Sometimes the universe converges in ways that are quite eerie. This past weekend was such an instance when the most beloved figure in Houston professional sports passed on to the great hereafter; only to be followed two days later by the most reviled figure in Houston professional sports history. The most beloved was Bum Phillips, head coach of the Houston Oilers during the Luv Ya Blue era, when the Oilers twice reached the AFC Championship game, losing both times to eventual Super Bowl Champion, the Pittsburg Steelers. The most reviled was the owner of the Houston Oilers, Bud Adams, who not only fired Phillips because he was too popular but also huffed and puffed and picked up his franchise and moved it to Nashville when the City of Houston refused his extortionate demands for a new stadium five years after upgrading the Astrodome at his behest. It sure ought to be a great get together to watch some football upstairs this weekend.
Although one was beloved and one was reviled, they both were innovators so today I will look at five trends in both Foreign Corrupt Practices Act (FCPA) compliance programs and Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcements.
I. Transaction Monitoring
In April 2012, the DOJ announced that it was declining to prosecute Morgan Stanley for the FCPA violations of one of its Managing Directors, Garth Peterson, even though Peterson himself pled guilty to FCPA violations. This was the first publicly announced Declination to Prosecute by the DOJ. In announcing the Declination, the DOJ listed several factors including the firm’s extensive compliance policies and notifications thereof, internal controls and training meant to prevent FCPA violations, all of which had been acknowledged by Peterson. However, the one which struck me was that Morgan Stanley’s compliance personnel engaged in transaction monitoring, randomly auditing particular employees, transactions and business units, and testing to identify illicit payments. This was the first time that the DOJ had spelled out transaction monitoring as a key component of a FCPA compliance regime.
In December, 2012, the SEC released its FCPA enforcement action against Eli Lilly and Company (Lilly). Although this was a civil action and not a DOJ criminal enforcement action, I believe that transaction monitoring would have been a key to detecting and preventing the FCPA violations. In Brazil, there was one distributor which received a discounted rate outside the standard discount given. Transaction monitoring parameters could be set to notify internal audit or compliance if such situations occurred. In Poland, there was a clear relationship between the dates of the donations to the charitable entity administered by the Director General who was making the decisions on the sale of Lilly products. Once again transaction monitoring would have correlated this connection and flagged it for further investigation.
II. International Corruption and Bribery Enforcement
The entry of the Chinese government into the international fight against corruption and bribery is truly a game-changer. While there may be many reasons for this very public move by the Chinese government, it is clear that foreign companies are now on notice. Doing business the old fashioned way will no longer be tolerated. I agree with Mike Volkov that the GlaxoSmithKline PLC (GSK) bribery and corruption investigation will be the Number 1 development for the year in anti-corruption compliance. This means that international (read: western) companies operating in China have a fresh and important risk to consider; that being that they could well be subject to prosecution under domestic Chinese law.
The international component of this investigation may well increase anti-corruption enforcement across the globe. First of all, when other countries notorious for their endemic corruptions, for example India, see that they can attack their domestic corruption by blaming it on international businesses operating in their country, what lesson do you think they will draw? Most probably that all politics are local and when the localities can blame the outsiders for their own problems they will do so. But, when that blame is coupled with violations of local law, whether that is anti-bribery or anti-price fixing, there is a potent opportunity for prosecutions.
III. Document, Document and Document
The SEC is investigating JPMorgan Chase regarding its hiring practices in China. It appears that JP Morgan Chase hired children of Chinese government officials or heads of state owned enterprises. While such hirings do not violate the FCPA per se, they do raise red flags. The FCPA Professor was quoted in the New York Times (NYT) for the following, “While the hire of a son or daughter itself is not illegal, red flags would be raised if the person hired was not qualified for the position, or, for example, if a firm never received business before and then lo and behold, the hire brought in business.”
This entire episode emphasizes the continuing key concept of the three most important things in any FCPA compliance program; that being Document, Document and Document. If your compliance program does not document its successes there is simply no evidence that it has succeeded. In addition to providing to your company support to put forward to the DOJ, it is the only manner in which to gauge the overall effectiveness of your compliance program. Put another way, if you don’t document it, you cannot measure it and if you cannot measure it, you cannot refine it.
IV. Risk Management is More Than Simply Risk Assessment
The implementation of an effective compliance program is more than simply following a set of accounting rules or providing effective training. Compliance issues can touch many areas of your business and you need to know not only what your highest risks are but where to marshal your efforts in moving forward. A risk assessment is designed to provide a big picture of your overall compliance obligations and then identify areas of high risk so that you can prioritize your resources to tackle these high risk areas first. Indeed the FCPA Guidance (the Guidance) listed risk assessments as one of the ten hallmarks of an effective compliance program, stating “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.”
In addition to an initial risk assessment to either (1) inform your compliance program or (2) help you to identify high risks and prioritize their remediation, risk assessments should be a regular, systemic part of compliance efforts rather than an occasional, ad hoc exercise cobbled together when convenient or after a crisis. These should be conducted at the same time every year and deputize a consistent group, such as your internal audit department or enterprise risk management team, to conduct the annual review. Such annual risk assessments act as a strong preventive measure if they are performed before something goes wrong. In addition, enforcement trends and government priorities change rapidly so it is vital to stay up to date and conduct regular assessments. Lastly, it avoids a “wait and see” approach.
V. Enforcement Actions Against Individuals
Both the DOJ and SEC made clear in the first half of this year that they will aggressively enforce the FCPA against individuals. Mike Volkov has gone so far as to predict that “It is clear that FCPA enforcement for 2013 will go down as the year of criminal prosecutions of individuals.” It is not only significant that the DOJ and SEC are more aggressively prosecuting individuals but also that they continue to use the full panoply of law enforcement tools available to them for actions under the FCPA. These include undercover operations, cooperating witnesses, grand jury proceedings, civil enforcement actions and all other implements at their disposal. It is also clear that the DOJ will give significant credit for substantive cooperation by individuals. Finally, the DOJ will prosecute officials when they have evidence of obstruction or witness tampering and will also use the Travel Act and anti-money laundering (AML) laws to bring enforcement actions.
The DOJ and SEC continue to aggressively pursue violators of the FCPA near and far. However, the entry of China into the aggressive enforcement of its domestic anti-corruption legislation may signify a level of increased risk for any company doing business in any of the traditional high risk countries or geographic areas. Further, the individual prosecutions portend an increased risk for persons who engage in corruption and bribery across the globe. Finally, do not forget the basics of any anti-bribery and anti-corruption compliance program remains the same, Document, Document, and Document.