While communications certainly can be speedier these days, I thought about Herodotus’ quote when I read an article in the Corner Office Section of the Sunday New York Times, entitled “What’s Your Story” Tell It, and You May Win a Prize”. In the article reporter Adam Bryant interviewed Russell Goldsmith, the Chairman and Chief Executive Officer (CEO) of City National Bank in Los Angeles, CA. The article focused on how Goldsmith, who came out of an entertainment industry background, brought the art of storytelling and other techniques which could be used by the compliance practitioner to help employees learn how to do business in an ethical and compliance manner.

Story Idol

City National Bank has a program called ‘Story Idol’.  Each quarter the company puts on a competition among its 79 offices. It is designed to create a mechanism “to give colleagues a pat on the back and a moment in the sun for doing the right thing, and it democratizes and decentralizes positive reinforcement.” This is coupled with an annual Story Idol competition in a meeting with the top 300 employees of the company. Employees tell stories “about what they did that promoted teamwork or helped a client by going the extra mile. It’s like telling stories around a campfire, but they’re doing it around conference tables.”

The contest begins with an online submission, where all stories can be read and then voted on by all employees. The winner from each quarterly competition receives an iPad and for those employees who go the extra mile with assisting customers and clients; they are eligible to receive a cash award as well. The quarterly winners are then eligible for the annual prize.

Hiring

As the CEO, any prospective hire that makes it up to him for an interview has been vetted from a technical competency perspective so Goldsmith focuses on character. He does this by directly asking the prospective hires what their expectations are in coming to work at City National because if the person is not a good match for the company, both parties will be better off if he or she does not go to work there in the first place. Goldsmith also asks if a prospective hire has any questions for him. Goldsmith believes it is important for a candidate to not only have questions but to ask them as well. He stated, “Not because I want them to kind of butter me up or something. It tells me several things. Sometimes people don’t have a single question. And if you have any curiosity, here is your window. I mean, you are thinking of changing your entire career and you have 40 to 60 minutes with the C.E.O., and you don’t have a single question about the company?”

He wants employees who are not so intimidated that they are afraid to ask questions. Further, he thinks that if “you have no curiosity, then you are in the wrong company.” Additionally, Goldsmith believes that from the questions a candidate asks, he can get a feel for what their character is. He said, “I can tell a lot by the kind of question. Is it a fawning question or is it a real question?”

Fresh Approaches to Leadership

Goldsmith appreciates taking a “fresh look at the company” through the eyes of new hires. One of the ways he does this is in large meetings where he will “will reach out to some of the new people beforehand, and I’ll just say, “When the meeting’s over, shoot me an e-mail and tell me what worked at the meeting, what didn’t work, what did you like, what didn’t you like.”” He believes that this technique communicates that City National is trying to build a culture of speaking up so that ideas and concerns are communicated in the company and those communications are acknowledged as important.

There are several items from Bryant’s piece on Goldsmith and City National which you can use in your compliance program. His Story Idol is an excellent concept to get compliance victories across in a teaching method which demonstrates companywide commitment to compliance and ethics. Goldsmith’s use of questions during interviews is an important technique for hiring personnel to incorporate in any prospective employee interview. What does a candidate think about compliance and ethics? Are they committed to doing business in an ethical manner? Will they report violations of the company Code of Conduct? These are just some of the questions which should be asked. Lastly, when you have the CEO bring up compliance in large meetings, it certainly communicates a tone from the top which is important and must be the starting point for any successful compliance program.

We began with Herodotus and the importance of the Persian messenger system to the Persian Empire. The messenger is still important even if the medium is different than an ancient Pony Express Rider galloping at full tilt. Story Idol is a medium to use to communicate important victories inside City National. It is a medium that you can use in your compliance program as well.

Filed under: Best Practices,compliance programs,Ethical Leadership,Ethics,Human Resources,New York Times — tfoxlaw @ 1:01 am
Tags: compliance, compliance programs, ethical leaders, ethical leadership, Hiring

© by Thomas R. Fox

However, recognizing that my interpretation of UK law is simply that and I am not licensed to practice law in the UK and hence cannot provide a legal opinion on the Bribery Act, I went to thebriberyact.com to see what thebriberyact.com guys (who are licensed to practice law in the UK) might have opined on this issue. They have a couple of interesting posts up on this specific issue. Recently they had the opportunity to put this question to the SFO and, in a blog entitled “The SFO’s view on corporate hospitality”, they have posted what they heard from the SFO, , which I quote in its entirety::

The SFO have told us that they will be looking at five factors when considering corporate hospitality in the context of the Bribery Act.

Where the SFO is considering whether any particular case of corporate expenditure appears to fall outside the bounds of reasonable and proportionate hospitality, it will be looking to see whether:

1.    the company has a clear issued policy regarding gifts and hospitality,

2.    the scale of the expenditure in question fell within the confines of such policy and if not, whether special permission for it had been sought at a high level within the organization,

3.    the expenditure was proportionate with regard to the recipient,

4.    there is evidence that such expenditure had been recorded by the Company,

5.    the recipient was entitled to receive the hospitality under the law of the recipient’s country.

The inference that the expenditure was intended as a bribe would be strengthened if it should transpire (a) that there had been any unjustifiable ‘add-ons’, for example with regard to travel or accommodation, or (b) that that the expenditure in question could be related in time to some actual or anticipated business with the recipient, particularly in a competitive context.

In another post, entitled “Jo Morgan CCO IMI PLC – Debunks Olympic corporate hospitality myths”, the guys questioned a compliance practitioner Jo Morgan, the Chief Compliance Officer (CCO) of IMI PLC, a global engineering group focused on the precise control and movement of fluids in critical applications.  The question posed to Jo and her answer are as follows:

Question: I’d like to entertain some clients at the Olympics in the summer. I’ve read lots in the press about lavish hospitality being outlawed by the Bribery Act. My concern is that some of the tickets for popular events run into thousands of pounds and so I’m concerned that the amount is too much. On the other hand, the Olympics is a once in a lifetime chance for us to entertain our best clients. Surely, I can’t be prevented from inviting clients along as a result of the Bribery Act? Help.

Answer: Here at IMI plc we have very clear guidelines on entertaining. We have monetary limits above which one needs Executive Director approval for the event. In reviewing such requests the Directors look at:

a) who the entertainment is being offered to (i.e. customer, supplier, public, private, what level in the organization the person receiving the entertainment is);
b) what circumstances exist at the time the offer of the entertainment, and at the time the entertainment will take place, (i.e. is there a live bid or other circumstance which would mean that the entertainment could improperly influence a decision or provide an improper advantage);
c) whether there are any other circumstances which might make the entertainment look inappropriate – essentially this is the “newspaper test” – how would we feel if the entertainment was reported in the newspaper? Would it look OK to the ordinary man? That will generally tell you how the law enforcers would view it too.

I do not believe that it was the intention behind the Bribery Act to prevent attendance at events such as the Olympics and therefore if you consider the points above and you are comfortable with answers then you should be OK.

So for those of you who need “English English” translated into “American English” (or Texan for that matter), I think what both thebriberyact.com guys and Jo are saying is that your company should have a written policy on corporate hospitality and procedures for following that policy. If you want to take a customer or client to the Olympics, follow your company’s written procedure so that if the amount you intend to spend is above the limit set forth in the policy, follow the procedures and fill out the required forms and obtain approval before you engage in the corporate hospitality. You need to make certain that the hospitality is proportional AND that it is allowed by both the laws of the home country of the recipient and his or her employer. Lastly, all corporate hospitality must be correctly recorded in your company’s books and records. But at the end of the day, I think Jo Morgan’s final test may be the most appropriate, what we might call the “Wall Street Journal” test. How would your company feel (and you too for that matter) if the corporate hospitality you engaged in at the Olympics was reported on the front page of the Wall Street Journal?

Sometimes common sense is a good rule of thumb. And document, document document.

Filed under: Best Practices,Bribery Act,Corporate Hospitality,thebriberyact.com — tfoxlaw @ 1:08 am
Tags: Barry Vitou, Bribery Act, compliance programs, corporate hospitality, Richard Kovalesky, SFO

© by Thomas R. Fox

While many companies will look at CM as a software solution that can assist your company in managing risk; provide reporting metrics and, thereby, insights across an organization, it should be viewed more holistically. You will need to take many disparate systems, usually across a wide international geographic area, which may seem like an overwhelming process. However help is at hand from an article in the November 2011 issue of the Compliance Week Magazine, entitled “Mission Impossible? Six steps to continuous monitoring”, where author Justin Offen discusses his six-point program to ensure that your “CM solution doesn’t become part of the problem” rather than a solution.

1. Know your global IT footprint. Offen believes that the challenges with integrating “disparate data often prevent CM discussions from even getting off the ground.” Rather it is important to understand how CM will be incorporated into your company’s overall IT strategy as well as your compliance strategy. This advocates that this inquiry begins with understanding what your current IT structure is and what it is anticipated to be in 3 and 5 years. Once you identify your global IT footprint you can determine which system will be the best fit.
2. Define scope and necessary resources. The author believes that you need to determine what your goal is; begin by identifying your needs and then prioritize them. You should perform a risk analysis and then rank the risks. Here a risk ranking is not only helpful but can be critical to enable your company to focus on the needs specific of the organization. Regarding resources, you need to understand the amount of talent you have in your organization, identify who can implement and work with the system and determine your budget, which may need to be increased based upon your need for outside experts and unknown contingencies.
3. Conduct a pilot or proof of concept. Offen suggests that your company does not roll out an entire CM solution, company-wide, in one fell swoop but rather “business units and/or geographies should be prioritized and a phased in approach” utilized. This is one of the benefits of your risk analysis and risk ranking. This phased in approach can be used as a proof of concept, which the author believes “will yield greater operational efficiency throughout your CM solution implementation.” Significantly it should enable you to chalk up an early success to present to the inevitable nay-sayers in your organization.
4. Decrease false positives. Offen notes that it is “important to determine the effectiveness of each test prior to ‘turning it on’ in a CM solution.” This is because improper or incomplete testing may well lead to a larger amount of false positives with which you are required to evaluate and clear. From each test, you can further refine your CM solution to the specific needs of your organization and increase time and efficiency in your overall CM program.
5. Establish your escalation protocol. The author believes that as part of your implementation, you should establish a response protocol when an exception or Red Flag arises. This protocol should include an escalation protocol if the Red Flag suggests that it is warranted or additional investigation determines a wider problem exists. This protocol should include specific individuals and departments that need to be notified, the makeup of your initial and secondary triage team and the accountability for each person in the process. A line should be set up for Board of Directors notification as well as a protocol to determine at what point to bring in outside counsel, if warranted.
6. Demonstrate control through case management. How does your company keep track of it all? I have long maintained that the three most important words in any compliance program are “document, document and document” but this must also include the caveat that you are able to produce the documentation, in a reasonable time, if a regulator requests. Offen suggests that your company should be ready to “respond with appropriate documentation of any transaction that’s been reviewed, showing the level of review and any additional steps taken.”

The author has provided concrete steps which a compliance practitioner can take to implement or enhance a continuous monitoring system in an organization. He also points out the benefits to such a program, the creation of documentation which can lead to a ‘ready response’ by a company to an issue before it becomes a larger problem; coupled with the ability to recall all steps and information when a regulator comes knocking. Internally, using the pilots or proofs of concepts, the compliance department can bring in other stakeholders to see the value of continuous monitoring within the organization.

Filed under: Best Practices,compliance programs,Compliance Week — tfoxlaw @ 1:01 am
Tags: compliance programs, continuous monitoring, control monitoring

© by Thomas R. Fox

A Board of Directors will probably have an Audit Committee or Compliance Committee. I would like to focus on the role of the entire Board of Directors, rather than a specialized subcommittee. By reviewing the role of a Board of Directors within an organization, this should shed light on the types of information that a compliance officer should be prepared to present to the. Starting with the proposition that a “well run Board can lift a significant burden off of the management team in the short-term and ensure the long-term success” of an organization, the authors posit three general areas. They are (1) Support; (2) Supervision; and (3) Approval of Management Decisions.

Support

In the area of support a Board of Directors should provide strategic guidance but should not simply take what management may tell it or even feed to it. A Board member must be ready to challenge management, particularly the Chief Executive Officer (CEO). A Board must hold the CEO accountable for running the company’s business but should not go so far as to become bogged down in the day-to-day details of running the company.

 Supervision

Here a Board of Directors should monitor the performance of management against prescribed benchmarks. The financial bottom line is obviously a key performance indicator. However, there are other areas which the Board will need to monitor. Clearly the compliance arena is now one which a Board must become familiar with and have visibility into but there may well be a variety of other legal issues, such as regulatory or even intellectual property protection in a situation where a company’s main, if not only asset is some type of intellectual property. This should be broad enough to ensure that management complies with its own governing documents. The authors note that ideally Boards should “have a list of the compliance requirements and periodically check if they are being met.”

Approval of Management Decisions

The authors believe that betwixt and between the concepts of Support and Supervision lays the area where a Board must approve certain management decisions. Board approval of these decisions should “serve to guarantee conformance with the overall mission” of the organization. While each organization could certainly have a greater number of these areas, the authors believe there are basic areas that, at a minimum, should require Board approval. These areas are:

1. The organization’s annual budget;
2. Decisions on significant financing and significant changes in the ownership structure;
3. Succession planning for the CEO and remuneration as well as key members of the company’s management team; and
4. Decisions about overall company strategy.

The authors provide a summary of some of a Board’s “Do’s and Don’t’s” which I have put into the following box:

The authors end their White Paper with a very useful Appendix of country-by-country listing of corporate governance guidelines and codes of best practices for Boards of Directors.

While the White Paper has a focus on social enterprises, the concepts that it puts forward can inform the types of information that as a compliance officer, you can suggest to your organization’s Board of Directors that they begin to review. In the US and UK, many Boards will have an Audit or Compliance Committee, which will desire more detailed information. A report, annual or other, to a full Board of Directors is an important component of a minimum best practices compliance program. The compliance function should be prepared to lead your company’s Board through this journey.

Filed under: Best Practices,Board of Directors,compliance programs — tfoxlaw @ 1:33 am
Tags: Audit Committee, Board, Board of Directors

© by Thomas R. Fox

I. The Joint Ventures and Due Diligence 

a. KLH

The DOJ Statement of Facts, attached to the NPA as Appendix A, reports that RAE sold its products into China primarily through “two second tier subsidiaries” which were organized as joint ventures with local Chinese entities. One of these joint ventures, RAE-KLH, Limited (KLH) was originally owned 64% by RAE. This interest in KLH was initially purchased by RAE in 2004. Later, in 2006, RAE increased its ownership interest to 96%. Prior to its initial purchase of a stake in KLH, RAE conducted due diligence on the Chinese entity. This report made what the DOJ called “troubling findings” by noting:

As the important clients are those related to the government, it is very important for the company to keep very good relationship [sic] with those government people. In normal practice, KLH will determine its internal product price, the salesmen can negotiate the price with the client based on that and can take away the difference between the internal product price and the final sales price as commission. It is the salesmen, not the company, who will decide the [sic] whether and how much amount of the commission they should give to the clients. The salesmen didn’t get the commission in cash directly, but instead they get the cash by provide [sic] different acceptable invoices. These invoices will then be used as original supporting documents for accounting records. They are recorded as different expenses in the financial statements. To some extent, the financial statements have been distorted by these commissions [sic]. 

With the change of market regulations in China, the government influence will be less important, there is a challenge as to whether KLH could still keep these clients. Although KLH let the salesmen to deal with the kickback, still they are the employees of the company and they represent the company in the transaction. 

Nevertheless, internal RAE documents simply noted that RAE knew “how much [FCPA] risk we are taking.”

All of these practices were continued after RAE obtained its ownership interest in KLH. Indeed a RAE employee who reviewed KLH after the joint venture became effective noted “If you want them to be aggressive and grow business per set goals, they will do”. This same RAE employee, commenting on the institution of a FCPA compliance program for the joint venture, stated:

It will be a challenge to restructure because it changes the way they have been “successful” and rewarded in the past. As you know, KLH sales guy [sic] behave/get compensated as distributors and get “discretionary discount structure” (any residual = compensation to keep or to dispense as they see fit to close deal. To kill the sales model that has worked for them all these years is to kill the JV deal value or hurt sales momentum. 

So we need to tread carefully in designing something halfway that won’t choke the sales engine and cause a distraction for the sales guys. We knew this risk all along and have accepted it upon entering the JV deal. 

After these reports, RAE did provide FCPA training and did inform KLH employees not to pay bribes. However, RAE seemed to believe that “we told them about [about the FCPA]…and that’s all we can do.” As you might guess, based upon this non-action, these bribery practices continued unabated even after such conduct was reported again to RAE management. The DOJ noted that while RAE senior management did indicate such bribery payment should cease, the company made “no effective effort to actually stop the practice.” Most interestingly, the RAE Financial Controller in China was directed to perform an internal audit on these issues but “he never provided any findings.”

So just what is “troubling” about this sales method? Initially, it appears that the sales person involved in each transaction sets the price, without corporate oversight. But for FCPA purposes the most troubling aspect is that the sales person involved would receive the difference in the internal product price and final sales price as a commission. To compound the problem there was apparently a double accounting of these amounts in the books and records which distorted the company’s financial statements. This structure allowed KLH employees to use this money “under table greasing to get deals regardless if profitable/collectible or not, kosher or not, etc.”

The DOJ reported that as late as 2008, sales representatives of KLH used monies from this commission scheme for improper purposes. These purposes included the “corrupt giving of gifts and paying for entertainment, as well as direct and indirect payment, to customers”.

b. Fushun 

In December, 2006 RAE purchased a 70% interest in another Chinese company named Fushun. RAE also operated Fushun as a joint venture but included Fushun’s financial results in the consolidated financial statements that RAE filed with the SEC. For reasons not stated in theNPA, RAE did not conduct pre-acquisition due diligence on Fushun. However, sometime later, RAE obtained information that Fushun did engage in business practices improper under the FCPA and thereafter, failed to implement an effective system of internal controls at the joint venture.

II. The Payment Scheme(s) 

As noted above, the KLH sales force set pricing and was able to obtain the difference between the price book pricing and the as-purchased pricing. In addition to this source of cash, which could be used for bribery and corruption, both joint ventures had reimbursement schemes through which joint venture employees would submit alleged Chinese governmental tax documents which did not support the claimed reimbursement, yet RAE would pay out cash for reimbursement purposes. From such reimbursements, gifts were made to family members of Chinese governmental officials and two contracts for “consulting services” valued over $300,000 were used to funnel monies to Chinese governmental officials. The Fushun joint venture used this reimbursement scheme to provide gifts to officials of state owned enterprises which included “jade, fur coats, kitchen appliances, business suits and high-priced liquor.”

From all of the above information, the DOJ was able to conclude that RAE knowingly failed to implement a system of effective internal accounting controls at both joint ventures which was sufficient to provide reasonable assurances that: (i) transactions were executed in accordance with management’s general or specific authorization; (ii) transactions were recorded as necessary to (a) permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (b) maintain accountability for assets; (iii) access to assets were permitted only in accordance with management’s general or specific authorization; and (iv) the recorded accountability for assets was compared with the existing assets at reasonable intervals, and appropriate action taken with respect to any differences.

Download the DOJ’sNon-Prosecution Agreement with RAE Systems Inc. here.

Download the SEC’s civil complaint against RAE Systems Inc. here.

Filed under: compliance programs,Due Diligence,FCPA,RAE Sysytems
Tags: compliance programs, DOJ, FCPA, Inc., NPA, RAE Systems, SEC

© Thomas R. Fox, 2010

Interessant zu erfahren, was in den USA aktuell an Online – Betrügereien  veranstaltet wird, bleibt nur abzuwarten, bis auch in Deutschland die ersten Personen  darauf hereinfallen und betrogen werden. Ein Blick über den Teich lohnt sich und hilft  evtl. Schaden vermeiden.

Internet Crime Complaint Center’s (IC3) Scam Alerts, April 20, 2012;  This report, which is based upon information from law enforcement and complaints submitted to the IC3, details recent cyber crime trends, new twists to previously-existing cyber scams, and announcements.

Investment Scam.  The IC3 continues to receive complaints involving subjects who have obtained the names and social security numbers of individuals for illegal purposes. Subjects use the information to defraud the U.S. government by electronically submitting a fraudulent tax return for a hefty refund. The prevalence of such complaints mirrors the recent surge in tax fraud cases involving identity theft.

Investment fraud is another scheme with an Internal Revenue Service (IRS) nexus, on which the IC3 has received complaints. Subjects are incorporating the use of bogus IRS documents to perpetrate this scheme. One example of how subjects are using bogus IRS documents to commit investment fraud and steal victims’ identities is by the subjects posing as a tax consulting firm. The subjects engage potential victims via telephone and attempt to convince them to sell their underperforming shares in a company. The potential victim is advised to sell their corporate shares, applicable taxes must be paid. Some of the victims were also advised they had to buy other certain shares with their profit. Documents such as share certificates and invoices for federal and state taxes were exchanged via e-mail. After the funds were wired, the subjects became unresponsive to the victim’s inquiries. An open source search also revealed multiple complaints concerning this scheme. It is unknown at this time how the subjects obtained knowledge that the victims actually owned underperforming stocks.

The loss amounts tend to be much higher with investment fraud complaints than in regular identity theft complaints.

Blackhole Exploit Kit 1.2.3 Released.  Blackhole is currently the most widely purchased exploit pack in the underground market. An exploit pack is a software toolkit that is injected into malicious and/or compromised websites, allowing the attacker to push a variety of exploits targeting vulnerabilities of popular applications like Java and Flash.

On March 25, 2012, the Blackhole Exploit Kit 1.2.3 was released. This kit included the latest critical vulnerability in Java, allowing the bypassing of Java’s sandbox environment. Java’s sandbox is designed to provide security for downloading and running Java applications, while preventing them access to the hard drive or network. New malware samples appearing in the wild have been highly successful at exploiting this flaw. It is estimated at least 60% of Java users have not yet patched against this latest flaw, CVE-2012-0507.

Termination of Your Certified Public Accountant (CPA) License Spam Campaign Containing Malware

Recently, unsolicited e-mails titled “[BULK] Termination of your CPA license” have been sent to numerous IC3 e-mail accounts. One example of the many e-mail addresses used was support@aicpa.org. The IC3 has also received complaints reporting this spam campaign.

The e-mails were purportedly from The American Institute of Certified Public Accountants concerning a complaint filed against the recipient for filing fraudulent tax refunds for their clients. A link was provided for the recipient to view the complaint. Recipients were advised to provide feedback within a specific period of time and threatened with possible termination of their accountant licenses if they failed to do so.

Analysis conducted by an IC3 Information Technology Specialist found the e-mails were pushing out a Blackhole exploit kit containing a Trojan redirector. It was also determined that the IP addresses used in this campaign have been involved in large volumes of DDoS activity from the same botnet and appear to have originated from Brazil.

Want to Get Paid to Drive Your Own Car?  Several complainants reported a scam to the IC3 involving the advertising of a company’s logo on their personal vehicle while they go about their normal daily routine. Although legitimate offers exist, those scammed reported to the IC3 that initial contact with the subject was mostly through online ad postings. The posting offered an easy way to earn extra income by allowing businesses to advertise their logo on the complainant’s personal vehicle through a vinyl decal or “auto wrap.” The fraudsters were using company names such as Coca Cola, Monster Energy drink, Carlsberg beer, Heineken Co., and Red Bull.

Individuals were advised they would be paid an average of $400-$600 per week in exchange for driving around with vinyl advertising signs wrapped around their vehicle. Those interested in participating were asked to provide their contact information and vehicle details. They were promised an up-front payment, which would be sent by check or money order.

The employment offer was, of course, entirely bogus. Those who fell for the scam received a check or money order for more than the promised amount. They were directed to cash it and wire the difference to a third party, who was supposed to be the graphics designer to pay for the cost of the design. The checks and money orders turned out to counterfeit and the criminals, once again, were able to convert fraudulent checks and money orders into untraceable cash, leaving the victim responsible for the bank’s losses.

Online Property Rental Scenarios. The IC3 continues to receive complaints regarding rental property scams from victims and real estate agencies. Several real estate agencies reported that their listings are being duplicated to perpetrate fraudulent online postings. These postings have been damaging to their companies reputations. These complaints make it evident that there are many who capitalize on people are looking to rent property and attempt to take advantage of those individuals, especially when they are in pressing situations in which they need to find a residence within a short amount of time.

Below are some scenarios of the scheme recently reported to the IC3:

• A fraudster posted rental property online. When the prospective renter inquired about the property via e-mail, the fraudster requested detailed personal information, as well as a security deposit of $1000 to hold the home. Payment, in the form of a money order, was requested because of the “online scams.” After the deposit was received, the fraudster claimed that he mailed the keys and lease agreement for a hard copy to be signed. Later, the victim received an e-mail from an individual posing as the fraudster’s “lawyer” stating a hold had been placed on the package containing the key until the full amount of the first and last month’s rent is paid. The victim realized it was a scam after they contacted the realtor who advised the home had been foreclosed.
• Another victim also responded via e-mail to an online post advertising a house for rent. The victim was asked to submit an online credit report. The fraudster then provided a link in his e-mail, allowing the victim’s credit report information to be directly accessible to him.
• A complainant had inquired about a condo rental advertised online. The complainant was advised to go to the condo and call the fraudster so he could meet her with the keys. Upon placing the call, no one answered. Later, the fraudster provided the complainant an excuse for not being available and requested the deposit be made through an online payment service. After the deposit was made, the complainant realized it was a scam and contacted the online payment service. Upon an investigation, the receiver of the deposit advised they had been defrauded as well and was only acting as the “pay agent” for the true fraudster.

However, I would like to review the use of DPAs and NPAs from another angle and the perspective from another player in FCPA enforcement. That is the perspective of the corporation ensnared in an enforcement action. I will leave aside a discussion of the alleged expansive DOJ interpretation of the FCPA for another day and simply focus on why it is in the interest of a corporate defendant to enter into a DPA or NPA as opposed to being indicted and defending itself at trial.

Arthur Andersen

For those of you who do not recall, Arthur Andersen was the auditor for Enron and was caught up in the Enron scandal. In 2002, the firm voluntarily surrendered its licenses to practice as Certified Public Accountants (CPAs) in the United States after being found guilty of criminal charges relating to the firm’s handling of the auditing of Enron. The other national accounting and consulting firms bought most of the practices of Arthur Andersen. The verdict was subsequently overturned by the US Supreme Court. However, the damage to its reputation has prevented it from returning as a viable business. In other words, after fighting the criminal charges brought against it and losing at trial, Arthur Andersen imploded.

No US Company wants to face this prospect. By being indicted they will probably find their access to credit greatly reduced and their ability to move forward as an ongoing concern compromised. Juries still do not have a high opinion of corporations and what may appear to be ‘sharp but legal’ business practices may look like bribery and corruption to a jury. The DOJ’s recent set-backs on the individuals it has indicted and/or taken to trial should not affect a jury’s perception of corporate corruption. No publicly traded company can take the risk. For private companies, the resulting violations of loan covenants and other denials to capital would probably have the same effect.

Certainty

In my legal career if I have learned one thing about representing corporations it is that they do not like surprises and one of the things they most desire is certainty. The one thing I learned in almost 20 years of trying cases (civil side only) is that nothing is certain when you leave the final decision to an ultimate trier of fact who is not yourself, whether that trier of fact be a jury, judge or arbitrator. The most important thing for a company is certainty and that is even more paramount when a potential criminal conviction looms over its corporate head. A DPA or NPA provides this certainty. Corporations not only know what their financial penalty is but they also know their ongoing obligations, in the form of the compliance program they should implement or enhance and ongoing reporting requirements.

Expansive Effect

Just as it benefits the DOJ to drive corporate behavior to comply with the FCPA, through its enforcement of the FCPA; it benefits corporations to understand what is expected from them. Both goals are achieved by the use of DPAs and NPAs. This is because one of the other benefits to DPAs and NPAs is that it provides information and guidance to other companies and compliance practitioners as to the DOJ’s thinking regarding a best practices compliance program. Any improvements or new aspects to a minimum best practices compliance program, which are announced in a DPA or NPA, will inform other companies and will expansively compound the effect from a DPA or NPA. The size of the company involved in the enforcement action does not matter as all DPAs and NPAs are publicly announced.

So as the “Enhanced Compliance Obligations” in the Johnson & Johnson (J&J) DPA gave companies additional guidance on how to deal with acquisitions; the recent Biomet DPA provided specific information to Internal Audit on its role in a minimum best practices compliance program. A review of any recent DPA or NPA also shows the clear benefits of self-disclosure and cooperation, which can lead to a significant reduction in the overall monetary penalty.

From my perspective, as someone who has represented corporations, as both an outside counsel in private practice and in-house counsel, I believe that DPAs and NPAs not only further the goals of the FCPA but bring tangible benefits to corporations. I do not believe that they should be removed from the DOJ’s arsenal for enforcement.

Filed under: Best Practices,compliance programs,Deferred Prosecution Agreement,Department of Justice,FCPA — tfoxlaw @ 1:26 am

Tags: compliance programs, Department of Justice, DOJ, DPA, FCPA, NPA

© by Thomas R. Fox, 2012

Panalpina-the 13 points of a best practices compliance program;  the DOJ lays out its most current thinking on the minimum compliance program, with focus on foreign business partners, including Application of Compliance Policies to Foreign Business Partner, Training on compliance program,  Ongoing advice and training, Compliance terms and conditions in all contract

Rules Based Approach

One company had a fairly typical US rules based approach which set the dollar value of gifts and entertainment in two general categories; they are gifts and entertainment for foreign governmental officials and gifts and entertainment for non-foreign governmental officials. Interestingly the company also had a third category which was gifts and entertainment that its own employees could accept. The limits were lower for the foreign governmental official than the non-governmental official. If an employee desired to go over the specified limit, then Compliance Department approval is required. However, the Compliance Officer said that if the gift or entertainment request was reasonably detailed and a clear business purpose was articulated in the request, she would usually approve the request if the amount of money did not appear to be unreasonable.

The compliance officer reported some numbers from her company’s Ethics’ Helpline from the past year. Almost one-third of the calls which came into the Helpline were categorized as inquiries rather than reports of issues which were investigated. Of this group of inquiries, the largest single group, almost 25%, were questions about gifts and entertainment issues. So even with this rules based-bright line approach there were still many questions from the employee base on gifts and entertainment.

Values Based Approach

The second company took a different approach. Although it is a US company, it took a more European-centric, values based approach. It allowed the regions to set their own top end values to gifts and entertainment, based upon the nuances and risks of the geographic area. There was not the trichotomy of categories as listed above. The company compliance representative said that in their values based system, there was greater monitoring of employee gifts and entertainment by the compliance department and that they engaged in more training for employees on gifts and entertainment issues.

This monitoring was more extensive than in the rules based company. If an employee went above the overall company limit, the matter was investigated through an independent review of the amount spent; who it was spent on and the business purpose. This was then all written up and the independent investigator made a determination if a compliance issue violation had arisen. While this post-event work seems costly and disruptive to the business, the company representative said that it worked for her company.

Proportionality

One of the interesting discussions was on the issue of proportionality. Proportionality in the context of gifts and entertainment in anti-corruption compliance programs generally relates to the types of gifts or entertainment appropriate to be provided to a high level company official. One rule of thumb mentioned was if the entertainment provided was typical for a company executive and that executive could routinely pay for it, this was indicia that it was reasonable if provided from one senior level executive to another. There was mention of another company which had one gifts and entertainment policy for high level company officials and another policy for regular employees. All of this means that is may well be acceptable for your company President to entertain another company President at Wimbledon or other similar event.

Warning

Another panelist cautioned the audience to remember who would be reviewing gifts or entertainment in an investigation. He said that the view of Department of Justice (DOJ) attorneys, who might review such information in the context of a FCPA investigation, as to what is reasonable or even ‘modest’ is usually very different than the view of sales persons. Lastly, there was caution suggested about raising the limits of your gifts and entertainment policies if they are under review at this time. The panel believed that that current enforcement atmosphere makes such a move problematic at best.

The panel was quite good in setting out the parameters and types of gifts and entertainment policies. The message to me seemed to be the following: decide on a policy which works for your company and then follow it. But verify and verify. And finally, document, document and document.

Filed under: Best Practices,compliance programs,FCPA,Gifts and Business Entertainment
Tags: compliance programs, Department of Justice, FCPA, Gifts and Entertainment

© by Thomas R. Fox