Info

FCPA Compliance Report

Tom Fox has practiced law in Houston for 30 years and now brings you the FCPA Compliance and Ethics Report. Learn the latest in anti-corruption and anti-bribery compliance and international transaction issues, as well as business solutions to compliance problems.
RSS Feed Subscribe in Apple Podcasts
FCPA Compliance Report
2019
May


2018
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
March
February


2015
December


Categories

All Episodes
Archives
Categories
Now displaying: October, 2017
Oct 31, 2017

In the final episode of this month’s series of One Month to More Effective Compliance for Business Ventures, I sat down with this month’s podcast sponsor, Mike Volkov, CEO of the Volkov Law Group to explore the key insight from this month’s series. It is that business ventures, whether joint ventures (JVs), partnerships, franchises, team agreements, strategic alliances or one of the myriad types of business relationships a US company can form outside the US are different than the usual risk presented by third parties. The problems for companies is that they tend to treat business venture risk the same as third party risk. They are different and must be managed differently.

These problems continue to exist in places like China and India where there have been a number of FCPA enforcement actions involving U.S. companies which enter these market via joint ventures. They have some sort of arms-length business relationship with a Chinese or Indian company; then they move to a joint venture relationship; and as the final step they end up buying out the foreign partner so that they bring the joint venture into the company. By the time of the full merger into the US organization, the corruption is so established and ingrained that it continues. Then it is no longer them doing bribery and corruption; it is now you doing the bribery and corruption.

Volkov explained it begins with the business reason for setting up the JV. The US company wants a connected, well-placed partner who can gain them influence in the foreign market. That foreign partner may be a government official, employee of a state-owned enterprise, or a state-owned enterprise itself. He noted “by definition then the JV relationship you are creating has risks in terms of why you are even doing business with them or even bringing them to the joint venture.” The next problem is in JV governance.

The first problem was why the JV was created but the next is how it will be created? Will it be 50/50 ownership between the US and foreign partner or something else? If its 50/50 how will you split the Board or other governing body. How will resolve final disputes? All of these questions should be considered from the FCPA perspective.

Next, what are the incentives of all the parties and what were the roles that everybody was going to take on regarding the business operation. Volkov said “if you have a 50/50 joint venture then you would have a situation where the joint venture itself retains third parties or distributors.” Whose third-party risk management program will be followed? What if red flags arise, who and more importantly, how will they clear them going forward.

Next is the JV going to use lobbyists and consultants to facilitate the JV operations. The foreign partner may want to hire without such third parties with no US partner input. The bottom line is that this is an incredibly high risk which requires more than just third party risk management strategies because you need to get into the guts of the business; how it was created, how it operates and then how is it going to operate.

A different situation comes into play with franchisors and international franchising. Here the issue may be one of control and you must look at the nature of the relationship between the parties in a franchise relationship. Most franchise agreements raise significant FCPA risks. They are outside the classic agent/distributor situation a business needs to take a hard look at the nature of the business venture or how it is operating, why the people have gotten together, next look at the intricacies of the business; and finally apply a risk analysis to the entire transaction.

In addition to the following the money issues present in every business relationship, the franchisee may also hire its own third parties, have its own interactions with foreign government regulators, need to train on compliance programs and of course have its own compliance program in place. Yet how many international franchisors have thought through all of these compliance requirements. Regarding franchising, it is both structure and oversight that are required. A company must use it full compliance tool kit in managing the relationship. Sitting back, putting compliance requirements in a franchise agreement will simply not suffice. There must be active management of the compliance risk going forward on an ongoing basis.

The bottom line is that may compliance practitioners have not thought through the specific risks of business ventures such as joint ventures, franchises, strategic alliances, teaming partner or others as opposed to sales agents or representatives on the sales side of the business. I hope that this series will help facilitate a discussion that maybe people will begin to think about more of the issues and more of the risk and perhaps put a better risk management strategy in place.

Three Key Takeaways

  1. Business ventures bring different FCPA risks from third parties.
  2. JVs have both external compliance risks and corporate governance risks.
  3. Use your compliance tool kit for business ventures in managing the FCPA risk for franchises.

 Business Ventures must be managed differently than third party agents under the FCPA.

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 31, 2017

In this episode, I visit with Doreen Edelman, a partner at Baker Donelson. We discuss the current state of NAFTA negotiations and some of the key issues including:

  1. The demand for a US content requirement in the auto industry. Currently under NAFTA, vehicles require at least 62.5 percent North American content but the U.S. is proposing to increase the North American content requirement to 85 percent, along with a United States content requirement increase to 50 percent. The goal of such a requirement is the reduction of the current $64 billion U.S. trade deficit with Mexico.
  2. The US has proposed inserting a sunset clause that would formally end NAFTA after five years, unless all parties agreed to re-authorize and extend the agreement.
  3. The US has demanded to amend the dispute-resolution framework and wants to either eliminate the arbitration panels entirely, make them non-binding, or make them voluntary.
  4. There are requests from Mexico and Canada for more access to US government contracts.  NAFTA currently ensures that there is a roughly proportional amount of its parties’ government procurement budget available to other NAFTA member countries. The US position is the current process is inherently unfair, and now seek a system that limits US procurement from companies in Canada and Mexico while granting greater access to US companies seeking to sell goods and services to those governments.
  5. The US is seeking to end the current Canadian supply management system for dairy, chicken, eggs, and turkey. The current protections have been in place since the 1970’s and set prices that protect Canadian farmers from competition. The system’s detractors view it as government overreach that runs counter to free-market principles. 

For more information on Edelman’s thoughts on the current state of the NAFTA negotiations see her blog post “As “Significant Conceptual Gaps” Persist, NAFTA Talks Extended to 2018” on her blog site Export Compliance Matters.

Oct 30, 2017

In this episode, I visit with John Wood, who has served in numerous high-level executive branch positions, including U.S. Attorney for the Western District of Missouri, Chief of Staff for the U.S. Department of Homeland Security, Deputy Associate Attorney General, Counselor to the U.S. Attorney General, and Deputy General Counsel for the White House Office of Management and Budget. He was also a Supreme Court clerk.

We consider the recent speech by Deputy Attorney General Rod Rosenstein on the comprehensive review the Justice Department will go through looking at various and sometimes disparate Memos regarding corporate and individual prosecutions. 

Wood goes through some of the process the Justice Department will go through in this review. We discuss how it may impact the DOJ’s priorities regarding not only enforcement but also investigation. He notes the remarks by Rosenstein on corporate compliance programs and how the DOJ views their value in the overall fight against the global scourge of bribery and corruption. We also consider where the DOJ might go with an extension of the FCPA Pilot Program and what compliance practitioner might expect going forward.

For a copy of the text of DAG Rosenstein’s speech click here.

Oct 30, 2017

Most franchisors have thorough financial vetting requirements before allowing any person or business to become a franchisee. However, how many of these same businesses perform compliance due diligence on their prospective overseas franchises? How many US franchisors have compliance training programs? How many evaluate, on an ongoing basis, the compliance program of their overseas franchisees? How many US franchisors have a compliance hotline or other reporting mechanism for any compliance violations made against their franchisees? 

Another way to look at this issue comes from Aaron Murphy in his book, entitled “Foreign Corrupt Practices Act – A Practical Resource for Managers and Executives”. In a chapter entitled “You Do More With the Government Than You Think”, Murphy has several examples of how any US company doing business overseas will come into contact with a foreign governmental official and, thereby, create a possible FCPA liability. Many of these are areas which a US based franchisor would have to utilize to do business in a foreign country, including some or all of the following: 

  • Interactions with Customs Officials. Every time your company sends raw materials into, or brings them out of, a country there is an interaction with a foreign governmental official in the form of a customs official. Every customs transaction involves a payment to a foreign government and every transaction involves some form of a foreign governmental regulatory process. While the individual payment per transaction can be small, the amount of total transactions can be quite high, if a large volume of goods are being imported into a foreign country.
  • Interaction with Tax Officials. While interacting with international tax authorities can present problems similar to those with customs officials, the stakes can often be much higher since tax transactions may be less in frequency but higher in financial risk. These types of risks include the valuation of raw materials for VAT purposes before such materials are incorporated into a final product, or the lack of segregation between goods to be sold on the foreign country’s domestic market as opposed to those which may be shipped through a free trade zone for sale outside that country’s domestic market.
  • Licensing and Permits. Your company is a retail seller of clothes and cosmetics, franchises its operations outside the US and you do not understand how the FCPA applies to your foreign sales operations? Every physical location that you sell your goods in will require some type of license to operate your business. It could require multiple licenses such as a national license, state license and local municipal license, additionally you will need a building permit if you intend to build out or modify your retail stores.
  • Work Permits and Visas. If your company franchises overseas it will have to send someone from the home office to operate in-country at some point. In the post-9/11 world this probably means that, at a minimum, your company will have to obtain a visa for each employee who enters the foreign country and perhaps a work permit as well. The visa process can start in the United States with a trip to foreign government consulate or even the embassy and at that point you are dealing with a foreign governmental official. The work permit process can also begin in the United States but often may continue in the foreign country.
  • Inspections and Certifications. Consider the Tex-Mex restaurant chain that desires to take this cuisine across the world. In any city in the world there will be some type of certification process to enable to the business to set up and start operating and then there will be the need for ongoing inspections for sanitary conditions. Such inspections may be rare but if there is “slime in the ice machine” it may be grounds to close the restaurant. 

How would all of this play out for a franchisor? As a franchisor moves into foreign markets there could well be the temptation to “grease the skids” and make payments or offer gifts to government officials, or their family members, to get the permits or permissions necessary to open and operate. In many countries, bribery is a common way of getting business done, and there can be tremendous pressure from local agents or franchisee candidates to follow regional customs and use bribes to become or remain competitive. Even if it is not the US franchisor's own employees that engage in the FCPA violations, the US franchisor will still face the risk of an enforcement action if the franchisee’s employees engage in such conduct. 

Three Key Takeaways

  1. Franchises can bring an unexpected level of FCPA exposure.
  2. Franchisors must have more than financial vetting for potential franchisees.
  3. Use your compliance tool kit for business ventures in managing the FCPA risk for franchises.

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 27, 2017

I am often asked about franchisor liability under the FCPA. Franchising has been a successful model in the US and now many corporations are looking at overseas expansion opportunities. Franchise law has become well developed across the US, with many states developing laws to protect the rights and obligations of both parties in a franchise agreement. According to an International Franchise Association survey of nearly 1,600 franchise systems, “nearly two-thirds (61 percent) of respondents currently franchise or operate in non-U.S. markets and three-fourths (74 percent) plan to begin international expansion efforts or accelerate their current ventures immediately.” 

There are no reported FCPA enforcement actions regarding franchisors. However, the factors in a franchise relationship would appear to lead to clear FCPA responsibility of the franchisor for its overseas franchisee’s actions. Additionally, court interpretation of the FCPA has held that it is applicable where conduct, violative of the Act, is used “to obtain or retain business or secure an improper business advantage” which can cover almost any kind of advantage, including indirect monetary advantage even as nebulous as reputational advantage. As everyone knows, the FCPA prohibits payments to foreign officials to obtain or retain business or secure an improper business advantage. Nevertheless, many US companies view franchisees as different from other types of more direct sales representatives, such as company sales representatives, agents, resellers or even joint venture partners, for the purposes of FCPA liability. 

I believe that such an analysis is misguided as the DOJ takes the position that a US company’s responsibilities extend to the conduct of a wide range of business venture partners, including franchisors. It does not take too great a leap of imagination to see that a franchise relationship could be contained within this interpretation. It does not take too many legal steps to see that a franchisee’s actions can impute FCPA liability to a US franchisor. 

There are other factors, unique to the franchise relationship, which would point towards FCPA liability of the US franchisor. A US franchisor’s intent and the degree of control it exercises over its overseas franchisees’ operations are factors the DOJ/SEC might consider in determining whether to pursue a FCPA case against a franchisor for bribes made by one of its foreign franchisees. It is always in the financial interest of a US franchisor for its franchisees to be successful businesses. Additionally, most US franchisors require its overseas franchisees to use the same company name for branding. Of course, not only the initial franchise fee but the franchisee’s monthly royalty payment roll up into the books and records of a franchisor so that might well catch the attention of the SEC if there is a FCPA books and records violation. 

Most franchisors have thorough financial vetting requirements before allowing any person or business to become a franchisee. However, how many of these same businesses perform FCPA compliance due diligence on their prospective overseas franchises? How many US franchisors have FCPA compliance training programs? How many evaluate, on an ongoing basis, the FCPA compliance and program of their overseas franchisees? How many US franchisors have a compliance hotline or other reporting mechanism for any compliance violations made against their franchisees? 

Victor Vital and Jessica Parker-Battle, writing in the Franchise Law Journal, Winter 2012 Issue, in an article entitled “Implications of the Foreign Corrupt Practices Act for International Franchising”, identified several different types of franchising models, all of which demonstrate potential FCPA risks. 

The direct-unit franchising model is perhaps the most commonly used model in the United States in which a franchisor sells one of its units at a time and has direct involvement with the franchisee. There is no third party involved in the operations between the franchisor and franchisee. Therefore, it is the franchisor's responsibility to handle training, marketing, supplies, and other support to the franchisee. Here the FCPA exposure is direct. 

The area development franchising model is used where the franchisor contracts with an area developer who operates multiple local franchises in a specified geographic area. It may or may not be exclusive. The area developer will have a contract agreement with the franchisor and then separate agreements with the area franchises. Here the FCPA exposure is both direct and indirect. 

The master franchising model is typically the most used model in international franchise expansion. It generally revolves around a master franchise agreement between the US based franchisor and a master franchise agreement in a specific geographic territory. This master franchisee then contracts with third-party sub-franchisees within the specified territory. Typically, the US-based franchisor will have no contractual relationship with the international sub-franchisees. The master franchisee acts as the franchisor in the local market recruits, trains, and provides other support in the local area on behalf of the US franchisor. Here the FCPA exposure is both direct and indirect. 

The authors believe that a franchisor may not have direct involvement in conduct prohibited by the FCPA, as there may not be the requisite corrupt intent required under the statute. However, I believe unless a franchisor has an adequate compliance program in place, a franchisor may well find itself in the shoes of Frederick Bourke and sustain a finding of conscious indifference. 

Three Key Takeaways

  1. Consider the different types of international franchise agreements to help assess your compliance risk.
  2. There are no reported FCPA enforcement actions involving international franchisors, yet.
  3. Franchisors must conduct thorough research in both the foreign market they hope to enter and on their potential franchisees. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 27, 2017

Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories, including: 

  1. Hui Chen details the failings of ISO 37001 on her blog, Hui Chen Ethics. Kristy Grant-Hart responds in the FCPA Blog. Henry Cutter summarizes the two positions in WSJ Risk and Compliance Journal. For additional perspective, see Tom’s blog post from February in the FCPA Compliance Report.
  2. DOJ convenes working group to boost corporate cooperation. See text of speech here.
  3. What is compliance contagion? Ben DiPietro reports in the WSJ Risk and Compliance Report.
  4. How IBM is using Big Data in FCPA compliance. See article in Just Anti-Corruption (sub. req’d)
  5. Transparency International UK has a new online tool to provide businesses with practical and in depth guidance on tackling bribery and corruption. See article by Rory Donaldson in the FCPA Blog.
  6. Matt Kelly considers the intersection of compliance and harassment in Radical Compliance.
  7. Astros come home tied 1-1 with the Dodgers. Will they close things out in Houston?
  8. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In October, I consider compliance with business ventures such as in the M&A context, joint ventures, distributors, channel ops partners, teaming agreements and all other manner of business venture. The fourth week I take a deep dive into compliance for different types of business ventures. This month’s sponsor is the Volkov Law Group. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  9. The Everything Compliance gang recorded a podcast at the 2017 Compliance and Ethics Institute, with special guest Roy Snell sitting in for Mike Volkov. The podcast went up Thursday October 26th and you can check it out here.
  10. AMI SVP Eric Feldman is speaking in Houston on November 2, at 1:30. If you are in Houston, please plan to join us. For more information see the GHBER website for details and registration.
  11. Jay previews his overdue Weekend Report.
Oct 26, 2017

In this episode, we report from the SCCE 2017 Compliance and Ethics Institute, which was recently concluded in Las Vegas. We are joined by Roy Snell, the President of SCCE. We all relate some of our highlights of this year's events and look at some of the most recent compliance and ethics stories which caught our collective eyes. Rants will return in our next episode. 

The members of the Everything Compliance panel include:

  • Jay Rosen (Mr. Monitors) – Jay is Vice President, Business Development and Monitoring Specialist. Rosen can be reached at rosen@affiliatedmonitors.com.
  • Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance and can be reached at mkelly@radicalcompliance.com.
  • Jonathan Armstrong – Rounding out the distinguished panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com.
  • Special guest in from the bullpen on this episode was Roy Snell, President and CEO of the SCCE.

 

Oct 26, 2017

Many compliance practitioners generally view distributors as a part of their third-party risk management program, with most of their attention to the pre-contract phase of the risk management process. Typically, most of the efforts are spent on due diligence with less on managing the relationship after the contract is signed.  However, many facets of a corporate relationship with a distributor are closer to those of other business venture partners. 

One of the issues in any compliance program is the compensation paid to a business venture partner as FCPA exposure arises when companies pay money - either directly or indirectly - to fund bribe payments.  In the traditional intermediary scenario, the company funnels money to a business venture partner, who then passes on some or all of it to the bribe recipient.  Often, the payment is disguised as compensation to the intermediary, and some portion is redirected for corrupt purposes.  

When companies grant distributors uncommonly steep discounts, bribes can result either: 1) because the distributor is instructed by the company to use the excess amounts to fund corrupt payments; or 2) because the distributor pays bribes on its own, without the express direction or implicit suggestion from the company to do so, to gain some business advantage. The 2012 FCPA Guidance, it noted that common red flags associated with third parties include “unreasonably large discounts to third-party distributors”.  The distributor enforcement cases offer lessons to combat the scenario, which is where legitimate companies require assistance.  

How can risk that distributors present be managed?  One mechanism is to install a distributor discount policy and monitoring system tailored to the company’s operational structure.  In virtually every business, there exists a range of standard discounts granted to distributors.  Under the approach recommended here, discounts within that range may be granted without the need for further investigation, explanation or authorization (absent, of course, some glaring evidence that the distributor intends use even the standard cost/price delta to fund corrupt payments).  

Where the distributor requests a discount above the standard range, however, the policy should require a legitimate justification.  Evaluating and endorsing that justification requires three steps: (1) relevant information about the contemplated elevated discount must be captured and memorialized; (2) requests for elevated discounts should be evaluated in a streamlined fashion, with tiered levels of approval (higher discounts require higher ranking official approval); and (3) elevated discounts are then tracked, along with their requests and authorizations, to facilitate auditing, testing and benchmarking.  This process also works to more fully operationalize your compliance regime as it requires multiple and increasingly upper levels of management involvement, approval and oversight.    

Capturing and Memorializing Discount Authorization Requests           

Through whatever means are most efficient, a discount authorization request (“DAR”) template should be prepared.  While remaining mindful of the need to strike a balance between the creation of unnecessary red tape and the need to mitigate risk, the DAR template should be designed to capture a given request and allow for an informed decision about whether it should be granted.  Because the specifics of a DAR are critical to evaluating its legitimacy, it is expected that the employee submitting the DAR will provide details about how the request originated (e.g., whether as a request from the distributor or a contemplated offer by the company) as well as explain the legitimate justification for the elevated discount (e.g., volume-based incentive).  In addition, the DAR template should be designed to identify gaps in compliance that may otherwise go undetected (e.g., confirmation that the distributor has executed a certification of FCPA compliance). 

Evaluation and Authorization of DARs 

Channels should be created to evaluate DARs submitted.  The precise structure of that system will depend on several factors, but ideally the goal should be to allow for tiered levels of approval.  Usually, three levels of approval are sufficient, but this can be expanded or contracted as necessary.  Ultimately, the greater the discount contemplated, the more scrutiny the DAR should receive.  Factors to be considered in constructing the approval framework include the expected volume of DARs and the current organizational structure.  The goal is to ensure that all DARs are vetted in an appropriately thorough fashion without negatively impacting the company’s ability to function efficiently. It also mandates the operationalization of this compliance issue into multiple disciplines within your organization. 

Tracking of DARs 

Once the information gathering, review and approval processes are formulated, there must be a system in place to track, record and evaluate information relating to DARs, both approved and denied.  This captured data can provide invaluable insight into FCPA compliance and beyond.  By tracking the total number of DARs, companies will find themselves better able to determine where and why discounts are increasing, whether the standard discount range should be raised or lowered, and gauge the level of commitment to FCPA compliance within the company (e.g., confirming the existence of a completed and approved DAR is an excellent objective measure for internal audit to perform as part of its evaluation of the company’s FCPA compliance measures).  This information, in turn, leaves these companies better equipped to respond to government inquiries down the road. 

Rethinking approaches to evaluating distributor activities is but one of the ways that the increased number of enforcement actions, 2012 FCPA Guidance and Justice Department’s Evaluation of Corporate Compliance Programs document have provided insight into how the government interprets and enforces the FCPA.  This information, in turn, allows companies to get smarter about FCPA compliance.  With a manageable amount of forethought, companies who rely on distributors can create, install and maintain systems which allow them to spend fewer resources to more effectively prevent violations.  Moreover, these systems generate tangible proof of a company’s genuine commitment to FCPA compliance, by more fully operationalizing this aspect of their compliance program.   

Many companies have been involved in FCPA enforcement actions because of distributors. This sales side channel does not receive the focus equal to that of commissioned sales agents. Yet it can present an equally large compliance risk. By using this DAR approach, you will have created a well-thought out process which will operationalize your compliance program around distributor compensation, in a manner which documents your decision-making calculus. 

Three Key Takeaways

  1. The creation of well-thought out process which operationalizes your compliance program around distributor compensation, in a manner which documents your decision-making calculus is key.
  2. Require multiple levels of approval for an out of range distributor discount.
  3. Tracking distributor discounts globally make your company more efficient. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 25, 2017

In this episode, I consider the book Multipliers: How the Best Leaders Make Everyone Smarter,  by Liz Wiseman, co-authored with Greg McKeown about the various types of leaders. They focus two different types of leaders, Diminishers and Multipliers. Multipliers are leaders who encourage growth and creativity from their workers, while Diminishers are those who hinder and otherwise keep their employees’ productivity at a minimum. The authors give what they consider to be solutions and guidance to the issues they bring up in the book. 

The book’s basic thesis is that multipliers increase, often exponentially, the intelligence of the people around them. They lead organizations or groups that are able to understand and solve hard problems rapidly, achieve their goals, and adapt and increase their capacity over time. On the other hand, diminishers literally drain the intelligence, energy and capability from the employees or team members around them. They lead groups that operate in silos, find it hard to get things done, seem unable to do what’s needed to reach their goals. 

Wiseman breaks multipliers into five disciplines in which they differentiate themselves from diminishers. The first is the Talent Magnet, who attracts and optimizes talent; the second is the Liberator, who creates intensity that requires an employee’s best thinking; next is the Challenger who extends challenges by having others do the hard lifting so that they can stretch themselves; next is the Debate Maker who facilitates a debate between his or her team which leads to a decision improving a process or issue; and finally is the Investor, who instills ownership and accountability with his/her employee base. Interestingly Wiseman believes that multipliers increase efficiency and productivity by two times. 

Diminishers also break down into five different prototypes. They are the Empire Builder, who is only interested in collecting very talented people around themselves so that they look good; next is the Tyrant, whose name is almost self-disclosing but ruins all those around them with their insistent criticisms; next is the Know-it-all who give directives simply to showcase how much they know limiting what their teams can achieve to what they themselves know how to do. This means the team must try to deduce, literally in the dark, the soundness of the decision instead of executing it; and finally, there is Micromanager, who generally believes they are only person who can figure something out and approach execution by maintaining ownership, jumping in and out of a project and reclaiming responsibility for problems which they have delegated. Diminishers usually reduce efficiencies by up to 50%. 

Some of the specific techniques Wiseman discussed were to identify not only what the skills are for those on your team but also what comes easily and natural to them. By doing so you can more effectively utilize their talents in implementing a compliance regime. Interestingly you can get employees to stretch through a technique Wiseman calls ‘supersizing’ which is the situation where you give someone a task that may be “one size too big” but allows them to grow into it. 

Mistakes are going to happen in any implementation. The same is true when you are operationalizing your compliance program. To overcome this Wiseman suggests a couple of leadership strategies. The first is to talk up your mistakes within the team for debriefing and analysis. The second is to actually make room for mistakes (think of a sandbox) where your team can experiment, take some risks and recover from the mistakes. 

I found her next point fascinating, which was to lead by asking questions. As a law student I was drilled by the Socratic method so asking questions is something I am quite comfortable with going forward. Basically, every question is answered by another question. Her technique of leading with questions works with all five categories of multipliers. The reason it is so successful is that people are smart, the not only want to get things right but they want to build and eventually they will figure out how to do it. It is not simply a case of getting out of their way. It is about guiding them with your expertise to come up with not only the right answer but a solution which will work. If you take this approach of leading by asking questions, you not only guidance the functional unit but you get greater buy-in to the entire concept and process as it becomes their process. 

I heartily recommend Wiseman’s techniques to you and her book for your library on leadership. Multipliers: How the Best Leaders Make Everyone Smarter,  can be purchased from a variety of online sites, including Amazon.com.

Oct 25, 2017

One area not usually considered around your business ventures is the financial health of the joint venture partner, teaming partner, strategic partner or any other type of business partner or relationship which might occur in a business venture. It turns out such an oversight may have some significantly ramifications for an accurate picture of a business venture partner. The financial health of a business venture partner as not only a key metric but also a key tool which allows a more robust assessment prior to contract signing and in managing the relationship after the contract has been signed. 

A business venture partner which is in a weakened financial position can come back to damage your business in a variety of ways. Obviously, a company which is under financial strain is more susceptible to cutting corners to obtain business. You can almost begin to see the fraud triangle forming at this point and a rationalization for committing a FCPA violation forming in the mind of a business venture partner. 

But it is more than simply being open to potentially illegal conduct such as violating the FCPA to get business. Cyber security is a very hot topic and will continue to be so for the foreseeable future. A company that, at the beginning of a working relationship, maybe onboarding or the due diligence procurement event, one may do a series of checks from a compliance and info security perspective and that company looks fine, it gets green lit and it comes on board as a business venture partner. Over time, if that business venture partner is weakening in its financial condition, the chances are likely that they are going to begin under-investing in maintaining the quality of their cyber security program. Over time, a business venture partner of your company may induce increased risks for a cyber security breach, because that business venture partner is weakening and are not managing the financial condition of it on an ongoing basis. This might lead to a catastrophic failure such as with Equifax where the miss a leading indicator of that cyber security problem, fail to implement a software update or patch then it is too late. It has the impact to effect revenue, effect reputation and indeed your ability to do business together moving forward.   

A database of financial health is important because “traditional risk management has focused more on protecting downside risk and detecting downside risk is being able to understand where a company or a partner exists on a spectrum of risks that can be from poor to really good, and that means a user of our data is in a position to be able to do more than just protect from a company’s failing for one reason or another, but be able to align with the strongest partners and that creates resiliency and a business venture partner ecosystem”. 

This is considering your third parties in much broader manner which allows a more robust assessment of their strengths and weaknesses. The financial health of a business venture partner may tell you how well that business venture partner will perform. Such information can be useful to you for business planning, particularly around strategic risk. Understanding the financial viability of third parties, be they traditional vendors, business partners, or even fourth parties, can help you meet your compliance requirements, maintain operational stability, through the avoidance of business disruption and support business continuity initiatives. Even better, you can cut through siloes to develop risk management strategies across multiple business functions. 

This moves compliance into the business process cycle, creates greater efficiencies and at the end of the day, more profitability. This type of approach allows the compliance function to demonstrate solid return on investment going forward. It also allows compliance to cut through many corporate siloes including such disciplines as business development, supply chain or procurement, manufacturing and finance. 

Continuous improvement through monitoring of ongoing financial health is a tool where technological solutions can have an impact. Understanding the financial viability of third parties can help the compliance practitioner meet the Department of Justice (DOJ) requirement to more fully operationalize a compliance program. It can also lead to more and better operational stability and with that ever-sought increase in corporate profitability. As compliance moves into the business process, this type of review should become part of your compliance toolkit going forward. 

Three Key Takeaways

  1. What is the financial health of your business venture partners? Do you even know?
  2. Poor financial results can open a business venture partner to engaging in risky behavior.
  3. Financial health monitoring is a key tool in maintaining ongoing monitoring of business venture partners. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 24, 2017

One area not often considered by the CCO as a key part of any compliance regime is the corporate Controller. The Controller generally has the responsibility to accurately record and report the financial transactions of the company, to design, implement and execute the financial processes and controls of the company to be both effective and efficient, and to safeguard the financial assets of the company. Some of the compliance responsibilities of the Controller include: (1) Designing and implementing internal controls that impact ethics and compliance risks; (2) Accurately recording the financial transactions of the company; and (3) Preventing and detecting fraudulent activity. All of this means, in practical terms the Controller is both being the keeper of the books and records and the implementer of internal controls. Moreover, while many of these internal controls would most probably be viewed financial internal controls, there are additional internal controls which are not financial in nature. 

Russ Berland, the Chief Compliance Officer at Dematic has noted, “Those guys live really in the battle zone. They are constantly looking at financial transactions. They’re evaluating them. They’re figuring out where things go within the books and records. They are implementing the processes that should be keeping fraud from happening; keeping bribery and corruption from happening.” 

This means that not only can the Controller be one of the compliance function’s strongest corporate allies, the role of a Controller by its nature works to operationalize compliance. This is because to implement the appropriate internal controls around compliance, the Controller must know the specific requirements of the FCPA, know what kinds of issues are likely to come up that might create a risk of bribery and corruption, all leading to an appropriate understanding of the appropriate compliance internal controls to implement. 

This is most particularly true around offshore payments, which are generally defined as payments made to a location other than the home domicile of the party or the location where the services where delivered. If a Tunisian agent who performs services in Dubai asks for payment in a location other than Dubai or Tunisia, that would qualify as an offshore payment. If you train people who are in the Controller’s group on this issue, “all of a sudden you’ll get someone in the Controller you will pick up the phone and call compliance and say ‘Hey, we just saw a request for a payment to this guy in this Middle Eastern country and we’re just not sure what it’s for.’ That’s where the controls are really working, as opposed to that person just really dealing with it on an administrative level instead of keeping your antenna up.” Those are the types of communications, when properly documented, demonstrate that your compliance program is operationalized into the fabric of the organization. 

Another way to view it is if there is a Controller control for such a scenario which notes the exception and requires the clearance of a red flag through additional investigation, elevation for approval and documentation of the entire process. This is a financial control which acts as a compliance control as well. It strengthens the company’s internal controls to both prevent and detect key compliance risks going forward.  

Another area would on a company’s Vendor Master List (VML). Some obvious internal controls are that no person or business venture partner gets paid unless they are properly on the VML; no person or business venture partner is admitted to the VML unless they have gone through the appropriate level of due diligence, which varies by task, function and country. The Controller can also put internal controls in place to prevent workarounds, which are always a bête noir for compliance. Such t financial controls also include those around the manual check process and your internal requirements for international wire transfers. Finally, even to this day petty cash continues to be a source of funds to fuel bribery and corruption. The Controller is on the front lines for petty cash. 

These issues are usually dealt with internal controls viewed as specific to controlling the outflow of money to business venture partners. These controls are housed in the Controller’s domain and are generally ‘owned’ in a corporation but the Controller’s function. Additional benefits to the corporate compliance function include the retrieval and analysis of financial data and design of internal controls. It allows the compliance function to rely on actual financial expertise rather than “home grown” financial expertise within the compliance department. It extends the compliance function influence through the Controller. Finally, the compliance function is made aware of relevant concerns found by recording transactions, executing internal controls and financial monitoring. 

These benefits are not a one-way street for compliance as a Controller benefits from a closer relationship with the corporate compliance function as well. The Controller can leverage compliance resources. The compliance function can bring its observations and insights from investigations and emerging risks to the Controller. A closer collaboration will broaden awareness of compliance risks which relate to the company’s financial processes. By more fully integrating compliance into the Controller function a more robust picture of enterprise risk emerges, one which encompasses legal, compliance, ethics, internal controls, financial, business and governance risks. 

Three Key Takeaways

  1. CCOs need to integrate the function of the Controller into their compliance regime.
  2. Offshore payments must be flagged for further investigations.
  3. The Controller is both the keeper of the books and records and the implementer of internal controls. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 24, 2017

Tom Fox: Welcome to Episode 4 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we will focus on typical myths and mistakes regarding compliance trainings. We will do it in plain language so to say and in the simple game form. Moreover, to make the podcast handy and more appealing we attach respective illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts or more accurately misconceptions from in-house compliance reality. We check out if these concepts work at emerging jurisdictions. For each podcast, we divide roles with Timur, a practitioner who focuses on embedding compliance programs at high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince audience that that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Myth #1 Compliance training is not an entertainment. It is a very serious thing. Such trainings are about anticorruption, criminal enforcement and consequently could be delivered only by legally trained compliance team members.  Tim, do you agree with this statement?        

Tim Khasanov-Batirov: It is a very typical assumption. Let’s see what pros we have:   

Argument #1.

Obviously, the training should cover anticorruption matters based on corporate rules, local and applicable extra-territorial legislations (like FCPA, for instance). Referring to relevant enforcement cases from the specific industry is vital to make training close to reality. Should we have as trainers only lawyers from compliance team? I would say, yes. Lawyers are expected to know and naturally are close to such things as legislation, corporate rules and alike;

Argument #2.

Now let’s discuss if compliance training could be delivered in entertaining form. As we remember, Tom, may be 10 years ago compliance trainings were supposed to be dull and lengthy. They were so to say the best cure to fight insomnia. Now we have the opposite situation. In attempt to be modern, we have appealing, funny and entertaining compliance shows. The problem is that the content of training in many such cases become something secondary after the form of delivery;

Thomas:  I think, Tim that there are some cons here as well: 

Argument #1 is about having only lawyers as compliance trainers.

I believe for some audiences’ deep knowledge of regulations is not needed. This might be a case for instance when audience should understand just basic rules. Therefore, you can deploy HR team or non-lawyers from compliance department to conduct session for the staff. Moreover, lawyers tend to train employees as if they were talking to other lawyers, which is usually not the case for compliance and ethics training.

Argument #2 is about entertaining. I think the best way is to define what specific matters should be communicated and what are the best ways to do it for the target group. The answer on how to do training basically depends on corporate culture. I think the main test is whether compliance practitioner can deliver the message or no matter in what form.        

Tim: Tom, I agree with you. As we have started to talk about trainings maybe we can refer to the topic of their evaluation or as you might say in the US, their effectiveness?    

Tom: Good idea, Tim. We can formulate the next concept or maybe misconception in the following way: 

Myth #2“Do not complicate things, there is no need to evaluate compliance trainings. It is just about communicating the rules”. Tim, will you agree with this concept?  

Tim: I strongly disagree with this concept. 

To start with, training will be evaluated by participants informally. If compliance training is about rules which are irrelevant to participants or compliance session is not tailored per audience people will notice that. This situation is depicted in Episode 3 of Compliance Man comics series. Unfortunately, it is a typical problem of global companies. It looks like that: there is a requirement to conduct compliance training for local personnel using standard presentation from the HQ.  A local compliance officer conducts this training. Formally, everything is fine. In reality, participants understand nothing.

Even if you are not fan of training evaluation or it does not work in your situation for some reason here is a tip. First, do the homework and learn about the department for which you are going to conduct training. Talk to key managers to explore specifics of department’s activity, which are relevant to topic of compliance training. This will help you to tailor the session for that audience. I also strongly recommend engaging supervisor of this unit to be your co-speaker at the training session. People will follow what their boss it is telling them to do. In our case that will be compliance requirements.    

What are your views on necessity to evaluate compliance training, Tom?

Tom: I have some thoughts, which might look controversial at first sight but hopefully could be of value to compliance practitioners:

The first thing is about illusions. As you fairly depicted in Compliance Man Illustrated the feedback or evaluation of the training will pop up anyway. It will be communicated among personnel informally.   Probably you will never learn about it. Another situation, which comes to my mind. If there is colleague from compliance team or Legal man (as in the Illustrated series) who supports you he will tell you that everything was just perfect. This could be illusion as well.          

Argument #2.

Having said all that, be sure that if you are going to evaluate the training you must formulate very specific questions to avoid general answers from participants of no practical value. Some companies demand to identify the name of the participant in the training evaluation survey. Obviously, in this case you will not get impartial answers.   

But this evaluation of effectiveness is critical as the regulators, literally from across the globe, are now focusing on your compliance training program’s effectiveness. This means you must not only design appropriate questions but also test the questions and responses in a way which gives you real answers. Of course if these questions show your training is not effective, you must use that same information to revise your training so that it is effective.      

Tim: Agreed, Tom. As key takeaways from today discussion, I think we can mention the following:

  • Compliance training should not be of formal and irrelevant to audience nature. Find ways to tailor your session so your messages will be delivered and appreciated by the audience.

Thomas: Fair enough, Tim. It looks to be a practical tip. Tom Fox and Tim Khasanov-Batirov were here for you.   Join us for the next episode of Compliance Man Go Global episode of FCPA Compliance Report International Edition.  Let’s bust more corporate compliance myths with us.

Oct 23, 2017

 

Do FCPA considerations come into play for customers? How should you think about your obligations under the FCPA for a group not traditionally associated with FCPA liability or even FCPA risk? These questions and perhaps others are raised by the FCPA investigation into certain transactions in Venezuela by Derwick Associates and a US company ProEnergy Services. ProEnergy Services supplied turbines that Derwick Associates resold to the Venezuelan government and then installed in that country. This investigation demonstrates why businesses need to be more concerned with not only who they do business with but how their customers might be doing business. In banking and financial services parlance, you now need to ramp up your Know Your Customer (KYC) information to continue throughout a seller-purchaser relationship, in the context of the FCPA. 

A good starting point is the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) rules on customer due diligence. While they deal specifically with banks, brokers-dealers, and mutual funds, they inform the broader number of US commercial enterprises doing business outside the United States. They emphasize that AML programs should have four elements: 

  1. Identify and verify the identity of customers;
  2. Identify and verify the identity of beneficial owners of legal entity customers;
  3. Understand the nature and purpose of customer relationships; and
  4. Conduct ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions. 

Clearly any anti-corruption compliance based due diligence would focus on point 2. A definition of “beneficial owner” should have two prongs: 

  • Ownership Prong: any individual who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25% or more of a legal entity customer, and
  • Control Prong: An individual with significant responsibility to control, manage, or direct a customer, including an executive officer or senior manager; or (ii) any other individual who regularly performs similar functions. 

Under point 3, company needs to “Understand the nature and purpose of customer relationships”. The regulation further explained “to gain an understanding of a customer in order to assess the risk associated with that customer to help inform when the customer’s activity might be considered “suspicious.”” Such an inquiry could help a business to “understand the relationship for purposes of identifying transactions in which the customer would not normally be expected to engage. Identifying such transactions is a critical and necessary aspect of complying with the existing requirement to report suspicious activity and maintain an effective AML (or anti-corruption compliance) program.” 

The final point 4 relates to ongoing monitoring. Once again consider the position of the US Company, ProEnergy Services, in the Derwick Associates FCPA investigation. What can or should it have done in the way of ongoing monitoring of its customer. The regulation stated, “industry practice generally involves using activity data to inform what types of transactions might be considered “normal” or “suspicious.”” It may be that the Derwick Associates types of transactions were suspicious. 

FinCEN understands that information from monitoring could be relevant to the assessment of risk posed by a customer. The requirement to update a customer’s profile because of ongoing monitoring, including obtaining beneficial ownership information for existing customers on a risk basis, is different and distinct from a categorical requirement to update or refresh the information received from the customer at the outset of the account relationship at prescribed periods. Lastly “the obligation to understand the nature and purpose of customer relationships, monitoring is also a necessary element of detecting and reporting suspicious activities”. 

There does not have to be a direct bribe or other corrupt payment made by a US company to have liability under the FCPA. FCPA enforcement is littered with companies that have paid bribes through third parties. However, as the Fifth Circuit said in Kay v. US, “[W]e hold that Congress intended for the FCPA to apply broadly to payments intended to assist the payor, either directly or indirectly,” [emphasis mine]. While at first blush, ProEnergy Services may appear to be at the edge of potential FCPA liability; if it knew, had reason to know, or should have taken steps to know about some nefarious conduct by its customer, it does not take too many steps to get to some FCPA exposure. The FinCEN rules on customer due diligence for financial institutions are a good starting point for other commercial entities to base their compliance program for customers around. 

Three Key Takeaways

  1. Non-banking and non-financial service entities need to consider their KYC obligations in the context of FCPA risk.
  2. FinCEN rules on customer due diligence are a good starting point for the non-financial institution.
  3. Ongoing monitoring should be used and the information incorporated into your customer risk profile going forward. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 23, 2017

In this episode, I visit with Vin DiCianni, President and Founder of Affiliated Monitors, Inc. We discuss the recently announced strategic alliance between Affiliated Monitors, the US’s premier independent compliance monitoring/evaluation company and RS Legal Strategy Limited, a UK Q.C. led legal one stop shop white collar crime and fraud boutique.  We discuss the strengths that at party brings to this new business venture and what they hope to achieve. 

We use this new strategic alliance as a mechanism to discuss how companies can take a more pro-active approach to addressing their ethics and compliance deficiencies comprehensively, through the efforts of an independent advisor. When an independent monitor is utilized, there is a much greater likelihood that a successful outcome and improved practices will be achieved. 

Through the combination of RS Legal’s expertise in UK enforcement actions, taken with AMI’s pro-active global ethics and compliance approach, you begin to see how an independent review can facilitate the operationalization of compliance from the detect prong to the prevent prong into more of a prescriptive approach.  We explore how investigations and monitoring, when used pro-actively, can increase the likelihood of any of a corporate client securing a beneficial outcome resulting from ongoing investigations. 

This podcast continues the theme I have been following on the evolution of best practices compliance program, continually moving away from the simple paper program approach articulated by some. The Justice Department’s Evaluation of Corporate Compliance Programs is designed, in large part to get companies to think about and ask questions about their compliance program. The proactive use of a monitor is one of the key innovations in this path. 

For more information, Vin DiCianni can be reached at vdicianni@affiliatedmonitors.com.

Oct 20, 2017

In this episode, Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories, including: 

  1. We discuss our highlights from the recently concluded SCCE 2017 Compliance and Ethics Institute. See Tom’s blogs, here, here, here and here. Click here for a report from Matt Kelly.
  2. Mike Volkov explores ISO 37001 in a week-long series. See the full week’s series on his site, Corruption Crime & Compliance. Henry Cutter reports on the standard’s slow acceptance in the WSJ Risk and Compliance Report.
  3. What is the status of your Board’s training for compliance? Ben DiPietro reports in the WSJ Risk and Compliance Report.
  4. Italian prosecutor charges Shell and former execs with overseas bribery. Dick Cassin reports in the FCPA Blog.
  5. Revenue recognition rules change in December. Auditors are under orders to ‘show no mercy’ to companies which have not prepared for the changeover. Tammy Whitehouse reports in Compliance Week.
  6. Continued chaos in the Trump Administration. Matt Kelly is back with addition ethical considerations from HHS Secretary Tom Price in Radical Compliance.
  7. Astros come home down 3-2 to the NY Yankees. Will they overcome?
  8. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In October, I consider compliance with business ventures such as in the M&A context, joint ventures, distributors, channel ops partners, teaming agreements and all other manner of business venture. The third week I continue to take a deep dive into JVs under the FCPA. This month’s sponsor is the Volkov Law Group. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  9. The Everything Compliance gang recorded a podcast at the 2017 Compliance and Ethics Institute, with special guest Roy Snell sitting in for Mike Volkov. The podcast will go up Thursday October 26th.
  10. Tom premiers an exciting new service offering the Doing Compliance Master Class.
  11. AMI SVP Eric Feldman is speaking in Houston on November 2, at 1:30. If you are in Houston, please plan to join us. For more information see the GHBER website for details and registration.
  12. Jay previews the Rosen Weekend Report.
Oct 20, 2017

As I conclude this section on joint ventures, I want to emphasize again the risk they pose under the FCPA. Mike Volkov has stated, “A joint venture requires the integration of disparate company cultures. It can be successful, and is usually one of the significant reason for the joint venture itself.” Both parties should assess each other and decide that the joint venture is a good fit, meaning that each side will benefit. Too much time is spent on looking at the joint venture partner’s compliance toolbox (e.g. policies, procedures, and controls), and not enough time is spent on identifying compliance strengths and weaknesses. You must bring it all together with one format.

While the 2012 FCPA Guidance only provided that “companies should undertake some form of ongoing monitoring of third-party relationships”. This means that you must have an experienced compliance and audit team, actively engaged in the corporate office and in the business units, to ensure that financial controls and compliance policies are followed and that remedial measures for violations or gaps are tracked, implemented and rechecked, as additional detection and prevention. Caldwell noted it is a more encompassing “sensitization” to anti-corruption compliance that is needed. There are several ways for you to do so in a joint venture relationship. 

The starting point for the both the compliance and business management of a joint venture, is a Relationship Manager for every joint venture with which your company does business. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the joint venture. Some of the duties of the Relationship Manager may include:

  • Point of contact with the joint venture for all compliance issues;
  • Maintaining periodic contact with the joint venture;
  • Meeting annually with the joint venture to review its satisfaction of all company compliance obligations;
  • Submitting annual reports to the company’s Compliance Oversight Committee summarizing services provided by the joint venture;
  • Assisting the company’s Compliance Oversight Committee with any issues with respect to the joint venture.

Just as a company needs a subject matter expert in compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, joint ventures also need such access to such a resource. A joint venture may not be large enough to have its own compliance staff so a company should provide such a dedicated resource to joint venture, if so required. I do not believe that this will create a conflict of interest or that there are other legal impediments to providing such services. The US partner can also include compliance training for the joint venture, either through onsite or remote mechanisms. The compliance professional should work closely with the Relationship Manager to provide advice, training and communications to the joint venture. 

A company should have a Compliance Oversight Committee review all documents relating to the full panoply of a joint venture’s compliance program. It can be a formal structure or some other type of group but the key is to have the senior management put a ‘second set of eyes’ on any joint ventures. In addition to the basic concept of process validation of your risk management of joint ventures, this is a manner to deliver additional management of that risk going forward.

After the commercial relationship has begun the Compliance Oversight Committee should monitor the joint venture on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplemental risk associated with any negative information discovered from a review of financial audit reports on the joint venture. The Compliance Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company’s of joint venture’s Code of Ethics. In addition to the above remedial review, the Compliance Oversight Committee should review all compliance-impacted payments by the joint venture to assure such payment are within the company guidelines and are warranted by the contractual relationship with the joint venture. Lastly, the Compliance Oversight Committee should review any request to provide the joint venture any type of non-monetary compensation and, as appropriate, approve such requests.

A key tool in managing the affiliation with a joint venture post-contract execution is auditing. Audit rights are a key clause in any compliance terms and conditions and must be secured. Your compliance audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed. Noted fraud examiner expert Tracy Coenen described the process as (1) capture the data; (2) analyze the data; and (3) report on the data, which is also appropriate for a compliance audit. 

In addition to monitoring and oversight of your joint ventures, you should periodically review the health of your joint venture management program. The robustness of your joint venture management program will go a long way towards preventing, detecting and remediating any compliance issue before it becomes a full-blown FCPA violation. As with all the steps laid out, you need to fully document all steps you have taken so that any regulator can review and test your metrics. The Evaluation of Corporate Compliance programs lays out what the DOJ will be reviewing and evaluating going forward for your compliance program. You should also use these metrics to conduct a self-assessment on the state of your compliance program for your joint ventures. 

Three Key Takeaways

  1. It all starts with a Relationship Manager.
  2. Have company oversight of all joint ventures. Couple this with a Compliance Oversight Committee for a second set of eyes.
  3. Audit, monitor and remediate (as appropriate) your joint ventures on an ongoing basis.

What is your process for managing the compliance risk in international joint ventures.

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 19, 2017

In this episode, I visit with branding expert Linda Justice. We discuss the role of a Board of Directors in corporate branding. We discuss ‘what is branding?’ 

  • Perception of a company?
  • The customer experience?
  • The stakeholders’ experience?
  • Investors experience?
  • Employees experience?
  • Is it found in print, advertising, word of mouth?
  • Or is it LIVE—as in Twitter, Customers complaining or praising in real time? 

Linda explains how branding is all of these things. She explains why a Board should care about branding as it helps to grow the company and protects (or harms) the company’s reputation. She also explains how With a STRONG BOARD and a STRONG ETHICAL BACKBONE and CULTURE, this enhances branding for Customers, Employees and other stakeholders. Justice also relates that a company grows on the strength of its employees and on customers buying their products and services and concludes on the note that ethics must be part of the brand to sustain and grow both.

Oct 19, 2017

Joint ventures provide many FCPA risks that other types of business relationships do not bring. For instance, the joint venture may interact with foreign government officials or employees of a state-owned enterprise; then leverage those relationships for an improper benefit either contracts, regulatory licenses, permits or customs approvals. It is difficult to regulate a joint venture’s interactions with foreign government officials when you partner is a state-owned enterprise, or where your company is relying on the local company for its local contacts and expertise for business development and/or regulatory knowledge and experience.

The risks are compounded when the US company does not exercise control of the joint venture. This is further compounded by the fact there is no minimum threshold for a FCPA enforcement action against a US company for the actions of a joint venture in which it holds an interest. If a company holds something less than majority rights, it must to urge, beg and plead for the majority partner to adhere to anti-corruption compliance standards and controls. Often, these requirements are established in the joint venture agreement but the success in securing such contract protections depends on the importance of the global company to the joint venture itself.

Another set of issues comes from the joint venture when it seeks to retain third party agents and/or distributors. Depending on the amount of control, the US company usually can impose its set of standards for conducting due diligence of third party agents and distributors. These risks become more difficult when the joint venture partner brings to the joint venture a proposed third party agent or distributor and vouches for the agent or distributor. If the joint venture partner is a state-owned enterprise, the issues become even more complicated as such referral creates an obvious red flag for a government-sponsored referral.

Now add on the fact that the foreign joint venture partner may not be proficient in English as a first language. The US company may not have financial personnel with requisite language skills in the foreign country. Some companies have a policy that English will be used throughout the world in its business dealings. However, even with such an English only policy in place, the risks represented by such lack of effective oversight by the multinational extend not only to potential FCPA violations, but to other corrupt acts, including kickbacks, fraud and theft.

At this point you have engaged in due diligence prior to the create of the joint venture agreement. The agreement itself has a robust set of compliance terms and conditions, including the right to audit. Mike Volkov has called the exercise of the right to audit one of the key elements in the risk management process around joint ventures. He advocates that any audit take a deep dive into the payments made by the joint venture to a wide range of persons and entities, including agents, suppliers, customers or any others. This would be particularly important for payments made to do business or otherwise operate legally in the joint venture’s locations. This means there should be an inspection of the joint ventures books and records to see if facilitation payments are properly recorded as facilitation payments.

Volkov noted that one interesting area which requires greater review is around payments to colleges or universities outside the US. If there are payments for research or other projects you need to audit the payments and services with an eye towards determining that the rate paid is not out of line with the local payment rate. The same holds true around gifts and entertainment as the local tradition of your foreign partner may be quite different than the expectations of an American company operating in a country such as China.

Another area for audit is if the foreign partner receives a management fee, which can be used for improper purposes. Several FCPA enforcement actions were based on this or similar payment schemes. Such fees may simply be based upon a percentage of joint venture revenue or profit, and often are not required to correspond to defined tasks, or specific efforts or hours. Most usually, there are no substantive billings associated with such fees, they simply become due. Under this type of arrangement, it is almost impossible to justify this fee if requested by the DOJ. If the foreign partner does receive such a fee, this will need to be closely scrutinized in the audit process.

Volkov advocates using a wide-range of investigation techniques in any audit of a foreign joint venture. He said that a trip to the joint venture headquarters is mandatory, as are onsite interviews with key joint venture personnel such as joint venture CEO, CFO, head of audit, head of HR and compliance. A key interview is always the head of sales for the joint venture and any head of sales who might deal with foreign governments or state-owned enterprises. Phone interviews can be used to supplement these in person interviews where appropriate.

Volkov stated that “what we were trying to put together was a product that can stand up to subsequent scrutiny, particularly by the Justice Department and the SEC.” Yet there are other key reasons for the audit; these include education, training and communication. Every time you meet with someone, you have the chance to not only listen to them but give them information on the compliance program and expectations thereunder. Equally important is the ease and (hopefully) comfort the participants in the joint venture will feel about your compliance efforts and their compliance obligations going forward.

As a baseline, I would suggest that any audit of a joint venture include, at a minimum, a review of the following:

  1. the effectiveness of existing compliance programs and codes of conduct;
  2. the origin and legitimacy of any funds paid to Company;
  3. books, records and accounts, or those of any of its subsidiaries, joint ventures or affiliates, related to work performed for, or services or equipment provided to, Company;
  4. all disbursements made for or on behalf of Company; and
  5. all funds received from Company in connection with work performed for, or services or equipment provided to, Company.

If you want to engage in a deeper dive you might consider evaluation of some of the following areas:

  • Review of contracts with joint ventures to confirm that the appropriate FCPA compliance terms and conditions are in place.
  • Determine that actual due diligence took place on the joint venture.
  • Review FCPA compliance training program; both the substance of the program and attendance records.
  • Does the joint venture have a hotline or any other reporting mechanism for allegations of compliance violations? If so how are such reports maintained? Review any reports of compliance violations or issues that arose through anonymous reporting, hotline or any other reporting mechanism.
  • Does the joint venture have written employee discipline procedures? If so have any employees been disciplined for any compliance violations? If yes review all relevant files relating to any such violations to determine the process used and the outcome reached.
  • Review employee expense reports for employees in high-risk positions or high-risk countries.
  • Testing for gifts, travel and entertainment that were provided to, or for, foreign governmental officials.
  • Review the overall structure of the joint venture’s compliance program. If the company has a designated compliance officer to whom, and how, does that compliance officer report?
  • How is the joint venture’s compliance program designed to identify risks and what has been the result of any so identified?
  • Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the joint venture.
  • Regarding any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and apply analytical procedures and testing.

Finally, is your follow up after the audit. If there are any red flags which were not fully investigated during the audit process, that must be accomplished in this phase. Additionally, if there were action items for remediation they should be completed in a timely manner. There may be some issues which may bear greater scrutiny during the year, such as gift, travel and entertainment expenses which can be noted as well. 

Three Key Takeaways

  1. Joint Venture present unique risks FCPA risks and must be managed accordingly.
  2. Your final report needs to consider the final viewer of the document, potentially the DOJ or SEC.
  3. Be sure to follow up on any red flags raised but not cleared and action items for remediation or additional scrutiny.
Oct 18, 2017

Numerous US companies have come to FCPA grief for their overseas joint ventures and the continue to be a bane for many companies under the Act. There are some basic compliance terms and conditions which should be considered for any foreign joint venture agreement to help US companies manage these compliance risks.

As a starting point, it is important to have compliance terms and conditions, these reasons can include some of the following: (1) to set expectations between the parties; (2) to demonstrate the seriousness of the issue to the non-US party; and (3) to provide a financial incentive to do business in compliant manner.

  1. Prohibition of all forms of bribery and corruption. Many foreign joint venture partners may not understand that the FCPA applies to them if they partner in a business relationship with a US company. Further, they do not understand that they may be governmental officials under the FCPA. This all must be spelled out for them so you should have language regarding the following:
  • Prohibition of all forms of bribery and corruption, but you should be careful to make note that FCPA is broader than simple bribery; it includes hospitality/gifts/entertainment/travel as well.
  • Affirmation of FCPA compliance, this should be in writing and it should also require that the non-US party understand or have familiarity with the FCPA, as well as that they will comply with the tenets of the FCPA.
  • Agreement to comply with local laws and customs regarding anti-bribery and anti-corruption in the jurisdiction where it is located and/or does business. 
  1. Right to Cancel and Recoupment rights. These should include the following:
  • Right to cancel the contract if there is a compliance violation or breach of contract because that allows you maximum flexibility.
  • Withhold any payments due.
  • Allow for disgorgement of any monies previously paid under the agreement.
  • Take any other action you think necessary or appropriate. 
  1. Duties
  • Spell out exact duties and deliverables of the Joint Venture.
  • Employees of the joint venture have continuing duty to adhere to training.
  • There will be updated due diligence performed on the JV partner.
  • There is an ongoing duty to report changes in ownership structure of any non-US partner. This includes changes in corporate structure and/or corporate leadership. There must be immediate notification to the US company and it is particularly important when government changes.
  • Require that the joint venture follow generally accepted accounting principles (GAAP), and conduct an annual audit by an agreed upon independent accounting firm.
  • Prohibit the creation of any funds without the approval of the joint venture’s governing body (supermajority approval in the case of minority interest by the multinational).
  • If the foreign joint venture partner has day-to-day management responsibilities, require dual signatures for checks or electronic funds transfers drawn on joint venture bank accounts.
  • Require that the joint venture conduct investigative due diligence on agents, consultants and other third parties retained by the joint venture.
  • Require the implementation of a code of business conduct by the joint venture and implement an anonymous reporting mechanism for joint venture employees. 
  1. Audit Rights – these are an important tool in your joint venture risk management process and must be included in any joint venture agreement. In addition to putting your JV partner on notice that you are not simply willing to look the other way once the agreement is signed, it is an active acknowledgement that there will be ongoing transactional review during the term of the joint venture agreement. If any illegal payments are made or discovered the US company should retain full access to the audit trail which it can then turn over to the proper authorities. Additionally, the joint venture should have the right to audit any agent(s) it may hire for its own use. 

If you have audit rights you must exercise them. The same calculus is true for termination rights. If you have a good faith belief that your JV-US partner has violated the FCPA, you better exercise your right to terminate. If you do not do so, your US company will probably be in more hot water with the DOJ. 

  1. Prohibited Parties - the Joint Venture will not deal with US designated Prohibited Countries, Prohibited Parties or any other persons or entities on any such OFAC prohibited list.
  2. Certifications-you should specify that the foreign partners will annually, personally, certificate that they have not violated the FCPA on any matters relating to the joint venture, are aware of no FCPA violations by the joint venture which they have not previously reported and have received and understood annual FCPA training.

Lastly one area which is continuing to be problematic is that of how to make payments. Some of the tools to manage this risk are the following:

  • Always try to make payments via wire transfer.
  • No large upfront payments unless designated for legitimate start-up expenses.
  • Pay only to the named company, not unknown third parties.
  • Payment in local currency, however you can pay in USD. The key is consistency in how you are paying and your documentation.
  • Pay where the agent’s country of residence or where the work is done.

All the above steps should be taken only after extensive due diligence has been completed. After the contract is signed your company will have to work just as hard to keep the compliance program for any joint venture robust and meaningful. However, with these terms and conditions in place, you will have a chance to maintain your FCPA obligations and to manage the risk that is involved when working jointly with non-US companies.

Three Key Takeaways

  1. Failure to secure appropriate compliance terms and conditions in a JV agreement can cause great FCPA risk for a US company.
  2. Certifications are important requirements to obtain.
  3. Audit rights must be secured and equally importantly, exercised.

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 18, 2017

In this episode, I visit with Dan Norris, Director of Training for Holt Development Services. Dan Norris is a lively, energetic and effective presenter who specializes in the science of ethical influence. He is one of only a few individuals worldwide who currently hold the CMCT designation, a specialization in the psychology of persuasion–earned directly from Dr. Robert Cialdini, the leading authority on the subject. Dan helps organizations take the latest scientific research out of the laboratory and apply it in their own day-to-day sales, leadership, and customer service applications.  

Dan has a philosophy that focuses on employee development—investing only in tools, training, coaching, and outcome assessments that have been shown to positively change behavior. When not speaking and training, Dan is responsible for furthering Holt’s highly successful Values Based Leadership© programs. These programs evolved from over a decade of effective application within Holt companies and other client organizations, and Dan continues to play an integral role in its design and growth. 

We discuss the work of the Holt Development company and how it interacts with other organizations. He explains what makes the method work for such a disparate group of organizations: from non-profits to commercial businesses to sports franchises, including his work with the San Antonio Spurs. Dan discusses the work on influence by Bob Cialdini informs the work of Holt Development. 

Click here for more information on Holt Development Services and here for more information on Dan Norris.

Oct 17, 2017

When you bring two entities together to operate jointly, there are several difficult issues to analyze. For the US company operating under the FCPA, there must be an adequate business justification for a joint venture with a specific partner, all in writing and approved by an appropriate level of the organization. At this point, the US company must engage in a due diligence review of the proposed JV partner.

Mike Volkov has noted this is where the due diligence process comes into play. The due diligence process should be built on principles like those involving third parties. The procedure should be robust, documented and address all potential risks involved. A company should use its due diligence review of the JV partner to proper assess and uncover any corruption risk. Using this due diligence and its evaluation, you can then move to contractual clauses, certifications, representations and warranties from a JV partner or insist on other remedial measures to minimize its risk exposure.

Dennis Haist, the General Counsel and Chief Compliance Officer at Steele Compliance Solutions, Inc. in an article entitled, “Guilt by Association: Transnational Joint Ventures and the FCPA laid out some of the specifics that you should ask for in a due diligence review of prospective JV partners.

  1. Entity information
  • Entity name, DBA, previous names, physical address and contact information, website address.
  • Legal structure, jurisdiction of organization, date organized and whether the entity is publicly traded.
  • Entity registration number(s), and dates and places of registration; number of years in business.
  • Entity tax licenses, business licenses, or certificates or commercial registrations.
  • Description of business, customers, industry sectors.
  • Names, addresses and jurisdictions of formation for all companies or other affiliated entities, and ownership interest in each.
  • Names and contact information for main point of contact.
  • Names and contact information for entity’s outside accountants/auditors and primary legal counsel.
  1. Ownership information
  • Name, address, nationality, percentage of ownership and date of acquisition for each parent company up to ultimate parent.
  • Name, nationality, ID type/number, percent ownership and date of acquisition for all shareholders and owners.
  • Identity of any other persons having a direct or indirect interest in the entity’s equity, revenues or profits.
  • Identity of any other person able to exercise control over the entity through any arrangement or relationship.
  • Information on any direct or indirect ownership interest by any government, government employee or official; or political party, party official or candidate, and employee of any state-owned enterprise.
  1. Management information
  • Name, address, nationality, ID type/number and title for each member of the entity’s governing board.
  • Name, address, nationality, ID type/number and title for each officer of the entity.
  • Information on any other business affiliations of principals, owners, partners, directors, officers or key employees who will manage the business relationship.
  • Information on whether any principals, owners, partners, directors, officers or employees, currently or in the past, have been officials or candidates of a political party or been elected to any political office.
  1. Government relationships
  • Information on whether any principals, owners, partners, directors, officers or employees hold any official office or have any duties for any government agency or public international organization.
  • Information on whether any owners, directors, officers or key employees have an immediate family member who is an employee, contractor or official of the foreign government, or a public international organization.
  • Information on whether any employee of, or contractor or consultant to, any government entity or public international organization will benefit from the joint venture.
  • Approximate percentage of entity’s overall annual sales revenue derived from government sales.
  1. Business conduct
  • Information on whether the entity has ever been barred or suspended from doing business with a government entity. Information on whether any principals, owners, partners, directors, officers or employees are identified on any government designated nationals, blocked persons, sanction, embargo or denied persons lists.
  • Information on whether the entity, its principals, owners, partners, directors, officers or employees have ever been charged with, convicted of, or alleged to have been engaged in fraud, bribery, misrepresentation and/or any other criminal act.
  • Information on whether the entity, its principals, owners, partners, directors, officers or employees have been investigated for violating the FCPA or any other anti-corruption law.
  • Information on whether the entity has a compliance program which includes the prevention of bribery and information on the training of employees.
  1. References
  • Three or more unrelated business references, including a bank and existing client.
  1. Certification/authorization/declaration
  • Certification of accuracy.
  • Authorization to conduct due diligence, authorization for third parties to release data and consent to collection of data.
  • Anti-corruption compliance declaration.

In addition to asking for all this information, you must take care to document the entire process that your company goes through in the investigation and creating a foreign joint venture. (Dcoucment Document Document) It is equally important to remember that obtaining this information is only one step. A company must evaluate the information and follow up if responses to such inquiries warrant such action. A paper program is simply not good enough and can lead to serious consequences if Red Flags are not reviewed and cleared. This evaluation should also be documented so that if a regulator ever comes knocking you can demonstrate what you asked for, why, the response, your follow up and the details of your evaluation.

Finally, never forget the human factor. It is important to perform an in-person interview of your proposed joint venture partner. It is important that you meet them, see their facilities and assess them up close and personal. A US business looking to engage a joint venture partner must consider the people who make up its joint venture partner. As Mike Volkov has noted, “These people, in turn, act together or can be influences together, as part of the joint venture’s culture. This is what I mean by the human factor. A global company cannot ignore the human factor of its joint venture partner. It has to assess the culture, and more importantly, the key personnel who are part of the joint venture partner – the leaders, the go-to-people who get the job done, and the overall environment in which they operate.” As you will have to mesh what may be two very different cultures and understandings of compliance, it is important to assess how your potential joint venture partner will take these obligations before, rather than after you ink the JV agreement.

Three Key Takeaways

  1. Joint Venture due diligence must focus on the unique risks.
  2. Ask for a detailed list of information from your potential JV partner.
  3. Be sure to do onsite investigation of your potential joint venture partner.

 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 16, 2017

In this episode, Jay and I are joined by Louis Sapirman, CCO at Dun & Bradstreet for a look the the 2017 SCCE Compliance and Ethics Institute. We discuss the pro-conference events, what we hope to achieve at this year's event and why it is important to give back to the compliance community. We end with a discussion on why the Harvey Weinstein affair may well change the face of compliance going forward. 

Oct 16, 2017

Just as the FCPA enforcement field is covered with actions centering around mergers and acquisitions, there are multiple actions involving joint ventures (JVs). JVs continue to plague many US companies up to this day. In many ways, JVs present more difficult issues for the compliance practitioner than mergers and acquisitions because of the control issues present in JVs with foreign governments or state owned enterprises ownership. 

In an article in the Virginia Law & Business Review, entitled “Traversing the Minefield: Joint Ventures and the Foreign Corrupt Practices Act Daniel Grimm explained that JVs can provide a variety of benefits to a company desiring to enter an international market. Some of the benefits can include; satisfying a local content or partner requirement, a method of international expansion under “which outside investors benefit from the knowledge of local firms while retaining “some operational and strategic control” over the enterprise”; all with a lower overall cost for both resources and integration than required through a traditional corporate merger. Yet these same benefits can also bring greater FCPA risks. 

Mike Volkov in an article entitled, “Digging Down on Joint Ventures and FCPA Compliance” noted that when you create a JV, there are a number of difficult issues to analyze. Initially, is the requirement of adequate due diligence. This is more difficult than in a traditional merger. Next is the set of governance issues surrounding control of the JV. If your JV partner is a state-owned enterprise, the issues become even more complex.  The interactions between the company and the state-owned enterprise within the joint venture itself should be regulated so that they are not perceived as intended to improperly influence the state owned enterprise, “either directly or in other areas of interaction.” Even if JV involves a private, as opposed to state-owned partner, the compliance issue then becomes the controlling the actions of the JV sales people, JV staff responsible for regulatory interactions, and JV-retained third party agents and distributors. 

A new JV creates a new set of risks for the company subject to the FCPA. In the JV context, the company has, by definition, less control.  As a result, these issues need to be addressed in the formation of the JV. The issue becomes even more difficult when the company entering the JV has less than 50 percent control.  Grimm noted that “An issuer with a minority stake in another entity is required to “proceed in good faith to use its influence, to the extent reasonable under the issuer’s circumstances,” to cause the entity to comply with the books and records and internal controls provisions of the FCPA. Relevant circumstances include “the relative degree of the issuer’s ownership” and “the laws and practices governing the business operations of the country” in which the entity is located.”

As early as 2002, in the SEC FCPA enforcement action involving BellSouth, which owned only 49% of a JV in in Telefonia Celular de Nicaragua, S.A. (“Telefonia”), a Nicaraguan corporation that relinquished operational control to an indirect, wholly-owned BellSouth subsidiary. Relying on the FCPA’s good faith influence requirement for an issuer holding a minority stake in another entity, the SEC alleged that BellSouth “held less than 50 percent of the voting power of Telefonia, but through its operational control, had the ability to cause Telefonia to comply with the FCPA’s books and records and internal controls provisions.” 

There are multiple types of FCPA liability to a parent for the actions of a JV in which it is a partner. These can include directly liability such as with Halliburton and its former subsidiary KBR in the TSJK JV involved in bribery and corruption in Nigeria. Halliburton paid a total FCPA penalty of $579MM to the US and $25MM to the Nigerian government of the actions of its subsidiary, KBR. 

In addition to the traditional direct liability, JVs can be a source of vicarious liability. Grimm noted that “A business entity may, depending on the circumstances, be held vicariously liable for FCPA violations committed by a joint venture, a joint venture partner, or an agent acting on behalf of a joint venture. Vicarious liability traditionally applies in situations where a business entity authorized, directed, or controlled acts that violate the FCPA’s anti-bribery provisions.” It could also violate the accounting provisions around keeping accurate books and records and effective internal controls. This was the situation involving 2016 enforcement action involving Anheuser-Busch InBev, in India, where the company paid $6 million to settle charges that it violated the FCPA and impeded a whistleblower who reported the misconduct. 

Mike Volkov identified other risks that a company must seek to avoid. These include the transfer of things of value to a state-owned enterprise for benefits of someone outside the joint venture. A company must avoid payments for which there is no legitimate business purpose to the state-owned enterprise in the joint venture itself; as they will be deemed to be illegal benefits to the state-owned enterprise outside the joint venture. In this case, the joint venture becomes a vehicle by which to disguise bribery payments for benefits to those outside the joint venture. 

Any company which operates a JV with foreign governments or state-owned enterprises holds the same FCPA risk as the JV partner itself; the risks become apparent relating to the operation of the joint venture itself. This means that if the joint venture interacts with foreign government officials or employee of a state-owned enterprise and leverages its state-owned enterprise relationships for an improper benefit either contracts and/or regulatory licenses, permits or customs approvals; it could well be subject to FCPA scrutiny. Unfortunately, it is often difficult to regulate a JVs interactions with foreign government officials, particularly when your partner is a state-owned enterprise, or where your company is relying on the local company for its local contacts and expertise for business development and/or regulatory knowledge and experience in the country where the JV operates. 

The bottom line is JVs present a unique set of FCPA risks for the compliance practitioner. You will need to incorporate risk manage techniques in all phases of the JV relations; pre-formation, the JV agreement and in operations after the JV has begun operation. The compliance obligations and compliance process are ongoing. 

Three Key Takeaways

  1. Joint Ventures present unique FCPA risks.
  2. Control is only one issue a compliance practitioner must consider in evaluating joint venture risks.
  3. Companies continue to have significant FCPA risks from joint ventures. 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

Oct 16, 2017

In this episode, I visit with Doreen Edelman, a partner at Baker Donaldson on the top FCPA enforcement action of 2017, the Telia Company matter. We discuss the background facts of the case; we explore the amount of the fines and penalties, were they too high or were they too low; we consider the involvement of senior management right up to the CEO and the Board’s role; we explore the multiple lessons for the compliance professional, the CCO, senior management and the Board of Directors. We conclude with what the enforcement action means going forward and the increase in international enforcement, cooperation and investigation in anti-corruption. 

Doreen Edelman can be reached at dedelman@bakerdonelson.com.

 Doreen blogs at Export Control Matters.

Oct 13, 2017

One of my favorite words in the context of Foreign Corrupt Practices Act (FCPA) enforcement is dis-link. It a useful adjective in explaining how certain conduct by a company must be separated from the winning of business and more broadly it works on many different levels when discussing the FCPA. This concept of dis-linking was most prominently laid out in Opinion Release 14-02 (14-02). It provided one of the most concrete statements from the DOJ on the unidimensional nature of compliance in the mergers and acquisition context; both in the pre-acquisition and post-acquisition phases.

In this Opinion Release the Requestor was a multinational company headquartered in the United States. The Requestor desired to acquire a foreign consumer products company and its wholly owned subsidiary (collectively, the “Target”), both of which were incorporated and operated in an un-named foreign country. It never issued securities in the United States and had negligible business contacts in the US, including no direct sale or distribution of their products. During its pre-acquisition, due diligence of the Target, Requestor identified several likely improper payments by the Target to government officials of Foreign Country, as well as substantial weaknesses in accounting and recordkeeping. Considering the bribery and other concerns identified in the due diligence process, Requestor also detailed a plan for remedial pre-acquisition measures and post-acquisition integration steps. Requestor sought from the DOJ an Opinion as to whether the Department would then bring an FCPA enforcement action against Requestor for the Target’s pre-acquisition conduct. It was specifically noted that the Requestor did not seek an Opinion from the Department as to Requestor’s criminal liability for any post-acquisition conduct by the Target. 

Pre-Acquisition Due Diligence

In preparing for the acquisition, Requestor undertook extensive due diligence aimed at identifying, among other things, potential legal and compliance concerns at the Target. Requestor retained an experienced forensic accounting firm (“the Accounting Firm”) to carry out the due diligence review. This review brought to light evidence of apparent improper payments, as well as substantial accounting weaknesses and poor recordkeeping. The Accounting Firm reviewed approximately 1,300 transactions with a total value of approximately $12.9 million with over $100,000 in transactions that raised compliance issues. The clear majority of these transactions involved payments to government officials related to obtaining permits and licenses. Other transactions involved gifts and cash donations to government officials, charitable contributions and sponsorships, and payments to members of the state-controlled media to minimize negative publicity. None of the payments, gifts, donations, contributions, or sponsorships occurred in the US, none were made by or through a US entity and none went through a US bank.

The due diligence showed that the Target had significant recordkeeping deficiencies. Further, the records which did exist did not support the clear majority of the cash payments and gifts to government officials and the charitable contributions. There were expenses that were improperly and inaccurately classified. The accounting records were so disorganized that the Accounting Firm was unable to physically locate or identify many of the underlying records for the transactions. Finally, the Target had not developed or implemented a written code of conduct or other compliance policies and procedures, nor did the Target’s employees show an adequate understanding or awareness of anti-bribery laws and regulations.

Post-Acquisition Remediation

The Requestor presented several pre-closing steps to begin to remediate the Target’s weaknesses prior to the planned closing in 2015. Requestor aimed to complete the full integration of the Target into Requestor’s compliance and reporting structure within one year of the closing. Requestor presented an integration schedule of the Target into the acquirer which included various risk mitigation steps, communications and training on compliance procedures and policies, standardization of business relationships with third parties, and formalization of the Target’s accounting and recordkeeping in accordance with Requestor’s policies and applicable law.

DOJ Analysis

The DOJ noted black-letter letter when it stated, ““It is a basic principle of corporate law that a company assumes certain liabilities when merging with or acquiring another company. In a situation such as this, where a purchaser acquires the stock of a seller and integrates the target into its operations, successor liability may be conferred upon the purchaser for the acquired entity’s pre-existing criminal and civil liabilities, including, for example, for FCPA violations of the target. However, this is tempered by the following from the 2012 FCPA Guidance, “Successor liability does not, however, create liability where none existed before. For example, if an issuer were to acquire a foreign company that was not previously subject to the FCPA’s jurisdiction, the mere acquisition of that foreign company would not retroactively create FCPA liability for the acquiring issuer.””

As none of the payments were made in the US, none went through the US banking system and none involved a US person or entity that this would not lead to a creation of liability for the acquiring company. Moreover, there would be no continuing or ongoing illegal conduct going forward because “no contracts or other assets were determined to have been acquired through bribery that would remain in operation and from which Requestor would derive financial benefit following the acquisition.” Therefore, there would be no jurisdiction under the FCPA to prosecute any person or entity involved after the acquisition.

The DOJ also provided this additional information, “the Department encourages companies engaging in mergers and acquisitions to (1) conduct thorough risk-based FCPA and anti-corruption due diligence; (2) implement the acquiring company’s code of conduct and anti-corruption policies as quickly as practicable; (3) conduct FCPA and other relevant training for the acquired entity’s directors and employees, as well as third-party agents and partners; (4) conduct an FCPA-specific audit of the acquired entity as quickly as practicable; and (5) disclose to the Department any corrupt payments discovered during the due diligence process. See FCPA Guide at 29. Adherence to these elements by Requestor may, among several other factors, determine whether and how the Department would seek to impose post-acquisition successor liability in case of a putative violation.”

Discussion

The DOJ communicated several important messages through 14-02. First it demolished the myths of springing liability to an acquiring company in the FCPA context and buying a FCPA violation, simply through an acquisition; there must be continuing illegal conduct for FCPA liability to arise. Most clearly beginning with the 2012 FCPA Guidance, the DOJ and SEC have communicated what companies need to do in any M&A environment. While many compliance practitioners had only focused on the post-acquisition integration and remediation; the clear import of 14-02 is to re-emphasize the importance of the pre-acquisition phase.

Due diligence must begin in the pre-acquisition phase. The steps taken by the Requestor in this Opinion Release demonstrate some of the techniques you can use in the pre-acquisition phase include (1) having your internal or external legal, accounting, and compliance departments review a target’s sales and financial data, its customer contracts, and its third-party and distributor agreements; (2) performing a risk-based analysis of a target’s customer base; (3) performing an audit of selected transactions engaged in by the target; and (4) engaging in discussions with the target’s general counsel, vice president of sales, and head of internal audit regarding all corruption risks, compliance efforts, and any other major corruption-related issues that have surfaced at the target over the past ten years.

Whether you can make these inquiries or not, you will also need to engage in post-acquisition integration and remediation. 14-02, taken together with the steps laid out in the 2012 Guidance, has provided the post-acquisition actions a compliance professions needs to take after the transaction is closed. If you cannot perform any or even an adequate pre-acquisition due diligence, the time frames you put in place after the acquisition closes will need to be compressed to make sure that you are not continuing any nefarious FCPA conduct going forward.

But it all goes back to dis-linking. If a target is engaging in conduct that violates the FCPA but the target itself is not subject to the jurisdiction of the FCPA, you simply cannot afford to allow that conduct to continue. If you do allow such conduct to continue your company will be actively engaging and participating in an ongoing FCPA violation. That is the final takeaway from this Opinion Release; it is allowing corruption and bribery to continue which brings companies into FCPA grief. Opinion Release 14-02 provided you a roadmap of the steps you can take to prevent such exposure.

Three Key Takeaways

  1. In the M&A context, the key is to dis-link any illegal conduct going forward.
  2. Opinion Release 14-02 provides the clearest roadmap for pre-and post-acquisition compliance actions in the M&A context.
  3. Never forget the Opinion Release procedure. It has been used successfully in two important M&A matters (08-02 and 14-02).

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.

1 2 Next »