U.S. DoJ Asst. Attorney General, Criminal Division, Lanny Breuer Speaks at Compliance Week

Lanny Breuer, selected by President Obama to head the Criminal Division of the Justice Department in January 2009, will discuss practical matters for companies dealing with the Justice Department, including topics such as cooperation, attorney-client privilege, and the importance of pre-existing compliance programs. Breuer will also discuss the Department’s increasing use of proactive law-enforcement strategies and tools, such as wiretaps, to combat financial fraud.

These are my notes, live from the keynote:

Prosecutions promote the rule of law, deter future bad behavior and punish wrong-doers. Compliance is largely the opposite of criminality.

He wants a new era in white collar crime prosecution.

The Obama administration is giving great attention to financial fraud and the establishment of the Financial Fraud Enforcement Task Force. Over 2 dozen state and federal agencies are part of the group. A companion is the deployment of additional resources. The budget has increased allowing the hiring of additional prosecutors and support.

They using more aggressive law enforcement techniques, including wire taps and undercover stings. They will continue to look toward innovative techniques and existing techniques used against organized crime and blue collar crime. (Is there a meaningful distinction anymore?)

He is looking to continue strengthening their partnership with the SEC.

Foreign bribery is a law enforcement challenge.  Since 2004 the DOJ has filed 37 FCPA cases, with fines over $1.5 billion. Over 80 individuals have been charged under the FCPA. Aggressive enforcement is meant to deter others from engaging in bribery.

He cited the new UK Bribery Act and the need for a company to have “adequate procedures” to detect and prevent bribery.

There are benchmarks. The principles of federal prosecution of business entities are the OECD guidance on effective compliance are key standards. But you need to customize these to your company. Direct reporting lines are important. Testing effectiveness is important.

If you come forward, cooperate with the investigation and institute meaningful remediation, the DOJ is committed to giving you meaningful credit. But not amnesty.

He used the Siemens case as a benchmark for the value of cooperation and remediation. The Siemens fine was huge at over $400 million. However, the sentencing guidelines called for a fine of over $1.4 billion. (He didn’t mention whether taking federal contracting debarment off the table was part of the discussion with their cooperation credit.)

As for compliance monitors, he would want one in place when the corporation needs to implement or significantly redesign a compliance program. Largely, it sounds like a monitor would be more likely if there is still significant remediation to be done.

He then sat down with Compliance Week‘s Matt Kelly.

Complying with the FCPA is harder in some countries is harder than others (China versus Belgium)?

You don’t get a free pass. They expect a more robust compliance program when entering into markets where bribery is more common. They would want to see new tools to detect and try to prevent bribery.

Now that the UK Bribery Law has banned facilitating payments will they be prohibited under the FCPA?

It will take an act of Congress, but he is looking forward to the evolution of law in the area of bribery of government officials.

Interpreting “Tone at the Top”, does firing someone and not supplying legal fees a bad tone?

The DoJ has changed their position on this. The key is removing the person from authority at the company, at least temporarily. The company has to make some real changes.

What about consistency throughout the DOJ and US Attorney Offices?

All FCPA has come in through the fraud unit, so that helps ensure consistency in that area. (It sounds like he recognized some inconsistencies.)

Acting Deputy Attorney General Gary Grindler Speaks at Compliance Week 2010

Gary Grindler, the second-highest ranking official at the U.S. Justice Department, will talk about the department’s policy goals and initiatives to fight corporate fraud, including white-collar crime issues such as securities and commodities fraud, healthcare fraud, and the work of the Financial Fraud Enforcement Task Force.

These are my notes, live from the keynote:

Lots of the thoughts about the Department of Justice are about how to stay away from the Department of Justice.

The DOJ is taking some new steps related to discovery. They are designating attorneys in each office on discovery practices and in particular e-discovery.

StopFraud.gov - Financial Fraud Enforcement Task Force

There is a new financial fraud enforcement task force brought together. President Obama established the Financial Fraud Enforcement Task Force in November 2009 to hold accountable those who helped bring about the last financial crisis, and to prevent another crisis from happening. With more than 20 federal agencies, 94 US Attorneys Offices and state and local partners, it’s a broad coalition of law enforcement, investigatory and regulatory agencies assembled to combat financial fraud. It’s a broad definition of financial fraud: mortgage scams that target the elderly, Ponzi schemes that shock the world, tax fraud that steals money from our nation’s coffers, predatory lending that discriminates against vulnerable communities, credit card fraud that strikes broadly, and the list goes on.

The next focus is health care fraud. They assembled a Health Care Fraud Prevention & Enforcement Action Team. (Yes, HEAT.) The group has brought the heat, with a big record of success, convictions and fraud deterrence. They have returned over $13 billion to the Medicare Trust fund. In Miami alone, they reduced the amount of durable medical device expenditures in Miami by over $1.7 billion.

The next priority he mentioned was intellectual property crime.

Besides these, there are many other priorities. These three are just the ones he thought most relevant to this crowd.

He emphasized the importance of an effective compliance program. They can’t just be paper compliance programs. He also highlighted the recent changes to the US Sentencing Guidelines. One new aspect is that after an “event” the organization needs to evaluate its program and amend it to prevent that kind of event.

What about a company’s cut in a compliance program’s budget?

If a budget reduction is indicative of a lack of interest in compliance, then that’s bad. He seemed understanding that a reduction in revenue means there will be budget cuts across the company.

What does an inadequate compliance program look like?

No compliance program is at the far extreme. Indifference to a compliance program. Senior leadership not promoting the compliance program. They see this a lot in FCPA cases.

The 2010 OCEG GRC Achievement Awards Presentation

The Open Compliance and Ethics Group will recognize the great strides that many organizations have made in improving and integrating their approaches to governance, risk management, and compliance.

The winners were:

  • Best Buy – Ethics blog for employees
  • Capital One – GRC implementation
  • Carnival Corporation – Integrated approach to GRC Management
  • Direct TV- Embedding spreadsheet governance into everyday business
  • Tawuniya – Performance management through GRC
  • Visa – Global ERM Program & Roadmap

Carole Switzer announced the Peer Choice award winner, chosen by the Compliance Week attendees.

And the winner is . . . .

Visa!

UPDATE:

Organizational Structures That Work: Small-Company Edition

In contrast to our “large company” edition Monday morning, this session will explore how smaller public companies structure their compliance functions. The CCOs at PETCO, Schnitzer Steel, and VeriSign—each with under $5 billion in revenue—will outline, compare and contrast the structure of their compliance organization, focusing on their functions, reporting structure, organization, responsibilities, infrastructure and more.

    Featuring:

  • PETCO Animal Supplies, Inc. Chief Compliance Officer, James B. Brigham
  • Schnitzer Steel Industries VP and Chief Compliance Officer, Callie Pappas
  • VeriSign VP Internal Audit, Mark Gosling
  • PricewaterhouseCoopers LLP Principal, Advisory Practice, U.S. Leader, Governance Risk & Compliance Services, Joseph C. Atkinson (moderator)

These are my notes, live from the session:

The advantages of compliance at a smaller company is that there are fewer silos and less redundancy. Fewer people have to do more things. Functions get combined that would be separated at a bigger company.

One new measurement was how long it took to complete and open compliance issue/complaint.

With smaller companies, the bigger question is whether to have a compliance program, not how to structure a compliance program. Once you go public you need a compliance program. The smaller the company, the less likely it is to be public.

The smaller the company, the more the compliance program is about the individual. You need to make yourself a necessity, not just the compliance program. You need to show that you bring value and profitability to the company.

One key is process improvement. You can get more involved in the business processes. Find ways to help improve them.

In a smaller company it is very important to have strong leadership supporting the compliance and ethics program. A smaller company is going to have fewer middle managers. You also have much more interaction between senior leaders and a larger group of all employees.

Being entrepreneurial is not in conflict with being compliant.

Materials:

Demonstrating ROI and Communicating Value

How do you demonstrate and prove the value and success of your programs? The compliance leaders from The Home Depot, General Electric Company, and Duke Energy will discuss the tactics and data they have used to demonstrate the “net benefit” of compliance, ethics and risk programs.

    Featuring:

  • Duke Energy Senior Vice President – Audit Services and Chief Ethics and Compliance Officer, Jeffery G. Browning
  • The Home Depot Director, Corporate Compliance and Ethics, Brad Nesmith
  • General Electric Company Manager of Integrity & Regulatory Compliance, Natalie Jackson-Smith
  • OCEG Scott Mitchell, as the moderator

These are my notes, live from the session:

  1. Establish Expectations–
    • Risk Assessments
    • Federal Sentencing Guidelines
    • Code of Business Ethics
  2. Communicate Expectations
    • Policies/Procedures
    • Training
    • Awareness/Employee Portal
  3. Monitor Behavior
    • Hotline
    • Surveys/Questionnaires
    • Automated/Manual Processes
  4. Report Results
    • Senior Management
    • Audit Committee
  5. Drive Continuous Improvement
    • Prevent Similar Misconduct
    • Periodic Evaluation of Effectiveness

Demonstrating ROI is tied to brand and reputation that leads to competitive intelligence. The key is trying value ethical missteps and the prevention of ethical missteps.

Where are you getting pressure to communicate the value or ROI of compliance?

The pressure is not coming from the audit committee. They think compliance is their best friend.

When the risk is the executive ending up in handcuffs, they very quickly see the value of compliance.

You can argue about hotline call volume. An increase may indicate more problems or more awareness.

What are the strategies for communicating ROI?

Getting in front of the business people is a great strategy. Be proactive as regulations and business needs change. If you deliver value, they will get you involved earlier.

Telling stories about the failure and cost of failure gets the attention of management and helps them understand the problem.

Avoidance of compliance losses is tough.

One example of ROI was for data privacy. They did the math of how many Massachusetts residents they had in records and multiplied by the amount of the fine under the Mass. Data Privacy Law.

One key is tying the budget to strategic initiatives. So if you are managing your budget, then you are managing the ROI.

Another is looking at shareholder return. A panelist cited the improved performance of the companies that have won Ethisphere’s Most Ethical Company award.

Materials:

SEC Disclosure Update With Shelley E. Parratt

Shelley Parratt of the SEC’s Corporation Finance Division will provide an update of the Commission’s disclosure program, including topics such as executive compensation disclosure, climate-change disclosure, and other proxy disclosure issues, as well as updates regarding the Comment Letter process.

These are my notes, live from the keynote:

(A standard SEC disclosure that these are her comments and not necessarily those of the SEC.)

The SEC is the investor’s advocate. Everything the SEC does should be subject to the question: “how does this help the investor?”

The SEC cannot review every filing. They are only required to review each of the 10,000 filers every third year. They need to allocate their limited resources.

Executive compensation is a very emotional topic. The SEC wanted to make the executive compensation information more transparent for investors. They are very focused on the compensation story a company is disclosing to its investors. Shareholders are frustrated by the length and complexity of the disclosures.

They are also very focused on information related to performance targets when that compensation is material. That is where the make the most comments to company filings. The targets are material. Not making the target is also material.

There are expecting more detailed discussion on why a director is qualified to serve on the board. The company needs to tell their shareholders why that person is the right person to be serving on the board.

The SEC does not want to advocate the leadership of the board of directors. They just want the company do disclose why they use a particular structure, why the CEO and Chairman have their roles and how the governance operates.

There is some pressure to allow non-GAAP information into filings. That has lead to the exclusion of useful information from filings. They want more communication and less compliance-oriented disclosure. Of course, the information cannot be misleading, whether it is GAAP or non-GAAP.

She addressed the SEC’s recent decision to require information on climate change. It’s clear that it is not an advocacy for changing business operations. The company just need to disclose information if it has a material affect on the company.

Then Shelley sat down with Compliance Week‘s Editor-in-Chief Matt Kelly.

There is lots of anxiety about what is the proper process and the proper disclosure for executive compensation that is tied to risk. She used the example of bonus based solely on sales. Using an example of car sales. Its very different of paying a commission when a car is sold than paying when the car is sold, but only if the financing is approved.

She said they have not gotten enough filings in and reviewed in this proxy season to evaluate the quality of disclosures under the new executive compensation and board leadership rules.

Other coverage:

Barney Frank Addresses Compliance Week 2010

Barney Frank is the U.S. House Representative for Massachusetts’ 4th congressional district. In 2007, Rep. Frank became the chairman of the powerful House Financial Services Committee, which oversees much of the financial services industry, including securities, insurance, banking, and housing. Rep. Frank will address those four industries in his keynote, and will take questions from attendees.

These are my notes, live from the keynote:

Barney was his usual engaging and entertaining self. He has lots of haters.

He pointed out that the financial reform bill was held up by healthcare reform. Lots of activities leading up to the House version of the financial reform bill was over-shadowed by the healthcare debate in the Senate. Now the Senate version of the bill was produced with the full public limelight since the healthcare reform law was enacted. As a result, the Senate bill imposes greater restrictions than the House version.

He predicted that the final financial reform bill will be on the President’s desk before the July 4th holiday.

He pointed out that Sarah Palin was right when she said Congress would be imposing death panels. She wrong about which law would have death panels. Their not in healthcare, but in financial reform. The bill has a strong provision for the dissolution of non-bank financial institutions. There will be a better way to deal with the Lehman Brothers than mere bankruptcy or AIG will full government backing.

“AIG thought it was in the business of selling life insurance to vampires.”

A story about mortgage lending regulation. Some mortgage bankers complained about having to retain 5% of the mortgage loans they originate and take the first 5% of loss. Their complaint was that they didn’t have the 5% to keep. Frank: You’re complaining that you don;t have any money, but you are able to lend money?!? Maybe that is not the right business model.

One theme was financial stability. The industry needs to know what the rules will be so they can adjust their business to bring them into compliance.

Then Congressman Frank with Compliance Week Editor in Chief Matt Kelly.

One question was bout the Flash Crash. His response, it’s better to not talk about more than you know. He felt the full information was not out.

He expects that there will be the small filer exemption from SOX, probably around $70 million.

He expects there will be some proxy access rules, but it sounds like it’s still a point of contention. They will keep “say on pay.”

He pointed out that Appropriations Committee is bit upset about the self-funding provision for the SEC. It sounds like the SEC will not be fully self-funding.

He expressed concerns that derivatives became a huge area with no regulation. They were not de-regulated, they were never regulated to begin with. He wants every derivative transaction to be reported, including end-user transactions.

There was a question slipped in a bout whether we not paying enough attention to the big public accounting firms. Are we afraid to go after them because there are only four of them? (I wonder who asked that question?)

If the Supreme Court overturns PCAOB, Congress will create a new one with the boundaries dictated by the Supreme Court.

Why have the bills become so big? One, the pages are really small so it would take 4 or 5 pages to make one book page. Second, the financial system is very complicated. “The ankle bone is connected to the shoulder bone.”

(Disclosure: I live in Congressman Frank’s District and have voted for him many times.)

Other coverage:

View From the Top: JetBlue, Governance & Compliance

JetBlue Airways President and CEO David Barger, and JetBlue Chairman of the Board Joel Peterson, will explore tone-at-the-top, cultures of integrity, and the evolution of JetBlue’s corporate governance and compliance programs. To be explored: How JetBlue built integrity as a core value to be considered in every decision made by every crewmember; why JetBlue separated the CEO and Chairman roles, and more.

These are my notes, live from the keynote:

The top two executives at Jet Blue sat down with Compliance Week‘s Editor-in-Chief, Matt Kelly. David started off with a great story about how the company came into being. There was a particularly amusing story about how they almost named the airline “Taxi.”

Joel pointed out that it’s harder to comply with values than it is to comply with rules. Values are more effective.

Jet Blue split the CEO and Chairman positions. Joel is an independent director from outside the industry. He is not an aviation guy, he’s a real estate guy.

One of the keys to teaching values is to keep it simple. They start with the key values on day one.

Transparency is a key effort. You need to build trust into the organization. Trust with your employees and trust with your customers.

Joel emphasized the importance of stories. Gather the stories of when your employees do the right thing and make the ethical choice. Stories can be more powerful than metrics.

One key to improving self-reporting you to make the employee comfortable that its okay to disclose mistakes. We learn from mistakes. Willful malfeasance will still get you fired.

The speakers were very engaging, but there was lot’s of spin and selling of the JetBlue brand. I like the airline and I like these guys. The session was just short on substance.

For another view on the keynote see Melissa Klein Aguilar’s article in Compliance Week’s Filing Cabinet: JetBlue on Why CEO/Chair Split Works for Them.

Social Media and Compliance

Compliance, ethics, and legal executives at Johnson & Johnson, Best Buy, and The Travelers Companies will provide details on their social media policies, programs, and experiences, focusing on a variety of cultural, legal, and disclosure-related issues.

    Featuring:

  • Johnson & Johnson Senior Counsel & Assistant Corporate Secretary Douglas K. Chia
  • Best Buy Chief Ethics Officer Kathleen Edmond
  • The Travelers Companies, Inc. SVP, Chief Compliance Officer & Group General Counsel David Baker
  • Compliance Week Columnist; President, Docket Media LLC; Founder and Editor, Securities Docket, the ubiquitous Bruce Carton (moderator)

I introduced Bruce and the rest of this panel. Then I helped to control the rambunctious crowd.

Travelers is using social media for complaints. You make a claim through their iPhone app. They also use it as a tool for customer service and advertising. They will push out an update on Twitter and Facebook when a catastrophe van in the area of a natural disaster.

Doug is active in social media so he can look at how the company could use social media. Currently their prime use is for their retail products. They are going to where their customers are hanging out. They use the JNJ BTW blog to publish current events at Johnson & Johnson. They are using the corporate twitter (JNJcomm) account to push out information from the shareholder meetings.

Doug highlighted a list of legal, compliance, reputational and logistical issues to consider when a company steps into social media.

Kathleen created her blog to help educate her workforce about what could get you fired. Retail companies have a huge employee turnover. The industry average is close to 100%. If someone is going to tell her story, she wants to be the person to tell it.

Best Buy has lots of social media outlets: Twelpforce, CEO’s Whiteboard, CEO’s Twitter, CMO’s Twitter, CMO’s blog.

She also used internal social media to help develop policies. She used an internal wiki to get feedback on potential policies and issues. She thinks feedback from employees is important in developing good, enforceable policies.

There is the fear of litigation. What you say could cost you and subject you to a lawsuit. Of course, if it’s effective it can save you lots of money by avoiding the bad situations.

It’s tough to work in a conservative company when facing something as innovative as social media.

One company assemble a social media task force to draft a social media policy. They managed to create a user reference manual to give detailed guidelines to the employees.

The audience expressed some concern about the improper disclosure of company information. The panel pointed out that social media is merely a newer avenue for disclosure. People have been able to improperly disclose information for years.

One of the panelists stated that they do block access to social media sites. Another pointed out that employees could just go to their mobile phone or find other ways to waste time.  It seems silly to block access to the sites if you are using the sites to market your company.

An interesting audience question was whether a privacy failure at a social media site would impact the company. Could you be tainted by a Facebook failure. It seems remote.

How do you manage the boundaries between personal and professional uses of social media. Make it clear that you are not stating the company position. Don’t use the company name in your handle or profile name. It’s @dougchia, not @J&JDougChia.

Materials:

David Baker:

Doug Chia

Kathleen Edmond

Former SEC Chairman Harvey Pitt: Goldman Sachs, SEC Enforcement, and Lessons For Our Times

Prestigious firms sued by the SEC, subjects of negative reports, forced to endure angry Congressional testimony arising out of their involvement in the financial crisis of 2008, already provide important lessons for corporate executives. Kalorama Partners CEO Harvey Pitt—the former SEC chairman who has penned a Compliance Week column for seven years—makes his fifth appearance at Compliance Week’s annual conference with a look at the lessons executives can learn from current events.

These are my notes, live from the keynote:

He started off by comparing himself to Phil  from Groundhog Day, forced to repeat the events over and over again. Of course he also quoted Yogi Berra: It’s like deja vu, all over again.

He was critical of the new financial reform because he feels that the reasons for the Great Panic have not been accurately identified. As our economy has become more complex and interconnected with other global economies, the impact of not understanding is getting greater.

There is no way government fiat, by itself, can eliminate misconduct. It does not mean we should not put laws into place. But we need to get people to be willing to not enter into that conduct. Government will fail in identifying all of the bad behavior.

The question with Goldman is for companies charged by the government survive and deal with the fallout from being sued. Goldman lost billions in market value. He thinks the case will never get litigated and its just a matter of big the pound of flesh will be. Goldman cannot afford to litigate the case.

Strong defenses are not a guaranty of success. You need to think about the damage by entering into the battle in the first place.

He went through lessons to be learned:

  1. Bad things happen to good companies. You need a gameplan for a big problem happening.
  2. Critical to avoid the Alexander Haig problem. Make sure you know who will be in charge when a problem arises.
  3. The race is to the swift.
  4. Tight lips sink ships. You need to have effective communication with your directors. They need to know.
  5. Time and tide wait for no one. You need to get on top of problems immediately.
  6. Ask the four questions:
    • How did we learn about this problem?
    • Was this a systemic problem?
    • Who was harmed and to what extent?
    • What assurance do we have that this problem will not occur?
  7. In crisis stay away from litigators. They want to win the case; you want to save your company.
  8. Know when to hold ’em, know when to fold ’em. Know what is at risk if things go bad, quickly.
  9. Let sleeping dogs lie. Do not accuse the government of incompetence.
  10. Don’t burn bridges. Regulators have long and enduring memories.
  11. You don’t have to be wrong for the government to be right. You other constituents matter.
  12. In a crisis, the prime word is candor. Don’t wait until you know all of the facts or are forced to break your silence.
  13. Avoid hubris. Don’t say that you were “doing god’s work” unless you’re in the clergy.
  14. Maintain a sense of humor.

During the Q&A with Compliance Week publisher Scott Cohen, the Commissioner expressed the importance of maintaining good communications with regulators.

You need to avoid the Wizard of Oz syndrome. You need to press the flesh and meet with people through out the organization. You need to put a personal face on the compliance program.

(Disclosure: I own some shares in Goldman Sachs. I bought them when the stock price went down as a result of the SEC action.)