Tag: compliance

Categories
Blog

Coming Conflict with China-Business Challenges and Responses: Cyber Spying and IP Theft

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? For this special 5-part blog post series, I visited with Brandon Daniels, President of Exiger, to explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In Part III, we consider export issues of US companies and rebalancing the global economy.

As tensions between the US and China continue to grow, so too does the threat of cyber espionage and intellectual property theft. According to the Pentagon, China-linked economic espionage cases have jumped 1300% over the past decade, and nearly half of all counterintelligence cases now involve China. Daniels sheds light on how China is stealing American Intellectual Property (IP) through intelligence services, nontraditional developers, academic partnerships, and hidden ownership of companies in the supply chain.

We not only consider the extent of China’s IP theft but provide some concrete steps for American companies to protect their crown jewels and seek recourse if they become the victim of cyber espionage. With trillions of dollars at stake, the US companies can no longer afford to be unprepared.

Here are some steps you can take for protection.:

  1. Protecting crown jewels by having stricter, more active and proactive containment of technologies that are subject to export control laws.
  2. Monitoring and identifying where there could be IP leakage through better due diligence of vendor and customer ecosystems.
  3. Taking aggressive action to show China that any IP theft will be discouraged and the company will be remunerated for it.
  1. More active and proactive containment of technologies

The first step to protecting your organization’s crown jewels from China’s non-kinetic warfare is to have stricter, more active, and proactive containment of technologies subject to export control laws. This means that public companies need to understand what are their “crown jewels” and how to protect them. They should be more aware of who their suppliers and customers are, and where those technologies are going. Your organization needs to be willing to call out and enforce international trade violations. This requires better due diligence when it comes to their vendor ecosystems, customer ecosystems, and where your organization is buying their technology from. Companies also need to ensure that they have contractual clauses around confidentiality and exposing information so that they can have legal recourse if their intellectual property is stolen. Finally, they should be willing to get serious and aggressive to show China that they will be remunerated for taking their IP.

  1. Monitoring and identifying IP leakage

Monitoring and identifying where there could be IP leakage through better due diligence of vendor and customer ecosystems is a critical step in protecting intellectual property (IP) from theft. To begin this process, companies must understand their supply chain and customer ecosystem(s) to identify any potential areas of vulnerability. Companies should consider conducting background checks on their vendors, as well as tracking and monitoring the movements of their customer data and products. Additionally, companies should be aware of any suspicious activity in their customer and vendor ecosystems and take steps to protect against any potential IP theft.

Companies should be aware of any trade regulations or laws that could be applicable to their products, and take the necessary steps to ensure they are compliant. Additionally, they should consider utilizing insurance or other risk mitigation methods to reduce the potential of IP leakage or theft. Finally, companies should be prepared to take legal action to enforce their IP rights if necessary. This could involve filing lawsuits or engaging in international trade court proceedings to seek remedies for any IP violations. By monitoring and identifying areas of potential IP leakage, companies can better protect their IP and ensure that it is not stolen or misused.

  1. Take aggressive action

Taking aggressive action to show China that any IP theft will be discouraged and the company will be remunerated for it. In other words, use the Rule of Law to not only protect your IP but also aggressively go after any IP theft through civil litigation. This all starts with protecting your crown jewels, which means having stricter containment of technologies that are subject to export control laws, and specifically doing this with regard to China. Companies should also monitor and identify potential areas of IP leakage, such as suppliers, customers and vendors, and perform better due diligence to ensure that the technology is not falling into the wrong hands. Finally, companies should not be afraid to take their cases to court. For example, Tang Energy Group successfully sued Aviation Industry Corp. of China, or AVIC for stealing their wind turbine technology and won a settlement in the tens of millions of dollars. By taking legal action, companies can demonstrate to China that any IP theft will not be tolerated and that they will be held accountable for their actions.

The threat of cyber espionage and intellectual property theft from China is real, and companies need to be aware of the implications and take action to protect their crown jewels. Companies should consider a three-step plan for protecting their IP and seeking recourse if it is stolen, including stricter containment of technologies that are subject to export control laws, monitoring and identifying potential areas of IP leakage, and taking aggressive action to show China that any IP theft will not be tolerated and will be remunerated. With the right steps in place, companies can protect their IP and ensure it is not stolen or misused. Take control of your IP today!

For a deeper dive into these issues, check out the 5-part podcast series with Tom Fox and Brandon Daniels, here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for Business Ventures – Distributor Liability Under the FCPA

Three enforcement actions made clear that there were no distinctions between agents and distributors. They were the Smith & Nephew, Inc., Oracle (2012 and 2022), and Eli Lilly and Company. Each of these enforcement actions had different FCPA violations, and they each revealed separate steps a company should take to prevent and detect FCPA violations in their company.

These three separate bribery schemes call for three different but overlapping responses. The Lilly enforcement action also makes clear the need for internal audits to follow up with ongoing monitoring and auditing. Internal audit can help determine the reasonableness of a commission rate outside the accepted corporate norm. The 2012 and 2022 Oracle enforcement actions demonstrated that Oracle needed to institute the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds in the distributor’s account. The Company needed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. Smith & Nephew did not perform sufficient due diligence on these distributors, nor did they document any.

Further, the distributor was domiciled in a location separate and apart, the UK, from the sole location it was designed to deliver products or services into, Greece. This clearly demonstrated that the entities were used for a purpose the company wished to hide from Greek authorities. While it is true that a distributor might sell products in a country different than its domicile, if the products are going into a single country, this should have raised several Red Flags.

Three Key Takeaways:

  1. Use auditing and monitoring.
  2. Distributors will be treated the same as other business ventures.
  3. Robust due diligence must be performed.
Categories
Coming Conflict with China

Coming Conflict with China: Part 3 – Exports and Rebalancing the Global Economy

In the short span of the 21st Century, the world’s top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? In this special 5-part series, Tom Fox and Brandon Daniels, CEO of Exiger, a leading global third-party and supply chain management software company, explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In Part III, we consider issues related to US exports to China and markets for US products if the China market is closed off to US companies.

The US-China conflict is intensifying, and as a result, businesses that export to China are feeling the strain. US companies exported nearly $149 billion worth of goods to China, but China still exports over $400 billion to the US. Do these trade deficits still matter? What happens when your biggest customer is no longer available? How do you go about finding new markets and reshoring customers? Join us as we explore this and other export issues in Part 3 of this special five-part series.

Key Highlights:

1. The importance of balancing the US-China economic relationship in light of the current crisis.
2. How does a business consider customer location an existential risk?
3. The potential for global economic rebalancing through collaboration between democracies.

Notable Quote

“We have to figure out how to make this a global market and ensure that this doesn’t just become some sort of nationalistic retrenchment.”
Resources

Exiger

Tom Fox

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Other episodes in this Series:
Episode 1-From Potential Conflict to Real Danger

Episode 2-Supply Chain Issues

Categories
FCPA Compliance Report

Khayot Salijanov – Compliance in Uzbekistan

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, I am joined by Khayot Salijanov, a Master’s Degree candidate at the University of Pittsburgh. He is originally from Uzbekistan, and we discuss compliance in emerging markets. We discussed the history of compliance and corruption in Uzbekistan and the government’s steps to increase compliance through laws like public procurement and creating an anti-corruption agency. Khayot then provides insight into the two biggest challenges faced in 2020, communication and conducting effective investigations, as well as emphasizing the importance of leadership buy-in. Finally, Khayot suggests that to start a management consulting career; one should focus on creating relationships and ownership, creating value, and gaining leadership buy-in. 

Key Highlights

·      The History of Compliance In Uzbekistan

·      Protecting Yourself When Doing Business in Uzbekistan

·      The Importance of Leadership Involvement in Creating a Robust Compliance Program

·      Creating Business Value Through Compliance Programs

 Notable Quotes

·      “And also it has a good program, a good tailored program, including ethics and risk management also sustainable business issues, which I’m interested in because I think sustainable business is part of compliance.”

·      “It’s essential to create family-based ownership to achieve success.”

·      “The government’s anti-corruption and anti-bribery policy has changed drastically.”

·      “Absolutely. Thank you for inviting and having me, Thomas. I have a lot of things to tell our listeners about Uzbekistan, specifically about compliance.”

·      “These events mark the beginning of designing and implementing corporate compliance standards in the private sector.”

Resources

Khayot Salijanov on LinkedIn

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

Following the Money Through Distributors

Polycom came to FCPA grief in China, as have many other US companies. The bribery scheme was long running, occurring from 2006-2014. They included the creation of an off-the books accounting and recordation system for corrupt payments made by or on behalf of Polycom China. The money to fund these bribes came through variations of the basic bribery scheme. There would be a discount between the price reported to Polycom and that paid by the buyer. These discounts were not passed on to the end customer, but instead were intended to cover the cost of the payments the distributors made to the Chinese government officials.

In other words, this discount would form the basis of the pot of money to pay the bribe.
The Chinese business unit was equally creative with the reasons for the discounts, which were listed in the CRM. Polycom China usually cited competition with one or more vendors was required to give discounts on pricing. They also claimed that some end-using customers refused to pay full price. However these were all false excuses entered into the CRM to hide the truth from auditors and others charged with reviewing and approving the discounts.
Three Key Takeaways

  1. Channel your inner Woodward and Bernstein and follow the money.
  2. Simply because some type of compliance oversight is difficult or requires extra effort, it is no excuse not to monitor.
  3. Channel you inner Ronnie Reagan as well and ‘trust but verify.
Categories
Blog

Coming Conflict with China-Business Challenges and Responses: From Potential Conflict to Real Danger

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? For this special 5-part blog post series, I visited with Brandon Daniels, CEO and President of Exiger, to explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In Part I, from potential conflict to real danger.

It is time to ask some tough questions and come up with robust responses to the challenges. With China’s increasing attempts to subvert the US economy, decrease transparency of its business practices, and the use of its blocking statutes that protect its companies from US laws, the situation is becoming increasingly challenging. What steps can you take to safeguard yourself and your business? Join us to explore these questions and more in this special series.

Here are the steps you should follow to begin to think your organization’s business and operational security.:

  1. Identifying potential threats and risks in the global business and commerce ecosystem.
  2. Developing a strategy to diversify the global supply chain to mitigate risks and increase security.
  3. Finding alternate sources of supply and production in different countries to create redundancy and increase diversity.

1.Identifying potential threats and risks

Identifying potential threats and risks in the global business and commerce ecosystem requires an understanding of how geopolitical tensions and economic coercion can impact businesses and markets. When looking at the arrests of Mintz’s Group employees in Beijing and the potential for China to subvert our global free market, it is important to consider how Chinese investments in critical technologies, like battery plants, and their control of resources, like cobalt and copper, could be used to manipulate the market. It is also important to be aware of China’s attempts to restrict access to economic policies, like tariffs, that make it cheaper to manufacture in China than in Vietnam or Malaysia. It is important to consider the impact of China’s annexing of other countries, their blocking statutes, and their potential to use Uighur forced labor in their garment industry, all of which could lead to human rights issues. By understanding the potential threats and risks, businesses can be better prepared to put appropriate measures in place to protect their data, their people, and their customers.

  1. Developing a strategy to diversify your global supply chain 

Developing a strategy to diversify the global supply chain to mitigate risks and increase security is a crucial step in mitigating potential risks associated with China’s increasing adversarial activity. To ensure the safety and security of a company’s supply chain, it is important to diversify its sources of supply, especially for critical infrastructure such as logic bearing circuitry and pharmaceutical ingredients. Your organization should think twice before accepting a cheap bid from a Chinese company and instead diversifying to sources from countries such as Japan, South Korea, the United Kingdom, and the United States. By diversifying supply chain sources, companies can ensure that they are not over-dependent on any one country, and can also take advantage of premium pricing that comes with diversity, security and redundancy in their commerce.

  1. Finding alternate sources of supply and production

Finding alternate sources of supply and production in different countries to create redundancy and increase diversity is an important step in mitigating risk in a highly unpredictable geopolitical environment. To do this, you should start by looking into local manufacturing capabilities and taking the opportunity to support companies from other countries, such as Japan, Korea, the UK, the US, Mexico, and Canada. These countries may be more reliable in their political stability and may offer a premium for the security that comes with diversity. Additionally, it is important to investigate the state of the industries in these countries and what investments they are making. For example, Japan is investing heavily in their electronics sector, Korea in semiconductors, and the US and Canada in AI. To ensure your business is protected, you should also consider investing in a backup plan in case of disruption from your current source. This could involve researching other suppliers, negotiating contracts with them, and training staff and operations to use them. By investing in these alternate sources and plans, you will be able to create redundancy and increase diversity in your supply chain, ultimately making your business more secure.

The importance of identifying potential threats and risks in the global business and commerce ecosystem and developing a strategy to diversify the global supply chain to mitigate risks and increase security cannot be overstated. You should be working to find alternate sources of supply in different countries to create redundancy and increase diversity. By taking the necessary steps to understand the potential risks of doing business with China, businesses can be better prepared to protect their data, their people, and their customers. Opaqueness is the foe of transparency.  With the right knowledge and strategy, you too can ensure the safety and security of your business.

For a deeper dive into these issues, check out the 5-part podcast series with Tom Fox and Brandon Daniels, here.

Categories
FCPA Compliance Report

Erica Salmon Byrne on 2023 World’s Most Ethical Companies

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, I am joined Erica Salmon Byrne, President of Ethisphere, to discuss the World’s Most Ethical Companies awards. Byrne explains the evaluation process and what types of areas are investigated. She highlights how the list has fluctuated over the years and the importance of a company’s people practices. Through the cross functional scorecard, companies can measure their performance compared to a global index.

We discuss the importance of “ethics premium” and the scorecard process. To measure the value of a company’s people practices, the survey demonstrated an outperformance of 13.6% against a comparable global index. Byrne also gives information to listeners on where to find more information on the world’s most ethical companies. Tune into this episode of the FCPA Compliance Report and learn more about the World’s Most Ethical Companies. 

Key Highlights

  1. What is the World’s Most Ethical Companies® recognition?
  2. How long has Ethisphere recognized the World’s Most Ethical Companies?
  3. What are criteria Ethisphere considers during the evaluation process? What is the evaluation framework.
  4. What are the benefits of applying for the World’s Most Ethical Companies?
  5. Even if a company is not selected, what are some of the benefits?
  6. What is the Ethics Premium and what was the 2023 Ethics Premium? 

 Notable Quotes

“What does the recognition itself mean? So, you know, it’s  really interesting, Tom. Because I I’ve asked a lot of honorary companies about that. And I  particularly liked the way 1 company phrased it to me when I was talking to them last week, and they said, look, there are lots and lots of times that companies get recognized for messing up.”

“We’re looking at the ways you are thinking about, your impact on the communities in which you operate. We are looking at your ethics and compliance program initiatives. We’re looking at the way you are governing your programs both at the board level and at the C suite level. We’re looking at your leadership and your reputation.”

“I’ve had multiple compliance officers tell me that their best self-assessment work is just reading the red line of our survey every year and asking themselves would I answer this new question from Ethisphere?”

“Are there questions on this survey I can’t answer without going and speaking to somebody else? Do I know who that person is? And if not, why not? Because all of those relationships are critical relationships to operating your program well.”

 Episode Links

World’s Most Ethical Companies

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for Business Ventures-Franchisor Liability


There remains a question about franchisor liability under the FCPA. Franchising has been a successful model in the U.S. and now many corporations are looking at overseas expansion opportunities. Franchise law has become well developed across the U.S., with many states developing laws to protect the rights and obligations of both parties in a franchise agreement.
There are no reported FCPA enforcement actions regarding franchisors. However, the factors in a franchise relationship would appear to lead to clear FCPA responsibility of the franchisor for its overseas franchisee’s actions. Additionally, court interpretation of the FCPA has held that it is applicable where conduct is used “to obtain or retain business or secure an improper business advantage” which can cover almost any kind of advantage, including indirect monetary advantage even as nebulous as reputational advantage. As everyone knows, the FCPA prohibits payments to foreign officials to obtain or retain business or secure an improper business advantage. Nevertheless, many U.S. companies view franchisees as different from other types of more direct sales representatives, such as company sales representatives, agents, resellers or even JV partners, for the purposes of FCPA liability.

The Master Franchise model is typically the most used model in international franchise expansion. It generally revolves around a Master Franchise agreement between the U.S. based franchisor and a franchisee in a specific geographic territory. This franchisee then contracts with third-party sub-franchisees within the specified territory. Typically, the U.S.-based franchisor will have no contractual relationship with the international sub-franchisees. The master franchisee acts as the franchisor in the local market and recruits, trains, and provides other support in the local area on behalf of the U.S. franchisor. Here the FCPA exposure is both direct and indirect.
While some believe that a franchisor may not have direct involvement in conduct prohibited by the FCPA, as there may not be the requisite corrupt intent required under the statute. However, unless a franchisor has an adequate compliance program in place, a franchisor may well find itself in the shoes of Frederic Bourke and sustain a finding of conscious indifference.
Three key takeaways: 

  1. Consider the different types of international franchise agreements to help assess your compliance risk.
  2. There are no reported FCPA enforcement actions involving international franchisors, yet.
  3. Franchisors must conduct thorough research in both the foreign market they hope to enter and on their potential franchisees.
Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 2

What happens when two top compliance commentators get together? They talk compliance of course. Join Kristy Grant-Hart and Tom Fox for their new podcast, 2 Gurus Talk Compliance! But it is not simply Kristy and Tom talking compliance. In this podcast series Kristy and Tom review  other top commentators in compliance as well. In this podcast, we will consider all things compliance, corporate ethics, ESG, governance, and whatever else is on our minds and the minds of other experts in the field. Kristy and Tom explore all of these topics with expertise and wit.

2 Gurus Talk Compliance will include a deep dive into the latest headlines, as well as ask hard hitting questions and provide valuable insights on the current happenings of the world. Don’t miss out this week, as Tom and Kristy look at how the new DOJ pilot program and update to the evaluation of corporate compliance program guidance will affect dailiness operations.

 Highlights Include

·      Moral hazard for DOJ/Compliance

·      Global Corporate Governance Trends for 2023

·      Assessment of Monaco/Polite Speeches and new ECCP

·      Compliance in the Metaverse

·      Five hard leadership bills to swallow.

·      Former Blue Bell CEO Pleads Guilty

·      $9 Million Cow Manure Ponzi Scheme

·      Lessons Learned from Ericsson’s DPA Breach

·      Serious Fraud Office Abandons Prosecution

·      2023 Evaluation of Corporate Compliance Programs

 Notable Quotes

1.      “The effect on the economy is much more severe than I would have ever thought. The market tanked, basically, for 3 days. And of course, the market runs on perceptions. Pretty much like bank runs run on per perceptions.”

2.     “We had some assets disappear over the weekend. We’ve had the federal government come in at backstop that amount, full amount, not just limited to the 250000 per person or entity that the FDIC ensures I think banking regulations will probably change forever because of this event.”

3.      “A couple of weeks ago, we had 2 major speeches by deputy attorney general Lisa Monaco and Kenneth Polite, at the ABA white collar conference that were followed by the release of an updated 2023 version of the Evaluation of Corporate Compliance Programs, a new policy regarding monitors as well, and the announcement of a pilot program.”

Resources 

  1. Moral hazard for DOJ/Compliance 
  2. Global Corporate Governance Trends for 2023 
  3. Assessment of Monaco/Polite Speeches and new ECCP
  4. Compliance in the Metaverse
  5. Five hard leadership bills to swallow
  6. Former Blue Bell CEO Pleads Guilty to Misdemeanor Over Listeria Outbreak
  7. Central Valley Man Pleads Guilty to Nearly $9 Million Cow Manure Ponzi Scheme
  8. Lessons Learned from Ericsson’s DPA Breach: An Internal Investigation Nightmare
  9. U.K. Serious Fraud Office Abandons Prosecution of Former G4S Executives
  10. DOJ Announces Major Changes To Corporate Compliance Program Evaluation

Connect with Kristy Grant-Hart on LinkedIn

Spark Consulting

Connect with Tom Fox on Linkedin

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Distributors as Business Venture Partners

Many compliance practitioners generally view distributors as a part of their third-party risk management program, with most of their attention on the pre-contract phase of the risk management process. Typically, most of the efforts are spent on due diligence with less on managing the relationship after the contract is signed. However, many facets of a corporate relationship with a distributor are closer to those of other business venture partners.

One of the issues in any compliance program is the compensation paid to a business venture partner as FCPA exposure arises when companies pay money – either directly or indirectly – to fund bribe payments. In the traditional intermediary scenario, the company funnels money to a business venture partner, who then passes on some or all of it to the bribe recipient. Often, the payment is disguised. Rethinking approaches to evaluating distributor activities is but one of the ways that the increased number of enforcement actions, 2020 FCPA Resource Guide, 2nd edition and DOJ’s 2020 Update to the Evaluation of Corporate Compliance Programs, have provided insight into how the government interprets and enforces the FCPA. This information, in turn, allows companies to get smarter about FCPA compliance. With a manageable amount of forethought, companies who rely on distributors can create, install and maintain systems which allow them to spend fewer resources to more effectively prevent violations. Moreover, these systems generate tangible proof of a company’s genuine commitment to FCPA compliance, by more fully operationalizing this aspect of their compliance program.
Many companies have been involved in FCPA enforcement actions because of distributors. This sales side channel does not receive the focus equal to that of commissioned sales agents. Yet it can present an equally large compliance risk. By using this DAR approach, you will have created a well-thought out process which will operationalize your compliance program around distributor compensation, in a manner which documents your decision-making calculus.
Three key takeaways: 

  1. The creation of well-thought out process which operationalizes your compliance program around distributor compensation, in a manner which documents your decision-making calculus is key.
  2. Require multiple levels of approval for an out of range distributor discount.
  3. Tracking distributor discounts globally makes your company more efficient.