Kay – Certiorari Denied

The U.S. Supreme Court will not be reviewing the Fifth Circuit’s decision in Kay v. U.S. (cert denied shows up page 8 of the Orders List from October 6, 2008.)

Kay argued that the FCPA didn’t apply to bribes to reduce taxes, or that if it applied, the “obtaining or retaining” language in the law (the business nexus element) is so ambiguous that enforcement in their case would be unfair.

Compliance programs need to be aimed not just at bribes intended to directly help obtain business from foreign governments but also to any overseas public bribery that might create a commercial advantage. Complaince needs to find any payments to reduce taxes, speed up refunds, jump customs lines, obtain favorable inspections, manipulate business registrations, reduce utility costs, or enhance property usage.

Social Networking for Lawyers and Legal IT

I had the pleasure of hosting a lunch meeting for the International Legal Technology Association to talk about Social Networking for Lawyers and Legal IT.

I was joined by Jenn Steele and Bob Ambrogi in talking about Facebook, LinkedIn, blogging, Twitter, Legal OnRamp and Martindale Connected. We looked at the ways we each use these tools and how the audience used the tools. We also talked a bit about policy and rules for using these sites.

Here is the slide deck we used. You can also get the slides with our notes on JD Supra: Social Networking for Lawyers and Legal IT.

Social Networking

View SlideShare presentation or Upload your own. (tags: social km)

(We deleted the slides on LegalOnRamp and Martindale Connected because we “borrowed” them from another presentation.)

Jenn Steele is the Director of Information Technology at Morrison Mahoney LLP.  She holds an MBA from the Simmons School of Management and a B.S. in Biology from MIT, with a minor in Expository Writing.  Prior to Morrison Mahoney, she was the Director of Information Technology at Donovan Hatem LLP from 2002-2007, and the Senior Applications Specialist at Burns & Levinson LLP from 2000-2002.  She has also held positions in the health and human services industry.  She is the author of Leading Geeks, a blog focusing on best practices for leading technologists (www.leadinggeeks.blogspot.com).

Robert Ambrogi is an internationally known legal journalist and a leading authority on law and the Web.  He represents clients at the intersection of law, media and technology and is also established professional in alternative dispute resolution.  Robert is a Massachusetts lawyer, writer and media consultant and is author of the book, The Essential Guide to the Best (and Worst) Legal Sites on the Web.  He also writes the blog Media Law, co-writes Legal Blog Watch and cohosts the legal affairs podcast Lawyer2Lawyer.

Originally posted on my old blog, KM Space.

Walking The Fine Line Of Compliance In China

Jeffrey M. Rawitz and Erica L. Reilley of Jones Day published an article in Mondaq: China: The Foreign Corrupt Practices Act: Walking The Fine Line Of Compliance In China.

Four Suggestions for Avoiding FCPA Complications in China

Any company seeking to avoid potential FCPA problems in China, or elsewhere, should start by developing a rigorous internal compliance program. A good compliance program will include clear standards and procedures and will provide thorough training for all employees that have business dealings with China or any other foreign nation. Compliance materials and training should be targeted to the employees receiving them; thus, employees in China should be trained by local staff that understand the FCPA and can take into account the likely cultural issues—e.g., the long-standing Chinese tradition of gift giving—that may have an impact on proper compliance.

In addition, companies can limit exposure to potential FCPA problems through vigilant adherence to corporate due diligence. As noted above in the section on successor liability, U.S. enforcement authorities do not always view a merger or acquisition as extinguishing liability for past unlawful conduct. Thus, a company planning to merge with or acquire a company that has done business in China will need to do its due diligence on the target company’s business dealings, including those of its partners, agents, and distributors, to ensure FCPA compliance.

A third suggested practice to limit FCPA exposure is to negotiate and draft contracts that minimize FCPA risks. A company can do this by incorporating standard representations, warranties, and covenants in contracts with agents and distributors wherein they affirm their understanding of the FCPA and their commitment to comply with its requirements. Appropriate oversight of these agents and distributors, via inspection of business records and financial reports, may also prove helpful to ensuring a company’s overarching compliance with the FCPA.

Finally, a company’s potential FCPA liability can be minimized by forming an investigative team that can respond quickly when potential FCPA issues arise. The first part of this process requires that employees feel comfortable raising potential issues as they come up—compliance training can be particularly helpful here in assuring employees that the company wants to know of these concerns. Typically it is best for in-house counsel to be responsible for receiving such reports and for managing the resulting investigations. Lawyers usually can best assess the potential for liability (and thus the need for a complete and thorough investigation), and they can take appropriate precautions to keep the identity of the reporting employee confidential. Where notice of potential FCPA liability comes from U.S. enforcement authorities, it often is best to have in-house counsel work closely with outside counsel to provide a certain level of independence and objectivity throughout the investigation as well as to cooperate with enforcement authorities, if needed.

Compliance and Cloud Computing

Sara Peters wrote an article on Security Provoked: How Can You Prove Compliance in the Cloud?

Whether you’re in the midst of an audit or a forensic investigation, thorough logs are the key to proving compliance with security regulations. So how do you prove your organization is/was compliant when you aren’t able to maintain logs? This is the nagging question that gnaws hungrily at my weary brain every time I ponder cloud computing.

I am a big fan of cloud computing from a sharing and information architecture perspective, it may not be the right answer for critical information that is subject to regulatory control.

Yet.

The folks at Google and other cloud computing providers are not going to let compliance issues fall through the cracks for long. Cloud computing can provide similar service and less cost. Who has better understanding of security, your IT staff or the folks at Google?

 

New Link to the article: http://www.informationweek.com/security/can-you-prove-compliance-in-the-cloud/229209812

Product Samples and The Foreign Corrupt Practices Act

Richard L. Cassin of The FCPA Blog highlights Review Procedure Release No. 81-02 from December 11, 1981: A Rare (Or Medium-Rare) Opportunity. The release helps give a roadmap on how to introduce new products to potential government customers in foreign countries without violating the Foreign Corrupt Practices Act.

In Release 81-02 (December 11, 1981), the Department stated it would take no enforcement action where the requestor wished to provide samples of its products to officials of the Soviet Ministry of Foreign Trade. The Department stated that theFCPA was not implicated where (i) the samples were intended for the officials’ inspection, testing, and sampling; (ii) the samples were not intended for their personal use; and (iii) the Soviet government had been informed that the company intended to provide the samples.  (From the DOJ Website Section 1.1.5)

History of the Foreign Corrupt Practices Act

In 1977, Congress enacted the Foreign Corrupt Practices Act as part of the 1934 Securities Exchange Act .  The FCPA criminalized the bribery of foreign officials by U.S. corporations and individuals pursuing business in other countries and required that companies with publicly-traded stock meet certain standards regarding their accounting practices, books and records, and internal controls.

The FCPA consequently was amended in both 1988 and 1998.  First in 1988, Congress added two affirmative defenses and directed the executive branch to urge America’s global trading partners to pass anti-corruption laws to promote international parity with regard to business corruption.

In 1998, the FCPA was again amended to implement the Organization of Economic Cooperation and Development Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.  Congress ratified the OECD Convention and enacted implementing legislation.  These new amendments broadened the reach of potential FCPA bribery violations by expanding the scope of persons covered by the Act to include some foreign nationals.  Also, the 1998 amendments extended the FCPA’s jurisdiction beyond America’s borders to allow greater enforcement efforts by U.S. prosecutors.

The Specially Designated Nationals List (SDN)

The Office of Foreign Assets Control in the Treasury Department keeps the Specially Designated Nationals List (SDN).  The Specially Designated Nationals List is a publication of OFAC which lists individuals and organizations with whom United States citizens and permanent residents are prohibited from doing business.

FCPA Investigations are on the Rise

According to the Wall Street Journal’s Law Blog, And the FCPA Party Continues:

“U.S. government had open investigations into 84 companies at the end of last year, up from three in 2002, according to Shearman & Sterling. “In the 30-plus years I have followed these matters, there were long periods of little activity and few prosecutions in the early years. Recently there has been a dramatic increase in such activity,” says Danforth Newcomb, a Shearman partner.”

New Massachusetts Privacy Laws

Governor Patrick signed Executive Order 504 an order regarding the the Security and Confidentiality of Personal Information on September 19, 2008. This order revokes the earlier Executive Order 412.

There are also new state regulations 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth (effective Jan. 1, 2009) implementing M.G.L. c. 93H.

The Executive Order applies to state agencies. It goes further to require all contractors with the state to comply with the requirements. Even further it requires those contractors to require the contractors to require their subcontractors to also comply with the requirements.

The regulations apply to every person that “owns, licenses, stores or maintains personal information about a resident of the Commonwealth.” The regulations require:

“a comprehensive, written information security program applicable to any records containing such personal information.  Such comprehensive information security program shall be reasonably consistent with industry standards, and shall contain administrative, technical, and physical safeguards to ensure the security and confidentiality of such records.”

The regulations also require a designation of “one or more employees to maintain the comprehensive information security program.” Sounds like another task for the Chief Compliance Officer.

Thanks to Lee Gesmer of the Mass Law Blog for pointing this out: New Massachusetts Rules on Identity Theft.