Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties-DOJ Metrics on Third Parties

In a 2015 speech before the SIFMA Compliance and Legal Society New York Regional Seminar, former Assistant Attorney General Leslie Caldwell for the first time, laid out metrics the DOJ would consider in evaluating a corporate compliance program around third parties. Caldwell began with the following question, “Does the institution sensitize third parties like vendors, agents or consultants to the company’s expectation that its partners are also serious about compliance?” This inquiry was brought forward into the DOJ’s 2017 Evaluation and all subsequent updates, including the most recent.

 Three key takeaways:

1. It all starts with a Relationship Manager.

2. Have company oversight of all third parties.

3. Audit, monitor, and remediate on an ongoing basis.

Categories
Blog

The Fall of the Alamo and Empowerment of the Compliance Professional

Yesterday, March 6 was the anniversary of the most historic day of many in the history of the great state of Texas, the date of the fall of the Alamo. While March 2, Texas Independence Day, is when Texas declared its independence from Mexico and April 21, San Jacinto Day, is when Texas won its independence from Mexico, probably both have more long-lasting significance, if it is one word that Texas is known for around the world, it is the Alamo. The Alamo was a crumbling Catholic mission in San Antonio where 189 men, held out for 13 days from the Mexican Army of General Santa Anna, which numbered approximately 5,000. But on this date in 1836, Santa Anna unleashed his forces, which over-ran the mission and killed all the fighting men. Those who did not die in the attack were executed and all the deceased bodies were unceremoniously burned. Proving he was not without chivalry, Santa Anna spared the lives of the Alamo’s women, children and their slaves. But for Texans across the globe, this is our day.
While Thermopylae will always go down as the greatest ‘Last Stand’ battle in history, the Alamo is right up there in contention for Number 2. Like all such battles sometimes the myth becomes the legend and the legend becomes the reality. In Thermopylae, the myth is that 300 Spartans stood against the entire 10,000-man Persian Army. However there was also a force of 700 Thespians (not actors; but citizens from the City-State of Thespi) and a contingent of 400 Thebans fighting alongside the 300 Spartans. Somehow, their sacrifices have been lost to history.
Likewise, the legend that lifts the battle of the Alamo to the land of myth is the line in the sand. The story goes that William Barrett Travis, on March 5, the day before the final attack, when it was clear that no reinforcements would arrive in time and everyone who stayed would perish; called all his men into the plaza of the compound. He then pulled out his saber and drew a line in the ground. He said that they were surrounded and would all likely die if they stayed. Any man who wanted to stay and die for Texas should cross the line and stand with him. Only one man, Moses Rose, declined to cross the line. The immediate survivors of the battle did not relate this story after they were rescued and this line in the sand tale did not appear until the 1880s.
But the thing about ‘last stand’ battles is they generally turn out badly for the losers.  Very badly. I thought about this when Chuck Duross, when he was head of the Department of Justice’s (DOJ) Foreign Corrupt Practices Act (FCPA) unit, said at a conference that he viewed anti-corruption compliance practitioners as “The Alamo” in terms of the last line of defense in the context of preventing violations of the FCPA. I gingerly raised my hand and acknowledged his tribute to the great state of Texas but pointed out that all the defenders were slaughtered, so perhaps another analogy was appropriate. Everyone had a good laugh back then at the conference. But in reflecting on the history of my state and what the Alamo means to us all; I have wondered if my initial response too facile?
What happens to a Chief Compliance Officer (CCO) or compliance practitioner when they have to make a stand? Do they make the ultimate corporate sacrifice? Will they receive the equivalent of a corporate execution as the defenders of the Alamo received? This worrisome issue has certainly occurred even if the person ‘resigned to pursue other opportunities.’ Michael Scher has been a leading voice for the protection of compliance officers. In a post entitled Michael Scher Talks to the Feds he said, “a compliance officer (CO) working in Asia asked for recognition and protection: “A CO will not stand up against the huge pressure to maintain compliance standards if he does not get sufficient protection under law. Most COs working in overseas operations of U.S. companies are not U.S. citizens, but they usually are first to find the violations. Since the FCPA deals with foreign corruption, how could the DOJ and SEC not protect these COs?””
The DOJ is now looking at not only the quality of your CCO and compliance function, but how they are perceived, treated and received in the corporate setting. In the 2019 Evaluation of Corporate Compliance Programs and the 2020 Update to the Evaluation of Corporate Compliance Programs, (collectively ‘Evaluation’) the DOJ expanded out its inquiry evaluate the “sufficiency of the personnel and resources within the compliance function, in particular, whether those responsible for compliance have: (1) sufficient seniority within the organization; (2) sufficient resources, namely, staff to effectively undertake the requisite auditing, documentation, and analysis; and (3) sufficient autonomy from management, such as direct access to the board of directors or the board’s audit committee.”
Further there were four specific areas of inquiry and review: (1) Structure; (2) Experience and Qualifications; (3) Funding and Resources; and (4) Autonomy.
In the section entitled “Structure” the Evaluation made the following inquiries:

  • How does the compliance function compare with other strategic functions in the company in terms of stature, compensation levels, rank/title, reporting line, resources, and access to key decision-makers?
  • What has been the turnover rate for compliance and relevant control function personnel?
  • What role has compliance played in the company’s strategic and operational decisions? How has the company responded to specific instances where compliance raised concerns?
  • Have there been transactions or deals that were stopped, modified, or further scrutinized as a result of compliance concerns?

In the section entitled “Experience and Qualifications” the Evaluation made the following inquiries:

  • Do compliance and control personnel have the appropriate experience and qualifications for their roles and responsibilities?
  • Has the level of experience and qualifications in these roles changed over time?
  • Who reviews the performance of the compliance function and what is the review process?

In the area of “Funding and Resources” the Evaluation asked

  • Has there been sufficient staffing for compliance personnel to effectively audit, document, analyze, and act on the results of the compliance efforts?
  • Has the company allocated sufficient funds for the same?
  • Have there been times when requests for resources by compliance and control functions have been denied, and if so, on what grounds?

Finally, in the area of “Autonomy” the Evaluation asked:

  • Do the compliance and relevant control functions have direct reporting lines to anyone on the board of directors and/or audit committee?
  • How often do they meet with directors?
  • Are members of the senior management present for these meetings?
  • How does the company ensure the independence of the compliance and control personnel?

These were all deeper and more robust focus on the CCO and compliance team from the DOJ. If your compliance team is run on a shoestring, you will likely be downgraded for your overall commitment to doing business in compliance with the FCPA. The same is true for promotions and other opportunities for advancement within an organization. Not many organizations have such a mature compliance function that a CCO is appointed to another senior level position within an organization.
Upon further reflection I now believe Duross was correct and the Alamo reference was appropriate for compliance officers. It is because sometimes we have to draw a line in the sand to management. And when we do, we have to cross that line to get on the right side of the issue, the consequences be damned. The DOJ has made clear they expect CCOs and compliance professionals to draw that line when they must do so and when they do, companies must heed their warnings.

Categories
FCPA Compliance Report

Mike DeBernardis on 2020 Update to the Evaluation of Corporate Compliance Programs and FCPA Resource Guide, 2nd edition


In the Episode, I am joined by Mike DeBernardis, Counsel at Hughes Hubbard, in the firm’s Washington office and a member of the firm’s Anti-Corruption and Internal Investigations and White Collar & Regulatory Defense practice groups. He represents corporate and individual clients in criminal, civil and administrative enforcement matters, including matters involving the Foreign Corrupt Practices Act and securities and accounting fraud. In this episode we take a deep dive into the DOJ’s 2020 Update to the Evaluation of Corporate Compliance Programs and DOJ and SEC FCPA Resource Guide, 2nd edition.
Some of the highlights include:

  1. What were the top changes DeBernardis observed in 2020 Update to Evaluation of Corporate Compliance Programs?
  2. What were the top changes for you in FCPA Resource Guide, 2nd edition?
  3. How should one read the Resource Guide, 2nd with the 2020 Update? In conjunction, separately or in some other way?
  4. Is there any significance  to the two documents being released so close together in time?
  5. Should you advise clients to do anything different because of these documents?