Categories
Blog

Ongoing Compliance Assessments: FCPA, UK Bribery Act and OCED Best Practices

One of the requirements consistent throughout the Principles of Federal Prosecution of Business Organization (US Sentencing Guidelines) and its section on corporate compliance programs; the Organization for Economic Co-operation and Development (OECD) Good Practice Guidance on Internal Controls, Ethics, and Compliance, and the UK Bribery Act’s Consultative Guidance is the need for continued assessment of an anti-corruption and anti-bribery compliance program. This posting will review the specifics of each of these documents and will provide to the compliance and ethics practitioner some ideas on how to implement what each of these protocols stress is key component of any best practices compliance program.

US Sentencing Guidelines

The US Sentencing Guidelines state that there should be periodic reviews of a company’s compliance program, utilizing internal resources, such as a company’s Internal Audit function, and outside professional consultants. The OECD Good Practice states that a compliance program should be periodically re-assessed and re-evaluated to take into account any new developments. The UK Bribery Act Consultative Guidance, recently released by the UK Ministry of Justice, requires ongoing monitoring and review by noting that a compliance program and procedures should be reviewed regularly and a company should consider whether an “external verification [of the compliance program] would help.”

Speaking at the Compliance Week 2010 Annual Conference, Assistant Attorney General for the Criminal Division of the US Department of Justice, Lanny Breuer, indicated that such an external verification or assurance of the effectiveness of a compliance program is a key component to assist a company in maintaining a ‘best practices’ FCPA compliance program. He noted that it is through a mechanism such as an ongoing assessment that a company could continue to evaluate its own compliance program with reference to compliance standards which are evolving on a world wide basis.

OECD

In this same speech, Breuer cited as a benchmark for a best practices compliance and ethics program the protocols set forth in the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance. In this protocol the OECD suggested that “periodic reviews of the ethics and compliance programs or measures, designed to evaluate and improve their effectiveness in preventing and detecting foreign bribery, taking into account relevant developments in the field, and evolving international and industry standards.” Writing in the Society of Corporate Compliance and Ethics Magazine (SCCE) (Vol. 7 / No. 3), Russ Berland explained that this guidance meant that companies should regularly reassess their anti-bribery and anti-corruption compliance program to evaluate and improve its overall effectiveness. Although he did not give a time frame for this regular assessment, Berland noted that any such assessment “should take into account new developments in the area and evolving standards.

UK Bribery Act 

Principle Six of the UK Bribery Act’s Consultation Guidance discusses the need for ongoing monitoring and review. The Principle states “The commercial organization institutes monitoring and review mechanisms to ensure compliance with relevant policies and procedures and identifies any issues as they arise. The organization implements improvements where appropriate.” The reasons for this continued monitoring was to ensure that if, external events like government changes, corruption convictions, or negative press reports occur, an appropriate compliance response is triggered. The Guidance noted that it would be prudent for companies to consult the publications of relevant trade bodies or regulators that could highlight examples of good or bad practice. Organizations should also ensure that their procedures take account of external methods of issue identification and reporting as a result of the statutory requirements applying to their supporting institutions, for example money laundering regulations reporting by accountants and solicitors.

The Consultative Guidance provided advice for companies which covered several specific suggestions. The senior management of higher risk and larger organizations may wish to consider whether to commission external verification or assurance of the effectiveness of anti-bribery and anti-corruption policies. An independent review can provide to a company, which is undergoing structural change or entering new markets, with an insight into the strengths and weaknesses of its anti-bribery policies and procedures and in identifying areas for improvement. Such independent assessment would also enhance a company’s credibility with business partners or to restore market confidence following the discovery of a bribery incident, to help meet the requirements of both voluntary or industry initiatives and any future pre-qualification requirements.

Ongoing Assessment as ‘Best Practices’ 

All three cornerstones of guidance available to the Foreign Corrupt Practices Act (FCPA) compliance practitioner include ongoing assessments as a key component of any best practices program. The text of each document and the remarks by commentators make clear the reasons for such an ongoing assessment. Not only do best practices evolve but companies and business evolve. An assessment is key to measuring where your program currently stands to allow you to know where it needs to be updated.

Attention should be paid to who and how the assessment is conducted. The entity, be it a law firm; professional consultant or other, which designed the FCPA compliance program for your company should not be the assessor. Such assessment would obviously be a conflict of interest. Additionally a drafter usually has blind spots when assessing one’s own work. An outside FCPA compliance professional should be engaged to assess your compliance policy, at no less than every two years, to review and make recommendations to keep your program at the best practices standard.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2010

Categories
FCPA Compliance Report

Opinion Release Papers-11-01: Using the Opinion Release Procedure

The only Opinion Release of 2011 (11-01) may have left compliance practitioners initially scratching their heads. However, this collective head scratching is not because the Opinion Release is so difficult to understand and has no application to the everyday business of compliance, but for a polar opposite reason – the question posed to the Department of Justice (DOJ) is so straight-forward, and has been previously asked and answered, that it is difficult to understand how any first year compliance practitioner did not know the answer to it. Yet there is more than this facile analysis as to what may have been going on.

Background

The Requestor was a US Company which facilitated international infant adoptions and it desired  to bring some foreign governmental officials over to the US to learn more about it. The foreign government selected the officials to travel, the travel was economy class and it involved no WAGs (wives and girlfriends). The trip was scheduled to be for two days and the US Company paid all the vendors, airlines, hotels, local transportation and food service providers directly. No cash was provided to the traveling officials and any gifts would be branded and of nominal value.

Requestor Representations

In addition to those statements by the Requestor, it also represented to the DOJ the following:

  • It had no non-routine business (e.g., licensing or accreditation) under consideration by the relevant foreign government agencies.
  • Its routine business before the relevant foreign government agencies consists primarily of seeking approval of pending adoptions. Such routine business is guided by international treaty and administrative rules with identified standards.
  • The Requestor did not select the particular officials who will travel. That decision will be made solely by the foreign government agencies.
  • Apart from the expenses identified above, the Requestor did not compensate the foreign government agencies or the officials for their visit, nor will it fund, organize, or host any other entertainment, side trips, or leisure activities for the officials, or provide the officials with any stipend or spending money.
  • The visit will be for a two-day period (exclusive of travel time), and costs and expenses will be only those necessary and reasonable to educate the visiting officials about the operations and services of U.S. adoption service providers.
  • The Requestor has invited another adoption service provider to participate in the visit.

DOJ Discussion

The DOJ cited to Opinion Releases 07-01 and 07-02 for the general rules around travel and entertainment for foreign officials. It then stated, “Based upon all of the facts and circumstances, as represented by the Requestor, and consistent with these prior opinions, the expenses contemplated are reasonable under the circumstances and directly relate to “the promotion, demonstration, or explanation of [the Requestor’s] products or services.” 15 U.S.C. § 78dd-2(c)(2)(A). Therefore, the Department does not presently intend to take any enforcement action with respect to the planned program and proposed payments described in this request.”

Discussion

In his testimony before the House Judiciary Committee, then DOJ Representative Greg Andres spoke about the Opinion Release Procedure as one of the mechanisms by which the DOJ can not only bring transparency to the area of information relating to Foreign Corrupt Practices Act (FCPA) but also can allow businesses with substantive questions to seek and receive specific answers to queries regarding factual scenarios which they may face. So what are the requirements under the Opinion Release Procedure? Initially I would note that DOJ has posted on its website, the Foreign Corrupt Procedures Opinion Procedure, (28 C.F.R. part 8).

The stated purpose is noted as follows: “These procedures enable issuers and domestic concerns to obtain an opinion of the Attorney General as to whether certain specified, prospective–not hypothetical–conduct conforms with the Department’s present enforcement policy regarding the antibribery provisions of the [FPCA]” (§80.1). The requirements of the Opinion Release Procedure are (1) the submission must be in writing; (2) an original and copies must be provided; and (3) must be sent to address provided. (§80.2) In addition to these specific requirements there are certain general requirements listed. (§80.6) They include that complete copies of all operative documents and detailed statements of all collateral or oral understandings. The request must be signed by an appropriate senior officer.

While there is additional language in the Opinion Release Procedure that it only relates to the query submitted to the DOJ, does not bind any other agency or department and can change if different facts occur or that the DOJ can ask for additional information from the party making the request, it is required under the terms of the Opinion Request Procedure “within 30 days after receiving a request that complies with the foregoing procedure, respond to the request by issuing an opinion that states whether the prospective conduct, would, for purposes of the DOJ’s present enforcement policy, [violate the FCPA].” (§80.8)

So there may be an addition lesson learned from Opinion 11-01, which is that the Opinion Release Procedure can be straightforward. The DOJ can be available to assist in interpreting the FCPA based upon the facts and circumstances a company faces in the real world. I have argued for greater transparency by the DOJ in providing information for companies and the compliance practitioner and the Opinion Release Procedure is one of the mechanisms by the DOJ does provide transparency and information.

However there might be another aspect to this specific Opinion Release. While I had discussed the above points from the perspective of an outside counsel, in-house lawyer or compliance office who specialized in FCPA compliance work; the Opinion Release Procedure is designed so that any person or company may submit a query to the DOJ and could be utilized by a company that does not have either an in-house compliance practitioner or even a General Counsel (GC). Simply put, a question can be submitted to the DOJ as straight forwardly as with a one-page document setting forth the information required under the Opinion Release Procedure.

Categories
The Compliance Life

Bridget Abraham-From Consulting to Compliance

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Bridget Abraham, CCO at Remitly, who had a decidedly non-traditional path to the CCO Chair.

From the Federal Reserve, Bridget then moved into the consulting world, starting a Bearing Point and then Deloitte. From there, she moved into the realm of compliance, starting in the financial world at Citibank, working in Compliance Analytics and Assessments. The banking world was transitioning from a manual approach to compliance into more of a tech solution option. She then moved to Western Union, first as Vice President of Global Compliance Programs, then to Deputy Chief Compliance Officer, where her role was much broader than her prior focus on data and data analytics.

Resources

Bridget Abraham LinkedIn Profile

Categories
Blog

From Systemically Corrupt to Above Reproach: Examining Siemens’ Remarkable Turnaroun‪d‬

 

In 2006, Germany-based Siemens was ranked 22nd on the Global Fortune 500 with revenues of $100 billion. It was a global leader and one of the world’s most admired companies. Until November 16, 2006 when the Munich Police Department raided Siemens corporate offices and several subsidiaries based on whistleblower allegations of bribery and misuse of funds. This Munich Police Department investigation triggered a global corruption investigation which revealed that Siemens had methodically violated U.S., German and other global anti-bribery laws for decades. When the settlement of the case was announced in 2008, law enforcement didn’t pull any punches.  Yet what is equally remarkable is that a company that used corruption strategically and methodically to achieve its business objectives for decades remade itself in the wake of the corruption scandal to emerge as a model of corporate reform and business ethics.

Join us each week as we take a deep dive into the various forms of fraud across the world and discuss crime families, penny stock boiler rooms, international money launderers, narco-traffickers, oligarchs, dictators, warlords, kleptocrats and more.

Scott Moritz is a leading authority on white-collar crime, anti-corruption, and in the evaluation, design, remediation, implementation, and administration of corporate compliance programs, codes of conduct. He is also considered an authority in the establishment, training, and oversight of the investigative protocols carried out by financial intelligence, corporate security, and internal audit units.

Categories
Innovation in Compliance

Innovating Compliance in the Middle East and Africa with Tomell Ceasar

 

Tomell Ceasar is the Group Head of Ethics and Compliance at Careem (An Uber Company). He is one of the founders of the Middle East and Africa Compliance Association (MEACA). This organization strives to raise awareness on business ethics and provides tools to build stronger and more responsible businesses. Essentially, they promote global regulatory compliance and effective governance in the Middle East and Africa. In this week’s episode, he explains to Tom the intricacies of practicing compliance outside the US, specifically the EAME. 

 

 

Compliance Practice in the EAME

Tom asks Tomell to describe what it is like practicing compliance in EAME. Tomell responds that it’s difficult to make broad generalizations on compliance region-wide since the EAME is such a huge territory. Compliance is a “Western value in terms of the way one approaches international business”, Tomell remarks, so adoption would take some time. However, appreciation of compliance roles and professionals grew exponentially over the past decade. International companies are seeing compliance through the US lens, and “they identified values of compliance being important enough to them to adopt similar frameworks and ideological perspectives as it relates to commercial enterprise, to be equivalent to the United States,” Tomell remarks.

 

The Birth of the MEACA 

As a co-founder of the Middle East and Africa Compliance Association, Tom wants to know how Tomell came up with the idea for the MEACA. Tomell explains that “the values of compliance have traditionally not been a staple of commercial enterprises in these regions.” Compliance has had a real maturation process over the last 10 years, and Tomell and his team saw a major opportunity to support the development and growth towards that end. There was a need for an organization willing to serve the distinct purpose of “serving and supporting the compliance community and to give them an avenue to connect, to network, to broaden their skill set.” Thus, the MEACA was born. To this day, they help companies promote and catalyze the compliance movement toward fighting corruption in companies and society. 

 

Resources 

Tomell Ceasar | LinkedIn

The Middle East and Africa Compliance Association

 

Categories
Daily Compliance News

October 11, 2022 the Rethink Edition

In today’s edition of Daily Compliance News:

  • Corruption and money laundering are destroying the planet. (FCPA Blog)
  • UK to ‘rethink’ replacing GDPR. (TechCrunch)
  • Meta appeals €405 million fine. (Cordery Compliance)
  • More whistleblowers at EY (FT)
Categories
Blog

Use Your Eyes in Compliance

One thing compliance professionals are rarely trained to do is trust your eyes. This may be because it seems too obvious. After all the well-known Howard Sklar maxim of “Water is Wet” is largely based on the fact that if something is so obvious you may not need to train on it. Yet two recent events make clear we all need to ‘trust our eyes’ in a variety of settings. The first is in the National Football League (NFL) and it involves Miami Dolphin quarterback, Tua Tagovailoa. Three weeks ago, he was tackled, thrown to the ground and his head snapped against the tuft. This is clearly a sign a concussion may be coming. After Tua got up, he stumbled and fell and then had to be helped up by a teammate and off the field.

I say all of this with absolute certainty as I was watching the game Dolphins v. Bills and saw it along with some 70,000 in the stadium and millions on television. Unfortunately, those who did not see these actions of Tua after the hit was the Dolphins medical staff who, rather amazingly (or perhaps not), cleared him under the NFL Concussion Protocol and sent him back to play in the second half of the game. Again, finding he was fine under the concussion protocol, he was allowed to play. The Dolphins claimed that he had sustained a “back injury” and that was why he stumbled and fell, not motor impairment. The next week, Tua took another shot to his head and this time he did not get up, stumble and fall. He did not get up at all. According to New York Times (NYT), he left the field on a stretcher and was taken immediately to a local hospital.

It was clear to anyone who saw the first concussion, that it was just that a concussion. However, “because of the incident, the league and union said they were considering changing the protocols, which currently allow a player with “gross motor instability” to return to the game if doctors decide there is an orthopedic reason for his unsteadiness.” Some doctor said the instability was due to Tua’s bad back and that was good enough. The NYT went on to further note, “The expected change will be to instead establish ataxia, a term describing impaired balance or coordination caused by damage to the brain or nerves, as a sign that automatically disqualifies a player from returning to the game.”

All of this informs compliance programs and compliance professionals as sometimes actions do not simply pass the eye test. I thought of this in the context of the recent Oracle Corporation Foreign Corrupt Practices Act (FCPA) enforcement action. In this Oracle matter, the bribery schemes involved distributors, which were used as not only conduits to pay bribes, but as the mechanism to create a pot of money to pay bribes. The Oracle compliance program allowed sales employees at the subsidiaries to request monies meant to reimburse distributors for certain marketing expenses associated with selling Oracle products. There was a multi-pronged approval process in place. For marketing reimbursements “under $5,000, first-level supervisors at the Subsidiaries could approve the purchase order requests without any corroborating documentation indicating that the marketing activity actually took place.” Above this $5,000 threshold, additional approvals were required with additional requirements for business justification and documentation.

You can no doubt see where this is going as this internal control gap allowed for abuse. Indeed the Orderstated, “Oracle Turkey sales employees opened purchase orders totaling approximately $115,200 to [distributors] in 2018 that were ostensibly for marketing purposes and were individually under this $5,000 threshold.” That is at least 23 different expense requests to reimburse for marketing made under the threshold. Of course, there were no marketing efforts by the distributors and no follows up audits, inspections or even questions to confirm that the marketing expenses had actually occurred. The entire business unit was in on the fraud, and it stole money from the corporate office to fund it slush fund to pay bribes.

Clearly compliance was not using its eyes for if it had, it would have seen that there was a large number of marketing reimbursement requests at or below the threshold which required additional oversight and approval. Using your eyes does not mean that it is simply your eyes which catch nefarious conduct, it means that you use your eyes and if it something unusual occurs then additional investigation is warranted.

All of this brings to the second lesson from the NFL’s sordid tale involving Tua Tagovailoa; which is if the protocol does not work, change the protocol. Renee Miller, writing The Athletic, said, “The purpose of the onsite concussion “exam is to determine if any symptoms are apparent in a neurological exam (looking at reflexes, cranial nerve function and limited cognitive skills), and if so, whether they arise from a neurological origin.” It does not take into account what we all saw with our eyes, the stumbling, Tua grabbing his helmet and inability to focus. The NFL will now make a change to consider the other factors Tua exhibited. In other words, they changed the protocol to require and allow for additional information about the injured player in making a determination of that player’s returning to the game.

In the case of Oracle, there was a high risk of business unit employees using the marketing reimbursement requests to create a pot of money to pay bribes. We know this because this same bribery scheme was used by Oracle India to pay bribes and do business corruption, all of which was the subject of a prior FCPA enforcement action. Pretty clearly allowing business unit employees to obtain marketing reimbursements was something that would lead to disaster; which it did just as the Dolphins allowing Tua to come back into the second half of the Bills game where he sustained his first concussion was disastrous for Tua as he was much more seriously injured just the next week.

In compliance never forget to ‘use your eyes’ in testing your compliance program. If something does not look right, do additional investigation. If you do not do so, you may end up like Oracle, now one of 15 FCPA recidivists, a list no company wants to be on.