FBI and FCPA

In addition to learning about the FBI’s compliance program, understanding white collar criminals, and a visit to the FBI Academy, the FBI Corporate Compliance Officer Outreach Event included a very frank discussion of the Foreign Corrupt Practices Act. The program brought in attorneys from the Department of Justice to discuss their approach to bringing FCPA cases.

Anyone who has read the FCPA Opinion releases may be surprised to hear the practical approach spoken by the presenters. The opinion releases paint a vary minimal threshold for ordinary business entertainment expenses to not be outside the boundaries of a bribe.

The presenters started off with four types of payments that are not bribes:

  1. Facilitation payments (still suspect)
  2. reasonable and bona fide gifts and entertainment
  3. duress payments, when there is a threat of physical harm
  4. Extortion

They pointed out that the key to a bribery case is the corrupt intent. They painted a picture that the DOJ has a hard time finding proof of corrupt intent and an even harder time convincing a jury that there was corrupt intent. In my view, that leaves a lot of grey areas between the de minimis standard in the opinion releases and the much larger payments in prosecuted cases.

They pointed to the Morgan Stanley case as one where the firm’s compliance program stopped the DOJ from seeking further prosecution. As to the compliance defense and credits under the sentencing guidelines for effective compliance programs, the speakers admitted that you rarely see those in cases. However, that is because the DOJ rarely brings cases when they see an effective compliance program.

The last piece of news was to be on the lookout for some substantial guidance on the FCPA. The guidance is not coming out  as a response to the Chamber of Commerce or other critics of the FCPA. It’s a response to the OECD’s review of the US corruption laws in 2010. The Phase III report recommended consolidation and summarization of available information on the application of the FCPA. This guidance will be that consolidation. To meet the deadline of the OECD report, we should expect the guidance to come out in October.

Materials:

A Visit to the FBI Academy

As part of my visit to the FBI Headquarters for the FBI Corporate Compliance Officer Outreach Event, we took a trip to Quantico to visit the FBI Academy. The Academy shares space with the Marine Corps base and is therefore behind heavy security. Even with all of that security, there are buildings at the Academy under even more security. Needless to say, we did not get to visit those buildings.

This part of the trip was more about FBI programs, than about compliance. The exception was a viewing of the FBI’s ethics video. This was an impressive production with field agents placing the ethical standards in the context of actual case issues. Change the discussion from law enforcement and the ethics video would be an example of a great corporate ethics video, putting a code of conduct in the context of real situations.

The FBI Academy facilities have an overall 1970s feel to them. This makes sense, since the facilities were built in the 1970s.  We didn’t get change to enter Hogan’s Alley, a mock city used for tactical training. However, we did hear lots of gun fire. The first barrage sounded like a dozen or so trainees opening fire at once. A few minutes later an enormous barrage echoed across the compound, sounding like the ill-fated San Diego fireworks. Clearly, the trainees had switched to automatic weapons.

Materials:

FBI and Understanding White Collar Criminals

As part of my visit to the FBI Headquarters for the FBI Corporate Compliance Officer Outreach Event, Supervisory Special Agent Susan Kossler discussed her work in the Behavior Analysis division of the FBI.  The Silence of the Lambs and  “Criminal Minds” have glamorized the work of FBI profilers, making them seem like real life versions of Sherlock Holmes who always get their man.

Of course, reality is much more complex. And according to SSA Kossler, much less glamorous.

In applying the analysis to financial crimes, the research unfortunately shows that many of the traits that are indicative of a white collar criminal are also the traits most companies seek in their top executives.

The other complexity is the division in criminal behavior between the leaders and the followers. Take the case of Bernie Madoff. Clearly, he was the leader of the crime. Others convicted, under indictment, or under investigation were mostly followers. They believed in their leader and followed him into the dark cave of blatant fraud. Their motivations and behavioral traits are likely much different than those of Mr. Madoff.

SSA Kossler provided an extensive bibliography if you are interested in further study.

Sources:

Bibliography: (Bold indicates the article is available online.)

The FBI’s Compliance Program

As I mentioned last week, I had a chance to meet with the Federal Bureau of Investigation and learn about their compliance program and some aspects of other FBI programs.

Patrick W. Kelley gave a very thoughtful overview of the FBI’s compliance program. Like many compliance programs, it was born from a crisis. The FBI was accused of abusing the use of National Security Letters. An NSL is a demand letter, which differs from a subpoena.  An internal FBI audit found that they violated the NSL rules more than 1000 times in an audit of 10% of its national investigations between 2002 and 2007.

Mr. Kelley was tasked with creating a compliance program to identify and prevent abuse. He looked around at other government agencies, but decided that the private sector was a better model for his program. As a result, the program sounds more like a corporate compliance program and not merely a government bureaucracy.

That means, there is a strong emphasis on management buy-in, the tone at the top and risk reduction methodology. To show the tone at the top, FBI Director Robert S. Mueller, III took time out of his day to speak with the group and talk about the importance of the compliance program.

The Office of Integrity and Compliance reports to the Deputy Director and has a council of senior leaders to help oversee and guide the program. The leaders come from across the Bureau giving a wide swath of exposure to the operational risks they confront.

As with any compliance program, training is a challenge. As global organization, the FBI has tens of thousands of employees spread out across hundreds of offices across the United States and the foreign jurisdictions. Training is at a premium because it can’t be an operational impediment. You would hate to think the FBI missed an opportunity to prevent a major incident from occurring because the agent was sitting in a compliance training program.

On the other hand, I felt the FBI took compliance and operational limitations under the law and the constitution very seriously.

In addition to the compliance side of the OIC, there is also a formal ethics program. These too involve similar themes as you would see in a corporate environment:

  • Gifts (Personal Gifts, Gifts of Travel, Gifts to FBI)
  • Use of Government Property/Time
  • Conflicts of Interest
  • Financial Disclosure
  • Awards
  • Outside Employment
  • Involvement in Non-Federal entities
  • Political Activities
  • Misuse of Position
  • Endorsement and preferential treatment
  • Fundraising in the Federal Workplace

The big issue confronting the OIC is the new disclosure requirements as a result of the STOCK Act. The law was revised to requires certain executive branch employees to make financial disclosures just as Congress is required. That means some FBI employees will need to start making financial disclosures or need to make expanded financial disclosures.

Sources:

My Visit with the FBI

You would expect a visit with the FBI to be terrifying. When they come with their badges out and windbreakers on, you are in trouble. The FBI headquarters is easy spot, sitting right on Pennsylvania Avenue in Washington, D.C. Even once you get past the security guards and metal detectors in the front lobby, visitors have to pass through two more security checkpoints. Fortunately, my visit did not involve handcuffs.

The Federal Bureau of Investigation partnered with the Society of Corporate Compliance and Ethics to host the FBI Corporate Compliance Officer Outreach Event. I was fortunate enough to attend.

Patrick W. Kelley, Chief Compliance Officer, Office of Integrity and Compliance of the Federal Bureau of Investigation, was the host. That was the first unexpected piece information. The FBI has a Chief Compliance Officer and a formal compliance program. The second unexpected piece of information was that the FBI’s compliance program faces many of the same issues as any company’s compliance program.

Like many compliance programs, it was born from a crisis. The FBI was accused of abusing the use of National Security Letters. An NSL is a demand letter, which differs from a subpoena. It is issued to an organization, typically a telecom or ISP, to turn over various record and data. NSLs can only request non-content information, such as transactional records, phone numbers dialed or email addresses mailed to and from. Section 505 of the USA PATRIOT Act greatly expanded the use of the NSLs. An internal FBI audit found that they violated the NSL rules more than 1000 times in an audit of 10% of its national investigations between 2002 and 2007.

The FBI Director Robert S. Mueller, III did not like the abuse and tasked Mr. Kelley with creating a compliance program to identify and prevent abuse. To their credit, they also expanded the compliance program to cover 49 other areas of risk.

I’ll be posting more stories from this event over the next few days.

Compliance & Ethics Institute Announces Las Vegas Lineup

scce

The Society of Corporate Compliance & Ethics has released the schedule of programs for its Compliance & Ethics Institute to be held September 13-16 in Las Vegas: Preliminary Brochure (.pdf) I am not sure if I am going to head out to Las Vegas for this particular conference, but there are some very interesting topics on the agenda.

These are a few sessions that caught my attention:

  • 102: Facebook, LinkedIn, YouTube–Friend or Foe? How Social Networks and Web 2.0 Are Creating Risks for Companies
    Orrie Dinstein, Chief Privacy Leader, GE Capital
  • 103: Risk Management Culture: The Linkage Between Ethics & Compliance and ERM
    Barbara Kipp, Partner, PricewaterhouseCoopers
  • 303: Compliance at Siemens: A Management Change Process
    Dr. Klaus Moosmayer, Compliance Operating Officer and Chief Counsel Compliance & Investigations, Corporate Legal and Compliance, Siemens AG
  • 403: Key Recent Developments Regarding Attorney-Client Privilege, Work Product Protection, and Indemnification
    Frank Sheeder, CCEP, Partner, Jones Day
  • 505: The Post-Bailout Regulatory Scene: Implications for Your Compliance & Ethics Program
    Matt Kelly, Editor in Chief, Compliance Week
  • 604: The Ethics Gap: How Our View of Business Ethics has Gotten Out of Step with the Public’s and What We Need to Do About It
    Ed Petry, PhD, Vice President, Ethical Leadership Group, A Global Compliance Company

A Benchmarking Survey on Third-Party Codes of Conduct

Society of Corporate Compliance & Ethics

Rebecca Walker of Kaplan & Walker LLP is the author of a report on A Benchmarking Survey on Third-Party Codes of Conduct (register to download) sponsored by The Society of Corporate Compliance and Ethics. The SCCE received survey results from more than 400 compliance professionals on how they deal with third-party compliance policies. As Rebecca point out in the report: “Organizations are also subject to risks of misconduct by virtue of the actions of agents and other third parties who act on their behalf or partner with the organization in some way.”

Among the relevant findings in the survey:

  1. Only 47% of companies disseminate their internal employee code of conduct to to third parties.
  2. Only 26% of companies require that third parties certify to their codes of conduct.
  3. Of those 26%, 92% did not have a threshold as when they required certifications.
  4. Only 17% of organizations have a code of conduct that is applicable to third parties.

Rebecca points out the U.S. Sentencing Guidelines provide incentives to have your compliance programs reach out to third parties:

Sentencing Guideline §8B2.1(4):

(A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.

(B) The individuals referred to in subdivision (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents.

One of the problems with pushing out your compliance program to third parties is that they may have the may have their own which differs with your program. The bigger problem is you setting the compliance standards but not enforcing them. Rebecca offers some ways to extend compliance and ethics requirements to third-parties. These are some highlights:

  • Conduct due diligence regarding business partners’ compliance and ethics programs.
  • Incorporate language into contracts with third parties requiring compliance.
  • Train third parties on the ethics and compliance program or on particular company policies or procedures.

Thanks to Corporate Compliance Insights for pointing out this survey: Third Party Controls Lacking In Ethics and Compliance Expectations Says SCCE Survey.

General Counsel as the Chief Ethics and Compliance Officer

Over at the Society of Corporate Compliance and Ethics bulletin boards there was a great deal of discussion about whether the CECO should hold a concurrent role as general counsel or whether the positions should be split. Here are a collection of reasons:

  • In some industries, including healthcare, the government has specifically stated that it does not believe that the compliance officer and general counsel roles should be filled by the same person or that the compliance officer should report to the general counsel.  This position occurs in “compliance program guidance” issued by the HHS Office of Inspector General. Daniel Roach
  • The role of compliance is to unearth issues and potential issues while they are still inchoate – not necessarily the same as the GC who is generally reactive and then not beyond the specific question presented. Emil Moschella
  • I think the joint role could affect the integrity of the attorney-client privilege.  If the roles are separate then I think the privilege is less assailable on the grounds that the hat being worn at the time the alleged protected information was received that the individual was wearing the hat of the compliance officer and not that of the GC. Emil Moschella
  • Many of the processes that the Compliance Officer (CO) may wish to review, may have been previously blessed by the office of the GC so that they may not get the fresh look of the compliance office would give it.  Independence of the compliance review is questioned. Emil Moschella
  • The compliance and ethics function is not the business of giving legal advice.  It is a management function that calls for good project management skills. It calls for a focus on ethics and compliance, when often lawyers focus on just the law.  Joseph Murphy