Resources

Federal Government Websites
Dept. of Health and Human Services (HHS)
Dept. of Justice (DOJ)
Dept. of the Treasury
Environmental Protection Agency (EPA)
Federal Trade Commission (FTC)
Financial Crimes Enforcement Network (FinCEN)
Occupational Health and Safety Administration (OSHA)
Public Company Accounting Oversight Board (PCAOB)
Securities and Exchange Commission (SEC)
United States Sentencing Commission (USSC)
United States Supreme Court

Federal Agency Resources
EPA: Environmental Audit Policy
FinCEN: Bank Secrecy Act Regs
FTC: Financial Privacy: Gramm-Leach-Bliley Act
HHS: Health Care Compliance Guidance
HHS: HIPAA Compliance
OSHA: Workplace Self-Audit Policy
PCAOB: Audit Standard No. 2
USSC: Organizational Sentencing Guidelines
USSC: Advisory Group on the Organizational Sentencing Guidelines
USSC: Post-Booker Developments

Federal Prosecutorial Resources
Antitrust Leniency Policy (DOJ)
Seaboard Report (SEC)
Thompson Memorandum (DOJ)

Private Organizations
ABA Business Law Section, Corporate Compliance Committee
Association of Corporate Counsel: America
Business Roundtable
The Conference Board
Corporate Compliance Center (South Texas College of Law)
Ethics Officers Association
Ethics Resource Center
Greater Houston Business Ethics Roundtable
Open Compliance and Ethics Group
Texas General Counsel Forum

Private Resources
Industry Specific
Defense Industry Initiative on Business Ethics and Conduct
Health Care Compliance Association
Risk Specific
Association of Certified Anti-Money Laundering Specialists
International Compliance Association (anti-money laundering)
NASD Rule 4350 (Corporate Governance)
NASD Rule 3011 (Anti-Money Laundering)
NYSE Listed Company Manual Section 303A (Corporate Governance)
Aspen
Transparency International (foreign bribery)
Transparency International: USA Anti-Bribery Toolkit

Case Law
Burlington Industries v. Ellerth
Faragher v. City of Boca Raton
Kolstad v. American Dental Association
United States v. Booker
Sentencing Law & Practice

Compliance and Ethics Publications
BNA/ACCA Compliance Manual
ethikos

Related Blogs
White Collar Crime Prof Blog
Sentencing Law & Practice

Free Legal Web Sites
Findlaw
JURIST

Blogware

Powered by TypePad

Notices

© Copyright 2005 by Law Professor Blogs, LLC. All rights reserved.

« August 21, 2005 - August 27, 2005 | Main | September 4, 2005 - September 10, 2005 »

September 1, 2005

FCPA -- The Bribe/Accounting Trap

The White Collar Crime Prof Blog had a recent post on the Foreign Corrupt Practices Act (FCPA) that reminds me of an important point to remember about that statute.  For the uninitiated, the FCPA has two parts: the accounting provision and the anti-bribery provisions.  The post at White Collar Crime Prof Blog discussed a violation of the FCPA’s accounting provision.  In this post, I raise an often ignored link between the accounting and anti-bribery provisions of the FCPA.  (Also, this is one of my favorite compliance statutes, so expect to a lot more on this compliance risk in the future.)

The accounting provision basically requires that all public companies keep accurate financial records and maintain internal controls adequate to produce such records.  For the text-minded, here is the relevant portion of the statute:

(2) Every issuer which has a class of securities registered pursuant to section 78l of this title and every issuer which is required to file reports pursuant to section 78o(d) of this title shall--

(A) make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer; and

(B) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that--

(i) transactions are executed in accordance with management's general or specific authorization;

(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;

(iii) access to assets is permitted only in accordance with management's general or specific authorization; and

(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.

Note that the accurate records requirement has no materiality threshold and no de minimis exception.  A person commits a crime if they “knowingly circumvent or knowingly fail to implement a system of internal accounting controls or knowingly falsify any book, record, or account described in paragraph (2),” regardless of the size of the transaction falsely recorded.

The ant-bribery provision is more akin to your typical criminal statute.  Loosely stated, an anti-bribery violation has the following elements:

(1)    A person covered by the statute

(2)    uses interstate or foreign commerce

(3)    to make an offer or payment of anything of value

(4)    to a foreign official

(5)    with a corrupt purpose

(6)    and to obtain or retain business.

Of course, there will be some gray areas as to what counts as something of value paid with corrupt intent to a foreign government official.  For example, what if a company pays for honeymoon airline tickets for the cousin of a government official who will participate in the decision whether to award business to the company?  While one court of appeals held that this was a prohibited bribe under the FCPA, the case had to be litigated for a long period of time to reach that conclusion.

But, some companies may box themselves into a corner under the FCPA’s accounting provision so that they cannot realistically litigate any anti-bribery issue.  Consider a company that makes a contribution to a foreign charity, and the charity is chaired by a foreign official who will participate in the decision whether to award business to the company.  The SEC brought a civil enforcement action against a company on similar facts.  At first, you might think that the company had a strong counter-argument – no money was paid directly to the government official, and the intent of the contribution was charitable and not “corrupt.”  One other fact, however, made the case a slam dunk for the government – the company knowingly recorded the payments on its books as something other than charitable contributions, which is a clear violation of the FCPA’s accounting provisions.  Given that the accounting violation was straightforward, the company settled the matter.  This teaches an important lesson: Even payments that are arguably allowed under the FCPA’s anti-bribery provisions will illegal under the counting provisions if the company knowingly misstates the payment on its books.  So, even if a company decides certain payments are legal, MAKE SURE that they are properly recorded.

September 1, 2005 in Cases, Enforcement Actions, Risk Spotlight | Permalink | TrackBack

Compliance 101 -- The Caremark Case

Today, Compliance 101 gives a brief intro to perhaps the most famous court decision in compliance circles.

Dicta in the Delaware Chancery Court's 1996 decision in In re Caremark Int'l Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), addressed the board's duty to oversee a corporation's legal compliance efforts. As part of its duty to monitor, the Board must make good faith efforts to ensure that a corporation has adequate reporting and information systems. The opinion described this claim as "possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment," with liability attaching only for "a sustained or systematic failure to exercise oversight" or "[a]n utter failure to attempt to ensure a reporting and information system."

In the decade since, this Delaware dicta has morphed into what has come to be known as a Caremark claim, as federal and state courts, both within and outside Delaware, have recognized a cause of action against boards for failing to take minimal steps to achieve legal compliance. As the phrases "utter failure" and "systematic failure" suggest, a board's Caremark duty is a relatively low one. Only egregious lapses breach this duty, such as when board members ignore obvious red flags signaling illegal behavior, fail to appoint an audit committee, or do not address obvious concerns like large loans to corporate insiders.

Here are a couple of good sources that discuss the Caremark case:

H. Lowell Brown, The Corporate Director's Compliance Oversight Responsibility in the Post Caremark Era, 26 Del. J. Corp. L. 1 (2001).

Charles M. Elson & Christopher J. Gyves, In Re Caremark: Good Intentions, Unintended Consequences, 39 Wake Forest L. Rev. 691 (2004).

September 1, 2005 in Cases, Compliance 101 | Permalink | TrackBack

August 31, 2005

Compliance and Legal Ethics

Interesting compliance question for lawyers.  Today’s Wall Street Journal has a story (available
only to online subscribers) that describes how David Boies’ law firm has had to resign from
several recent engagements due to a conflict of interest:

Qwest Communications International Inc. and Tyco International Ltd., two major clients of the law firm of Boies, Schiller & Flexner LLP, paid millions of dollars to a
legal-document-management company that was partially owned by members of the family of star lawyer David Boies.

About half a dozen other Boies Schiller clients have used, or are using, the
document-management company, Amici LLC, to store and manage legal documents since the company's founding in 2002. One of Amici's founders was William F. Duker in Albany, N.Y. Mr. Duker, a lawyer and former associate of Mr. Boies, pleaded guilty to four felony counts and was sentenced to 33 months in prison in 1997 for falsely inflating legal bills to the federal government.

As reported, Adelphia Communications Corp. disclosed this week that Boies Schiller resigned as special counsel to the company at Adelphia's request after the cable company discovered business ties between Mr. Boies's family and Amici, which Adelphia also used. Adelphia asked Boies Schiller to resign about two weeks ago, after Adelphia discovered what it considered a conflict. Adelphia didn't know of any Boies family ties at the time it hired Amici.

Mr. Boies in an interview said yesterday he should have fully disclosed his children's' ownership interest in Amici. "I should have made certain that everyone knew about it," he said. He added that "a half dozen, or maybe eight Boies Schiller clients also use Amici."

Mr. Boies . . .  Said that Amici was only one of several companies that Boies Schiller
recommended to Tyco and that Tyco made its own independent decision. He added that Boies Schiller wasn't involved in Qwest's decision to retain Amici. Boies Schiller was counsel for both companies at the time they used Amici.

. . . .

Legal experts say that clients paying hefty fees to Boies Schiller for legal work might balk at the knowledge that partners and relatives of people in the law firm are reaping additional financial benefits form associated work, without the companies even knowing about it. There is, says Stanford University law school ethics expert Deborah Rhode, "an appearance of impropriety." It's really up to the client to select a document production firm, not the lawyers.

This situation might have raised a conflict of interest under Model Rule 1.7(a)(2), which states
that a conflict exists with a current client when “there is a significant risk that the representation
of one or more clients will be materially limited . . . by a personal interest of the lawyer.”  (I have
not looked at the NY ethics rules to find the parallel provision.)  And the comments to the Model
Rule specifically mention other business interests of the lawyer: “a lawyer may not allow related
business interests to affect representation, for example, by referring clients to an enterprise in
which the lawyer has an undisclosed financial interest.”  Here, it would be the financial interests of
family members providing legal support services that might exert the influence, affecting Mr.
Boies’ representation, as he might have an incentive to conduct the representation in a manner
that increases the work (and fees) paid to the family members.  Of course, this temptation may be
small, so the Model Rules allow a lawyer to still undertake representation if (among other things)
“each affected client gives informed consent, confirmed in writing.”  (Model Rule 1.7(b)(4)) So,
Mr. Boies is right that it would be prudent in cases like this to disclose the relationship to clients.

Note that there is yet another Model Rule provision that is relevant, this one more compliance-
related – Model Rule 5.1(a):

A partner in a law firm, and a lawyer who individually or together with other lawyers possesses comparable managerial authority in a law firm, shall make reasonable efforts to ensure that the firm has in effect measures giving reasonable assurance that all lawyers in the firm conform to the Rules of Professional Conduct.

I read this rule to require managing lawyers to implement legal ethics compliance programs within
their firms or departments, and that the failure to do so is a freestanding ethics violation,
regardless of whether another ethics violation occurs.  In a Boies-type situation, a managing
lawyer should put in place a system to identify financial interests of its lawyers and their
immediate gamily members that might cause a conflict with the lawyers’ personal interests under
Model Rule 1.7(a)(2).

August 31, 2005 in Compliance in the News | Permalink | TrackBack

August 30, 2005

KPMG Deferred Prosecution Agreement -- Part II

The KPMG Deferred Prosecution Agreement (DPA) also has a section devoted entirely to what it calls “The Compliance and Ethics Program.”  Note that “compliance and ethics program” is the same phrase used by the United States Sentencing Guidelines for organizations.  This section of the DPA provides as follows:

16.    In addition to the remedial actions that KPMG has taken to date, KPMG shall implement and maintain an effective compliance and ethics program that fully comports with the criteria set forth in Section 8B2.1 of the United States Sentencing Guidelines (the “Compliance and Ethics Program”).  As part of the Compliance and Ethics Program, KPMG shall maintain a permanent compliance office and a permanent educational and training program relating to the laws and ethics governing the work of KPMG’s partners and employees, paying particular attention to practice areas that pose high risks, including the determination whether transactions in which KPMG and its clients are involved constitute “reportable transactions” within the meaning of 26 C.F.R. section 1,6011-4(b), and the determination of whether the appropriate level for opinions and advice set forth in paragraph 6(I) of this Agreement and all applicable laws have been satisfied.  KPMG agrees that all KPMG professionals and any employees of KPMG shall receive appropriate training pursuant to the Compliance and Ethics Program within one year of execution of this Agreement, and shall be given such training on a regular basis but in any event no less than annually for the tax practice and no less than every two years for other practices at KPMG.  Also as part of the Compliance & Ethics Program, KPMG shall (I) ensure that an effective program be maintained to punish violators of laws, policies, and standards, and reward those who report such violators; (II) ensure that no partner, employee, agent, or consultant of KPMG is penalized in any way for providing information relating to KPMG’s compliance or noncompliance with law, policies, and standards to any KPMG official, government agency, compliance officer, or the Monitor appointed pursuant to paragraph 18; and (III) ensure that all KPMG partners and employees have access to a hot-line or other means to provide information to KPMG’s compliance office relating to KPMG’s compliance or noncompliance with laws, policies, and standards.  KPMG shall take steps to audit the Compliance and Ethics Program to ensure it is carrying out the duties and responsibilities set out in this Agreement.

17.    KPMG shall take such reasonable additional personnel actions for wrongdoing as are warranted.

A few observations here.

1.  Note that the DOJ requires that the “compliance and ethics program” must “fully comport[]” with the sentencing guidelines.  This is powerful proof that the sentencing guidelines are the current gold standard for compliance program criteria.

2.  Also, the DPA shows once again that compliance can either be on an organization’s own terms and timeline, or (if a legal violation intervenes) at the government’s direction.

3.    The DPA not only specifies types of compliance measures, but also requires (in a separate section) that an independent monitor review KPMG’s progress in implementing and complying with the DPA.  So, not only might the government tell you how to design and implement a compliance program, you might have to do so under the watchful eye of a monitor, who will then tell the whole world.

4.  By directing that KPMG “pay[] particular attention to practice areas that pose high risks,” the DPA effectively requires KPMG to conduct a thorough enterprise-wide risk assessment. 

5.  The DPA’s required compliance and ethics program appears to apply to all risks throughout the organization.  So, wrongdoing in one part of the organization involving one risk could lead to government oversight of the entire organization’s compliance and ethics program.

In the end, the scope and terms of each DPA are tailored to the precise wrongdoing and culpability of each organization.  So, one cannot draw universal lessons from and individual DPA.  That said, the above agreement certainly outlines some sobering possibilities for organizations that find themselves in hot legal water.

August 30, 2005 in Compliance in the News, Enforcement Actions, Sentencing Guidelines | Permalink | TrackBack

KPMG Deferred Prosecution Agreement -- Part I

Unless you have been under a virtual rock, you know by now that KPMG has entered a deferred prosecution agreement (DPA) with the Department of Justice.  Two aspects are of interest for the purposes of this blog.  I discuss the first in this post, and I will blog on the second one later today.

The DPA has an entire section devoted to continuing cooperation with the government.  Apropos of the recent discussion of privilege waiver, the cooperation portion of the DPA provides in part:

8.    KPMG agrees that its continuing cooperation with the Office’s [i.e., the United States Attorney’s Office for the SDNY, and NOT the acclaimed BBC comedy of the same name] investigation shall include, but not be limited to, the following:

    (e)    Not asserting, in relation to the Office, any claim of privilege (including but not limited to the attorney-client privilege and the work product protection) as to any documents, records, information, or testimony requested by the Office related to its investigation, provided that:

        (I)    notwithstanding the provisions of this subparagraph (e), KPMG may assert [relevant privileges] with respect to (A) privileged communications between KPMG and its counsel that post-date February 1, 2004 and that concern the Office’s investigation, . . . or (C) any private civil litigation; and

        (II)    by producing privileged materials pursuant to this subparagraph (e), KPMG does not intend to waive the protection of [any relevant privilege] as to third parties.

We see in paragraph 8(e)(II) the real fear that organizations have about turning over privileged documents to the government (and which I have mentioned before): That such disclosure will waive the privilege as to private litigants in civil proceedings.  And as recent news stories have reminded us, KPMG faces an onslaught of such civil suits.  In the end, however, whether this attempt at selective waiver will depend (as discussed in prior posts) on whether the Circuit/District that hears the civil suits recognizes such a partial privilege.

August 30, 2005 in Compliance in the News, Enforcement Actions, Privilege | Permalink | TrackBack

August 29, 2005

Sentencing Commission to Study Privilege Waiver Issue

A recent Federal Register publication from the United States Sentencing Commission sets forth gives Notice of Final Priorities for the Commission through the amendment cycle that ends in May 2006.  One of the priorities listed is on a subject blogged on here and at the White Collar Crime Prof Blog:

(6) review, and possible amendment, of commentary in Chapter Eight (Organizations) regarding waiver of the attorney-client privilege and work product protections . . . .

To understand the significance of this item, you need to have some background on the sentencing guidelines as they apply to organizations.  As for individual defendants, the guidelines establish a formula for calculating the applicable punishment – for organizations, that is primarily a monetary fine.  The formula has several steps.  Bear with me for a brief review of the steps – it will pay off in understanding what the Commission proposes.

The first step is to identify the "offense level" for the charged crime.  A chapter of the guidelines assigns each crime an offense level based on its seriousness: offense levels range from one to forty-three, with crimes ranked from least to most severe.  For example, tampering with an odometer is a relatively low offense level six, while treason and first degree murder top off the list at offense level forty-three.

The second step is to identify the base fine associated with an offense level by consulting a chart that assigns each offense level a corresponding base fine.  Not surprisingly, the base fine increases along with the offense level.  Again, consider odometer tampering and treason.  Odometer tampering, an offense level six, carries a base fine of $5,000, while treason, an offense level forty-three, carries a base fine of $72.5 million.

The third step is to calculate the organization's "culpability score."  Each organization starts with a score of five that is adjusted downward for mitigating factors and upward for aggravating factors.  For example, the guidelines subtract two points if the organization fully cooperated with the government, but add two points if the organization committed a similar violation in the last five years.  For our purposes, the most relevant adjustment is a three-point reduction "[i]f the offense occurred despite an effective program to prevent and detect violations of law."  The amended guidelines now refer to this mitigating factor as an "effective compliance and ethics program."

The fourth step is to identify the fine multipliers that correspond to the defendant's culpability score.  For example, consider once again a defendant convicted of tampering with an odometer, and assume that we make no adjustments for aggravating or mitigating factors, leaving a culpability score of five.  The guidelines assign two multipliers to a culpability score of five: one and two.  Recall that the base fine for odometer tampering, a level six offense, is $5,000.  Now, multiply the base fine by the lower multiplier (here, 1 x $5,000), and this gives you the minimum fine of $5,000.  Next, multiply the base fine by the higher multiplier (here, 2 x $5,000), and this gives you the maximum fine of $10,000.  So, our odometer tamperer faces a fine range of $5,000 to $10,000.

The final step is for the judge to set the ultimate fine within the fine range.  In doing so, the court will consider factors such as "the need for the sentence to reflect the seriousness of the offense," "the organization's role in the offense," and "any nonpecuniary loss caused or threatened by the offense."  Further, the court must increase the fine to include "any gain to the organization from the offense that has not and will not be paid as restitution or by way of other remedial measures."  The court may also depart from the fine range for listed reasons.  For example, a judge may reduce the fine below the guideline minimum if the defendant provided "substantial assistance in the investigation or prosecution of another organization that has committed an offense."  Or, a judge may impose a fine greater than the fine-range maximum if the defendant's crime "involved a foreseeable risk of death or bodily injury" or "constituted a threat to national security."

Now, go back to the culpability score.  The sentencing guidelines give a substantial reduction in that score for organizations that cooperate with the government:

(g)    Self-Reporting, Cooperation, and Acceptance of Responsibility

If more than one applies, use the greatest:

    (1)    If the organization (A) prior to an imminent threat of disclosure or government investigation; and (B) within a reasonably prompt time after becoming aware of the offense, reported the offense to appropriate governmental authorities, fully cooperated in the investigation, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 5 points; or

    (2)    If the organization fully cooperated in the investigation and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 2 points; or

    (3)    If the organization clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 1 point.

A pretty good upside here: A cooperating organization gets 5 points off its culpability score.  As explained above, this reduction will (in turn) reduce the multipliers applied to the base fine.  For example, a culpability score of 5 has multipliers of 1 and 2, whereas a score of 0 has multipliers of .05 and .2.  So, if conduct carried a base fine of $10 million, an organization would face the following fine ranges based on these two different culpability scores:

Score = 5

Max = $20 million
Min = $10 million

Score = 0

Max = $2 million
Min = $500,000

How about that!  Cooperation certainly pays.

Well, given the potentially large benefit from cooperation, the commentary explains that an organization must be forthcoming with the government:

To qualify for a reduction under subsection (g)(1) or (g)(2), cooperation must be both timely and thorough. To be timely, the cooperation must begin essentially at the same time as the organization is officially notified of a criminal investigation. To be thorough, the cooperation should include the disclosure of all pertinent information known by the organization. A prime test of whether the organization has disclosed all pertinent information is whether the information is sufficient for law enforcement personnel to identify the nature and extent of the offense and the individual(s) responsible for the criminal conduct. However, the cooperation to be measured is the cooperation of the organization itself, not the cooperation of individuals within the organization. If, because of the lack of cooperation of particular individual(s), neither the organization nor law enforcement personnel are able to identify the culpable individual(s) within the organization despite the organization’s efforts to cooperate fully, the organization may still be given credit for full cooperation. Waiver of attorney-client privilege and of work product protections is not a prerequisite to a reduction in culpability score under subdivisions (1) and (2) of subsection (g) unless such waiver is necessary in order to provide timely and thorough disclosure of all pertinent information known to the organization.

It is in the last sentence of this commentary (in bold) that the Commission stepped (quite gingerly) on the third rail that is white collar privilege waiver.  Frankly, the commentary takes a quite mild position: (1) waiver is NOT required to get credit, unless (2) the government cannot get all pertinent facts without waiver.  Remember – if we are applying the sentencing guidelines, there has already been a conviction or a plea.  So, the organization is either a convicted or admitted law breaker.  The court is simply trying to figure out whether the organization deserves leniency in sentencing.  Using the privilege to block the government from the ONLY means of accessing needed information seems the opposite of cooperation.

For those interested in criticisms of the above guidelines commentary, the National Association of Criminal Defense Lawyers has collected letters from various lawyer and other groups urging the Commission to reconsider.  As the issue of privilege waiver has received increasing attention in compliance circles, this is an issue I will try to keep on top of.

August 29, 2005 in Compliance Developments, Enforcement Actions, Regulatory Actions, Sentencing Guidelines | Permalink | TrackBack

Article of Interest -- Self-Reporting of Legal Violations

This is a topic I posted on recently, vis a vis why the DOJ and other government regulators expect companies to self-report.  The following article (from the Social Science Research Network) takes the view from the organization side:

Turning Themselves In: Why Companies Disclose Regulatory Violations

J. L. Short (University of California, Berkeley)
Michael W. Toffel (University of California, Berkeley, Haas School of Business)

As part of a recent trend toward more cooperative relations between regulators and industry, novel government programs are encouraging firms to monitor their own regulatory compliance and voluntarily report their own violations. In this study, we examine how enforcement activities, statutory protections, community pressure, and organizational characteristics influence organizations' decisions to self-police. We created a comprehensive dataset for the "Audit Policy", a United States Environmental Protection Agency program that encourages companies to self-disclose violations of environmental laws and regulations in exchange for reduced sanctions. We find that facilities were more likely to self-disclose if they were recently inspected or subjected to an enforcement action, were narrowly targeted for heightened scrutiny by a US EPA initiative, and were larger and thus more prominent in their environment. While we find some evidence that state-level statutory immunity facilitates self-disclose, we find no evidence that statutory audit privilege does so.

August 29, 2005 in Publications | Permalink | TrackBack