representatives who spoke at Compliance Week again this year. For me, the parade was led by Department of Justice (DOJ) Assistant Attorney General Leslie Caldwell. While I will be writing further, and in more detail, about Caldwell’s remarks, she said a few things that I think bear emphasis. One was that compliance professionals need to work towards more data analytics in the form of transaction monitoring to assist in moving to a prevent and even predictive and prescriptive mode for your best practice compliance program. Next she emphasized that your compliance program must not be static but must evolve as your business risks evolve. Finally, and much closer to my heart, were her remarks that you need to “sensitize your business partners to compliance.” It was if she was channeling her inner Scott Killingsworth with his groundbreaking work on ‘Private-to-Private’ or P2P compliance solutions. Or, as I might say, she was advocating a business solution to the legal problem of bribery and corruption across the globe.

But Caldwell was not the only DOJ representative as we had Laurie Perkins, Assistant Chief, Foreign Corrupt Practices Act (FCPA) Unit and Kara Brockmeyer, Chief, FCPA Unit; Division of Enforcement from Securities and Exchange Commission (SEC), on a panel moderated by yours truly. First I would urge that if you are ever asked to moderate a panel with FCPA enforcers and regulators, jump at the chance. The reason is that you get to ask the questions you want answers to; even if you get past your prepared questions, when there is a lull in questions from the audience, you can follow up with something you want to know or in my case always wanted to know. So I asked some basic questions like: What is Criminal Information? (to Perkins) and Could you explain the process for the SEC’s Administrative Procedure? (to Brockmeyer). I was certainly enlightened by their answers to both questions.

The event sponsors were of course there to provide information on their solutions to assist any compliance practitioner. If you have never been to an event at the Mayflower Hotel in Washington, the conference rooms are along a wide hall that allows good people flow and adequate room for the sponsors and others to set up, meet attendees and discuss their products and services. I view the sponsors and vendors as a part of the compliance solution going forward and while they are clearly there to sell; they also engage in a fair amount of education. But the education runs both ways with many compliance practitioners communicating needs they have which can be incorporated into new product developments.

Unfortunately Compliance Week 2015 had to come to an end. But the feeling, information and new friends I met will last with me until Compliance Week 2016 next year. I hope you will plan to join me.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

FCPA InvestigationsOne of the things that I am questioned on is when to bring in outside counsel for a Foreign Corrupt Practices Act (FCPA) investigation or simply to take a look at an issue that may have raised a Red Flag but is not yet a FCPA violation. Clearly a reason is retain the attorney client privilege and I think most Chief Compliance Officers (CCOs) and compliance practitioners understand that reason, but one of the things I learned as a trial lawyer is that you need to understand who your ultimate audience will be in work you do as a lawyer. If you draft a contract, you need to think through how it will play out in front of a judge or jury. If you start an FCPA investigation, your ultimate audience may well be the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). I recently had the opportunity to visit with white-collar practitioner Mara Senn, a partner at Arnold & Porter LLP, on this issue. She had several insights that I thought were insightful to assist a CCO or compliance practitioner to think through these issues. Today, I begin a three-part blog post on some of Senn’s thoughts on investigations for potential FCPA violations; tomorrow we will look at the decision (or not) to self-disclose and, finally, remediation if you discover a FCPA violation.

Unfortunately, many investigations being in a crisis situation, where a company may have discovered something that they know is bad but they do not know how bad that particular problem might be or they are not aware just how widespread the problem is. Senn indicated that the first thing she would note is that not every single incident requires outside counsel. There are all kinds of issues that can be handled very efficiently and effectively by in-house counsel. Moreover, there will be other issues and corporate disciplines involved such as the Human Resources (HR) Department. She explained that for a typical compliance blip that may happen, you do not need to call in an outside counsel right away, but if you do have these indicia of larger problems, particularly if you are a public company, it is a good idea to call outside counsel because you may be involved in reporting obligations. She cautioned that even at this early stage, outside counsel does not have to be boots on the ground and may not be required to be intimately involved if it is not a very complicated case.

Even with the above information, I asked Senn if there were any advantages she might see from bringing in outside counsel from the get-go rather than waiting. She articulated a number of things. First, there is more credibility if it is an independent review. If you are working for the company in whatever capacity, the government is not going to believe, as much, that it’s an independent investigation. From the government’s perspective, DOJ and/or SEC, they do not typically know the company involved in the investigation. Further, government regulators and enforcement officials are typically suspicious that a company is going to try to do what is right for the company. Of course there have been documented enforcement actions where companies have either destroyed documents or tried to hide things, such as witnesses or other evidence. In certain situations, an employee may look the other way, either purposefully or not really realizing what they’re seeing, and may take the investigation in the wrong direction. You want to just inoculate against that kind of problem.

Second, Senn said that there are very complicated issues that come up in cross-border situations. She provided four quick examples: privacy laws; labor laws; cultural issues and language issues. It can be very helpful, more cost effective and important from a legal compliance perspective to have somebody who is experienced in those kinds of issues.

Finally, and what I found most interesting, was Senn’s perspective on document preservation. She believes that “probably from the government’s perspective, the most important aspect of setting up an investigation in a way that makes them feel comfortable, is ensuring that all data is locked down.” Some questions that she believes counsel needs to ask are: “Do you have hand held devices? Where are all of your servers? What is your back-up tape situation? Are you trained in forensically retaining information?” Basically you need to get into the technical nitty gritty and if you do not, you could end up having a situation where either information is lost or there’s a possibility or suspicion that information is lost. Unfortunately, that is the situation that leads to a prosecutor’s imagination going wild. Senn ended her thoughts on this key point with the following, “the thing you want to do is just lock down that information, so if it ever comes to a point where the government says, “Well, we want to kick the tires,” you can say, “Okay, don’t worry. We’ve got everything you would have gotten otherwise.”

All of these steps can lead your company, through its investigation counsel, to having credibility with the DOJ and SEC. She made clear that the government will not only put you through your paces but also test the vibrancy of your investigation protocol and steps you might take as an independent assessor. She said that “if they realize, or they think, that all you’re doing is parroting what they consider to be the company line, and you haven’t gone in and independently really taken a look for yourself, you’re just going to come off as less credible, as somebody that they can’t really trust. That is definitely something that a company wants to avoid at all costs.”

I really liked the way Senn phrased the next step, “You don’t want to go too crazy” around scoping out the investigation. After getting the documents and technology locked down you should try and figure out the bad actor(s). Depending on the situation of whether the investigation target is aware of their status, you may be forced into “somewhat of a stealth investigation, where instead of going full bore and sending out document holds and things like that, you first want to essentially get that person’s information and make sure that they’re not going to do anything to their information. If there are a number of people you know are at issue, you want to lock that down, as well.”

The next step is to collect the documents forensically and use the information gleaned from this step in the process to do what Senn called “lay of the land interviews” where you try and obtain enough information to have a basic understanding of the situation, who the key players and who may be involved in the incident. Senn also believes you can garner quite a bit of information from working with your client before the actual interviews begin. You can look at organizational charts; see the number of employees who could have touched the transaction(s) at issue and also the countries involved. Also a review of the company’s financial accounting systems is critical so that you can assess how much will have to be done manually and in-country. (Think Avon)

One of the questions that I have struggled with is at what point in the investigation process is it appropriate to discipline employees, up to and including termination? I was gratified when Senn said this not only was a difficult question but also required a case-by-case analysis. You should begin by taking any persons out of the responsible situation. Paid leave pending an investigation is one option. If you terminate them, they will be gone and you will have zero control over them for initial interviews, follow-up interviews or assistance. She explained, “the government might want to interview that person. If you fired them, and that person has moved away or is now inaccessible to the government, it’s actually worse. My tendency is to keep them around, but just prevent them from continuing to do any of the harm that they may have previously done.”

In my next post, I will review Senn’s thoughts on the subject of self-disclosure.

To listen to the full interview with Mara Senn, go to the FCPA Compliance and Ethics Report, by clicking here, or download it from iTunes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Green KnightWe continue our King Arthur themed week with an exploration of one of the most interesting characters in the Arthur canon, The Green Knight, so called because his skin and clothes are green. The meaning of his greenness has puzzled scholars since the discovery of the poem, that identifies him as the Green Man, a vegetation being in medieval art; a recollection of a figure from Celtic mythology; a Christian symbol or the Devil himself. According to Wikipedia, C. S. Lewis suggested the character was “as vivid and concrete as any image in literature” and J. R. R. Tolkien called him the “most difficult character” to interpret in the introduction to his edition of Sir Gawain and the Green Knight. His major role in Arthurian literature includes being a judge and tester of knights, and as such the other characters see him as friendly but terrifying and somewhat mysterious.

In his primary story with Sir Gawain, the Green Knight arrives at Camelot during a Christmas feast, holding a bough of holly in one hand and a battle-axe in the other. Despite disclaim of war, the knight issues a challenge: he will allow one man to strike him once with his axe, under the condition that he return the blow the following year. At first, Arthur takes up the challenge, but Gawain takes his place and decapitates the Green Knight, who retrieves his head and tells Gawain to meet him at the Green Chapel at the stipulated time. One year later, while Gawain is traveling to meet the Green Knight, he stays at the castle of Bercilak de Hautedesert. At Bercilak’s castle, Gawain’s loyalty and chastity is tested, Bercilak sends his wife to seduce Gawain and arranges that they shall exchange their gains for the other’s. On New Year’s Day, Gawain meets the Green Knight and prepares to meet his fate, where upon the Green Knight feints two blows and barely nicks him on the third. He then reveals that he is Bercilak, and that Morgan le Fay had given him the double identity to test Gawain and Arthur.

I thought about this story of testing when I read an article in the Wall Street Journal (WSJ), entitled “SEC Gives More Than $600,000 to Whistleblower in Retaliation Case” by Rachel Louise Ensign. She reported on the Paradigm securities matter where an award was made to the whistleblower, which was settled by the firm late last year. The settlement was for $2.2MM and $600, 000 of that amount was paid to the whistleblower for the firm’s retaliation against him. This was the first award to a whistleblower for retaliation from the act of whistleblowing. The award is 30% of $2.2MM, which is the maximum amount a tipster can get under the program. The agency said the “unique hardships” he faced were a factor in the size of his award. Securities and Exchange Commission (SEC) Enforcement Director, Andrew Ceresney, was quoted in the article as saying ““We appreciate and recognize the sacrifice this whistleblower made and the important role the whistleblower played in the success of the SEC’s first anti-retaliation enforcement action.””

This award to a whistleblower caps a stunning couple of weeks for whistleblowers who have brought information forward under the Dodd-Frank whistleblowing provisions. First there was the KBR pre-taliation fine and Cease and Desist Order.  In this matter, KBR was fined for having language in its internal employee Confidentiality Agreement (CA) that required employees to go to the company’s legal department before releasing certain confidential information to outside parties such as the SEC. The SEC held that such restrictions violated the “whistleblower protection Rule 21F-17 enacted under the Dodd-Frank Act. KBR required witnesses in certain internal investigations interviews to sign confidentiality statements with language warning that they could face discipline and even be fired if they discussed the matters with outside parties without the prior approval of KBR’s legal department. Since these investigations included allegations of possible securities law violations, the SEC found that these terms violated Rule 21F-17, which prohibits companies from taking any action to impede whistleblowers from reporting possible securities violations to the SEC.” This was in the face of zero findings that KBR had actually used such language or restrictions to prevent any employees from whistleblowing to the SEC.

In another part if its Press Release regarding the KBR case Director Ceresney said, “By requiring its employees and former employees to sign confidentiality agreements imposing pre-notification requirements before contacting the SEC, KBR potentially discouraged employees from reporting securities violations to us. SEC rules prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC.  We will vigorously enforce this provision.”

Then we have the case of Tony Menendez, who was profiled by Jessie Eisinger in an article entitled “The Whistleblower’s Tale: How An Accountant Took on Halliburton”. The article told the story of a whistleblower, who took his concerns to government regulators and was then outed by the company as the SEC whistleblower and retaliated against. Interestingly, the SEC took no action on the whistleblower claims and the company argued on appeal that “since the SEC hadn’t brought any enforcement action, his complaint about the accounting was unfounded.” The company also claimed that simply because the whistleblower was identified by name, this alone was not the basis for a “material adverse action” against him. While Halliburton won at the administrative hearing level, it lost at the Fifth Circuit Court of Appeals.

So now there is a Court of Appeals opinion holding that if whistleblowing was a “contributing factor” only to the retaliation. Further, the employee is not required to prove motive. Well-known whistleblower expert Jordan Thomas also explained in the Eisinger article, “Whistleblowers can be victims of retaliation even if they are ultimately proved wrong as long as they have a “reasonable” belief that the company was doing something wrong.”

It appears that the SEC will be more like the Green Knight going forward. It will be a tester to determine if retaliation against whistleblowers occurs. From preventing companies from trying to stop whistleblowing via CA’s, to monetary awards for retaliation even where there is no SEC or government action taken, to the award to whistleblowers as a part of an SEC settlement for retaliation by their former employers; the SEC is making very clear that they will test how your company treats whistleblowers. If the SEC finds your company’s conduct lacking, you may well be facing something like the Green Knight going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015