18 June 2011

FCPA Alert: Dodd-Frank vs. Powerball...

Board Directors are ever more tuned into the recent 2011 case settlements in Foreign Corrupt Practices Act (FCPA) violations. This is because Operational Risk Professionals are being much more proactive than years past on uncovering malfeasance in the supply chain operations of major global conglomerates:

Notable 2011 FCPA Settlements. 2010 was a record year for FCPA enforcement, and thus far 2011 has been no different. In the first half of 2011, 10 notable FCPA enforcement actions have settled, resulting in a total of about $490 million in penalties, disgorgement and prejudgment interest:

1. Tenaris agreed to pay a $3.5 million criminal penalty and $5.4 million in disgorgement and prejudgment interest.

2. Rockwell Automation agreed to pay disgorgement of $1.7 million, prejudgment interest of $590,000 and a civil penalty of $400,000.

3. Johnson & Johnson agreed to pay a $21.4 million criminal fine and $48.6 million in disgorgement and prejudgment interest, as well as about $7.9 million in related United Kingdom Serious Fraud Office recovery.

4. Comverse agreed to pay a $1.2 million criminal fine and $1.6 million in disgorgement and prejudgment interest.

5. Ball Corporation agreed to pay a $300,000 civil penalty.

6. Jeffrey Tesler, a key member of the TSKJ-Bonny Island joint venture accused of being part of a scheme to bribe Nigerian officials in exchange for contracts related to the construction of liquefied natural gas facilities, forfeited nearly $149 million, the largest FCPA-related forfeiture imposed on an individual to date.

7. JGC Corporation of Japan agreed to pay $218.8 million in criminal fines.

8. IBM agreed to pay a $2 million civil penalty, disgorgement of $5.3 million and $2.7 million in prejudgment interest.

9. Tyson Foods, Inc. agreed to pay a $4 million criminal penalty and $1.2 million in disgorgement and prejudgment interest.

10. Maxwell Technologies agreed to pay $8 million in criminal penalties, as well as $6.4 million to settle SEC civil charges.

Are any Board Directors out there amazed that companies such as IBM are still being impacted by the FCPA risk to the enterprise? Maybe more importantly, why is a Japanese company paying a criminal fine of over two hundred million dollars?

JGC CORPORATION is a Japan-based company mainly engaged in the engineering business. The Company operates in two business segments. The Integrated Engineering segment is engaged in the planning, design, procurement, construction and testing of equipment, appliances and facilities for petroleum, petroleum processing, petrochemistry, gas, liquefied natural gas (LNG), general chemistry, nuclear energy, metal smelting, biotechnology, food, pharmaceutical, logistics, information technology, environment protection and pollution prevention industries. This segment is also engaged in the provision of related inspection, maintenance and information processing services, as well as water and power generation business, among others. The Catalyst and Chemical segment is involved in the manufacture and sale of catalyst agents, functional materials, deodorants and enzymatic filters, electronic materials and high-performance ceramic products, as well as next-generation energy related products.

The Board of Directors of any transnational organization should be doing their homework on the reasons why JGC Corporation has employed an independent compliance consultant for the next two years and paid the $200M. fine. Remember, your supply chain and your business partners may be the reason why you are sitting around the Board Room table negotiating with the U.S. Department of Justice.

The larger question is, could this have been prevented? Is this a risk that can be mitigated within the corporate enterprise? Has the company done everything in it's capacity to put the right controls in place and the tools to keep the possibility of FCPA ever finding its way back to the Board Room Agenda? Do you know all of your joint venture partners are from the U.S. and all of the projects that they are working on together?

JGC’s agreement to pay the fine brings to $1.5 billion the total penalties in a case against a joint venture known as TSKJ that included Houston-based Kellogg Brown & Root LLC, Paris- basedTechnip SA (TEC) and Dutch engineering firm Snamprogetti Netherlands BV, according to a Justice Department statement.

The joint venture’s prosecution represents one of the biggest foreign bribery cases undertaken by the Justice Department since it stepped up pursuit of such cases starting in 2008 when Munich-based Siemens, Germany’s largest engineering company, paid $1.6 billion to settle U.S. and German probes.

“Each of the four companies in the TSKJ joint venture, the former chairman of the U.S. joint venture partner, and several other individuals have now been held accountable for a massive conspiracy to bribe Nigerian government officials to obtain lucrative construction contracts,” Deputy Assistant Attorney General Mythili Raman said in the statement.

What is the cost of a FCPA investigation beyond the fine? Imagine for a moment the number of e-mail messages that have to be acquired, preserved and examined. Add up the billable hours for subject matter experts to review the remaining mountain of data to determine the final relevancy of a communication with the matter and the people associated with the project. As an example, what was the magnitude of the Siemens case?

According to court records, it was a vast undertaking spanning 34 countries, with private investigators conducting more than 1,750 interviews and gathering more than 100 million documents. They reviewed approximately 14 million of those documents and gave the Justice Department and the SEC a small subset, about 24,000, according to a Siemens tally.

So what is one of the answers or solutions to finding the "Red Flags" and to self-disclose the issue to the proper authorities early and often? First off, you need to develop your corporate "Human Intelligence" (HUMINT) capability, around your Corporate Intelligence Unit (CIU). Developing and building an awareness factor in a pervasive manner is one way to do this. In order to get your HUMINT working for you, the people on the front lines and in the middle of the corporate hierarchy need to understand and internalize these "Red Flags". If the monthly or quarterly bulletin from the CEO, discussing the integrity factor of the company supply chain partners raises the issue of ethical behavior around a particular scenario, this will educate and increase awareness with those people in the enterprise who comprise this HUMINT network.

Sticks and carrots or other methods for awarding compliance is so 1980's and 1990's. Wake up! In order to bring your global enterprise into the next decade of the 2000's, you have to start using the methods, processes and tools your deal makers use to run their business (SAP, Siebel CRM, Oracle). When was the last time the CEO visited the deal makers pipeline meeting to review and discuss the joint ventures or pending projects that the business developers are forecasting to close in the next quarter? This is the perfect time for the CEO to ask them to fire any partner, agent, consultant, contractor or vendor that does not meet the foundation for the companies "Corporate Integrity Standards." Does your CEO even know what Social CRM is all about?

And how quickly the lessons that should have been learned, are soon forgotten. Not any more. Under the Dodd-Frank Wall Street Reform and Consumer Protection Act, employees, partners and other persons who provide original information on an FCPA violation by a public company can receive between 10% and 30% of the resulting fines as a "Whistleblower" bounty.

We wonder whether the odds of winning the next "Powerball" Lottery in the U.S. might be more difficult than getting 20% of a $200 million dollar fine. Global corporations should be preparing their internal processes for Ethics and Integrity Management now. This Operational Risk will soon be more apparent as employees understand the odds of "Winning".

04 June 2011

ORM: Pervasive Risk Across Disciplines...

What is the origin of the "Operational Risk Management" discipline? Was it derived from the work within the financial services industry from the Basel II initiatives? The definitions and the actual work towards creating standards of conduct and rule-based design has been evolving for the past decade.

Operational Risk and the approach to risk that is not otherwise considered to be market or credit risk is one mind set. The other mind set considers the hazards associated with the threat to valuable assets. Either point of view depends on the environment that you operate in and the risks associated with that environment.

To give a quick example, here are three views into Operational Risk:

  • For the second day in a row, the telecommunications giant is suffered a service outage that has extended all across the eastern portion of the state, from Chattanooga, through Knoxville, and up to the Tri-Cites. AT&T customers in East Tennessee are again having trouble making calls on their wireless phones. For the second day in a row, the telecommunications giant is suffered a service outage that has extended all across the eastern portion of the state, from Chattanooga, through Knoxville, and up to the Tri-Cites. Cathy Lewandowski, a spokesperson for AT&T, said technicians were able to restore service Friday afternoon. On Thursday, AT&T customers started losing service shortly after 9:00 a.m. It was finally restored early in the afternoon.
  • Protesters took over the Finance Ministry building in Athens Friday morning, hanging a giant banner from the roof calling for a general strike, just as Greece wraps up tough negotiations with international officials on new austerity measures. About 200 protesters from the communist party-backed PAME union blockaded the entrance to the ministry from dawn, preventing employees from entering. They hung a banner over five stories of the front of the building and took down the European flag from the top of the ministry, replacing it with their own union flag. They said they would continue the blockade for the entire day.
  • Due to problems experienced in the systems of Turkey’s Central Bank, electronic funds transfer, or EFT, transactions were unable to be carried out throughout Turkey on Friday, Hürriyet website reported. Lender customers, unable to make EFT transactions all day long starting from the morning hours, have been experiencing serious problems. Studies to recover the problems occurring in the systems are still ongoing, according to an information message from the Central Bank to lenders.

These three examples encompass a U.S.-based global communications company, the country of Greece and the Central Bank of Turkey. All three are operational risk scenarios that could contribute to losses that will impact the reputation of the entity involved. That aspect alone could be the major factor in why Operational Risk Management is such a growing discipline in a global landscape.

Some of the earliest origins of the Operational Risk concerns come from the military. The U.S. Navy is one of the branches who has embraced it fully:

Purpose. To establish policy, guidelines, procedures, and responsibilities per reference (a), standardize the operational risk management (ORM) process across the Navy, and establish the
ORM training continuum.

Scope. This instruction applies to all Navy activities, commands, personnel, and contractors under the direct supervision of government personnel.

Discussion. Risk is inherent in all tasks, training, missions, operations, and in personal activities no matter how routine. The most common cause of task degradation or mission failure is human error, specifically the inability to consistently manage risk. ORM reduces or offsets risks by systematically identifying hazards and assessing and controlling the associated risks allowing decisions to be made that weigh risks against mission or task benefits. As professionals, Navy personnel are responsible for managing risk in all tasks while leaders at all levels are responsible for ensuring proper procedures are in place and that appropriate resources are available for their personnel to perform assigned tasks. The Navy vision is to develop an environment in which every officer, enlisted, or civilian person is trained and motivated to personally manage risk in everything they do.

If only major business entities would encompass the following steps with all employees then more lives would be saved, corporate assets would be protected and the enterprise would be ever more resilient:

(1) Identify the hazards;
(2) Assess the hazards;
(3) Make risk decisions;
(4) Implement controls; and
(5) Supervise.

Yet the losses and the potential for loss continues across the organizations who are well equipped to make Operational Risk Management a part of every persons daily mind set:

The FBI has asked federal police to assist in this vast money-laundering case. FEDERAL police have been drawn into a US probe of alleged bank fraud by online poker sites in which the FBI alleges $US540 million was laundered by an Australian payments processor.

Charges laid in a New York court have also put a question mark over lucrative sponsorship deals held by Crown Casino, whose Aussie Millions poker tournament was this year sponsored by Full Tilt Poker, and the Cronulla Sharks, which have PokerStars as a sponsor.

The Australian Federal Police told BusinessDay it had received a request for help from US authorities. ''It's a US investigation, but we're assisting,'' a spokeswoman said.

The charges, which attract jail sentences of up to 30 years and fines running into the millions of dollars, have also sparked a public rift between Full Tilt and its star player, Phil Ivey, who has filed a lawsuit in Nevada alleging the company owes gamblers more than $US150 million in unpaid winnings.

Whether it is on the deck of an aircraft carrier or within an Australian payments processor operational risk is pervasive. It is up to you to make a difference.