Doing More with Less: Compliance During Tough Economic Times

I am attending the Global Ethics Summit 2010, hosted by Dow Jones and Ethisphere. Here are my notes, live from this session:

Let’s face it: compliance is usually seen as a cost center. While there’s been some good and interesting research about the positive impact on the business of a good ethical culture and brand, that message has not permeated everywhere. So in tough economic times, those responsible for their company’s compliance programs are forced to do more with less. How do you work with a smaller budget without sacrificing the quality or effectiveness of your efforts? And what are the best companies doing to demonstrate the value of and return on their own efforts?

Speakers:

  • Ronnie Kann, Managing Director, CELC, Corporate Executive Board
  • Alexandra Wrage, President, Trace International
  • Keith Abrams, Vice President & Associate General Counsel, Bayer NA
  • Dean Krehmeyer, Executive Director, Business Roundtable Institute for Corporate Ethics
  • Jeremy Wilson, Senior Manager, Ethics Office, Cisco Systems

Resource Allocation

Jeremy looked to collaboration to help maximize resources. Start by figuring out resources you have internally to limit external expenditures. Cisco has lots internal technology resources. Take advantage of your technology resources. They leverage internal social media tools to help communicate with employees and managers. Since they own WebEx they do lots of videoconferencing.

Dean is seeing the compliance and ethics trying to push activities upward to get boards and C-level executives more involved in their programs. There is an emphasis on making the business case.

Keith pointed out that there as much interest throughout organizations to do the right thing. The board is sometimes behind.

Alexandra pointed out that in a time of decreasing budgets, legal and compliance should not have a disproportionate cut. Working with shoddy partners and illegal conduct has real business costs.You need to make compliance business-relevant.

Enhancing the Program

Look to your peers and competitors to show what others are doing. Complying with regulations are important but meeting the level of your industry is even more important when the practice exceeds regulatory standards.

Storytelling is important. Stories are one of the best ways to demonstrate corporate culture.

Risk Management

The 2008 financial crisis had a much bigger financial loss than the Enron era wave of corporate governance changes. The outrage is bigger also. But we are not seeing as many perp-walks and prosecutions. The crisis may have been more about failures of risk management than a failure of corporate governance. You still need ethics and compliance to be a fundamental part of corporate operations.

We need to make it clear that bribery is not a victimless crime. It sometimes seems that it does not have the headline issues of environmental violations. Hopefully, the SEC and DOJ prosecutions will cause companies to focus on the dangers of bribery. The result is not just fines, but people are going to jail for bribery.

Broken Trust

How can your company help restore the public trust in it? It’s a business issue. You should have your ethics and compliance program show the lead in restoring that broken trust. Show your internal employees how you are restoring trust so it will be apparent externally. Empower your employees so they know the answers.

Strategic Implications

It’s hard to tap into the business processes. Compliance is usually outside the flow of business processes. Don’t talk “at” people. You need to engage them and have a dialogue. If the issues were easy, they wouldn’t be issues.

Alexandra points out that compliance has an important role when entering new markets. There are natural allies in the markets to help deter bribery. Bribery is theft and increases the costs to consumers. She has case studies and reports that shows that you can succeed by not paying bribes. You have to go with a strong message at the beginning. After the first time you pay a bribe, the government officials will line up with their hands out.

There are lots of stakeholders who were damaged by the current corporate ethics wave. More than the Enron-era corporate ethics wave. Companies need to find the balance between innovation and compliance. You don’t want to be a barrier to new business (as long as it is ethical and compliant.)

New Anti-Bribery Compendium

trace-compendium-logo

Trace International has launched an online, fully-searchable database containing summaries and analyses of international anti-bribery enforcement actions and investigations in the U.S. and throughout the world. The Trace Compendium summaries are searchable by name or by numerous other criteria, including year, substantive criteria, enforcement authority, and enforcement result.

Want the actions involving officials in Thailand?
You can see the actions involving Thailand Officials.

Want the actions from the Tokyo District Public Prosecutors Office?
You can find the actions from the Tokyo District Public Prosecutors Office.

Want all the cases involving property development?
You can search for the cases involving property development.

It’s a fantastic resource if you are looking at bribery and corruption cases.

References:

  • The Trace Compendium
  • Trace Launches Anti-Bribery Compendium from the Wrage Blog

Compliance Bits and Pieces

Here are some interesting compliance stories that have not made their into their own posts:

Canada’s Commitment to Combating the Corruption of Foreign Public Officials: Watching Bill C-31 from the Wrageblog

Bill C-31, An Act to amend the Criminal Code, the Corruption of Foreign Public Officials Act and the Identification of Criminals Act, was introduced to Parliament on May 15, 2009. The timing of the bill’s first reading was clearly tied to the June 2009 release of Transparency International’s Progress Report on the Enforcement of the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. The TI Report criticized Canada, calling Canada a laggard, and listing it as one of 21 countries making little or no effort to enforce its anti-corruption laws.

The FCPA’s Murky Knowledge Element by Mike Koehler for the FCPA Professor

In a superb new piece titled, “The ‘Knowledge’ Requirement of the FCPA Anti-Bribery Provisions: Effectuating Or Frustrating Congressional Intent?,” – Kenneth Winer and Gregory Husisian of Foley & Lardner (the “Authors”) conclude that “[t]he DOJ and SEC … now interpret the knowledge requirement so broadly that they have effectively eviscerated the 1988 statutory changes thereby raising an important question: Are the DOJ and SEC frustrating the intent of Congress by ignoring the reason that Congress amended the FCPA?” (see here).

Changes to Cayman AML Guidance Notes from Compliance Avenue

According to recent changes to the Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands (the “Guidance Notes”), offshore funds registered in the Cayman Islands and regulated by the Cayman Islands Monetary Authority (“CIMA”) should designate and appoint a compliance officer (“Compliance Officer”) at the management level, who: . . .

How BAE Got Caught by Richard Cassin for the FCPA Blog

Investigative reporters may be disappearing from newsrooms everywhere, but they still have an important role to play in holding institutions and people accountable for overseas bribery. Rob Evans of the U.K. Guardian contributed an essay to TI’s Global Corruption Report 2009 here. It’s about how he and David Leigh broke the BAE story.

ERISA Bonding Requirements for Hedge Fund Managers by The Hedge Fund Lawyer

Hedge fund managers who manages hedge funds which exceed the 25% ERISA threshold will need to purchase a fidelity bond.  The questions and answers below on the ERISA fidelity bonding requirements were prepared by the Department of Labor which is the governmental agency which is in charge of enforcing the ERISA laws and regulations.

The Time I was Written Up for Blogging by New CommBiz

About a year and a half ago I was written up for blogging. It was kind of a weird moment and I’ve never really talked about it much. It wasn’t that big of a deal but I thought I’d share how it happened and what I learned from it.

Here’s what I did wrong:

  • Technically I responded to a “press inquiry” (nothing freaks out PR people more than employees talking to the press)
  • I talked about the layoffs and certain financial aspects of the company during the “quiet period”

Compliance Bits and Pieces

Here are some interesting stories from the past week:

Compliance Surprises in Cuba’s Closed Economy by Alexandra Wrage on the WrageBlog

Companies enjoying any success in Cuba have partnered with savvy locals who guide them through the dense, opaque bureaucracy. Such companies must convince the government that they are there for the long haul. They cultivate relationships and, invariably, they sponsor charity cigar auctions or kids’ “go-kart” rallies. But, by all reports from many sources, they don’t pay bribes.

Five Common Mistakes in Internal Investigations by Tim Mohr and Nidhi Rao for Directorship

Warren Buffett put it best when he said, “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.” This statement could not be more relevant today. It takes only one person to tarnish an organization’s reputation. Not only is the current turbulent economy affecting the corporate bottom line, but if past history is any indicator, businesses can anticipate it to lead to an increase in incidents of fraud. As a result of the SEC, regulators, stakeholders and the public paying closer attention to the way an organization functions, organizations and corporate directors need to be diligent when conducting internal investigations.

Wall Street Meets the Wire by Gail Shifman on the White Collar Crime Prof Blog

In this case [against billionaire hedge-fund manager Raj Rajaratnam], however, the legal issue regarding the use of wiretaps that immediately jump to the surface is the question about whether The Federal Wiretap Act specifically authorizes the interception of electronic recordings for alleged security fraud violations (Title 15 U.S.C. §§ 78j(b) & 78ff and Title 17 C.F.R. §§ 240.10b-5 & 240.10b5-2) as charged in the criminal complaint. These statutes are not specifically enumerated in Title III, 18 U.S.C. § 2516, which provides the authorization for electronic interception. Wire and mail fraud (18 U.S.C. §§ 1341 & 1343) anti-trust violations, money laundering and numerous other offenses are listed, but not securities fraud. Chances are good that the government could have charged these defendants with wire fraud but were they scared away by the fact that the Skilling, Weyrauch, and Black cases are on review before the Supreme Court? One would think (hope?) that the government has preliminarily determined that section 2516 provides them with the authorization they need lest they find themselves licking self-inflicted wounds.

Facilitation Payments Still Leave Companies Vexed By Melissa Klein Aguilar for Compliance Week

A survey conducted by TRACE International shows some companies are prohibiting facilitation payments—colloquially known also known as “grease payments”—which are given to induce foreign officials to perform routine functions they’re already obligated to perform, such as issuing licenses or permits and installing telephone lines. In theory, such payments simply nudge foreign officials to do their jobs more promptly.

In practice, however, the line between a permissible facilitation payment and an illegal bribe can be very blurry. And to complicate matters, while the United States, Canada, Australia, New Zealand, and South Korea allow their citizens to make facilitation payments, they are illegal under local law in every country in which they are actually paid.

Bits and Pieces on Compliance

Here are a few stories and items that caught my eye recently, but I have not had time to build-out to a full post:

Role of Federal Sentencing Guidelines in FCPA Cases from the WrageBlog

Given the tremendous fines imposed upon Siemens AG and Kellogg Brown & Root LLC (“KBR”) in the past 10 months, many have asked how the DOJ calculates criminal fines in FCPA cases and how statutory penalties and the United States Sentencing Guidelines (“U.S.S.G.”) interact in that calculation.

Behind the Numbers: The Anatomy of a Ponzi Scheme from The Fraud Guy

Many articles have been out in the press since Ponzi schemes have begun unraveling over the course of the last year which either describe Ponzi schemes inaccurately or really don’t help the public understand how the schemes actually work and what happens with the money.  This article (publication pending), “The Anatomy of a Ponzi Scheme” may help people understand how Ponzi schemes and their orchestrators work.

Complying With Mass. Data Security Regs Proves Costly from Melissa Klein Aguilar for Compliance Week

For those organizations already tackling the task of complying with a new Massachusetts data security regulations that are currently slated to take effect March 1, compliance is proving costly, a recent survey shows. . .  A joint survey of more than 200 members of the International Association of Privacy Professionals conducted by the IAPP and the law firm Goodwin Procter found that 33 percent of the organizations polled have already spent more than $50,000 on complying with the rules.

Massachusetts Holds Public Hearing on Information Security Regulations — Regulators Contemplating Additional Revisions in Final Rulemaking from Security, Privacy and The Law

The Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) held a public hearing in connection with its promulgation of revisions to the Commonwealth’s information privacy regulations, 201 CMR 17.00. The standing-room-only crowd endured a modest, unventilated conference room in the Transportation Building to make comments on the stringent regulations. OCABR Undersecretary Barbara Anthony led the meeting with OCABR Deputy General Counsel Jason Egan and Assistant Attorney General Diane Lawton. The principal author of the original regulations, OCABR General Counsel David A. Murray, could also be seen in the audience.

Due Diligence Failure Leads to SEC Enforcement Action? from Mark J. Astarita of SECLaw.com

The SEC has charged Detroit-area stock broker Frank Bluestein with fraud, alleging that he lured elderly investors into a $250 million Ponzi scheme.

Lehman Bankruptcy Court Declares “Bankruptcy Default” Under Swap Agreement To Be Unenforceable from Goodwin Procter

On September 17, in one such closely watched matter, U.S. Bankruptcy Judge James Peck ordered Metavante Corporation (“Metavante”), a counterparty to Lehman Brothers Special Financing (“LBSF”) in an interest rate swap transaction in which Lehman Brothers Holdings, Inc. (“LBHI”) is the credit support provider, to perform its obligations to pay quarterly fixed amounts owing under the transaction, notwithstanding the bankruptcies of LBSF and its parent. Judge Peck concluded that Metavante could not rely solely on the filing of the Lehman bankruptcy cases to refuse to make payment to Lehman while also not terminating the agreement.

Some of these have been in my personal Twitter feed (@dougcornelius) or my Posterous (Compliance Building’s Posterous).

Vetting Business Partners

compliance-week-blue

My notes, live, from Vetting Business Partners, with Alexandra Wrage of Trace International to talk about how leading companies have approached this challenge in a global company.

Due diligence on business partners is one of the most important things a company can do, but also one of the least interesting things. She points out that the FCPA has a “should have known” standard. So ignorance is not a defense.

Sales consultants are some of the higher risk because they are usually paid on a commission basis. Consultants, paid by the hour, are a lesser risk merely because of the different compensation model. Distributors and resellers can be a risk. Merely having a third party in between your company and the corrupt official is still bad and is not a defense to charges.

Resellers are a new problem. The take title to your product and are your customer. But if there is evidence that the resellers are paying bribes to their customers, your company can be potentially be pulled in.

She turned to focus on some problem areas in due diligence when working with third parties.

Ownership – This is the most important and should be a deal-breaker if true beneficial ownership is not disclosed. (You can also work in the negative- not a government official or blocker person. This is not a good practice. The hidden identity should be a red flag. It would certainly be a red flag in a government investigation.)

Government relations. You need to find out if a clse relative is in the government. It is not a deal-breaker, but you need to be aware of the relationship.

Expertise. What is this person being paid to do if they do not have any particular expertise.

Financial stability. If they are acting as your agent, their financial failing will rub off on you.

Media searches. You need to know if your business partner is in the headlines.

Training. You need to letting them know what they need to do.

Periodic review and certifications. You want to make sure that you update things when the contract is renewed. You also want to check periodically to make sure there has not been a big change in the business partner. Certifications can be included on each invoice so they certify each time they paid that they have not bribed a foreign official.

It is important to keep red flags in mind, but you should standardize your contracts and review and not target specific areas. Many of the biggest FCPA cases have come from individuals acting in countries that are not known for being corrupt.

You can have a tiered due diligence program, depending on the nature of the relationship, the basis of compensation,and  the reputation of the company. The most common is three tiers: not risky, standard, and more risky. That allows you to target your resources.

She sees the divide in the DOJ cases where companies are either do due diligence or not doing any diligence. Not doing diligence almost moves you into a strict liability position. You have no defense.

There has been a surge in FCPA cases over the last few years. Most involved problems with intermediaries.

She points out that corruption due diligence is a two-way street. Increasingly, foreign companies are conducting due diligence on American companies.

She also takes a controversial position that you may be better off not having audit rights if you do not intend to actually do audits. She advocates triggered audit rights instead of a matter of course if you are not going audit on a regular basis. You want to have a meaningful conversation with your intermediary that these audit rights are real.

There is an increasing turf battle on international enforcement. The SFO (Britain’s version of the DOJ) has stated that reporting to the DOJ first is not a voluntary disclosure for their purposes and reserve the right to still enforce.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

Corresponding with Cornelius – a new series of blog posts

200-state-street

Not all of my online conversations take place here at Compliance Building. I try to make as many comments in other places as I do here. Twitter is a sporadic stream of thoughts, comments, and replies. I also try to leave as many comments on other blogs as I do posts here. I think you should join some of those other conversations. Here are some other blog posts that caught my eye and made me leave some commentary.

Corresponding with Cornelius on Collaboration with Clients by David Hobbie at Caselines

A follow up to my earlier post on Extranets for law Firm and Client Collaboration

Why Corporate Ethics is Usually an Oxymoron by Charles Green of Trust Matters

Charlie does not like the idea of ethics being treated as separate process and an individual course. I agreed.

Live Events in the Age of Social Media by Bill Pollak of Incisive Media

Bill points out the ways Twitter and the social internet are changing the ways conferences are run and what happens after. I point out that they are also changing what happens before the conference.

How Are Lawyers using Twitter by Simon Chester on Slaw.ca

I share the ways I use Twitter.

Training: What Works? By Alexandra Wrage on the wrageblog

A great grouping of four types of workers in anti-bribery training. I note that the same paradigm can be applied to most compliance and ethics training.

Social Networks and Employer Branding by Brand for Talent

Mark and I are writing some guidelines on the use of social media for our readers. We invite you to join the conversation.Let us know how you think we can embrace these tools versus police them. I offered up my draft blogging / social internet policy.

The Three Types of Collaboration by Jordan Furlong of Law 21

Jordan sets out a paradigm of three types of collaboration: Lawyer-to-lawyer, lawyer-to-client, and client-to-client. It is one of the few times I have disagreed with Jordan.

I have to credit David Hobbie with coming up with the phrase “Corresponding with Cornelius” which led to this blog post title and this new series of blog posts. (At least new for me.)

Approaching the Sphinx: The DOJ’s Opinion Release Procedure under the FCPA

wrageblogAlexandra Wrage of the WrageBlog shares her experiences using the Department of Justice’s opinion release procedure under the Foreign Corrupt Practices Act: Approaching the Sphinx: The DOJ’s Opinion Release Procedure.

Ms. Wrage takes us through the experiences of TRACE International in obtaining FCPA Opinion Procedure Release 08-03.

The opinion release procedure for the Foreign Corrupt Practices Act is fairly unique for a criminal law. You can ask the government if your proposed action is potentially criminal.

A Simple Strategy to Avoid Paying a Bribe

Alexandra A. Wrage writes on the WrageBlog about Simple Strategies to avoid paying a bribe:

“Our informant carefully prepared himself to meet with a notorious bribe-demanding functionary for the first time. He scripted his approach to the exchange:
(a) Stand quietly at the functionary’s little window until the functionary looked at him,
(b) Smile confidently,
(c) Say “good morning”, followed immediately by
(d) “I am so relieved that I get to talk to you. I have heard that most of the public employees here demand bribes, but I have also heard that you never ask for a one.” (These words are exactly those used.)
(e) Smile, again and describe his request.
(f) Use an expression and body language indicating that he trusts her to give him what he has requested.”

2008 Update on Anti-Corruption

The Anti-Corruption Committee of the American Bar Association consisting of Leslie Benton, Michael Kieval, Caroline Lindsey, Kerry Mandernach, Philip Urofsky, and Alexandra Wrage prepared an Anti-Corruption update for the Summer 2008 edition of The International Lawyer.