Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Stories we are following in today’s edition:
The next area for policies is extortion payments, which not are made illegal under the FCPA. Extortion payments are made for any action which threatens or demands payment for life, liberty, or health. These should be exempted out from your facilitation payments and your compliance program through specific language. You need to do this for a variety of reasons. First and foremost, your employees must understand that the company will support them if they are in any way threatened with harm, with arrest or physical detention, their health/safety is threatened. As a compliance professional, you need to make sure they understand they need to do whatever they have to do to get themselves out of such a situation.
Some of the situations your employees might face are along the lines of the following:
The key though is that it be properly documented. But more than simply the documentation is that you must specifically list extortion payments in your books and records, so you will not be suspected with hiding them by describing them as something else. The key is to train your employees specifically on the actions to take. In your policy, state that if there is a threat to health, safety or liberty, it is not a facilitation payment but an extortion payment. Make sure that they understand what their rights are and what their obligations are to report it when they come back to the corporate office or their office. Always remember, an extortion payment is not a FCPA violation.
Three key takeaways:
For more information, check out The Compliance Handbook, 4th edition, here.
As every compliance practitioner is well aware, third-parties still present the highest risk under the FCPA. The DOJ 2023 ECCP devotes an entire prong to third-party management. It begins with the following: A well-designed compliance program should apply risk-based due diligence to its third-party relationships. Although the degree of appropriate due diligence may vary based on the size and nature of the company or transaction, prosecutors should assess the extent to which the company has an understanding of the qualifications and associations of third-party partners, including the agents, consultants, and distributors that are commonly used to conceal misconduct, such as the payment of bribes to foreign officials in international business transactions.
This set of queries clearly specifies the DOJ expects an integrated approach that is operationalized throughout the company. This means your compliance program must have a process for the full life cycle of third-party risk management. There are five steps in the life cycle of third-party management: 1) business justification; 2) questionnaire to third-party; 3) due diligence on third-party; 4) compliance terms and conditions, including payment terms; and 5) management and oversight of third parties after contract signing.
I continually give my mantra of compliance, which is “Document, Document, and Document”. Each of the steps you take in the management of your third parties must be documented. Not only must they be documented but they must be stored and managed in a manner that you can retrieve them with relative ease. The management of third parties is absolutely critical in any best practices compliance program.
Three key takeaways:
For more information, check out The Compliance Handbook, 4th edition, here.
From the information provided by the DOJ in Opinion Releases and in enforcement actions, there are several different insights which may be drawn on regarding what should go into your policy on facilitation payments. Do not forget that facilitation payments must be accurately shown on the books and records of your company. In all cases the employee who requested permission to make the facilitation payment must be responsible for obtaining all required approvals and forwarding a copy of the approvals and any other relevant supporting documentation as required, so that the it is recorded as a facilitation expense in the books and records and maintained in a central file. Facilitation payments should not be recorded as consulting fees, entertainment expenses, or other types of expenses that may misrepresent the true nature of the payments.
There may be emergency situations when it will be difficult or impossible for employees to obtain approvals before having to decide whether or not to pay a facilitation payment. If the facilitation payment is made in an emergency, the employee reports the facilitating payment to the compliance department and explains the emergency as soon as practical after making the facilitation payment.
Three key takeaways:
For more information, check out The Compliance Handbook, 4th edition, here.
One of the more confusing areas of the FCPA is in that of facilitation payments. Facilitation payments are small bribes but make no mistake about it, they are bribes. For that reason, many companies feel they are inconsistent with a company culture of doing business ethically and in compliance with laws prohibiting corruption and bribery. Further, the 2020 FCPA Resource Guide specified, “while the payment may qualify as an exception to the FCPA’s anti-bribery provisions, it may violate other laws, both in Foreign Country and elsewhere. In addition, if the payment is not accurately recorded, it could violate the FCPA’s books and records provision.” Additionally, the 2020 FCPA Resource Guide stated, “Whether a payment falls within the exception is not dependent on the size of the payment, though size can be telling, as a large payment is more suggestive of corrupt intent to influence a non-routine governmental action. But, like the FCPA’s anti-bribery provisions more generally, the facilitating payments exception focuses on the purpose of the payment rather than its value.”
In addition to these clear statements about whether the FCPA should continue to allow said bribes; you should also consider the administrative nightmare for any international company. The U.K. Bribery Act does not have any such exception, exemption or defense along the lines of the FCPA facilitation payment exception. This means that even if your company allows facilitation payments, it must exempt out every U.K. Company or subsidiary from the policy. Further, if your company employs any U.K. citizens, they are subject to the U.K. Bribery Act no matter who they work for and where they may work in the world, so they must also be exempted. Finally, if your U.S. Company does business with a U.K. or other company subject to the U.K. Bribery Act, you may be prevented contractually from making facilitation payments while working under that customer’s contract. As I said, an administrative nightmare.
Three key takeaways:
For more information, check out The Compliance Handbook, 4th edition, here.
When is a rose not a rose? When it is a charitable donation not made for philanthropic purposes and violates the FCPA. This was a feature of the Eli Lilly and Company (Lilly) FCPA enforcement action brought by the SEC in 2012, involving a bribery scheme utilized by Lilly in Poland. The scheme and FCPA violations mirrored an earlier FCPA enforcement action, also brought by the SEC as a civil matter, rather than by the DOJ as a criminal matter, against another U.S. entity Schering-Plough, for making charitable donations in Poland which violated the FCPA. One of the remarkable things about both of these enforcement actions, brought almost eight years apart, was that they involved improper payments to the same Polish charitable foundation to wrongfully influence the same Polish government official to purchase products from both of these companies.
Three key takeaways:
For more information, check out The Compliance Handbook, 4th edition, here.
Welcome to 10 For 10, the podcast which brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.
You can check out the Daily Compliance News for four curated compliance and ethics related stories each day, here.
Connect with Tom
What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode! In this episode, Tom and Kristy take on a wide variety of topics, including a visit to Florida Man.
In the world of business, compliance and investigation protocols play a crucial role in ensuring fairness, consistency, and institutional justice. Organizations need to establish robust frameworks to handle incidents effectively and mitigate risks. In this episode of 2 Gurus Talk Compliance, a new investigation by the FCA in the UK, Rubiales resigns (finally), an interesting cyber compliance enforcement action, and Roger Ng. Kristy takes the lead in highlighting a new DOJ Opinion Release. Join them as they delve deeper into this topic on this episode of the 2 Gurus Talk Compliance podcast.
Highlights Include:
1. Insufficient cyber plan = FCA violation. (DOJ Press Release)
2. Roger Ng banned for life. (YaHooFinance)
3. FASB adopts crypto accounting rules. (WSJ)
4. Ken Paxton and slow creep of corruption. (Texas Tribune)
5. Rubiales resigns. (NYT)
6. U.K. Financial Regulator to Review Bank Treatment of Politically Exposed Persons (WSJ)
7. FCPA Opinion Release Provides Guidance on Payment of Travel and Other Expenses for Foreign Government Officials (Volkov)
8. AI in Employment: Privacy Regulation Is Here (PLI Chronicles/Gibson Dunn)
9. Is It Time to Update Your Company’s Dress Code? What ‘Business Casual’ Means Today (Inc.)
10. Florida man banned from the ocean after trying to sail homemade hamster wheel (local news)
Resources
Kristy Grant-Hart on LinkedIn
Tom
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent DOJ enforcement action involving Verizon Business Network Services for failure to have an effective cyber security compliance program.
The recent case of Verizon’s non-compliance with cybersecurity standards and subsequent remediation efforts has sparked a significant conversation in the realm of cyber compliance. Tom views this case as a roadmap for companies to enhance their cybersecurity programs, emphasizing the importance of gap analysis and pressure testing. He draws parallels between cybersecurity compliance and the Foreign Corrupt Practices Act (FCPA) compliance, suggesting that Verizon’s case could serve as an example for other companies.
Matt applauds Verizon’s voluntary self-disclosure and extensive remediation efforts. He underscores the importance of disclosure, cooperation, and remediation in both cybersecurity and corruption cases, viewing Verizon’s actions as a positive example for other companies. Join Tom Fox and Matt Kelly as they delve deeper into this topic in the latest episode of the Compliance into the Weeds podcast.
Key Highlights
· Verizon’s Cybersecurity Program Failures
· Enhancing Cybersecurity Compliance through Remediation Measures
· Automating Compliance Efforts with GRC Tools
· Potential Penalties for Non-Disclosure of Cybersecurity Issues
Resources
Matt in LinkedIn
Tom
