"You do not want to be spread too thin". When I heard
that phrase a light bulb went off inside my head. It was uttered to me by Jan
Farley, the Chief Compliance Officer (CCO) of Dresser-Rand. I asked Jan what he
meant by the phrase and he explained that you cannot stretch your compliance
program so thin that you try and cover everything; so that you miss the larger
Foreign Corrupt Practices Act (FCPA) or UK Bribery Act risks that your company
faces. I thought about Jan's phrase in the context of the Department of Justice
(DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance. I have written
that under the FCPA Guidance companies should have carefully designed and well
thought out compliance programs.
If your company's sales model is to use third parties,
that is probably your highest risk, then prioritize your time and compliance
budget on managing that risk, initially before you move on to other compliance
risks. Conversely, if your sales model is to use employees, then put your time
and effort into managing that risk, through training and monitoring employees
regarding their interactions with foreign officials. Do not spend your time,
budget and energy on managing the risk of low to no-risk parties and issues.
There is no substitute for carefully thinking through your company's risk
Jan is one of several current CCOs in Houston who began
their compliance department careers at Baker Hughes working for Jay Martin.
Prior to joining Dresser-Rand, he was the Senior Ethics and Compliance Counsel
- Eastern Hemisphere for Baker Hughes stationed in London, England. During
Jan's tenure at Baker Hughes it paid the then largest fine ever for FCPA
violations ($44MM in 2007). Baker Hughes was under a very robust Deferred
Prosecution Agreement (DPA) and a Corporate Monitor and expended a significant
amount of time, money and effort on its compliance program. This experience
gave Jan an in-depth view of the issues in implementing and working with a FCPA
compliance program in the corporate setting.
Jan's comments also echo something that I believe is
clear from the Guidance: Don't focus on the small stuff. Indeed the Guidance
states, "Thus, it is difficult to envision any scenario in which the
provision of cups of coffee, taxi fare, or company promotional items of nominal
value would ever evidence corrupt intent, and neither DOJ nor SEC has ever
pursued an investigation on the basis of such conduct." In other words, do
not waste your compliance time, resource or energy around these small issues.
However, if these small issues are a part of a larger systemic or long standing
course of conduct that violates the FCPA, then the DOJ may well look into these
issues. You will want to show the DOJ you are focusing on the "big stuff".
The Guidance also makes clear that each company should
assess its risks and manage its risks. The Guidance specifically notes that
small and medium-size enterprises likely will have different risk profiles and
therefore different attendant compliance programs than large multi-national
corporations. Moreover, this is something that the DOJ and SEC take into
account when evaluating a company's compliance program in any FCPA
investigation. This is why a "Check-the-Box" approach is not only
disfavored by the DOJ, but, at the end of the day, it is also ineffectual. It
is because each compliance program should be tailored to the enterprise's own
specific needs, risks, and challenges.
In addition to being one of the many experienced
compliance practitioners in Houston, Jan also speaks at various compliance
conferences and events. He is doing so at the upcoming Hanson Wade Oil &
Gas Supply Chain Conference in Houston from April 29 to May 2. Jan was recently
interviewed in connection with the event.
Over the last year what changes have you seen
with regard to FCPA implementation and enforcement action by the government?
Over the last year I haven't seen any really big changes,
but a steady course of enforcement of the laws and regulations. Of course, one
of the big stories is the allegations against Wal-Mart out of Mexico. From that
you can see how an issue raised in one country can call into question the potential
for issues in other countries, and so you have a kind of knock-on effect and an
expanded search for issues elsewhere.
Another big item this past year was the Department of
Justice and SEC guidance issued in November. It is a very good consolidation of
the information and views that have developed over the course of time. I think
it is very beneficial to have and you should read and study it if you work in
A lot of people are also talking about the Department of
Justice declination against pursuing any criminal penalties against Morgan
Stanley. The DOJ acknowledged what a good anti-corruption program that Morgan
Stanley had in place. I think that was the first time that had been
specifically mentioned as a factor for declining to prosecute.
How has recent enforcement action and
regulatory focus highlighted the need for an effective compliance program?
The enforcement actions over the last five or six years
has been pretty steady. I think it's clear that it's not something that's going
to decrease any time soon. There is a steady focus in pursuing enforcement
actions because the government is obtaining a lot of money from it and so that
enables them to have the resources to keep pursuing these actions. So it will
continue to be extremely important to have an effective compliance program.
What are the main challenges you face when it
comes to remaining compliant?
I think giving the proper training and education to your
employees and business partners regarding the importance of compliance with
anti-corruption laws, and communicating the program to a diverse workforce
across the world, whilst keeping the message fresh is a major challenge. In
order to meet this challenge you've got to work to make the policies as simple
and straightforward as they can be. Importantly, you want to be able to
communicate those policies in the local language to be sure that they're
understood by your employees and business partners.
Also, it's very important to have proper internal
controls. You want to make sure that you're closely reading your internal audit
reports that your company is getting in the various countries. You can look to
see what implications the reports have for your compliance program. And you
want to make sure that internal audit is auditing for potential compliance
I found Jan's thoughts on don't spread your compliance
program too thin to be an excellent insight into how to assess and then manage
the compliance risks that your company faces. His ideas echo the FCPA Guidance
and put into words one of the very strong messages that is made clear
throughout the Guidance. Take a look at your company's risks and do not scatter
your compliance resources everywhere or too thinly.
For full details on the
Hanson Wade 3rd Annual Oil & Gas Supply Chain Conference, click here. Readers of the FCPA Compliance and Ethics Blog are
entitled to a discount on the registration charge (discount code here at bottom of article).
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2013
For more information about LexisNexis
products and solutions connect with us through our corporate site.