Month: December 2008

Defining “Foreign Official” Under the Foreign Corrupt Practices Act

Jeffrey Clark of  Willkie Farr & Gallagher moderated a conference on Defining “Foreign Official” Under the Foreign Corrupt Practices Act. David Stewart, U.S. Department of State and Georgetown University Law Center and Kathleen Hamann, U.S. Department of Justice led the discussion.

They start with a quote: why is a raven like a writing desk? (From Alice in Wonderland) There is no answer. There are some obvious examples. The problem is the “instrumentality of a foreign government” part of the definition of foreign official. The statute offers no clarification. The DOJ releases provide some examples: 94-01 and 08-01. There are some settlements that provide some guidance.

The issues is also pertinent to the OECD, the UN convention against corruption and other international treaties.

One thing to look at is whether a public official can veto or control the operations of the enterprise. It is not necessarily majority ownership or majority voting rights.

You can also look to the sovereign immunity. Would that person be protected by the sovereign immunity laws? If so, then they are public officials.

They also point out that a corrupt act is a corrupt act. You could be violating other non-public corruption laws. You should focus on not committing the corrupt acts.

It was clear from the discussion that companies are having a hard time figuring out when an entity is public and when it is private. If you can’t figure that out then you cannot figure out the individuals.

Evolution of Compliance

I watched a recorded webinar presented Complinet: Compliance Evolution: Lessons Learned, Forgotten and Ignored. (March 13, 2008) Betsy Prout Lefler, the Deputy Director of Compliance at Piper Jaffray and Co. gave the presentation.

There are many different perspective on compliance and what compliance professionals do. In part because the role has changed very quickly.

At first is was only about procedures and monitoring designed to deter and deter violations of applicable laws and regulations. Now, compliance is involved in the CEO certification process, internal controls (SOX) and risk based reviews of company action.

Regulators originally gave little guidance on the role of compliance. Now compliance officers need to be involved in the SEC review process. Compliance officers need to understand not only the regulations, but also need to know the industry, the operations of the company and the products offered. CCO is not a risk manager and a strategist.

Betsy referred to the SIA 2005 Role of Compliance White Paper. This white paper tries to establish a model for compliance professionals thorughout the industry. She also notes that in 2003 the SEC began a formal approach to assessing a company’s culture of compliance.

What has caused evolution?

  • Regulatory changes – there are increasing number of regulations in the financial industry
  • Scandals – each scandal triggers more regulations and more concerns
  • Technology – more and more technology means more and more information

She things technology has made some of the biggest changes. Technology can be a compliance officer’s best friend. It is much easier to find and track issues and trends. Technology can help automate compliance. But technology can also be your worst enemy. There are lots of smoking gun emails. Technology can also automate non-compliance. Technology glitches can cause misstatements.

Don’t get stuck on “how we used to do it.” The role is evolving.

LegallyMinded – The ABA Tries to Get Social

The American Bar Association launched LegallyMinded, a social networking site targeted at lawyers, paralegals, law librarians, law students and anyone else in the legal market. Being a student of social networks for lawyers, I thought I would sign up.

I encountered my first problem when they asked me to have a username rather than my real name. The statement was to use your real name. But they do not allow spaces in the username.Someone else had already grabbed the “dougcornelius” username. I am stuck with dougcornelius1.

The next problem was the lengthy six step sign-up process. No other site makes you add so much information. I singed in with my ABA identification so I would expect they would carry over my ABA information. I was wrong.

The next challenge was trying to connect with people. They offer an interactive map showing people with similar interests closer to you. It seemed to make little sense to me. Right next to me was someone who runs a small rural practice. Not me.

The site shows people with their username instead of their real names so it is hard to figure out who is who. My first search was to find out who joined as dougcornelius. No luck in being able to search the site for people by name. Of course their real name is hidden anyhow.

I moved on to the group function. There were two dozen in place, none of which held much interest for me. Five were focused on law students or law schools and three were focused on geography. So I set up a group for compliance since I noted Bruce Carton from Securities Docket and Compliance Week was on the site. I could not find a way to invite him to the group.

They have a blog feature so I tried that out. I copied in some posts from my Compliance Space blog to try out that feature. The publishing and editing of the blog platform is really poor.

The ABA Journal published a piece in the December 2008 issue: The ABA Gets Social.

“We set out to do something different,” says Fred Faulkner, the ABA’s manager of interactive services in Chicago. “We looked at a lot of the professional and social networks, and the gap we found was that there truly wasn’t a good site that was a cross between professional and personal networking.”

“We’re filling that gap by offering the best features of sites like LinkedIn and Facebook and adding a bunch of content from the ABA and other high-quality content sources.”

I think they missed the mark with LegallyMinded.

Bob Ambrogi is trying to test it out, but he can’t even log in: ABA Launches (Buggy) Networking Site.

Originally published on KM Space.

Things You Should Never Put in an E-Mail

Molly McDonough of the ABA Journal puts together a list of things you should never put in an email, borrowing from Roger Matus10 Things Never To Put In Email:

  1. “I could get into trouble for telling you this, but…”
  2. “Delete this email immediately.”
  3. “I really shouldn’t put this in writing.”
  4. “Don’t tell So-and-So.” Or, “Don’t send this to So-and-So.”
  5. “She/He/They will never find out.”
  6. “We’re going to do this differently than normal.”
  7. “I don’t think I am supposed to know this, but…”
  8. “I don’t want to discuss this in e-mail. Please give me a call.”
  9. “Don’t ask. You don’t want to know.”
  10. “Is this actually legal?”

If you find yourself typing one of these phrases, perhaps you should delete the entire email. These are catchphrases often used by e-discovery professional to find smoking gun emails.

What are WIFs?

My notes from the EthicsPoint webinar on intake models and the value of web intake forms.  The presenter was Erin Watkinson a business solutions consultant at EthicsPoint.

A custom web intake form is a replacement for paper based forms. You can use the web to report on issues.

Reporting should encourage employees to first go to a supervisor and not go anonymously right away.

A custom WIF is a case intake mechanism for non-licensed users. Its a custom report form that you can brand and format as needed or desired. The WIF can eliminate the re-keying of data. The form dumps the information into a central database.  in a WIF you can have explanatory text, images, fields and/or links to other documentation. The WIF is mapped to fields in the EthicsPoint Event Manager. You can create custom print forms to match the look and feel of the WIF. All of the data elements are available for reporting and analytics. There is also branching logic available depending on how questions are answered.

Erin then showed an example of an HR Management report. This highlighted the branching features. Another demo was the Hospira HR system. They used the system for people to ask questions. The system tracks the questions and the answers given.

Investigating Suspected Financial Accounting Irregularities

I watched the webinar from EthicsPoint and Kroll on Investigating Suspected Financial Accounting Irregularities. Jed Davis is the Managing Director in the Business Intelligence and Investigations Division of Kroll and Dave Hess is the Managing Director of the Forensic Accounting and Litigation Consulting Division of Kroll.

Dave emphasized the need to have a plan in place to deal with an investigation.

In Planning the investigation:

  • Establish an independent team with required expertise:
  • Identify and preserve relevant documents and evidence
  • Determine the scope and timing of investigation
  • Develop work plan and approach
  • Establish internal communication protocol

Some key objectives and considerations are:

  • to ensure and maintain rigor and credibility of investigation
  • to work with outside counsel to establish and maintain procedures to protect attorney‐client privilege
  • communicate with the investigating parties and stakeholders.
  • Establish procedures to avoid “scope creep”
  • Determine if alleged misconduct was an isolated act or a systemic problem
  • Establish verifiable chronology of policies, decision‐making and actions in issue
  • Identify internal control deficiencies and make recommendations for improvements
  • Report investigation results to stakeholders

Presentation slides for Investigating Suspected Financial Accounting Irregularities.(.pdf)

Computer Illiteracy Is No Defense For Spoilation

You can’t put your hands in the area and say you do not know anything about computers. The Oklahoma Supreme Court recently issued an opinion that a litigant was subject to sanctions: Barnett v. Simmons, 2008 OK 100, 11/10/2008).

The court looked to the standard for sanction in Oklahoma and found no requirement of willfullness. Nor did the federal rule 37(b)(2) require willfullness. The rules merely provide for sanctions if a party has “failed to obey” an order of the court. Willfullness just goes to the severity of sanctions.

For records keeping, you need comply with standards regardless of your individual capability.

Open Letter to CEOs of SEC-Registered Firms

sec-sealThe SEC’s Office of Compliance Inspections and Examinations has published an letter to CEOs of SEC Registered Firms about the importance of compliance programs during this time of “financial and market turmoil.”

December 2, 2008

Dear CEO of SEC-Registered Firm:

During this time of financial and market turmoil, the Office of Compliance Inspections and Examinations of the Securities and Exchange Commission reminds leaders of SEC-registered firms, including broker-dealers, investment advisers, investment companies and transfer agents, of the critical role played by your firm’s compliance programs in helping to meet your obligations under the securities laws. Your firm’s compliance function is critical to assure that your operations comply with the law and rules for industry participation and to ensure that the interests of your customers, clients and shareholders are protected. Moreover, compliance is a vital control function that helps to protect the firm from conduct that could negatively impact the firm’s business and its reputation.

While many firms are considering reductions and cost-cutting measures, we remind you of your firm’s legal obligation to maintain an adequate compliance program reasonably designed to achieve compliance with the law. As SEC Chairman Cox noted recently, “[E]xperience has taught us again and again that giving short shrift to regulatory compliance subjects a company’s investors, employees, management, directors, and every other stakeholder to unacceptable risks….[C]ompliance programs have made huge strides in recent years in becoming more formalized and more robust…. Now more than ever, companies need to take a long-term view on compliance and realize that their fiduciary responsibility requires a constant commitment to investors. That means sustaining their support for compliance during this market turmoil, and beyond it as well.” http://www.sec.gov/news/speech/2008/spch111308cc.htm

Firms must be vigilant and proactive in preventing, detecting and correcting problems that could occur. Firms should pay attention to ensuring that their interactions with investors meet high standards, that sales and trading practices are appropriate, that financial, valuation and risk controls are followed, and that all disclosure obligations are met — as well as meeting all other obligations in conformity with the securities laws.

By fulfilling their obligations, regulated firms in the financial services industry can help to restore and bolster public confidence in the fairness and integrity of our markets and market participants. Providing adequate resources to compliance programs and functions and ensuring that CCOs and compliance personnel are integrated into the activities of the firm are essential to that process.

Thank you for your focus on this important matter.

Very truly yours,

Lori A. Richards
Director

http://www.sec.gov/about/offices/ocie/ceoletter.htm

Core Initial Request for Information from Investment Advisers

sec-sealThe SEC’s Office of Compliance Inspections and Examinations has published its Core Initial Request for Information for Investment Adviser Examinations.

The initial phase of an examination includes a review of the firm’s business and investment activities, its organizational affiliations and its corresponding compliance policies and procedures. The staff will request information and documents and speak with the firm’s employees to ensure an understanding of the firm’s business and investment activities and the operation of its compliance program. Using the information obtained, the staff will assess whether the firm’s compliance policies and procedures appear to effectively address the firm’s compliance risks. This work includes testing the firm’s compliance program in particular areas.

The following points provide an overview of the core information the staff requests:

  • Certain general information to provide an understanding of the firm’s business and investment activities, including organizational charts, demographic and other data regarding advisory clients, and a record of all trades placed for its clients (trade blotter).
  • Information about the compliance risks that the firm has identified (e.g., an inventory of compliance risks) and the written policies and procedures the firm has established and implemented to address each of those risks to provide an understanding of the firm’s compliance risks and corresponding controls.
  • Documents relating to the results of and output from the various transactional (quality control) and period (forensic) testing conducted to provide an understanding of how effectively a firm has implemented its compliance policies and procedures. This includes the results of any compliance reviews, quality control analyses, surveillance, forensic or transactional tests the firm has used to determine if activities have been performed as expected and to identify activities or transactions that have fallen short of or breached related policies and procedures.
  • Information regarding the results of any tests and follow-up actions taken by the firm to address shortfalls or breaches revealed by such tests to provide an understanding of steps taken by the firm to address the results of compliance reviews, quality control, forensic or transactional tests conducted. This information might include, for example, warnings to or disciplinary action of employees, changes in policies or procedures, redress to affected clients, or other measures.
  • Information to perform testing for compliance in various areas.

http://www.sec.gov/info/cco/requestlistcore1108.htm

Public Hearing on Massachusetts Data Privacy Regulations

The Massachusetts Office of Consumer Affairs and Business has published a Notice of Public Hearing on 201 CMR 17.00, Standards for the Protection of Personal Information of Residents of the Commonwealth. (.pdf)

The hearing is on Friday, January 16, 2009 at 2:00 pm in Room No. 5-6, Second Floor of the Transportation Building, 10 Park Plaza, Boston.