Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – Code of Conduct as an Internal Control

In 2016, the SEC announced one of the most interesting non-international-focused FCPA enforcement actions. It involved a clear quid pro quo benefit paid out by United Airlines, Inc. to David Samson, the former chairman of the Board of Directors of the Port Authority of New York and New Jersey. This public government entity has authority over, among other things, United’s operations at the company’s huge east coast hub in Newark, New Jersey.

At the time, United’s Code of Conduct prohibited “United employees from directly or indirectly making bribes, kickbacks or other improper payments to government officials, civil servants or anyone else to influence their acts or decisions” and that “[n]o gift may be offered or accepted if it will create a feeling of obligation, compromise judgment or appear to influence the recipient improperly.” Only the United Board of Directors could grant a waiver to the code, and none was sought or obtained by Smisek. The Order concluded, “The [Chairman’s] Route was initiated in violation of United’s policies.”

The company was also sanctioned for not having internal controls to prevent such actions as those taken by Smisek. The SEC also found this was a violation of Section 13. This was in the face of detailing the protocol for the United instituting or reinstituting a route. The Order stated, “United had insufficient internal accounting controls to prevent approval of the South Carolina Route in derogation of United’s Policies.” All the underlying facts, enforcement theories, and remediation point towards the failure of internal controls when domestic bribery corruption occurs.

 Three key takeaways:

1. It is very unusual for the FCPA to form the basis of a domestic bribery violation.

2. A Code of Conduct can be an internal control.

3. Even a CEO must follow internal controls.

For more information on building a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.

Categories
FCPA Compliance Report

Scott Garland and Zach Hafer – Practice After the DOJ

Welcome to the award-winning FCPA Compliance Report, the most senior podcast in compliance. I have double trouble in this episode as I welcome Scott Garland and Zach Hafer. They worked together for many years at the US Attorney’s Office for the District of Massachusetts. Both are now in private practice, Garland as a Managing Director at Affiliated Monitors, Inc. and Hafer as a Partner at Cooley LLP in Boston.

Some of the highlights include:

In this podcast, we consider DOJ corporate enforcement through the mechanisms of DPAs and NPAs based upon Hafer’s tenure as the Criminal Chief. They discussed the need to balance approving prosecutions for general impact vs. based on the case’s merits. We also consider how, if at all, the Monaco Memo changes DOJ focus. Garland leads us through a discussion of compliance issues within a prosecutor’s office, why your compliance philosophy is so critical, and some of the biggest issues and situations they both confronted while in the US Attorney’s Office for the District of Massachusetts. We conclude this section with a discussion of receiving compliance advice: what worked and what did not.

We conclude with a discussion of transitioning from DOJ to private practice, and both Zach and Scott summarize some of the key questions they are getting from clients. Garland opines on key issues he sees for monitors after Monaco Memo, and we conclude with why proactive monitoring can be such a powerful tool.

 Resources

Scott Garland at Affiliated Monitors

Zach Hafer at  Cooley LLP

Categories
Blog

Monaco Speech: Part 4 – Some Questions

Deputy Attorney General (DAG) Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to take up some questions that came up for me based upon her remarks. As compliance practitioners know, the first DAG in the Trump Administration announced a major change in FCPA enforcement in November 2017. It was called it the FCPA Corporate Enforcement Policy and it was incorporated into the United States Attorneys’ Manual. Although it was incorporated into the Manual, it was essentially a rejection of the Yates Memo and incorporating the FCPA Pilot Program from 2016 into a more formal structure.
The FCPA Corporate Enforcement Policy set a presumption of a declination for a company that met four requirements. One, voluntary self-disclosure, including disclosure of all relevant facts known to it at the time of the disclosure, including as to any individuals substantially involved in or responsible for the misconduct at issue. Two, timely and appropriate remediation. Third, full cooperation with the DOJ in the investigation. Fourth, no aggravating circumstances which could include “involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; pervasiveness of the misconduct within the company; and criminal recidivism.”
My first series of questions relate to the Rosenstein policy. What is now required for a ‘presumption of a declination”? Will a company have to self-disclose not simply those individuals substantially involved or all employees, no matter how high or low in the employee chain? Must those disclosures be at the time of self-disclosure or as facts are developed in an investigation? Recall the Yates Memo mandated that if a company wanted any credit it had to disclose all employees involved in the misconduct. [So much so that the word ‘any’ was in bold, italics and underscored.] Will the DOJ revert back to that standard?
What of Deferred and Non-Deferred Prosecution Agreements (DPAs and NPAs)? Has the DOJ heard the criticism of these settlement mechanisms over the years? Matt Kelly and I catalogued them in the second Compliance into the Weeds podcast on Monaco’s speech. Or has the DOJ decided that there is some type of material defect in these tools which makes any settlement with a DPA or NPA simply ‘a cost of doing business’? Monaco raised these issues in the context of FCPA recidivist or those companies which have a broader history of corporate recalcitrant in complying with laws in general; i.e., tax, environmental, employment and every other law a corporation must deal with both in the US and internationally. Even though her remarks were directed to recidivists and other bad corporate actors, it would not be too far a stretch to see if the DOJ reconsidered such penalties for all those companies which find themselves in a FCPA imbroglio.
What might some changes look like? A couple of recent examples come from areas outside the FCPA context. Last week, the Federal Trade Commission (FTC) issued a new directive that any company which has one anti-competition violation under its belt will have to return to the FTC for pre-approval of any acquisition. That can be quite a business slow down if you are in a dynamic industry or profession. The other example comes from the world of US banking where the Federal Reserve put a growth cap on Wells Fargo for its behaviors. Once again something like that can be a very large business inhibitor.
The DOJ return to more robust monitorships could be another mechanism. While the monitors now usually concern themselves with the terms of the settlement agreement and whether the company under the settlement agreement is fulfilling its terms; the monitor could take a more active role in an organization, such as review any high-risk transaction or transaction but a certain dollar value. Such an intrusive monitorship would greatly slow down business in any organization. Yet FCPA recidivists do not seem to have gotten the message not to violate the FCPA. Indeed, even some under DPAs and NPAs are not fulfilling their agreed upon obligations. All of these factors could lead to some very different forms of settlement resolutions.
What about Monaco’s remarks around evaluation of all corporate conduct, not simply anti-bribery compliance? Her remarks bear citing in full on this point:
Going forward, prosecutors can and should consider the full range of prior misconduct, not just a narrower subset of similar misconduct — for instance, only the past FCPA investigations in an FCPA case, or only the tax offenses in a Tax Division matter. A prosecutor in the FCPA unit needs to take a department-wide view of misconduct: Has this company run afoul of the Tax Division, the Environment and Natural Resources Division, the money laundering sections, the U.S. Attorney’s Offices, and so on? He or she also needs to weigh what has happened outside the department — whether this company was prosecuted by another country or state, or whether this company has a history of running afoul of regulators. Some prior instances of misconduct may ultimately prove to have less significance, but prosecutors need to start by assuming all prior misconduct is potentially relevant. 
Most compliance professionals work very diligently to create a culture around anti-corruption compliance. However now there must be compliance with a much broader set of laws; both in the US and internationally. How many compliance officers even know about these other areas? Further, if there is one resource in the organization who does keep track of such matters, it is usually in the legal department, who are loathe to share that information, even within an organization. How will a compliance professional be aware and then work to ensure compliance in these other areas?
As I said in the introduction, there are lots of open questions. Tomorrow I will sum up what it all may well mean for the compliance professional.

Categories
Compliance Into the Weeds

More on DAG Monaco Speech-DPAs and NPAs

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Today, Matt and Tom continue their look at the recent speech by DAG Lisa Monaco to the ABA White Collar Institute on some very significant change to white collar, including FCPA enforcement. Today we consider potential changes to DPAs and NPAs and other settlement mechanisms.

Some of the issues we consider are:
·      Are DPAs and NPAs simply the cost of doing business?
·      Is the Wells Fargo growth cap a valid model?
·      What about greater DOJ or Monitor oversight?
·      Longer terms for DPAs?
·      New enforcement tools coming?
·      New review of DPAs and NPAs.
Resources
Matt in Radical Compliance
So What Happens Next with DPAs
Tom in the FCPA Compliance and Ethics Blog
Monaco Speech – Individual Accountability
Monaco Speech – Monitors
Text of DAG Monaco Speech