Farewell To Bum And Bud: Trends In FCPA Compliance And Enforcement

by Thomas Fox

Sometimes the universe converges in ways that are quite eerie. This past weekend was such an instance when the most beloved figure in Houston professional sports passed on to the great hereafter; only to be followed two days later by the most reviled figure in Houston professional sports history. The most beloved was Bum Phillips, head coach of the Houston Oilers during the Luv Ya Blue era, when the Oilers twice reached the AFC Championship game, losing both times to eventual Super Bowl Champion, the Pittsburg Steelers. The most reviled was the owner of the Houston Oilers, Bud Adams, who not only fired Phillips because he was too popular but also huffed and puffed and picked up his franchise and moved it to Nashville when the City of Houston refused his extortionate demands for a new stadium five years after upgrading the Astrodome at his behest. It sure ought to be a great get together to watch some football upstairs this weekend.

Although one was beloved and one was reviled, they both were innovators so today I will look at five trends in both Foreign Corrupt Practices Act (FCPA) compliance programs and Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcements.

I.                   Transaction Monitoring

In April 2012, the DOJ announced that it was declining to prosecute Morgan Stanley for the FCPA violations of one of its Managing Directors, Garth Peterson, even though Peterson himself pled guilty to FCPA violations. This was the first publicly announced Declination to Prosecute by the DOJ. In announcing the Declination, the DOJ listed several factors including the firm’s extensive compliance policies and notifications thereof, internal controls and training meant to prevent FCPA violations, all of which had been acknowledged by Peterson. However, the one which struck me was that Morgan Stanley’s compliance personnel engaged in transaction monitoring, randomly auditing particular employees, transactions and business units, and testing to identify illicit payments. This was the first time that the DOJ had spelled out transaction monitoring as a key component of a FCPA compliance regime.

In December, 2012, the SEC released its FCPA enforcement action against Eli Lilly and Company (Lilly). Although this was a civil action and not a DOJ criminal enforcement action, I believe that transaction monitoring would have been a key to detecting and preventing the FCPA violations. In Brazil, there was one distributor which received a discounted rate outside the standard discount given. Transaction monitoring parameters could be set to notify internal audit or compliance if such situations occurred. In Poland, there was a clear relationship between the dates of the donations to the charitable entity administered by the Director General who was making the decisions on the sale of Lilly products. Once again transaction monitoring would have correlated this connection and flagged it for further investigation.

II.                International Corruption and Bribery Enforcement

The entry of the Chinese government into the international fight against corruption and bribery is truly a game-changer. While there may be many reasons for this very public move by the Chinese government, it is clear that foreign companies are now on notice. Doing business the old fashioned way will no longer be tolerated. I agree with Mike Volkov that the GlaxoSmithKline PLC (GSK) bribery and corruption investigation will be the Number 1 development for the year in anti-corruption compliance. This means that international (read: western) companies operating in China have a fresh and important risk to consider; that being that they could well be subject to prosecution under domestic Chinese law.

The international component of this investigation may well increase anti-corruption enforcement across the globe. First of all, when other countries notorious for their endemic corruptions, for example India, see that they can attack their domestic corruption by blaming it on international businesses operating in their country, what lesson do you think they will draw? Most probably that all politics are local and when the localities can blame the outsiders for their own problems they will do so. But, when that blame is coupled with violations of local law, whether that is anti-bribery or anti-price fixing, there is a potent opportunity for prosecutions.

III.             Document, Document and Document

The SEC is investigating JPMorgan Chase regarding its hiring practices in China. It appears that JP Morgan Chase hired children of Chinese government officials or heads of state owned enterprises. While such hirings do not violate the FCPA per se, they do raise red flags. The FCPA Professor was quoted in the New York Times (NYT) for the following, “While the hire of a son or daughter itself is not illegal, red flags would be raised if the person hired was not qualified for the position, or, for example, if a firm never received business before and then lo and behold, the hire brought in business.”

This entire episode emphasizes the continuing key concept of the three most important things in any FCPA compliance program; that being Document, Document and Document. If your compliance program does not document its successes there is simply no evidence that it has succeeded. In addition to providing to your company support to put forward to the DOJ, it is the only manner in which to gauge the overall effectiveness of your compliance program. Put another way, if you don’t document it, you cannot measure it and if you cannot measure it, you cannot refine it.

IV.              Risk Management is More Than Simply Risk Assessment

The implementation of an effective compliance program is more than simply following a set of accounting rules or providing effective training. Compliance issues can touch many areas of your business and you need to know not only what your highest risks are but where to marshal your efforts in moving forward. A risk assessment is designed to provide a big picture of your overall compliance obligations and then identify areas of high risk so that you can prioritize your resources to tackle these high risk areas first. Indeed the FCPA Guidance (the Guidance) listed risk assessments as one of the ten hallmarks of an effective compliance program, stating “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.”

In addition to an initial risk assessment to either (1) inform your compliance program or (2) help you to identify high risks and prioritize their remediation, risk assessments should be a regular, systemic part of compliance efforts rather than an occasional, ad hoc exercise cobbled together when convenient or after a crisis. These should be conducted at the same time every year and deputize a consistent group, such as your internal audit department or enterprise risk management team, to conduct the annual review. Such annual risk assessments act as a strong preventive measure if they are performed before something goes wrong. In addition, enforcement trends and government priorities change rapidly so it is vital to stay up to date and conduct regular assessments. Lastly, it avoids a “wait and see” approach.

V.                 Enforcement Actions Against Individuals

Both the DOJ and SEC made clear in the first half of this year that they will aggressively enforce the FCPA against individuals. Mike Volkov has gone so far as to predict that “It is clear that FCPA enforcement for 2013 will go down as the year of criminal prosecutions of individuals.” It is not only significant that the DOJ and SEC are more aggressively prosecuting individuals but also that they continue to use the full panoply of law enforcement tools available to them for actions under the FCPA. These include undercover operations, cooperating witnesses, grand jury proceedings, civil enforcement actions and all other implements at their disposal. It is also clear that the DOJ will give significant credit for substantive cooperation by individuals. Finally, the DOJ will prosecute officials when they have evidence of obstruction or witness tampering and will also use the Travel Act and anti-money laundering (AML) laws to bring enforcement actions.

VI.              Summary

The DOJ and SEC continue to aggressively pursue violators of the FCPA near and far. However, the entry of China into the aggressive enforcement of its domestic anti-corruption legislation may signify a level of increased risk for any company doing business in any of the traditional high risk countries or geographic areas. Further, the individual prosecutions portend an increased risk for persons who engage in corruption and bribery across the globe. Finally, do not forget the basics of any anti-bribery and anti-corruption compliance program remains the same, Document, Document, and Document.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.