According to Linda Chatman Thomsen, director of the SEC’s Division of Enforcement, in a Forbes Article [The SEC in 2008: A Very Good Year?], the SEC filed 15 FCPA cases in 2008. Since January 2006, the SEC has brought 38 FCPA enforcement actions. That number is more than were brought in all prior years combined since 1977 when the FCPA became.
Author: Doug Cornelius
You can find out more about Doug on the About Doug page
Thinking About Training
Jeffrey M. Kaplan and Rebecca Walker, partners in the law firm of Kaplan & Walker LLP wrote an article Thinking About Training in the March/April 2008 edition of Ethikos.
The goals of training—to enhance employees’ understanding of the law and company policy and promote ethical business conduct—will not be achieved if training is not comprehensible and interesting enough to be heard and remembered. The Sentencing Guidelines highlight this notion by providing that companies must not only provide training—they must do so in an effective manner.
Email Etiquette and Compliance
Lots of hallway conversations have turned into email and instant messaging conversations. There are lots of problems with that.
First, is just the lack of human interaction. Humans are social and need to meet face-to-face. Along with that is the limited ability to add tone, sarcasm and other elements of conversation into the written word.
The second problem is that ability to retrieve that email or instant message conversation in a way that you cannot with a hallway conversation. This is a records management and compliance problem.
An example of an embarrassing and damaging IM conversation came out on Capitol Hill today. According to the New York Times (Rating Agencies Draw Fire on Capitol Hill) Congressman John A. Yarmuth, a Democrat from Kentucky, read aloud from an instant-message conversation between two S&P employees in the firm’s structured product division:
Official 1: By the way, that deal is ridiculous
Official 2: I know, right. The model definitely doesn’t capture half the risk.
Official 1: We should not be rating it
Official 2: We rate every deal. It could be structured by cows and we would rate it
Official 1: There is a lot of risk associated with it. I personally don’t feel comfy signing off as a committee member.
That may have been a funny hallway conversation, but is not getting the company in lots of trouble.
Before you send that email or IM, ask yourself how you would feel if your Congressman was reading it into testimony and having it appear in the New York Times.
Compliance and Ethics Training – How Much is Enough
In this podcast panel discussion, OCEG’s Carole Switzer moderates a discussion with ELT’s Shanti Atkins and SAI Global’s Mark Rowe to answer the question of how much is enough when it comes to compliance and ethics training. You can listen to a webcast and read a transcript (.pdf).
Ms. Atkins talks about a three layers of training. The first layer is training that is legally mandatory. One example is sexual harrassment training in some states. The second layer is training related to mandatory guidelines. You are not in violation of law for failing to do the training, but in the event of a problem the failure to have training results in elevated fines, penalties or damages. One example is the federal sentencing guidelines. The third layer is training as a best practice for the organization giving its risk profile.
Ms. Atkins sees extremes between lengthy training sessions that happens at regular intervals, but is not reactive to the company’s needs and is repetitive. At the other extreme is companies doing the bare minimum.
Ms. Switzer tries to draw a line between generational differences in the workplace at training. Ms. Atkins de-bunks this approach. (In my prior career in Knowledge Management I also did not see generational differences in training. There is just good training and bad training. I see some generational differences in tolerance for bad training.) Mr. Rowe has found story-based training to be more effective. You need to engage them in the training and not just talk at them.
Ms. Atkins sees some problems with scoring learners and keeping track of a database of scores as employees go through the training. One is how you go about following-up and addressing sub-par performers. The second is the potential for that information to be used against the company in a lawsuit.
Handing out a code of conduct and get a signed acknowledgment that an employee read it, is not training. Mr. Rowe emphasized the need to put the information into context, into a real-life situation. He also likes the idea of setting a bar that learners need to prove they understand one topic before they move onto another topic.
Ms. Atkins emphasized the need to keep the training modular so that scenarios can be added and removed and the training can be updated.
Mr. Rowe points out that “ethics training isn’t just a list of rules; it’s guidance that should help people perform their jobs in a better way and reduce risk to the organization.”
Cadwalader’s FCPA Advisor
The Fall 2006 Issue of Cadwalader’s FCPA Advisor provides a great background and overview of the Foreign Corrupt Practices Act.
International Standards for the Bribery of Public Officials
The Foreign Corrupt Practices Act is the U.S. standard for bribery of public officials by U.S. concerns or international concerns with a presence in the U.S. The international standard is the Convention on Combating Bribery of Foreign Public Officials in International Business Transactions promulgated by the Organization for Economic Co-Operation and Development.
The convention sets a criminal offense for:
any person intentionally to offer, promise or give any undue pecuniary or other advantage, whether directly or through intermediaries, to a foreign public official, for that official or for a third party, in order that the official act or refrain from acting in relation to the performance of official duties, in order to obtain or retain business or other improper advantage in the conduct of international business.
A foreign public official means:
any person holding a legislative, administrative or judicial
office of a foreign country, whether appointed or elected; any person exercising a public
function for a foreign country, including for a public agency or public enterprise; and any
official or agent of a public international organisation.
A public enterprise means:
any enterprise, regardless of its legal form, over which a government, or governments, may, directly or indirectly, exercise a dominant influence. This is deemed to be the case, inter alia, when the government or governments hold the majority of the enterprise’s subscribed capital, control the majority of votes attaching to shares issued by the enterprise or can appoint a majority of the members of the enterprise’s administrative or managerial body or supervisory board.
Evaluation of the Chief Compliance Officer
Thompson Hine put together a paper: Evaluation of the Chief Compliance Officer:
While Rule 38a-1 under the Investment Company Act requires a Board of Directors to approve the appointment, removal and compensation of a fund’s Chief Compliance Officer (“CCO”), the rule is silent as to any requirement to annually review the performance of the CCO. However, Rule 38a-1 does require that a fund annually review the adequacy and effectiveness of its written compliance policies and procedures (“Compliance Program”), as well as the Compliance Program of each investment adviser, principal underwriter, administrator and transfer agent of the fund (“Fund Service Providers”). Because the CCO is an integral part of any Compliance Program, it is reasonable to expect a board to evaluate the effectiveness of a CCO as part of, or in connection with, the annual review of the Compliance Programs.
The following statement by the Securities and Exchange Commission (“SEC”) serves as a useful starting point for evaluating the effectiveness of a CCO:
“A fund’s chief compliance officer should be competent and knowledgeable regarding the federal securities laws and empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the fund.”
Although this is a relatively vague standard, the SEC staff has informally articulated a number of specific qualities and capabilities that it believes a CCO should possess. In addition to analyzing these qualities and capabilities, a CCO’s effectiveness can be evaluated by reviewing the duties and functions actually performed by the CCO. This review should take into consideration the size, resources and business activities of the fund complex.
An Effective Compliance Program under the U.S. Sentencing Commission Guidelines
Section 8B2.1 of the 2007 version of the United States Sentencing Commission Guidelines define and “effective compliance and ethics program” for purposes of section (f) of § 8C2.5 for the Culpability Score and section (c)(1) of §8D1.4 for Recommended Conditions of Probation – Organizations:
(a) To have an effective compliance and ethics program, for purposes of subsection (f) of §8C2.5 (Culpability Score) and subsection (c)(1) of §8D1.4 (Recommended Conditions of Probation – Organizations), an organization shall—
(1) exercise due diligence to prevent and detect criminal conduct; and
(2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
Such compliance and ethics program shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct. The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.
(b) Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law within the meaning of subsection (a) minimally require the following:
(1) The organization shall establish standards and procedures to prevent and detect criminal conduct.
(2) (A) The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.
(B) High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program.
(C) Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.
(3) The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.
(4) (A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.
(B) The individuals referred to in subdivision (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents.
(5) The organization shall take reasonable steps—
(A) to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct;
(B) to evaluate periodically the effectiveness of the organization’s compliance and ethics program; and
(C) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.
(6) The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.
(7) After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.
(c) In implementing subsection (b), the organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each requirement set forth in subsection (b) to reduce the risk of criminal conduct identified through this process.
Some Reasons Why Compliance Programs Still Matter
Sharie A. Brown of Foley & Lardner LLP, wrote U.S. Foreign Corrupt Practices Act for the August 2008 of Compliance Week and put forth five very good reasons why your anti-corruption compliance program still matters a lot.
- Effective programs mitigate fines and penalties
- Early detection allows early company solutions
- Trust is valuable
- Good controls help keep the playing field level
- Ethics is forever and possible universal
Trust is Valuable
Companies want to be trusted by their customers, partners, business community, regulatory authorities, and investors, among many others. Customers and investors regularly entrust companies with their financial future and their most private and valuable personal information, as well as their environmental health and safety. To the extent that companies fail to have adequate internal controls and anticorruption policies that prevent misconduct, companies are susceptible to serious violations that breach that trust. A more trustworthy competitor could very easily become the more profitable competitor.
FCPA Review Procedure Release 81-02
FCPA Review Procedure Release 81-02 came from the Iowa Beef Packers, Inc. who wanted to send promotional samples to the Soviet Ministry of Foreign Trade, the Soviet government agency responsible for procurement of such products.
The total amount of the samples which the company intends to furnish to these officials is approximately 700 pounds of beef, with an estimated total value of less than $2,000. Individual sample packages will not exceed $250 in value. IBP estimates that prospective sales of packaged beef products to the Soviet government will be in minimum amounts of 40,000 pounds each.
The company has represented that the sample products to be presented to MVT officials are intended as items for their inspection, testing and sampling, and to make these officials aware of the quality of the company’s products. IBP also represents that the sample products are not intended for the individual use of the MVT officials, but will be provided to them in their capacity as representatives of the government agency responsible for purchasing the company’s products. Finally, the Soviet government has been informed that the company intends to furnish sample products to the MVT officials.