Tag: FCPA

Categories
31 Days to More Effective Compliance Programs

Day 31 – Using a Root Cause Analysis for Remediation

The 2020 Update re-emphasized the need to perform a root cause analysis and, equally importantly, use it to remediate your compliance program. It stated, “a hallmark of a compliance program that works effectively in practice is the extent to which a company can conduct a thoughtful root cause analysis of misconduct and timely and appropriately remediate to address the root causes.”
It went on to state what additional steps the company has taken “that demonstrate recognition of the seriousness of the misconduct, acceptance of responsibility for it, and the implementation of measures to reduce the risk of repetition of such misconduct, including measures to identify future risk”).”

The key is that after you have identified the causes of problems, consider the solutions that can be implemented by developing a logical approach using data already in the organization. Identify current and future needs for organizational improvement. Your solution should be a repeatable, step-by-step process in which one method can confirm the results of another. Focusing on the corrective measures of root causes is more effective than simply treating the symptoms of a problem or event, and you will have a much more robust solution in place. This is because the solution(s) are more effective when accomplished through a systematic process with conclusions backed up by evidence.

When you step back and consider what the DOJ was trying to accomplish with its 2020 Update, it becomes clear what the DOJ expects from the compliance professional. Consider the structure of your compliance program and how it inter-relates to your company’s risk profile. When you have a compliance failure, use the root cause analysis to think about how each of the structural elements of your compliance program could impact how you manage and deal with that risk.

Three key takeaways:

  1. The key is objectivity and independence.
  2. The critical element is how you used the information you developed in the root cause analysis.
  3. The key is that after you have identified the causes of problems, consider the solutions that can be implemented by developing a logical approach using data already in the organization.
Categories
Daily Compliance News

January 31, 2023 – The Company That Bribed the World Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Stormy Daniels hush money case goes to NY grand jury. (NYT)
  • Too embarrassed to drive a Tesla. (BBC)
  • J&J’s attempt to escape talc powder liability fails. (Reuters)
  • Saman Ashani was sentenced in the US. (FT)
Categories
31 Days to More Effective Compliance Programs

Day 30 – What is a Root Cause Analysis?

One of the most significant changes in the 2020 FCPA Resource Guide, 2nd edition, was the addition of a new Hallmark entitled “Investigation, Analysis, and Remediation of Misconduct,” which reads in full:

The truest measure of an effective compliance program is how it responds to misconduct. Accordingly, for a compliance program to be truly effective, it should have a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents. An effective investigations structure will also have an established means of documenting the company’s response, including any disciplinary or remediation measures taken.

In addition to having a mechanism for responding to the specific incident of misconduct, the company’s program should also integrate lessons learned from any misconduct into the company’s policies, training, and controls. To do so, a company will need to analyze the root causes of the misconduct to timely and appropriately remediate those causes to prevent future compliance breaches.

Ultimately, performing a root cause analysis is not simply sitting down and asking many questions. It would be best if you had an operational understanding of how a business operates and how they have developed its customer base. Overlay the need to understand what makes an effective compliance program with the skepticism an auditor should bring so that you do not simply accept an answer provided to you, as you might in an internal investigation. Marks noted that “a root cause analysis is not something where you can ask the five whys. You need these trained professionals who understand what they’re doing.”

Three key takeaways:

  1. A root cause analysis is required if you have a reportable compliance failure.
  2. There is no one process for performing a root cause analysis. You should select the one which works for you and follow it.
  3. To properly perform a root cause analysis, you need trained professionals who understand what they’re doing.
Categories
Corruption, Crime and Compliance

Deep Dive into the Honeywell FCPA Settlement

In this episode, host Michael Volkov takes a closer look at the Honeywell FCPA case. The Justice Department and the FCC had a strong year in FCPA enforcement; they closed out the year with two important cases, ABB and Honeywell. Last week’s episode covered the ABB case, and this episode will focus on the Honeywell UOP case, which resulted in a $160,000,000 settlement. 

  • Honeywell was involved in a bribery scheme in Brazil and Algeria to secure contracts with state-owned oil companies.
  • Honeywell conspired to offer a $4 million bribe to a high-ranking executive of Petrobras in Brazil in an attempt to secure a valuable $425 million contract to design and build a refinery.
  • Honeywell’s use of third-party agents, such as sales agents, to facilitate bribery payments was done without proper controls and oversight, leading to a lack of proper invoicing, description of services, and confirmation of payment arrangements which facilitated illegal payments.
  • Honeywell’s senior management was complicit in the scheme and there was a lack of commitment to corporate ethics and compliance culture within the company.
  • The case serves as a reminder of the risks to companies of engaging in bribery and the importance of having a strong compliance culture and third-party risk management program.

 

KEY QUOTE:

“Honeywell’s actions occurred in an environment where no one raised a question about the bribery scheme. The … narrow focus on winning the project through whatever means possible was clear.” – Michael Volkov

RESOURCES

Honeywell UOP to Pay Over $160 Million to Resolve Foreign Bribery Investigations in U.S. and Brazil

SEC Charges Honeywell with Bribery Schemes in Algeria and Brazil

Email Michael: mvolkov@volkovlaw.com

Categories
FCPA Compliance Report

James Koukios on Changes to Corporate Enforcement Policy

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this special episode, I am joined by Morrison and Foerster partner James Koukios to discuss the recent Kenneth Polite speech announcing changes to the Department of Justice Corporate Enforcement Policy.

In this episode, we consider the following:

  • What is the CEP;
  • This is a follow on from the Monaco Memo;
  • Why this change is significant for recidivists;
  • How this change redefines an effective compliance program;
  • The new CEP offers real, tangible, and significant benefits for compliance programs; and
  • What it all means going forward.

Resources

Kenneth Polite Speech

Updated CEP

Categories
FCPA Compliance Report

Tom Fox and Mike Volkov with the 2022 Year in Review for the FCPA, Part 2

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this special episode, I am joined by Mike Volkov, founder of the Volkov Law Group. We conclude with Part 2, looking back on the year 2022 in FCPA and Compliance. We consider the Monaco Memo, the key cases, and some of the important issues which arose in 2022 and how they might impact compliance in 2023.

In this episode, we consider the following:

·      Building trust and credibility in the investigative process

·      The ABB FCPA enforcement action

·      The Honeywell FCPA enforcement action

·      Why the heat is on compliance after the Monaco Memo

·      Corporate incentives and discipline, including clawbacks

·      The Glencore FCPA enforcement action and CCO Certification

Resources

Mike Volkov on LinkedIn

The Volkov Law Group

Categories
Corruption, Crime and Compliance

2022 FCPA Year in Review Featuring Tom Fox

2022 saw higher numbers of FCPA enforcement actions, settlements, and criminal prosecutions of individuals. One of the most important developments was the update of policy in the Monaco Doctrine, which was elaborated on in the Monaco Memo, providing important guidance for compliance professionals. Tom Fox joins Michael Volkov to discuss some of the more interesting cases from the past year.

Tom Fox is hailed as the Voice of Compliance, serving and evangelizing for the compliance community for over 15 years. He is the founder and creator of the Compliance Podcast Network where he hosts various podcasts, such as Innovation In Compliance and the ESG Report, and the Executive Leader at the C-Suite Network. 

 

Some ideas you’ll hear them explore are:

  • The DOJ is getting better at communicating with the compliance community through resolution documents like DPA, NPA, and, occasionally, declinations. These documents provide insight into the DOJ’s thinking and approach to cases, which compliance professionals can use to gain a better understanding of how to approach compliance issues.
  • In Tom’s upcoming book, “FCPA Year in Review 2022,” he highlights the KT Corp bribery case, which went back to the basics in its old-school rendition of corruption: bags of cash money. The lesson here is that bribery can be as simple as a $50 slipped into a handshake.
  • In the curious case of Glencore, the FCPA enforcement action taken against them reflects the DOJ’s focus on defective cultures within companies. This case involved multiple enforcement agencies across multiple countries and multiple bribery schemes, rounding up fines and penalties totalling up to $1.1 billion, with $700M for FCPA violations, and $441M for price and market manipulation. Glencore had a culture that was committed to profit at any cost, and the company paid over $100M to third parties knowing that some of the money would be used to bribe officials in various countries.
  • The Oracle case involving bribery and corruption involving gifts, travel, and entertainment should serve as a reminder to companies to review their gift, travel, and entertainment policies and ensure they are aware of how their business officials are spending their travel, per diem, and entertainment money.
  • Avoid hiring third-parties recommended by or at the direction of a state-owned official or executive.
  • The Lisa Monaco memorandum emphasizes the need for effective compliance programs and the benefits of voluntary disclosure, full cooperation, and timely and appropriate remediation. 

 

KEY QUOTE

“Internal controls are not simply due diligence, distributors, et cetera. It goes down to your payments, schemes and how you pay your vendors should all be a part of your internal controls.” – Tom Fox

 

Resources

Tom Fox on the Web | LinkedIn | Twitter | Blog

Categories
FCPA Compliance Report

Tom Fox and Mike Volkov with the 2022 Year in Review for the FCPA, Part 1

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special episode, I am joined by Mike Volkov, founder of the Volkov Law Group. We begin a two-part podcast on looking back on the year 2022 in FCPA and Compliance. We consider the Monaco Memo, the key cases and some of the important issues which arose in 2022 and how they might impact compliance in 2023.

In this episode we consider:

·      The Monaco Memo

·      The Stericycle FCPA enforcement action

·      The KT FCPA enforcement action

·      The upcoming trial of Cognizant executives and internal investigations

·      Key individual prosecuted

Resources

Mike Volkov on LinkedIn

The Volkov Law Group

Categories
Compliance Into the Weeds

Compliance Issues & Events We Are Looking at for 2023

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, Matt and I consider a list of compliance issues and events worth watching in the next 12 months, likely to happen in the coming year, that will be most consequential for corporate compliance and audit professionals.

For 2023 (at least at this point), it is the following:

·      SEC rules on greenhouse gases.

·      PCAOB enforcement.

·      The FTC and privacy enforcement.

·      Fallout from the Oracle FCPA enforcement action.

·      New DOJ corporate crime enforcement policies.

·      An ESG controller.

·      Crash and burn of Elon Musk-style corporate governance.

 Resources

Matt Kelly in Radical Compliance

Categories
Blog

Profit Sharing as Bribery: The Honeywell FCPA Enforcement Action: Part 3 – The Comeback

To close out 2022 in Foreign Corrupt Practices Act (FCPA) enforcement actions, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced settlements of FCPA enforcement actions with Honeywell UOP, a US-based subsidiary of Honeywell International Inc. For its actions, Honeywell agreed to a criminal penalty of about $79 million, with the DOJ crediting up to $39.6 million of the criminal penalty for Honeywell’s payments to authorities in Brazil in related proceedings. The company agreed to pay the SEC $81.5 million in disgorgement and prejudgment interest and the SEC provided for an offset of up to $38.7 million for payments to Brazilian authorities. Today, I want to conclude with some lessons learned.

Honeywell’s Comeback

  1. Overcoming a Failure of Culture

When the underlying facts of this enforcement action began, Honeywell had one of the most corrupt cultures you could have imagined. As I noted yesterday, the bribery scheme in Brazil began with the business unit outright lying to the compliance function about a corrupt agent. But do not absolve the company’s compliance function as apparently they performed no due diligence or did even the bare minimum for agents in a clear high-risk jurisdiction. Unfortunately, this outright corruption and/or malfeasance only went downhill from there. There was a profit-sharing agreement with the corrupt Petrobras agent which clearly showed malfeasance from Honeywell’s finance folks for paying such a scheme where there was no written agreement or any other evidence which warranted payments of over $10 million. The bribery scheme in Algeria involved the corrupt third-party Unaoil and once again bribe payments were approved all the way up the business and compliance line with Honeywell Belgium finance signing off as well.

Yet even with this clear culture of corruption, Honeywell received a 25% discount off the minimum fine and penalty under the US Sentencing Guidelines. They did this without self-disclosing. Once again since Unaoil was involved, it would be a logical assumption, the Unaoil executive brought to the US and given immunity proved the initial information on Honeywell’s corruption. Honeywell did turn things around so that in addition to the 25% discount, they were not required to sustain a monitor. All in all, quite a comeback.

2. Extraordinary Cooperation

According to the Deferred Prosecution Agreement (DPA), Honeywell received full credit for its cooperation with the DOJ through its “(i) proactively disclosing certain evidence of which the Fraud Section and the Office were previously unaware; (ii) providing information obtained through its internal investigation, which allowed the government to preserve and obtain evidence as part of its own independent investigation; (iii) making detailed presentations to the Fraud Section and the Office; (iv) voluntarily facilitating interviews of employees; (v) collecting and producing voluminous relevant documents and translations to the Fraud Section and the Office, including documents located outside the United States.” The SEC added in its Order, “Honeywell cooperated in the Commission’s investigation by identifying and timely producing key documents identified in the course of its own internal investigation, providing the facts developed in its internal investigation, and making current or former employees available to the Commission staff, including those who needed to travel to the United States.”

2. Extensive Remediation

Honeywell was given credit by both the SEC and DOJ for its remedial efforts. The SEC said, the “remediation included: (i) strengthening its ethics and compliance organization; (ii) terminating sales directors involved in the misconduct in Brazil and demoting an employee with significant supervisory responsibilities over the misconduct in Brazil; (iii) implementing a program to eliminate UOP’s use of sales agents altogether (as of 3Q 2021, UOP had reduced its sales agent force by two-thirds); (iv) enhancing Honeywell’s policies and procedures including with respect to due diligence of third parties (including consolidating the due diligence process into one automated system and requiring third parties to submit quarterly reports and FCPA certifications); (v) improving Honeywell’s financial controls over third parties (including implementing digital end-to-end controls over payments to third party sales agents and ensuring that payments to sales intermediaries are made by wire transfer to an account belonging to the same party and to a bank account where the sales intermediary resides); and (vi) enhancing training provided to Honeywell employees and sales intermediaries regarding anti-corruption, controls, and other compliance issues.”

The DOJ noted that Honeywell, “(i) commencing remedial measures based on internal investigations of the misconduct prior to the commencement of the Fraud Section’s and the Office’s investigation; (ii) disciplining certain employees involved in the relevant misconduct, including terminating one employee; (iii) strengthening its anti-corruption compliance program by investing in compliance resources, expanding its compliance function with experienced and qualified personnel, and taking steps to embed compliance and ethical values at all levels of its business organization; (iv) substantially reducing its anti-corruption risk profile by taking steps to eliminate the Company’s use of sales intermediaries and, in the interim, rolling out a single, automated sales intermediary due diligence tool that requires responsible managers to provide quarterly compliance certifications for all existing sales intermediaries; (v) establishing monitor and audit processes to regularly review and update the compliance program; and (vi) enhancing its internal reporting, investigations, and risk assessment processes.”

From the SEC Order, the two key changes were: “(iv) enhancing Honeywell’s policies and procedures including with respect to due diligence of third parties (including consolidating the due diligence process into one automated system and requiring third parties to submit quarterly reports and FCPA certifications); (v) improving Honeywell’s financial controls over third parties (including implementing digital end-to-end controls over payments to third party sales agents and ensuring that payments to sales intermediaries are made by wire transfer to an account belonging to the same party and to a bank account where the sales intermediary resides);”. Both of these remediations speak to the use of tech solutions to enhance compliance. Under Prong IV, the implementation of one automated system for third parties.

From the DOJ DPA, the key changes were “(iii) strengthening its anti-corruption compliance program by investing in compliance resources, expanding its compliance function with experienced and qualified personnel, and taking steps to embed compliance and ethical values at all levels of its business organization; (iv) substantially reducing its anti-corruption risk profile by taking steps to eliminate the Company’s use of sales intermediaries and, in the interim, rolling out a single, automated sales intermediary due diligence tool that requires responsible managers to provide quarterly compliance certifications for all existing sales intermediaries;”. Once again, the tech solution noted in Prong IV was critical but also note the language found in Prong III about have ‘experienced and qualified [compliance] personnel.

By putting these remedial actions in place, Honeywell was able to avoid a monitor. This means the company not only put the changes in place but have also tested them to the satisfaction of the DOJ and SEC. But more than setting out what Honeywell did to make its comeback; these  remedial efforts of Honeywell provide a clear set of guidelines for the compliance professional to review in looking at your own program. This enforcement actions seems a fitting end for the year 2022 in FCPA enforcement.