22 October 2008

EESA: Oversight & Legal Filings...

What is on the mind of GCs in the United States and United Kingdom? What are they saying about the costs of litigation, labor and employment, the financial/subprime crisis, regulatory investigations and FCPA, e-discovery preparedness and patent infringement claims. A Fulbright & Jaworski 5th year survey, gets the answers from 350 senior-level executives.

Lawsuit fears also vary across the United States: California companies have qualms about employment cases; Northeastern companies worry about environmental cases; and Southern companies expressed concerned about class actions and products liability lawsuits.

The survey responses indicate that lawsuits filings ultimately vary by industry.

During the past year, two-thirds of insurance companies reported at least six new lawsuits, followed by 55 percent of retail companies.

Manufacturing companies were the third most sued industry, with 54 percent facing six new claims. Health care providers followed closely behind with 52 percent reporting a half dozen new cases.

Two industries were far less likely to face multiple lawsuits in one year.

Thirty-seven percent of financial services companies reported six new lawsuits compared with 30 percent of technology firms.


Somehow we think the financial services companies are going to see a large spike in the next nine months. The SOX cases will be tested and there will be a few that won't get settled. The outcomes will set the precedence for Corporate Governance related suits for years to come.

Keep on "eye" on this one. Part of the new EESA legislation will have some kind of IG and oversight. This will be keeping the legal teams busy:

7) Compliance: The law establishes important oversight and compliance structures, including establishing an Oversight Board, on-site participation of the General Accounting Office and the creation of a Special Inspector General, with thorough reporting requirements. We welcome this oversight and have a team focused on making sure we get it right.

The Special Inspector General's purpose is to monitor, audit and investigate the activities of the Treasury in the administration of the program, and report findings to Congress every quarter.


The "TARP" Inspector will have their hands full and since they are appointed by the President, you can be sure that they will not be too partisan.

17 October 2008

Ethics: Management 101 to the rescue...

A few years ago there was an anonymous posting on CSO Online about "Doing the Right Thing". It could only be about the rules and policies set down by the ethics committee. Right?

"Directors and executives now must take an active leadership role for the content and operation of compliance and ethics programs," the U.S. Sentencing Commission's statement reads in part. "Companies that seek reduced criminal fines now must demonstrate that they have identified areas of risk where criminal violations may occur, trained high-level officials as well as employees in relevant legal standards and obligations, and given their compliance officers sufficient authority and resources to carry out their responsibilities."

The commission notably adds: "If companies hope to mitigate criminal fines and penalties, they must also promote an organizational culture that encourages a commitment to compliance with the law and ethical conduct by exercising due diligence in meeting the criteria."


Every Fortune caliber organization from financial services to health care has already implemented a pervasive compliance program to mitigate the risk of ending up with the SEC or US Attorney in the lobby.

The catalyst behind these initiatives is generated from the U.S. Sentencing Commission's Organizational Sentencing Guidelines. They allow for more lenient sentencing if an organization has evidence of an "effective program to prevent and detect violations of law."

The Guidelines contain criteria for establishing an "effective compliance program."

These include oversight by high level officers, effective communication to all employees, and reasonable steps to achieve compliance such as:

  • · Systems for monitoring and auditing
  • · Incident response and reporting
  • · Consistent enforcement including disciplinary actions

Yet the corporate incivility continues. Why is it that we can’t pick up the morning paper or listen to the news on the way to work without hearing about a new indictment of a top ranking officer?

Here lies the question many Board of Directors are scratching their heads about these days. How can we avoid these ethical and legal dilemmas and how can they be addressed without creating a state of fear and panic?

That’s when we really learned that this game of business is just about the human factors. It’s really not about the controls, the monitoring or even the awareness programs. It’s about being a model manager, and a model human being.

The odds are it will be the human factors that are going to be what gets you on the steps of the local federal building. And it all comes back to good old-fashioned management 101.

As indicated, the great manager can impact the lives of tens or hundreds of people in your company. Conversely, the uncivil manager can wreak havoc with a similar numbers of lives. The position of management is ever so powerful to influence those around them.

Your company wide compliance initiative has the elements that provide guidance for creating a program that the government is likely to look favorably upon. The problem is that these same criteria inadvertently communicate the message that implies building a program based on this formula is enough. It isn’t.

07 October 2008

FCPA: 21st Century Investigations...

Intellectual property theft, corporate espionage, transnational economic crime and the Foreign Corrupt Practices Act (FCPA) are on collision course with international 21st Century investigators. New age professionals who were almost born with a keyboard or PDA in their hand; remain ever vigilant.

The use of third parties, offshore banking and other avoidance mechanisms such as Black Market Peso Exchange (BMPE) increases the potential for theft, corruption and abuse buried in global commerce using the Internet Protocol (IP).

The FCPA prohibits corrupt payments through intermediaries. It is unlawful to make a payment to a third party, while knowing that all or a portion of the payment will go directly or indirectly to a foreign official. The term "knowing" includes conscious disregard and deliberate ignorance. The elements of an offense are essentially the same as described above, except that in this case the "recipient" is the intermediary who is making the payment to the requisite "foreign official."

Intermediaries may include joint venture partners or agents. To avoid being held liable for corrupt third party payments, U.S. companies are encouraged to exercise due diligence and to take all necessary precautions to ensure that they have formed a business relationship with reputable and qualified partners and representatives. Such due diligence may include investigating potential foreign representatives and joint venture partners to determine if they are in fact qualified for the position, whether they have personal or professional ties to the government, the number and reputation of their clientele, and their reputation with the U.S. Embassy or Consulate and with local bankers, clients, and other business associates. In addition, in negotiating a business relationship, the U.S. firm should be aware of so-called "red flags," i.e., unusual payment patterns or financial arrangements, a history of corruption in the country, a refusal by the foreign joint venture partner or representative to provide a certification that it will not take any action in furtherance of an unlawful offer, promise, or payment to a foreign public official and not take any act that would cause the U.S. firm to be in violation of the FCPA, unusually high commissions, lack of transparency in expenses and accounting records, apparent lack of qualifications or resources on the part of the joint venture partner or representative to perform the services offered, and whether the joint venture partner or representative has been recommended by an official of the potential governmental customer.


Digital fingerprints and technology has changed the way we manage and store information just as it has changed the way cases are developed and presented to new juries who understand the evidence. Organizations operating on a global scale with branch offices in London, Frankfurt, Mumbai, Hong Kong and Shanghai are continually exposed to operational risks associated with rogue employee behavior in the normal course of doing business in country. The legal matrix of risk exposures are magnified by Internet commerce, privacy, intellectual property and transnational policing.

In the recent "2008 Report to the Nation on Occupational Fraud and Abuse" by the ACFE, the Banking / Financial Services industry group suffered the highest frequency of losses:

  • # of Cases - 132
  • % of Cases - 14.6%
  • Median Loss - $250,000.00
The type of scheme with the highest percentage was corruption at 33.3% of banking cases. Government had 106 cases with 26.4% of these associated with corruption. The telecommunications sector endured the biggest impact with 16 cases reported yet with a median loss of $800,000.00 . Healthcare suffered 76 fraud cases at 26.3% involving corruption.

In all cases the digital trail is there for the forensic professionals to track, trace and assemble the history and chronology of events. Unfortunately for the prosecution and the plaintiffs, there is a tremendous backlog for the collection and analysis of this modern day CSI. Independence and expertise is the key element of getting your favorable day in court. Judges and juries are far more educated on the new Federal Rules of Evidence and Civil Procedure. Lawyers are utilizing the eDiscovery threat to force premature settlements. Meanwhile, the digital evidence continues to be collected, imaged and stored for analysis waiting it's day in court.

21st Century investigators utilize digital forensic certifications and training combined with years of education and experience. Managing the legal risk to institutions and those who have been implicated is their only priority by achieving a defensible standard of care. Judging the evidence is not their interest nor their objective. Insuring that the relevant information is soundly collected, preserved and presented without spoilation or prejudice, is the primary mission.