In Part II of a two-part series, the top compliance roundtable podcast is back with a review of the new Justice Department’s FCPA Corporate Enforcement Policy. 

1. Jay Rosen considers the take the compliance program additions found in the “Timely and Appropriate Remediation in FCPA Matters” section. He highlights the new parts from the Evaluation of Corporate Compliance Programs, root cause analysis and parts from the 2016 FCPA Pilot Program, Part III on remediation. What does this new information mean for the compliance practitioner? From an assessment perspective what would a monitor look at more closely or even differently than under the 10 Hallmarks?

2. Jonathan Armstrong looks the new Policy from a UK/EU angle. He explores the following issues from the Policy (1) where national blocking statutes prevent disclosure of information, what does the Policy require; (2) does the requirement for “Appropriate retention of business records, and prohibiting the improper destruction or deletion of business records” conflict with the “right to be forgotten”. He also considers the difficulties a UK or EU company might face when dealing the US authorities and other relevant UK or EU authorities if they agreed to self-disclose. For instance, can they meet the extensive cooperation requirement in turning over information on persons and making them available for interview? Finally, and in a fascinating extrapolation, he explores whether the imposition of this law could actually negatively impact international anti-corruption enforcement.

For Jonathan Armstrong’s posts touching on these issues, see the following:

For some of Cordery Compliance’s writings on these topics, please see:

Rolls-Royce case sends a strong signal

Cease Processing Data Judgment

Mike, Jay and Jonathan are back with rants which follow the discussions. 

The members of the Everything Compliance panel include:

• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
• Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
• Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
• Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com

In Part II, the top compliance roundtable podcast reviews the new DOJ FCPA Corporate Enforcement Policy. 

One of the more confusing areas of the FCPA is in that of facilitation payments. Facilitation payments are small bribes but make no mistake about it, they are bribes. For that reason, many companies feel they are inconsistent with a company culture of doing business ethically and in compliance with laws prohibiting corruption and bribery.  Further, the 2012 FCPA Guidance specifies, “while the payment may qualify as an exception to the FCPA’s anti-bribery provisions, it may violate other laws, both in Foreign Country and elsewhere. In addition, if the payment is not accurately recorded, it could violate the FCPA’s books and records provision.” Finally, the 2012 FCPA Guidance states, “Whether a payment falls within the exception is not dependent on the size of the payment, though size can be telling, as a large payment is more suggestive of corrupt intent to influence a non-routine governmental action. But, like the FCPA’s anti-bribery provisions more generally, the facilitating payments exception focuses on the purpose of the payment rather than its value.” [emphasis in original text]

In addition to these clear statements about whether the FCPA should continue to allow said bribes; you should also consider the administrative nightmare for any international company. The UK Bribery Act does not have any such exception, exemption or defense along the lines of the FCPA facilitation payment exception. This means that even if your company allows facilitation payments, it must exempt out every UK Company or subsidiary from the policy. Further, if your company employs any UK citizens, they are subject to the UK Bribery Act no matter who they work for and where they may work in the world so they must also be exempted. Finally, if your US Company does business with a UK or other company subject to the UK Bribery Act, you may be prevented contractually from making facilitation payments while working under that customer’s contract. As I said, an administrative nightmare.

Interestingly, one of the clearest statements about facilitation payments comes not from a FCPA case about facilitation payments but the case of Kay v. Rice, 359 F.3d 738, 750-51 (5th Cir. 2004). This case dealt with whether payment of bribes to obtain a favorable tax ruling was prohibited under the FCPA. In its opinion, the Fifth Circuit commented on the limited nature of the facilitating payments exception when it said:

A brief review of the types of routine governmental actions enumerated by Congress shows how limited Congress wanted to make the grease exceptions. Routine governmental action, for instance, includes “obtaining permits, licenses, or other official documents to qualify a person to do business in a foreign country,” and “scheduling inspections associated with contract performance or inspections related to transit of goods across country.” Therefore, routine governmental action does not include the issuance of every official document or every inspection, but only (1) documentation that qualifies a party to do business and (2) scheduling an inspection—very narrow categories of largely non-discretionary, ministerial activities performed by mid- or low-level foreign functionaries.

Enforcement Actions 

Con-way

The FCPA landscape is littered with companies who sustained FCPA violations due to payments which did not fall into the facilitation payment exception. In 2008, Con-way Inc., a global freight forwarder, paid a $300,000 penalty for making hundreds of relatively small payments to Customs Officials in the Philippines. The value of the payments Con-way was fined for making totaled $244,000 and were made to induce the officials to violate customs regulations, settle customs disputes, and reduce or not enforce otherwise legitimate fines for administrative violations.

Helmerich and Payne

In 2009, Helmerich and Payne, Inc., paid a penalty and disgorgement fee of $1.3 million for payments which were made to secure customs clearances in Argentina and Venezuela. The payments ranged from $2,000 to $5,000 but were not properly recorded and were made to import/export goods that were not within the respective country’s regulations; to import goods that could not lawfully be imported; and to evade higher duties and taxes on the goods.

Panalpina

Finally, there is the Panalpina enforcement action. This matter was partly resolved with the payment by Panalpina and six of its customers of over $257 million in fines and penalties. Panalpina, acting as freight forwarder for its customers, made payments to circumvent import laws, reduce customs duties and tax assessments and to obtain preferential treatment for importing certain equipment into various countries but primarily in West Africa.

Three Key Takeaways

1. Do not forget the administrative nightmare of facilitation payments for international organizations.
2. The Kay decision made clear how narrow the ‘routine government action’ exception is.
3. Facilitation payments will usually be an add-on as they are symptomatic of an ineffective, paper compliance program.

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

In this special 2017 year-end wrap up, host Richard Lummis and myself reflect back on the leadership lessons we explored over the past year. In this momentous year for leadership, both in business and the wider polis, we considered academics, numerous Presidents, movies, sports figures and some of the current corporate scandals which populated the year.

Our clear listener and fan favorite was our episode on Leadership Lessons from Count Dracula, proving once again the market for interesting takes on the most famous vampire of all-time. It appears the Count still has a large podcast following, even in 2017.

We considered the leadership lessons to be learned from corporate scandals as diverse as the fraudulent account scandal at Wells Fargo, which has uncovered many other types of unethical, if not illegal conduct; the ongoing revelations on Uber, which all began with one blog post, by ex-employee Susan Fowler; right up to the ghost jet scandal at GE. We considered the failures in each area and how the companies are beginning to dig out, both reputationally and financially.

One of our most well-received series was focusing on leadership lessons from US Presidents. From an ad-hoc start with Lincoln and Jefferson, several listeners asked if we could continue this exploration so we have committed to working our way through the pantheon of US Presidents. This year we made it up to Martin Van Buren. We have focused on their leadership as Presidents. Each man has brought lessons which are still relevant today. We both enjoyed learning or relearning about Presidents largely out of the public eye and for me, it was James Monroe.

Our movie series during the month of Oscar was a ton of fun. We both had the opportunity to revisit some great classic movies such as Mutiny on the Bounty, Patton and All the King’s Men. We will definitely put on another month of Oscars series of podcasts in 2018. We also explored more somber texts such as Hue 1968, which looked at the Battle of Hue in the context of the 1968 Tet Offensive and the turning point of the Vietnam War and how the leadership lessons still resonate for the business leader today.

We hope you have enjoyed our offerings on business leadership and will join us again in 2018.

In this episode, I visit with Keith Read, Advisor to Convercent and Angus Robertson, Senior Vice President for Convercent on some of the key trends they observed in the marketplace in 2017, from the vendor perspective. I found this an interesting perspective as both of these gents spend quite a bit of time listening to compliance practitioner on what their needs are for their organizations. Some of the key trends they observed included: 

Data Privacy

A hugely increased focus on data privacy, partly driven by GDPR and partly driven by the increasing size and global reach of our customer base.

Whistle-blowing & Social Media

A genuine recognition of the importance of effective whistle-blowing programs, given that social media now means that people are far more prepared to speak out if they are not happy to speak up. This also brings with it the need for active retaliation prevention, not just a passive ‘shelf’ policy.

Global legislation around ABC

Increasing global compliance-related legislation – new and updated laws such as Sapin II, the UK’s Criminal Finances Act, the Brazilian Clean Companies Act, all utilize similar approaches to the enforcement of anticorruption legislation. This makes developing and implementing a common response strategy can be far more effective, and less costly; moreover, drawing disparate sources of data together - often for the first time - can be eye-opening.

Big Data and Analytics

Companies are focused more than ever on data, reporting and benchmarking. How do I as an ethics and compliance leader get the data I need to understand the health of my organization and the effectiveness of my program? How do I show how well I’m performing and the business value?

Delineation of Compliance vs. Ethics

Consumers and employees focused more on ethics causes organizations to shift. This is especially true in B2C and industries led by technology or the shared economy.

Employee engagement and nudge programs

Providing the just-in-time information that is context aware relative to business process and communication, so that employees can make the right decision at the right time to support their company values.

The FCPA Compliance Report is proud to have Convercent sponsor this episode. Convercent works to drive ethics to the center of business through Enterprise Ethics & Compliance Software

that invites users to share, listen and learn to help build a more ethical corporate culture. For more information go to Convercent.com.

Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories of the week, including:

1. A former Embraer employee cops a guilty plea for his role in bribery in Saudi Arabia. Dick Cassin reports in the FCPA Blog.
2. A host of luminaries pen an article entitled, “Oral Downloads of Interview Memoranda to Government Regulators Waive Work Product Protection” on NYU’s Compliance and Enforcement Blog. This is scary stuff if you care about privilege.
3. An Italian judge orders ENI and Shell to a criminal trial for their alleged role in a massive bribery scandal in Nigeria over payment to obtain concession rights. Scott Tong reports in NPR’s Marketplace.
4. The German company Bilfinger seeks a comeback after a disastrous bribery and corruption scandal and sustaining a FCPA violation. Henry Cutter reports in the WSJ Risk and Compliance Journal.
5. Sam Rubenfeld explains that compliance with the Magnitsky Act is easy in the WSJ Risk and Compliance Journal.
6. George “Ren” McEachern, with the FBI’s international corruption unit, will retire and become a managing director at Exiger. Sam Rubenfeld reports in the WSJ Risk and Compliance Journal.
7. The former heads of the Paraguayan and Brazilian soccer associations guilty of racketeering conspiracy and other charges. Zachary Zagger and Sindhu Sundar report in Law360 (sub req’d)
8. Jay Rosen previews the Jay Rosen Weekend Report, What's in a Number and Are You More than a Just a Link Collector?
9. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In December, I conclude my discussion of written standards in a best practices compliance program. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
10. Mike Volkov has published a new eBook, Pointing the Finger — How Corporate Boards Are Dodging Accountability and What CCOs Can Do About It. It was published by Corporate Compliance Insights and is available here.
11. Check out May the Podcast Be With You-the intersection of Star Wars and Compliance. The five-part series premiered on December 11. Episode 1-what is risk?, Episode 2-due diligence, Episode 3-effective training, Episode 4-disruption in compliance and Episode 5-myth of the rogue employee. The series is sponsored by Affiliated Monitors.

Welcome to the Part V and our final entry of this five-part podcast series Jay Rosen and I produced in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I reviewed a In this final entry, we consider Rogue One and the myth of the rogue employee. 

Today we consider the only stand-alone entry in the Star War series, Rogue One. This movie tells the tale of the spies who stole the schematics from the original Death Star and transmitted it to Princess Leia and thereby the Rebel Alliance. Rogue One is the first film in the Star Wars Anthology series, a series of stand-alone spin-off films in the Star Wars franchise. It is not clear where the name of the movie came from; although my personal nomination is that in the attack led by Luke on the original Death Star, his squadron was Rogue Two so the movie title is a tribute to those Rebel Alliance X-wing fighters and their pilots.

As long as 24 years ago, Lynn S. Paine wrote about the myth of the rogue employee in the Harvard Business Review (HBR), in an article entitled “Managing for Organizational Integrity”. In this article she wrote, “executives are quick to describe any wrongdoing as an isolated incident, the work of a rogue employee. The thought that the company could bear any responsibility for an individual’s misdeeds never enters their minds. Ethics, after all, has nothing to do with management. In fact, ethics has everything to do with management.” How prescient she was in her article.

For it is management who sets the tone throughout the organization, whether that is something along the lines of a wink and a nod towards ethics and compliance or the more ubiquitous miss your numbers for two quarters and you will be history, Paine noted, “More typically, unethical business practice involves the tacit, if not explicit, cooperation of others and reflects the values, attitudes, beliefs, language, and behavioral patterns that define an organization’s operating culture. Ethics, then, is as much an organizational as a personal issue.”

However, a company’s responsibility is more than simply to set the right tone then sit back and do nothing. The drafters of the Foreign Corrupt Practices Act (FCPA) recognized this when they included the requirement for internal controls to be included in the law. For, as Paine said, “Managers who fail to provide proper leadership and to institute systems that facilitate ethical conduct share responsibility with those who conceive, execute, and knowingly benefit from corporate misdeeds.”

Yet the myth of the rogue employee is more than a simple myth. It is also a dangerous myth. It is dangerous because it excuses negligent or intentional corporate behavior. Mike Volkov, in a blog post entitled “The Myth of the Rogue Employee”, noted that illegal conduct such as that under the FCPA does not occur “in a vacuum.” He explained “There are other employees with whom the person interacts, there are financial controls in place to protect against such misconduct, there are reporting mechanisms for employees to report suspicious activity, and there is likely to be someone in the organization who is close enough to the bad actor, or responsible for the conduct of the bad actor, and who suspected or should have suspected that the actor was engaged in misconduct.” Moreover, the more sophisticated the scheme, the more actors are involved and the more controls are overridden or disregarded as he explained, “As the misconduct becomes more complicated, like in the case of bribery or antitrust violations, where such schemes require additional actors or raise red flags or where others are in a position to know or suspect that misconduct may have occurred”.

The three basic tenets of a best practices compliance program are to prevent, detect and remedy. By claiming employees who engage in bribery and corruption have ‘gone rogue’; companies are attempting to divest themselves of responsibility for actions from which they benefit, particularly if the bribery and corruption generated business sales and revenue. 

We hope you have enjoyed our five-part podcast series on the intersection of Star Wars and compliance as much as we enjoyed producing it. Always remember the storytelling component of compliance. Reciting rules, regulations, policies and procedures is the way to engage effectively in compliance.

May the podcast be with you this holiday season.

The original version of the FCPA, enacted in 1977, contained an exception for payments made to non-US officials who performed duties that were “essentially ministerial or clerical”. In 1988 Congress responded by amending the FCPA under the Omnibus Trade and Competitiveness Act to clarify the scope of the FCPA’s prohibitions on bribery, including the scope of permitted facilitation payments. An expanded definition of “routine governmental action” was included in the final version of the bill, reflecting the intent of Congress that the exceptions apply only to the performance of duties listed in the subcategories of the statute and actions of a similar nature. Congress also meant to make clear that “ordinarily and commonly performed actions”, with respect to permits or licenses, would not include those governmental approvals involving an exercise of discretion by a government official where the actions are the functional equivalent of “obtaining or retaining business for, or with, or directing business to, any person”.

The FCPA contains an explicit exception to the bribery prohibition for any “facilitation or expediting payment to a foreign official, political party, or party official for the purpose of which is to expedite or to secure the performance of a routine governmental action by a foreign official, political party, or party official”. “Routine government action” does not include any decision by a public official to award new business or continue existing business with a particular party. The statute lists examples of what is considered a “routine governmental action” including:

• obtaining permits, licenses, or other official documents to qualify a person to do business in a country;
• processing government papers, such as visas or work orders;
• providing police protection, mail pick-up and delivery, or scheduling inspections associated with contract performance or transit of goods across country;
• providing phone service, power and water supply, loading and unloading cargo, or protecting perishable products from deterioration; and
• actions of a similar nature.

There is no monetary threshold for determining when a payment crosses the line between a facilitation payment and a bribe. The accounting provisions of the FCPA require that facilitation payments must be accurately reflected in an issuer’s books and records, even if the payment itself is permissible under the anti-bribery provisions of the law

Risks associated with relying on the “facilitation payments” exception

Facilitation payments carry legal risks even if they are permitted under the anti-bribery laws of a particular country. In the US enforcement agencies have taken a narrow view of the exception and have successfully prosecuted FCPA violations stemming from payments that could arguably be considered permissible facilitation payments. Violations of the accounting and recordkeeping provisions of the FCPA are also more likely when a company makes facilitation payments. Abroad, countries are increasingly enforcing domestic bribery laws that prohibit such payments. Companies that allow facilitation payments face a slippery slope to educate their employees on the nuances of permissible payments in order to avoid prosecution for prohibited bribes.

1. US enforcement authorities construe the exception narrowly

Other than as discussed above, there is no definitive guidance on circumstances in which the facilitation payments exception applies. There may be less risk of enforcement by US authorities in cases involving bona fide facilitation payments that are made specifically for one of the purposes enumerated in the FCPA. However, companies still face the risk of at least facing a governmental inquiry to explain the circumstances surrounding the payments, possibly resulting in penalties based on an unanticipated restrictive interpretation of the exception. As noted by the FCPA Professor, the recent Noble Non-Prosecution Agreement noted that the payments made by Noble’s Nigerian customs’ agent Panalpina, to facilitate the importation of its rigs into Nigeria did “not constitute facilitation payments for routine governmental actions within the meaning of the FCPA"

2. Potential non-compliance with the FCPA’s accounting and record-keeping provisions

While the anti-bribery provisions of the FCPA permit facilitation payments, the accounting and recordkeeping provisions of the law nevertheless require companies making such payments to accurately record them in their books and records. Companies or individuals may be reluctant to properly record such payments, as it shows some semblance of impropriety and effectively creates a permanent record of a violation of local law. However, failure to properly record such expenditures may result in prosecution by the Securities and Exchange Commission (SEC) even if the underlying payments themselves are permissible. One example of prosecution resulting from the misreporting of seemingly permissible facilitation payments involves Triton Energy Corporation, which settled an investigation by the SEC involving multiple alleged FCPA violations, including the miss-recording of facilitation payments. An Indonesian subsidiary of the company had been making monthly payments, of approximately $1,000, to low-level employees of a state-owned oil company in order to assure the timely processing of monthly crude oil revenues. The SEC did not charge that these payments violated the anti-bribery provisions of the FCPA; however, these payments were miss-recorded in corporate books and therefore violated the FCPA’s accounting and recordkeeping provisions. Triton Energy consented to an injunction against future violations of the FCPA and was fined $300,000.

3. Increased enforcement of non-US laws that do not recognize an exception for facilitation payments

While the FCPA and certain other national anti-bribery laws contain exceptions for facilitation payments, such payments typically are considered illegal in the country in which they are made; there is not any country in which facilitation payments to public officials of that country are permitted under the written law of the recipient’s country. Accordingly, even if a particular facilitation payment qualifies for an exception of the FCPA, it, nevertheless, is likely to constitute a violation of local law – as well as under anti-bribery laws of other countries that also might apply simultaneously – and thus exposes the payer, his employer and/or related parties to prosecution in one or more jurisdictions. While enforcement to date in this area has been limited increased global attention to corruption makes future action more likely. Countries that are eager to be seen as combating corruption are prosecuting the payment of small bribes with greater frequency.

4. Corporate approaches to facilitation payments may exceed the legitimate scope and applicability of the exception

Businesses still struggle with how to address the facilitation payments exception in their compliance policy and procedures, if the subject is covered at all. Businesses should be wary of allowing employees to decide on their own whether a particular payment is permissible. Unless such payments are barred completely or each payment is subject to pre-approval (which in many cases would be unrealistic (e.g., passport control)), there is always the risk that an employee, agent or other person whose actions may be attributed to the company will make a payment in reliance on the exception when in fact the exception does not apply. In addition, the temptation to improperly record otherwise permissible facilitation payments has been discussed above.

Three Key Takeaways

1. Many companies still struggle with facilitation payments.
2. What are the five listed purposes for facilitation payments?
3. The facilitation payment exception is narrowly construed by both the courts and the Justice Department.

Why are facilitation payment so problematic?

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Welcome to the Day 4 of the five-day podcast series Jay Rosen and I are producing in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I will review a Star Wars movie and discuss it from the compliance perspective. Today, we consider Episode VII, The Force Awakens and disruption in compliance.

The full series schedule is:

Monday, December 18, Part I- IV-a New Hope and risk.

Tuesday, December 19, Part II- V-The Empire Strikes Back and due diligence.

Wednesday, December 20, Part III- VI-Return of the Jedi and effective training.

Thursday, December 21, Part IV- VII-The Force Awakens and disruptive innovation in compliance.

Friday, December 22, Part V-Rogue One and the myth of the rogue employee.

Today I consider the first ‘new’ Star Wars movie entry, Episode VII – The Force Awakens. I say it is a new Star Wars movie as it was the first one not created by LucasFilms, as George Lucas had sold his company to Disney, which produced the 2016 entry into the Star Wars oeuvre. It was directed by JJ Abrams and told the story of the Star Wars universe some 30 years after the destruction of the last Death Star.  It is this disruptive nature of the Star Wars franchise that I will focus on today as it relates to disruption innovation in compliance.

The film introduced several new characters: Rey, Finn and Poe Dameron, Kylo Ren and the First Order, a successor to the Galactic Empire. The film was largely one giant search for Luke Skywalker who had gone into isolation after his failure to re-establish the Jedi order. In addition to introducing the new characters, we are reunited with Han, Chewbacca and Princess Leia, who is now General Leia Organa. The First Order has developed new weapon, Starkiller, a deliciously worthy successor to the Death Star; the Rebel Alliance majorly disrupts the weapon and the First Order by destroying it, in the film’s climactic battle.  

One of the key things the Department of Justice (DOJ) has communicated over the past few months is the importance of doing compliance rather than having a paper compliance program in place. In releasing the new Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy, the DOJ emphasized the clear delineation of factors they will consider in determining if a company has an operationalized best practices compliance program in place in the context of a FCPA enforcement action. All of this has required disruptive innovation in compliance beyond the simple paper compliance program which until recently was seen as the norm.

Compliance is a process. Compliance programs should evolve as business risks change. Just as disruptive innovation tends to focus on process, your compliance program should focus on your overall business process to be successful.

Compliance 3.0 is very different from compliance programs of the past decade. Compliance is moving from a solutions shop where all compliance functions are centered in the legal or compliance department to a process function where the front-line business team can use technology and other tools to operationalize compliance. The 2017 Evaluation of Corporate Compliance Programs focused on how well a company operationalizes compliance into the business functions. The authors point to new business models as disruptive and I think this concept translates into how compliance can be burned into the DNA of an organization rather than simply sitting in the corporate office in the US.

Not all disruptive innovations succeed as disruption is only one step in both the creative and growth process. The key concept is what former SCCE President Roy Snell says are the three goals of any compliance program; to prevent, find and fix issues. This is how compliance differs from legal, whose job is to protect the company; from compliance whose mission is to monitor, obtain the data and then use the data as a feedback loop back into the company.

As many compliance practitioners are lawyers, we are naturally reticent to embrace such change, however I think the pronouncements of the DOJ throughout the year have made even clearer the need for continued evolution of anti-corruption compliance going forward. In The Force Awakens, there were numerous disruptions. We saw the death of one of the most beloved characters in the series, Han Solo, the growing awareness by Rey of her powers and the return of Luke Skywalker. It totally disrupted the First Order and destroyed its most lethal weapon.  

Join us tomorrow where we consider Rogue One and the myth of the rogue employee.

May the podcast be with you this holiday season.

The FCPA states, “The FCPA’s anti-bribery provisions apply to corrupt payments made to (1) “any foreign official”; (2) “any foreign political party or official thereof”; (3) “any candidate for foreign political office”; or (4) any person, while knowing that all or a portion of the payment will be offered, given, or promised to an individual falling within one of these three categories. Although the statute distinguishes between a “foreign official,” “foreign political party or official thereof,” and “candidate for foreign political office,” the term “foreign official” in this guide generally refers to an individual falling within any of these three categories.”

Government policies affect the commercial environment.  A company is subject to legislation and regulation that affects how it conducts its business and generates value for its investors.  Participating in the political process is part of a business strategy to protect a company’s interests.

Most international businesses have strategy to engage in the political process with a view to the long-term interests of the company and to promote and protect its interests. All political contributions and expenditures on behalf of the Company and management reports on these political contributions and expenditures should be reported to the Board of Directors annually.  No political contributions may be made or promised unless written pre-approval has been obtained from the corporate compliance function.

Among the factors that influence which candidates merit political donations include:

• Candidate support for key company business and public policy priorities;
• Candidate voting record and leadership position;
• Candidate commitment to company’s industry growth, and ability to positively impact its goals; and
• Company assets or employees in a region or state represented by the candidate.

All political contributions should be made in accordance with all applicable laws and regulations and disclosed as required by law. Any requests for contributions to a political candidate, committee, or party must be addressed to the corporate compliance function and must include an analysis of the four factors above, as well as business justification for the request to support the particular candidate, committee, or party. 

Additionally, no Company funds or other assets may be used for political contributions outside the U.S., unless expressly approved in writing by Government Affairs.  A Company employee seeking approval for political contributions outside the U.S. must present Government Affairs, in writing, with all relevant information to allow for a thorough and careful analysis.  Among the information required by compliance function should be:

• The name of the candidate, committee, or political party;
• The government agency(ies) with which the candidate is or has been affiliated (e.g., has the candidate served with the Ministry of Interior and in what period of time);
• The candidate’s position on key issues that affect Company’s business (e.g., human rights, equality, labor laws, unionization, taxes, foreign investment, etc.);
• The candidate’s voting record on the issues affecting the Company;
• Whether Company does business with the government entity with which the candidate is seeking a position and the amount of such business in the preceding 24 months;
• Any pending or recently awarded contracts with the government entity with which the candidate is affiliated or is seeking a position;
• Any pending or recently awarded contracts overseen or managed by the committee, party, or political entity for which the political contribution is sought; and
• The business justification for making the political contribution.

Your company policy should prohibit politically exposed persons (PEPs) from exerting pressure or undue influence over you employees, agents, consultants, or representatives to make personal political contributions. 

Your policy should prohibit use of your company’s resources or assets, including work time, to support candidates or campaigns personally. In the course of employment, PEPs should be prohibited from engaging in any activity on a company’s behalf that is intended to influence legislation, rulemaking, or governmental policy or engage lobbyists or others to do so, without pre-authorization of the corporate compliance function.

Political contributions shall not be used to disguise a payment that is prohibited by a company’s Code of Conduct, Anti-Corruption Policy, or other policies or procedures.  If your company’s policies prohibit the payment in another form, it should not be made under the guise of a political contribution.  No employee should utilize third parties or their own personal funds to make a payment that cannot be made under a company’s policies and procedures.   

Any exceptions to this policy should only be approved by the CCO, Compliance Oversight Committee or Board of Directors.

Three Key Takeaways

1. Political candidates are covered by the FCPA.
2. What is the business purpose for the contribution?
3. Do not make contributions towards candidates who can award your company business.

This month’s sponsor is the Doing Compliance Master Class. In 2018, I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

In Part I of a two-part series, the top compliance roundtable podcast is back with a review of the new Justice Department’s FCPA Corporate Enforcement Policy. 

1. Mike Volkov sets the stage with background on this new DOJ policy regarding FCPA enforcement going forward, considering what this means from the DOJ/ prosecutorial perspective. He explores why would the DOJ would start with a presumption of a declination when there is arguably a criminal violation? What does this new Policy mean for SEC enforcement? Does this extend any of the concepts we saw as far back as the Yates Memo? 

For Mike Volkov’s post on the new FCPA Corporate Enforcement Policy, see the following: 

Five Key Takeaways from DOJ’s New FCPA Corporate Enforcement Policy 

2. Matt Kelly considers how might the Justice Department prosecute a case (1) where the company doesn’t meet all the FCPA Program criteria; and (2) how vigorously will prosecutors evaluate a company’s compliance program as part of its investigation? Is this Policy something new or more in the line of a continuation/clarification? Does this new Policy create a real incentive or not for companies to self-disclose? Finally, does this create a true partnership between the DOJ and Business to fight bribery and corruption? 

For Matt Kelly’s post on the new FCPA Corporate Enforcement Policy, see the following: 

DOJ Expands FCPA Pilot Program 

The gang is back with rants which follow the discussions. 

The members of the Everything Compliance panel include:

• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
• Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
• Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
• Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com

What should your compliance policy and procedures on charitable donations look like? What should you prohibit or even caution against? The starting point is the 2012 FCPA Guidance regarding charitable donations. Your policy should begin by asking the following five initial questions:

• What is the purpose of the donation?
• Is the payment consistent with the company’s internal guidelines on charitable giving?
• Is the payment at the request of a foreign official?
• Is a foreign official associated with the charity and, if so, can the foreign official make decisions regarding your business in that country?
• Is the payment conditioned upon receiving business or other benefits?

There are additional inquiries based upon the DOJ Opinion Releases issued regarding charitable donations. Some of the protections a company can do to comply with the FCPA regarding charitable donations are as follows:

• Will the donation recipients certified that they or the entity will comply with the requirements of the FCPA;
• Will the recipient provided audited financial statements; and
• Will the recipient restrict the use of the donated funds to humanitarian or charitable purposes only;
• Will the funds transferred to a valid bank account; and
• Will the recipients, allow ongoing auditing and monitoring of the efficacy of the charitable donation program.

Based upon the Schering-Plough and Lilly SEC enforcement actions, there are some additional inquiries that should be specified:

1. What was the timing of the charitable donation or promise to make a donation in relation to the obtaining or retaining of business?
2. Did the company follow its normal protocol for requesting, reviewing and making a charitable donation or is there a pattern of unusual donations outside the protocol?
3. Did any one person make multiple donations just below their authority level so that it did not have to go up the line for review?
4. Was the total amount donated to one charitable foundation out of proportion to the rest of the country or region’s charitable donation budget?
5. Did the sales in one area, region or country spike after a pattern of charitable donations?

The information on the red flags from the prior Opinion Releases and the best practices, as set out in the 2012 FCPA Guidance, have been available for some time. From the Schering-Plough and Lilly enforcement actions, your policy should consdier the timing of charitable donations to see if they are at or near the time of the awarding of new or continued business. Finally in managing the relationship, you now need to look at overall increases in sales to determine if they are tied to a pattern of charitable donations. By looking at the timing and quantum of charitable donations, internal audit may be able to ascertain that a spike in sales is tied to corrupt conduct.

Three Key Takeaways

1. What are the basic inquiries to make around charitable donations?
2. Use all of the communication tools the DOJ has provided; written guidance, enforcement actions and Opinion Releases to inform your charitable donation policy.
3. Document Document Documents the basis of your charitable donations risk assessment.

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Welcome to the Day 3 of the five-day podcast series Jay Rosen and I are producing in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I will review a Star Wars movie and discuss it from the compliance perspective. Today, we consider Episode VI, Return of the Jedi and effective training.

The full series schedule is:

Monday, December 18, Part I- IV-a New Hope and risk.

Tuesday, December 19, Part II- V-The Empire Strikes Back and due diligence.

Wednesday, December 20, Part III- VI-Return of the Jedi and effective training.

Thursday, December 21, Part IV- VII-The Force Awakens and disruptive innovation in compliance.

Friday, December 22, Part V-Rogue One and the myth of the rogue employee.

In this final movie from the original three, the good guys win in the end after overcoming incredible odds. Many fans and critics panned it for including the incredibly cute and furry Ewoks on the moon named Endor as a part of the storyline. Many thought one very tall Wookie was enough cuteness for the series. This movie’s big reveal was that Luke and Princess Leia were twins and that she was now free to unabashedly pursue bad boy Han Solo. While Episode VI was the lowest grossing film of the original three, coming in at only $572MM worldwide, it was still a great ride and visually stunning. George Lucas’ in-house organ, Industrial Light & Magic (ILM), certainly earned their title for their special effects in the movie. The Sarlacc battle sequence was great, the speeder bike chase on the Endor moon was way cool and the space battle between Rebel and Imperial pilots was a great ride.

I have adapted an approach from Joel Smith on his Inhouse Owl website to help determine compliance training effectiveness.

1.What you want to measure. Before you ever train an employee, you should have a goal in mind. What actions do you want employees to take? What risks do you want them to avoid? In compliance, you want them to avoid non-ethical and non-compliant actions that would lead to compliance violations. The goal is to train employees to follow your Code of Conduct and your compliance program policies and procedures so you avoid liability related to actions.

2. What is employee engagement? The next step is to get a sense of whether employees feel that the training you provided is relevant and targeted to their job. If it’s not targeted, employees will likely not be committed to changing risky behavior. You can get data on employee engagement through a quick post-training survey, which will help you isolate and qualify the training benefit.

3. Did employees actually learn anything? A critical part of any employee training is the assessment. If you want to understand the “benefit” of training employees, you must know whether they actually learned anything during training. You can collect this data in a number of ways, but for compliance training, the best way is to measure pre-and post-training understanding over time. Basically, each time you train an employee, measure comprehension both before and after training.

4. Are employees applying your training? You need to conduct a survey to determine employee application and their implementation of the training topics. To do so, you must conduct employee surveys to understand whether they ceased engaging in certain risky behaviors or better yet understand how to conduct themselves in certain risky situations. These surveys can provide a good sense of whether the training has been effective. 

Join us tomorrow where we consider The Force Awakens and disruptive innovation in compliance.

May the podcast be with you this holiday season.

In this episode, Matt Kelly and I take a deep dive into a report from the Financial Stability Oversight Council on the cybersecurity risk of third party technology providers in the financial industry. We discuss some of the specific risks and recommendations laid out in the report. We use this as a jumping off point to explore how such issues are becoming more and more the purview of the compliance practitioner. Some of the solutions Matt discusses are directly in the wheelhouse of the compliance professional. Finally we note the potential for more regulatory scrutiny from both the SEC and PCAOB going forward into 2018.

For addition information on this topic see some of Matt’s writings in this area see

Feds Eye Cybersecurity Risks of Tech Providers

The Fine Art of Scoping a SOC 2 Audit

NIST Standards and Why They Matter

Welcome to the Day 2 of a five-day podcast series Jay Rosen and I are producing in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I will review a Star Wars movie and discuss it from the compliance perspective. Today, we consider Episode V, The Empire Strikes Back and due diligence.

The full series schedule is:

Monday, December 18, Part I- IV-a New Hope and risk.

Tuesday, December 19, Part II- V-The Empire Strikes Back and due diligence.

Wednesday, December 20, Part III- VI-Return of the Jedi and effective training.

Thursday, December 21, Part IV- VII-The Force Awakens and disruptive innovation in compliance.

Friday, December 22, Part V-Rogue One and the myth of the rogue employee.

This movie is my personal favorite of the initial trilogy. During the climactic battle between Luke Skywalker and Darth Vader, there is the BIG REVEAL where Vadar utters the immortal line, “I AM YOUR FATHER”. In the context of knowing who you are doing business with under the Foreign Corrupt Practices Act or UK Bribery Act. I once heard a company President say he did not need to perform due diligence because he looked a man in the eyes and that was enough to know if he was honest. (I should add, this company President also evaluated the strength of a handshake as an additional level of due diligence.) Hopefully we have moved past this level of sophistication for due diligence and its evaluation thereof.

There are three levels of due diligence and you must make a determination which is appropriate for the entity or person you are investigating. If a red flag appears it must be cleared or a risk management strategy articulated to allow moving forward.

Level I

First level due diligence typically consists of checking individual names and company names through several hundred Global Watch lists comprised of anti-money laundering (AML), anti-bribery, sanctions lists, coupled with other financial corruption and criminal databases. Level I due diligence addresses such basic issues as whether the third party actually exists, the identities of management, officers, directors and shareholders and whether such persons are on regulators’ watch lists. It can also provide some basic information on whether there are politically exposed persons (PEPs) involved in the third party. Finally, if there are any media reports linking the company to corruption.

Level II

Level II due diligence encompasses supplementing Level I due diligence with a deeper screening of international media, typically the major newspapers and periodicals from all countries plus detailed Internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company, the third party’s key executives and associated parties. Level II can give you information on adverse litigation, any bankruptcy proceedings, overt signs of financial difficulty. More generally it will also provide local online information such as corporate filings, regulatory filings, lawsuits and locally archived materials. You also be able to determine if there were any in-country investigations or sanctions from regulatory entities.

Level III

This level is the deep dive. It will require an in-country ‘boots-on-the-ground’ investigation and is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions. Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in-country investigation.

Now imagine if Luke had performed a more robust level of due diligence on Darth Vadar? Would he have been able to find out Darth Vadar was his father? Perhaps not but then again, we might not have heard that seminal line “I AM YOUR FATHER”.

Join us tomorrow where we consider Return of the Jedi and effective training.

May the podcast be with you this holiday season.

Opinion Releases can provide valuable information for the compliance practitioner. I agree with the statement found in the 2012 FCPA Guidance that “DOJ’s opinion procedure is a valuable mechanism for companies and individuals to determine whether proposed conduct would be prosecuted by DOJ under the FCPA. Generally speaking, under the opinion procedure process, parties submit information to DOJ, after which DOJ issues an opinion about whether the proposed conduct falls within its enforcement policy.” 

In the areas of charitable donations, the DOJ has provided several Opinion Releases which give solid guidance on this tricky issue. There have been four Opinion Releases in the area of charitable donations under the FCPA. In each Opinion Release, the DOJ indicated that it would not initiate prosecutions based upon the fact scenarios presented to it.

95-01

This request was from a US based energy company that planned to operate a plant in South Asia, in an area where was no medical facilities available. The energy company planned to donate $10 million for equipment and other costs to a medical complex that was under construction nearby. The donation would be made through a US charitable organization and a South Asian LLC. 

The energy company stated it would do three things with respect to this donation.

1. Before releasing funds, the energy company said it would require certifications from the officers of all entities involved that none of the funds would be used in violation of the FCPA.
2. It would ensure that none of the persons employed by the charity or the LLC were affiliated with the foreign government.
3. The energy company would require audited financial reports detailing the disposition of the funds.

97-02

This request was from a US based utility company that planned to operate a plant in Asia, in an area where there was no primary-level school. The utility company planned to donate $100,000 for construction and other costs to a government entity that proposed to build an elementary school nearby. Before releasing funds, the utility company said it would require certain guarantees from the government entity regarding the project, including that the funds would be used exclusively for the school. 

06-01

This request was from a Delaware company doing business in Africa. The company desired to initiate a pilot project under which it would contribute $25,000 to the Ministry of Finance in the country to improve local enforcement of anti-counterfeiting laws. The contribution would fund incentive awards to local customs officials, which was needed because this African country was a major transit point for illicit trade and the local customs officials have no incentive to prevent the contraband. 

The company said that along with the contribution, it would execute an agreement with the Ministry to encourage exchange of information and establish procedures and criteria for incentive awards. The company said that if the program is successful, the awards would continue to be funded as needed, and the company will seek the participation of its competitors in this program. 

The company would implement at least five safeguards to ensure the funds would be used as intended, including:

1. Payments to a valid government account, subject to internal audits.
2. Payments only upon the confirmation that goods seized were in fact counterfeit.
3. The Ministry would identify award candidates without input from the company and would provide evidence that funds were used properly.
4. The company would monitor the program’s effectiveness.
5. Records will be required to be kept and be available for inspection for a period of time. 

10-02 

A US Company desired to move from a charitable entity model to a for profit model in the area of micro-financing. To do so it was required to make a large cash donation to a charity in the country in question. The company engaged in three rounds of due diligence in which it determined that the most favorable candidate had a government official on its Board of Directors but that under the laws of the country in question, the government official could not receive compensation to sit as a Board member. After initially listing the 3 levels of due diligence in which the company had engaged prior to finalizing its choice of local entity to receive the donation; the DOJ noted that the donation ‘requested’ of the US Company would be subject to the following controls: 

1. Payments of the donations would be staggered over a period of eight quarters rather than in one lump sum.
2. Ongoing monitoring and auditing of the funds use for a period of five years.
3. The donations would be specifically utilized for the building of infrastructure.
4. The funds could not be transferred to either the charities parent or any other affiliated entity.
5. The funds would not be paid to the parent of the organization receiving the grant and there was an absolute prohibition on compensating Board Members.
6. The proposed grant agreement under which the funds would be donated had significant anti-corruption provisions which included a requirement that the local organization receiving the funds adopt an anti-corruption policy and that company making the donation shall receive full access to the local organization’s books and records.
7. Right to terminate the agreement and recall the funds if evidence was found that “reasonably suggests” a breach of compliance provisions. 

Mendelsohn Guidance 

Dick Cassin, writing in the FCPA Blog, in a posting entitled “When is Charity a Bribe?”, cited to the then Deputy Chief of the Criminal Division’s Fraud Section at the DOJ Mark Mendelsohn.  Mendelsohn was asked about the guidelines regarding requests for charitable giving and the FCPA and said that any such request must be evaluated on its own merits. He advocated a “common sense” approach in identifying and clearing Red Flags. Some of the areas of inquiry would include answers to the following questions. 

1. Is there a nexus between the charity and any government entity from which the company is seeking a decision?
2. If the governmental decision-maker holds a position at the charity, that's a red flag.
3. Is the donation consistent with the company's overall pattern of charitable donations?
4. If one donation or a series of them is more than the company has made to any other charity in the past five years, that would also be a red flag.
5. Who made the request for the donation and how was that request made? 

Three Key Takeaways

1. You can utilize the Opinion Release process for a wide variety of issue.
2. You must manage your charitable donations program even after the money has been donated.
3. Never forget the Mendelsohn common sense approach to charitable donations.

This month’s sponsor is the Doing Compliance Master Class. In 2018, I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

In this episode, Richard Lummis and I consider the recent revelations which came to light that during the tenure of the former Chief Executive Officer, Jeff Immelt and the saga of two corporate jets. Immelt had an empty plane fly behind his jet on corporate trips. This ghost plane tracked Immelt’s jet and was designed to be available if there was a mechanical issue, which presumably could not be fixed sufficiently in time for the CEO’s busy travel schedule. There were several points that the lessons every business leader can learn from these revelations going forward.

Thomas Gryta, Joann S. Lublin and Mark Maremont, writing in the Wall Street Journal (WSJ), said that a GE spokesperson noted the reason for the ghost plane ““This practice, which GE has discontinued, involved business-critical itineraries with tight schedules, multiple international stops and, in most cases, security concerns.”” The spokesperson then gratuitously added, ““We do not believe that the understandable criticism of this discontinued practice fairly reflects on Jeff’s dedicated service to GE for over 30 years.”” However the WSJ piece, citing un-named sources said, “While CEO, Mr. Immelt wanted a backup jet in case there was a mechanical issue that could lead to delays”. The cost to operate the ghost plane was about $6500 per hour, adding up to $250,000 to the cost of each flight.

The New York Times (NYT) reported that the practice occurred during his 16-year tenure as CEO of GE. Yet it was the subject of an internal whistleblower complaint in 2014. The WSJ reported, “The company told GE’s directors the company had reduced the practice in mid-2014 and that the continued use of the backup plane was limited to isolated situations such as travel to risky destinations. The board members were previously unaware, the people said, and some were dismayed to learn of the practice. “Obviously, this was an excess,” one of these people said.”

Here was a clear misrepresentation to the Board of Directors. Even if limited to ‘isolated situations’ there was a CEO’s behavior and practices which was so egregious that it took a hotline compliant to change and the company executives were less than truthful to its own Board of Directors that the practice could continue. It was not as if company executives had any lack of understanding that the practice was not approved by the Board. The head of the Board’s Audit Committee mandated the practice must end.

To hide what was going on, the company went out of its way to hide the ghost plane practice as “Flight crews were told to not openly refer to the backup planes, for fear of raising eyebrows, especially at the small airport facilities for private jets, the people said. One person said the flight manifest sometimes listed “Robert Jeffries” or “Jeffrey Roberts” as the passenger on the second plane, when in fact the seats were empty.” That certainly sounds like someone trying to hide something.

What about the excuse that it was for security? James Stewart, writing in the NYT skewered that reasoning by citing to Scott Davis of Melius Research who stated, ““Not even heads of state get that kind of treatment.” Moreover, if the security was such a concern, why was GE sending its CEO there in the first place. Stewart wrote, “No one I spoke to in the field of corporate security said that made any sense, especially in the instance when the second plane stayed in Anchorage while Mr. Immelt traveled to Asia. There are plenty of planes there that could be chartered in case of emergency, not to mention commercial flights with first-class cabins and ample security. Robert Strang, a corporate security expert and the chief executive of the Investigative Management Group, told me he had been conducting security audits for chief executives for 29 years and could think of no similar example.” Finally, “If a destination is so dangerous that it requires a backup plane, then a C.E.O. shouldn’t be going in the first place”. And it’s not as if Mr. Immelt had been traveling to war-torn Syria or Afghanistan.

Next was a point that Immelt himself raised which spoke directly to business leadership. In a letter to John J. Brennan, chairman and CEO of Vanguard and GE’s lead director, Immelt said, “Given my responsibilities as C.E.O. of a 300,000-employee global company, I just did not have time to personally direct the day-to-day operations of the corporate air team.” He added, “Other than to say ‘hello’ I never spoke to the head of Corporate Air in 16 years.” The CEO of the company goes 16 years without once ever having a substantive conversation with the head of the group mandated with handling his air travel? Frankly I do not know whether to laugh or cry at this statement. If it is true what does it tell you about the Imperial leadership style of Immelt. If he is not telling the truth, it tells you about the liberties he is taking with his facts.

Stuart Davis also raised some obvious issues. If the CEO or his underlings were willing to violate the Board’s edict of no ghost jets; what else did they allow? Davis was further quoted, ““You hear about this and you have to wonder what else they were spending money on. You really have to question the financial oversight and controls and internal audit. You have to question the entire organization.””

According to the WSJ article, “GE informed its board’s compensation committee each year about how much the company had spent to fly Mr. Immelt on corporate aircraft, the people said. But those total amounts lacked details such as how many flights the CEO took, the number of pilots involved or the cost of aircraft fuel, people familiar with the process said. Directors assumed that GE’s human-resources executives had reviewed details about Mr. Immelt’s personal and business trips, according to one person. The GE board’s compensation committee should have requested more detail about Mr. Immelt’s usage.” Even if the Board was initially misled by GE executives, it should have asked for the details to test the information presented to it, especially as it had been the subject of a whistleblower compliant involving the CEO.

All this would seem to indicate that no one was either (1) running the ship, (2) watching the ship being run or (3) was interested enough to find out what was going on. That is laid at the feet of the Board, in not asking direct, probing questions. It also points to the role of compliance to resolve whistleblower issues and to monitor on an ongoing basis to ascertain if the remediation has been followed or the company reverted to its prior conduct. Finally, any CEO’s excuse that as a 30-year employee, including 16 as CEO and he never had time to say anything other than ‘hello’ to an employee speaks to a CEO who is not only ignoring his employees but clearing communicating that I do not care about you or your job function at this organization. How is that for not only tone at the top but also conduct at the top.

When is a rose not a rose? When it is a charitable donation not made for philanthropic purposes and violates the FCPA. This was a feature of the Eli Lilly and Company (Lilly) FCPA enforcement action brought by the Securities and Exchange Commission in 2012, involving a bribery scheme utilized by Lilly in Poland. The scheme and FCPA violations mirrored an earlier FCPA enforcement action, also brought by the SEC as a civil matter, rather than by the Department of Justice as a criminal matter, against another US entity Schering-Plough, for making charitable donations in Poland which violated the FCPA. One of the remarkable things about both of these enforcement actions, brought almost eight years apart, was that they involved improper payments to the same Polish charitable foundation to wrongfully influence the same Polish government official to purchase products from both of these companies.

The Bribery Schemes

Both companies were involved in negotiations for the sale of products with the Director of the Silesian Health Fund (Health Fund). He had also established a charitable foundation, the Chudow Foundation to engage in restoration of ancient castles in Poland. Both companies made donations to the Chudow Foundation at or near the time decisions were made regarding the purchase of their respective products by the Health Fund. The FCPA books and records violations for the donations stated that they were all mischaracterized on the respective company’s books. The donations were made by each company with the description for the donations as follows:

Although all of these donations were approved by a team within Lilly, the “Medical Grant Committee [MGC]”, who reviewed the requests for such donations, the MGC’s approval was “largely based on the justification and description in the submitted paperwork.” While Requests 1 & 2 may have had tangential value to the stated purpose of the Chudow Foundation to restore castles in Poland, even Request 3 was clearly a quid pro quo as an action to obtain business. Just as clearly, ‘rental of castle’ is not a charitable donation but an expenditure, even with that understanding, the SEC Complaint noted that Lilly held no conferences at any castles so it was an outright misrepresentation.

The Schering-Plough SEC Complaint noted that the company Manager involved in the payment scheme, “provided false medical justifications for most of the payments on the documents that he submitted to the company’s finance department.” Additionally, he structured the payments so that they were at or below his approval limit so that he did not have to ask for permission to make the improper payments. The Manager in question viewed the donations as “dues that were required to be paid for assistance from the Director.”

The Red Flags for Charitable Donation

A.Schering-Plough

What were the factors which should become red flags for the review of charitable donations under the FCPA? The Schering-Plough SEC Complaint listed several items which it deemed indicia of red flags.

1. No due diligence. The first is that no due diligence was performed on the charity to identify the Director of the Silesian Health Fund as the founder or his role in the Chudow Foundation.
2. Donations not related to health care. While the company permitted donations to healthcare related programs there was no follow up to determine the purposes or uses of the donated funds.
3. Outside normal range of donation. The next red flag was that the donations made to this single charitable foundation approximately 40% of the company’s promotional budget in 2000 and 20% in 2001.
4. Disproportionate sales. The company’s sales increased disproportionately compared with its own sales of the same products in other areas of Poland. Up to 53% of one product was sold in the region run by the Director of the Silesian Health Fund.

B. Lilly

The Lilly SEC Complaint listed several items which it deemed indicia of red flags.

1. No due diligence. Once again there was no due diligence performed on the charity to identify the Director of the Silesian Health Fund as the founder or his role in the Chudow Foundation.
2. Donations not related to health care. Unlike Schering-Plough, the reasons listed for the charitable donations did not relate to health care. Moreover, they were approved by a Lilly committee specifically tasked with reviewing such requests failed to investigate beyond the submitted paperwork, which was apparently not correct.
3. Outside normal range of donation. The SEC Complaint quoted an email from a Lilly manager who said that he had decided to commit 70-75% of the [charitable donation] budget and the Director of the Silesian Health Fund was given a “free hand to manage the Lilly investment, emphasizing the fact we only doing this for him…”
4. Suspicious Timing. The donations were made at or near the time that decisions on the purchase of Lilly products were made by the Director of the Silesian Health Fund. One donation was made two days are the Director of the Silesian Health Fund agreed to make a purchase of Lilly products.

Here Lilly used charitable donations to a charitable foundation which was, as stated in the SEC Complaint, “founded and administered by the head of one of the regional government health authorities at the same time that the subsidiary was seeking the official’s support for placing Lilly drugs on the government reimbursement list.” There was a total of eight payments made to the charitable foundation. In addition to the charitable donations made, Lilly “falsely characterized the proposed payments”. Lilly had a group which reviewed the request for such donations called the “Medical Grant Committee [MGC]” which approved the payments “largely based on the justification and description in the submitted paperwork.”

Three Key Takeaways

1. Every compliance practitioner should study both the Lilly and Schering-Plough enforcement actions.
2. What is the purpose of the charitable entity you are making a donation to?
3. Document Document Documents your due diligence around donees.

This month’s sponsor is the Doing Compliance Master Class. In 2018, I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Welcome to the first day of a five-day podcast series Jay Rosen and I are producing in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I will review a Star Wars movie and discuss it from the compliance perspective. Today, we consider Episode IV, A New Hope and risk.

The full series schedule is:

Monday, December 18, Part I- IV-a New Hope and risk.

Tuesday, December 19, Part II- V-The Empire Strikes Back and due diligence.

Wednesday, December 20, Part III- VI-Return of the Jedi and effective training.

Thursday, December 21, Part IV- VII-The Force Awakens and disruptive innovation in compliance.

Friday, December 22, Part V-Rogue One and the myth of the rogue employee.

One of the plotlines is that the Galactic Empire has created a Death Star with enough firepower to destroy a planet. The Rebel Alliance is determined to destroy the Death Star and has blueprints detailing the defensive posture of the Death Star. A computer analysis determines a weakness in the Death Star’s defensive shield. At one point, the Death Star’s commander, Grand Moff Tarkin, played by Peter Cushing, is told there is a ‘risk’ in the Rebel’s plan of attack. Tarkin dismisses this risk as insignificant. Of course, Luke Skywalker then proceeds to exploit this risk and destroy the Death Star.

Tarkin’s incorrect assessment of this risk was lethal. Today I want this part of the story to introduce the subject of how you evaluate compliance risk under the Foreign Corrupt Practices Act (FCPA) or an economic sanctions regime. Failure to appreciate risk can lead to some very serious and perhaps lethal consequences.

Whether you utilize one approach or another, analyzing the results of your risk assessment is as important as doing the risk assessment. With the recent Department of Justice (DOJ) remarks around how they will review the effectiveness of compliance programs during an enforcement action to determine potential credit or even granting a declination, the stakes have never been higher. Of course, for Grand Moff Tarkin, his refusal to analyze the risk assessment presented to him was fatal.

Join us tomorrow where we consider The Empire Strikes Back and due diligence.

May the podcast be with you this holiday season.

In this episode, I visit with Brian Platz who discusses blockchain and his new company Fluree, a new Public Benefit Corporation that has introduced a scalable blockchain database for decentralized applications. Fluree is not healthcare specific, but there is a lot of potential for blockchain. 

In this podcast interview we covered the following:

• What is a scalable blockchain database and why is it important?
• What are some of the healthcare use cases for Fluree?
• Transparency and consensus as key attributes of block chain. Does that contradict healthcare’s needs for privacy and security?
• Who will leverage this technology in healthcare? What are its uses in the broader compliance context?
• What impact will healthcare consumers and patients see as a result of Fluree?
• Fluree organized as a Public Benefit Corporation. What does that mean for the company going forward?

Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories of the week, with a focus of the release of the latest Star Wars movie, The Last Jedi:

1. There are several FCPA 40^th anniversary pieces going up these days. The FCPA Blog is looking at the top FCPA cases and enforcement actions over the past 40 years. Dick Cassin started the series, Jessica Tillipman nominated Siemens as her top case, with a nod towards Walmart.
2. New revenue recognition rules are here. Tammy Whitehouse provides comments from top accounting practitioners in Compliance Week. Tom Fox and Matt Kelly do a special 5-part podcast series in Compliance into the Weeds. Part I-Introduction, Part II-Transaction Price, Part III-In re: software, Part IV-Auditor issues and Part V-What does it all mean?
3. In honor the premier of the latest edition in the Star Wars oeuvre, The Last Jedi both Tom Fox and Doug Cornelius have run week-long series on compliance lessons from the Star Wars series. See Doug’s post on Compliance Building and Tom’s posts on the FCPA Compliance Report. Tom and Jay will have a five-part podcast series May the Podcast Be With You running the week of December 11 on the intersection of Star Wars and compliance.
4. Mike Volkov asks if new FCPA Corporate Enforcement Policy has altered the balance between disclosure and non-disclosure of FCPA violations? See his post in Corruption Crime and Compliance.
5. Does the US sanctions policy work? Sam Rubenfeld explores this question through an interview with an interview with Richard Nephew, author of The Art of Sanctions on the WSJ Risk and Compliance Journal.
6. Law-360 runs an Expert Analysis Series of reflections from key players in FCPA enforcement over the past 40 years. The articles come from current and former DOJ prosecutors, a monitor and defense lawyers. One of our favorites was Kara Brockmeyer and Chuck Duross reflecting on their work to help create the 2012 FCPA Resource Guide. Unfortunately, the entire series sits behind a paywall and subscription is required.
7. HSBC successfully exits its five-year DPA. Sam Rubenfeld reports in the WSJ Risk and Compliance Journal.
8. Former VW compliance professional Oliver Schmidt sentenced to seven years for his role in the VW emissions-testing scandal. Matt Kelly writes about in in Radical Compliance. Tom and Matt take a deep dive into it on their podcast, Compliance into the Weeds-Episode 62.
9. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In December, I consider discuss the use of written standards in a best practices compliance program. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
10. Check out May the Podcast Be With You-the intersection of Star Wars and Compliance. The five-part series premiers on December 11 and a new episode will be released each day at noon CST. The series is sponsored by Affiliated Monitors.

Opinion Releases

Prior to the 2012 FCPA Guidance, the Justice Department issued two 2007 Opinion Releases which offered guidance to companies considering whether to, and if so how to, incur travel and lodging expenses for government officials. Both Opinion Releases laid out the specific representations made to the DOJ, which led to the Department to approve the travel to the US by the foreign governmental officials. These facts provided strong guidance to any company which seeks to bring such governmental officials to the US for a legitimate business purpose. In Opinion Release 07-01, the Company was desired to cover the domestic expenses for a trip to the US for a six-person delegation of the government of an Asian country for an educational and promotional tour of one of the requestor's US operations sites. In Opinion Release 07-01 the representations made to the DOJ were as follows:

• A legal opinion from an established US law firm, with offices in the foreign country, stating that the payment of expenses by the US Company for the travel of the foreign governmental representatives did not violate the laws of the country involved;
• The US Company did not select the foreign governmental officials who would come to the US for the training program;
• The delegates who came to the US did not have direct authority over the decisions relating to the US Company’s products or services;
• The US Company would not pay the expenses of anyone other than the selected official;
• The officials would not receive any entertainment, other than room and board from the US Company;
• All expenses incurred by the US Company would be accurately reflected in this Company’s books and records.

The response from the DOJ stated: “Based upon all of the facts and circumstances, as represented by the requestor, the Department does not presently intend to take any enforcement action with respect to the proposal described in this request. This is because, based on the requestor's representations, consistent with the FCPA's promotional expenses affirmative defense, the expenses contemplated are reasonable under the circumstances and directly relate to "the promotion, demonstration, or explanation of [the requestor's] products or services."

In Opinion Release 07-02 the Company desired to pay certain domestic expenses for a trip within the US by approximately six junior to mid-level officials of a foreign government for an educational program at the Requestor's US headquarters prior to the delegates attendance at an annual six-week long internship program for foreign insurance regulators sponsored by the National Association of Insurance Commissioners (NAIC).

In Opinion Release 07-02 the representations made to the DOJ were as follows:

• The US Company would not pay the travel expenses or fees for participation in the NAIC program.
• The US Company had no “non-routine” business in front of the foreign governmental agency.
• The routine business it did have before the foreign governmental agency was guided by administrative rules with identified standards.
• The US Company would not select the delegates for the training program.
• The US Company would only host the delegates and not their families.
• The US Company would pay all costs incurred directly to the US service providers and only a modest daily minimum to the foreign governmental officials based upon a properly presented receipt.
• Any souvenirs presented would be of modest value, with the US Company’s logo.
• There would be one four-hour sightseeing trip in the city where the US Company is located.
• The total expenses of the trip are reasonable for such a trip and the training which would be provided at the home offices of the US Company.

As with Opinion Release 07-01, the DOJ ended this Opinion Release by stating, “Based upon all of the facts and circumstances, as represented by the Requestor, the Department does not presently intend to take any enforcement action with respect to the planned educational program and proposed payments described in this request. This is because, based on the Requestor's representations, consistent with the FCPA's  promotional expenses affirmative defense, the expenses contemplated are reasonable under the circumstances and directly relate to "the promotion, demonstration, or explanation of [the Requestor's] products or services."

Travel and Lodging for Governmental Officials

What can one glean from these two 2007 Opinion Releases? Based upon them, a US company can bring foreign officials into the US for legitimate business purposes. A key component is that the guidelines are clearly articulated in a compliance policy. Based upon Releases Opinions 07-01 and 07-02, the following should be incorporated into a compliance policy regarding travel and lodging:

• Any reimbursement for air fare will be for economy class.
• Do not select the particular officials who will travel. That decision will be made solely by the foreign government.
• Only host the designated officials and not their spouses or family members.
• Pay all costs directly to the service providers; in the event that an expense requires reimbursement, you may do so, up to a modest daily minimum (e.g., $35), upon presentation of a written receipt.
• Any souvenirs you provide the visiting officials should reflect the business and/or logo and would be of nominal value, e.g., shirts or tote bags.
• Apart from the expenses identified above, do not compensate the foreign government or the officials for their visit, do not fund, organize, or host any other entertainment, side trips, or leisure activities for the officials, or provide the officials with any stipend or spending money.
• The training costs and expenses will be only those necessary and reasonable to educate the visiting officials about the operation of your company.

Incorporation of these concepts into a compliance program is a good first step towards preventing any FCPA violations from arising, but it must be emphasized that they are only a first step. These guidelines must be coupled with active training of all personnel, not only on the compliance policy, but also on the corporate and individual consequences that may arise if the FCPA is violated regarding gifts and entertainment. Lastly, it is imperative that all such gifts and entertainment are properly recorded, as required by the books and records component of the FCPA.

The 2012 FCPA Guidance does specify some types of examples of improper travel and entertainment

• $12,000 birthday trip for a government decision maker from Mexico that included visits to wineries and dinners;

$10,000 spent on dinners, drinks, and entertainment for a government official;

• A trip to Italy for eight Iraqi government officials that consisted primarily of sightseeing and included $1,000 in “pocket money” for each official;
• A trip to Paris for a government official and his wife that consisted primarily of touring activities via a chauffeur-driven vehicle.

However, you can use the matter as a good reason to review not only your company’s procedures but to test to determine if they are being followed or if there are issues which you might need to take a closer look at. When a Wal-Mart, News Corp or GSK is in the news for alleged FCPA violations, it provides you a good reminder to review your compliance program.  

Three Key Takeaways

1. Gifts and business entertainment continue to plague companies for compliance violations.
2. The key is not the amount but of having a policy and procedure and following it.
3. Always remember to record gifts and business entertainment expenses correctly.

Payment for travel expenses is appropriate it there is a legitimate business purpose. 

This month’s sponsor is the Doing Compliance Master Class. In 2018, I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

In May 2014, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606) for public business entities, certain not-for-profit entities, and certain employee benefit plans. It becomes effective for public entities for annual reporting periods beginning after December 15, 2017. In addition to changing things dramatically in the accounting and financial realms, this new revenue recognition standard which may significantly impact the compliance profession, compliance programs and compliance practitioners going forward. In this concluding episode, we consider what does it all mean.

Matt Kelly and I have put together a five-part podcast series where we explore implications of this new revenue recognition standard. Each podcast is short, 11-13 minutes and deals with one topic on the new revenue recognition standard. The schedule for this week is:

Part 1: Introduction;

Part 2: What the logic of your transaction price?;

Part 3: Shaking up software revenue recognition;

Part 4: Auditors need to pay attention; and

Part 5: What does it all mean for compliance (and everyone else)?

As you might expect from the Compliance Evangelist, I see most issues through the lens of compliance practitioner. A key reason this is so important in the compliance area is because the internal controls over financial reporting involved in implementing this new standard are critical to effective implementation. The Securities and Exchange Commission (SEC) has said explicitly in several public statements, and through their early comment letters on disclosures made in advance of implementation, that companies must inform the SEC about the accounting policies that they are changing, and how this new standard will affect a company’s accounting processes, and finally how those effects are going to be managed. This makes it clear to me that this is a really a compliance issue.

Moreover, the SEC has indicated that these disclosures are central to the new revenue recognition standard. This is because if a company has some sort of failure in their disclosures for an accounting standard, they are treated under section Sarbanes-Oxley (SOX) Section 302 of the SEC rules, and that has a level of significance or liability, which is much lower than the liability that a company might face under SOX Section 404, which has to do with the actual internal controls over financial reporting. While disclosure of internal controls might not typically bring Section 404 scrutiny, under the new revenue recognition standard, they may now do so. Kelly stated, the SEC has made it “clear that it will be watching this first year of financial statements under the new standard closely.”

This new revenue recognition standards intertwines two concepts. This first is the convergence and overlap between the compliance profession, compliance programs and compliance practitioners with internal controls. While largely seen as financial in nature, compliance internal controls are in place to both detect and prevent. Now compliance internal controls can also be used to gather the information which will be presented to auditors under the new revenue recognition standard. Many professionals are focused on the new revenue recognition from the auditing and implementation perspective. However, if you are a Chief Compliance Officer (CCO), you might want to go down the hall and have a cup of coffee with your Chief Financial Officer (CFO) and find out what internal controls might be changing or that they might be adding and consider how that will impact compliance in your organization.

The second concept is the continued operationalization of compliance. During my tenure in compliance, you rarely heard a CCO consider revenue recognition as a compliance related issue. By going into detail, we have shown how this new revenue recognition standard can change the manner in which a company might recognize revenue, leading to a greater risk of the obfuscation of payments for bribery by corrupt employees. This means as a CCO you must not only be aware of the risk to manage it but you also must take active steps to mitigate against it. 

Kelly believes this new revenue recognition standard means a lot of work for probably the next 12 months; particularly in the next six months or so, from the end of this year until about May or June 2018. This is when most large companies publish their first annual reports, under the new revenue recognition rule. It is difficult to say how many companies will go through all of this to find that actually their numbers will not change to any material amount. However, for many companies, they may not be able to quantify it but their internal mechanisms are going to get a lot more scrutiny. There will be pressure on the internal financial controls and processes to determine how a business is justifying what is being audited and reported to investors.

Kelly concluded by adding that, at the end of the day, “revenue recognition is a financial process. It is a financial issue. This standard really gets to how are you justifying the process of putting forth these numbers. It is about documenting your judgment. It is about making sure the processes you use are full and complete and sound. Who is the one who makes sure that people understand what the process is the process is well thought out and correct and sturdy.”

Matt and I are preparing a white paper based upon our writings on revenue recognition and this podcast series. It will be available through JDSupra when released.

In this episode, I visit with Sheila Hooda on culture on a Board of Directors and how Board's can drive culture throughout an organization. Some of the topics we highlight are the following:

1. What is good Board culture?
2. What is the Board’s role in building an ethical culture within a company?
3. How can the Board assess senior management leadership to set appropriate culture?
4. How can the Board help to sharpen the company’s cultural focus?
5. What is the Board’s role in cultural evaluation and feedback?
6. What information should the Board ask for or consider in assessing a company’s culture?
7. What information should the Board impart to the Chief Compliance Officer or Chief Integrity Officer regarding culture?
8. Should Board members be a part of CCO cultural initiatives such as town hall meetings or focus groups?

If one were to reflect upon the providing of gifts and business entertainment to foreign governmental officials, one might reasonably conclude that after 40 years of the FCPA, companies might follow its prescriptions regarding gifts and business entertainment. However, there have been some notable FCPA enforcement actions in this area.

The 2012 Guidance clearly stated the FCPA does not ban gifts and entertainment. Indeed, the Guidance specified that “A small gift or token of esteem or gratitude is often an appropriate way for business people to display respect for each other. Some hallmarks of appropriate gift-giving are when the gift is given openly and transparently, properly recorded in the giver’s books and records, provided only to reflect esteem or gratitude, and permitted under local law. Items of nominal value, such as cab fare, reasonable meals and entertainment expenses, or company promotional items, are unlikely to improperly influence an official, and, as a result, are not, without more, items that have resulted in enforcement action by DOJ or SEC.”

What does the FCPA Itself Say? 

While prohibiting payment of any money, or thing of value, to foreign officials to obtain or retain business, the FCPA arguably permits incurring certain expenses on behalf of these same officials. There is no de minimis provision. The presentation of a gift or business entertainment expense can constitute a violation of the FCPA if this is coupled with the corrupt intent to obtain or retain business. Under the FCPA, the following affirmative defense regarding the payment of expenses exists:

[it] shall be an affirmative defense [that] the payment, gift, offer or promise of anything of value that was made, was a reasonable and bona fide expenditure, such as travel and lodging expenses, incurred by or on behalf of a foreign official, party, party official, or candidate and was directly related to…the promotion, demonstration, or explanation of products or services; or…the execution or performance of a contract with a foreign government or agency thereof. 

As with most matters under the FCPA, there is little direct guidance on what conduct may step over the line set out above. Of course, there is always the gut check test, which simply measures “if it feels wrong in your gut, it probably is wrong”. It is something good to always keep in mind in any circumstance.

Opinion Releases 

Somewhat surprisingly, there are not any recent DOJ Opinion Releases from the past 10 years dealing with the values for gifts and business entertainment under the FCPA. However, there are three Opinion Releases from the early 1980s which can provide some guidance to current practitioners.

In Opinion Release 82-01, the DOJ approved the gift of cheese samples made to Mexican governmental officials, by the Department of Agriculture of the State of Missouri to promote the state of Missouri’s agricultural products. However, the value of the cheese to be presented was not included in the Opinion Release. In Opinion Release 81-02, the DOJ approved a gift of its packaged beef products from the Iowa Beef Packers, Inc to officials from the Soviet Ministry of Foreign Trade. The total value of all the samples presented was estimated to be less than $2,000 and the Iowa Beef Packers, Inc averred that the individual sample packages would not exceed $250 in value.

The final Opinion Release relating to gifts is 81-01. In this release, Bechtel sought approval to use the SGV Group, a multinational organization headquartered in the Republic of the Philippines and comprised of separate member firms in ten Asian nations and Saudi Arabia, which provide auditing, management consulting, project management and tax advisory services. The SGV Group desired to solicit business on behalf of Bechtel who had proposed to reimburse the SGV Group for gift expenses incurred in this business solicitation. Regarding the reimbursement of gift expenses by Bechtel to the SGV Group the DOJ stated:

(d) Expenses for gifts or tangible objects of any kind incurred without Bechtel's prior written approval will be reimbursed only where such expenditures are permitted under the local laws, the ceremonial value of the item exceeds its intrinsic value, the cost of the gift does not exceed $500 per person, and the expense is commensurate with the legitimate and generally accepted local custom for such expenses by private business persons in the country.

Policies and Procedures for Gifts and Business Entertainment

 Gifts to Governmental Officials 

Based upon the FCPA language and relevant Opinion Releases and allowing for inflation over the past 30 years, it would appear reasonable that a Company can provide gifts up to a value of $500. Below are the guidelines which the Opinion Releases would suggest incorporating into a compliance policy regarding gifts:

• The gift should be provided as a token of esteem, courtesy or in return for hospitality.
• The gift should be of nominal value but in no case greater than $500.
• No gifts in cash.
• The gift shall be permitted under both local law and the guidelines of the employer/governmental agency.
• The gift should be a value which is customary for country involved and appropriate for the occasion.
• The gift should be for official use rather than personal use.
• The gift should showcase the company’s products or contain the company logo.
• The gift should be presented openly with complete transparency.
• The expense for the gift should be correctly recorded on the company’s books and records.

Business Entertainment of Governmental Officials 

Based upon FCPA language (there are no Opinion Releases on this point), there is no threshold that a Company can establish a value for business entertainment. However, I believe there are clear guidelines which should be incorporated into your business expenditure policy, which should include the following:

• A reasonable balance must exist for bona fide business entertainment during an official business trip.
• All business entertainment expenses must be reasonable.
• The business entertainment expenses must be permitted under (1) local law and (2) customer guidelines.
• The business entertainment expense must be commensurate with local custom and practice.
• The business entertainment expense must avoid the appearance of impropriety.
• The business entertainment expense must be supported by appropriate documentation and properly recorded on the company’s book and records.

The incorporation of these concepts into a compliance policy is a good first step towards preventing potential violations from arising, but it must be emphasized that they are only a first step. There must be procedures to implement these policies. At a minimum, you must require a business justification from the business representative requesting to provide the gift or business entertainment. Next it should be reviewed and approved by a front-line compliance professional. Then, depending on the amount and nature of the request, it may need CCO approval. Finally, if there is a Compliance Oversight Committee it should go to that Committee for a final check to make sure everything is in order.

These guidelines must be coupled with active training of all personnel, not only on a company’s compliance policy, but also on the corporate and individual consequences that may arise if the FCPA is violated regarding gifts and business entertainment. Lastly, it is imperative that all such gifts and business entertainment be properly recorded, as required by the books and records component of the FCPA.  

And, as always, do not forget the gut check test.

Three Key Takeaways

1. Gifts and business entertainment continue to plague companies for compliance violations.
2. The key is not the amount but of having a policy and procedure and following it.
3. Always remember to record gifts and business entertainment expenses correctly.

There continue to be significant FCPA enforcement actions around the area of gifts. 

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

In May 2014, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606) for public business entities, certain not-for-profit entities, and certain employee benefit plans. It becomes effective for public entities for annual reporting periods beginning after December 15, 2017. In addition to changing things dramatically in the accounting and financial realms, this new revenue recognition standard which may significantly impact the compliance profession, compliance programs and compliance practitioners going forward. In this episode, we consider auditors and the new revenue recognition standard, including disclosures, the ICFR and PCAOB guidance on the new revenue recognition standard.

Matt Kelly and I have put together a five-part podcast series where we explore implications of this new revenue recognition standard. Each podcast is short, 11-13 minutes and deals with one topic on the new revenue recognition standard. The schedule for this week is:

Part 1: Introduction;

Part 2: What the logic of your transaction price?;

Part 3: Shaking up software revenue recognition;

Part 4: Auditors need to pay attention; and

Part 5: What does it all mean for compliance (and everyone else)?

Kelly identified three areas where he sees immediate auditor impact. The first is that the audit firms’ regulator, the Public Company Accounting Oversight Board (PCAOB) has clearly communicated to auditors they must pay attention to this new revenue recognition standard. One of the clear themes throughout this podcast series has been the increased amount of judgment which will come into these calculations going forward. This means companies will need to have more complete documentation which can then be reviewed and tested by their auditors. Add to this PCAOB auditing standards and there may well be a time for some sorting out of what will be required going forward.

Secondly, with this new emphasis on judgment, auditors will have a renewed emphasis on fraud detection. There may be some incentives for sales executives to manipulate the numbers a bit or to close the deal more quickly to hit a bonus. Such pressure could transgress into fraud and as Kelly noted “auditors will be looking more closely at fraud risk because there could well be circumstances where sales commissions could be higher because of the new revenue standard; that would let some firms recognize more of a transaction more quickly.” Finally, Kelly also noted the International Controls for Financial Reporting will have renewed focus from auditing firms.

Kelly pointed to the straightforward issue of whether a contract exists and then posed some of the questions auditors may be asking going forward: How do we know the organization’s contracts are complete and accurate? How does a company demonstrate its contract management system has not be tampered with after execution? What are the controls around these programs you might use to manage your financial transactions? Are we capturing all of the contracts that our employees are generating and that employees are not generating some contracts, have not informed management or that the company’s contract management system has not captured them? Finally, is there contract system security to insure there is no manipulation after the contract is signed?

Another key area for auditing will be whether the pattern and practice of doing business is the same as the contract performance terms and conditions. One immediate area is payment terms. Most contracts specify 30 days net payment terms. However often this date may slip 30, 60 days or even longer. Now take this same concept into the FCPA realm around vague deliverables in third party agent’s agreement and you begin to see some additional issues. If the performance deliverable terms are so vague as to render them meaningless, how will that be handled under this new revenue recognition standard.

My observation is there is a continuum, working backward from the PCAOB, to auditors and audits to the disclosures companies may have to make. Under GAAP, a disclosure may only need to be made if it is material. Yet in the FCPA world there is no materiality standard. At what point does the lack of materiality of a contract outside the United States make your books and records not correct leading to a potential exposure under a law unrelated to traditional revenue recognition; IE., the FCPA? Kelly concluded by noting that companies need to be (or have been in) discussions with their audit firm for to plan these things out as “these sorts of complexities are not to be dismissed because we don't know when they might boil up and suddenly grab you in the rear end. And when that happens it will happen at the least convenient time and cause the most pain.” (ouch!)

I hope you will continue to join us for our exploration this week. Tomorrow in Part V, we will conclude with what it all means going forward.