This week, on the Compliance Podcast Network, I am running a five-part series sponsored by K2 Intelligence Financial Information Network on the CFIUS process. Today I want to consider effective monitoring and compliance officer solutions for CFIUS. Before we do, I want to pay a few words of tribute to Stanley Sporkin, who as much as any one person is responsible for the modern compliance profession. It was Judge Sporkin as he was later known when elevated to the federal bench, according to his New York Times Obituary, whose “investigations led to admissions by leading corporations — including Gulf Oil, Exxon, Mobil Oil, Lockheed Aircraft, R.J. Reynolds Industries and Minnesota Mining and Manufacturing — that they had made millions of dollars in secret payoffs to scores of politicians.” These investigations turning up massive corporate corruption led him to “successfully lobbied Congress to pass the Foreign Corrupt Practices Act of 1977.”
Yet Judge Sporkin was not simply an icon. He was a good friend and mentor to the compliance community and legal profession. Indeed some of the top compliance practitioners today can draw a straight line in their careers to Judge Sporkin. Mike Volkov, who worked both for and with Judge Sporkin said the following, “Judge Stanley Sporkin was a mentor and a friend. He was an innovative leader in the legal community, who displayed a unique commitment to integrity, fairness, and creative problem solving. As I reminded Judge Sporkin on multiple occasions, he was the “grandfather” of the Foreign Corrupt Practices Act. His work at the SEC was legendary in scope and established enforcement principles and solutions that are still being used today. While his career at the SEC and on the bench as a federal judge in the District of Columbia was exemplary, Judge Sporkin was a rare person who combined empathy, rule of law, and justice in all of his professional activities.”
My tribute to Judge Sporkin leads to today’s discussion of monitorships in the CFIUS process. Generally, a monitor is used to assess and oversee a company’s compliance with relevant laws and regulatory actions. It can also be in respect to a written agreement with a prosecutor, such as the Department of Justice or with a regulatory agency, through a Deferred Prosecution Agreement (DPA), Non-Prosecution Agreement (NPA), Cease and Desist Order or other court approved regulatory Directive. Monitors can help organizations comply with a CFIUS mitigation agreements on an ongoing basis as well as help to assess compliance programs and internal controls to address help, remediate and avoid future problems. Ultimately, a monitor should be able to ensure, for both the government and the company, that whatever the mitigation agreement is, or the regulatory directive might be, it is complied with going forward. Moreover, Das believes, “it’s just important to have a strong and effective monitor who understands both the business as well as the regulatory demands.”
Like every monitorship, the breadth and scope of one under CFIUS will depend on the circumstances. It could be for national security risks, mitigation requirements, changes to the transaction, the overall structure of the transaction or oversight mechanism. A monitorship can refer to the compliance framework to implement a Mitigation Agreement or an Order issued by CFIUS or even the President. The goal of any oversight mechanism or compliance framework is to “help the organizations comply with the requirements and to ensure there is effective trust, understanding and oversight being undertaken by the companies involved in the transaction. The US government led agencies for CFIUS that are monitoring and ensuring compliance with the mitigation agreement or CFIUS order have confidence that is being implemented.”
CFIUS, through a monitor, can require compliance policies and procedures across a full range of issues that might implicate the entire business. Das noted, “It might include cyber risk or access controls, the elements of the transaction, how data is held and even the appointment of additional personnel such as a security officer or a compliance officer. CFIUS could reach upward and require an independent Board member who is a US national, charged with overseeing the implementation of the compliance procedures that are in place. Once again, the monitor could oversee all of this going forward for a specific time frame.”
What should a company do to prepare for a monitorship? Das said that parties to the CFIUS process need to be prepared to dedicate the resources and personnel to be able to work with a monitor and effectively implement the requirements imposed by CFIUS and overseen by the monitor. If you know your organization is deficient in areas of compliance, as diverse as information technology, cybersecurity or export controls or other areas. Das acknowledged, “it may have a fairly significant impact in terms of how the company does business from a day to day perspective” but it is better to start “sooner rather than later”.
Das reiterated that companies must dedicate the resources to implementing a monitoring and compliance framework. Equally important, “companies need to be prepared to create a positive environment to work with the monitor who will be assessing the company’s compliance program and compliance risks on a regular basis. The company needs to work to start off and maintain a positive relationship with the monitor as it can also turn into an adversarial one if it becomes a competitive relationship.” Das believes this means it is important for companies to find a monitor with experience, the ability to work with them in a broad range of environments that understands business imperatives, but also understand what the national security considerations.
A professional monitor is critical to fit these requirements so the company should use good judgement in the selection or recommendation process. However, the company must make sure from its position that it works very hard to keep the monitorship a positive one. Laying such groundwork before the monitor is formally appointed can go a long way to setting the expectations to be met during the monitorship and making it a successful one. Das said it all starts with “setting the tone from the top in terms of governance, delivered by the Board and by the senior management on down to the staff level. It requires appropriate risk assessment and risk and valuation. Also, in terms of new business lines, new technologies, new products, the geographic areas that the company might be entering. Communicate the message that ‘It’s going to work.’”
[View source.]
