Marshall Miller, the Justice Department’s principal Deputy Assistant Attorney General for the Criminal Division, has been heating up the compliance conference circuit in recent weeks. On September 17th, it was the Global Investigation Review Program in New York. On October 7th, he stopped by the Advanced Compliance and Ethics Workshop to discuss corporate compliance programs: what to do and what not to do to maximize their effectiveness.
As you might expect Miller to say, a growing company’s failure to expand compliance programs to meet its needs can lead to a lot of problems. Conversely, programs that have widespread, protective and training mechanisms – as well as procedures designed to uncover wrongdoing and expose culpable individuals – are the most effective.
Also, while no single compliance program could fit all companies, some characteristics will be common to all. Fortunately, the Justice Department and SEC have told you what those are in their 2012 FCPA Resource Guide. Have you read it? Even if your company’s sales are entirely domestic, it might not be a bad idea. It includes a section entitled, “Hallmarks of Effective Compliance Programs.” As Miller notes, while the hallmarks are focused on anti-corruption compliance, “the principles identified apply universally.” These include:
-
Commitment from corporate leaders;
-
Adaptation to corporate growth; and
-
Encouraging good behavior with concurrent enforcement and discipline of bad actors.
Miller pointed out several egregious cases from the recent years. Weatherford International is a Swiss oil services company that settled a massive FCPA case in November 2013. Before 2008, Weatherford did not have a dedicated compliance officer or compliance personnel, did not conduct anti-corruption training, and did not have an effective system for investigating employee reporting of ethics and compliance violations. Though it operated in more than 100 countries, it didn’t bother translating its compliance policy into non-English languages, and did nothing to respond to affirmative allegations of corruption arising out of a 2004 ethics questionnaire. “Put simply, Weatherford’s compliance policy was a program in name only. It wasn’t worth the paper it was written on.”
The Orthofix International case, Miller said, is another example of a program’s adaptive failure. Between 2003 and 2010, according to DOJ and the SEC, the Mexican subsidiary of this medical device company paid bribes to Mexican officials in return for hospital agreements to purchase millions of dollars of medical equipment. Like Weatherford, Orthofix had failed to translate its compliance policy into Spanish or even implement its compliance policy at the subsidiary. Orthofix also failed to train its personnel or regularly test or audit transactions for illicit payments.
One case Miller cited involved not so much a failure of compliance as much as a triumph of we-don’t-need-no-stinking-compliance. Between 2004 and 2012, BNP Paribas secretly moved over $8.8 billion through the U.S. financial system on behalf of Sudanese, Iranian and Cuban sanctioned certain Sudanese banks. Another identified specific transactions in cautioning that a satellite bank system was being used to evade U.S. sanctions. The compliance officer sounded warning bells, writing: “This practice effectively means that we are circumventing the U.S. embargo on transactions in USD by Sudan.” Other compliance staff in New York flagged some problematic transactions and raised concerns. What did bank officials say in response? As one executive put it: “I only see the solution of going through another bank than BNPP NY for all transactions to these destinations.”
Miller’s prescription for compliance personnel in such a situation is . . . well, he doesn’t really have one. Document your advice and when you gave it? Try not to find yourself on the legal or compliance side of such a company because there will not be much you can do.
Miller did end on a positive note with reference to the 2012 Morgan Stanley FCPA “declination” and concurrent prosecution of Garth Peterson. The message, as Miller is becoming fond of saying, is to have a rigorous compliance program with substantial training and follow-up, and be ready to rat out your employees if necessary. Easy as that.
