Archive for the ‘Compliance’ Category

DOJ And SEC Officials Talk FCPA

Thursday, November 20th, 2014

Speaking8In what has become a mid-November tradition, DOJ and SEC officials yesterday gave speeches at a Foreign Corrupt Practices Act conference.

Topics discussed included the following:  individual prosecutions, voluntary disclosure and cooperation, compliance programs, asset recovery, foreign law enforcement cooperation.  (For factual information concerning DOJ and SEC individuals prosecutions see this prior post and as relevant to the issue of “success” – a topic touched upon in both speeches – you might want to read the article ”What Percentage of DOJ FCPA Losses is Acceptable?“)

In many respects, yesterday’s DOJ and SEC speeches were very similar to previous speeches delivered by enforcement agency officials in September and October (see here, herehere and here for prior posts).

This post excerpts this speech by Assistant Attorney General Leslie Caldwell and this speech by Andrew Ceresney, Direct of the SEC’s Enforcement Division.

DOJ

Caldwell began her remarks as follows.

“I want to focus my remarks on one of our most important enforcement priorities – our efforts to combat corruption around the world.

At the Criminal Division, we are stepping up our efforts in the battle against corruption, at home and abroad.  Through our Public Integrity Section, which prosecutes corruption cases involving U.S. federal, state, and local officials, we are attacking domestic corruption.

More relevant to this audience, we are also deeply committed to fighting corruption abroad.  Now, more than ever, we are bringing to justice individuals and corporations who use foreign bribery as a way to gain a business advantage.  In part, we are doing this using the tools and methods that have made our past enforcement efforts so successful – FCPA prosecutions and penalties.

But there have been some really big changes in the Justice Department’s FCPA work since I last worked there.  First, thanks to the expertise and knowledge we have acquired over the years, we are now able to investigate FCPA cases much more quickly.  We also are better equipped to prosecute individuals who are actually making corrupt payments, as well as intermediary entities hired to serve as conduits for bribes.

And now we also are prosecuting the bribe takers, using our money laundering and other laws.  And, importantly, we have begun stripping corrupt officials of the proceeds of their corruption involving both bribes and kleptocracy, using both criminal and civil authorities.

The Criminal Division’s FCPA enforcement program and our Kleptocracy Initiative are really two sides of the same anti-corruption coin.  We bring those who pay bribes to justice, no matter how rich and powerful they are.  But by itself, that is not enough.  We also attack corruption at its source – by prosecuting and seizing the assets of the corrupt officials who betray the trust of their people.

Another big change – one that has been building for years but now has really developed momentum – is that we increasingly find ourselves shoulder-to-shoulder with law enforcement and regulatory authorities in other countries.  Every day, more countries join in the battle against transnational bribery. And this includes not just our long-time partners, but countries in all corners of the globe.

Together with our foreign law enforcement and regulatory partners we are taking a truly global approach to rooting out international corruption.  And make no mistake, this international approach has dramatically advanced our efforts to uncover, punish and deter foreign corruption.

Increasingly, we and our counterparts share information about bribery schemes.   We report schemes to one another.  And, where appropriate, we discuss strategy and coordinate our use of investigative techniques, so that we can obtain the best possible results, especially in very high-impact cases.

These efforts are incredibly important. The World Bank estimates that more than $1 trillion is paid every year in bribes, which amounts to about 3 percent of the world economy.  That amount is stunningly wasteful.  No one benefits from corruption other than the corrupt officials.

But corruption is far more insidious and harmful than can be measured numerically.  We all know that when corruption takes hold, the fundamental notion of playing-by-the-rules gets pushed to the side, and individuals, businesses and governments instead begin to operate under a fundamentally unfair – and destabilizing – set of norms.  This undermines confidence in the markets and governments, and destroys the sense of fair play that is absolutely critical for the rule of law to prevail.

In emerging economies, corruption stifles economic development that would lift people out of poverty, improve infrastructure, and better people’s lives.  And the fruits of corruption can prop up autocratic and oppressive rulers even in wealthier countries.

Make no mistake, the effects of foreign corruption are not just felt overseas.  In today’s global economy, the negative effects of foreign corruption inevitably flow back to the United States.  For one, American companies are harmed by global corruption.  They are denied the ability to compete in a fair and transparent marketplace.  Instead of being rewarded for their efficiency, innovation, and honest business practices, U.S. companies suffer at the hands of corrupt governments and lose out to corrupt competitors.

International corruption also presents broader public safety concerns.  Indeed, criminal networks of all kinds, including narcotics traffickers, cyber criminals, terrorists, and human traffickers, often take advantage of countries whose commitment to the rule of law is weakened by corruption of its officials.  And, as we’ve seen in the more extreme cases, thoroughly corrupted regimes have created safe havens for criminals by giving them a secure base from which they can orchestrate their criminal activities.

You have no doubt heard my predecessors speak of the evils of corruption.  It is because of these evils that the fight against international bribery has been, and continues to be, a core priority of the Department of Justice.

Our commitment to the fight against foreign bribery is reflected in our robust enforcement record in this area, which includes charges against corporations and individuals alike from all over the world.  Since 2009, we have convicted more than 50 individuals in FCPA and FCPA-related cases, and resolved criminal cases against more than 50 companies with penalties and forfeiture of approximately $3 billion.  Twenty-five of the cases involving individuals have come since 2013 alone.  And those are just the cases that are now public.  These individuals run the gamut of actors involved in bribery schemes: corporate executives, middlemen, and corrupt officials.”

Caldwell next focused on asset recovery and international cooperation:

“As our enforcement actions demonstrate, we are focusing our attention on bribes of consequence – ones that fundamentally undermine confidence in the markets and governments.  And our record of success in these prosecutions has allowed us to show – rather than just tell – corporate executives that if they participate in a scheme to improperly influence a foreign official, they will personally risk the very real prospect of going to prison.

[...]

Stripping individuals of the proceeds of their conduct – and thus depriving them of the very profits that are driving the corrupt conduct in the first place – is one technique that we are using increasingly in our fight against foreign bribery.  And, we are not just pursuing these corrupt proceeds through criminal actions.

The FCPA Unit’s efforts to eradicate foreign corruption also are assisted by the work of our Kleptocracy Asset Recovery Initiative, through which prosecutors in the Criminal Division’s Asset Forfeiture and Money Laundering Section and Office of International Affairs are pursuing ill gotten riches from corrupt officials using our civil authority. [...] [W]e are ready, willing, and able to confiscate the riches of corrupt leaders who drain the resources of their countries for their own benefit.”

[O]ur efforts to hold bribe takers as well as bribe payors accountable for their criminal conduct are greatly aided by our foreign partners.  Transnational bribery is a global problem and an international solution truly is beginning to develop.  Every day, more countries reject the notion that bribery in international business is inevitable and acceptable.  Indeed, in just the last few years several countries have enacted new anti-corruption laws or enhanced existing laws.  Admittedly, the global trend against foreign corruption continues to face many challenges, but the tide has turned and I truly believe that it is now on our side.

This level of collaboration is the product of hard work and strategic coordination, which has allowed us to forge the international partnerships that are essential to fight global corruption.  For example, just a couple of weeks ago, about 200 judges, prosecutors, investigators, and regulators from more than 50 countries, multi-development banks, and international organizations around the world joined prosecutors, investigators, and regulators from the Criminal Division, SEC, and FBI in Washington, D.C., for a week long training course to exchange ideas and best practices on combating foreign corruption.

I had the opportunity to participate in this meeting and saw its value first-hand.  The meeting provided a critical opportunity for the people who fight global corruption in the trenches every day to meet face-to-face, discuss ongoing cases, identify new opportunities to collaborate, and improve intelligence sharing.

The results from this increased international collaboration speak for themselves.”

[...]

[T]hese coordinated global actions sent a powerful message – countries all over the world are now engaged in the fight against foreign bribery and together, we can and will hold to account individuals and companies who engage in corruption, regardless of where they operate or reside.

The increase in international collaboration is not only enhancing our own FCPA enforcement efforts but it is also resulting in anti-corruption enforcement actions by other countries.”

[...]

Continued international collaboration is absolutely critical if we are going to have a meaningful impact on corruption across the globe and we are committed to maintaining – and enhancing – our working relationships with our foreign partners.

By enhancing our coordination with our overseas counterparts, continually improving our already successful methods of investigating and prosecuting FCPA cases, and increasing our efforts to prosecute corrupt officials and recover their ill-gotten gains, we are now, more than ever, making a tangible difference in the fight against foreign bribery.”

Caldwell next shifted to voluntary disclosure and cooperation and stated:

“When I last worked at the department and even over the 10 years that I was in private practice, it seemed that many FCPA investigations were initiated by self-disclosures.  While we of course still welcome self-disclosure, today we are far from reliant on it.

[...]

And in a world of whistleblowers and international cooperation, I expect that will be the case more often than not going forward.  That said, we still encourage and reward self-disclosure and cooperation.

When you detect significant potential criminal conduct at your company, or a company that has retained you, I encourage you to disclose it to the Justice Department – and to do so in a timely manner.  As I am sure you all know, the department’s Principles of Federal Prosecution of Business Organizations provides that prosecutors should consider “the corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents” in deciding how to proceed in a corporate investigation.

So, in addition to promptly disclosing the conduct to us, I also encourage you to conduct a thorough internal investigation and to share with us the facts you uncover in that investigation.  We do not expect you to boil the ocean in conducting your investigation but in order to receive full credit for cooperation, we do expect you to conduct a thorough, appropriately tailored investigation of the misconduct.

And we expect you to provide us useful facts in a timely manner.  And that includes, importantly, facts about the individuals responsible for the misconduct, no matter how high their rank may be.

[...]

The sooner you disclose the conduct to us, the more avenues we have to investigate culpable individuals.  And, the more open you are with us about the facts you learned about that conduct during your investigation, the more credit you will receive for cooperation.

But, if you delay notifying us about an executive’s conduct or attempt to whitewash the facts about an individual’s involvement, you risk receiving any credit for your “cooperation.”

This does not mean that we expect you to use law-enforcement style techniques to investigate your employees.  To the contrary, it simply means that when you do an internal investigation, and you choose to cooperate with us, you should understand that we will expect to hear not just what happened, but who did what, when, and where.

We also expect that a truly cooperating company will provide relevant documents in a timely fashion, even if those documents are located overseas.  We recognize that some countries’ laws pose real challenges to data access and transfer of information, but we also know that many do not.

The Criminal Division investigates and prosecutes a large volume of international cases and through these cases, we have developed an understanding of these laws.  We will not give full cooperation credit to companies that hide behind foreign data privacy laws instead of providing overseas documents when they can.  Foreign data privacy laws exist to protect individual privacy, not to shield companies that purport to be cooperating in criminal investigations.

Put simply, cooperation – and the quality and timeliness of that cooperation – matter.  This is a well-established principle that we have applied in criminal cases across the spectrum – from violent and organized crime cases to corporate fraud cases – for decades.

If a company works with us, it not only helps the Department, but it helps itself.

[...]

Fighting corruption is not a choice we have made. It is, increasingly, a global imperative.  Given the critical nature of this mission, we are bringing more resources to bear than ever before – and we will continue doing so.  We have achieved significant successes using our traditional FCPA enforcement tools.  We are building on those successes and continuing to evolve our enforcement efforts.  Especially with the power of so many countries now standing by our side, we are determined to use every lawful means available to hold the perpetrators of corruption to account.”

SEC

Ceresney began his remarks as follows.

“Pursuing such [FCPA] violations remains a critical part of our enforcement efforts, as international bribery has many nefarious impacts, including sapping investor confidence in the legitimacy of a company’s performance and undermining the accuracy of a company’s books and records. Our specialized FCPA unit as well as other parts of the Enforcement Division continue to do remarkable work in this space, bringing significant and impactful cases often in partnership with the DOJ and FBI. [...] Looking ahead, I anticipate another productive year of FCPA enforcement, as we have a robust pipeline of investigations across the globe. I thought I would spend my time this morning discussing some areas we will be focusing on in the coming year and beyond, and then, if we have time, I can take some questions.”

Under the heading “Focus on Individuals,” Ceresney stated:

“Let me start with cases against individuals. It is a hot topic of the day, in the face of some significant enforcement actions against entities alone, to ask the question of whether enforcement actions against entities are as impactful as actions against individuals, and whether actions against entities actually deter misconduct.

I always have said that actions against individuals have the largest deterrent impact. Individual accountability is a powerful deterrent because people pay attention and alter their conduct when they personally face potential punishment. And so in the FCPA arena as well as all other areas of our enforcement efforts, we are very focused on attempting to bring cases against individuals.

That is not to say that cases against companies are unimportant — in fact, I think FCPA enforcement is perhaps one of the best examples of how actions against entities can have a tremendous deterrent effect. Our actions against entities have had a tremendous impact in the last 10 years on FCPA compliance. Companies have increased their compliance spending and focus exponentially — the attendance at this conference is but one example of that. And these actions continue to provide significant deterrence and send important messages about areas that companies should be focused on. Every action we bring is scrutinized closely and dissected for information on areas of risk. That is a great dynamic and one we should continue to foster. But individual accountability is critical to FCPA enforcement — and imposing personal consequences on bad actors, including through bars and monetary sanctions, will continue to be a high priority for us.

Now it is important to recognize that FCPA cases against individuals can present some unique challenges for us and we simply are unable to bring cases against individuals in connection with a number of our cases. For example, in many cases we face significant investigative hurdles, including difficulties in gathering specific testimony and documents from overseas that will be admissible at trial. This is one area where we have been working closely with our counterparts in other jurisdictions, to access foreign witnesses, bank statements, and company records. These efforts have been more and more successful as we form strong partnerships with other countries to combat corruption.

When the conduct involves foreign nationals — as it often does — another challenge can be establishing personal jurisdiction over the bad actor. We have had some favorable decisions in this area, but it still remains a challenge in certain cases. Statute of limitations issues also complicate these cases.

Despite these various challenges, we continue to vigorously pursue cases against individuals.”

Under the heading “Importance of FCPA Compliance Programs,” Ceresney stated:

“This is a message that I think has started to get through in the past 5 years. Nothing situates a company better to avoid FCPA issues than a robust FCPA compliance program.

The best companies have adopted strong programs that include compliance personnel, extensive policies and procedures, training, vendor reviews, due diligence on third-party agents, expense controls, escalation of red flags, and internal audits to review compliance. You can look to our Resource Guide on the FCPA that we jointly published with the DOJ, to see what some of the hallmarks of an effective compliance program are. I won’t mention them all because you should be familiar with many that relate to policies, procedures and training. But, I’ll highlight just a few others. Companies should perform risk assessments that take into account a host of factors listed in the guide and then place controls in these risk areas. Companies should have disciplinary measures in place to deter violations and compliance programs should be periodically tested and reviewed to ensure they are keeping pace with the business. Such programs, properly implemented, will also help companies avoid other problems at foreign subsidiaries, like self-dealing, embezzlement and financial fraud.

As part of our settlements, we have on occasion required the retention of a monitor to assist in administering such compliance programs. For those companies that have developed robust programs during the investigation, we have required self-reporting and certifications. But the overwhelming message that one has to take away from our actions is how important such programs are for ensuring compliance.

Of course, it is critical for such programs to be real programs. When I was in private practice, I saw companies that had great paper programs but did not implement them effectively. When the business would push back, they would remove requirements and make exceptions. The best companies would put the compliance program ahead of business interests and allow decisions to be made to ensure compliance with the law, no matter the business consequences. It is that sort of attitude that is the measure of whether such programs will be successful.

As I said, we have seen many companies improving and properly implementing their compliance programs, as the message from our cases over the years has penetrated the legal and compliance community. But there is still more work to be done, particularly for small-to-medium sized companies trying to enter foreign markets to grow their businesses. As those businesses seek to expand and globalize, their compliance functions must keep pace.

[...]

The bottom line is that no responsible company should operate overseas without a comprehensive compliance program to guard against FCPA risk.

One other aspect of compliance programs is the benefit that companies will derive from having them if a problem should arise. I can tell you that the SEC staff will look well on companies that have robust programs and that the existence of such programs will pay dividends should an FCPA issue arise despite the existence of such programs.”

Under the heading “Cooperation,” Ceresney stated:

“Related to the issue of the existence of FCPA compliance programs, I wanted to focus for a moment on self-reporting and cooperation. The existence of FCPA compliance programs place the company in the best position to detect FCPA misconduct. But the question is what a company does once it learns of such misconduct. There has been a lot of discussion recently about the advisability of self-reporting FCPA misconduct to the SEC. Let me be clear about my views — I think any company that does the calculus will realize that self-reporting is always in the company’s best interest. Let me explain why.

Self-reporting from individuals and entities has long been an important part of our enforcement program. Self-reporting and cooperation allows us to detect and investigate misconduct more quickly than we otherwise could, as companies are often in a position to short circuit our investigations by quickly providing important factual information about misconduct resulting from their own internal investigations.

In addition to the benefits we get from cooperation, however, parties are positioned to also help themselves by aggressively policing their own conduct and reporting misconduct to us. We recognize that it is important to provide benefits for cooperation to incentivize companies to cooperate. And we have been focused on making sure that people understand there will be such benefits. We continue to find ways to enhance our cooperation program to encourage issuers, regulated entities, and individuals to promptly report suspected misconduct. The Division has a wide spectrum of tools to facilitate and reward meaningful cooperation, from reduced charges and penalties, to non-prosecution or deferred prosecution agreements in instances of outstanding cooperation.

Last year, for example, we announced our first-ever non-prosecution agreement in an FCPA matter with a company that promptly reported violations and provided real-time, extensive cooperation in our investigation.

More commonly, we have reflected the cooperation in reduced penalties. Companies that cooperate can receive smaller penalties than they otherwise would face, and in some cases of extraordinary cooperation, pay significantly less.

[...]

The bottom line is that the benefits from cooperation are significant and tangible. When I was a defense lawyer, I would explain to clients that by the time you become aware of the misconduct, there are only two things that you can do to improve your plight — remediate the misconduct and cooperate in the investigation. That obviously remains my view today. And I will add this — if we find the violations on our own, and the company chose not to self-report, the consequences will surely be worse and the opportunity to earn significant credit for cooperation may well be lost.

[...]

The SEC’s whistleblower program has changed the calculus for companies considering whether to disclose misconduct to us, knowing that a whistleblower is likely to come forward. Companies that choose not to self-report are thus taking a huge gamble because if we learn of the misconduct through other means, the result will be far worse.”

Under the heading “Items of Value,” Ceresney stated:

“The statute precludes the payment or provision of “anything of value” to a foreign official in order to induce that official to take official action for the purpose of obtaining or retaining business. Obviously, money or property is an item of value. Gifts to foreign officials also easily qualify as items of value.

But we also have successfully brought FCPA cases where other, less traditional, items of value have been given in order to obtain or retain business. For example, in three separate actions, Stryker, Eli Lilly and Schering-Plough, we brought bribery charges against pharmaceutical or medical technology companies that made contributions to charities that were headed by or affiliated with foreign government officials to induce them to direct business to the companies.

We also have charged companies for providing items of value to family members of foreign officials. In Tyson Foods, for example, we charged the company for providing no-show jobs to the spouses of foreign officials who were responsible for certifying the company’s products for export. More recently, in Weatherford, we charged the company for a variety of bribes to foreign officials and their families, including paying for the honeymoon of an official’s daughter and a religious trip by an official and his family that was improperly recorded as a donation.

As these examples make clear, bribes come in many shapes and sizes. So it is critical that we carefully scrutinize a wide range of unfair benefits to foreign officials when assessing compliance with the FCPA — whether it is cash, gifts, travel, entertainment, or employment of the family and friends of foreign officials. We should and will continue to pursue a broad interpretation of the FCPA that precludes bribery in all forms.”

In conclusion, Ceresney stated:

“[T]he Enforcement Division will continue to look for opportunities to enhance our impact with respect to FCPA enforcement. We have made significant progress over the last 10 years but there is still much more we can do. We will continue our efforts to level the playing field for companies doing business abroad and hold corrupt actors accountable when they fail to play by the rules.”

Actionable Intelligence On The Risk Of Bribery Internationally

Wednesday, November 19th, 2014

Today’s post is from Alexandra Wrage (President of TRACE International).

*****

Compliance officers and in-house counsel for multi-national companies are well aware of the risks and consequences of bribery schemes. What to do about it is the challenging part. Companies have long relied on Transparency International’s authoritative country-by country corruption risk ratings to prioritize their limited resources. But knowing what specific steps are necessary to mitigate your risks is not something that can be gleaned from an overall country risk rating.  Because two countries with the same overall risk rating can present very different types of corruption risk, the ratings alone don’t provide actionable intelligence. A compliance officer needs to know how corruption in a particular country will confront their business. Last week, another tool in the compliance and risk assessment arsenal was launched to meet this need: the TRACE Matrix.

We at TRACE have long heard the laments from compliance officers and general counsel that they need the actionable information that would come from more granular country risk ratings.  One general counsel noted after looking at other indices, “once you get past the first 30 – 40 countries, all those lower countries start to look the same. If you are comparing Angola to Romania, the ranking isn’t useful, but if you are able to give guidance as to what types of corruption you might see, that would be extremely helpful.”

Enforcement officials have also recognized the limitations of country level risk ratings. “Multinational companies need additional tools beyond those currently available to more effectively measure country risk.”  Charles Duross, Partner at Morrison & Foerster LLP and the former deputy chief in the fraud section in the criminal division of the U.S. Department of Justice.

And so, working in collaboration with RAND Corporation, TRACE set out to develop an actionable business bribery index for the compliance community.  This project involved more than a year of research and benchmarking.  We asked companies what features they would like to see in a business bribery index and asked them to identify information that would assist their assessment of business bribery risk.   As part of our research, we also conducted interviews with regulators and enforcement officials to understand their views of country risk assessments.

The resulting TRACE Matrix provides not only a country level risk-rating but also four different domain risk ratings and nine different sub-domains of risk.  Although the TRACE Matrix can be used to rank countries by their composite scores, it is also possible to view the results for specific risk factors included in the composite score to identify what drives the overall score. This allows firms to identify not only where a country falls in terms of overall business bribery risk, but also to use the domain and subdomain scores to tailor compliance practices further.   For example, if the business is one that has to have many interactions across many government offices, then a country with a high risk in this domain would be of particular concern.

In the 1990s, Transparency International gave the world the Corruption Perception Index (CPI). TI gets great credit for raising awareness of this issue and putting countries on notice that levels of corruption were being monitored.  The CPI is a valuable instrument for addressing overall levels of perceived corruption in a particular country.  It combines numerous surveys about perceived levels of corruption across government functions:  judiciary, health, education, etc. These country level ratings are informative, but they also obscure important and actionable differences among countries with similar ratings. The business community’s needs are more specific.

The World Bank’s Worldwide Governance Indicators also aggregates corruption-related data, but as the Governance and Social Development Resource Centre states, “the main use of the indicators by international organization [sic] and donors is to incentivize developing nations to improve their governance and to improve the allocation of aid.”   Another valuable tool, this alone does not meet the needs of the business community.

Companies that use existing indices to measure threats associated with business corruption risk developing either overly aggressive or inadequate compliance and due diligence procedures. They need more nuanced data to tailor their compliance processes appropriately.

So, after hearing from the business community for years that a tailored tool to gauge levels of commercial bribery was needed we set out to explore just what should be measured.   Most respondents cited “touches” with the government as the most important indicator for commercial bribery.   In a great assessment of ports in Nigeria, the Maritime Anti-Corruption Network (MACN) determined that 142 signatures were needed to clear cargo in the port of Lagos.  That’s a powerful indicator of the likelihood of a bribe demand.

At the same time, as one participant noted, the compliance community needs “something that is more targeted, more precise than the CPI, [but] the more complicated it gets, the less likely people will be to use it.”

And so, leveraging our own experience and tapping our stakeholders all over the world, we identified four domains relevant to companies

(1)   business interactions with government,

(2)   anti-bribery laws and enforcement,

(3)   government transparency and civil service, and

(4)   capacity for civil society oversight.

RAND further refined this by including nine sub-domains. For example, when it came to business interactions with government, the Matrix addresses the nature of contact with local governments, expectations of paying bribes and regulatory burdens. Likewise, in examining capacity for civil society oversight, the Matrix addresses the quality and freedom of media, as well as human capital and social development.

Ultimately, by offering a clear, actionable snapshot of the risk of commercial bribery in a country, the TRACE Matrix should help multinational companies make better decisions about foreign investments, bolster compliance and reduce the likelihood of violating anti-bribery laws.  No approach is perfect and we expect a lot of debate about the weighting of the data and about scores or rankings that people find surprising. But we hope it will provide a practical and effective tool to help assess bribery risk and thereby enable in-house counsel and compliance professionals to allocate their limited resources with more confidence.

Alexandra Wrage is the president of TRACE International, a nonprofit antibribery compliance organization offering practical tools and services to multinational companies, including the TRACE Matrix. 

A Compliance Professional Speaks

Wednesday, November 12th, 2014

myster person2Today’s post is from a compliance professional who wishes to remain anonymous.

*****

When you’re the Chief Compliance Officer (“CCO”) of a company that ends up in the middle of one of “those” all-encompassing FCPA investigations (as if there’s any other kind), people often want to know . . . what is it like?  How does it feel to be at ground zero of pure FCPA adrenaline?   This is my answer,  based on my repeated experiences.  I wish I could say it just happened once.  This is also based on my discussions with other CCOs.

It’s a rollercoaster with few ups and a lot of downs.

There’s that moment at the beginning when you know something is wrong.  Usually you know it’s not going to be trivial.  So you dig a bit more. Or have someone else dig a bit more.  Somewhere along the line, it strikes you.  This is going to be big.  Very big.  We can just call that the “oh crap” moment.  Every CCO I know has had at least one.

You feel a rush.  An excitement.  It’s what you’ve trained for, and read about.  And now it’s happening.  But there is invariably, immediately, a sense of dread.  Depending on the size of the issue and the seniority of the people involved, that sense of dread can range from a knot in the stomach to downright nausea.  Will the C-suite management understand it?  (Do you even have the ear of the C-suite management?) Will they do the “right thing”?

You know exactly what should happen next.  You should get on the phone with your favorite skilled, independent investigations counsel.  But before you can do that, you have to be a salesman.  You need to convince someone (sometimes the CEO, sometimes the General Counsel, sometimes a non-executive director) that this is something.  Or at the very least, it’s not nothing.  With any luck, you can make them see sense.  Most of the time, they’ve never been through this.  The education process can be slow and tedious.

You know who the right counsel are . .  . but not so fast.  You don’t have the budget.  Many times, you don’t even have the ability to hire outside counsel  without the approval of your General Counsel.  Do you have the GC’s backing?  Do they see compliance as a help or as a nuisance?  Do they believe you when you say this needs independent investigation?  Or do they think you’re just being alarmist?  What if the GC (or someone else) wants to investigate themselves?  Or hire the go-to corporate counsel?  Or hire their buddy, the jovial law school classmate of the GC who has never actually done an investigation but, really, how hard can it be?  You have to explain – calmly, rationally and often repeatedly – why that just isn’t the right thing to do.

In the meantime, a clock may be ticking. The company may be facing a quarterly SEC filing or the signing of a deal contract or the receipt of monies on the deal.  All of these have implications.  All of your powers of (gentle) persuasion are brought to bear.

And your reward for all of this?  If you’re lucky, they listen to you. The right outside counsel walks in the door and the matter rests in their capable hands. It’s a leap of faith to put something this sensitive in the hands of outside counsel.  Or, more specifically, outside counsel’s judgment of when enough is enough.   These issues always reach higher than you think.

More often than not, the legal group squeezes you out.  Compliance, after all, is not generally part of legal.  You may be kept in the loop, or you may be completely excluded.  If you’re very lucky, you are kept abreast of what is happening and people seek out your guidance and opinion.  But honestly?  Don’t hold your breath.  Particularly if this all results in a report to a regulator, you’ll definitely be pushed to the side.  Privilege is held in a tight circle that doesn’t generally include you.  So just go back to your office and keep the compliance program moving along.

What if you’re not lucky?  What if you can’t get anyone to understand? What if the issue is too subtle, or involves too senior a salesperson (they bring in the revenue, after all) or too important a client?  Not many can just stake out the moral (and legal) high ground and resign.  Sometimes the situation is that bad, or you have regulatory obligations, and you’re forced into that decision.  I know a brave few who have actually done that.  Put yourself in their shoes.  Think what it would mean for yourself and your family to walk away from a steady (and often healthy) paycheck.  What a price to pay for your convictions.

It’s far more common that you hold your tongue and bide your time. You find a way to rationalize the situation.  You compromise.  Being a CCO is, above all else, about compromise.  Does that surprise or appall lawyers in private practice or working for the government?  It shouldn’t.  Good CCOs are always “commercial” (whatever that is supposed to mean). As a CCO,  you’re being “business friendly.”  Or, to be less cynical, you’re doing your job.  You’re there to balance the company’s interests with the legal requirements.

But mostly you hope and pray that you’ve done the right thing.  And that a regulator never second guesses your actions.  That seems to be happening more and more.  I know too many CCOs  who are being subpoenaed to give testimony and defend their actions in front of regulators.  Sometimes as witnesses, but sometimes (rarely) as suspects.  So much for regulators seeing CCOs as the guys in the white hats.

Even if the  (right) lawyers do come in and they investigate, you hope that you didn’t raise a false alarm.  Then you hope none of your friends in the business were involved (CCOs always have friends in the business).   And when it turns out you were exactly right, and it really was worse than what you thought, it’s a hollow victory.  People lose their jobs.  People that you know and sometimes people that you like and who weren’t malicious or evil.  They were just doing their jobs and got caught up in the tide.  Sometimes they are sued or brought up on criminal charges.  The rest of the company is left in a state of shock.  You may have been trained to spot a FCPA issue when it arises, but there’s very little training on how to deal with the human element.  It is far and away the worst part of the job.

In The Words Of Loretta Lynch

Tuesday, November 11th, 2014

LynchRecently President Obama nominated Loretta Lynch (U.S. Attorney, Eastern District of New York) to be the next Attorney General.

This post highlights Lynch’s responses to various Foreign Corrupt Practices Act or FCPA related questions originally posed in this September/October 2013 Q&A with the Society of Corporate Compliance and Ethics’ magazine Compliance & Ethics Professional and posted on the DOJ’s website.

In the Q&A, Lynch speaks generally about corruption and compliance and specifically about Morgan Stanley’s so-called “declination” and the FCPA enforcement action against Ralph Lauren.  For additional information on Morgan Stanley’s so-called “declination” (see here and here) and for additional information on the Ralph Lauren enforcement action (see herehere and here).

Q: What did you learn about compliance programs, good and bad, in your [prior private] practice?

A: The most important thing I learned about compliance programs is also the most basic thing—the tone at the top truly sets the
parameters for whether one has an effective or ineffective compliance program. And by effective, I don’t mean a program in a company where there is never any wrongdoing, because that company does not exist. If there is one message I’d like to leave with corporate America, it is that the government actually does understand that things can and will go wrong, even where there is a strong compliance program. Every company develops issues. It’s how you deal with them that defines your corporate culture and informs me if you are serious about fixing the problem and preventing it from recurring going forward.

Q: One of the things that strikes me about your career in the U.S. Attorney’s Office is that fighting corruption has been an ongoing focus. And, it’s notable to point out that we’re not just talking about the Foreign Corrupt Practices Act (FCPA), but also corruption here in the U.S. Are there common threads that you see among government corruption cases everywhere?

A: Corruption, whether here in Brooklyn or on the other side of the globe, has real and far-reaching consequences. The common
thread is that someone in power loses their connection to the constituency they are supposed to serve, whether citizens or shareholders. When government officials engage in self-dealing, when they abdicate their responsibility, when they succumb to greed, the average citizen pays for it dearly and on many levels. Constituents everywhere end up spending more for services—infrastructure, healthcare, education—and sometimes have to go without these vital services, when government officials line their own pockets with public funds. Law-abiding companies here in the U.S. and abroad are placed at a competitive disadvantage when business is won or lost based on bribes, not the quality of a company’s products and services.

And because corruption involves, at its heart, the breaking of a trust relationship, its ramifications often go far beyond the financial. Corruption infects society as a whole, increasing the level of cynicism and distrust that constituents have about their elected officials and government processes. In this way, corruption also impacts those government officials who are truly trying to do the right thing. They get tarred with the same brush. We all deserve honest and effective representation, and my office is committed to investigating and prosecuting those who trade on the trust we place in them to enrich themselves, who let greed get in the way of helping the people that they represent.

Q: The Morgan Stanley FCPA case was a very high-profile declination by main Justice and your U.S. Attorney’s Office. They don’t come that often, and it’s very rare to see compliance efforts cited so widely as the reason why. Can you give a brief description of the case for those who are not familiar with it?

A: Absolutely. In April of 2012, my office and the Department of Justice’s (DOJ) fraud section prosecuted Garth Peterson, the former Managing Director in charge of the Morgan Stanley’s real estate group in Shanghai, China. Peterson had engaged in a conspiracy to sell an ownership interest in a Shanghai building owned by Morgan Stanley to a local government official who had provided assistance to Peterson in securing business for Morgan Stanley in China. During the conspiracy, Peterson repeatedly and falsely told Morgan Stanley that the corporation buying the ownership interest in the building was owned by the Shanghai government when, in fact, it was owned by Peterson and the local government official, among others. By lying and providing false information to Morgan Stanley, Peterson was circumventing the company’s internal controls, which were created and intended to prevent FCPA violations. Peterson was charged with one count of conspiring to circumvent Morgan Stanley’s internal controls, and after pleading guilty, he was ultimately was sentenced to a period of incarceration. We declined to take any action against Morgan Stanley in that case.

Q: Again, what’s notable is that it was the first major FCPA case I can recall in which there was a public declination, and just as importantly, the compliance program was cited so publicly as a major part of the reason why. In fact, it’s hard to remember many cases of any type in which the compliance program’s effectiveness was cited so publicly, which suggests to me that even people without FCPA risks should take note. What made this case so different?

A: You’re right. This was an unusual case. Morgan Stanley self-reported Peterson’s conduct, and cooperated fully and extensively
with the government’s investigation. But that’s not what made the case different. What set Morgan Stanley apart was that, after considering all the available facts and circumstances, the government concluded that Morgan Stanley was a company that had done all that it could. It had a compliance program specifically tailored to its business risks, with commitment to compliance from the very top of the company, that itself did not tolerate wrongdoing. The bank acted to fire Peterson before any of the facts became
public. We concluded that Peterson was the quintessential “rogue employee” who schemed to affirmatively sidestep compliance because he knew his behavior would  not be countenanced. Every company says its bad actors are “rogues,” and that they do not promote corruption, but at Morgan Stanley we could see it. There was a stark contrast between the bank’s corporate culture and Peterson’s actions.

This presented a fundamentally different situation from companies that say they don’t tolerate wrongdoing, yet push employees to meet goals and quotas overseas with little to no guidance on the risks and consequences. It was fundamentally different from companies who distance themselves from their agents and consultants overseas, and then argue that they have to “go along” to avoid being disadvantaged in overseas markets. And it was fundamentally different from companies that say “That’s not who we are,” yet have nothing on record that informs me otherwise.

What we saw was that Morgan Stanley conducted extensive due diligence with respect to the sale that Peterson orchestrated.
We saw that Peterson had circumvented a compliance program that was an active component of the company’s business—Peterson himself was trained on FCPA compliance seven times and reminded about FCPA compliance at least 35 times. Compliance
at Morgan Stanley was also proactive, with the bank routinely adjusting and updating its compliance program to address new
issues and problems as they arose. It was not simply a program that was put in place 10 years ago, set apart from the business, and
left unchanged over time, without regard to changes in the company’s business or the increasing complexity of transactions. When we looked at Morgan Stanley, we also saw a bank that invested resources, that had internal controls in place to ensure accountability, that regularly monitored transactions, and that randomly audited employees, transactions, and business units.

This case stands out because it also touched on a common complaint in the FCPA world, and that is the supposed lack of transparency regarding the government’s consideration of a company’s compliance efforts in making charging decisions. The lengthy description of Morgan Stanley’s compliance program in the Peterson charging document was a deliberate response to that criticism. The Peterson case was even cited for that purpose in the FCPA Resource Guide prepared by DOJ and the Securities and Exchange Commission (SEC) in November 2012.

Q: What should compliance professionals take away as key learning from that case?

A: There are actually two “takeaways” in this case. The first is that the government will aggressively pursue those who engage in criminal conduct involving corporate corruption. The second is that companies that employ robust and effective compliance programs are not only better able to detect and identify potential compliance issues that may negatively affect the company’s business and reputation, but also those unusual instances where an employee is intent on circumventing a company’s internal controls. An added benefit for a company that employs a robust compliance program is that the company will be in a better position to address concerns raised by regulators or the government, if the company’s conduct ever comes under scrutiny. Morgan Stanley was able to demonstrate that Peterson truly was a “rogue,” that he had betrayed them, and he had rejected their culture of compliance.

Q: More recently we had the declination in the Ralph Lauren case. In that case, Ralph Lauren discovered questionable payments by a third party working on their behalf in Argentina. You were the US attorney on that case as well. What were some of the factors that led to the decision not to prosecute?

A: Actually we did not decline prosecution in that case. Rather, we entered into a non-prosecution agreement with Ralph Lauren. The agreement is for a two-year term and requires the implementation of various corporate reforms. Ralph Lauren also paid an $882,000 penalty to the DOJ and disgorged $700,000 in ill-gotten gains and interest to the SEC. There were several reasons for that outcome. Ralph Lauren discovered criminal conduct involving violations of the FCPA while it was in the midst of trying to improve its internal controls and compliance worldwide. Our investigation revealed that, over the course of five years, the manager of Ralph Lauren’s subsidiary in Argentina had made roughly $580,000 in corrupt payments to customs officials for unwarranted benefits, like obtaining entry for its products into the country without the necessary paperwork or without any inspection at all. The bribes were funneled through a customs broker who, at the manager’s direction, created fictitious invoices that were paid by Ralph Lauren in order to cover up the scheme.

Several factors compelled our decision to enter into a non-prosecution agreement with Ralph Lauren. First, there was the detection
of the wrongdoing by the corporation itself, as part of an effort to improve global compliance standards. Following the discovery of the corruption, the company also undertook an exceedingly thorough internal investigation of the misconduct and cooperated fully with our investigation. They made foreign witnesses available for government interviews; they provided real-time translation
of foreign documents.

It was also very significant that Ralph Lauren implemented a host of extensive, remedial measures, including the termination of employees engaged in the wrongdoing, and improvements in internal controls and compliance programs. Finally, we took into account that they swiftly and voluntarily disclosed the conduct to the government and the SEC. The company first self-reported the misconduct to the government within two weeks of discovering it. They basically did everything that a company that finds itself in that unfortunate situation can possibly do.

Q: This was the first time the SEC publicly stated it would not proceed. What got their attention and led to the decision?

A: I cannot speak for the SEC, but we do typically have parallel investigations of FCPA violations, and I believe that they were swayed by the same factors that we were. Although Ralph Lauren did not have an anti-corruption program and did not provide any anticorruption training or oversight during the five-year span of the conspiracy, all of the government agencies investigating the case were impressed with their resulting commitment to compliance in this area globally, as well as their self-disclosure and full cooperation.

Q: Finally, are we seeing the start of a new era in which compliance programs are going to be looked at more closely by prosecutors? And, just as importantly, will good programs earn organizations public credit for their efforts?

A: Absolutely. Compliance is the lens through which we view your company. A robust compliance program demonstrates to us that the company “gets it.” Making your compliance program a top priority is an investment a company can’t afford not to make. To put it more bluntly, by the time you have a problem that has drawn the government’s attention, under our principles and guidelines that govern corporate prosecutions, the existence of a robust compliance program can save you, as in the Morgan Stanley case.

A Comprehensive FCPA Resource

Wednesday, November 5th, 2014

The question was recently asked: ”will there ever be a classic treatise on the FCPA?”New Era

According to Webster’s, a treatise is a book, article, etc., that discusses a subject carefully and thoroughly.

With that definition in mind, I invite you to consider my new book “The Foreign Corrupt Practices Act in a New Era.”  Inside you will find:

  • A thorough telling of the story of the FCPA told largely through original voices of actual participants who shaped the pioneering law;
  • Foundational knowledge (such as DOJ and SEC policy and resolution vehicles and the realities of the global marketplace) that best enhance understanding and comprehension of specific FCPA topics;
  • A comprehensive analysis of the FCPA’s anti-bribery provisions and for each element, exception or affirmative defense discussion of all legal sources of authority (including all relevant substantive FCPA judicial decisions) as well as non-legal sources of information (including discussion of over 70 FCPA enforcement actions);
  • Discussion of other legal issues also relevant to FCPA enforcement;
  • A comprehensive analysis of the FCPA’s books and records and internal controls provisions including legal authority as well as non-legal sources of information;
  • Analysis of the typical origins of FCPA scrutiny and enforcement;
  • Discussion of FCPA settlement amounts, how they are calculated, and analysis of legal and policy issues relevant to settlement amounts;
  • Discussion of FCPA sentencing issues, how sentences are calculated, and an analysis of legal and policy issues relevant to sentencing decisions;
  • An extended discussion and analysis of an often overlooked topics, “FCPA Ripples,” and how settlement amounts in an actual FCPA enforcement action are often only a relatively minor component of the overall financial consequences that can result from FCPA scrutiny or enforcement;
  • An exploration of practical and provocative reasons for the general increase in FCPA enforcement during this new era including a discussion of FCPA Inc. and the business of bribery;
  • Identification and discussion of FCPA compliance best practices and benchmarking metrics; and
  • An in-depth discussion and analysis of FCPA reform designed to ensure that the FCPA is best achieving the original goals of the law and that FCPA enforcement is transparent and consistent with rule of law principles.

Whether the above topics highlighted and explored in “The FCPA in a New Era” make it a classic treatise, well, I invite you to come to your own conclusion.  At the very least, you will have to agree that the cover of the book is more inviting than a typical treatise.

While I am certainly not going to ascribe labels to my own work, I am pleased to share what others have said about “The FCPA In a New Era.”

Michael Mukasey, former U.S. Attorney General

“Professor Koehler has brought to this volume the clear-eyed perspective that has made his FCPA Professor website the most authoritative source for those seeking to understand and apply the FCPA. This is a uniquely useful book, laying out systematically the history and rationale of the FCPA, as well as its evolution into a structure governed as much by lore as by law. It will be valuable both to those who counsel international corporations, whether in connection with immediate crises or long-term strategies; and to those who contemplate what the FCPA has become, and how it can be improved.”

Professor Daniel Chow, The Ohio State University Moritz College of Law

“This is the single most comprehensive academic treatment of the Foreign Corrupt Practices available. Professor Koehler’s book will become the authoritative standard for the field. The book not only treats the history of the FCPA, but analyzes the statute’s elements in detail, discusses current cases, and makes proposals for reforms where the current law is deficient. The book is written in a clear, accessible style and I will use it often as a resource for my own scholarly work.”

 Richard Alderman, former Director of the UK Serious Fraud Office

“An excellent and thought-provoking book by a great expert. Backed up by rigorous analysis of cases, Professor Koehler constantly challenges those involved in anti-corruption work by asking the question ‘why?’ He puts forward many constructive and well-argued suggestions for improvements that need to be considered. I have learned a lot from Professor Koehler over the years and I can thoroughly recommend this book.”

Thomas Fox, FCPA Compliance and Ethics Blog and FCPA Practitioner

“The Foreign Corrupt Practices Act in a New Era” should become one of the standard texts for any FCPA compliance practitioner, law student studying the FCPA or anyone else interested in anti-bribery and anti-corruption. It should be on your FCPA library bookshelf.”

Barry Vitou, thebriberyact.com and Compliance Practitioner

“If you only read one book on the US FCPA, read this one. [...] Mike Koehler’s new book is probably the best book we’ve read about the FCPA. [...] For those wanting a pair of ‘FCPA goggles’ no book is, in our opinion, better.”

To order a hard copy of the book, see here and here; to order an e-copy of the book, see here and here.

For media coverage of the book including Q&A’s, see here from Corporate Counsel, here from Global Investigations Review, and here from Corporate Counsel Weekly.

*****

Looking for even more information and analysis of the FCPA and FCPA enforcement?

I invite you to all also consider the following year in review articles.  Granted the below articles are not found between two covers, but you will find approximately 500 pages of FCPA statistics, trends and analysis over time.

For 2013, see here.

For 2012, see here.

For 2011, see here.

For 2010, see here.

For 2009, see here.