Walking The Fine Line Of Compliance In China

Jeffrey M. Rawitz and Erica L. Reilley of Jones Day published an article in Mondaq: China: The Foreign Corrupt Practices Act: Walking The Fine Line Of Compliance In China.

Four Suggestions for Avoiding FCPA Complications in China

Any company seeking to avoid potential FCPA problems in China, or elsewhere, should start by developing a rigorous internal compliance program. A good compliance program will include clear standards and procedures and will provide thorough training for all employees that have business dealings with China or any other foreign nation. Compliance materials and training should be targeted to the employees receiving them; thus, employees in China should be trained by local staff that understand the FCPA and can take into account the likely cultural issues—e.g., the long-standing Chinese tradition of gift giving—that may have an impact on proper compliance.

In addition, companies can limit exposure to potential FCPA problems through vigilant adherence to corporate due diligence. As noted above in the section on successor liability, U.S. enforcement authorities do not always view a merger or acquisition as extinguishing liability for past unlawful conduct. Thus, a company planning to merge with or acquire a company that has done business in China will need to do its due diligence on the target company’s business dealings, including those of its partners, agents, and distributors, to ensure FCPA compliance.

A third suggested practice to limit FCPA exposure is to negotiate and draft contracts that minimize FCPA risks. A company can do this by incorporating standard representations, warranties, and covenants in contracts with agents and distributors wherein they affirm their understanding of the FCPA and their commitment to comply with its requirements. Appropriate oversight of these agents and distributors, via inspection of business records and financial reports, may also prove helpful to ensuring a company’s overarching compliance with the FCPA.

Finally, a company’s potential FCPA liability can be minimized by forming an investigative team that can respond quickly when potential FCPA issues arise. The first part of this process requires that employees feel comfortable raising potential issues as they come up—compliance training can be particularly helpful here in assuring employees that the company wants to know of these concerns. Typically it is best for in-house counsel to be responsible for receiving such reports and for managing the resulting investigations. Lawyers usually can best assess the potential for liability (and thus the need for a complete and thorough investigation), and they can take appropriate precautions to keep the identity of the reporting employee confidential. Where notice of potential FCPA liability comes from U.S. enforcement authorities, it often is best to have in-house counsel work closely with outside counsel to provide a certain level of independence and objectivity throughout the investigation as well as to cooperate with enforcement authorities, if needed.

Compliance and Cloud Computing

Sara Peters wrote an article on Security Provoked: How Can You Prove Compliance in the Cloud?

Whether you’re in the midst of an audit or a forensic investigation, thorough logs are the key to proving compliance with security regulations. So how do you prove your organization is/was compliant when you aren’t able to maintain logs? This is the nagging question that gnaws hungrily at my weary brain every time I ponder cloud computing.

I am a big fan of cloud computing from a sharing and information architecture perspective, it may not be the right answer for critical information that is subject to regulatory control.

Yet.

The folks at Google and other cloud computing providers are not going to let compliance issues fall through the cracks for long. Cloud computing can provide similar service and less cost. Who has better understanding of security, your IT staff or the folks at Google?

 

New Link to the article: http://www.informationweek.com/security/can-you-prove-compliance-in-the-cloud/229209812

Product Samples and The Foreign Corrupt Practices Act

Richard L. Cassin of The FCPA Blog highlights Review Procedure Release No. 81-02 from December 11, 1981: A Rare (Or Medium-Rare) Opportunity. The release helps give a roadmap on how to introduce new products to potential government customers in foreign countries without violating the Foreign Corrupt Practices Act.

In Release 81-02 (December 11, 1981), the Department stated it would take no enforcement action where the requestor wished to provide samples of its products to officials of the Soviet Ministry of Foreign Trade. The Department stated that theFCPA was not implicated where (i) the samples were intended for the officials’ inspection, testing, and sampling; (ii) the samples were not intended for their personal use; and (iii) the Soviet government had been informed that the company intended to provide the samples.  (From the DOJ Website Section 1.1.5)

History of the Foreign Corrupt Practices Act

In 1977, Congress enacted the Foreign Corrupt Practices Act as part of the 1934 Securities Exchange Act .  The FCPA criminalized the bribery of foreign officials by U.S. corporations and individuals pursuing business in other countries and required that companies with publicly-traded stock meet certain standards regarding their accounting practices, books and records, and internal controls.

The FCPA consequently was amended in both 1988 and 1998.  First in 1988, Congress added two affirmative defenses and directed the executive branch to urge America’s global trading partners to pass anti-corruption laws to promote international parity with regard to business corruption.

In 1998, the FCPA was again amended to implement the Organization of Economic Cooperation and Development Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.  Congress ratified the OECD Convention and enacted implementing legislation.  These new amendments broadened the reach of potential FCPA bribery violations by expanding the scope of persons covered by the Act to include some foreign nationals.  Also, the 1998 amendments extended the FCPA’s jurisdiction beyond America’s borders to allow greater enforcement efforts by U.S. prosecutors.

The Specially Designated Nationals List (SDN)

The Office of Foreign Assets Control in the Treasury Department keeps the Specially Designated Nationals List (SDN).  The Specially Designated Nationals List is a publication of OFAC which lists individuals and organizations with whom United States citizens and permanent residents are prohibited from doing business.

FCPA Investigations are on the Rise

According to the Wall Street Journal’s Law Blog, And the FCPA Party Continues:

“U.S. government had open investigations into 84 companies at the end of last year, up from three in 2002, according to Shearman & Sterling. “In the 30-plus years I have followed these matters, there were long periods of little activity and few prosecutions in the early years. Recently there has been a dramatic increase in such activity,” says Danforth Newcomb, a Shearman partner.”

New Massachusetts Privacy Laws

Governor Patrick signed Executive Order 504 an order regarding the the Security and Confidentiality of Personal Information on September 19, 2008. This order revokes the earlier Executive Order 412.

There are also new state regulations 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth (effective Jan. 1, 2009) implementing M.G.L. c. 93H.

The Executive Order applies to state agencies. It goes further to require all contractors with the state to comply with the requirements. Even further it requires those contractors to require the contractors to require their subcontractors to also comply with the requirements.

The regulations apply to every person that “owns, licenses, stores or maintains personal information about a resident of the Commonwealth.” The regulations require:

“a comprehensive, written information security program applicable to any records containing such personal information.  Such comprehensive information security program shall be reasonably consistent with industry standards, and shall contain administrative, technical, and physical safeguards to ensure the security and confidentiality of such records.”

The regulations also require a designation of “one or more employees to maintain the comprehensive information security program.” Sounds like another task for the Chief Compliance Officer.

Thanks to Lee Gesmer of the Mass Law Blog for pointing this out: New Massachusetts Rules on Identity Theft.

A Money Services Business Guide to Money Laundering Prevention

The Financial Crimes Enforcement Network published the Money Services Business Guide to Money Laundering Prevention (pdf).

The manual starts with the definition of a “Money Service Business.”

Your business may be an MSB (Money Services Business) if…
The business offers one or more of the following services:
■ money orders
■ traveler’s checks
■ check cashing
■ currency dealing or exchange
■ stored value
-AND

The business:
■ Conducts more than $1,000 in money services business activity with the same person (in one
type of activity) on the same day.
-OR

The business:
■ Provides money transfer services in any amount.

Lay-Person’s Guide to the Foreign Corrupt Practices Act

fcpa-resource-download

The United States Department of Justice has put together a Lay Person’s Guide to FCPA on the the Department’s site on the Foreign Corrupt Practices Act.

The 1988 Trade Act directed the Attorney General to provide guidance concerning the Department of Justice’s enforcement policy with respect to the Foreign Corrupt Practices Act of 1977 (“FCPA”), 15 U.S.C. §§ 78dd-1, et seq., to potential exporters and small businesses that are unable to obtain specialized counsel on issues related to the FCPA. The guidance is limited to responses to requests under the Department of Justice’s Foreign Corrupt Practices Act Opinion Procedure (described below at p. 10) and to general explanations of compliance responsibilities and potential liabilities under the FCPA. This brochure constitutes the Department of Justice’s general explanation of the FCPA.

Sources:

UPDATE: The Layperson’s Guide to the FCPA has been replaced by  A Resource Guide to the US Foreign Corrupt Practices Act (.pdf)