Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Pre-acquisition Risk Assessment

One of the clearest themes from the original 2012 FCPA Resource Guide was the importance of your pre-acquisition work in any M&A on a target company. In the section on Declinations, the 2012 FCPA Resource Guide provided an example of a company that had received a declination in large part because of its pre-acquisition work, which then served as a basis for its post-acquisition remediation. I find it appropriate to think of the process as a straight line, directly from the pre-acquisition phase to closing and then to remediation, integration, and self-reporting in the post-acquisition phase. These same concepts were brought forward in the 2020 FCPA Resource Guide, 2nd edition.

It should all begin with a preliminary pre-acquisition assessment of risk. Such an early assessment will inform the transaction research and evaluation phases. This could include an objective view of the risks faced and the level of risk exposure, such as best/worst-case scenarios. A pre-acquisition risk assessment could also be used as a mechanism through which to view the feasibility of the business strategy and help to value the potential target.

The pre-acquisition risk assessment can be critical in any M&A work for compliance. Use this opportunity to see where the target might stand on compliance. Your risk assessment can evolve as you obtain greater information. Finally, use this pre-acquisition risk assessment as a base document to plan, resource, and budget for your post-acquisition remediation, integration, and reporting.

Three key takeaways: 

  1. One never has enough time to engage in all the pre-acquisition reviews you might want to do, so optimize your time and resources.
  2. Consider what you can review to put together a preliminary risk assessment on the target.
  3. As with most compliance initiatives, you are only limited by your imagination, so if you are limited in time and scope, try something new and different.
Categories
All Things Investigations

All Things Investigations: Episode 23 – Oversight Duties of Corporate Officers with Benjamin Britz

In this episode of All Things Investigations, host Tom Fox talks with Benjamin Britz, partner at Hughes Hubbard, about the recent Delaware Court of Chancery decision regarding the NRA McDonald’s case. Ben explains the court system in Delaware and the background facts of the case involving sexual misconduct and harassment allegations against McDonald’s CEO and his Chief People Officer, David Fairhurst. The court’s decision focuses on whether Fairhurst had an oversight duty as an officer, and Ben and Tom discuss the legal rationale for the duty of oversight and the duty of information and compliance information systems. 

Benjamin Britz is a partner at the law firm Hughes Hubbard and has extensive experience in internal investigations, securities litigation, and white-collar defense. He graduated from Columbia Law School in 2004 and went on to clerk for Judge Jim Carr in the Northern District of Ohio before joining Hughes Hubbard. He has remained with the firm ever since. 

 

You’ll hear Tom and Ben discuss:

  • The Delaware Court of Chancery is a specialized forum for disputes regarding the operations and governance of Delaware corporations, and it has very knowledgeable judges who are confirmed by the Delaware State Senate.
  • The duty of oversight applies to corporate officers and is based on the same fiduciary duties as directors.
  • The duty of oversight includes the duty of information and compliance information systems, as well as the duty of red flag, where officers need to take action if they become aware of misconduct.
  • The court’s decision in this case was based on the duty of red flag and a finding of bad faith due to inaction on the part of Fairhurst, who ignored red flags and was allegedly engaged in misconduct himself.
  • The court’s opinion was comprehensive, possibly to ensure a basis for upholding the decision on appeal, and the duty of oversight applies to the chief compliance officer as well.
  • The court’s decision in the case discussed does not extend beyond corporate officers. The decision does, however, elevate the role of the chief compliance officer to the level of the CEO or CFO in terms of the breadth of their duties.
  • This decision serves as a reminder that courts take the position of the compliance officer very seriously, regardless of their formal designation within the company.
  • While the case may not be appealed, it is important because it sketches out areas where basic tenets of corporate governance law are still undeveloped.
  • The court’s breach of loyalty claim against Fairhurst for committing sexual harassment could open up a can of worms and expand the traditional duty of loyalty into areas where it hasn’t been before.
  • The duty of loyalty claim for engaging in affairs that are against the code of conduct or other policies and procedures could be a backdoor violation of honest services.

 

KEY QUOTES

“What’s called a red flag duty, if you become aware of misconduct that you have to do something about it.” – Ben Britz

 

“If you are the CCO your duties are very broad, because this whole thing is basically your job. Because of that, it does very much put the compliance officer on the level with the CEO or the CFO…” – Ben Britz

 

“The expectations from the board certainly are going to be that whoever holds that position is executing it to the absolute fullest.” – Ben Britz

 

Resources:

Hughes Hubbard & Reed website

Ben Britz on LinkedIn

Categories
Corruption, Crime and Compliance

The Ericsson FCPA DPA Breach Settlement

In this episode of the Crime, Corruption, and Compliance podcast, host Michael Volkov dives into the Ericsson FCPA Deferred Prosecution Agreement breach settlement. The case highlights important issues with conducting internal investigations, corporate culture, and dealing with the Justice Department in the event of a breach. The episode delves into the details of the case, discussing the lessons learned from this massive failure and nightmare scenario with regard to disclosures, and how it serves as a cautionary tale for all investigators, whether conducted by internal staff or outside counsel.

Here are some key ideas discussed in this episode:

  • Ericsson, the Swedish telecom company, breached its 2019 Deferred Prosecution Agreement and agreed to enter a guilty plea to the original charges in the DPA and pay a $206M penalty.
  • The breach was primarily due to Ericsson’s failure to disclose its bribery payments or potential bribery payments to ISIS to facilitate transportation of telecom equipment in Iraq.
  • Ericsson used third-party agents and consultants to pay bribes to government officials in a number of countries to manage slush funds.
  • Ericsson’s failures have undermined the integrity of its corporate commitment to compliance and ethical culture, damaged its reputation, and threatened its relationship with the Justice Department and overall government regulators.
  • The breach prevented the DOJ from bringing criminal charges against certain individuals and harmed the US’s ongoing criminal investigation.
  • Ericsson’s breach presents a laundry list of internal investigation errors, such as a failure to produce responsive documents for many years, omitting key details related to its investigative findings, and a lack of fundamental culture improvements.
  • Ericsson has significantly enhanced its compliance program and internal accounting controls through structural and leadership changes, including hiring a new Chief Legal Officer and Head of Corporate and Government Investigations.
  • The DOJ’s calculation of the criminal penalty was for just over $727,000,000, reflecting the midpoint of the applicable guideline range, and Ericsson will be required to serve a term of probation, which can be revoked for further violations found.
  • Ericsson agreed to continue to enhance its program and to test these enhancements for effectiveness.
  • Ericsson’s violations were pervasive and systemic, reflecting a rotten culture that promoted bribery as a means to make money.
  • Failures to disclose by outside counsel partially reflect failures of senior leadership responsible for oversight and direction of outside counsel.
  • Outside counsel must establish an effective working relationship with transparency, coordination, and full disclosure.
  • Senior executives must engage with outside counsel at each and every step of the investigation to check on the overall process.
  • The failure to produce certain documents underscores the need for a document retention policy.

 

KEY QUOTES:

“This breach really presents a laundry list of internal investigation errors. …It is a cautionary tale for all investigators, whether conducted by internal staff or outside counsel.” – Michael Volkov

 

“The failures to disclose, in my view, partially reflect failures of various actors, including outside counsel, but also senior leadership.” – Michael Volkov

 

“Its culture was rotten, and it promoted bribery as a means to an important end that is just making money.” – Michael Volkov

 

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
FCPA Compliance Report

Sam Tate on New Failure to Prevent Cause of Action

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, I am joined by Sam Tate, a partner at RPC. Sam co-authors the leading UK anti-corruption compliance textbook “Bribery: a Compliance Handbook.” He works closely with several FTSE 100, international, and privately owned entities and individuals concerning financial crime proceedings, investigations, and practical crime prevention programs. He recently led the settlement on the ground-breaking 11th and 12th UK DPA’s and conducted the independent investigation for the Financial Times of allegations made by Wirecard against its reporters.

In this episode, they discuss the proposed Economic Crime and Corporate Transparency Bill and how it could majorly affect companies not based in the U.K. The bill includes verification for all new and existing registered companies, directors, and persons and provisions making it easier for the National Crime Agency. Sam Tate predicts this will result in more focused prosecutions than Deferred Prosecution Agreements, although it should make settlements easier. This collaboration between the UK and the U.S. will be a lasting legacy of our time.

Key Highlights

Economic Crime Legislation in the UK [00:04:49]

The Potential Impact of a New U.S. Bill on Global Businesses [00:08:40]

The Cost of Increased Business Regulation [00:12:24]

Sharing Information and Improving Access between Regulated Entities and the National Crime Agency [00:16:34]

The Impact of US-UK Relationships on Prosecutions and Deferred Prosecution Agreements [00:20:49]

The Challenges of Settling Issues in the UK [00:24:36]

 Notable Quotes

1.     “So if you have a fraud offense, then a corporate doing probably doing any business in the UK, or having a presence in the business in the UK so that it could be one in the US, it could be one anywhere in the world, anywhere in the world with presence business in the UK, would be corporately criminally liable if it failed to prevent fraud unless it had a series of adequate procedures in place to prevent that.”

2.     “It’s something we call the ‘guidance in mind’ test. They are the brains of the company, and they’ve got to be involved for the corporates to be criminally live criminally liable.”

3.     “Bribery is defined in our legislation as offering something with the intention of causing another person to perform their duties improperly. Fraud takes a few forms; worth essentially is a deceit of one kind or another, sometimes with the abuse of trust or over opposition to trust.”

4.     “It’s not entirely clear what that is because we haven’t had a ton of cases. But it’s a registered office, a large part of your business, or even a smaller part of your business, a trading arm, perhaps doing your accounts here. Probably something a little bit more than trading on the UK stock exchange, but not much more is enough to have a part of your business in the UK.”

 Episode Links

RPC

Sam Tate

Bribery: a Compliance Handbook

Connect with Tom Fox on LinkedIn

Categories
Daily Compliance News

March 13, 2023 – The SFO Punts Again Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • SFO drops yet another prosecution. (WSJ)
  • Former SEC Commissioner joins SEC whistleblower firm. (WSJ)
  • Former Blue Bell CEO pleads guilty to a misdemeanor. (WSJ)
  • Foreign company supply chains face more scrutiny. (WSJ)
Categories
Compliance Kitchen

Compliance Kitchen on Unwrapping the Cloaked: How Russian Oligarchs Evade Sanctions with the Help of Enablers

The Compliance Kitchen, hosted by Silvia Surman, dives into detailed and complex topics looking at all sides of the compliance industry. The recent advisory from the repo task force that Silvia discusses reveals the clever evasion tactics used by Russian elites, including the beneficial ownership of legal entities transferred to their children, as well as enablers performing certain functions on their behalf. Russian and other users are able to access sensitive goods and technologies by using freight forwarding businesses in a third country. The Compliance Kitchen is here to provide insight and analysis into these and other compliance topics in an engaging and educational manner.

Key Highlights

Russian Sanctions Evasion Tactics Used by Elites. 00:06

The Use of Enablers to Avoid Sanctions on Russian Oligarchs. 06:13.

Illegal Access to Sensitive Goods and Technologies Through Freight Forwarding Business. 12:18

Notable Quotes

  1. “This is a multilateral effort that has used information sharing and coordination to isolate and pressure sanction Russian individuals and entities.”
  2. “The typologies that they identified in this advisory include the use of family member burs and close associates to ensure continued access and control over assets.”
  3. “The asset transfers it’s being observed that go to family members and close associates sometimes occur immediately before a person is on sanctions list or shortly thereafter. So that indicates sanctions evasion efforts.”
  4. “More specifically, the advisory tells us that sanctioned Russian individuals and entities have used the use of expensive real estate to hold value or to own their illicit proceeds through real estate using complex ownership structures to avoid identification of the ultimate beneficial owner.”
Categories
Blog

The Week That Was in Compliance – The ECCP: Part 2 – Consequence Management

In addition to the speeches presented at the ABA’s 38th Annual National Institute on White Collar Crime, by Deputy Attorney General Lisa Monaco (2023 Monaco Speech) and Assistant Attorney General Kenneth A. Polite (Polite Speech); there was the release of the 2023 U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (ECCP). Today we review another new addition to the ECCP, that being ‘consequence management’. This certainly includes clawbacks but there is also other language which compliance professionals will need to incorporate into their compliance program beyond clawbacks.

The Department of Justice (DOJ) has been talking about clawbacks for some time now. However, the revised language of the ECCP puts more rigor around what the DOJ is now mandating. This section begins by noting that financial penalties as well as financial incentives can influence employee behavior and that prosecutors are now required to consider both aspects. It states:

“By way of example, prosecutors may consider whether a company has publicized disciplinary actions internally, where appropriate and possible, which can have valuable deterrent effects. Prosecutors may also consider whether a company is tracking data relating to disciplinary actions to measure effectiveness of the investigation and consequence management functions. This can include monitoring the number of compliance-related allegations that are substantiated, the average (and outlier) times to complete a compliance investigation, and the effectiveness and consistency of disciplinary measures across the levels, geographies, units or departments of an organization…Some companies have also enforced contract provisions that permit the company to recoup previously awarded compensation if the recipient of such compensation is found to have engaged in or to be otherwise responsible for corporate wrongdoing. Finally, prosecutors may consider whether provisions for recoupment or reduction of compensation due to compliance violations or misconduct are maintained and enforced in accordance with company policy and applicable laws…Compensation structures that clearly and effectively impose financial penalties for misconduct can deter risky behavior and foster a culture of compliance.”

Clawbacks

With the Pilot Program and other announcements in the Monaco and Polite speeches, the DOJ has made clear that companies need to seek to recover amounts paid out to executives which were illegally received as corporate compensation. This could include both salary, stock options or similar payments or discretionary bonuses. Regarding your corporate clawback protocol itself, the ECCP poses the following questions:

  • What percentage of executive compensation is structured to encourage enduring ethical business objectives?
  • Are the terms of bonus and deferred compensation subject to cancellation or recoupment, to the extent available under applicable law, in the event that non-compliant or unethical behavior is exposed before or after the award was issued?
  • Does the company have a policy for recouping compensation that has been paid, where there has been misconduct?
  • Have there been specific examples of actions taken (e.g., promotions or awards denied, compensation recouped or deferred compensation cancelled) as a result of compliance and ethics considerations?

All of this means every compliance program will need to analyze each of these components as set out. It will also require a review of executive contracts to determine if there are clawback provisions set out in each employment contract. If there are no such provisions, they will need to be inserted. Finally, what “specific examples of actions taken” does a company have to show to the DOJ should they come knocking?

Consequence Management

The DOJ also mandated that compliance programs take a deeper dive into their entire financial incentive program; both incentives and dis-incentives. While not previously discussed in speeches, these new requirements seem to flow from the general statements made by both Monaco and Polite over the past year. In this area, the ECCP mandates the following inquiries:

  • How has the company ensured effective consequence management of compliance violations in practice?
  • What insights can be taken from the management of a company’s hotline that provide indicia of its compliance culture or its management of hotline reports?
  • How do the substantiation rates compare for similar types of reported wrongdoing across the company (i.e. between two or more different states, countries, or departments) or compared to similarly situated companies, if known?
  • Has the company undertaken a root cause analysis into areas where certain conduct is comparatively over or under reported?
  • What is the average time for completion of investigations into hotline reports and how are investigations that are addressed inconsistently managed by the responsible department?
  • What percentage of the compensation awarded to executives who have been found to have engaged in wrongdoing has been subject to cancellation or recoupment for ethical violations?
  • Taking into account the relevant laws and local circumstances governing the relevant parts of a compensation scheme, how has the organization sought to enforce breaches of compliance or penalize ethical lapses?
  • How much compensation has in fact been impacted (either positively or negatively) on account of compliance-related activities?

Obviously, there is some overlap with the clawback language but there is quite a bit new in these questions. The DOJ ties hotline and speak up reports directly to a company’s culture of compliance. This is almost a direct tie back to the findings of Kyle Welch in his seminal work on a speak up culture. But the DOJ goes on to ask about substantiation rates, closure rates, consistent and fair application of discipline (and rewards when called for) and root cause analysis; which are not simply technical aspects of compliance programs but are concrete steps companies can implement to engender trust with employees that their concerns will be taken seriously and then acted upon when they are raised. Once again, as with clawbacks, these are levels of analysis that many compliance programs have not yet taken but are now required to do so.

Join us tomorrow when we consider messaging apps under the revised ECCP.

Categories
Sunday Book Review

March 12, 2023 – The UNC Press edition

In the Sunday Book Review, I consider books that interest the compliance professional, the business executive, or anyone curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest me. In today’s edition of the Sunday Book Review, we consider some of the top recently released by the UNC Press:

  • The Southern Way of Life by Charles Reagan Wilson
  • Vann Woodward by James Cobb
  • Passion Plays by Randall Balmer
  • From Here to Equality by William Darity and Kirsten Mullen
Categories
Daily Compliance News

March 11, 2023 – The Settlement Ditched Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • JPMorgan sues former exec Jes Staley for Epstein connections. (WSJ)
  • DOJ against USSG changes. (Reuters)
  • Whistleblowers ditch settlement with Texas AG. (Houston Chronicle)
  • Swiss bankers indicted for AML violations. (ICIJ)
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Safe Harbor in M&A

White collar defense practitioners have long called for a specific safe harbor for companies in the mergers and acquisition context where they meet the criteria set out by the DOJ. This clarion call was answered in the summer, 2018 when in July 2018, the DOJ announced a revision to the FCPA Corporation Enforcement Policy, specifically around mergers and acquisitions. The new language read:
M&A Due Diligence and Remediation: The Department recognizes the potential benefits of corporate mergers and acquisitions, particularly when the acquiring entity has a robust compliance program in place and implements that program as quickly as practicable at the merged or acquired entity. Accordingly, where a company undertakes a merger or acquisition, uncovers misconduct through thorough and timely due diligence or, in appropriate instances, through post-acquisition audits or compliance integration efforts, and voluntarily self-discloses the misconduct and otherwise takes action consistent with this Policy (including, among other requirements, the timely implementation of an effective compliance program at the merged or acquired entity), there will be a presumption of a declination in accordance with and subject to the other requirements of this Policy.

In announcing the change, then Deputy Assistant Attorney General Matthew Miner, that while the FCPA Resource Guide did provide some guidance on what may constitute a safe harbor; that word ‘may’ was a “sticking point for corporate management when deciding whether and how to proceed with a potential merger or acquisition. There is a big difference between a theoretical outcome and one that is concrete and presumptively available.”
Three Key Takeaways

  1. The FCPA Corporate Enforcement Policy was amended in 2018 to provide a safe harbor in the M&A context.
  2. Pre and post-acquisition compliance work must be equally robust.
  3. If you find misconduct, report and remediate.