Key Principles for Strengthening Corporate Governance

Holly Gregory of  Weil, Gotshal & Manges LLP posted on The Harvard Law School Corporate Governance Blog about the release of Key Agreed Principles for Strengthening Corporate Governance by The National Association of Corporate Directors, with the support of the Business Roundtable.

The Principles identify the core areas that boards, management and shareholders agree should be the basis for good corporate governance and cover topics including independent board leadership, protecting against entrenchment of the board, shareholder participation in corporate decision making, and board communication with shareholders. In recognition of the legitimate concerns that exist about the rigid and prescriptive use of best practice recommendations by some proponents, the Principles are intended to reflect a distillation and articulation of fundamental principles-based aspects of governance on which there appears to be broad consensus. They are also intended to stimulate informed debate about issues on which consensus does not yet exist.

Computer System Requirements for New Massachusetts Privacy Regulations

As discussed in earlier alerts (Additional Guidance on the Massachusetts Privacy Regulations, Privacy and Security Alert: Massachusetts Has New Data Security Regulations and New Massachusetts Privacy Laws), starting on January 1, 2009, businesses will be held to a higher standard regarding the protection of Massachusetts residents’ personal information. The regulations set out in detail the required minimum standards to be met by persons or businesses who own, license, store, or maintain personal information about a Massachusetts consumer or employee 201 CMR 17.00. The Standards apply to paper as well as to electronic records.

The regulations have some very specific requirements for computer system security 201 CMR 17.04:

  1. Secure user authentication protocols
  2. Secure access control measures
  3. Encryption of transmitted records and files (to the extent feasible)
  4. Reasonable monitoring of systems (for unauthorized access to personal information)
  5. Encryption of all personal information stored on laptops or other portable devices
  6. Reasonably up-to-date firewall protection for files containing protected information on a system that is connected to the Internet
  7. Reasonably up-to-date versions of system security agent software, which must include malware protection and reasonably up-to-date patches and virus definitions
  8. Education and training of employees on the proper use of the System and the importance of personal information security
  9. Features required for secure user authentication protocols and secure access control measures.

Effects of FinCEN’s Withdrawal of Rule-Making on Anti-Money Laundering

Last week, FinCEN withdrew a proposed rulemaking for anti-moneylaundering procedures for unregistered investment companies. [See: FinCEN Withdraws Proposed Rulemaking for Unregistered Investment Companies]
FinCEN warned that they have not abandoned plans for rule-making. They merely felt that after six years the notice had gone stale. FinCEN may come out with AML program rule proposal, but would only do so after allowing for public comment that could take into account developments since the initial proposal.

Other existing AML obligations may limit the practical effect of this FinCEN action. First, the action does not alter the reach of the U.S. criminal money laundering laws, which still may apply in cases of “knowing” or “willfully blind” participation in money laundering schemes. Second, the FinCEN action does not affect the obligation of the subject entities to comply with the U.S. sanctions programs, which are administered by the U.S. Office of Foreign Assets Control (“OFAC”). Third, many advisers, unregistered investment companies, and commodity trading advisers likely will continue to be required by their investors, banks, prime brokers, and other counterparties to adopt AML programs, regardless of the scope of applicable legal standards. Entities may also be subject to AML regulation in non-U.S. jurisdictions where they conduct business or investment activities.

Are Sovereign Wealth Funds State-Owned Enterprises?

Steve Tyrrell, Chief of the Fraud Section in DOJ’s Criminal Division, has observed that the DOJ may treat employees of sovereign wealth funds as government officials for purposes of the FCPA

Sovereign wealth funds have been playing a larger role in the domestic securities markets as companies search for increasingly scarce supplies of capital. Mr. Tyrrell was quoted: “recent boom of sovereign wealth funds is an area at the top of the Justice Department’s hit list.”

Mr. Tyrell told Financial Week that “the DOJ was looking at both passive and active investments by U.S. securities firms into sovereign funds, and vice versa.” [Cash crunch could result in more corruption cases. October 7, 2008]

At a recent Securities Industry and Financial Markets Association conference, Mr. Tyrell indicated that securities firms should treat employees of sovereign wealth funds as government officials for purposes of the FCPA.

Who Is a Foreign Official After the Government Bailout of Financial Instiutions?

We have all read about the bailout of US financial institutions by the US government. This is not happening in other countries.  This complicates the analysis under the Foreign Corrupt Practices Act.

As Joel M. Cohen, Michael P. Holland, and Adam P. Wolf of Clifford Chance examined in Under the FCPA, Who Is a Foreign Official Anyway?, the FCPA does not define a foreign official. An employee of a state-owned enterprise is a foreign official. But the FCPA does not define a state-owned enterprise. The Anti-Bribery Convention of OECD does a better job of defining. See International Standards for the Bribery of Public Officials.

In some of these government bailouts, the governments are purchasing equity and equity-like interests in the financial institutions. Is AIG a state-owned enterprise? The US government has the right to purchase majority ownership!

Morgan Lewis put out LawFlash on this issue: Financial Turmoil and the Expanding Reach of the FCPA.

Morgan Lewis points out that the DOJ will likely treat sovereign wealth funds as state-owned enterprises and therefore their employees are foreign officials under the FCPA.

If a government has a small passive interest in a company, then the company is probably not a state-owned enterprise. As the ownership interest increases and the management control increases the company starts looking more like a state-owned enterprise.

Merely buying assets (like crappy CMBS and CDO interests) or guaranteeing loans should not affect the treatment of the company.

KMPG Survey Shows Lack of FCPA Due Diligence

KPMG Forensic released aurvey of 103 U.S. executives with FCPA duties. The survey found:

only one-third of respondents reported having an adequate due diligence process, and 27% said such compliance was only “minimal.” The survey also found that while 40% of companies include anti-corruption certifications in their normal business dealings, most of those companies apply the certifications only to their own employees. Only 24% reported using the certifications for outside vendors or suppliers and 35% for outside contractors, both of which are often cited by FCPA experts as a leading cause of briberies.

I could not find this survey on the KPMG websites.

The Dangers of Bribery

The downfall of local politician can cast a shadow of filth across your company. Here in Boston, state Senator Diane Wilkerson was arrested for public corruption. In an editorial in the Boston Globe, the newspaper noted that Wilkerson’s arrest raised suspicions about real estate developments in her district that she aggressively supported: The Grimy Side of Politics.

According to Azid Mohammed, Wilkerson pressured local real estate developers: Developer Reportedly Worried Aboud Demands made By Senator. In Wilkerson arrest sting, an FBI agent was posing as a real estate developer offering bribes to Wilkerson if she would help the agent win ownership of state owned real estate.

The danger of bribery is not only that you get caught, but that the official gets caught or someone else in the chain gets caught and brings you down as part of a larger problem.

The Affidavit in support of the criminal complaint against Wilkerson.

Blogging / Social Internet Policy

A variation of this post was originally published on my old blog: KM Space.

When employees create their own blogs, comment on a blog, create a LinkedIn profile, use Facebook and/or contribute to or through any of the other online media (i.e., Wikis, blogs, chat rooms, Internet forums, electronic mailing lists, etc.) they are impacting their personal image and potentially affecting the company. If your profile online indicates that you work at the company, then that activity is associated with the company.

[For law firms: When it comes to expressing opinions about anything having to do with the law, law firm employees are in a special position and have some limitation that other industries do not have. Statements in public forums may inadvertently create an attorney-client relationship, and may also violate the rules prohibiting law firm advertising.
Add others for other regulated industries
]

Follow these guidelines when creating and/or publishing content online:

· Maintain Client Confidentiality. Work for clients and the identities of our clients must be held in confidence to the extent appropriate for that client and client relationship. You must comply with the company’s Client Confidentiality Policy.

[For law firms: · Be mindful of creating an attorney-client relationship. It is recommended that you not advise any course of action with respect to a particular set of facts. There can be a fine line between supplying legal information and supplying legal advice. Focus on new and interesting things happen in your area of expertise. Be careful asking specific questions.]

· Think first. Remember you are publishing in a public forum, so don’t publish anything that you wouldn’t want to be viewed by your family, colleagues or the general public. Since content is easily transferred and replicated across the internet, it is nearly impossible to delete content once it has been published.

· Identify yourself. If you are commenting or publishing on topics related to your job, identify yourself as an employee of the company. You may link to your bio on our public website.

· Disclaimers. You should make it clear that you are expressing views that are your own and not those of the company.

· Be careful about jeopardizing business relationships. If you are commenting on a matter, consider whether the position you take may be adverse or offensive to any of our clients. In case of any doubt, check with the head of your department.

· Be respectful. Rumors and gossip spread like wildfire on the Internet. Be respectful of your colleagues, the company, and our competitors.

· Follow the law. This should be obvious. In particular, be cautious of securities law violation and copyright violation. You must be familiar with and comply with the Copyright Policy.

· Use of  logos or service marks. The company’s logo or service mark cannot be used.

· Anonymous Contributions. The same cautions and restrictions on communications apply to supposedly “anonymous” blogs, comments, posts or other content. There almost nothing is truly anonymous on the internet. You should not use anonymity as a shield for malicious or wrongful content.

Blogs

  • Registration: If you have a blog that is related to your job, it must be registered with ______.
  • Media: Media inquiries related to your blog should be handled like any other media inquiry.
  • Disclaimer: There should be a prominent disclaimer or link to a disclaimer on the main page, as well as in the “About” portion of your blog. See _______ for an appropriate disclaimer.
  • Name of Blog: Neither the title of the blog nor the URL of the blog may include the company name.
  • Comments: Bloggers may allow others to comment on their posts. Comments may be attributable to the blogger so you should be prepared to moderate comments and delete offensive comments.
  • Content: Do you have questions about what is appropriate to discuss on your blog? Ask the head of your department.

Commenting on Blogs

You should treat the comments you make on another blog the same as you would treat posts on your own blog

LinkedIn

LinkedIn is a powerful professional online networking tool. [For law firms:For attorneys, LinkedIn is a relatively new tool and state bar regulators have not ruled on what is appropriate.

  • Avoid answering legal questions. It is very easy to inadvertently create an attorney-client relationship. The line between supplying legal information and legal advice is very gray.
  • Recommendations are particularly problematic. In some jurisdictions they can be viewed as testimonials and attorney advertising. Attorneys should avoid providing recommendations to other attorneys for that reason. If you receive a recommendation, please have it promptly reviewed by ________. Non-attorney staff members may recommend other non-attorneys if they otherwise comply with the above guidelines.]

Facebook/MySpace/Other Social Network Sites

Although these are largely social tools, if you are a member of the company’s network or list the company in your work information then your activity in these types of sites impacts the company as well as your personal image. The guidelines are applicable to your use of these sites.

Wikipedia

Any edits you make to wikipedia while using a company computer can potentially be tied back to the company. Even an anonymous edit marks the editor with its Internet Protocol address. This IP address can easily be tied back to the company.

Twitter

Twitter is a type of blogging, limited to 140 characters per post.

Violations

If the Company determines that you have violated your obligations under this policy, the Company has the option to take certain steps which may include, among others, warnings, suspension, probation, and discharge.

[Keep updating the policy as new social internet tools come into play]

[These rules should not be used if your are regualted by FINRA. They have stricter limitations on the use of the internet.]

Avon Fall-Out

We are starting to see some of the fall-out from the Avon FCPA investigation [Ding Dong, FCPA Calling]. The Wall Street Journal [Regulators Detained by China in Probe] and Reuters [China probe may curb foreign deals: sources] are both reporting the detention of two officials from the Commerce Ministry.

The Wall Street is reporting that there is an investigation of Zhang Yudong, a “well-known” attorney at a Beijing law firm that helps companies get licensed in China. Reuters is reporting the detention and investigation of two lawyers at eh Chines Law firm Seafront (known as Si Feng in Chinese).

Reuters is also investigating at least two other U.S. law firms.