The charging last week of three former Hewlett-Packard (HP) employees in Germany reminded me of some of the interesting underlying facts of the case. The Wall Street Journal (WSJ) has reported that at least one witness has said that the transactions in question were internally approved by HP through its then existing, contract approval process. Mr. Dieter Brunner, a contract employee who was working as an accountant on the group that approved the transaction, said in an interview that he was surprised when, as a temporary employee of HP, he first saw an invoice from an agent in 2004. "It didn't make sense," because there was no apparent reason for HP to pay such big sums to accounts controlled by small-businesses, Mr. Brunner said. He then proceeded to say he processed the transactions anyway because he was the most junior employee handling the file, "I assumed the deal was OK, because senior officials also signed off on the paperwork".
The lesson learned here is not only must there be training to all employees but a company must listen to these employee-raised issues. In almost every circumstance where a significant compliance matter has arisen, if the issue had been reported or at least sent up the chain for consideration, there is a good chance that the incident would not have exploded into a full Foreign Corrupt Practices Act (FCPA) compliance violation. Matthew King, Group Head of Internal Audit at HSBC, calls this concept "escalation" and he believes that one of the more key features of any successful compliance program is to escalate compliance concerns up the chain for consideration and/or resolution.
This means that in almost every circumstance regarding a compliance issue he had been involved with, at some point a situation arose where an employee did not report a situation or event up to an appropriate level for additional review. This failure to escalate leads to the issue not reaching the right people in the company for review/action/resolution and the issue later becomes more difficult and more expensive to deal with in the company. A company needs to have a culture in place to not only allow escalation but to actively encourage elevation. This requires that both a structure and process, for the structure, exist. The company must then train, train and train all of its employees. Lastly, while a whistleblower process or hotlines are necessary these should not be viewed as the only systems which allow an employee to escalate a concern. The key would appear to be both having the systems in place to allow such escalation and to train all employees, including contract employees on how to escalate an issue.
Mike Volkov, on his Blogsite Corruption, Crime and Compliance, released a video last week where he talked about the need for a company to listen to employee complaints. He talked about this concept in terms of a whistleblower but it also holds true if an employee escalates a concern about an anti-corruption issue. In this day of eight substantive complaints coming into the Securities and Exchange Commission (SEC) whistleblower program on a daily basis, companies simply cannot afford to not listen. Think what position HP might be in today if this temporary employee had escalated his concern and the company had listened to him. Initially, HP would not have been under investigation by governmental authorities in Germany and Russian. In the US, both the Department of Justice (DOJ) and SEC are investigating the transaction. More ominously for HP, investigators from these jurisdictions are also now investigating other international operations, including those in Russia and the former CIS states to ascertain if other commissions paid involved similar allegations of bribery and corruption as those in the German subsidiary's transaction.
Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2012
For more information about LexisNexis products and solutions connect with us through our corporate site.