Tag: DOJ

Categories
The Compliance Life

Stephen Martin – College & Early Professional Career in Government Service

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to successfully navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Stephen Martin, CCO at Skillsoft on his path to the CCO Chair.

Stephen received his undergrad degree from Creighton University, his law degree from the University of Denver, and an LLM from Georgetown. He began his career at the state of Missouri’s Attorney General audiences where he handled both trial and appellate work. He moved from there to the Department of Justice under the Clinton administration. Working at both state and federal levels gave him great practical hands-on experience in the courtroom and Court of Appeals.

Resources

Stephen Martin LinkedIn Profile

Categories
Blog

Some Thoughts on Clawbacks

Clawbacks have become a new topic in Foreign Corrupt Practices Act (FCPA) enforcement and compliance with the announcement of the Monaco Doctrine and release of the Monaco Memo. Matt Kelly, writing in Radical Compliance, noted, “The Securities and Exchange Commission [SEC] enacted a rule today that will require public companies to adopt and disclose executive compensation clawback policies, echoing the Justice Department’s effort to make companies exercise clawbacks more often when their executives commit misconduct.” With these developments, I thought it would be a good time to look at clawbacks and what they might mean for a corporate compliance program.

Let’s start with the basics, as in what is a clawback? According PayCor.Com a clawback “is a provision within a business or employment contract that allows—under a prescribed set of circumstances—an organization to reclaim incentive or bonus funds previously paid to an employee. Clawback clauses provide a form of guarantee in situations where a business needs to respond to employee misconduct, poor job performance, low achievements or a general decline in revenue.” The two key requirements are that (1) it is a ‘provision’ i.e., a written clause in a written employment agreement and (2) it is for compensation received in the form of an incentive or bonus, i.e., not salary. This second provision will be a critical point for employees.

Sanjai Bhagat and Charles M. Elson, in a Harvard Business Review (HBR) article entitled “Why Executive Compensation Clawbacks Don’t Work”, said, “the executive pay “clawback,” an idea that had its debut during the discussion around the passage of the Sarbanes-Oxley Act [SOX] in 2002, has become an increasingly common provision in executive compensation packages. In theory, clawback policies enable companies to recover incentive pay granted to executives for achieving financial performance targets on the basis of decisions and actions that subsequently turn out to be ethically and legally questionable, and which impose significant monetary and reputational liabilities on the company.” Indeed, as reported in the Wall Street Journal(WSJ), there have 11 executives sued by or who have settled with the SEC, based upon SOX.

Michael Schrage, in a 2012 HBR piece entitled “Bonuses Are Good, But Clawbacks Make Them Better”, said of the actions which can lead to clawbacks, “The behaviors may not be criminal or even unethical but they undeniably lead to decisions where individuals maximize their own compensation at the expense of their organization in potentially destructive ways. This typically holds true for the highest-ranking and most dynamic slices of industry, whether financial services, professional sports, health care or high tech.” This articulation would seem to fit in both the Department of Justice (DOJ) and SEC recent pronouncements.

While the regulators have focused on the punitive aspects of clawbacks, Schrage also notes they are the mirror for incentive-based compensation. “The fundamental asymmetry, of course, is the presence of bonuses and an absence of clawbacks. That is, individuals and teams may receive impressively large and ostensibly “performance-based” bonuses if they hit their numbers.” If there is no response for those who lie, cheat and steal to get such compensation, he believes an organization “is guilty of bad behavioral economics and even worse management” and that clawbacks are “deterrents and insurance policies for organizations that fear that talented individuals may take inappropriate and unsustainable shortcuts to get the bonus. Clawbacks are an essential technique for balancing long-term business health against short-term bonus wealth.”

All of this means that you should not think of compensation incentives and clawbacks as separate tools in your compliance tool kit but as complimentary tools to help foster a best practices compliance program. Bhagat and Elson propose “incentive compensation of corporate executives should consist only of restricted equity”; that is, an executive cannot sell shares of stock or exercise the options for six to 12 months after their last day in office. They believe, “This would prevent executives from capturing the financial gains from questionable decisions or actions before the longer-term costs of those decisions or actions became apparent. And from the company’s perspective, it is clearly easier to simply withhold the stock or options than to attempt to recover cash paid out.”

It would also make things from the SEC reporting perspective a bit easier as well, because as Kelly noted, the “SEC is requiring companies to develop and implement a policy providing for the recovery of erroneously awarded incentive-based compensation” which must “be filed as an exhibit in the company’s annual report, and the report must include disclosures about “any actions an issuer has taken pursuant to such recovery policy.””

The bottom line is that while both the SEC and DOJ’s thinking on clawbacks has evolved, the business commentary has been talking about clawbacks as a part of a best practices compensation program for some time. Bhagat and Elson wrote, “It is critical to good governance that companies be able to recover compensation from senior executives that has not been fairly and fully earned.” Schrage went further, stating, “Healthy conversations around clawbacks are as important to risk-management and employee morale as well-designed incentive-based compensation programs and a generous bonus pool. I’d argue there’s no such thing as well-designed incentive compensation programs that don’t have a carefully calibrated clawback component. Emphasizing bonuses at the expense of clawbacks is bad for everyone.”

With these new statutory requirements from the SEC based upon Dodd Frank and the pronouncements laid out in the Monaco Memo, clawbacks represent one of those rare mechanisms which represents a convergence between legal and regulatory concerns and better business outcomes. The government wants assurances that executive compensation is not determined by FCPA violations, financial fraud or other nefarious conduct and business want processes that those who do business ethically and in compliance by creating value through best practices compliance rather than cheating and law-breaking are properly incentivized.

Categories
Compliance Into the Weeds

Lafarge and the Cost of Moral Bankruptcy

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, we consider the recent guilty plea by Lafarge, the French cement giant now owned by Holcim, for paying bribes and protection money to ISIS and doing business in Syria with ISIS. Highlights include:

  • What are the background facts?
  • What were the bribery and payment schemes?
  • What are the compliance lessons learned?
  • How will the victim status play out?
  • Who will guarantee compliance of Lafarge with the Plea Agreement?

 Resources

Tom in the FCPA Compliance and Ethics Blog

Categories
Daily Compliance News

October 25, 2022 the Crime Victim Status Edition

In today’s edition of Daily Compliance News:

  • DOJ alleges Huawei agent tried to bribe agent. (WSJ)
  • The long-term damage of Fat Leonard. (Foreign Policy)
  • The US updates guidelines on victim and witness assistance. (Reuters)
  • Families of Boeing crash fatalities granted crime victim status. (NYT)
Categories
Blog

Lafarge: Part 1 – Corruption at the Top

On April 24, 2017, Holcim Group issued a press release announcing the conclusion of the investigation into the payment of its subsidiary LaFarge to designated terrorist organizations. The Press Release stated in part, “The Board has now concluded the independent investigation and confirmed that a number of measures taken to continue safe operations at the Syrian plant were unacceptable, and significant errors of judgement were made that contravened the applicable code of conduct. The findings also confirm that, although these measures were instigated by local and regional management, selected members of Group management were aware of circumstances indicating that violations of Lafarge’s established standards of business conduct had taken place. . . .”

This statement is but one step in a lengthy and sordid process where LaFarge SA (before it merged with Holcim) made millions of dollars in payments to the terrorist group ISIS so that it could keep its Syrian cement plant open and get all the business it could do so during the Syrian Civil War. The Press Release concluded, “In hindsight any misdeeds may seem clear. However the combination of the war zone chaos and the “can-do” approach to maintain operations in these circumstances may have caused those involved to seriously misjudge the situation and to neglect to focus sufficiently on the legal and reputational implications of their conduct.” Indeed. [Emphasis supplied]

As reported by Law360, “France-based Lafarge and its defunct Damascus, Syria unit Lafarge Cement Syria, or LCS, each pled guilty to a count of conspiring to provide material support to foreign terrorist organizations and will pay a total of $777.78 million.” According to the Plea Agreement, this total amount consisted of a total criminal fine of approximately $91 million and forfeiture of $687 million. Please note this is not a Foreign Corrupt Practices Act (FCPA) enforcement action but an enforcement action based on USC 2339B for one count of conspiracy to provide material support to one or more foreign terrorist organizations. While this is not a FCPA enforcement action, it is a matter about corporate culture, tone at the top, senior executive involvement in corruption; in short it is all about compliance and ethics. This complete failure of compliance and ethics makes it a forceful study of the failings of corporate culture in the starkest way possible.

As laid out in the Statement of Facts, Lafarge finished construction of the Jalabiyeh Cement Plant in northern Syria at a cost of approximately $680 million and began operations in 2010. However, almost immediately “it faced strong competition from cheaper cement imported into northern Syria from Turkey, and in December 2010, Executive 3 sought the assistance of Intermediary 1 to intervene with the Syrian government to control the importation of competing Turkish cement.” In early 2011, the Syrian Civil War broke out and LCS wanted to be the biggest supplier in the soon to be war ravaged country. However, in 2012, ISIS began to gain strength and take over territory near the plant. ISIS also threatened LCS employees through intimidation and kidnapping.

Thereafter, five Lafarge executives from the corporate home office became involved in two-year campaign to pay off ISIS to allow the plant to keep in operation and to not threaten its employees. Beginning in the spring of 2013, Lafarge began paying protection money to ISIS through intermediaries and other third-party suppliers. The reason articulated was laid out in the Statement of Facts, (1) keep the investment in the physical assets (i.e., the plant); (2) keep the investment made in employees; (3) stay in the market to keep out Turkish competitors; and (4) make some profits. The payoffs to ISIS were made through a variety of schemes.

There was the old-fashioned way – cash, in the form of fixed monthly payments. There were payments made through intermediaries. You could not call them sales agents, but they were third parties charged with getting the protection for the bribes paid by LCS. There was a ‘tax’ paid on each truck that went in or out of the plant on roads controlled by ISIS. Eventually, in late 2013, these mechanisms morphed into a new business relationship between LCS and ISIS so that both sides were paid out of the profits from the sale of cement in Syria. For LCS it was simply a cost of doing business. At one point, Intermediary 1 was quoted for the following, “We currently sell for $8 to $10 million per month, with a $2 million profit, and pay less than 1⁄4 for protection. Other factories are paying for protection just to exist, without making the profits we are.”

But it did not simply stop with sales and ROI on paying bribes. LCS also purchased raw materials from ISIS, thereby contributing to international terrorism. The Statement of Facts noted, “Also in or about late 2013, LCS began to use Intermediary 2 to engage directly with ISIS-connected suppliers for the purchase of raw materials and supplies. LAFARGE and LCS retained the services of Intermediary 2 after he had personally met with the then-LAFARGE Group Honorary Chairman and a member of the LAFARGE Board of Directors who was a former LAFARGE Chief Executive Officer on September 16, 2013.”

Over the next few blog posts, I will be looking at the Lafarge enforcement action for lessons for the anti-corruption compliance professional. However, there are two additional points buried in all this corruption which bear noting. The first was reported by Pete Brush, in the Law360 article cited above, who wrote that during the court hearing where US District Judge William F. Kuntz II accepted the company’s guilty plea, he stated “This case impacts the victims of terrorist acts.” This would seem to indicate that any person who may have been the victim of ISIS terrorism could now bring suit against Lafarge (open question as to its successor).

The second item was buried in the Plea Agreement which said, “Lafarge’s commitment, in Attachment B, to guarantee the Defendants’ compliance with the terms of this Agreement.” [Emphasis supplied] Note the language used is not ‘certification’ as articulated in the Monaco Memo but ‘guarantee’ compliance with the terms of the Plea Agreement. How would you like to be the one who made that representation?

Tomorrow, we look at the bribery/payment schemes.

Categories
Daily Compliance News

October 22, 2022 the Managers are Not Alright Edition

In today’s edition of Daily Compliance News:

  • Avoiding corruption in Ukraine reconstruction. (Brookings Institute)
  • Middle managers are not OK. (Bloomberg)
  • Meta continues to seek debarment of FTC chief. (Reuters)
  • Senate asks DOJ to publish white-collar prosecution data. (WSJ)
Categories
Daily Compliance News

October 12, 2022 the Serial Edition

In today’s edition of Daily Compliance News:

  • Russian invasion raised AML enforcement profile. (WSJ)
  • Serial podcast subject Adnan Syed freed. (WaPo)
  • SEC is looking at financial advisors’ comms. (Reuters)
  • Corruption is still prevalent in the communications sector. (Lexology)
Categories
Corruption, Crime and Compliance

Episode 249 – DOJ Issues New Corporate Enforcement Policy

The Biden Administration promised a new, aggressive approach to corporate crime. Well, the Justice Department just delivered a new, comprehensive policy that raises a number of issues, some of which are likely to be controversial. The new policy incorporates reforms announced last October that largely centered on prior corporate criminal and civil records, the appointment of independent compliance monitors, and expanding the review of responsible persons in an internal investigation. The Justice Department’s new Corporate Enforcement Policy (“CEP”), however, expands on earlier policy changes but includes some new and far-reaching reforms intended to increase individual accountability and promote corporate culture through financial incentives and deterrence policies. This last idea is a significant expansion of DOJ’s CEP and is sure to reverberate through the business and compliance community. Chief compliance officers face a new requirement for their companies — creating an effective system of carrots and sticks to punish misconduct and increase rewards for ethical behavior.DOJ’s new CEP also lays the groundwork for further consideration of corporate responsibility for preserving electronic messaging, ephemeral services, and other electronic data. DOJ’s discussion in this area reflects DOJ’s frustration with a corporate internal investigation that omits access to electronic data, especially in those situations where employees use personal devices for business-related communications. The revised CEP provides guidance to prosecutors and the business community to ensure individual and corporate accountability through the evaluation of various factors, including (1) Corporate History of Misconduct; (2) Self-Disclosure and Cooperation; (3) the Strength of a Company’s Compliance Program; (4) the Use and Monitoring of Corporate Monitors (including their selection and scope of a monitor’s work).

Categories
Blog

Oracle: FCPA Recidivist Part 4 – the Comeback and DOJ

After revisiting “Parking in India” from 2012, we return to explore more from the Foreign Corrupt Practices Act (FCPA) recidivist Oracle Corporation. We previously reviewed the bribery schemes in general and how they worked in practice. Given not simply the recidivist status but the nature and location of the bribery schemes, one might reasonably ask questions about the resolution. Quite simply, how did Oracle achieve the result they did?

The Comeback

Under the FCPA Corporate Enforcement Policy, as developed by the Department of Justice (DOJ), the requirements for leniency were (1) self-disclosure, (2) extensive cooperation during the investigation and (3) thorough remediation up to the conclusion of the matter. Under the recent Monaco Memo, this prong 3 was further explained as creating a compliance program to address the issues which led to the compliance program and then testing that program prior to the conclusion of the resolution. While the Securities and Exchange Commission (SEC) does not have a similar written Policy they have followed the DOJ’s lead on since the implementation of the FCPA Corporate Enforcement Policy in November 2017.

In the 2022 Order, it specified there was some type of self-disclosure. The Order stated, “the Commission [SEC] considered that Oracle self-reported certain unrelated conduct, remedial acts it undertook, and cooperation afforded the Commission Staff.” This is one of the most oblique references to self-disclosure seen in an FCPA enforcement action. It is not clear what the ‘unrelated conduct’ might have been nor how it related to the FCPA violations. Whatever this unrelated conduct was, it was self-disclosed to the SEC and apparently that self-disclosure was enough to satisfy the SEC that self-disclosure had occurred.

The next requirement is thorough cooperation with the SEC during the investigation. Here the Order stated, “Oracle’s cooperation included sharing facts developed in the course of its own internal investigations, voluntarily providing translations of key documents, and facilitating the staff’s requests to interview current and former employees of Oracle’s foreign subsidiaries.” Each one of these factors should be digested by every compliance officer to understand what the SEC thinks is important. It may be different from the DOJ, particularly after the Monaco Memo, but these actions are all clearly important to the SEC.

Finally, of course, is the remediation. Here the Order specified several actions in greater detail than in most Orders. The Order stated, “Oracle’s remediation includes:

  • terminating senior regional managers and other employees involved in the misconduct and separating from employees with supervisory responsibilities over the misconduct;
  • terminating distributors and resellers involved in the misconduct;
  • strengthening and expanding its global compliance, risk, and control functions, including the creation of over 15 new positions and teams at headquarters and globally;
  • improving aspects of its discount approval process and increasing transparency in the product discounting process through the implementation and expansion of transactional controls;
  • increasing oversight of, and controls on, the purchase requisition approval process;
  • limiting financial incentives and business courtesies available to third parties, particularly in public sector transactions;
  • improving its customer registration and payment checking processes and making other enhancements in connection with annual technology conferences;
  • enhancing its proactive audit functions;
  • introducing measures to improve the level of expertise and quality of its partner network and reducing substantially the number of partners within its network;
  • enhancing the procedures for engaging third parties, including the due diligence processes to which partners are subjected;
  • implementing a compliance data analytics program; and
  • enhancing training and communications provided to employees and third parties regarding anti-corruption, internal controls, and other compliance issues.”

 Resources

These changes appear to be extensive and potentially significant within the greater Oracle compliance program. There was increased resources made available to Oracle through an increase in head count (15 new positions), restructuring of compliance groups and creation of new compliance teams. Additionally, the implementation of a compliance data analytics program would also fall under additional resources. Finally, Oracle moved to more proactive auditing.

Discipline

There were terminations of Oracle employees including “senior regional managers and other employees involved in the misconduct” in addition to the termination of distributors and resellers involved in the misconduct. While not tied to a disciplinary role but clearly in the less is more approach Oracle substantially reduced the number of business partners within its network.

Training

Next was in the area of training. There was enhanced “training and communications provided to employees and third parties regarding anti-corruption, internal controls, and other compliance issues.” This would seem to indicate enhanced training for those remaining business partners.

Internal Controls

Finally, there was the area of internal controls enhancement. Here there were improvements in the following areas: (a) discounting by improving aspects of the Oracle discount approval process and increasing transparency in the product discounting process through the implementation and expansion of transactional controls; (b) procurement through the increased oversight of, and controls on, the purchase requisition approval process; (c) removal of perverse incentives by limiting financial motivations and business courtesies available to third parties; (d) basic GTE by improving its customer registration and payment checking processes and making other enhancements in connection with Oracle technology conferences.

DOJ

Obviously, recidivist behavior is one of the key areas the DOJ focused on in the Monaco Memo. It is one of the factors the DOJ assesses in any resolution of an enforcement action. The Monaco Memo does note that civil penalties over five years old will be given lesser weight so perhaps the 2012 SEC FCPA enforcement action involving Oracle’s conduct in India plays into the SEC analysis here. There is also the question of a monitor for a company with recidivist behavior which Oracle avoided in this SEC resolution. In the Monaco Memo, two of the areas of evaluation are:

  1. Whether, at the time of the resolution and after a thorough risk assessment, the corporation has implemented an effective compliance program and sufficient internal controls to detect and prevent similar misconduct in the future;
  2. Whether, at the time of the resolution, the corporation has adequately tested its compliance program and internal controls to demonstrate that they would likely detect and prevent similar misconduct in the future;

While the SEC Order lays out in detail the remediation, there is no information on any testing performed by Oracle on the new components of its compliance program or on its controls.

As yet there is no information on a DOJ resolution. Given the tenor of the most recent DOJ announcements including the Monaco Memo, and the subsequent speech by Principal Associate Deputy Attorney General Marshall Miller and speech by Assistant Attorney General Kenneth A. Polite, it appears that recidivism will be greatly frowned upon. Also, unclear would be whether the DOJ would require a monitor based upon the remediation made by Oracle as reported in the SEC Order. As noted, there is no indication of testing of the compliance program enhancements. All in all, lots of questions for the DOJ and we will have to wait for a DOJ resolution to see if we can begin to answer some of them.

Please join me tomorrow where I conclude this series by considering what does it all mean for the compliance professional.

Categories
Blog

Oracle: FCPA Recidivist Part 5 – What Does It All Mean?

In this post, we conclude our exploration of the Foreign Corrupt Practices Act (FCPA) enforcement action involving the now recidivist Oracle Corporation. This enforcement action was concluded with the Securities and Exchange Commission (SEC) resulting in an Order. After having examined the background facts and bribery schemes in some details, we turn to what does it all mean for FCPA enforcement going forward and what lessons can the compliance profession draw from Oracle’s missteps.

Paper Programs Fail

One of the most prominent lessons to be garnered from this matter is that paper compliance programs Do Not Work. That may sound like perhaps the most basic truism in all of compliance but here we are in 2022, looking at a major multinational organization which had a ‘check-the-box’ compliance program around distributors and it eventually bit them in the backside.

After having its first FCPA enforcement action in 2012 involving distributors in India, where deep and unwarranted discounts were used to create a pot of slush funds to pay bribes, Oracle instituted a requirement for a ‘second set of eyes’ outside the business unit for unusual or excessive discounts. According to its policies regarding distributors, a valid and legitimate business reason was required to provide a discount to a distributor. Oracle used a three-tier system for approving discount requests above designated amounts, depending on the product. In the first level, Oracle at times allowed subsidiary employees to obtain approval from an approver in a subsidiary other than that of the employee seeking the discount. At the next level and for higher level of discounts, Oracle required the subsidiary employee to obtain approval from another geographic region and the final level (and for the highest discounts) was from someone at the Oracle corporate headquarters. So far so good.

The problem was there was no requirement for evidence of a business justification to support the requested discount. The Order noted, “Oracle reviewers could request documentary support, Oracle policy did not require documentary support for the requested discounts – even at the highest level.” A statement of why you need a discount without any supporting documents as evidence is simply that – a statement. In other words, there was no way for a higher-level approver to determine if such a request was valid or fraudulent. Ronald Reagan was on to a basic compliance concept when he intoned “Trust, but verify.” Those words still ring true as a basic requirement in any compliance program.

Data Analytics

The Oracle enforcement action emphasized why data analytics is mandatory for any current compliance program. In addition to creating slush funds through discounts to distributors, slush funds were created through fraudulent reimbursement requests for expenses associated with marketing Oracle’s products. If the request were under $5,000, business unit level supervisors at the subsidiaries could approve them without any corroborating documentation indicating that the marketing activity actually took place. In one example from the Order, it noted that an Oracle Turkey sales employees obtained such fraudulent reimbursements totaling approximately $115,200 in 2018 that were “ostensibly for marketing purposes and were individually under this $5,000 threshold.” There was apparently no one looking to see who and how often these reimbursement requests were made by any single employee or approved by any supervisor.

This is as basic a fraud scheme as one can imagine. Think of employee gift, travel and entertainment (GTE) reimbursement where anything over $100 must be preapproved. One BD type or one business unit routinely submits requests after purchases of $99.99 so no preapproval is required. The supervisor approves it, and it is automatically paid to the employee. One reimbursement at $99.99 may not raise a red flag but multiple requests should. The same concept holds true in this situation. However, no one at Oracle was looking at this bigger picture. This is where a data analytics program would pick up such anomalies and flag it for closer inspection and investigation. Oracle appears to have realized this through part of its remediation which included the implementation of a compliance data analytics program moving to proactive auditing.

Internal Control Upgrades

Putting in compliance enhancements to remediate your control failures is a key part to any FCPA enforcement resolution. In this area, there were improvements in the following capacities: (a) in distributor discounting by improving aspects of the Oracle discount approval process and increasing transparency in the product discounting process through the implementation and expansion of transactional controls; (b) in the Oracle procurement process through the increased oversight of, and controls on, the purchase requisition approval process; (c) by the removal of perverse incentives by limiting financial motivations and business courtesies available to third parties; (d) in basic gifts, travel and entertainment policies (GTE) by improving its customer registration and payment checking processes in connection with Oracle technology conferences.

Basic GTE

I cannot believe that in 2022 we are talking about companies that still do not have the most basic GTE policies in force. Since at least 2007, the Department of Justice (DOJ) made clear what was appropriate in business travel, business courtesies and business entertainment. Oracle’s 112 Project decidedly was not as it was designed to appear as a business trip to Oracle’s home office (then in California) related to Oracle’s bid on a project. However, the trip was designed to be a sham to hide boondoggle travel for four government officials. The alleged business meeting at the corporate headquarters lasted only 15 minutes and for the rest of the week, the Oracle BD folks entertained the government officials in Los Angeles and Napa Valley and then took them to a “theme park” in the greater Los Angeles area. Any travel involving government officials or any other covered persons under the FCPA should be submitted to and approved by your compliance function, including costs and the itinerary.

There was much to consider from the SEC enforcement action under the FCPA involving Oracle. We still have not heard from the DOJ. There may be more to come….