Categories
Compliance Kitchen

Devon Energy Enforcement Action


The DOJ settles with Devon Energy Companies for underpayment of royalties from federal lands.  Listen in for more detail.

Categories
This Week in FCPA

Episode 272 – the Facebook Whistleblower edition


Tom is on for a solo run this week to review some of the top compliance and ethics stories on the Facebook Whistleblower edition. 

Stories

1.     The Facebook Whistleblower. 60 Minutes appearance and Congressional Testimony. Matt Kelly in Radical Compliance. Aaron Nicodemus in Compliance Week.  (sub req’d)
2.     Petrofac settles with SFO. Harry Cassin in the FCPA Blog.
3.     ESG and business risks. Mike Volkov in Corruption, Crime and Compliance.
4.     DOJ to emphasize white collar criminal cases.  Dylan Tokar in the WSJ Risk and Compliance Journal.
5.     Ancient history and FCPA enforcement. Dick Cassin in the FCPA Blog.
6.     Lessons learned from the Pandora Papers. Jaclyn Jaeger in Compliance Week. (sub req’d)
7.     Using AI for pattern recognition in investigations. Veeral Gosalia in CCI.
8.     Will ethical lapses at the Fed sink the Powell nomination? Jeanna Smialek and James Tankersly in the NYT.
9.     The Big Stink and Green Bonds. Lawrence Heim in PracticalESG.
10.  Would you trust Ozy? Ozy says its open for business (after a short hiatus).  What does it mean for compliance? Megan Leonhardt and Jessica Mathews in Fortune.
11.  Risk based compliance and ransomware. SheppardMullin lawyers on JDSupra.   

Podcasts and Events

12.  Congrats to Great Women in Compliance for being honored as a top pod by w3 in the DEI category; Everything Compliance as a top roundtable in podcasting and CPN for top compliance podcast network.
13.  Compliance Week is going ‘Inside the Mind of the CCO’. Participate in the survey here.
14.  Ethisphere’s World Most Ethical Company awards for 2022 are open for submission. For more information on the Application Process, click here.
15.  Are you exasperated? Then check, F*ing Argentina. In this podcast series co-hosts Tom Fox and Gregg Greenberg, author of F*ing Argentina explore the current American psyche of being overworked, over leveraged, overtired and overwhelmed. Find out about modern America’s exasperation with well…exasperation. In Episode 1, the dreaded Parent Meeting night at your child’s elementary school. In Episode 2, why F*ing Argentina? In Episode 3, one of the most beloved characters in musical theater, Officer Krupke is exasperated. In Episode 4, the ubiquitous ‘Couples Dinner’.
16.  This month on The Compliance Month, I visit with John Melican, Managing Director at Exiger on his journey to and from the CCO chair. In Episode 1, college and early professional career at NY County DA’s Office.
17.  What is Design Thinking in Compliance? Check out the newest edition to the CPN, where co-hosts Tom Fox and Carsten Tams discuss the social engineering tool of design thinking and how it creates greater compliance engagement and effectiveness. Check out Episode 1 here.
18.  Join Jay, Tom and the top E&C professionals at Converge21, a virtual conference on October 12 & 13. Registration and information here. Why should you attend? Check out some of the panelists discuss their presentation on the Converge21 podcasts. Michael Randrup Wendy Badger, Lloydette Bai-Marrow, Tom and Philip Winterburn.
19.  How does a Compliance Bible become a best-seller? Check out Tom’s appearance on the C-Suite Network’s Best Seller TV to find out.  Purchase The Compliance Handbook, 2nd edition here.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Daily Compliance News

October 8, 2021 the DOJ edition


In today’s edition of Daily Compliance News:

  • DOJ to emphasize white collar criminal cases.(WSJ)
  • Senate bill to target AML enablers. (WaPo)
  • DOJ to set up crypto enforcement team. (WSJ)
  • Activist shareholders take on Tesla BOD. (NYT)
Categories
Blog

Internal Controls Week: Part 5-Assessing Internal Controls in International Operations

How should you assess your internal controls regime for international operations? It is incumbent that you need to review as much information as you can to understand the financial and operational structure of an entity and how it is integrated with the corporate headquarters, or the U.S. business unit’s financial and operation structure, if the foreign operation is part of a U.S. business unit.
You could begin with the TI-CPI to garner a sense of the reputation of the country in which your business unit is located, as well as the CPI for all other countries in which the location either markets business or has current customers. Another area for inquiry or review is the scope of your foreign operations. This means you will need to consider your sales model, whether employee based or primarily using third party representatives. You will also need to consider if such third-party representatives are coming into a commercial relationship with your company through your supply chain.
Other areas of inquiry should include whether your company’s finance and accounting staff produce financial statements that are integrated into the parent’s financial statements; whether your international business locations utilize a local bank account for local sales receipts as well as funds transfers from the U.S. and whether the account has local check signers and whether dual signatures are required on the checks. You may also want to consider the extent to which disbursements are made in the local currency and, of course, is there a local petty cash fund.
As with many other areas around internal controls, it is important to consider the local DOA and whether it is consistent with your corporate DOA. Some of the considerations regarding the local DOA should extend to which corporate or U.S. business unit approvals are required for transactions initiated locally, such as: 1) approval of vendor invoices, 2) disbursements of funds, including wire transfers; 3) execution of facilities leases; 4) execution of contracts with agents; and 5) approval of pricing and credit terms to customers and distributors. You should also review whether the local DOA provides appropriate SODs at the local business unit level.
You should consider how sales of product are conducted. For example, is an inventory maintained at the local operation for shipment to customers; are products drop shipped from U.S. directly to the customers of the local operation or are they drop shipped to distributors for delivery to the ultimate customer?
Hopefully you are already doing the above, but you should review what is being done to determine if employees or local contractors who are local nationals have gone through your due diligence process so that they have been properly vetted to determine whether they are government officials in any capacity or are relatives of government officials. Along the lines of a more formal FCPA analysis you should review to see if there has been any investigation of alleged fraud, including FCPA violations, at the location and, if so, what were the results of the investigation? Around customers, you should review with whom each international location does business to determine the extent to which its current customers are local government entities as well as the extent to which the location is pursuing sales activities for other local government entities.
If there has not been a sufficient assessment of controls, the compliance professional must then decide how to best determine whether the local controls are sufficient to satisfy the requirement of the FCPA and accurately reflect all transactions and prevent concealment of improper transactions. Some of these considerations would be an inadequate SODs because the separation of responsibility for physical custody of an asset from the related record keeping is a critical control. In practice, this means that persons who can authorize purchase orders should not be capable of processing accounts payable transactions. Further, the employee who prepares the deposit should not post the receipts to the customer accounts.
You should look to see if there is inappropriate access to assets. If there are, internal controls should be created to provide safeguards for physical objects such as inventory and cash, restricted information, critical forms and update applications. This means that an employee who only needs to view computer information should be restricted to “read and file scan” access and should not be granted “write and create” access. Moreover, controls should prevent the unauthorized removal of resale inventory and movable fixed assets from the premises.
It is not necessary to prove a that a bribe has been paid to have an enforcement action against a company for violation of the internal controls provisions of the FCPA. That was the situation in the SEC 2018 FCPA enforcement action involving Kinross Gold Corporation. It was this lack of effective internal controls, not the payment of a bribe, which was the basis for the civil enforcement action. This means that you should look to make certain the situation is not one of form over substance, where controls can appear to be well designed but still lack substance, as is often the case with required approvals.
Such a situation could arise in several different scenarios. The first is where an account manager’s signature attests to the accuracy of the payroll voucher information, but if the account manager does not have assurance that the supporting time records are accurate, the approval process lacks substance. Other examples are where a supervisor who approves expense reports but routinely does not look at the supporting documentation; a country manager provides a true control as an approver; or where the country manager or the local finance manager has ability to conceal the true nature of transactions without detection by anyone else.
Another important area involves sales and compensation for a foreign business unit. On the sales side of the equation, you review the three-year historical sales for the location and the budgeted sales for the upcoming year. This can give insight into the relative pressure on employees to grow the business and, accordingly, the possibility of an employee seeing a bribe as a good way to grow the business. The inquiries can lead to questions about compensation such as: What is the sales incentive compensation plan for local sales personnel? For the country manager? Such an inquiry gives insight into the possibility of personal benefit which might result from someone paying a bribe to win a contract which results in a large sales incentive compensation to the employee.
These reviews, questions, inquiries and analyses are designed to locate the pressure points involved in any company’s sales processes. This is because pressure is a key element of occupational fraud and the risk of fraud, including corruption, increases as the pressure increases. Since corruption is viewed as a subset of fraud, it might be a good time to review the “fraud triangle,” which lays out breeding ground for fraud in the corruption context:

  • Pressure which has financial implications, whether it be personal financial needs that are unmet or pressure to reach sales goals;
  • Rationalization. A fraud perpetrator always rationalizes that he/she is not a criminal and when committing fraud for personal benefit, the perpetrator intends to repay the money; when committing fraud for company benefit, the perpetrator rationalizes that the company really wants to meet its goals and that the perpetrator’s actions are in furtherance of the company’s goals; and
  • Opportunity. The perpetrator must be in a situation where the internal controls do not prevent the fraud and its necessary concealment