Archive for the ‘Compliance’ Category

Compliance Professionals Should Take The Corruption Perceptions Index With A Grain Of Salt

Monday, February 1st, 2016

saltTransparency International, a global civil society organization dedicated to the fight against corruption, recently released it annual Corruption Perceptions Index (“CPI”).  (See here for TI’s release).

As stated by TI, the CPI “scores and ranks countries/territories based on how corrupt a country’s public sector is perceived to be” and 168 countries were ranked with Denmark, Finland, Sweden, New Zealand, the Netherlands, and Norway topping the list (i.e. low levels of perceived corruption) and Somalia, North Korea, Afghanistan, Sudan, South Sudan, and Angola on the bottom of the list (i.e. high levels of perceived corruption).

The CPI generates a lot of media coverage and is a popular tool for business organizations in ranking risk (and thus prioritizing compliance). However, for the reasons highlighted in this post compliance professionals should take the CPI with a grain of salt.

For starters, just because compliance professionals should take the CPI with a grain of salt, does not mean that the CPI (or other similar rankings) should be ignored.

Indeed, in a rare appellate court decision in the FCPA space, the Second Circuit in the Bourke case listed circumstances which provided “ample evidence” to support Bourke’s trial conviction on a conscious avoidance theory under the FCPA’s third-party payment provisions and specifically stated that “Bourke was aware of how pervasive corruption was in Azerbaijan generally.”

Nevertheless, query whether the CPI is a reliable or meaningful measure of the specific risks specific business organizations face when competing in the global marketplace for the following reasons.

  • The CPI is merely a survey, and a survey of perceptions at that. This is not a dig on the CPI itself, after all how does measure an issue like bribery and corruption (particularly since there is no universal definition of these terms). To its credit, TI itself recognizes the limitations of the CPI. As stated by TI, “there is no meaningful way to assess absolute levels of corruption in countries or territories on the basis of hard empirical data.” Moreover, TI rightly acknowledges that the CPI does not tell the full story of corruption in a country because it “is limited in scope, capturing perceptions of the extent of corruption in the public sector from the perspective of business people and country experts.”
  • The CPI is composed of distinctions without differences. Each country in the CPI is assigned a numerical score between 100 (the best score) and 0 (the worst score). Sure there is a meaningful distinction between Denmark (91) and Somalia (8), but you probably did not need the CPI to inform this perspective. However, as a practical matter is there a meaningful distinction between a score of 39 (El Salvador) and 30 (Tanzania)? Hardly, but these scores result in a substantial difference in the CPI rankings (El Salvador – 72nd and Tanzania – 117th).
  • The CPI is country specific, not province or region specific. We all recognize that certain states in the U.S., indeed certain cities within those states, have higher levels of actual or perceived corruption and the same is true in foreign countries. However, the CPI score is only on a country basis and is not province or region specific. In short, bribery and corruption is often localized and thus the CPI can both induce complacency (i.e. the business is fine because the country’s overall score is fine, even though a specific region in which the company operates may have higher levels of actual or perceived corruption) as well as result in needless worry (i.e. while the country overall has higher levels of actual or perceived corruption, the specific region in which the company operates may have substantially less).
  • At its core, FCPA risk is the function of specific business actors (employees and agents) coming into contact with specific foreign officials, in the context of specific foreign business conditions. None of these factors are adequately captured by the CPI. Indeed, one can easily imagine a scenario where because of the industry, because of the product or service, and because of the go-to-market strategy, Denmark presents more of a risk than Somalia.
  • The CPI perpetuates stereotypes. No surprise that Finland is, as it always has been, atop the CPI list and that Kenya is, as it always has been, near the bottom of the list. Yet to state the obvious, there are millions of hard-working, honest and ethical people in Kenya. On the flip side, there are some dishonest and unethical people in Finland.

In short, while I enjoy each time this year looking at the CPI map, I don’t think it is a very useful tool for business organizations when adopting policies and procedures designed to minimize FCPA risk.

FCPA risk is best minimized through a risk assessment unique to a business organization in which the following questions provide a good starting point.

  • Who are the company’s customers or potential customers in each country?  Is the customer a government (whether federal, state, or local) department, agency or instrumentality?  Does a government department, agency, or instrumentality, or individual associated with such units, have an ownership or equity interest in the customer?
  • How does the company do business and/or interact with customers or potential customers in the country?  Does the company use third parties in the foreign countries?
  • How does the company’s product enter and exit the country? Does the company use the services of a customs broker or freight forwarder?
  • What licenses, permits, or certifications does the company need to do business in the country?  As to each license, permit or certification, how does the company obtain such approvals?
  • Is the company subject to other unique forms of government regulation in the country?  What other points of contact does the company have with foreign government in the country (such as tax and immigration authorities)?

Compliance 2.0 – A (Mostly) Meaningless Buzzword

Thursday, January 21st, 2016

buzzwordThis recent article in the Journal of Judgment and Decision Making titled “On the Reception and Detection of Pseudo-Profound Bullshit” caught my eye. The article focuses “on pseudo-profound bullshit, which consists of seemingly impressive assertions that are presented as true and meaningful but are actually vacuous.”

Perhaps you’ve noticed the emergence of the term “compliance 2.0″ in the Foreign Corrupt Practices Act space and beyond?

You can read a three part series on Compliance 2.0 (herehere, and here) on the FCPA Blog.

You can read a five part series on Compliance 2.0 (hereherehereherehere) on Corruption Crime and Compliance.

Panels at conferences are titled “Compliance 2.0: How to Build and Implement a Strong Compliance Program for FCPA” and other areas.

You can read the above links and decide for yourself whether those promoting Compliance 2.0 as some kind of secret sauce have a point or are mostly speaking in vague generalities and thus gobbledygook.

My own two cents is that Compliance 2.0, as used in the FCPA space, is mostly a meaningless buzzword.

Using the word “no” FCPA issue is a bit strong because, after all, a broken clock is right twice a day (pardon the buzzword / cliche).

However, few if any FCPA issues are going to be “nipped in the bud” (pardon the buzzword / cliche) based on the following purported components of Compliance 2.0: the reporting relationship between a board of directors and chief compliance officer or general counsel; a CEO or other executive officer’s “tone at the top” (another mostly meaningless buzzword in the FCPA space); or consideration of other stakeholders.

Rather, FCPA issues arise – and can thus best be mitigated and managed – by understanding how real people, operating in foreign countries with real business conditions, interact with real foreign officials.

The narrative roadmap for many FCPA issues is as follows.

  • Barriers, distortions and conditions create bureaucracy
  • Bureaucracy creates points of contact with foreign officials
  • Points of contact with foreign officials create discretion
  • Discretion creates the opportunity for a foreign official to misuse their position by making bribe demands.

Instead of complicating the compliance playbook with a mostly meaningless buzzword, business organizations should keep it simple and focus on blocking and tackling type issues (pardon the buzzword / cliche) such as the following questions relevant to conducting an FCPA risk assessment:

  • In which countries does the company do business?  As to each country, what is the country’s reputation for corruption?
  • Who are the company’s customers or potential customers in each country?  Is the customer a government (whether federal, state, or local) department, agency or instrumentality?  Does a government department, agency, or instrumentality, or individual associated with such units, have an ownership or equity interest in the customer?
  • How does the company do business and/or interact with customers or potential customers in the country?  Does the company use third parties in the foreign countries?
  • How does the company’s product enter and exit the country? Does the company use the services of a customs broker or freight forwarder?
  • What licenses, permits, or certifications does the company need to do business in the country?  As to each license, permit or certification, how does the company obtain such approvals?
  • Is the company subject to other unique forms of government regulation in the country?  What other points of contact does the company have with foreign government in the country (such as tax and immigration authorities)?

Understanding the answers to the above questions and incorporating them into an FCPA compliance program are leaps and bounds more important than “tone at the top” and the specifics of the reporting relationship between a chief compliance officer and the board of directors.

Moreover, Compliance 2.0, like most buzzwords, can be counter-productive because they create a false sense of results by inferring that adherence to the buzzword will show results. Indeed, a recent survey by the Institute of Leadership & Management suggests that a meaningful percent of employees consider management jargon as pointless and often irritating.

In short, decide for yourself whether Compliance 2.0 is a useful concept or mostly a meaningless buzzword.

And when you are done with that, turn your attention to Compliance 3.0 (see here).

Friday Roundup

Friday, December 4th, 2015

Roundup2Top blog, event notice, scrutiny alerts and updates, what do DOJ FCPA attorneys do, quotable, and for the reading stack.  It’s all here in the Friday Roundup.

Top Blog

I am pleased to share that FCPA Professor has been honored by the American Bar Association as a “Top 100 Blawg.”  (See here).

Described by others as “the Wall Street Journal concerning all things FCPA-related,” and “the most authoritative source for those seeking to understand and apply the FCPA,” FCPA Professor has previously been named a Top Law Blog for in-house counsel by Corporate Counsel and a Top 25 Business Law Blog by LexisNexis.  FCPA Professor readers include a world-wide audience of attorneys, business and compliance professionals, government agencies, scholars and students, journalists and other interested persons.

In addition to informing readers of FCPA news and developments in a timely and in-depth manner, FCPA Professor is a comprehensive website which features, among other things:

  • links to original source documents;
  • a detailed FCPA 101 page;
  • a resource portal; and
  • hundreds of subject matter categories designed to facilitate in-depth FCPA research and analysis.

All of this takes time, money, and substantial effort, yet the content on FCPA Professor is provided free to readers and without compromising and distracting advertisements.

If FCPA Professor adds value to your practice or business or otherwise enlightens your day and causes you to contemplate the issues in a more sophisticated way, please consider a donation – a voluntary yearly subscription - to FCPA Professor.  Yearly subscriptions to other legal publications or sources of information can serve as an appropriate guide for a donation amount.

Event Notice

I will be participating in a free telephonic event on Tuesday, December 8, 2015 at 3pm EST. Sponsored by the Young Advocates and Criminal Litigation Committees of the ABA, the event is titled: “Ask the Professor: What You Need to Know About Anti-Bribery Laws.”

The event will be moderated by Terra Reynolds (Paul Hastings). Click here to learn more and to register.

Scrutiny Alerts and Updates

British American Tobacco

The company, with ADRs traded in the U.S., was recently the focus of this in-depth piece by the BBC. According to the article:

“[T]he BBC obtained hundreds of documents that reveal how BAT employees bribed politicians, public officials and even people working for a rival company in Africa. [...] In 2012, BAT lobbyist Julie Adell-Owino arranged bribes totalling US$26,000 for three public officials in Rwanda, Burundi and the Comoros Islands. All three officials were connected to a United Nations effort to reduce the number of tobacco related deaths.”

As highlighted in this prior post, in 2010 U.S. tobacco companies Alliance One and Universal Corporation resolved FCPA enforcement based on alleged improper payments, including in Africa.

J.P. Morgan

The Wall Street Journal focuses on J.P. Morgan’s FCPA scrutiny for its alleged hiring practices in China. According to the article, J.P. Morgan hired 222 candidates under a program known internally as “Sons and Daughters.” The article makes much of the alleged fact that 45% of the hires were referred by Chinese government officials or employees of state-owned companies.  However, according to the article, an equal percentage (44%) were nongovernmental referrals – an issue that could be relevant to corrupt intent.


This recent post highlighted Vimpelcom’s disclosure of a $900 million reserve in connection with its FCPA and related scrutiny. The prior post noted that the disclosure was ambiguous as to the various components of the $900 million.

Bloomberg reports:

Vimpelcom “is in talks to pay about $775 million — a near record — to settle U.S. allegations it paid bribes in Uzbekistan to win business, according to three people familiar with the matter. The Amsterdam-based company’s resolution with the Justice Department and the Securities and Exchange Commission could be announced in January, said the people, who asked not to be identified because details of the proposed settlement aren’t public.”

Bloomberg also goes in-depth into the burgeoning Uzbekistan telecom scandal here.


The company (formerly known as Parametric Technology) has been under FCPA scrutiny since 2011 and recently disclosed:

“We have been in discussions with the U.S. Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) to resolve an investigation concerning expenditures by our business partners in China and by our China business, including for travel and entertainment, that apparently benefited employees of customers regarded as state owned enterprises in China. This matter involves issues regarding compliance with laws, including the U.S. Foreign Corrupt Practices Act. We have recorded liabilities of $28.2 million as a result of our agreements in principle with those agencies to settle the matter. There can be no assurance that we will enter into final settlements on the agreed terms with these agencies or, if not, that the cost of any final settlements, if reached, would not exceed the existing accrual. Further, any settlement or other resolution of this matter could have collateral effects on our business in China, the United States and elsewhere.”


The media continues to gush over Wal-Mart’s FCPA scrutiny.  In the latest example, the Wall Street Journal reports:

“A U.S. investigation into potential foreign bribery by Wal-Mart Stores Inc. has unearthed evidence of possible misconduct by the retailer in Brazil, after investigators found little to support the sweeping allegations involving Mexico that initially prompted the probe, according to documents and people familiar with the matter. Federal prosecutors are examining $500,000 in payments that they believe ultimately went to an individual hired to obtain government permits the company needed to build two stores in Brasília, Brazil’s capital, between 2009 and 2012, an investigative document shows.”

What do DOJ FCPA Attorneys Do?

To the extent a job listing is an accurate depiction, this is what DOJ FCPA attorneys do:

“The Criminal Division, U.S. Department of Justice, is seeking qualified, experienced attorneys for two-year renewable term positions in the Fraud Section located in Washington, DC. The incumbent will serve as a Trial Attorney in the Foreign Corrupt Practices Act (FCPA) Unit or the Securities & Financial Fraud Unit (SFF) and, as such, will independently direct, conduct, and monitor investigations, prepare for and conduct trials, and advise on pleadings and other court filings.

Generally, as a Trial Attorney in the FCPA Unit or the SFF Unit, the incumbent:

  • In collaboration with unit managers, carries out and fosters effective investigations and prosecutions, including advising on strategy and legal complexities, and developing litigation priorities, policy, and legislative recommendations. Recommends charging decisions and proposes dispositions with regard to assigned cases.
  • Partners with and leads Assistant U.S. Attorneys and attorneys in other federal law enforcement agencies in the development, management and trial of complex white collar and corporate investigations and prosecutions. Engages in all phases of investigation and litigation, including, but not limited to, using the grand jury, advising federal law enforcement agents, utilizing international evidence collection tools, preparing appropriate pleadings, and litigating motions and trials before U.S. District Courts across the country.
  • Collaborates with foreign prosecutors and foreign law enforcement officers on international investigations.
  • Evaluates reports of potential violations of the FCPA / securities and financial fraud laws from both internal and outside sources to determine whether investigation is warranted.
  • Advises and instructs Assistant U.S. Attorneys on complicated questions of law and Departmental policy with respect to the FCPA / securities and financial fraud laws.
  • Represents the United States in direct negotiations and discussions with corporate counsel and high-level officials. Participates in discussions with opposing counsel for defendants and in the formulation of settlements often having far-reaching legal consequences.
  • Advises and consults with the Assistant Attorney General, Deputy Assistant Attorney General, Section Chief, et al., reporting on the status of all cases and matters related to civil/criminal remedies.
  • Serves as an expert, providing advice and policy determinations in matters involving the planning, discussion and coordination of the activities related to the investigation and litigation of FCPA cases. Oversees the preparation and litigation assignments of lower graded attorneys, paralegals and clerical personnel.”


One thing high-ranking DOJ officials most certainly do is give numerous speeches.

In the latest example, DOJ Deputy Assistant Attorney General Sung-Hee Suh delivered this keynote address at the ABA Criminal Justice Section’s inaugural Global White Collar Crime Institute in Shanghai (an event, I am pleased to say, was organized by my Southern Illinois University School of Law colleague Professor Lucian Dervan).

Set forth below is an expert of Suh’s address.

On internal investigations:

“Until last year, I worked for 15 years in private practice representing companies – often in the context of criminal or regulatory investigations. I believe I have a good sense of the challenges that companies and their counsel face in determining the appropriate scope of an internal investigation. But some of those challenges appear to stem from a misperception that the longer and more expensive and more resource intensive the company’s internal investigation, the more favorably the government will view the company’s cooperation. But broad, aimless investigations by a company – just as by the government – are counter-productive. As we in the Criminal Division have long emphasized, and continue to stress today, an investigation should be narrowly focused on getting to the bottom of what happened, identifying who within the company was involved, and – if the company seeks cooperation credit — providing that information to us on a timely basis.”

On transparency:

“[W]e understand that it has not always been clear why the Department required a corporate entity to plead guilty to resolve a criminal case, as opposed to a deferred or non-prosecution agreement, or why we declined to pursue a criminal resolution altogether with another corporate entity that engaged in similar misconduct. I have also heard companies and their counsel say that they have no idea how the government’s monetary resolutions were arrived at – that it sometimes appears as if the government just picks these numbers out of thin air. Also notable has been the trend among companies over the last several years against voluntary self-reporting, including – and perhaps especially – in the FCPA space, in part due to what is perceived, as noted during this morning’s sessions, that there is little or no benefit to self-reporting. Some lawyers have advised their clients that it’s simply more rational to wait to see if the government comes knocking and then cooperate if and when that happens.”


“[T]o those companies that are disinclined to self-report in the belief that the government will never know – I say, think again. In the anti-corruption space, the Fraud Section and the Federal Bureau of Investigation are deploying significantly more resources to detect and prosecute companies that choose not to self-disclose in FCPA cases. We’re hiring an additional 10 prosecutors in the FCPA Unit, an increase of over 50%, and the FBI has established three new squads devoted to international corruption investigations and prosecutions.”

On compliance programs:

“No compliance program is foolproof. We understand that. We also appreciate that the challenges of implementing an effective compliance program are compounded by the everincreasing cross-border nature of business and of criminal activity. Many companies’ businesses are all over the world. They are creating products and delivering services not only here in China but overseas and are operating across many different legal regimes and cultures. We also recognize that a smaller company doesn’t have the same compliance resources as a Fortune-50 company. Finally, we know that a compliance program can seem like “state of the art” at a company’s U.S. headquarters, but may not be all that effective in the field, especially in far-flung reaches of the globe.”


For your viewing pleasure, a video of a roundtable with new DOJ compliance counsel Hui Chen and DOJ Fraud Section Chief Andrew Weissmann.  The first portion of the event consisted of the DOJ officials respond to (likely scripted) questions by a moderator, the second portion – when the video recorder was turned off – consisted of the DOJ officials responding to audience questions.

Reading Stack

I did not come up with the title of the entry or its narrative, but I did answer the questions posed to me in this Corporate Crime Reporter entry about the political aspects of FCPA enforcement as well as questions about an FCPA compliance defense – a defense I have long advocated for (see here for the article “Revisiting a Foreign Corrupt Practices Act Compliance Defense.”


A Wall Street Journal op-ed by Professor Lucian Dervan titled “The Injustice of the Plea-Bargaining System.”


A good weekend to all.

The Use Of Gaming To Make FCPA Training Memorable And Thus More Effective

Tuesday, October 27th, 2015

gamingAn essential component of FCPA compliance best practices is, of course, training employees and agents on the Foreign Corrupt Practices Act and similar laws.

However, not all FCPA training is effective.

To be effective, FCPA training needs to engage learners. Not so much on the nuances of the law (indeed as highlighted in this previous post such a goal is likely counterproductive and increases, not decreases, organizational risk), but rather on how to spot risk in their specific job function.

The way to engage learners is not through old-school training that “tells” learners about the FCPA by presenting legal information in powerpoint slides.  This is not memorable and thus not effective.

To create memorable – and thus effective – FCPA training, organizations need to engage employees and agents through active learning such as issue-spotting exercises presented through high-quality videos, gaming aspects, and other memorable active learning exercises.

The Global Anti-Bribery course I created in partnership with Emtrain (an innovative compliance training company) does just that.

In this post, I highlight various of the visual and gaming aspects in the on-line course that has become the preferred FCPA training solution for companies across a variety of industry sectors.

For starters, the course introduces FCPA topics through numerous high-quality video scenes of actors involved in real-world conduct inspired by actual FCPA enforcement actions or instances of FCPA scrutiny.

For instance, in the below screenshot from a course video, two energetic company employees are planning a customer conference in connection with a new product launch.

Customer Conference








The employees think they are just doing their jobs, but could their conduct expose the company to FCPA scrutiny?  After watching the scene, learners will find out.

Learners in the course also accumulate substantive knowledge through the use of interactive “mouse-overs.” For instance, in the below screen shot regarding “anything of value,” learners “mouse-over” key factors relevant to the statutory term to increase their knowledge, comprehension, and most importantly issue-spotting abilities.

Mouse Over









Throughout the 60 minute on-line course, learners also have the ability to assess their knowledge by placing real-world conduct along an enforcement risk spectrum as depicted in the below screen shot.

Risk Spectrum







In short, the active learning and gaming aspects of the Global Anti-Bribery course engages learners and thus makes compliance training memorable and thus more effective.  Other features of the course include:

  • Executive and non-executive versions
  • The ability to configure the course with company-specific policies, videos, graphics, text, and employee hotline or reporting information
  • The ability to use video scenes outside the e-Learning experience in live training, discussion groups, or company emails and reminders
  • A compliance Learning Management System, enabling an administrator to launch and track training efforts and generate audit-ready training reports showing time spent on each video, screen, policy, etc.
  • Available in the following languages:  Spanish, Portuguese, Chinese (simplified), Japanese, French, and Russian

To learn more about the course and its active learning and gaming aspects, click on the below button.


Issues To Consider From The Bristol-Myers Enforcement Action

Thursday, October 8th, 2015

IssuesThis recent post highlighted the SEC’s FCPA enforcement action against Bristol-Myers.

This post continues the analysis by highlighting various issues to consider from the enforcement action.

False and Misleading SEC Release

The SEC routinely brings enforcement actions against companies for false and misleading public statements.

Pardon me for being the stickler, but the first paragraph of the SEC’s press release announcing the Bristol-Myers action is false and misleading. It states:

“The Securities and Exchange Commission today announced that New York-based pharmaceutical company Bristol-Myers Squibb has agreed to settle charges that its joint venture in China made cash payments and provided other benefits to health care providers at state-owned and state-controlled hospitals in exchange for prescription sales.”

The above is false and misleading because the only charges that the SEC brought against Bristol-Myers (BMS) were the following as stated in the SEC’s order:

“BMS, through the actions of certain BMS China employees, violated [the FCPA's books and records provisions] by falsely recording, as advertising and promotional expenses, cash payments and expenses for gifts, meals, travel, entertainment, speaker fees, and sponsorships for conferences and meetings provided to foreign officials, such as HCPs at state-owned and state-controlled hospitals as well as employees of state-owned pharmacies in China, to secure prescription sales. BMS also violated [the FCPA's internal controls provisions] by failing to devise and maintain a system of internal accounting controls relating to payments and benefits provided by sales representatives at BMS China to these foreign officials.”

No Allegations Regarding Germany

As previously stated in Bristol-Myers disclosures, its FCPA scrutiny began in 2006 the following way.

“In October 2006, the SEC informed the Company that it had begun a formal inquiry into the activities of certain of the Company’s German pharmaceutical subsidiaries and its employees and/or agents. The SEC’s inquiry encompasses matters formerly under investigation by the German prosecutor in Munich, Germany, which have since been resolved. The Company understands the inquiry concerns potential violations of the Foreign Corrupt Practices Act (FCPA). The Company has been cooperating with the SEC.

In March 2012, the Company received a subpoena from the SEC issued in connection with its investigation under the FCPA, primarily relating to sales and marketing practices in various countries. In particular, the Company is investigating certain sales and marketing practices in China. The Company has been cooperating with the government in its investigation and is in discussions with the SEC regarding a potential settlement agreement that would result in a resolution of the SEC’s investigation. The Company believes it is fully reserved for this matter.”

Given the above disclosure, it is notable that the Bristol-Myers enforcement action concerned conduct only in China. Granted, 2006 is a long time ago but the SEC has not shied away from “old” allegations in other FCPA enforcement actions and, as a practical matter, statute of limitations have little impact in corporate FCPA enforcement actions.

Double Standard

At its core, the Bristol-Myers action focused on various things of value (such as gifts, meals, travel, entertainment, speaker fees, and sponsorships for conferences and meetings) provided to foreign physicians.

Pardon me for saying this, but this happens all the time in the U.S. (See here and here for the most recent posts).

Compliance Take-Aways

Regardless of the above, set forth below are certain compliance take-aways from the Bristol-Myers action:

  • If a company is going to provide FCPA training to its employees (and companies most certainly should), the company needs to make sure the employees are actually taking the training.  The SEC’s order dings Bristol-Myers as follows: “[The] BMS sales force in China received limited training and much of it was inaccessible to a large number of sales representatives who worked in remote locations. For example, when BMS rolled out mandatory anti-bribery training in late 2009, 67% of employees in China failed to complete the training by the due date.”
  • The use and abuse of employee reimbursement requests.  The SEC’s order dings Bristol-Myers as follows. “BMS lacked effective internal controls sufficient to provide reasonable assurances that funds advanced and reimbursed to employees of BMS China were used for appropriate and authorized purposes.”
  • Boots on the ground.  The SEC’s order dings Bristol-Myers as follows. “The corporate compliance officer responsible for the Asia-Pacific region through 2012 was based in the U.S. and rarely traveled to China. There was no dedicated compliance officer for BMS China until 2008, and no permanent compliance position in China until 2010.”