Compliance front and center

The past couple of months has confirmed a trend we have seen for some time in the world of Foreign Corrupt Practices Act and greater anti-corruption compliance. It is the continued growth in the importance of doing compliance in the eyes of the Justice Department and Securities and Exchange Commission. They have clearly moved beyond simply having a compliance program in place. It must be operationalized, and you must demonstrate its effectiveness if you want to receive credit for it in any FCPA enforcement action.

In April with the release of the written document, entitled “The Fraud Section’s Foreign Corrupt Practices Act Enforcement Plan and Guidance” and detailing the Pilot Program for FCPA enforcement credit, the Justice Department made clear that it is the doing of compliance that can bring a company “reducing credit.” It also made clear that the role of the chief compliance officer needs not only to be central to your compliance efforts but also central to your overall business operations.

To receive reducing credit under the Pilot Program a company must self-disclose, cooperate in the investigation, and extensively remediate during the pendency of the investigation. In the guidance, the Justice Department laid out its expectation of indicia of an effective compliance program. Further, it says: “an effective compliance program … may vary based on the size and resources of an organization” but should include the following:

Whether the company has established a culture of compliance, including an awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated

Whether the company dedicates sufficient resources to the compliance function

The quality and experience of the compliance personnel such that they can understand and identify the transactions identified as posing a potential risk

The independence of the compliance function

Whether the company's compliance program has performed an effective risk assessment and tailored the compliance program based on that assessment

How a company's compliance personnel are compensated and promoted compared to other employees

The auditing of the compliance program to assure its effectiveness

The reporting structure of compliance personnel within the company

These criteria put new focus on the CCO and compliance team. If your compliance team is run on a shoestring, you will likely be downgraded for your overall commitment to doing business in compliance with the FCPA. The same is true for promotions and other opportunities for advancement within an organization. Not many organizations have such a mature compliance function that a CCO is appointed to another senior-level position within an organization.

Finally, as noted, the Justice Department may now be looking at the quality of your CCO and compliance function. Laying this out is new, even if the Justice Department may have informally frowned on sending an untrained or unqualified lawyer or other professional to run the compliance regime. The clear implication is that the Justice Department will even look at salaries. Once again if a company tries to get by on the cheap, it may certainly come back to bite them in the end.

Compliance advocates have sought for some time to raise the level of compliance program awareness and sophistication. It seems both the Justice Department and SEC have listened and elevated not only the discussion but the role of the CCO in evaluating a company which may come before them in an FCPA investigation.

All of these interpretations were reinforced at the opening session of the Compliance Week 2016 conference, where SEC Associate Director of Enforcement Stephen Cohen, and Andrew Weissmann, chief of the Justice Department Criminal Division’s Fraud Section, spoke about their views of what constitutes an effective compliance program. They emphasized the CCO position; specifically, the independence of the position, the authority the CCO has in an organization, and the resources made available to the CCO.

Weissmann said that one of the things he thinks is important is how a CCO talks about the company’s compliance program. When meeting with a CCO, he would often specifically delve into how a risk assessment had been done and then use that information as a springboard to inquire into whether it actually predicted the FCPA violation(s). He would inquire into the company’s response and whether the response was then integrated into the compliance function.

Weissmann turned to the operationalization of compliance. Echoing the remarks of the DoJ Compliance Counsel last fall, he wants to know if the business unit of a company is responsible for at least a part of compliance. He also noted that a real problem for the CCO is that if compliance is not embedded into the business, the CCO simply becomes a policeman who tells the business unit what it cannot do.

Cohen said that he encourages CCOs to come and meet with him early in the SEC investigatory process. Cohen believes it gives him a window into whom he is dealing with in the process. Additionally, as the CCO is generally more attuned to remediating problems, rather than simply protecting the company like outside counsel, a different view can often be obtained through such meetings.

One of the specific areas that Cohen wants to know about is what are the resources that have been made available to the CCO and what is the level of CCO independence? He is concerned about whether the CCO is appropriately valued and supported in the organization. He specifically asks if the CCO is on the Executive Leadership Team (ELT) or other top group of C-Suite executives. He would also inquire into whether the CCO had visibility into the transaction(s) that may have become the problem issue(s)—not necessarily whether there was a bribe authorized but if the transaction warranted someone violating the FCPA to get the deal done, but did the compliance function have visibility into the matter? It is all Cohen’s way of trying to ascertain whether the CCO and compliance function have standing in the company to get things done.

Cohen had several questions he would ask to determine the level of CCO independence within an organization. Is the CCO a part of the senior management or the C-Suite? Is the CCO part of regular meetings of this group? Who could terminate the CCO—the CEO or the audit committee, or does the CCO termination require approval of the entire board? Most importantly, could a person under investigation or even scrutiny by the CCO fire the CCO? If the answer is yes, the CCO clearly does not have requisite independence.

Cohen had some additional questions he would consider. The first was who could over-rule the decision by a CCO within an organization? He would also inquire into who is making the decisions around salary and compensation for the CCO? Is it the CEO, the GC, the audit committee, or some other person or group?

The remarks of Weissmann and Cohen demonstrated the continued evolution in the thinking of the DoJ and SEC around the chief compliance officer position and the compliance function. Their articulated inquiries can only strengthen the CCO position specifically and the compliance profession more generally. The more the agencies talk about the independence, resourcing, and authority of the CCO position, the more corporations will see it is directly in their interest to support the position in their organizations.

Finally, is the hiring and utilization of new Justice Department Compliance Counsel Hui Chen. Weissmann said one of their goals in hiring Chen was to reduce the risk of criminality for violations under the FCPA. Chen enables the DoJ to be more robust in evaluating compliance programs of companies that come before it. Chen’s position works to heighten the power of the CCO within companies as it gives them a specific advocate at the DoJ during enforcement actions.

Weissmann’s comments were echoed by CCOs who have made presentations to Chen over the past few months. In a session entitled “Remediation, Cooperation, and Other Good Times in an FCPA Investigation,” we heard from three compliance professionals who have had the experience of making presentations to the Justice Department when Chen was present—Dan Chapman, formerly CCO of Cameron International and Parker Drilling; Kurt Drake, SVP & chief compliance officer at General Cable; and Rob Sacasa, VP compliance at General Cable. All three spoke about Chen testing whether the compliance program was “real,” meaning had it been operationalized into the organization. They also said that having Chen in the room could be seen as having a compliance program advocate as well, which certainly helps in any negotiations with the Justice Department.

Compliance advocates have sought for some time to raise the level of compliance program awareness and sophistication. It seems both the Justice Department and SEC have listened and elevated not only the discussion but the role of the CCO in evaluating a company which may come before them in an FCPA investigation.