As get ready for a holiday week, Jay Rosen and myself are back in the saddle again to take a look at some of the top compliance stories from the past week.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive back into the impact of the Trump Administration’s attack on friend and foe alike with tariffs, trade wars, embargoes and sanctions. This is also our first live podcast from Matt’s stomping grounds in Cambridge, MA.
What does all this mean for the compliance practitioner? Obviously, your job just became a lot harder. The scrutiny both public and private will be much greater. You will need much greater visibility into what business your organization is into going forward.
For more reading: see Matt’s piece on “Corporate Ethics & Politics: It’s Gonna Get Worse” and “Trade War! Trade War! Man the Barricades!”,both on Radical Compliance. See Tom’s piece, “Condos, Corruption and Compliance” in Compliance Week.
How does a company transfer data from the European Union (EU) to the US under the General Data Protection Regulation (GDPR) which went live on May 25, 2018? I recently had the opportunity to visit Jonathan Armstrong, partner at Cordery Compliance in London and an internationally renowned data privacy/data protection expert on this topic. Armstrong noted there have been some changes which may significantly impact this issue going forward. There are basically four ways to affect such a transfer.
However, there is a method that many people may not realize is a data transfer as it involves reviewing data which sits on a server in the EU. This means that even if the data does not move out of the EU but you can access it from the US that counts as a data transfer as well. A fairly typical corporate example might be where your organization has a system for your employees that does that payroll and that payroll information is on a server in Belgium. Your Human Resources (HR) Department from the US can get into that server and extract data from it. This is a data transfer under GDPR.
Not that the Trump Administration is any friend of the EU (or data privacy for that matter) but if the European Commission is minded to retaliate, one easy way to do so would be to withdraw the Privacy Shield scheme. From the European legal perspective, Privacy Shield currently faces two faces challenges before the ECJ. These are likely to be heard in 12 to 18 months. Finally, the European Parliament and the several European data protection regulators are not fans of Privacy Shield and this has hampered progress since it was brought into force. Armstrong concluded by stating, “my gut feel would, would be the privacy shield will die. It is a question of when and not on privacy shield. Certainly, in a worse position now than it was on May 25th.”
Armstrong emphasized this is not a rubber stamp process but one which takes time and concerted effort. He estimated that it is an 18 month or so process. However, under GDPR there was the creation of a European Data Protection Board (EDPB) and one of its function is to help the process of getting Binding Corporate Rules approved more quickly.
Armstrong concluded by cautioning there is still much fluidity in the mechanisms for data transfer. There still may be many changes from both the regulatory perspective and the legal perspectives through court challenges. He concluded by stating “vigilance is the watch word here.”
In this episode, I visit with John Warren, Vice President and General Counsel at Association of Certified Fraud Examiners and Andi McNeal, Director of Research at ACFE. In this podcast we discuss:
The ACFE report to the Nations is an excellent reference tool for all compliance practitioner to show where fraudsters explode weak points. It also has important data around corruption and from this information you can make your compliance program more robust around these areas which can be exploited.
To download a copy of the Report to the Nations, click here.
Before we head to Boston for an event at AMI on Monday, Jay Rosen and myself are back in the saddle again to take a look at some of the top compliance stories from the past week.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Before we head to Boston for bagels, coffee and compliance at the offices of AMI, Jay Rosen and I review the week's top ethics and compliance stories on This Week in FCPA.
You will note the new title for this episode, Life With GDPR. When Jonathan Armstrong and I began this series in early 2018, we had intended to give listeners a grounding in the new law in the lead up to its go-live date of May 25. However, the response was so overwhelming and Jonathan and I had so much fun putting on the podcasts that we decided to make Countdown to GDPRa permanent part of the Compliance Podcast Network, albeit with a more appropriate name. So welcome to the re-monikered Life With GDPR, which I hope you will enjoy as much as you enjoyed its predecessor. Today Jonathan and I take up the issue of non-monetary penalties.
While most practitioners focused on the heavy fines and penalties available under the General Data Protection Regulation (GDPR) of up to 4% of total global revenues or other very large fines, there are other remedies that each EU and UK data regulator can levy or put into place that may require considerable corporate cost and effort. Moreover, these lessor penalties and sanctions can be the precursor to larger monetary fines and penalties. Armstrong emphasized that each EU country has its own regulator and they will have varying degrees of aggressiveness.
Armstrong pointed to three areas the regulators can order companies to engage in activities. First, it can order a GDPR audit to determine if it has previously assessed its data protection/data privacy issues correctly. Here he pointed to an example of a healthcare organization that was ordered to perform a Data Protection Impact Assessment (DPIA) and report back to the regulators within one month.
Next, Armstrong pointed to the joint areas of date controllers and data processors. Regulators can require a company Data Protection Officer (DPO) to comply with data requests, even Subject Access Requests (SARs). He referenced to a recent example from the UK involving Cambridge Analytica, which was ordered to comply with a US academic’s SAR. Further, a regulator can order a company to bring its data protection program in line with GDPR. Additionally, regulators can maintain investigations in the form of data protection audits and have the right to obtain access to any premises of the controller and the processor, including any data processing equipment by obtaining a warrant. This may prove to be a significant tool in the data protection regulators’ toolkit.
Regulators can also order companies to stop certain activities. Here Armstrong provided the example of a US based company with operations in Europe who is not GDPR compliant around its internal reporting structures. An EU regulator could order the company to suspend its hotline in Europe until there is compliance. Under such a scenario, the US Company would be out of compliance with US securities law and it may be at risk under best practices compliance programs under the Foreign Corrupt Practices Act (FCPA), Anti-Money Laundering (AML) regulations, export control regulations or even US anti-trust law.
Armstrong emphasized that it is not simply the regulators who have powers under GDPR, individuals do as well. SARs of course are well-known but there are other individual rights Armstrong emphasized. If an individual files some type of GDPR complaint with a statutory regulator, who does not take up the complaint within 30, days that individual can appeal against both the regulator to get the complaint moving forward. This means that individuals can file SAR actions against companies that do not respond in a timely manner to SARs. Moreover, such individuals can then band together in a class action lawsuit over such failures. There is also a mechanism for equitable reallocation of damages between parties. If a data processor has to pay damages properly attributable to a data controller, GDPR Article 82 provides a procedure for claiming these damages back. Finally, recall that any person who has suffered “material or non-material damage” due to an infringement of the new rules has a right to compensation from the data controller or processor concerned for the damage suffered and you begin to realize the powers that individuals hold under GDPR.
Interestingly, Armstrong believes that the number of regulatory and individual remedies will mandate that if companies have an incident, they should investigate and remediate quickly. From there, the entity should prepare their investigative results, remedies and internal sanctions they may have put in place on those employees involved. These steps will all go towards mitigating any proposed financial penalty the regulators may be considering. Basically, businesses need to have their ducks in a row, as it can lead to not only reduced costs for corporations, but also could well lead to greater compliance if tied to a root cause analysis.
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive back into the issue of the ZTE monitorship announced recently as a part of the settlement with the Department of Commerce on the death penalty sanctions levied on the company in April.
That sanction was an export denial which barred American companies from selling components to ZTE and its subsidiary. American companies, such as the San Diego-based chipmaker Qualcomm supplied critical parts for ZTE’s its networking gear and smartphones. This sanction came on the heels of a $891 million fine and penalty the company agreed to in March 2017 for its first round of export control violations. The second sanction was for failing to live up to the terms of the DPA the company agreed to in 2017.
In the 2017, the company agreed to a monitor, who was appointed by the District Court which accepted the company’s guilty plea. Under the May 2018 supplemental sanction, ZTE agreed to pay an additional $1 billion in penalties, put $400 million in escrow, and accept a U.S.-appointed compliance department. According to the Department of Commerce Press Release, the new agreement requires ZTE "to retain a team of special compliance coordinators selected by and answerable to" the Commerce Department for ten years. This new compliance function will essentially serve as the Department of Commerce’s monitor at ZTE as the Press Release noted, "Their function will be to monitor on a real-time basis ZTE’s compliance with U.S. export control laws.”
Matt and I take a deep dive into the DOC resolution, the monitorship and how it might work and the use of a sanctions regime by the administration as a tool to brow beat other countries. We discuss in detail on this bizarro arrangement of U.S. regulators appointing an in-house compliance executive to act as a monitor to the Chinese telecom firm. The concept is intriguing, and the job could be the professional challenge of a lifetime — except for all those pesky details, including the ones this settlement still leaves unaddressed.
For more reading: see Matt’s piece on “FAQs on ZTE’s Compliance Settlement” and “Trade War! Trade War! Man the Barricades!”,both on Radical Compliance. See Tom’s piece, “The ZTE Department of Commerce Monitor: unchartered waters” in Compliance Week.
In this episode, I visit with Kristy Grant-Hart, founder of Spark Compliance Consulting and author of now three books in the compliance arena. We discuss her most recent book “How to Have a Wildly Successful Career in Compliance", which will be released on Amazon.com on June 19. For those of you who have seen Kristy speak you know she is high energy and very passionate about compliance and the compliance profession. She channels that energy and passion into her latest book. In this podcast we discuss:
Kristy is the author of two prior books on compliance, How to Be a Wildly Effective Compliance Officerand Wildly Strategic Compliance Officer Workbook. Both are must reads for compliance professionals. Her latest entry gives solid tips and point-by-point steps on how to have a successful career in the compliance field. But it is more than simply Kristy’s thoughts as she interviewed compliance professionals from literally across the globe on how they have become wildly successful.
Yet there is one thing about the book that I think makes it most useful for every compliance practitioner out there. It is that the book works on multiple levels and for multiple stakeholders. Obviously, it is targeted and works for the compliance practitioner but it also works for a CCO who is thinking about working with senior management and a Board of Directors. Further it works on a compliance program level, with many of Kristy’s tips translating into compliance program best practices.
Finally Kristy tackles head on the issue of women succeeding in the compliance profession. She writes this chapter with clear-eyed focus; not ranting or raving but giving women the tools, they need to succeed in the compliance profession and in the greater corporate world. I found this chapter so powerful I bought a copy for my 21-year-old daughter to help prepare her for your professional career after she graduates from college.
To purchase a copy of How to Have a Wildly Successful Career in Complianceon Amazon.com, click here.
For more information on Kristy’s books, check out her site, Compliance Kristy by clicking here.
Finally for more information on Kristy’s consulting company, Spark Compliance Consulting, click here.
With both VW and ZTE having very bad weeks, Jay Rosen and myself are back in the saddle again to take a look at some of the top compliance stories from the past week.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Everything Compliance is the only roundtable podcast in compliance, with four of the top compliance practitioners around. This week the gang returns to its four focused topics on its Four of a Kind edition. After the commentary we follow with rants.
The members of the Everything Compliance panel are:
The host and producer of Everything Compliance is Tom Fox theCompliance Evangelist. His most recent book, The Complete Compliance Handbook is available on amazon.com.
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive back into the issue of the decline in Initial Public Offerings (IPOs). We consider legislation in the House of Representatives to gut the compliance requirements of Dodd-Frank and SOX, all in the name of increasing the number of IPOs.
We review the testimony of Columbia Law School Professor John Coffee before a Congressional committee about these latest initiatives. His testimony is reported by Kevin LaCroix in his most excellent blog, the D&O Diary. Professor Coffee’s testimony reflects his skepticism that further deregulation alone will result in increased numbers of IPOs. He relates several reasons for the worldwide drop in IPOs, which have nothing to do with Dodd-Frank, SOX or any other US law as they are structural and baked into the global financial system. He also notes that small companies which do go IPO usually have much worse financial performance than companies which seek funding through private equity.
Professor Coffee’s testimony clearly demolishes the myth that Dodd-Frank was a job killer bill or that SOX’s Sec. 404 and 302 requirements have lessened the number of IPOs. There are a wide variety of factors, none of which has been addressed in the House legislative initiatives.
In this episode, I visit with Rick Pearl, the Global Corporate Responsibility Officer and Vice President of Corporate Citizenship at State Street Corp. We discuss the 2017 State Street Corporation, Corporate Responsibility Report. Some of the highlights include:
Here are the links to State Street’s Corporate Responsibility Report and overview.
Report-
http://www.statestreet.com/values/corporate-responsibility.html
Overview-
http://www.statestreet.com/content/dam/statestreet/documents/values/CR_Overview_Final.pdf
With a wild ride of FCPA cases over the past week, Jay Rosen and myself are back in the FCPA saddle again to take a look at some of the top compliance stories from the past week.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
In this episode, Matt Kelly and I take a deep dive into the issue of two factor authentication of cloud-based solutions and the intersection with compliance. While it may not appear as obvious, when you consider such preventative controls as authentication at log-in as a risk management strategy, the compliance angle becomes more clear. Two factor authentication is a current response to the risk of data breach through hacking. It requires a policy, training on that policy, coupled with communications and the ongoing monitoring of strategy.
When you couple all the above you can see the role compliance will play going forward. As with any best practices compliance program, it all starts with a risk management strategy. Begin with forecasting on whether you will use any cloud-based apps (you do), then move to a risk assessment follow up with risk-based monitoring. It all starts with the nuts and bolts of compliance and continues throughout the process.
Matt Kelly’s piece Let’s All Freak Over Cloud Apps, Security
In this episode I visit with John Torres, the COO of Guidepost Solutions. We discuss the recent SEC enforcement action involving Yahoo and its failure to disclose data breaches in 2014, 2015 and 2016. As this was the first SEC enforcement action involving a public company for the failure to disclose to investors and shareholders information of a data breach which materially impacts an organization, Torres and I take a deep dive into the matter.
In this episode, we consider some of the following issues:
For a full copy of the SEC Order involving the Yahoo matter, click here.
I conclude my five-part series on Suspension and Debarment, with Rodney A. Grandon, Managing Director at Affiliated Monitors, Inc., (AMI) the sponsor of this series. During his 27-year career with the US military and government, Grandon served as the Air Force’s Suspending and Debarring Official as well as a wide variety of other functions which gives him subject matter expertise into issues surrounding this topic. Over this series, we have explored several topics, including:
Part 1-Introduction to Suspension and Debarment;
Part 2-What is the difference between Suspension and Debarment?
Part 3-What is the convergence between Suspension & Debarment and the FCPA?
Part 4-What is a present responsibility determination? and
Part 5-Remedies and Compliance.
Today, we conclude the series with a discussion of remedies and compliance in suspension and debarment.
Grandon began by observing that the defense community largely led the process of putting together an effective ethics and compliance programs. “There were defense industry initiatives where the contractors get together and talk about what it takes to promote ethics and compliance and the defense industry been doing this for years.” This led Grandon to find, that non-governmental commercial industries were not as far along as defense industries.
However, Grandon believes there has “been a tremendous growth and understanding that ethics and compliance is critical for any company, whether it’s in the defense sector, the commercial sector, as companies have become more willing to do what is necessary to build these compliance programs, to try to instill within their workforce, appropriate standards of conduct, articulate clear expectations for employee behaviors and then understanding that there are consequences that flow from this. They worked hard to create cultures that allow communications to go up from the bottom of the workforce and down from the top of the workforce.”
In his experience, it all starts with the appropriate “tone at the top”. This is because “Integrity is critical for the company. Not simply to avoid problems, but it’s important to be honest with your customers and your stakeholders. All of this is absolutely critical.” While it is Grandon’s sense that initially “the defense community led this; the commercial community has as swiftly moved to catch up with this.”
We then turned to remedies where Grandon noted, “federal agencies, particularly within the Department of Defense, look to coordinate fraud remedies.” He said where there is an “indication of misconduct within the government contract or with involving a government contractor fairly broadly defined, there’s a focus on identifying and coordinating remedies, whether they be criminal, civil, administrative, to include suspension department or contractual in almost every one of these cases is at some point going to be an analysis.”
The key analysis is “going to come down to the integrity of that contractor. What does it have in place to achieve compliance within its business operations?” There is going to be a focus on the question of whether the contractor can be “trusted to get it right?” In the final analysis, the question will be “is there evidence to support the cause for the action?”
Grandon then walked through the next steps which would turn on the present responsibility determination. He said, “the inquiry goes to whether or not the contractor is presently responsible. This will make the focus on ethics and compliance and those companies that embrace their principles are going to have an advantage and be much better position.” Grandon emphasized that it is critical that companies take these challenges “so that they have ethics and compliance programs, that they test and make sure that those programs and those efforts are achieving the type of results that are expected in terms of employee behavior, in terms of good communication throughout the organization.”
In the realm of suspension and debarment, government agencies are increasingly requiring independent corporate monitors as part of their settlement agreements with organizations facing suspension, debarment or criminal prosecution. Grandon believes that an imposed monitorship can actually be an opportunity for a company. He said, “Usually these agreements are in place for roughly three years, but they give the contractor an opportunity to more holistically look at its operations and assess what it needs to do to truly build a strong ethics and compliance program. In most cases, the government will require the contractor which has entered into the administrative agreements, to hire an outside independent monitor to assess whether or not it is achieving those objectives. This creates this opportunity for companies to demonstrate the ability to be responsible, to continue to participate in the federal marketplace, while that trust relationship involving the contractors, integrity is continuing to be established.” This process also allows contractors to “gain themselves a tremendous advantage in any of these sanctions reviews, civil, criminal or suspension and debarment, by having in place a strong commitment to ethics and compliance, solid training programs they are willing to test programs and stay on top of their risk profile.”
Grandon related that while he was a Suspending and Debarring Officer, he often required monitors as a part of an agreement. He said, “The Monitor is not there to be an advocate. The Monitor there is to be an independent and objective set of eyes and ears for the regulator, for the government. There has to be an arm’s length relationship between that monitor and the contractor. That’s not to say it’s antagonistic and it never should be a gotcha proposition. You know, where the monitor is, is trying to, I know through trickery or otherwise, put the contractor into an awkward situation.”
Grandon concluded by noting, “independence, objectivity of good business sense, the Monitor must understand how businesses operate, what are the challenges associated with a very diverse workforce. A monitor has to be able to take in all of these different considerations and at the end of the day be reasonable.”
I hope you have enjoyed this five-part series on suspension and debarment.
I continue a five-part series on Suspension and Debarment, with Rodney A. Grandon, Managing Director at Affiliated Monitors, Inc., the sponsor of this series. During a 27-year career with the US military and government, Grandon served as the Air Force’s Suspending and Debarring Official as well as a wide variety of other functions which gives him subject matter expertise into issues surrounding this topic. During this series we are exploring several topics, including:
Part 1-Introduction to Suspension and Debarment;
Part 2-What is the difference between Suspension and Debarment?
Part 3-What is the convergence between Suspension & Debarment and the FCPA?
Part 4-What is a present responsibility determination?
Part 5-Remedies and Compliance in Suspension and Debarment.
Today, we discuss present responsibility and its determination.
Grandon began by stating that present responsibility has become sort of a “buzzword. It’s the underlying basis for action involving excluding a party from the federal marketplace through suspension or department.” Unfortunately, the phrase itself is not defined anywhere in the regulatory structure. This means its determination comes “down to the discretion of the federal officials who have been empowered to exercise the suspension and debarment authority.”
Yet even with this lack of a statutory or regulator definition, Grandon noted “there are some common factors and guidelines out there that can help the compliance community understand some of the elements of suspension and debarment, as they relate to this issue.” He went on to explain this meant “when an action is initiated, it is generally based on facts that trigger one of the causes that are set forth in the regulations, notwithstanding the fact that the evidence establishes the cause and which in most cases there’s generally no dispute that the cause has been proven by the appropriate burden of evidence.”
As with most processes there is a shifting burden of proof. First, “the evidentiary burden falls to the government. Once that burden is satisfied by the appropriate level of evidence, then the burden shifts to the contractor to establish it as personally responsible.” At this point a contractor, facing suspension or debarment, could look to Federal Acquisition Regulation (FAR) 9.406-1for guidance.
What does that mean? the FAR notes the following:
(a)It is the debarring official’s responsibility to determine whether debarment is in the Government’s interest. The debarring official may, in the public interest, debar a contractor for any of the causes in 9.406-2, using the procedures in 9.406-3. The existence of a cause for debarment, however, does not necessarily require that the contractor be debarred; the seriousness of the contractor’s acts or omissions and any remedial measures or mitigating factors should be considered in making any debarment decision. Before arriving at any debarment decision, the debarring official should consider factors such as the following:
(1)Whether the contractor had effective standards of conduct and internal control systems in place at the time of the activity which constitutes cause for debarment or had adopted such procedures prior to any Government investigation of the activity cited as a cause for debarment.
(2)Whether the contractor brought the activity cited as a cause for debarment to the attention of the appropriate Government agency in a timely manner.
(3)Whether the contractor has fully investigated the circumstances surrounding the cause for debarment and, if so, made the result of the investigation available to the debarring official.
(4)Whether the contractor cooperated fully with Government agencies during the investigation and any court or administrative action.
(5)Whether the contractor has paid or has agreed to pay all criminal, civil, and administrative liability for the improper activity, including any investigative or administrative costs incurred by the Government, and has made or agreed to make full restitution.
(6)Whether the contractor has taken appropriate disciplinary action against the individuals responsible for the activity which constitutes cause for debarment.
(7)Whether the contractor has implemented or agreed to implement remedial measures, including any identified by the Government.
(8)Whether the contractor has instituted or agreed to institute new or revised review and control procedures and ethics training programs.
(9)Whether the contractor has had adequate time to eliminate the circumstances within the contractor’s organization that led to the cause for debarment.
(10)Whether the contractor’s management recognizes and understands the seriousness of the misconduct giving rise to the cause for debarment and has implemented programs to prevent recurrence.
From Grandon’s perspective, it all “starts at the top with effective standards of conduct and internal controls at the time that misconduct occurred. Second, did the contractor disclose in this conduct to the government? Third has a contractor investigated the matters and made those results available to the government?, has the contractor cooperated with the government in terms of trying to work through the various challenges and the various remedies associated within this conduct?, and, finally, has the contractor taken appropriate corrective action taken?” Such corrective actions include “disciplinary action, and assessment of internal controls, policies and procedures that were designed to either prevent or identify a misconduct and what can be done to strengthen that process is the contract or willingly embracing the problem and pursuing an appropriate resolution.”
Tomorrow we conclude with the topics of remedies and compliance.
I continue a five-part series on Suspension and Debarment, with Rodney A. Grandon, Managing Director at Affiliated Monitors, Inc., (AMI) the sponsor of this series. During a 27-year career with the US military and government, Grandon served as the Air Force’s Suspending and Debarring Official as well as a wide variety of other functions which gives him subject matter expertise into issues surrounding this topic. During the series I will be exploring several topics with Grandon including:
Part 1-Introduction to Suspension and Debarment;
Part 2-What is the difference between Suspension and Debarment?
Part 3-What is the convergence between Suspension & Debarment and the FCPA?
Part 4-What is a present responsibility determination?
Part 5-Remedies and Compliance in Suspension and Debarment.
Today, we discuss some of the convergence between the Foreign Corrupt Practices Act (FCPA) and suspension and debarment. The bottom line is that conduct which violates the FCPA can become the basis for a suspension or debarment, even if the conduct is outside a contract with the Federal government.
Debarment may be based on actions so serious or compelling that it affects the present responsibility of the contractor or subcontractor. Grandon noted, “there is some fairly broad language as to what the basis for a suspension and debarment can be.” This means that in the context of anti-corruption laws, it can be the basis of a suspension or debarment, further meaning that under the FCPA, the conduct to incur a violation does not require actual bribery or corruption. It can be “bad record keeping associated with that and the context of engagements with foreign officials, the activity that would generally fall outside the realm of a public contract or subcontract. From the suspension and debarment perspective, it is critical to recognize here that the standard definition for contractor issues from the rule does not require that the entity actually has a contract in place.”
In the context of suspension and debarment, Grandon noted, “It’s just simply that they may have a contract or may compete at some point for a contract that they may become a contractor, so essentially any business activity that provides goods or services that the federal government may be interested in acquiring potentially could fall within the definition of contract. When one considers the FCPA, practically any business would fall within that definition of contractor. These sanctions are not limited to contractors that have existing contracts and they are not limited to misconduct that occurs in the context of a federal contract. In my experience, I have dealt with several matters involving violations of the FCPA activity that was clearly outside the scope of a federal contract or subcontract, but where the conduct was committed by a very large federal contractors.”
Another angle to the convergence of FCPA and suspension and debarment was raised by two authors, then South Texas College of Law student Nicholas J. Wagoner and Professor Drury D. Stevenson in a piece entitled “FCPA Sanctions: Too Big to Debar?”, where they posited the question: “Are certain private contractors too big to debar?” Their conclusion is “It appears so” and the authors stated, “The federal government is too dependent on a particular set of large, private-sector corporations for equipment and services. In addition to the virtual immunity from debarment enjoyed by these firms when they violate the FCPA, the fines imposed for engaging in foreign corrupt practices comprise a tiny fraction of the potential revenue generated by lucrative contracts with the U.S. and foreign states. When discounted by the low probability of detection, these sanctions are far too low to deter unlawful activity.” One solution raised by the authors for the issues regarding fines and penalties for companies which violate the FCPA, is debarment and suspension. They urge that debarment would be a significant deterrent for US government contractors and would “increase compliance with the FCPA.” The authors also suggest that the threat of debarment as a penalty would increase self-disclosure without any increased enforcement efforts if companies received the “meaningful reward” of a lesser penalty through self-disclosure.
Grandon reiterated that a wide variety of conduct can form the basis of a suspension or debarment. It can by “any fraud or criminal offense in the context of obtaining, attempting to attain, forming a public contract or subcontract that is within the scope of antitrust statutes, violations, whether federal or state embezzlement, theft forgery, ossification or destruction of records, false statements, tax evasion, violating basically any federal law.”
He concluded with the concept of “present responsibility, which is not defined anywhere on the regulatory structure. It is left to the discretion of the agency suspending or debarring and, in most cases, that official is going to look back at it.” The basic question asked will be “is there a reason to be concerned about the integrity of that contractor? And that gets us into a fairly deep dive of the ethics and compliance program.”
Tomorrow we take up the issue of present responsibility.
I continue a five-part series on Suspension and Debarment, with Rodney A. Grandon, Managing Director at Affiliated Monitors, Inc., (AMI) the sponsor of this series. During a 27-year career with the US military and government, Grandon served as the Air Force’s Suspending and Debarring Official as well as a wide variety of other functions which gives him subject matter expertise into issues surrounding this topic. During the series I will be exploring several topics with Grandon including:
Part 1-Introduction to Suspension and Debarment;
Part 2-What is the difference between Suspension and Debarment?
Part 3-What is the convergence between Suspension & Debarment and the FCPA?
Part 4-What is a present responsibility determination?
Part 5-Remedies and Compliance in Suspension and Debarment.
In this episode, we discuss some of the key differences between a suspension and a debarment.
Recalling that on the GSA website, it states, “The Suspension and Debarment process protects the federal government from fraud, waste and abuse by using a number of tools to avoid doing business with non-responsible contractors. Suspensions, Proposals for Debarment, and Debarments are the most widely known tools as these actions are visible to the public”; A suspension is used when there is an immediate need. It is a temporary measure; there is a twelve-month limit, which can be extended for another six months. A debarment is for a specific term but is generally not longer than three years.
Grandon noted a “suspension is to essentially take steps to protect the government’s interest from a contractor that is believed to be unsuitable as a business partner, until more of the facts can be assembled. Generally, the investigation is underway and there is a need to take protective steps before all the information has been fully gathered.” Grandon emphasized the temporary nature of a suspension while debarment is seen as more permanent, even with the limit of the term.
Procedurally, a suspension requires notes at the time that a party is entered into the exclusive parties list on the System of Acquisition Management (SAM). A notice letter is issued to the contractor advising that the government has initiated the suspension, the factual basis for the suspension and the rights and procedures available to the respondent as it relates to the suspension. The notice usually indicates the exclusion is effective immediately.
A suspension is effective throughout the Executive Branch of the Federal government and applies to procurement and non-procurement programs. A suspended party cannot present offers or be awarded new contracts or contract renewals. Further, offers will not be solicited from, contracts will not be awarded to and existing contracts will not be renewed or otherwise extended, further subcontracts requiring Government approval will not be approved for a suspended company by any agency in the Executive Branch of the Federal government, unless the head of the agency taking the contracting action or a designee states, in writing, the compelling reason for continued business dealings between you and the agency.
A suspension prevents a company from conducting business with the federal government as an agent or representative of other contractors or of participants in Federal assistance programs, nor can they act as an individual surety to other Government contractors. It also prevents any such companies from being subcontractors to approved or at least non-suspended contractors. Finally, all affiliations of a suspended entity with a company doing business will be examined.
A debarment begins with notice of a proposed debarment and again the party is put into SAM on the exclusion list. A notice is sent out at the same time advising the party that they have been excluded from federal contracting under the procurement role. Once again, a debarment is temporary, is usually three years in length and is based upon a preponderance of the evidence, usually a conviction.
Another commentator has noted that suspension and debarment “essentially eliminate a company’s access to future government revenue, the consequences can be devastating. A company is not only excluded from future government contracts and subcontracts, it is also rendered ineligible for, among other things, federal grants, loans, and subsidies. In addition, the collateral consequences that stem from S&D can be equally, if not more, destructive. A suspended or debarred company may be precluded from contracting with state and local governments, foreign governments, or international organizations (such as the World Bank). A company may also lose its government security clearances and licenses. The reputational damage caused by the suspension or debarment may harm a company’s commercial interests as well.” Indeed, Grandon noted, “It can be very devastating in many cases and it has been referred to as a potential death sentence for companies that are dependent on federal dollars for their revenues.”
Some of the reasons for a suspension or debarment can include commission of fraud, embezzlement, theft, forgery, bribery, falsification or destruction of records, making false statements, tax evasion, violating Federal criminal laws, receiving stolen property or an unfair trade practice. A basis can also be if a company fails to perform the contract and, most interestingly, if a contractor knowingly fails “to disclose violation of criminal law”. The bottom line is suspension and debarment can strike fear into the heart of any federal government contractor.
Tomorrow we take up the convergent between the Foreign Corrupt Practices Act (FCPA) and suspension and debarment.
Today, I begin a five-part series on Suspension and Debarment, with Rodney A. Grandon, Managing Director at Affiliated Monitors, Inc., (AMI) the sponsor of this series. During a 27-year career with the US military and government, Grandon served as the Air Force’s Suspending and Debarring Official as well as a wide variety of other functions which gives him subject matter expertise into issues surrounding this topic. Over the next five podcasts I will be exploring several topics with Grandon including:
Part 1-Introduction to Suspension and Debarment;
Part 2-What is the difference between Suspension and Debarment?
Part 3-What is the convergence between Suspension & Debarment and the FCPA?
Part 4-What is a present responsibility determination?
Part 5-Remedies and Compliance in Suspension and Debarment.
The series begins with introduction to suspension and debarment.
On the GSA website, it states, “The suspension and debarment process protects the federal government from fraud, waste and abuse by using a number of tools to avoid doing business with non-responsible contractors. Suspensions, Proposals for Debarment, and Debarments are the most widely known tools as these actions are visible to the public”.
More generally, suspension and debarment are not civil or criminal matters resulting in a penalty being imposed on a particular party. Suspension and Debarment is an administrative matter. In a civil or criminal matter, the Department of Justice (DOJ) takes the lead in those actions which are contested litigated matters, with civil and criminal rules around evidence and procedure. While suspension and debarment have evidentiary and procedural considerations, they are much more informal. Grandon noted the rules basically say they should be as informal as it as is practicable under the circumstances.
Grandon also reiterated another key difference is the lack of a penalty. Suspension and debarment do not result in a penalty. In fact, the regulations make it very clear. They are used “only as a proactive protective measure, basically to protect the government’s interests from contractors that either don’t have the capability to perform or to provide the goods and services to be a suitable a business partner with the federal government.”
A final major distinction between a civil or criminal matter and suspension and debarment is they are within the hands of the given agency, as opposed to the DOJ or a US Attorney’s offices who have the lead in civil criminal actions. Conversely, when it comes to suspension and debarment, those actions are distributed across the various federal agencies. Each agency has its own Suspending and Debarring officials. Grandon noted they “have a lot of discretion that they can exercise in this process.”
I next inquired about the remedy of suspension and debarment itself: what is the process the government would go through to reach the point where they might invoke one of the remedies? Grandon noted the key in suspension and debarment is to protect the government’s interest. This means “when information is identified within the agency that a given contractor lacks the integrity or we suspect lacks integrity to be a good business partner for the government, or if a contractor fails to perform; the action an agency will begin to develop is a record of the issues involved.” There are a variety of tools an agency will use to develop a record including coordinating resources from the acquisition community, the investigators within the agency and the suspension and debarment community, which in most cases also has a responsibility for the agencies, fraud coordination or fraud remedies program.
The basic flow begins with the information to establish whether or not there is evidence that triggers a cause for the action and if there is evidence, then the decision can be made by the Suspending and Debarring official to initiate that action. Grandon noted, “information flow leads to whether or not to initiate the action. In the case of a suspension, the focus is usually on a matter that is still being investigated, as suspension is a temporary solution.” Debarment is more permanent.
Grandon concluded by noting that suspension and debarment, while being technically different, effectively impose the same conditions on the contractor that is the subject for the action. It is that the contractor is excluded from competing for or receiving award of federal contracts, federal grants and other federal financial assistance. The remedy of suspension and debarment can be very devastating. Grandon specifically said it has been “referred to as a potential death sentence for companies that are dependent on federal dollars for their revenues.” Yet that is not the basis for a decision which is “whether or not there’s a need to protect the government’s interest.”
Tomorrow we take up the differences between suspension and debarment.
With The Complete Compliance Handbook still sitting at the top of the rankings in its first week of sales, Jay Rosen and myself take a look at some of the top compliance stories over the past week, in the we're still no.1 Edition.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.