Archive for the ‘Compliance’ Category

Are You Ready For Some Football? How A Successful Football Organization Can Inform FCPA Compliance In A Business Organization

Thursday, September 4th, 2014

FBAre you ready for some football? The answer is likely yes as the football season is arguably the most anticipated sports season and one that transforms the weekends of many.

For Foreign Corrupt Practices Act compliance practitioners, understanding the game is not just a professional diversion, but one that can actually add professional value as well.  The reason is because understanding what makes a football organization successful can also inform FCPA compliance in a business organization.

In the spirit of the season, my recent article in Bloomberg BNA’s White Collar Crime Report titled “How a Successful Football Organization Can Inform FCPA Compliance In a Business Organization” highlights four attributes of a successful football organization that can also elevate FCPA compliance in a business organization.

Click here to download the article.

Friday Roundup

Friday, August 29th, 2014

Some reading material to keep you occupied and engaged over the three-day holiday weekend.

*****

This recent Wall Street Journal article is about China’s recent antitrust crackdown, but the same could perhaps be said about China’s recent corruption crackdown against foreign multinationals doing business in China.

“The fact that regulators are going after allegedly dubious practices by multinationals isn’t what bothers trade officials at Western embassies in Beijing, even if they suspect that the probes sometimes have the effect of strengthening Chinese state-owned competitors.

What concerns them the most is the heavy-handed way that investigations are being pursued—and highly charged media coverage that makes for a troubling atmosphere for Western companies.

Foreign executives have learned two early lessons from the antitrust probes. First, the law provides little refuge. The message that the National Development and Reform Commission, the government agency that sets pricing rules, delivers in private to multinationals at the outset of a price-fixing investigation is not to bring in their foreign lawyers, according to numerous accounts by foreign executives, diplomats and lawyers themselves.

The second lesson is connected to the first: Resistance is futile. There’s scant need for lawyers when companies face a choice of either bowing to demands for quick remedies or becoming involved in a protracted wrangle with regulators in what is still a state-dominated economy. In almost every antitrust case launched so far, foreign companies have capitulated without a fight.

Voluntary price cuts of up to 20% are the norm, accompanied by board-level expressions of remorse and promises to do better.

And these cuts are offered at the very outset of investigations—and, sometimes, to get ahead of them. Chrysler described its abrupt decision to slash car-part prices as a “proactive response” to the price-fixing probe as it got under way. These price-fixing investigations have been accompanied by heated nationalistic rhetoric in the state media with antiforeign overtones. Taking down multinationals a peg plays well among the large sections of the public that view them as arrogant.”

*****

The always informative Debevoise & Plimption FCPA Update is particularly stellar this month.  It contains articles about the recent Wal-Mart – investor dispute in the Delaware Supreme Court as well as the recent settlement in SEC v. Jackson & Ruehlen.

Wal-Mart Delaware Action

The Wal-Mart Delaware action remains in my mind much to do about little at least as to the monumental corporate governance issues some had hoped for.

Nevertheless, the FCPA Update makes several valid points about the decision.

“In the wake of Wal-Mart, stockholders in future cases are likely to raise questions about the ways in which investigations have been conducted to see whether those questions also provide a “colorable basis” for seeking a broad range of investigative records. Companies that conduct investigations, therefore, will want to structure the investigation from the outset in a way that limits the ability of shareholders to assert that it was done improperly or otherwise may give rise to any legitimate shareholder concern. This, in turn, will place a premium on early decisions about who should conduct the review, who should supervise the review and the scope of the inquiry. Those decisions, which are generally made before any review has been conducted and based upon limited information, are sure to get close scrutiny from stockholders and should be undertaken with the utmost deliberation and care.”

SEC v. Jackson & Ruehlen

This previous post highlighted the recent settlement in SEC v. Jackson & Ruehlen and noted that the SEC, a law enforcement agency with merely a civil burden of proof, was never able to carry its burden and this was among other reasons why the SEC’s case against Jackson and Ruehlen failed – and yes – this is the only reasonable conclusion to be drawn from the settlement.

The FCPA Update states:

“In the realm of FCPA enforcement, where the vast majority of cases are settled before the filing and litigation of formal  charges, it is often hard to compare the outcomes of early and eve-of-trial or post-trial settlements in any meaningful way. The Noble case, however, provides  a rare opportunity to engage in such a comparison, not only because it was litigated by the SEC farther than almost any other FCPA case has been, but also because it involved both pre-and post-litigation settlements for individual defendants based on charges arising out of the same series of events.

In February 2012, the U.S. Securities and Exchange Commission (“SEC”) charged three executives of Noble Corporation with violating various provisions of the FCPA and related laws in the course of their interactions with public officials in Nigeria’s energy sector. One of these defendants, Thomas O’Rourke, promptly settled with the SEC, accepting permanent injunctions against future violations as to every count on which he was charged, and agreeing to pay a $35,000 civil penalty.

The remaining individual defendants, Mark Jackson and James Ruehlen, decided to litigate. On July 2, 2014 – less than a week before trial was to start and after more than two years of litigation – the SEC settled with these two defendants. Although Jackson and Ruehlen agreed to be enjoined from future violations of the books and records provision of the FCPA, the settlements in their matters were notable in that the vast majority of the charges in the initial complaint, including the bribery charges, were conspicuously absent from the settlements, and no monetary penalties were imposed.

Although the Noble case offers just one data point, the outcomes for the three defendants raise important questions about both the difficulties of litigating these types of cases for the SEC and the potential advantages of declining pre-trial settlement for would-be defendants. In addition, the SEC’s litigation strategy in these cases highlights some possible problems with the expansive interpretation of the FCPA that the SEC and the Department of Justice (“DOJ”) have advanced in recent FCPA cases. These problems, highlighted in the District Court’s refusal to accept the SEC’s interpretation on certain key issues, such as the scope of the facilitation payments exception, as well as the concrete impact of the U.S. Supreme Court’s Gabelli decision (133 S. Ct. 1216 (2013)) in gutting large portions of the SEC’s claims for penalty relief, will doubtless affect future litigation, as well as the “market” for SEC (and in certain respects, DOJ) settlements for years to come. But at the same time, the SEC’s losses on these key issues, which drove the favorable settlements with Jackson and Ruehlen, could well incentivize the SEC to dig deeper, and earlier, for the evidence needed to sustain its burdens in FCPA matters.”

*****

The Economist states – in a general article not specific to the FCPA – that “the [U.S.] legal system has become an extortion racket.” According to the article,

“[J]ustice should not be based on extortion behind closed doors. The increasing criminalisation of corporate behaviour in America is bad for the rule of law and for capitalism.  [...] Perhaps the most destructive part of it all is the secrecy and opacity. The public never finds out the full facts of the case, nor discovers which specific people—with souls and bodies—were to blame. Since the cases never go to court, precedent is not established, so it is unclear what exactly is illegal. That enables future shakedowns, but hurts the rule of law and imposes enormous costs.”

In the FCPA context, see here for my 2010 article “The Facade of FCPA Enforcement.

*****

A series of informative posts here, here, here and here from Thomas Fox (FCPA Compliance and Ethics Blog) regarding risk assessment.

*****

A good weekend to all.

Are We Carelessly Inviting Corrupt Behavior?

Thursday, August 7th, 2014

Today’s post is from Dr. Roger Miles.  Dr. Miles (PhD, Risk) is Behavioral Risk Lead at Thomson Reuters and he develops human factor analyses for Conduct Risk governance and compliance solutions.  His academic research focus is the “what actually happens” gap between designed systems and enacted human behavior.

*****

Are We Carelessly Inviting Corrupt Behavior?

By Dr Roger Miles

As regulators wrestle to assert new controls over corruption (and of course various other abuses), we’re reminded that the wider history of regulation resembles a trail littered with the carcasses of well-intended initiatives that failed.  Regulatory controls tend to fail because the people who design them often ignore how real people respond in practice, often contrarily, to having a control imposed on them.

A function of effective risk leadership in senior management – including compliance officers – should therefore be to pause to consider human aspects of control failures.  Where are the human-factor hazards brewing?  Do we know enough about these to keep ahead of them and head off problems early?

One way to overtake this hazard is to familiarize oneself with “dark side” research among people who game the rules (my special research interest as it happens).  This insight will rapidly rid us of the faulty assumption that rulebooks (whether in the context of the Foreign Corrupt Practices Act or otherwise) describe, or prescribe, what actually happens in organizations.  The reality of what actually happens is always something different, usually that the rulebook doesn’t foresee.  Once we make a habit of questioning the gap between what the rulebook says should be happening, and our observations of how people behave in reality, we become better both at spotting the early signs of “creative compliance” and at preventing all kinds of troublesome behavior.  A few examples make the point:

What Groups Do…

Formal demands (including the top-down introduction of rules and sanctions) often provoke ‘informal groups’ of work colleagues to respond in unorthodox local ways that create conditions for the control to fail later on.  The alert manager will watch for signs that ‘game-playing’ is becoming accepted as normal behavior, such as meaningless box-ticking (in response to quality control questionnaires); and filtering of inconvenient incident reports.  Also be alert for the many ways of massaging statistical reports, such as cherry-picking only the most favorable test results, re-basing of a reporting index, or redefining the thing that we’re reporting on.  Informal groups also like to ridicule anyone who dissents from their view of “how we do things here” – even (perhaps especially) when this contradicts what the rules require.  For the FCPA compliance leader, therefore, the first question should always be “who’s really in charge in this organization?”

What Individuals Do…

At a personal level, gaming responses include ‘presenteeism’ (physically turning up for work but leaving your motivation at the front door) and seeking to shift onto others any blame for failures.  Watch for early warning signs such as a person disengaging from routine involvement in work activities, disowning their own presence in management processes, or ignoring the legitimate authority of others.  Consistent with informal groups’ “how we do things”, individual rule-gamers will be active at making alternative sense of how rules apply (or don’t apply) locally to them.  They will be adept at coping, workarounds, and writing creative reports.  Alternatively they may retreat into fatalism, rationalizing that “it’s OK not to care because either nothing will change if I do, or I’ll only be labelled a trouble maker”.

In the Organization’s Structure

Sometimes we inadvertently design an organization to encourage rule-gaming responses.  To prevent this effect we need to become more skilled at spotting these preconditions for bad behavior, and design them out.  The preconditions include:

  • Lack of any coherent challenge from outsiders (advocacy groups, regulators, government)
  • A regulator who depends on regulatees for information (“enforced self-regulation”)
  • No apparent penalties for delay in responding to a question
  • Risk-taking uncoupled from consequence, with short-term rewards
  • Little required interaction with shareholders or other funding sources
  • The full Board meets only rarely; executive committees hand-picked by the Chairman
  • Power concentrated narrowly with CEO, Chairman, or Head of Sales
  • Penalties for non-compliance reported as a “normal friction cost of business”
  • An except reporting (whistleblowing) procedure exists but gets no explicit support from managers – it may          even be the  target of jokes

There is a large and expanding research field examining the gaps between control systems as designed and “what actually happens” when real people are told to use the controls.  A new approach to regulatory design intended to deal with this in the FCPA context and otherwise, behavioral regulation, is still in its infancy.  We should watch for developments.

How “Respect Your Elder” Can Present Compliance Difficulties

Wednesday, July 23rd, 2014

Among the reasons Foreign Corrupt Practices Act compliance is difficult for even the most well-managed business organization operating in the global marketplace is the obvious fact that a company is not a computer on auto-pilot.

Rather, as highlighted in “Revisiting an FCPA Compliance Defense,”

“Doing business in international markets often requires hiring local workers who are products of different cultures and experiences, speak different languages, and are located in different time zones from corporate headquarters. While bribery is prohibited by the written laws of every country and while a suitcase full of cash to a government official to obtain or retain a government contract is a universal wrong regardless of culture, language, or experience, this is where the consensus often ends. Even with gold-standard compliance policies and procedures, the practical reality of monitoring and supervising this vast and diverse network of individuals is difficult and even gold-standard compliance policies and procedures are not foolproof.”

FCPA scrutiny is best minimized when, among other things, employees (regardless of rank, title or position) are able to spot FCPA risk and report concerns or suspicions to the appropriate personnel within the company.

Problem is we are all taught from an early age to “respect our elders” and this cultural norm is even more pronounced in certain cultures outside of the U.S.  In many countries, this cultural norm permeates all facets of life including the workplace.  In short, the same cultural diversity that so enriches a business organization can present compliance difficulties.

From my FCPA practice experience conducting internal investigations abroad, I have direct knowledge of certain instances of FCPA scrutiny that arose in Asian countries where the conduct under investigation focused on the “patriarch” of the office (in other words the elder male), yet under circumstances where the traditional gatekeepers in the company  (in-house counsel, finance and auditing professionals, etc.) were either younger males, or more often, younger females who appeared culturally paralyzed to voice their concern or suspicion regarding the “patriarch.”

The “respect your elder” dynamic, which is positively viewed in other aspects of life, presented compliance difficulties for this particular company, and no doubt many other companies operating in Asia where this cultural value is most revered.

While outside the FCPA context, this recent post “Learning to Speak Up When You’re from a Culture of Deference,” on a Harvard Business Review site by Professor Andy Molinsky is spot-on.  He writes:

“Many of us are uncomfortable speaking with people of higher status. We can feel self-conscious, unsure of what to say, and afraid what we’re going to say — or what we’re saying — is the wrong thing. After these conversations, we often replay in our heads what we said, analyze what we shouldn’t have said, or realize what we should have said but didn’t. But imagine what communicating up the hierarchy is like for people from countries and cultures where notions of hierarchy are much deeper and much more ingrained than ours. Where even as a small child you are taught to speak only when spoken to, and that in the presence of authority figures, like your parents, your teachers, or your boss, you should remain quiet, put your head down, do solid work, and hope to be noticed.”

In the article, Professor Molinsky offers advice that “organizations and particularly leaders of organizations [can] do to lessen the brunt of this liability of deference for their employees from other cultures.”  Much of the practical advise seems self-obvious at first blush, yet – as in other aspects of compliance – sometimes the self-obvious is not so self-obvious.

Moreover, recognizing the existence of a hidden problem (in other words how the “respect your elder” dynamic – so noble in other aspects of life – can present compliance difficulties) is often the first step to crafting company specific responses to counteract the problem.

FCPA Compliance And The Important Role Of Gatekeepers

Thursday, July 17th, 2014

To best manage and minimize Foreign Corrupt Practices Act risk, it is important that a business organization not view FCPA compliance as strictly a legal function, but rather a function best achieved holistically throughout the organization.  This requires business managers, including finance and audit professionals in particular, to have the skill-set to recognize FCPA risk.

It is clear from recent FCPA enforcement actions that the enforcement agencies, and the SEC in particular, expect much from business managers when it comes to FCPA compliance including the ability of these gatekeepers to spot FCPA issues and display a high degree of intellectual curiosity as to many company transactions and expenditures.  (See enforcement actions here, here and here).

This free video (created in collaboration with Emtrain with whom I’ve created a global anti-bribery and corruption training course) has been created to help business organizations best mitigate FCPA risk.  Feel free to share the video with clients, in-house counsel and other compliance professionals, and business managers within your organization.