Categories
Compliance Into the Weeds

Compliance into the Weeds: BAT Sanctions Enforcement Action

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!

Tom Fox and Matt Kelly dive into the recent enforcement action against British American Tobacco (BAT) for violating North Korean sanctions. After years of evading sanctions and funneling over $630 million, regulators have imposed the maximum penalty. Join the podcast to understand the scheme enacted by BAT and the consequences of their actions. They also discuss the need for clarity around who is responsible for ensuring compliance with OFAC and the Justice Department for the next 5 years. With potential penalties looming, the consequences senior management could face, and the extent of compliance commitments expected of BAT, this is a case you want to take advantage of. Listen to Tom and Matt make sense of this perplexing case and what it means for companies in countries like North Korea.

Key Highlights:

·      Sanctions enforcement on British American Tobacco

·      The North Korean Scheme of British American Tobacco

·      British American Tobacco’s Sanctions Compliance Penalty and Requirements

·      Legal implications of BAT’s North Korea joint venture

Notable Quotes:

“I almost think we should just name this series, ‘the hits just keep on coming’ as  sanctions is the new FCPA.”

“This is a long-running, complicated scheme involving the highest levels of BAT knew this was going on to evade sanctions risks.”

“Short of Activision Blizzard, this case strikes me as 1 of the most egregious that we have seen in any form of trade control, export control, trade sanctions, FCPA, or other major corporate white collar.”

“They talk about how BAT and its subsidiaries knew full well that US sanctions said you can’t do business with North Korea; they were upset over how BAT publicly announced it.”

 Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

Maria D’Avanzo on the 2023 ECCP

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special edition, sponsored by Traliant, I visit with Maria D’Avanzo Chief Evangelist Officer at Traliant to discuss the 2023 Evaluation of Corporate Compliance Programs. We discuss the DOJ’s guidance on financial incentive programs and highlight the importance of cross-functional collaboration in establishing effective compliance programs. What are some of the challenges of implementing clawbacks for employees who engage in misconduct? We consider some of the risks involved when a company decides to file a lawsuit against an executive for clawback. Finally, they touch on the need for proper communication of the compliance message beyond legal and compliance departments. Join Tom Fox and Maria D’Avanzo as they dive deep into the future of corporate compliance programs. Don’t miss this informative and eye-opening episode.

 Key Highlights

·      Evaluating Corporate Compliance Incentive Programs

·      Establishing Compliance Programs in Companies Facing DOJ Allegations

·      Incorporating Compliance Ethics and Clawbacks in Business

·      Lawsuit Consequences for Companies & Executives

·      DOJ Elevating Corporate Compliance Programs

·      Effective Communication for CCOs

 Notable Quotes

“Certainly the timing of any type of any attempt to claw back the compensation, the board needs to be concerned about what’s the right time? What’s the right process? And are we going to open ourselves up?”

“There’s also language about non-financial incentives. And here, once again, nothing really new that companies are supposed to take doing business ethically.”

“I’m not quite sure why a company without resolving the loss, the investigation, either internally or especially with the DOJ, would file a lawsuit against an executive in order to claw back the compensation.”

“Is your investigation completed? Or is it ongoing. I’m not sure how you would win in a litigation if you have not established the basis for the breach of contract.

Resources

Maria D’Avanzo on LinkedIn

Traliant

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

Ryan Patrick on the Role of a US Attorney Under the Monaco Memo, CEP & ECCP

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. Looking for a podcast that will give you insights into the Department of Justice’s corporate enforcement policy and the implications for corporations facing investigations? Look no further than FCPA Compliance Report! In this episode, Tom Fox sits down with Ryan Patrick, a former US district attorney for the southern district of Texas. They discuss the importance of staying up-to-date with DOJ memos and speeches, the difficulty for corporations in deciding whether or not to self-disclose, and the implications of outside counsel being deputized. Ryan emphasizes the importance for companies to work with lawyers who know judges and have pre-existing relationships with local prosecutors, including US attorneys and line prosecutors. They discuss the Southern District of Texas and its role in border-related issues, as well as the Patrick’s time as a US Attorney for the Southern District of Texas. This podcast is a must-listen for anyone looking to gain a better understanding of corporate enforcement and compliance policies. Don’t miss out on the conversation between Tom Fox and Ryan Patrick!

 Key Highlights

·      Discussing U.S District Attorney’s work challenges

·      Evolution of Corporate Enforcement Policy by DOJ

·      Challenges in Communication with Corporations for Attorneys

·      Challenges of Self-Disclosure for Businesses

·      Navigating Legal Issues with Local Counsel

·      Challenges to Attorney-Client Privilege in Corporate Cases

·      Border Security and Cryptography Cases in Texas

·      US Attorney General Advisory Committee in Presidential Administration

·      Role of Southern District of Texas in law enforcement and corporate enforcement

·      Inside a Federal Prosecutor’s Role

 Notable Quotes

·      “It seems to me that this broaden beyond simply anti-corruption in FCPA and whether it be fraud, whether it be antitrust, whether it be environmental, whether it be a wide variety of other types of issues that an AUSA and a local district attorney US district attorney’s office would prosecute.”

·      “Asking the US attorney’s offices now to step into this space where really thinking from the idea of self-disclosure and from monitoring or audio auditing, so to speak, someone’s compliance program.”

·      “One of the not perhaps most difficult, but hardest conversations a corporation has is whether or not to self-disclose under the FCPA.”

·      “Bring it to me. I will consider it because it’s not 1 size fits all.

Resources

Ryan Patrick on LinkedIn

Ryan Patrick on Haynes and Boone

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Into the Weeds

Updated DOJ Mandate on Clawbacks

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, Matt and I dive into the hot topic of clawbacks, focusing on Deputy Attorney General Lisa Monaco’s new pilot program and Kenneth Polite’s take on prosecutorial discretion for organizations. Our hosts explore the opportunities for corporate compliance and HR personnel for clawback solutions and the use of the Federation Corrupt Practices Act (FCPA). They also discuss the need for a thorough documentation of personnel involved with and/or accused of illegal conduct and the potential costs to shareholders. Bottom line: Tom Fox and Matt Kelly are here to take you on a deep dive into the complexities of clawbacks and help organizations get compliant and stay compliant.

Key Highlights:

Prosecutorial Discretion and Credit [00:05:24]

Implications of the Foreign Corrupt Practices Act on Corporate Compliance and HR [00:09:41]

The Mathematics of Corporate Policy Development and Management [00:13:59]

Corporate Compliance and the Foreign Corrupt Practices Act [00:17:47]

Balancing Compliance and Risk in Business Practices [00:21:49]

 Notable Quotes:

1.     “It is part of the department’s larger effort to hold individuals more accountable and to have companies be participants in that project and to have companies embrace the culture of compliance; how would you hold individuals accountable if you’re the company, you’d have that clawback clause over their head, and then you would now have more incentive to use it, which is not necessarily an easy thing.”

2.     “What we expect companies that use programs to address not only employees who engaged and wrongdoing a connection with conduct under investigation, but also those who had supervisory authority over the employees or business area engaged in in the misconduct and knew of or were willfully blind to the misconduct.”

3.     “You must have the clawback policies in place at the time of resolution, then get a reserve credit for those clawback compensation moneys that you must successively claw back within the term of the resolution.”

4.     “If you try to recoup the compensation and fail, you’ll still be eligible for up to 25 percent of whatever you were trying to recoup.”

 Resources

Matt in Radical Compliance

Tom in FCPA Compliance and Ethics Blog

Categories
Daily Compliance News

March 3, 2023 – The Spread The Pain Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

Categories
Blog

Monaco Memo: A Jolt for Compliance: Part 3 – Cooperation and Compliance Program Evaluation

Today, we continue our exploration of the Monaco Memo by considering the sections relating to the evaluation of cooperation during the pendency of the investigation and the evaluation of a company’s compliance program at the conclusion of the resolution. These portions of the Monaco Memo should be studied intently by every compliance professional as they lay out what the Department of Justice (DOJ) will require to grant discounts under the FCPA Corporate Enforcement Policy.

Evaluation of Cooperation

Cooperation with the DOJ during the pendency of an investigation has always been a critical factor of the overall costs of a Foreign Corrupt Practices Act (FCPA) resolution since this factor can be added as a discount under the US Sentencing Guidelines and the FCPA Corporate Enforcement Policy. Essentially a company can double dip in discounts with superior cooperation. Indeed, we have seen companies have the fines and penalties increase by tens of millions when they failed to cooperate.

The Monaco Memo acknowledges what a corporation can obtain by stating, “Cooperation can be a mitigating factor, by which a corporation – just like any other subject of a criminal investigation – can gain credit in a case that is appropriate for indictment and prosecution.” Further, “Credit for cooperation takes many forms and is calculated differently based on the degree to which a corporation cooperates with the government’s investigation and the commitment that the corporation demonstrates in doing so. The level of a corporation’s cooperation can affect the form of the resolution, the applicable fine range, and the undertakings involved in the resolution.”

Principal Associate Deputy Attorney General (DAG) Marshall Miller, recently said in a speech, “I trust one thing came through loud and clear: the Department is placing a new and enhanced premium on voluntary self-disclosure.” This is where the timeliness issue becomes so critical. Miller went on to state, “The DAG also provided important guidance on corporate cooperation. The key point I want to highlight relates to timeliness. In building cases against culpable individuals, we have heard one consistent message from our line attorneys: delay is the prosecutor’s enemy — it can lead to a lapse of statutes of limitation, dissipation of evidence, and fading of memories. The Department will expect cooperating companies to produce hot documents or evidence in real time. And your clients can expect that their cooperation will be evaluated with timeliness as a principal factor. Undue or intentional delay in production of documents relating to individual culpability will result in reduction or denial of cooperation credit. Where misconduct has occurred, everyone involved — from prosecutors to outside counsel to corporate leadership — should be “on the clock,” operating with a true sense of urgency.”

Miller fleshed out the Monaco Memo regarding this DOJ expectation when he intoned that the DOJ expects “cooperating companies to produce hot documents or evidence in real time.” Moreover, “The key point I want to highlight relates to timeliness.” This could mean literally when you find a smoking, still hot or even cold gun you had better pick up the phone and call the DOJ. Finally, when it comes to cooperation credit the DOJ will evaluate companies “timeliness as a principal factor.” It cannot be stated any plainer or more simply than that.

Evaluation of Corporate Compliance Programs

Equally important for compliance professionals was the section on evaluating compliance program. The DOJ has presented significant information to the compliance community with the release of the 2019 Evaluation of Corporate Compliance Programs and its 2020 Update. The Monaco Memo recognizes these documents as key components for the DOJ to review compliance programs of companies under investigation. Moreover, although there is no compliance defense to prosecution of illegal conduct, such compliance programs have “a direct and significant impact on the terms of a corporation’s potential resolution with the Department.”

To that end, the Monaco Memo directs prosecutors to “evaluate a corporation’s compliance program as a factor in determining the appropriate terms for a corporate resolution, including whether an independent compliance monitor is warranted. Prosecutors should assess the adequacy and effectiveness of the corporation’s compliance program at two points in time: (1) the time of the offense; and (2) the time of a charging decision. The same criteria should be used in each instance.”

However, the Monaco Memo focused attention on an area given little weight previously in determining the effectiveness of an effective compliance program, that being clawbacks. While compensation, particularly in the form of bonus or other compensation based on positive compliance actions, has long been a part of a best practices compliance program (the carrot) we have not previously seen its equivalent disincentive (the stick).

The Monaco Memo stated, “Corporations can best deter misconduct if they make clear that all individuals who engage in or contribute to criminal misconduct will be held personally accountable. In assessing a compliance program, prosecutors should consider whether the corporation’s compensation agreements, arrangements, and packages (the “compensation systems”) incorporate elements ­ such as compensation clawback provisions – that enable penalties to be levied against current or former employees, executives, or directors whose direct or supervisory actions or omissions contributed to criminal conduct. Since misconduct is often discovered after it has occurred, prosecutors should examine whether compensation systems are crafted in a way that allows for retroactive discipline, including through the use of clawback measures, partial escrowing of compensation, or equivalent arrangements.” This is a change.

Miller expanded on this when he said the DOJ would start with two questions:

  1. Has the company clawed back incentives paid out to employees and supervisors who engaged in or did not stop wrongdoing?
  2. Is the company targeting bonuses to employees and supervisors who set the right tone, make compliance a priority, and build an ethical culture?

Miller went on to add, “What we expect now, in 2022, is that companies will have robust and regularly deployed clawback programs. All too often we see companies scramble to dust off and implement dormant policies once they are in the crosshairs of an investigation. Companies should take note: compensation clawback policies matter, and those policies should be deployed regularly. A paper policy not acted upon will not move the needle — it is really no better than having no policy at all.”

My suggestion is that you develop a clawback policy and write it into the contracts of your senior management going forward.

I hope you will join me tomorrow where I look at guidance around monitors and monitorships.

Categories
Blog

Why Cybersecurity Will Never Be the Same After the Russian Invasion

After the Russian invasion of Ukraine, the world of business will never be the same again. Deputy Attorney General (DAG) Lisa Monaco recently said that the world’s “geopolitical landscape is more challenging and complex than ever. The most prominent example is of course Russia’s invasion of Ukraine.” It is “nothing less than a fundamental challenge to international norms, sovereignty and the rule of law that underpins our society.” This is even more so in the current business climate.
Over this five-part series, I will consider how business will never again be the same and how a confluence of events of events has changed business forever. I am joined in this exploration by Brandon Daniels, Chief Executive Officer (CEO) of Exiger. We will explore the irrevocable changes in Supply Chain, trade and economic sanctions, anti-corruption, cyber-security and environmental, social and governance (ESG). In Part 4, we continue to explore the changes wrought by the Russian invasion of Ukraine, in the realm of cybersecurity.
The Russian invasion of Ukraine gave everyone else an understanding of how serious cybersecurity really was from a defense perspective and not just from a corporate risk management perspective. According to Daniels, it drove home the clear message in cybersecurity that the United States is in a non-kinetic war with Russia and China. Over the past decade the theft of intellectual property (IP) through cybercrime has steadily increased but Russia and China are essentially “showering the US with attacks” and specifically Russia is attempting to compromise “US facilities and technologies since the crisis” began.
A second and equally important point on cybersecurity, is how interconnected it is to commerce. Countries such as Russia and China are clearly using both state and non-state businesses to further the ambitions of the state. These attacks have been particularly prevalent in supply chain where 80% of the largest cyber-attacks that have occurred, have been supply chain attacks. This means that you may have integrated some software into your organization through a vendor, but somewhere earlier in that software development, in that vendor’s purchasing of under underlying software capabilities, there was a malicious piece of software that was planted by a state-owned actor, a non-state actor or a criminal network. This interconnectedness between third party and supply chain, risk management and cyber risk management was made so much more explicit from the Russian invasion of Ukraine.
Daniels pointed out that companies may have “vendors that are owned one to two degrees away by Russian oligarchs and those Russian oligarchs might be using the fact that we use their software one to two degrees away as an entry point to steal classified information about what the US government is doing in” an area such as critical infrastructure. Once again, the nature of cybersecurity and its interconnectedness with third party and supplier risk management, was “another revelation that came out of this crisis and this conflict.”
One of the continuing themes from the Russian invasion of Ukraine is the interconnectedness of risks which will never be the same. Some of these we have previously explored such as supply chain, trade and economic sanctions and anti-bribery and anti-corruption. There are others such as crypto and ESG as well. This can all lead to a perception of complexity which could overwhelm risk management and other business professions thinking through how to manage these risks.
Daniels suggested an approach which assesses your vendors in their environment for four quadrants of risk: operational, foreign ownership, financial health and reputational risk. After you have established your risk appetite you will need to assess every vendor on an individual and singular basis. You should have a process where each vendor coming through your company’s pipeline follows an onboarding process that manages to your risk appetite and then monitors for risks that could pull a vendor above your risk threshold. If a vendor falls outside of your risk appetite for any of these key areas, you should review the use of that vendor in more detail.
There are other risk profiles you should consider. One is industry risk, which means what critical industries are you relying upon. Daniels noted that a cloud hosting company should be concerned with computing resources, bandwidth, power, or fiber optic resources. He said, “Don’t try to boil the ocean, just look at your critical industries and see where you might have issues that are coming up that could be problematic” for your industry.
Finally, another key risk area to consider is jurisdictional risk. This means reviewing the locations of your facilities. Daniels said, “I look at where my top or most critical products are being manufactured. Again, if I’m a cloud hosting company, it might be the microelectronics that I use to power computing resources, to determine where the concentration of manufacturing locations.” But the key is to take it in bite size chunks by company, industry, and jurisdiction, and then monitor so you can at least maintain a reactive posture on upcoming events. By doing so this enables your company to do continuous maturing and evolution thereby increasing complexity and efficacy to continuously improve that program to start to work towards proactive risk management.

Categories
Blog

Why Economic and Trade Sanctions Will Never Be the Same After the Russian Invasion

After the Russian invasion of Ukraine, the world of business will never be the same again. Deputy Attorney General (DAG) Lisa Monaco recently said that the world’s “geopolitical landscape is more challenging and complex than ever. The most prominent example is of course Russia’s invasion of Ukraine.” It is “nothing less than a fundamental challenge to international norms, sovereignty and the rule of law that underpins our society.” This is even more so in the current business climate.
Over this five-part series, I will consider how business will never again be the same and how a confluence of events of events has changed business forever. I am joined in this exploration by Brandon Daniels, Chief Executive Officer (CEO) of Exiger. We will explore the irrevocable changes in Supply Chain, trade and economic sanctions, anti-corruption, cyber-security and environmental, social and governance (ESG). In Part 2, we continue to explore the changes wrought by the Russian invasion of Ukraine, in the realm of economic and trade sanctions.
According to Daniels, one of the keys on the nature of sanctions on punitive economic activities, is to endure that you are having the right impact and through a set of comprehensive sanctions. You must do so while “making sure that you’re not hurting your allies and partners that can help unwind some of these undesirable or intolerable geopolitical situations.” This means that when thinking about economic sanctions, it is not simply a consideration of the implemented economic sanctions; it is a broader consideration of “a comprehensive set of economic and trade policies that have been codified into legislation, through regulation and rulemaking,  that set the tone for sanctions in the future sanctions and economic prohibitions in the future.”
Two precursors to the development of the US economic and trade sanctions response to the Russian invasion of Ukraine were the increase in economic and trade sanctions utilized by the Trump Administration and, most significantly, the passage of the National Defense Authorization Act on January 1, 2020, which included the Anti-Money Laundering (AML) Law of 2020. This was the first update of federal AML laws since the Patriot Act was passed in the wake of 9/11. Both of these seemingly disparate developments set the stage so that Russia invaded Ukraine and the Biden Administration, along with most western democracies, came down levying economic and trade sanctions in very short order against certain Russian individuals, Russian companies and against Russia itself.
The US government had also been ramping up its economic and trade sanctions enforcement over the past several years. DAG Monaco has said that three such cases have led to over $1 billion in fines and penalties alone over the past 10 years, adding “so we’re by no means starting on a blank canvas.” However, “what you have seen in the last few months is something completely different…The scope of the sanctions imposed on Russia by the United States and its allies and partners are of a new order of magnitude…We are pouring resources into sanctions enforcement, and you have seen and will continue to see results.” Indeed, she categorized economic and trade sanctions enforcement as “the new FCPA.” But it’s not just the war in Ukraine that has prompted a new level of intensity and commitment to sanctions enforcement. We have turned a corner in our approach. Over the last couple of months, I’ve given notice of that sea change by describing sanctions as “the new FCPA.”
Daniels noted that these new rounds of sanctions based upon the Russian invasion of Ukraine are actually broader and more comprehensive because they strive to get at the root of an issue, which is intelligence gathering by state and non-state actors from US businesses. He pointed to the examples of the Chinese companies ZTE Corporation and Huawei Technologies Co., Ltd., which are subject to bans from the Federal Communications Commission (FCC) but who still might be suppling chips to suppliers down your supply chain and more nefariously using those chips to engage in intelligence gathering and industrial espionage.
The economic and trade sanctions, put in place before the Russian invasion of Ukraine and those levied thereafter, are designed to not simply punish Russia but also interdict their ability to wage war. This means sanctions will be used to disrupt the Russian ability to fund the war through its banking sectors. Yet another set of reasons are to change non-democratic and unethical behaviors by making the cost to engage in these behaviors so high through economic and trade sanctions.
One of the most interesting consequences in the area has been the increase in and much more highly publicized increase in whistleblowers. Once again, the AML Law of 2020 set the stage for this by including a bounty provision that any person or entity involved in reporting an economic and trade sanctions violation would be eligible for up to 30% bounty on any recovery. Perhaps the most visible byproduct of this has been the worldwide hunt for the multi-million up to billion-dollar yachts of Russian oligarchs. Whistleblowers and bounty hunters are actively looking for these yachts to turn their locations over to American authorities who can seize them.
But these seizures are only one step. As Daniels noted, because the AML Law of 2020 also helps uncover the companies who own these yachts and the companies who own those companies. In other words, transparency. Here one only need to think of the Panama Papers, the Pandora Papers and the Paradise Papers to understand why the light of day is the best disinfectant for enforcing economic and trade sanctions.
Once again, as with supply chain, the government is now looking for businesses to help in this fight. The US government has enlisted the private sectors as key partners in the implementation of economic and trade sanctions to allow the US government “to go after those who profit from corruption and crime around the world — whether they are sanctions-evading oligarchs or office-holding bribe recipients. Working with our partners, we can ensure that corrupt regimes will be held responsible — whether we’re seizing yachts or freezing slush funds.”

Categories
FCPA Compliance Report

Matt Galvin and Dan Kahn, Part 2-Reflections on the Monaco Speech

This episode of the FCPA Compliance Report begins a special two-part series with two well-known compliance professionals. Matt Galvin, most recently the CCO at AB-InBev and Dan Kahn, former acting Deputy Assistant Attorney General of the Criminal Division, Chief of the Fraud Section, and Chief of the FCPA Unit. Dan is now in private practice at DavisPolk. In this concluding Part 2, we take a deep dive into the Lisa Monaco Speech focusing on how the DOJ might look to access corporate culture, the Speech’s effect on the Benczkowski Memo, using the Monaco Speech and other external information for internal corporate presentations and the DOJ reviewing other corporate misconduct.

Resources

Matt Galvin on LinkedIn

Dan Kahn at Davis Polk

Categories
FCPA Compliance Report

Mike Volkov on FCPA Enforcement and Compliance from 2021 and into 2022

In this episode of the FCPA Compliance Report, I am joined by Mike Volkov to take a look back at FCPA enforcement and compliance from 2021 and prognosticate to where it may be going in 2022. Highlights of this podcast include:

  1. Three FCPA enforcement actions.
  2. DAG Lisa Monaco’s October Speech to the ABA White Collar Defense Conference.
  3. The Biden Administration’s Strategy on Countering Corruption.
  4. Where will FCPA enforcement head in 2022.
  5. Where will ABC compliance go in 2022?

Resources

Tom in the FCPA Compliance and Ethics Blog

FCPA Year in Review

Compliance Year in Review