July 27th, 2015

And The Apple Goes To …

applepicRichard Morvillo recently penned this spot-on Law360 article titled “Devaluing the Currency of Settlements.”

In the article, the veteran lawyer asks whether white-collar settlement amounts have increased just because, opines that the DOJ and SEC have cheapened deterrence, raises questions about the lack of individual prosecutions and how this contributes to a facade of enforcement, and discusses how the role of defense counsel has morphed in regulatory investigations.

In pertinent part, Morvillo states:

“Now that the Arthur Andersen debacle is a distant memory, financial and other institutions are begrudgingly accepting guilty pleas and deferred prosecution agreements (“DPAs”). Penalties and fines in the hundreds of millions of dollars that must be borne by existing shareholders, many of whom were not stakeholders at the time of the alleged violations, are also more common. In addition, there is continuing concern within the defense bar that the DOJ is criminalizing conduct that historically was considered to be the grist of civil prosecutions. Similarly, the SEC now appears to be willing to bring more marginal cases as well as those involving “broken windows” and innocent mistakes.

Deterrence is a laudable goal for the DOJ and the SEC. But, despite the fact that generations of prosecutors have invoked “deterrence” as an excuse for being tougher than their immediate predecessors, there is scant evidence that increasing sanctions has had a marked impact on fraudulent and other misconduct. The sheer number of civil and criminal prosecutions brought over the last several years suggests that increasing penalties into the many tens of millions of dollars prior to that time did not forestall misconduct. If the converse were true, the government would not feel the need to ratchet up penalties.

Admittedly, vigorous enforcement, coupled with Dodd Frank, has contributed to enhanced internal controls and greater scrutiny by internal and outside auditors. These improvements began before the recent increase in sanctions and were driven in large part by companies’ self-interest in improving their culture and compliance regimes. Indeed, many institutions re-evaluate and strengthen controls and procedures, especially when they discover a whole or a lapse in existing functions, without waiting for the government to force such changes. Compliance has come a long way. Still, efforts to prevent and to detect misconduct have more to do with the desire for good corporate governance and avoiding future charges of misconduct than with the increasingly punitive size of sanctions the government has been handing out.

Criminal cases and daunting penalties are fodder for headlines, but they will not eliminate the root cause of serious misconduct — the behavior of a few individuals. For example, history teaches us that, though the DOJ and SEC have made insider trading an enforcement priority for years, there is no dearth in insider trading cases they bring year after year. Those willing to violate the law for personal aggrandizement or other reasons will find a way to do so. No compliance or control system can provide a failsafe against one or a few rogue misfeasors in a large company. Economic crime, fraud and other intentional misconduct will be with us so long as greed, arrogance, ego, poor judgment and other such traits are part of our human chemistry.

Criminal fines that are multiples of what they were in the not-too-distant past are now fairly commonplace, as are other forms of costly relief (e.g., compliance monitors). The same holds true for SEC Enforcement settlements, where tens, if not hundreds, of millions of dollars in penalties have been levied in settlements also requiring entities to disgorge large sums ostensibly reflecting the benefits attributable to the misconduct.

[...]

In other words, in raising the ceiling on settlements, the government is also raising the floor. What sufficed to settle a case only a few years ago is a far cry from the minimum sanction the government will demand today. Though, according to the government, the matters recently resolved criminally or at the high end of the sanctions range involved serious misconduct over a prolonged period of time by multiple actors, cases meeting that description are not new. The government said the same thing about its cases years ago after Enron and even before that following the revelations concerning Drexel Burnham and others. Today’s cases are not substantially different at their core from yesterday’s even while, in the interim, the government notched up the price of settlement several times.

[...]

It is rare for a regulated entity to litigate with its regulator, and the government knows that when it arrives at the negotiating table to discuss a resolution. Government prosecutors also count on the fact that companies are anxious to settle in order to get government investigations behind them. While most prosecutors try to be fair, they generally believe in their cases and demand terms the settling company finds inappropriately costly given its perception of the underlying conduct and available defenses. Company management values certainty and finality above all else, however, and often succumbs to the government’s demands simply to end an investigation. For these and other reasons, the government has the leverage to insist on sanctions that the company’s lawyers may not feel are warranted but at some point feel obliged to accept.

[T] he government’s policy of giving credit for cooperation has caused an evolution in the way cases are developed and settled despite the attendant costs. Over the past 10 years or so, the government has come to expect that entities will cooperate with it by identifying problems deserving scrutiny and delivering the facts the government needs to evaluate the conduct of the entity, its employees who were involved and those who supervised the actors. In an era of self-reporting and internal investigations, the traditional role of defense counsel has morphed often into the role of “fact finder” (for, among others, the government). The relationship between the corporate client and the inside and outside counsel is altered in these instances. For example, counsel conducting an internal investigation finds herself giving Upjohn warnings to employees in order to get facts not with which to defend the company but to share with the government. Where credit for cooperation is highest when approaching the government early and being forthright, a company generally wants to take advantage of the opportunity and set the tone for interactions to come. At the same time, having spent the money to investigate and to blow the whistle on itself, the company sets in motion a dynamic that favors a resolution, one in which cooperation should lead prosecutors to offer a more attractive package (albeit not as attractive as one available in the past). Although few defense lawyers and their clients believe that they are rewarded with benefits commensurate with their cooperation, most are not willing to risk the potential outcome of an investigation in which the company declines to cooperate.

The irony is that, while cooperation with the government is at an all-time high, so are the sanctions visited on cooperators. Because many government prosecutions, especially international cases where information is not always easily obtainable by U.S. authorities, resulted directly from extensive and costly cooperation, the government should ensure that corporations perceive that there is a clear benefit in sharing information. There are examples where the government has not brought certain charges or exempted a cooperator from the kind of monetary sanctions typical in cases involving similar misconduct. Yet, many lawyers find it difficult to explain to their clients why cooperation was worth it when the settlement they negotiated still wound up requiring exceedingly large penalties.

Finally, a more insidious problem that may arise from the devaluation of settlement currency is its potential negative impact on deterrence. As noted, deterrence and appropriate punishment for wrongdoers are important, and so is the stigma of being on the wrong end of such charges. A true criminal enterprise should be put out of business, and criminal prosecutions can help bring that about. Caution is necessary, however. Small companies and those in certain businesses, like investment advisers, are not likely to survive criminal or serious civil fraud charges or large penalties, and death is cruel and unusual punishment for their innocent employees who try to do the right thing. While larger entities are better able to withstand similar charges and hefty penalties (especially as the SEC is appropriately inclined to grant relief from the lifeblood-threatening collateral consequences of settlements), there is still cause for concern. Because we now live in an era where felony convictions of entities, DPAs containing punitive sanctions and huge civil penalties are part of the new norm, society will slowly learn to tolerate, if not become callous to, the emerging state of affairs.

The more cases there are with previously unthinkable sanctions, the more readily people will accept those sanctions as a normal cost of doing business. This cheapens the deterrence value of large penalties. The employee bent on violating the law will be dissuaded, if at all, by the threat of individual prosecution, not greater penalties for his employer. The increase in the nature and price of settlement will not alter the perception that companies can still buy their way out of trouble at their shareholders’ expense. That view has already taken hold — whereas Arthur Andersen did not survive after the charges against it, large institutions are now weathering the storm. The fact that institutions can accept responsibility for crimes and previously unheard of monetary penalties suggests that these settlements cause pain in the short term, but are not an effective deterrent in the long term.

Prosecutors understandably feel the need to be tough on intentional misconduct that harms the public. And they should be. At the same time, they should rely less on the “WOW” settlement factor and moderate their thirst for punitive sanctions whose efficacy as deterrence is questionable at best. Rather, they should focus on relief addressing the cause of the conduct and means of preventing it. The public benefits when companies, instead of paying for headline-grabbing fines, use funds to take remedial actions that increase the likelihood of preventing future misconduct.

However much the government claims it takes a company’s pre-settlement remedial actions into consideration, settling defendants are looking for more concrete evidence that their efforts pay dividends. The government should reward these companies more directly for their remedial actions; if penalties are nevertheless appropriate in particular cases, they should be kept in check and reflect, in quantitative terms, substantial offsets for voluntary improvements in internal controls and processes. That will still allow the government to insist that entities that have not taken needed corrective action expend funds adopting better governance procedures going forward.

There is also a perception among many in the defense bar that, while the penalty may vary, the same kind of costly ancillary relief is sought in certain types of cases whether or not the settling company took appropriate remedial steps. For example, compliance monitors and reviews are sometimes mandated in Foreign Corrupt Practices Act settlements notwithstanding the likelihood that their benefits are marginal where a settling entity took appropriate remedial steps before or during the government’s investigation. In recognition of pre-settlement steps, the government should propose more creative prophylactic relief that ensures adherence to newly improved policies. Reviewing and policing how a company handles them going forward are more apt to deter recidivism than redundant exercises or large fines. Thus, for example, the government might defer imposition of a penalty or other sanctions pending a company report on progress over a few years in the compliance area implicated by the settled charges; the sanctions could be triggered if defined compliance milestones are not met.

Government officials believe that they already adequately fashion resolutions in light of remedial actions taken by the settling defendant. Few in the private sector agree, however, and some think that the recent spate of increased sanctions demonstrates that the government has taken the opposite tack. We can hope that the government stops the seemingly never-ending escalation of sanctions and adopts a more measured approach focused on deterrence and not on headlines and out-sized penalties.”

[The FCPA Apple Award recognizes informed, candid, and fresh thought-leadership on the Foreign Corrupt Practices Act or related topics. There is no prize, medal or plaque awarded to the FCPA Professor Apple Award recipient. Just recognition by a leading FCPA website visited by a diverse group of readers around the world. There is no nomination procedure for the Apple Award. If you are writing something informed, candid and fresh about the FCPA or related topics, chances are high that I will find your work during my daily searches for FCPA content.]

Posted by Mike Koehler at 12:03 am. Post Categories: Apple Award




July 25th, 2015

Attend FCPA “Summer School” August 13-14 in Washington, D.C.

FCPA InstituteSummer.

A time for reflection, a time to think, and a time for professionals to elevate their FCPA knowledge and practical skills by attending the FCPA Institute – DC on August 13-14th.

Since its launch in July 2014, the FCPA Institute has elevated the FCPA knowledge and practical skills of lawyers, auditing and finance professionals, compliance personnel and business executives from around the world.

The FCPA Institute is next coming to Washington, D.C. on August 13-14th and lawyers from leading law firms around the world as well as in-house counsel and compliance professionals from leading companies have already registered to attend.

If you too want to elevate your FCPA knowledge and practical skills by attending the FCPA Institute – DC, click here for further details and to register.

The FCPA Institute is different from other FCPA conferences as information is presented in an integrated and cohesive manner by an expert instructor with FCPA practice and teaching experience.  Moreover, the FCPA Institute promotes active learning by participants through issue-spotting video exercises, skills exercises, small-group discussions, and the sharing of real-world practices and experiences.

To best facilitate the unique learning experience that the FCPA Institute represents, attendance at each FCPA Institute is capped at 30 participants.

At the end of the FCPA Institute, participants can elect to have their knowledge assessed and can earn a certificate of completion upon passing a written assessment tool.  In this way, successful completion of the FCPA Institute represents a value-added credential for professional development. In addition, attorneys who complete the FCPA Institute may be eligible to receive Continuing Legal Education (“CLE”) credits.  Furthermore, previous FCPA Institute participants have successfully obtained continuing education units from the Society of Corporate Compliance and Ethics for attending the FCPA Institute.

Set forth below is a sampling of what FCPA Institute “graduates” have said about their experience.

  • “Unlike other FCPA conferences where one leaves with a spinning head and unanswered questions, I left the FCPA Institute with a firm understanding of the nuts and bolts of the FCPA, the ability to spot issues, and knowledge of where resources can be found that offer guidance in resolving an issue.  The limited class size of the FCPA Institute ensured that all questions were answered and the interactive discussion among other compliance professionals was fantastic.” (Rob Foster, In-House Counsel, Oil and Gas Company)
  • “The FCPA Institute is very different than other FCPA conferences I have attended.  It was interactive, engaging, thought-provoking and at the completion of the Institute I left feeling like I had really learned something new and useful for my job.  The FCPA Institute is a must-attend for all compliance folks (in-house or external).” (Robert Wieck, CPA, CIA, CFE – Forensic Audit Senior Manager, Oracle Corporation)
  • The FCPA Institute is a top-flight conference that offers an insightful, comprehensive review of the FCPA enforcement landscape.  Professor Koehler’s focus on developing practical skills in an intimate setting really sets it apart from other FCPA conferences.  One of the best features of the FCPA Institute is its diversity of participants and the ability to learn alongside in-house counsel, company executives and finance professionals. (Blair Albom, Associate, Debevoise & Plimpton)
  • “The FCPA Institute was a professionally enriching experience and substantially increased my understanding of the FCPA and its enforcement. Professor Koehler’s extensive insight and practical experience lends a unique view to analyzing enforcement actions and learning compliance best practices. I highly recommend the FCPA Institute to practitioners from all career stages.” (Sherbir Panag, MZM Legal, Mumbia, India)
  • “The FCPA Institute provided an in-depth look into the various forces that have shaped, and that are shaping, FCPA enforcement.  The diverse group of participants provided unique insight into how, at a practical level, various professionals evaluate risk and deal with FCPA issues on a day-to-day basis.  The small group setting, the interactive nature of the event, and the skills assessment test all set the FCPA Institute apart from other FCPA conferences or panel-based events.” (John Turlais, Senior Counsel, Foley & Lardner)
Posted by Mike Koehler at 8:29 am. Post Categories: Uncategorized




July 24th, 2015

FCPA Professor Turns 6

sixSix years ago, I launched FCPA Professor with this simple mission statement.

“After a decade-long private practice legal career focused on the FCPA, I am pleased to launch “FCPA Professor” in connection with my new academic career. To be sure, there are other websites and blogs which cover FCPA topics. However, “FCPA Professor” seeks to inject a much-needed scholarly voice into FCPA issues. Thus, in addition to covering the “who, what, and where” of FCPA enforcement actions, news, and legislative initiatives, this blog will also explore the more analytical “why” questions increasingly present in this current era of aggressive FCPA enforcement. The goal of this blog is thus to foster a forum for critical analysis and discussion of the FCPA (and related topics) among FCPA practitioners, business and compliance professionals, scholars and students, and other interested persons.”

Six years and 1,529 posts later and here I am.

FCPA Professor has been described as “the Wall Street Journal concerning all things FCPA-related,” and “the most authoritative source for those seeking to understand and apply the FCPA.” For these and many other comments, I am grateful.

Six years later, the mission of FCPA Professor remains the same and I thank you for your readership and being part of this journey.

What started out as a “blog” has turned into so much more and I hope you agree that FCPA Professor is a comprehensive website with, among other things:  links to original source documents; a detailed FCPA 101 page; and approximately 1,000 subject matter categories designed to facilitate in-depth research and analysis.

All of this takes time, money, and substantial effort, yet the content on FCPA Professor is provided free to readers, hundreds of thousands each year from around the world.

If FCPA Professor adds value to your practice or business or otherwise enlightens your day and causes you to contemplate the issues in a more sophisticated way, please consider a donation to FCPA Professor to help celebrate this 6th anniversary.  Yearly subscriptions to other legal publications or sources of information can serve as an appropriate guide for a donation amount.  To donate click here.

In this post, I offer a variety of perspectives from running FCPA Professor for six years and writing on a near daily basis about the Foreign Corrupt Practices Act and related topics.

Surprises

While all voices are welcome in the marketplace of ideas, what has surprised me most is the extent to which many informational gatekeepers in the FCPA space are not lawyers, or if lawyers, lawyers without substantial, real-world practice experience in the subjects they are writing about.  (For more on this topic, see this prior post).  In short, there is some real garbage out there when it comes to FCPA reporting, commentary and analysis.  Not differences of opinion (those are welcome) and to be sure we all make mistakes.  Rather, the deficiencies are as to black and white factual issues that ought to serve as an initial competency test before someone hits the publish button regarding an FCPA topic.  (For more on this issue, see this prior post).  While I don’t expect readers to agree with me on every topic or issue, what I do hope is that readers agree that my posts (particularly as to enforcement actions) represent the most substantive and comprehensive discussion and analysis that is free and publicly available on a near real time basis.

If you would have told me six years ago that writing (as I occasionally do) about legislative history and actual judicial authority relevant to the FCPA would somehow be controversial or provocative, I would have been surprised and I remain surprised about this aspect of my writing to this day.  In the minds of some (see here), I am the “anti-FCPA Professor.”  However should anyone remain curious as to my FCPA positions, they are succinctly stated here.    The irony of course (as highlighted in this prior post) is that more often than not, a former FCPA enforcement official is likely to say (or has already said) the same thing!

In doing FCPA searches literally every 24 hours, I am surprised the extent to which recasting original ideas, thoughts and concepts without proper attribution is common.  Original ideas, thoughts and concepts are my tools and all I really have professionally.  Is it that difficult to cite or attribute?  (See here among numerous other examples).

Rewards

I have met (whether in person or virtually) so many people through, and because of, FCPA Professor.  It is very rewarding to receive reader e-mails or to be at conferences around the world and have a person stop you to say “hi, I read you every day, keep up the good work.”

I am often asked about the feedback I receive on my writing and the answer is as follows.  I start from the belief that a person who disagrees with me is more likely to contact me that a person who agrees with me.  Measured against this belief, it is rewarding that the feedback I receive is 90%+ positive and that includes from certain current DOJ and SEC officials who themselves struggle with many aspects of this new era of FCPA enforcement as well as many, many others who are simply unwilling or incapable of publicly airing their genuine thoughts on many aspects of FCPA enforcement in a way they would like to do.

Some of my most rewarding feedback is from individuals, or more commonly family members of individuals, who find themselves caught up in this new era of FCPA enforcement.  These are real people, with real spouses, parents, children who have very real feelings about this new era of FCPA enforcement.  These are entirely different dynamics than a corporation being under FCPA scrutiny or a corporation resolving an enforcement action with shareholder money.

To my knowledge, FCPA Professor is the second “oldest” continuous website that focuses on FCPA issues and – I guess you can be the judge of this – the first website that began talking about FCPA issues in a different way.  Has FCPA Professor had an impact on various aspects of FCPA enforcement, FCPA reform and related issues? Again, you can be the judge of this, but regardless, I am confident in my answer.

Finally, there is intangible reward of knowing that someone, somewhere is beginning or ending their day, or passing time on their subway commute or airport delay reading you.  FCPA Professor readers span the globe and the sun literally never sets in terms of the traffic on this website.  I take my responsibility of being a gatekeeper of sorts very seriously and it is truly an honor.

I must admit, I enjoy reading FCPA enforcement actions (even though they are truly serious matters generally not thought of as pleasure reading), but reporting on enforcement and scrutiny alerts and updates is not what energizes me the most. Exploring the unexplored topics of the FCPA, making linkages, diving deep into the statistics, and holding public officials accountable for their policy positions is what I enjoy the most about running FCPA Professor.

Struggles

FCPA Professor is to a large extent a labor of love.

Nevertheless, doing anything on a near daily basis for six straight years can be taxing.  Daily searches for FCPA content and drafting and editing the daily post are sometimes a struggle particularly on days that I travel or have other professional or family commitments.  And let’s face it, the ebbs and flows of life are just that.  You all know me by virtue of this website, but I am, among other titles a law professor, husband, father, son, brother, and friend to others, not to mention having outside interests and passions as well.

Because of this, candid, informed, and thoughtful commentary and analysis on FCPA and related issues are always welcome for publication as a guest post.

Is it a good thing that multiple websites all cover the FCPA on a daily basis and feel the need to deliver “new” content every day?  I struggle with this answer just as I struggle in determining whether the general 24-7 news cycle is actually a good thing.  Let’s face it, some days or weeks, there is just not much going on in the FCPA space.

The Future

Will I be running FCPA searches every 24 hours and writing near daily on FCPA topics in 3 years, 5 years, 10 years, 15 years, 20 years?   I don’t know and in certain respects I could only be so lucky.

All I know is that the journey the past six years has been full of surprises, rewards, and occasional struggles.

Thank you for being part of the journey and I would value your contribution to FCPA.

Posted by Mike Koehler at 12:02 am. Post Categories: Uncategorized




July 23rd, 2015

Lessons Learned As A Foreign Corrupt Practices Act Monitor

LeasonsToday’s post is from Scott Fredericksen (Partner, Foley & Lardner) and originally appeared in International Trade Law & Regulation, Vol. 21, Issue 3, 2015 (Thomson Reuters).

*****

Not long ago, Foley & Lardner was selected as a monitor for a medical devices company that had been found to have engaged in activities alleged to have violated the FCPA. As the leader of the investigatory team, I did not have the normal advantage of working with a known client with a known business.

Rather, I needed to quickly develop a multi-faceted team that had to quickly get up to speed on the company’s business model, how it conduct business abroad, its distributor arrangements, its compliance program, its internal controls, and its training. In short, I had to set up a compliance review with the kind of probing that one would find in an in-depth financial audit.

The importance compliance lessons learned from Foley’s experience of a corporate monitor are provided below.

General Lessons

As most people who are involved in the compliance area know, establishing the right corporate culture is paramount. The key requirements include ensuring that the company has a culture of respect for compliance, that senior management is firmly behind all compliance efforts, and that there is a strong and well-funded compliance infrastructure that can catch compliance missteps from a variety of angles.

Establishing the appropriate corporate compliance culture requires constant reiteration of the compliance message. Compliance standards must be public and promulgated throughout the company, including through regular placement in company newsletters and on corporate intranets. Compliance A Corporate Monitor’s Guide to International Regulatory Compliance 6 policies should be readily accessible to employees and integrated into all aspects of employment, starting with discussions of compliance during the hiring process and references to the policy in employment contracts. Even employee performance reviews can help serve this purpose, by ensuring that employee adherence to compliance standards are part of the evaluation process.

The involvement of senior management is also essential for the development of a corporate culture focused on compliance. Placing a member of senior management in charge of compliance acts as a vital link between the executives and board members responsible for running a company and the employees on the ground who must deal with potential regulatory violations issues on a regular basis. A high-level member of management who is intimately involved in the compliance process also lends legitimacy to the company’s compliance policy and helps firmly establish the tone from the top.

This is not to say that every company needs to have a dedicated chief compliance officer. The establishment of the compliance infrastructure, like all compliance efforts, needs to be a risk-based endeavor, which means that the compliance needs of a smaller company that only operates in a handful of foreign countries may not be the same as those of a large multinational corporation that operates in a number of high-risk environments. It is common in smaller companies for compliance duties to be handled by an employee who has multiple responsibilities, such as the head of the human resources or audit departments. But at all companies, there should be a single person who is responsible for monitoring potential violations, managing due diligence, developing and providing compliance training, answering questions and resolving red flags, and testing the compliance program. This type of compliance ownership, by a person who is free from business pressures to achieve particular outcomes, is essential to ensure that compliance responsibilities are taken seriously. A Corporate Monitor’s Guide to International Regulatory Compliance.

A final issue is the adequacy of funding. Effective compliance requires hiring appropriate compliance personnel, taking time from busy employees for training, the establishment of internal controls and processes to monitor the effectiveness of the program and procedures in place, and periodic revisions to the policies and training materials. Companies should put in place programs that will be supported by commensurate resources. If, for example, a company states that it will perform due diligence on every agent it hires, then it should ensure that it has set aside sufficient resources to carry through on this commitment. Although compliance can be expensive, it pales in comparison to the multimillion dollar fines and high investigatory costs that now accompany even routine violations of U.S. regulations.

Compliance Program Improvements

A thorough and proper risk assessment forms the core of any good compliance program. No compliance program has the luxury of drawing on unlimited resources. Therefore, it is necessary to begin with a sober assessment of the regulatory risks facing the business, including those posed by its corporate profile, business model, types of products sold, areas of operation, use of third parties, degree of government interaction, and other business-profile issues that impact the degree of regulatory risk.

The ways in which to conduct a proper risk assessment vary, but certain principles are universal. Involvement from senior management and employees that understand the company, its business model, and its specific regulatory risk points is essential. The risk assessment must be conducted free of business pressures, without clouded judgment regarding where the highest risks arise. The risk assessment also should take into account all the ways in which outside actors can implicate the company or create regulatory liability, such as agents, distributors, joint venture partners, and other third parties. A Corporate Monitor’s Guide to International Regulatory Compliance

Companies also need to update their risk assessments on a regular basis. Corporate expansions, mergers and acquisitions, establishment of new joint ventures, expansions into new countries or product lines, and new distributor arrangements are all activities that can alter the risk profile of a company. Even regulatory developments, such as enactment of broad anticorruption laws such as the UK Bribery Act or the recent ramping up of OFAC sanctions and related enforcement activity, can impact compliance requirements. Not all of these changes, or their impact on compliance efforts, are obvious, which makes a regular reassessment of risk an important compliance function.

After conducting a risk assessment, a company must decide how to allocate its compliance resources. Allocating most resources to identified high-risk areas is important. So, however, is recognizing that the risk even in low-risk areas seldom is zero, and thus deserve some compliance attention as well. A well-structured risk assessment can help balance the distribution of compliance resources.

It also is important to regularly update compliance measures. Compliance standards regularly change, driven not only by changes in the regulatory framework but also the expectation of the regulators. As a result, it is important for a company to remain educated about compliance issues, including through regularly sending compliance personnel to specialized conferences, and following developments that bear on the ever-evolving standards for an acceptable compliance program.

When changes are made, the changes to the compliance program must be appropriately promulgated throughout the company. Depending on the change, this could require anything from company-wide training to a simple email from the company’s chief compliance officer. Regular communications regarding the company’s compliance message serves the dual purposes of keeping the A Corporate Monitor’s Guide to International Regulatory Compliance 9 compliance message top-of-mind while also communicating the company’s evolving compliance efforts and its commitment to compliance.

Training Enhancements

Training is an integral part of every compliance program, and serves a function that is much greater than merely communicating information. Done properly, it is an important part of the compliance-related dialogue that helps minimize the risk of violations and while helping to discover violations that already have occurred. It also is a key cog in the central goal of communicating the importance of compliance to the organization.

Although many companies conduct training electronically, including through the use of innovative compliance presentations and on-line quizzes, in-person training remains the gold standard. Company personnel tend to pay more attention to a live presentation, and the presentation can be tailored to the requirements of the audience. Allowing time for discussion not only allows employees the opportunity to ask questions about areas that are unclear, but often reveals areas where further inquiry may be appropriate. Properly presented, in-person training can result in compliance feedback that can be incorporated to improve the overall compliance program.

No matter how training is provided, it cannot be a one-time event. Although all employees should receive initial training upon their hiring, reinforcement of the training on a periodic basis is essential. Annually is a good benchmark that works for most companies.

Finally, companies should make training relevant to the evidence. The training should use as many real-world examples as possible, such as case studies drawn from actual problems confronted by the A Corporate Monitor’s Guide to International Regulatory Compliance 10 company in the past, as well as those that are more likely to occur based on the industry and where and how the company does business.

Audits and Compliance Checkups

Compliance as envisioned by the compliance program, and compliance as it actually occurs in the field, often are two very different things. A company that implements rigorous procedures, but then fails to live up to them, often enjoys the worst of two worlds, since its failure to meet its compliance goals would be held against it in any enforcement proceeding. To avoid this possibility, compliance implementation should be monitored by direct observation, by supervision of the program, and by testing the controls.

Some of this testing can be done in the company’s normal internal audit process, and it is important that internal audit employees receive specific compliance training so they understand what to do and why they are doing it. One increasingly common way of ensuring the testing of the controls is to conduct compliance audits. These audits are intended to stress-test compliance procedures by picking high-risk transactions at random to see whether the compliance program is functioning as envisioned. Beyond this, regime-specific audit items can be created, which generally will focus on whether the company is adhering to its internal controls in a given area. They can be conducted by properly trained internal or external auditors.

The tendency at many companies is to conduct audits based upon the ease of conducting them, rather than their utility. This shows up, for example, when companies target their own foreign operations for compliance-related audits, but do not exercise their rights to audit agents or joint venture partners. It also arises when companies do not return to the lessons of their risk assessments to determine the high- A Corporate Monitor’s Guide to International Regulatory Compliance 11 risk areas that merit follow-up checks. Unlike financial audits, which tend to concentrate on areas with the highest revenue impact, compliance-based audits often need to focus on areas that may have a small revenue impact but a large compliance risk footprint. Operations in a developing country, for example, may be new and have still-small revenue, yet present an outsized compliance risk.

Agent and Distributor Controls

No compliance program, no matter how well conceived, can perform its job unless the risks posed by third parties are adequately addressed. This is because many enforcement settlements are premised on agency principles, i.e., a determination that parties outside the company were acting on behalf of the principal, thus creating legal liability for the principal.

Dealing with agents, distributors, and other third parties presents unique and interesting challenges. Often companies work with these third parties in foreign countries because they do not understand the business culture or ins-and-outs of doing business in a particular country. Agents help fill this knowledge gap by bringing knowledge of the business environment that the company cannot fill by itself.

But the greater the separation from corporate headquarters, the greater the risk. The dangers of third parties can arise in a host of areas, including for matters handled by customs brokers, distributors, sales agents, political consultants, lobbyists, and other third parties. The consistent use of third parties, even when justified from a business perspective, by itself can be considered a compliance red flag. The oversight of third parties accordingly should be considered in every aspect of the company’s risk assessment, including with regard to the establishment of the relationship (with appropriate contractual protections), training, accounting, ongoing certifications, and even audits. A Corporate Monitor’s Guide to International Regulatory Compliance

Due diligence is also a key step when managing third-party risks. Due diligence is a potpourri of tasks that may include interviews, background checks, reviews of databases and publications, consulting third parties to provide reliable local information, using forensic accountants to review books and records to evaluate risk, visiting the office of agents, and other methods of confirming suitability, as the case may be. Once again, the application of risk-based principles will help determine how much due diligence is appropriate for various types of third parties.

At too many companies, third-party compliance oversight begins and ends with due diligence. In other words, the company conducts its third-party due diligence, places the resulting report in its file, and then moves on to conducting the business relationship without much more in the way of oversight. Ongoing review of the relationship, however, is the best way to proceed, including through periodic certifications, ensuring up-to-date training, monitoring any deviations of the relationship from the anticipated course, and the conduct of third-party audits. Due diligence is important, but it is only a limited snapshot of the past. As the relationship evolves, the company’s best source of information about the relationship becomes the data concerning its own relationship with the third party.

 

Posted by Mike Koehler at 12:03 am. Post Categories: ComplianceGuest PostsMonitor




July 22nd, 2015

Issues To Consider From The Louis Berger Enforcement Action

IssuesThis recent post highlighted the DOJ FCPA enforcement action against Louis Berger International (LBI) and two former employees.

This post continues the analysis by highlighting various issues to consider from the enforcement action.

Not The First Time

Last week’s Foreign Corrupt Practices Act enforcement action against LBI was not the only recent enforcement action against the company or related entities.

As highlighted here, in November 2010 the company reached a global settlement with the DOJ related to an investigation of its cost allocating methodologies for overseas U.S. federal contracts. As part of the settlement, the company paid a total of $65 million and the settlement was composed of three separate agreements:

  • A two-year deferred prosecution agreement with the DOJ in which an independent monitor was appointed.
  • A related civil settlement agreement with the DOJ and the relator of a whistleblower lawsuit. In accordance with the agreement, the company accepted responsibility for the actions of former employees who violated the U.S. False Claims Act.
  • An Administrative Agreement with the company’s lead federal agency, the U.S. Agency for International Development.

As highlighted here, in December 2014 Derish Wolff (the former President, CEO and Chairman of the company) pleaded guilty to conspiring to defraud the U.S. Agency for International Development with respect to billions of dollars in contracts for reconstructive work in Iraq and Afghanistan.

As highlighted here, in November 2010 Salvatore Pepe (a former controller and the former CFO of the company) and Precy Pellettieri (a former controller of the company) also pleaded guilty to criminal informations charging them with conspiring to defraud the government with respect to the above conduct.

Government Contracts

Despite the prior enforcement action and the company’s FCPA scrutiny, Louis Berger has raked in numerous government contracts.

For instance, in just the past 9 months the company has been awarded the following government contracts.
  • A $14.8 million operations and maintenance fuels contract by the Defense Logistics Agency Energy for Fort Knox, Kentucky (see here).
  • A $21.6 million operations and maintenance fuels contract by the Defense Logistics Agency Energy at Fort Bliss, Texas (see here).
  • A $20 million contract with Florida’s Turnpike Enterprise to provide facility maintenance and repair services for toll plaza buildings along turnpike roadways in South Florida (see here).
  • A contract to provide air terminal and ground handling services at Kunsan Air base and Gimhae Republic of Korea air base in South Korea under a five-year contract with the United States Transportation Command (see here).
  • A contract from the U.S. Army, Europe to provide transient aircraft services at Stuttgart Army Airfield, Stuttgart Germany, a U.S. Army Airfield operated and maintained by the U.S. Army (see here).
  • A $95 million contract to assist the U.S. Army Corps of Engineers Pittsburgh District in responding to natural disasters and emergencies by providing temporary emergency power (see here).

World Bank Sanction

In February 2015, the company announced that it had accepted a World Bank Sanction based on the Vietnam conduct alleged in last week’s FCPA enforcement action. As noted in the company’s release:

“Louis Berger Group, the U.S.-based operating company within Louis Berger, has been barred from working on World Bank-funded projects for 12 months, subject to compliance with certain conditions. In addition, the Louis Berger parent has accepted terms of a conditional non-debarment for the same period. The sanctions are based on findings of misconduct under the World Bank standards by former employees on two 2007/08 World Bank-funded contracts in Vietnam that Louis Berger self-identified and self-reported to the U.S. government and World Bank.”

Rogue Employees?

Notwithstanding the above prior enforcement action, in relation to last week’s FCPA enforcement action it is fair to pose the question of whether the conduct at issue was engaged in by rogue employees (Richard Hirsch – an employed located in the Philippines, who at times oversaw the Company’s overseas operations in Indonesia and Vietnam and James McClung an employee located in India, who at times oversaw the Company’s overseas operations in Vietnam and India).

For instance, the DPA makes several references to the employees concealing conduct and otherwise creating false documents. Moreover, the DPA twice mentions the “nature and scope of the conduct” as a presumed mitigating factor, something not often found in FCPA resolution documents.

Moreover, compared to most corporate FCPA enforcement actions, there is little mention in the LBI action regarding the company’s control environment or compliance policies and procedures.

Was That Really a Voluntary Disclosure?

The DPA states that LBI voluntarily disclosed the conduct at issue and the Sentencing Guidelines calculation in the DPA credits the company for voluntarily disclosing.

Yet, is it really a voluntary disclosure when the company only took action after – in the words of the DPA – “the government had made LBI … aware of a False Claim Act investigation …”?

Did the Company Need a Compliance Monitor?

The DPA requires that LBI engage a compliance monitor for a three-year period.

Notwithstanding LBI’s prior troubles, query whether the compliance monitor was truly necessary or a government required transfer of shareholder wealth to FCPA Inc. (see here for the prior post).

For instance, in the DPA the DOJ stated that the company “has engaged in extensive remediation, including terminating the employment of officers and employees responsible for the corrupt payments, enhancing its due diligence protocol for third-party agents and consultants, and instituting heightened review of proposals and other transactional documents for all Company contracts.”

Moreover, LBI’s press release (which the company had to clear with the DOJ pursuant to the DPA) states:

“Since 2010, Louis Berger has undergone a massive $25+ million reform effort that resulted in new internal controls, new policies and procedures, and comprehensive systems investments, including a new global accounting system. The company has actively supported the government in its investigation of the culpable individuals and their activities. In addition to separating these former managers from the company, the firm also has added new managers to key positions, including chief financial officer and controller, and regional management teams throughout Asia and the Middle East. Additionally, the company implemented a new corporate operational model to ensure greater centralized oversight and control of overseas business activities. Moreover, the company has reformed its ownership structure by implementing an Employee Stock Ownership Program. The company established an independent compliance and ethics department under the oversight of an independent audit committee, introduced a global helpline through which employees can report potentially non-compliant activities, and implemented a global code of business conduct. Investments also have funded annual worldwide compliance, ethics and anti-corruption training for all employees.”

Timeline

Regardless of the merits of the voluntary disclosure, according to LBI’s press release the company self-reported the conduct at issue to the U.S. government starting in 2010.

Thus, LBI’s FCPA scrutiny lasted 5 years.

Posted by Mike Koehler at 12:03 am. Post Categories: DebarmentLouis Berger InternationalMonitorOrigins of FCPA ActionsVoluntary DisclosureWorld Bank