Author: Doug Cornelius

You can find out more about Doug on the About Doug page

OCEG Webcast on Code of Conduct

Scott Mitchell, Chairman and of the Open Compliance & Ethics Group, and Brett Curran, Director of GRC and Privacy at Axentis, conducted a webinar on the Code of Conduct.  The powerpoint slides are free, but the webinar itself requires a premium membership.

These are some metrics they propose for measuring the performance of a Code of Conduct:

  • Reach – Percentage that receives the Code of Conduct
  • Certification Coverage – percentage that certifies they understand and will uphold the code of conduct
  • Training Coverage – percentage that are trained about the contents of the Code of Conduct
  • Awareness – percentage that report they what the code is and what is says
  • Mastery – percentage that proves through testing that they know the Code and what it says
  • Reporting Readiness – percentage that know to report violations
  • Readability – Flesch reading score
  • Operationalization – percentage that believes that the organization actually adheres to the Code
  • Organizational Alignment – percentage that believe that the Code accurately reflects the true values of the organization
  • Personal Alignment – percentage that believe that the Code is aligned with their personal values
  • Reporting – percentage that believe that Code violations are actually reported
  • Questions – number of questions received
  • Incidents – number of reported or discovered incidents of violation

Ding Dong, FCPA Calling

Avon, the beauty products seller, announced that is voluntarily conducting an investigation of its China Operations, focusing on compliance with the Foreign Corrupt Practices Act.

“The Company, under the oversight of the Audit Committee, commenced in June 2008 an internal investigation after it received an allegation that certain travel, entertainment and other expenses may have been improperly incurred in connection with the Company’s China operations. The company has voluntarily contacted the Securities and Exchange Commission and the United States Department of Justice to advise both agencies that an internal investigation is underway. The internal investigation is in its early stage and no conclusion can be drawn at this time as to its outcome.”

Richard L. Cassin, on The FCPA Blog, notes that China forced Avon to market its products through shops and boutiques and restricted direct selling. But two years ago, Avon convinced regulators to allow door-to-door sales.

James H. Fries, Jr. on The Objectives and Conduct of Bank Secrecy Act Enforcement

James H. Fries, Jr., the Director of Financial Crimes Enforcement Network at the U.S. Department of Treasury spoke about The Objectives and Conduct of Bank Secrecy Act Enforcement at the ABA/ABA Money Laundering Enforcement Conference in Washington D.C. on October 20, 2008.

“An essential principle of FinCEN’s enforcement program is to uphold the public policy choice made by the Congress when it enacted the BSA in 1970, and expanded it with the passage of Annunzio-Wylie Anti-Money Laundering Act of 1992, The Money Laundering Suppression Act of 1994, and the USA PATRIOT Act of 2001.”

New Massachusetts Regulations to Mandate Comprehensive Information Security Requirements

goodwinprocter_logo

Goodwin Procter LLP published a summary of the New Massachusetts Regulations to Mandate Comprehensive Information Security Requirements.

The regulations have broad coverage, applying to all entities that own, license, store or maintain personal information about residents of the Commonwealth of Massachusetts, regardless of whether or not the entity has operations in the Commonwealth. Federally regulated financial and other entities are not exempt from the Massachusetts regulations, raising the question of whether entities that are in compliance with Gramm-Leach-Bliley, HIPAA and/or SEC information security requirements will be considered to meet the new Massachusetts requirements. Significantly, “personal information” has a somewhat limited scope, and is defined as a resident’s first and last name or first initial and last name in combination with a Social Security number, driver’s license number or financial account number. The regulations impose two principal requirements: (i) the duty to develop, implement and maintain a very comprehensive written information security program that meets very specific requirements; and (ii) the obligation to meet specific computer information security requirements.

Privacy and Security Alert: Massachusetts Has New Data Security Regulations

Cynthia Larose, Elissa Flynn-Poppey and Julia M. Siripurapu of Mintz Levin Put together an alert with a a summary of the new Massachusetts Data Security Regulations: Privacy and Security Alert: Massachusetts New Data Security Regulations Effective January 1, 2009.

The alert has a summary of some of the changes to the changes to the regulations since comments were made in january 2008.

Text of the Foreign Corrupt Practices Act

You can find the complet text of the Foreign Corrupt Practices Act on the Department of Justice’s Foreign Corrupt Practices Act site.

§ 78dd-2. Prohibited foreign trade practices by domestic concerns

(a) Prohibition

It shall be unlawful for any domestic concern, other than an issuer which is subject to section 78dd-1 of this title, or for any officer, director, employee, or agent of such domestic concern or any stockholder thereof acting on behalf of such domestic concern, to make use of the mails or any means or instrumentality of interstate commerce corruptly in furtherance of an offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of anything of value to–

(1) any foreign official for purposes of–

(A) (i) influencing any act or decision of such foreign official in his official capacity, (ii) inducing such foreign official to do or omit to do any act in violation of the lawful duty of such official, or (iii) securing any improper advantage; or

(B) inducing such foreign official to use his influence with a foreign government or instrumentality thereof to affect or influence any act or decision of such government or instrumentality,

in order to assist such domestic concern in obtaining or retaining business for or with, or directing business to, any person;

(2) any foreign political party or official thereof or any candidate for foreign political office for purposes of–

(A) (i) influencing any act or decision of such party, official, or candidate in its or his official capacity, (ii) inducing such party, official, or candidate to do or omit to do an act in violation of the lawful duty of such party, official, or candidate, or (iii) securing any improper advantage; or

(B) inducing such party, official, or candidate to use its or his influence with a foreign government or instrumentality thereof to affect or influence any act or decision of such government or instrumentality,

in order to assist such domestic concern in obtaining or retaining business for or with, or directing business to, any person;

(3) any person, while knowing that all or a portion of such money or thing of value will be offered, given, or promised, directly or indirectly, to any foreign official, to any foreign political party or official thereof, or to any candidate for foreign political office, for purposes of–

(A) (i) influencing any act or decision of such foreign official, political party, party official, or candidate in his or its official capacity, (ii) inducing such foreign official, political party, party official, or candidate to do or omit to do any act in violation of the lawful duty of such foreign official, political party, party official, or candidate, or (iii) securing any improper advantage; or

(B) inducing such foreign official, political party, party official, or candidate to use his or its influence with a foreign government or instrumentality thereof to affect or influence any act or decision of such government or instrumentality,

in order to assist such domestic concern in obtaining or retaining business for or with, or directing business to, any person.

(b) Exception for routine governmental action

Subsections (a) and (i) of this section shall not apply to any facilitating or expediting payment to a foreign official, political party, or party official the purpose of which is to expedite or to secure the performance of a routine governmental action by a foreign official, political party, or party official.

(c) Affirmative defenses

It shall be an affirmative defense to actions under subsection (a) or (i) of this section that–

(1)  the payment, gift, offer, or promise of anything of value that was made, was lawful under the written laws and regulations of the foreign official’s, political party’s, party official’s, or candidate’s country; or

(2)  the payment, gift, offer, or promise of anything of value that was made, was a reasonable and bona fide expenditure, such as travel and lodging expenses, incurred by or on behalf of a foreign official, party, party official, or candidate and was directly related to–

(A) the promotion, demonstration, or explanation of products or services; or

(B) the execution or performance of a contract with a foreign government or agency thereof.

Who is a Foreign Official under the FCPA?

The FCPA defines “foreign official” as:

[A]ny officer or employee of a foreign government or any department, agency, or instrumentality thereof, or a public international organization, or any person acting in an official capacity for or on behalf of any such government or department, agency, or instrumentality, or for or on behalf of any such public international organization.

It is obvious that person holding political office is a foreign official. In this age of increasing privitization of government services and the sudden investment of government investment in private businesses, it is not clear when an entity is an “instrumentality” of a foreign government.

The OECD Anti-Bribery Convention uses the term “public enterprise” which it defines to include “any enterprise in which the government holds a majority stake, as well as those over which a government may exercise a dominant influence directly or indirectly.

Under the FCPA, Who Is a Foreign Official Anyway? by Joel M. Cohen, Michael P. Holland, and Adam P. Wolf of Clifford Chance examine some of thses issues in great detail. You can find the article in the August 2008 edition of The Business Lawyer.

Protecting Individual Privacy in the Struggle Against Terrorists

The National Research Council has published a new report finding that all U.S. agencies with counterterrorism programs that collect personal data should be required to evaluate the programs’ effectiveness, lawfulness, and impacts on privacy.

In its press release, they summarize that “Collecting and examining data to try to identify terrorists inevitably involves privacy violations, since even well-managed programs necessarily result in some “false positives” where innocent people are flagged as possible threats, and their personal information is examined.  A mix of policy and technical safeguards could minimize these intrusions, the report says.  Indeed, reducing the number of false positives also improves programs’ effectiveness by focusing attention and resources on genuine threats.”

The report, Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment, is available from The National Acadamies Press in paperback or free online.

“All U.S. agencies with counterterrorism programs that collect or “mine” personal data — such as phone records or Web sites visited — should be required to evaluate the programs’ effectiveness, lawfulness, and impacts on privacy. A framework is offered that agencies can use to evaluate such information-based programs, both classified and unclassified. The book urges Congress to re-examine existing privacy law to assess how privacy can be protected in current and future programs and recommends that any individuals harmed by violations of privacy be given a meaningful form of redress. Two specific technologies are examined: data mining and behavioral surveillance. Regarding data mining, the book concludes that although these methods have been useful in the private sector for spotting consumer fraud, they are less helpful for counterterrorism because so little is known about what patterns indicate terrorist activity. Regarding behavioral surveillance in a counterterrorist context, the book concludes that although research and development on certain aspects of this topic are warranted, there is no scientific consensus on whether these techniques are ready for operational use at all in counterterrorism.”

Read this FREE online!
Full Book | PDF Summary

Kay – Certiorari Denied

The U.S. Supreme Court will not be reviewing the Fifth Circuit’s decision in Kay v. U.S. (cert denied shows up page 8 of the Orders List from October 6, 2008.)

Kay argued that the FCPA didn’t apply to bribes to reduce taxes, or that if it applied, the “obtaining or retaining” language in the law (the business nexus element) is so ambiguous that enforcement in their case would be unfair.

Compliance programs need to be aimed not just at bribes intended to directly help obtain business from foreign governments but also to any overseas public bribery that might create a commercial advantage. Complaince needs to find any payments to reduce taxes, speed up refunds, jump customs lines, obtain favorable inspections, manipulate business registrations, reduce utility costs, or enhance property usage.

Social Networking for Lawyers and Legal IT

I had the pleasure of hosting a lunch meeting for the International Legal Technology Association to talk about Social Networking for Lawyers and Legal IT.

I was joined by Jenn Steele and Bob Ambrogi in talking about Facebook, LinkedIn, blogging, Twitter, Legal OnRamp and Martindale Connected. We looked at the ways we each use these tools and how the audience used the tools. We also talked a bit about policy and rules for using these sites.

Here is the slide deck we used. You can also get the slides with our notes on JD Supra: Social Networking for Lawyers and Legal IT.

Social Networking

View SlideShare presentation or Upload your own. (tags: social km)

(We deleted the slides on LegalOnRamp and Martindale Connected because we “borrowed” them from another presentation.)

Jenn Steele is the Director of Information Technology at Morrison Mahoney LLP.  She holds an MBA from the Simmons School of Management and a B.S. in Biology from MIT, with a minor in Expository Writing.  Prior to Morrison Mahoney, she was the Director of Information Technology at Donovan Hatem LLP from 2002-2007, and the Senior Applications Specialist at Burns & Levinson LLP from 2000-2002.  She has also held positions in the health and human services industry.  She is the author of Leading Geeks, a blog focusing on best practices for leading technologists (www.leadinggeeks.blogspot.com).

Robert Ambrogi is an internationally known legal journalist and a leading authority on law and the Web.  He represents clients at the intersection of law, media and technology and is also established professional in alternative dispute resolution.  Robert is a Massachusetts lawyer, writer and media consultant and is author of the book, The Essential Guide to the Best (and Worst) Legal Sites on the Web.  He also writes the blog Media Law, co-writes Legal Blog Watch and cohosts the legal affairs podcast Lawyer2Lawyer.

Originally posted on my old blog, KM Space.