Today we acknowledge (I cannot say celebrate) one of the seminal events which led to the explosion of Foreign Corrupt Practices Act (FCPA) enforcement actions from 2004 forward. On this day in 2001 the Houston based company Enron filed for bankruptcy. While other larger financial scandals came afterwards, at the time Enron was the largest corporate failure. In prior years the company posted revenues of $111 billion and at the time of its bankruptcy, its share price hovered at $0.26. The reason – it was all one big accounting fraud.
Enron and the later (and bigger) WorldCom scandal led to the passage of Sarbanes-Oxley (SOX). Many have speculated that the requirements for corporate certifications of financial statements led to greater corporate internal investigations and subsequent disclosures of corporate wrongdoing; Enron had other influences that led to the increased FCPA enforcement.
The weak and ineffective SOX whistleblower provision led to the more robust protections for whistleblowers found in the Dodd-Frank Act. These whistleblower provisions provided for both greater protection of whistleblowers from retaliation and greater incentives for whistleblowers through the payment of bounties for information that leads to successful Securities and Exchange Commission (SEC) prosecutions or agreed resolutions of a FCPA violation.
The Enron scandal led to the destruction of the venerable (former) Big Four accounting firm Arthur Anderson when it went to trial to contest charges of destruction of its Enron documents. After sustaining a guilty verdict, the firm ceased to exist. To this day, many cite this unnecessary wipeout of a company as a reason for the development of an alternative form of prosecution, the Deferred Prosecution Agreement (DPA).
While there were certainly other factors that help explain the increase in FCPA enforcement from 2004, self-disclosure and DPAs are two of the abiding legacies of Enron. I thought about these twin peaks when I watched a YouTube video cast of the recent New York University Program on Corporate Compliance and Enforcement public forum where Andrew Weissmann and Hui Chen discussed the newly created Compliance Counsel position at the Department of Justice (DOJ) to help the DOJ evaluate corporate compliance programs. While Weissmann’s remarks focused more on the reasons for the position, Chen discussed four primary areas that she indicated she would focus on as DOJ Compliance Counsel. If you are a Chief Compliance Officer (CCO) or compliance practitioner, you need to consider how you would answer these inquiries from the DOJ (or SEC).
Thoughtful Design of Your Compliance Program
Echoing the FCPA Guidance admonition that “if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately”, Chen believes there should be some significant thought put into a company’s compliance program. She expounded that stakeholders need to be a part of your compliance program design process and have input into the compliance internal controls. If your company has a violation, Chen said she would look at whether your compliance program addressed the wrongful conduct or if there was a gap in compliance coverage. Finally, she added, you need to perform a root cause analysis over your heightened risk.
How Operational Is Your Compliance Program?
This point follows number one above in that your compliance program should be tied to the functional unit of a company. This means that Human Resources (HR), Payment, Audit, Vendor Management and all traditional indirect cost functions need to be involved in the operation of your compliance program in their respective areas of influence. The key question she will focus on is how did the compliance program you designed to remediate the conduct that led to the violation work in the operation of your company?
How Well Do You Communicate with Your Stakeholders?
Here Chen really wants to see evidence that you, as the CCO or compliance practitioner, got out of your office and met with the stakeholders of your compliance program. But this is more than simply in your compliance program design, it includes the compliance program implementation. She suggested evidence to show more than compliance simply had a seat at the table but the compliance was actively involved with operational decision-making.
In a question from the audience Chen further articulated an example around compensation. She said compliance needs to be a part of the discussions around how compensation systems are designed and particularly around discretionary bonus systems. She admitted that compliance’s views on compensation are not always sought but in her mind it is one area that, if utilized, would demonstrate a commitment to compliance by the organization.
It would seem this is an appropriate place and time to remind everyone that the three most important things in FCPA compliance are DOCUMENT, DOCUMENT and DOCUMENT. If you cannot document it, the inference is that it never happened so as a CCO or compliance practitioner you need to be prepared to demonstrate your involvement in operational decisions.
How Well Are You Resourced?
Chen emphasized that this meant more than monetary resources or even head count. She specified the twin resources of attention and commitment. She will inquire into how often you meet personally with your Chief Executive Officer (CEO), Audit Committee of the Board and the full Board of Directors. She also said she would inquire into the details of these briefings, so, for instance, are the briefings based on employee surveys, quantitative data or is it simply anecdotal information? She said that it is important that compliance have a real dialogue with the C-Suite and not a rote briefing.
However with regard to CCO compensation, Chen noted there were a couple of areas of inquiry. First is that the amount the CCO is paid could be an issue. For instance is the CCO compensated at an amount at or near the General Counsel (GC) level? If it is one-half what does that communicate within the organization? She also would inquire into whom in the company sets the CCO compensation and who reviews it.
Interestingly she indicated there was not a DOJ position on where a CCO should sit in an organization, whether in the GC’s office or in a separate department. It depends on what works best for your organization however it has to be thoughtfully designed but the most important element is that compliance can and is heard from by senior management.
Chen’s remarks were quite important because they provide insight into how she and the DOJ will look at your compliance program if you are entangled in a FCPA enforcement action.
To view a YouTube video of the event, click here.
[View source.]
