The FCPA Blog

By Thomas Fox

I have noted with interest the excellent posts by Walker and Kaplan on the role of the Board of Directors in an effective compliance program. It brought up for me the question of who should a Chief Compliance Officer (CCO) report to in a company.

Should a CCO report to a company’s Board of Directors, or an appropriate Board committee such as an Audit Committee or Compliance Committee? Or can a CCO report to a company’s General Counsel (GC) but have access to the Board of Directors for periodic, but no less than annual, reporting? Is there any specific guidance from the Foreign Corrupt Practices Act (FCPA) or any of its U.S. government interpretations such as the U.S. Sentencing Guidelines? Is one approach more preferable than the other?

Under the 2010 Amendments to the U.S. Sentencing Guidelines now proposed to Congress, §8B2.1(b)(2)(C) requires:

Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.

There has been debate in the FCPA compliance world as to what this requirement specifies. At the recent Compliance Week 2010 Annual Conference, a panel consisting of representatives from the U.S. Sentencing Commission indicated they believe the statement only requires that a CCO have access to a company’s Board of Directors. Further, this could be through a GC, so that if a CCO reports to a GC but has access to report to the Board of Directors, such a reporting structure would be in compliance with the proposed Sentencing Guidelines.

At the same conference, however, the DOJ's Assistant Attorney General of the Criminal Division, Lanny Breuer, said a CCO should have direct access to a company’s Board of Directors, suggesting that the CCO should not have to report through a GC but should report directly to the Board.

And when the question was put to a panel from various Boards of Directors at the same conference, they responded that they only wanted the information to come to them so they could fulfill their obligations as Board members; they were not too concerned how it was presented to them or the reporting line of the person who did so.

The direct reporting approach is utilized by Halliburton, to which I posed the following question, “Who does the Chief Compliance Officer report to in your Company and why does your company utilize this approach?” Susan Ponce, Senior Vice President and Chief Ethics and Compliance Officer responded, “At Halliburton, the Chief Ethics and Compliance Officer reports directly to the company’s Board of Directors, advising both the Audit Committee and the full Board on all matters relating to legal compliance issues. We structured the CEC Office that way in order to leave no doubt that the CECO has direct, independent and unfettered access to our Board and support from Board members and our senior executives.”

The answer to the initial question posed appears to have two correct responses. The guidelines and debate go both ways. The key is in the actual reporting. As long as the CCO reports on a regular basis to the Board, both lines of authority appear to be acceptable.

So which approach does your company utilize?

Thomas Fox is an attorney in Houston, Texas, specializing in FCPA compliance, risk management and international transactions. He can be reached at tfox@tfoxlaw.com

Last week we talked about BAE's failure to appoint a compliance monitor within the 90-day period specified in its March 1 plea agreement. BAE blamed the Justice Department for rejecting six candidates and the DOJ blamed BAE for picking the wrong people.

The company asked Judge John Bates for a 90-day extension for appointing the monitor, which the DOJ "nominally" opposed, according to the judge, and which he ultimately granted.

But in his order the judge chided BAE for arguments it raised about his authority to modify the plea agreement. BAE said the judge could grant the 90-day extension for appointing the monitor, but couldn't change the description of the monitor's term to make sure he or she will serve three years, as called for in the plea agreement, and not three years minus 90-days. The judge called BAE's position "odd."

We'd call it quibbling, nit-picking, and pettifogging. Curious behavior from a company that admitted breaking several U.S. criminal laws and still managed to negotiate a favorable settlement with the DOJ. How favorable? Based on BAE's plea, the federal sentencing guidelines say it could have been penalized up to $720 million. Instead it paid $400 million. Yet, in the relatively small matter of appointing a monitor, BAE blasted the DOJ and hurled a half-baked challenge at the judge's authority.

What gives? Is BAE grateful for a settlement that saved its shareholders $320 million and preserved its ability to sell military gear to the U.S. government? Or is it resentful that it had to deal with the DOJ at all, pouting like a corporate Lindsay Lohan about the consequences of its own behavior?

Judge Bates' language in his order was judicious. Still, he was scratching his head, saying:

BAE disagrees, however, to the modification of other conditions of probation -- in particular, extension of the maximum term of engagement of the monitor by 90 days -- making the conclusory assertion that the latter condition is beyond the Court's authority under § 3563(c). But at the motions hearing, BAE offered no principled basis for drawing such a distinction among the conditions of probation subject  to modification by the Court. Indeed, BAE took the odd position that the Court could modify the period for engaging a monitor and even the term of probation imposed, but not the maximum term of the monitor. In the Court's view, that position is untenable.

Download a copy of the June 4, 2010 order in US v. BAE Systems plc here.

By Jeffrey M. Kaplan and Rebecca Walker    

As discussed in Part Two of this post, the U.S. Sentencing Commission recently approved changes to the compliance-and-ethics (“C&E”) program-related provisions of the Federal Sentencing Guidelines for Organizations. One of these changes concerns reporting to the board of directors by individuals with operational responsibility for the program, including reporting “no less than annually on the implementation and effectiveness of the C&E program.” 

In our prior post, we described what such reports should generally include, and also noted that companies should consider providing the person with C&E operational responsibility the opportunity to meet with the audit committee in executive session on a periodic basis. In this post, we offer suggestions for some questions that board members might want to raise in such sessions.

Risk Assessment/Program Scope

How do we know the risk assessment process is effective?

Despite using the process, have we been caught by surprise before by FCPA risks?

Does the program reach all relevant company operations (e.g., not just sales, but also appropriate corporate activities)?

Training and Other Communications

Are we addressing the specific FCPA issues that we need to (based on our risk assessment) – and reaching the at-risk employee population?

Do we train/communicate on FCPA compliance with sufficient frequency and impact?

Program Management and Support

Does the C&E officer (or other individual in charge of the FCPA compliance program) have adequate “clout” and resources for the job?

Is she sufficiently independent of those who could create FCPA risks?

Do other managers (in both corporate functions and business units) play enough of a role in FCPA compliance (e.g., through messaging in their respective parts of the business)?

Third-Party Measures

Are we doing sufficient due diligence on third parties?

What are our third-party FCPA communication and audit efforts?

How do our third parties ensure that their employees and agents follow our anti-bribery standards when acting on our behalf?

Other

How do incentives at our company possibly impact FCPA compliance – both positively and negatively? (Same question with respect to company culture.)

Is there anything that other companies do to prevent/detect FCPA violations that our company doesn’t, but should, do?

Of course, this is not intended as a complete list, and nor would directors want to ask all of the questions in every executive session. This should, however, help directors develop the FCPA oversight questions that make the most sense for their respective companies.

*   *   *

Jeffrey M. Kaplan and Rebecca Walker are partners at Kaplan & Walker LLP. They are currently writing a chapter for the BNA/ACC Compliance Manual on Compliance with the Foreign Corrupt Practices Act. He can be reached at jkaplan@kaplanwalker.com. Rebecca Walker's book, Conflicts of Interest in Business and the Professions: Law and Compliance, is available here. She can be reached at rwalker@kaplanwalker.com.

Sheldon Reiss, MD, an internist and pulmonologist with Cedars-Sinai Health Associates, has been ordered to prodice Gerald Green's medical records.A federal judge last week vacated the June 3 sentencing date for Gerald Green and his wife Patricia. He also ordered production of Mr. Green's medical records from his Hollywood doctor, continued the status conference until July 1, and failed to set a new date for sentencing, raising the possibility that the Greens may never spend time behind bars.

Mr. Green, 78, and his wife Patricia, 53, were first scheduled to be sentenced by Judge George H. Wu in Los Angeles in December 2009. The Hollywood movie producers were convicted last year of paying $1.8 million in bribes to a Thai official in exchange for contracts worth about $13.5 million to produce the Bangkok Film Festival.

Sentencing has now been delayed five times. This was the first time the judge continued the case without setting a new date for sentencing.

At last week's status conference, Judge Wu ordered Gerald Green's Wilshire Boulevard doctor, Sheldon Reiss, a pulmonary specialist, to turn over Mr. Green's medical records. Mr. Green has emphysema and appears in court with an oxygen bottle to help him breathe. A copy of the court's order can be downloaded here.

At a series of post-trial hearings, the judge has asked the parties to talk about penalties handed out in similar cases. He's also heard testimony about Mr. Green's medical condition, the legal merits of the Greens' convictions, and arguments for and against their going to jail.

An LA jury in September 2009 found the Greens guilty of conspiring to violate the Foreign Corrupt Practices Act, nine counts of violating the FCPA, and seven counts of money laundering. Patricia Green was also found guilty of two counts of falsely subscribing to a U.S. income tax return. After arguing that the federal guidelines call for sentences of around 20 in prison for each of the Greens, prosecutors are now apparently asking for 10-year jail terms. 

Why would Judge Wu hesitate to sentence the Greens? Mr. Green's age and health are both concerns. Is it also possible the judge wasn't happy with the prosecution in the first place? It was by any measure aggressive and, to some, over the top, with the piling on of multiple bribery counts, money-laundering and tax charges. Did the judge think the government somehow unfairly ambushed the Greens? Is he resentful about the DOJ's handling of the case, which must have sent shivers down the spine of the Hollywood movie industry? We don't know the answers.

But it's clear the judge is in no hurry to send them to jail. Beyond that, he's treating Mr. and Mrs. Green as one defendant even though he could deal with them separately. If the judge believes Gerald Green's age and medical condition prevent his imprisonment, what about Mrs. Green and her sentence? Convicted couples are often handled separately. Why not the Greens? Only the judge knows and for now he's not talking.

Stay tuned for more from this sentencing cliffhanger.

*   *   *

Here's the docket entry for May 27, 2010 in US v. Green et al, United States District Court, Central District of California (Western Division - Los Angeles), Case #: 2:08-cr-00059-GW-1:

MINUTES OF Status Conference 05/27/2010 held off the record before Judge George H. Wu as to Defendants Gerald Green and Patricia Green. The Court orders counsel for Mr. Green to forward the medical records to the Government by June 3, 2010. The Governments response will be due by June 17, 2010. Defendant Gerald Greens response will be due on June 24, 2010. The Status Conference is continued to July 1, 2010 at 9:30 a.m. The Sentencing hearing as to Defendants Gerald Green and Patricia Green, presently set for June 3, 2010, is vacated and taken off calendar. Court Reporter: n/a. (rs) (Entered: 06/01/2010)

By Jeffrey M. Kaplan and Rebecca Walker

As discussed in Part One of this post, the U.S. Sentencing Commission approved changes to the compliance-and-ethics (“C&E”) program-related provisions of the Federal Sentencing Guidelines for Organizations in April, one of which concerns steps companies should take after the discovery of criminal conduct.

The second important modification concerns reporting to the board of directors, and specifically would permit a reduction in an organization’s criminal fine despite the culpable involvement of “high-level personnel“ so long as (among other things) those individuals with operational responsibility for the C&E program have “direct reporting obligations” to the board or committee thereof. A newly-added application note clarifies that an individual has “direct reporting obligations” to the board if he or she has “express authority to communicate personally” to the board “(A) promptly on any matter involving criminal conduct or potential criminal conduct, and (B) no less than annually on the implementation and effectiveness of the C&E program.”

Board oversight of a C&E program has long been considered essential to a robust program, and this is particularly true in the FCPA realm. This is, in part, because anti-bribery compliance programs can be resource-intensive and board oversight can help ensure that a program gets the resources it needs. In addition, under the logic of the Delaware Supreme Court’s decision in Stone v. Ritter, companies with significant FCPA (or any other specific type of C&E) risk should provide information to the board regarding efforts to mitigate such risk.

In practice, reporting to the board on FCPA compliance typically includes a discussion of each element of the FCPA compliance program, with particular emphasis on (i) risk assessment; (ii) FCPA training and communication efforts; (iii) due diligence for third parties and other controls; and (iv) FCPA audit plans and results. With respect to notifying the board of actual or potential criminal conduct, the person with operational responsibility for the program should have the express authority (i.e., set forth in program governance documentation) to report to the board regarding allegations of wrongdoing (not only regarding the FCPA but of any type). Companies may also want to consider providing the person with operational responsibility for compliance with the opportunity to meet with the audit committee in executive session on a periodic basis.

The Sentencing Commission has sent the proposed amendments to Congress, and, so long as Congress does not act to the contrary (which it is unlikely to do), they will become effective on November 1.

Jeffrey M. Kaplan and Rebecca Walker are partners at Kaplan & Walker LLP. They are currently writing a chapter for the BNA/ACC Compliance Manual on Compliance with the Foreign Corrupt Practices Act. He can be reached at jkaplan@kaplanwalker.com. Rebecca Walker's book, Conflicts of Interest in Business and the Professions: Law and Compliance, is available here. She can be reached at rwalker@kaplanwalker.com.